bool session_validate(void) { memset(¤tuser, 0, sizeof(currentuser)); session_clear(); const char *uname = web_get_param(COOKIE_USER); const char *key = web_get_param(COOKIE_KEY); if (web_request_type(API) && web_request_method(GET)) { const char *token = web_get_param("token"); if (!streq(token, key)) return false; } bool ok = _get_session(uname, key); if (ok) getuserec(uname, ¤tuser); return ok; }
int bbsfdel_main(void) { if (!session_get_id()) return BBS_ELGNREQ; const char *uname = web_get_param("u"); if (*uname) { user_id_t uid = get_user_id(uname); if (uid > 0) unfollow(session_get_user_id(), uid); } printf("Location: fall\n\n"); return 0; }
int bbsfadd_main(void) { if (!session_get_id()) return BBS_ELGNREQ; const char *uname = web_get_param("id"); const char *note = web_get_param("desc"); if (*uname) { UTF8_BUFFER(note, FOLLOW_NOTE_CCHARS); convert_g2u(note, utf8_note); follow(session_get_user_id(), uname, utf8_note); printf("Location: fall\n\n"); return 0; } xml_header(NULL); printf("<bbsfadd>"); print_session(); printf("%s</bbsfadd>", uname); return 0; }
int web_my_props(void) { if (!session_id()) return BBS_ELGNREQ; int record = strtol(web_get_param("record"), NULL, 10); int item = strtol(web_get_param("item"), NULL, 10); if (record <= 0 || item <= 0) { my_props_t *p = my_props_load(session_uid()); if (!p) return BBS_EINTNL; xml_header(NULL); printf("<bbsmyprop>"); print_session(); for (int i = 0; i < my_props_count(p); ++i) { show_my_prop(p, i); } printf("</bbsmyprop>"); my_props_free(p); } else { switch (item) { case PROP_TITLE_FREE: case PROP_TITLE_30DAYS: case PROP_TITLE_90DAYS: case PROP_TITLE_180DAYS: case PROP_TITLE_1YEAR: return show_title_detail(record); default: return BBS_EINVAL; } } return 0; }
int web_brdadd(void) { if (!session_id()) return BBS_ELGNREQ; int bid = strtol(web_get_param("bid"), NULL, 10); int ok = fav_board_add(session_uid(), NULL, bid, FAV_BOARD_ROOT_FOLDER, ¤tuser); if (ok) { xml_header(NULL); printf("<bbsbrdadd>"); print_session(); board_t board; get_board_by_bid(bid, &board); printf("<brd>%s</brd><bid>%d</bid></bbsbrdadd>", board.name, board.id); session_set_board(board.id); return 0; } return BBS_EBRDQE; }
int bbs0an_main(void) { char path[512]; board_t board; int bid = strtol(web_get_param("bid"), NULL, 10); if (bid <= 0) { strlcpy(path, web_get_param("path"), sizeof(path)); if (strstr(path, "..") || strstr(path, "SYSHome")) return BBS_EINVAL; char *bname = getbfroma(path); if (*bname != '\0') { if (!get_board(bname, &board) || !has_read_perm(&board)) return BBS_ENODIR; } } else { if (!get_board_by_bid(bid, &board) || !has_read_perm(&board)) return BBS_ENOBRD; if (board.flag & BOARD_FLAG_DIR) return BBS_EINVAL; path[0] = '\0'; FILE *fp = fopen("0Announce/.Search", "r"); if (fp == NULL) return BBS_EINTNL; char tmp[256]; int len = strlen(board.name); while (fgets(tmp, sizeof(tmp), fp) != NULL) { if (!strncmp(tmp, board.name, len) && tmp[len] == ':' && tmp[len + 1] == ' ') { tmp[len + 1] = '/'; strlcpy(path, tmp + len + 1, sizeof(path)); path[strlen(path) - 1] = '\0'; break; } } fclose(fp); if (path[0] == '\0') return BBS_ENODIR; } char names[512]; snprintf(names, sizeof(names), "0Announce%s/.Names", path); FILE *fp = fopen(names, "r"); if (fp == NULL) return BBS_ENODIR; // not indicating hidden directories. char buf[512], *title; // check directory permission. while (true) { if (fgets(buf, sizeof(buf), fp) == NULL) { fclose(fp); return BBS_ENODIR; } if(!strncmp(buf, "# Title=", 8)) { title = buf + 8; if (!hasannperm(title, ¤tuser, &board)) { fclose(fp); return BBS_ENODIR; } break; } } xml_header(NULL); printf("<bbs0an path='%s' v='%d' ", path, 1030); if (board.id) printf(" brd='%s'", board.name); printf(">"); print_session(); char