示例#1
0
文件: session.c 项目: caidongyun/fbbs
bool session_validate(void)
{
	memset(&currentuser, 0, sizeof(currentuser));
	session_clear();

	const char *uname = web_get_param(COOKIE_USER);
	const char *key = web_get_param(COOKIE_KEY);
	if (web_request_type(API) && web_request_method(GET)) {
		const char *token = web_get_param("token");
		if (!streq(token, key))
			return false;
	}

	bool ok = _get_session(uname, key);
	if (ok)
		getuserec(uname, &currentuser);

	return ok;
}
示例#2
0
文件: friend.c 项目: fbbs/fbbs
int bbsfdel_main(void)
{
	if (!session_get_id())
		return BBS_ELGNREQ;

	const char *uname = web_get_param("u");
	if (*uname) {
		user_id_t uid = get_user_id(uname);
		if (uid > 0)
			unfollow(session_get_user_id(), uid);
	}
	printf("Location: fall\n\n");
	return 0;
}
示例#3
0
文件: friend.c 项目: fbbs/fbbs
int bbsfadd_main(void)
{
	if (!session_get_id())
		return BBS_ELGNREQ;

	const char *uname = web_get_param("id");
	const char *note = web_get_param("desc");

	if (*uname) {
		UTF8_BUFFER(note, FOLLOW_NOTE_CCHARS);
		convert_g2u(note, utf8_note);

		follow(session_get_user_id(), uname, utf8_note);

		printf("Location: fall\n\n");
		return 0;
	}
	xml_header(NULL);
	printf("<bbsfadd>");
	print_session();
	printf("%s</bbsfadd>", uname);
	return 0;
}
示例#4
0
文件: prop.c 项目: caidongyun/fbbs
int web_my_props(void)
{
	if (!session_id())
		return BBS_ELGNREQ;

	int record = strtol(web_get_param("record"), NULL, 10);
	int item = strtol(web_get_param("item"), NULL, 10);

	if (record <= 0 || item <= 0) {
		my_props_t *p = my_props_load(session_uid());
		if (!p)
			return BBS_EINTNL;

		xml_header(NULL);
		printf("<bbsmyprop>");
		print_session();
		for (int i = 0; i < my_props_count(p); ++i) {
			show_my_prop(p, i);
		}
		printf("</bbsmyprop>");

		my_props_free(p);
	} else {
		switch (item) {
			case PROP_TITLE_FREE:
			case PROP_TITLE_30DAYS:
			case PROP_TITLE_90DAYS:
			case PROP_TITLE_180DAYS:
			case PROP_TITLE_1YEAR:
				return show_title_detail(record);
			default:
				return BBS_EINVAL;
		}
	}
	return 0;
}
示例#5
0
文件: board.c 项目: caidongyun/fbbs
int web_brdadd(void)
{
	if (!session_id())
		return BBS_ELGNREQ;

	int bid = strtol(web_get_param("bid"), NULL, 10);
	int ok = fav_board_add(session_uid(), NULL, bid,
			FAV_BOARD_ROOT_FOLDER, &currentuser);
	if (ok) {
		xml_header(NULL);
		printf("<bbsbrdadd>");
		print_session();

		board_t board;
		get_board_by_bid(bid, &board);
		printf("<brd>%s</brd><bid>%d</bid></bbsbrdadd>", board.name, board.id);
		session_set_board(board.id);
		return 0;
	}
	return BBS_EBRDQE;
}
示例#6
0
文件: bbsann.c 项目: caidongyun/fbbs
int bbs0an_main(void)
{
	char path[512];
	board_t board;
	int bid = strtol(web_get_param("bid"), NULL, 10);
	if (bid <= 0) {
		strlcpy(path, web_get_param("path"), sizeof(path));
		if (strstr(path, "..") || strstr(path, "SYSHome"))
			return BBS_EINVAL;
		char *bname = getbfroma(path);
		if (*bname != '\0') {
			if (!get_board(bname, &board) || !has_read_perm(&board))
				return BBS_ENODIR;
		}
	} else {
		if (!get_board_by_bid(bid, &board) || !has_read_perm(&board))
			return BBS_ENOBRD;
		if (board.flag & BOARD_FLAG_DIR)
			return BBS_EINVAL;

		path[0] = '\0';
		FILE *fp = fopen("0Announce/.Search", "r");
		if (fp == NULL)
			return BBS_EINTNL;
		char tmp[256];
		int len = strlen(board.name);
		while (fgets(tmp, sizeof(tmp), fp) != NULL) {
			if (!strncmp(tmp, board.name, len) && tmp[len] == ':'
					&& tmp[len + 1] == ' ') {
				tmp[len + 1] = '/';
				strlcpy(path, tmp + len + 1, sizeof(path));
				path[strlen(path) - 1] = '\0';
				break;
			}
		}
		fclose(fp);
		if (path[0] == '\0')
			return BBS_ENODIR;
	}
	char names[512];
	snprintf(names, sizeof(names), "0Announce%s/.Names", path);
	FILE *fp = fopen(names, "r");
	if (fp == NULL)
		return BBS_ENODIR; // not indicating hidden directories.
	char buf[512], *title;
	// check directory permission.
	while (true) {
		if (fgets(buf, sizeof(buf), fp) == NULL) {
			fclose(fp);
			return BBS_ENODIR;
		}
		if(!strncmp(buf, "# Title=", 8)) {
			title = buf + 8;
			if (!hasannperm(title, &currentuser, &board)) {
				fclose(fp);
				return BBS_ENODIR;
			}
			break;
		}
	}