name[STRLEN], fpath[1024], *id = NULL, *ptr; struct stat st; while (fgets(buf, sizeof(buf), fp) != NULL) { if (!strncmp(buf, "Name=", 5)) { strlcpy(name, trim(buf + 5), sizeof(name)); if (strlen(name) > ANN_TITLE_LENGTH) { id = name + ANN_TITLE_LENGTH; if (!hasannperm(name + ANN_TITLE_LENGTH, ¤tuser, &board)) continue; name[ANN_TITLE_LENGTH - 1] = '\0'; if (!strncmp(id, "BM: ", 4)) id += 4; if ((ptr = strchr(id, ')')) != NULL) *ptr = '\0'; } else { id = NULL; } if (fgets(buf, sizeof(buf), fp) == NULL || strncmp(buf, "Path=~", 6)) { break; } else { printf("<ent path='%s' t='", trim(buf + 6)); snprintf(fpath, sizeof(fpath), "0Announce%s%s", path, buf + 6); if (stat(fpath, &st) != 0 || (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode))) { printf("e'"); } else if (S_ISREG(st.st_mode)) { printf("f'"); } else { printf("d'"); } if (id != NULL) printf(" id='%s'", id); printf(" time='%s'>", format_time(st.st_mtime, TIME_FORMAT_XML)); xml_fputs4(trim(name), 0); printf("</ent>"); } } } fclose(fp); puts("</bbs0an>"); return 0; }
int web_sector(void) { int sid = 0; board_t parent = { .id = 0 }; db_res_t *res = NULL; const char *sname = web_get_param("s"); if (*sname) { res = db_query("SELECT id, descr" " FROM board_sectors WHERE name = %s", sname); if (!res || db_res_rows(res) < 1) { db_clear(res); return BBS_EINVAL; } } else { const char *pname = web_get_param("board"); if (*pname) get_board(pname, &parent); else get_board_by_bid(strtol(web_get_param("bid"), NULL, 10), &parent); if (!parent.id || !(parent.flag & BOARD_FLAG_DIR) || !has_read_perm(&parent)) return BBS_ENOBRD; } xml_header(NULL); printf("<bbsboa link='%sdoc' ", get_post_list_type_string()); if (*sname) { char path[HOMELEN]; sprintf(path, "%s/info/egroup%d/icon.jpg", BBSHOME, (int) strtol(sname, NULL, 16)); if (dashf(path)) printf(" icon='%s'", path); const char *utf8_sector = db_get_value(res, 0, 1); if (web_request_type(UTF8)) { printf(" title='%s'>", utf8_sector); } else { GBK_BUFFER(sector, BOARD_SECTOR_NAME_CCHARS); convert_u2g(utf8_sector, gbk_sector); printf(" title='%s'>", gbk_sector); } sid = db_get_integer(res, 0, 0); db_clear(res); } else { if (web_request_type(UTF8)) { printf(" dir= '1' title='%s'>", parent.descr); } else { GBK_BUFFER(descr, BOARD_DESCR_CCHARS); convert_u2g(parent.descr, gbk_descr); printf(" dir= '1' title='%s'>", gbk_descr); } } if (sid) res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.sector = %d", sid); else res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.parent = %d", parent.id); if (res && db_res_rows(res) > 0) show_board(res); db_clear(res); print_session(); printf("</bbsboa>"); return 0; } int bbsclear_main(void) { if (!session_id()) return BBS_ELGNREQ; board_t board; if (!get_board(web_get_param("board"), &board) || !has_read_perm(&board)) return BBS_ENOBRD; session_set_board(board.id); const char *start = web_get_param("start"); brc_init(currentuser.userid, board.name); brc_clear_all(); brc_sync(currentuser.userid); char buf[STRLEN]; snprintf(buf, sizeof(buf), "doc?board=%s&start=%s", board.name, start); http_header(); refreshto(0, buf); printf("</head></html>"); return 0; } int bbsnot_main(void) { board_t board; if (!get_board(web_get_param("board"), &board) || !has_read_perm(&board)) return BBS_ENOBRD; if (board.flag & BOARD_FLAG_DIR) return BBS_EINVAL; session_set_board(board.id); char fname[HOMELEN]; snprintf(fname, sizeof(fname), "vote/%s/notes", board.name); mmap_t m; m.oflag = O_RDONLY; if (mmap_open(fname, &m) < 0) return BBS_ENOFILE; xml_header(NULL); printf("<bbsnot brd='%s'>", board.name); xml_fputs2((char *) m.ptr, m.size); mmap_close(&m); print_session(); printf("</bbsnot>"); return 0; }