	xml_header(NULL);
	printf("<bbs0an path='%s' v='%d' ", path, 1030);
	if (board.id)
		printf(" brd='%s'", board.name);
	printf(">");
	print_session();
	
	char name[STRLEN], fpath[1024], *id = NULL, *ptr;
	struct stat st;
	while (fgets(buf, sizeof(buf), fp) != NULL) {
		if (!strncmp(buf, "Name=", 5)) {
			strlcpy(name, trim(buf + 5), sizeof(name));
			if (strlen(name) > ANN_TITLE_LENGTH) {
				id = name + ANN_TITLE_LENGTH;
				if (!hasannperm(name + ANN_TITLE_LENGTH, &currentuser, &board))
					continue;
				name[ANN_TITLE_LENGTH -  1] = '\0';
				if (!strncmp(id, "BM: ", 4))
					id += 4;
				if ((ptr = strchr(id, ')')) != NULL)
					*ptr = '\0';
			} else {
				id = NULL;
			}
			if (fgets(buf, sizeof(buf), fp) == NULL || strncmp(buf, "Path=~", 6)) {
				break;
			} else {
				printf("<ent path='%s' t='", trim(buf + 6));
				snprintf(fpath, sizeof(fpath), "0Announce%s%s", path, buf + 6);
				if (stat(fpath, &st) != 0 || (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode))) {
					printf("e'");
				} else if (S_ISREG(st.st_mode)) {
					printf("f'");
				} else {
					printf("d'");
				}
				if (id != NULL)
					printf(" id='%s'", id);
				printf(" time='%s'>", format_time(st.st_mtime, TIME_FORMAT_XML));
				xml_fputs4(trim(name), 0);
				printf("</ent>");
			}
		}
	}
	fclose(fp);
	puts("</bbs0an>");
	return 0;
}
示例#7
0
文件: board.c 项目: caidongyun/fbbs
int web_sector(void)
{
	int sid = 0;
	board_t parent = { .id = 0 };
	db_res_t *res = NULL;

	const char *sname = web_get_param("s");
	if (*sname) {
		res = db_query("SELECT id, descr"
				" FROM board_sectors WHERE name = %s", sname);
		if (!res || db_res_rows(res) < 1) {
			db_clear(res);
			return BBS_EINVAL;
		}
	} else {
		const char *pname = web_get_param("board");
		if (*pname)
			get_board(pname, &parent);
		else
			get_board_by_bid(strtol(web_get_param("bid"), NULL, 10), &parent);
		if (!parent.id || !(parent.flag & BOARD_FLAG_DIR)
				|| !has_read_perm(&parent))
			return BBS_ENOBRD;
	}

	xml_header(NULL);
	printf("<bbsboa link='%sdoc' ", get_post_list_type_string());

	if (*sname) {
		char path[HOMELEN];
		sprintf(path, "%s/info/egroup%d/icon.jpg", BBSHOME,
				(int) strtol(sname, NULL, 16));
		if (dashf(path))
			printf(" icon='%s'", path);
		
		const char *utf8_sector = db_get_value(res, 0, 1);
		if (web_request_type(UTF8)) {
			printf(" title='%s'>", utf8_sector);
		} else {
			GBK_BUFFER(sector, BOARD_SECTOR_NAME_CCHARS);
			convert_u2g(utf8_sector, gbk_sector);
			printf(" title='%s'>", gbk_sector);
		}
		sid = db_get_integer(res, 0, 0);
		db_clear(res);
	} else {
		if (web_request_type(UTF8)) {
			printf(" dir= '1' title='%s'>", parent.descr);
		} else {
			GBK_BUFFER(descr, BOARD_DESCR_CCHARS);
			convert_u2g(parent.descr, gbk_descr);
			printf(" dir= '1' title='%s'>", gbk_descr);
		}
	}

	if (sid)
		res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.sector = %d", sid);
	else
		res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.parent = %d", parent.id);

	if (res && db_res_rows(res) > 0)
		show_board(res);
	db_clear(res);

	print_session();
	printf("</bbsboa>");
	return 0;
}

int bbsclear_main(void)
{
	if (!session_id())
		return BBS_ELGNREQ;

	board_t board;
	if (!get_board(web_get_param("board"), &board)
			|| !has_read_perm(&board))
		return BBS_ENOBRD;
	session_set_board(board.id);

	const char *start = web_get_param("start");
	brc_init(currentuser.userid, board.name);
	brc_clear_all();
	brc_sync(currentuser.userid);
	char buf[STRLEN];
	snprintf(buf, sizeof(buf), "doc?board=%s&start=%s", board.name, start);
	http_header();
	refreshto(0, buf);
	printf("</head></html>");
	return 0;
}

int bbsnot_main(void)
{
	board_t board;
	if (!get_board(web_get_param("board"), &board)
			|| !has_read_perm(&board))
		return BBS_ENOBRD;

	if (board.flag & BOARD_FLAG_DIR)
		return BBS_EINVAL;
	session_set_board(board.id);

	char fname[HOMELEN];
	snprintf(fname, sizeof(fname), "vote/%s/notes", board.name);
	mmap_t m;
	m.oflag = O_RDONLY;
	if (mmap_open(fname, &m) < 0)
		return BBS_ENOFILE;
	xml_header(NULL);
	printf("<bbsnot brd='%s'>", board.name);
	xml_fputs2((char *) m.ptr, m.size);
	mmap_close(&m);
	print_session();
	printf("</bbsnot>");
	return 0;
}