lbbs/src/user_priv.c

/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * user_priv
 *   - basic operations of user privilege
 *
 * Copyright (C) 2004-2025  Leaflet <leaflet@leafok.com>
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "bbs.h"
#include "common.h"
#include "database.h"
#include "log.h"
#include "user_priv.h"
#include <stdio.h>
#include <stdlib.h>
#include <mysql.h>

BBS_user_priv BBS_priv;

inline static int search_priv(BBS_user_priv *p_priv, int sid, int *p_offset)
{
        int left = 0;
        int right = p_priv->s_count - 1;
        int mid = 0;

        while (left < right)
        {
                mid = (left + right) / 2;

                if (sid < p_priv->s_priv_list[mid].sid)
                {
                        right = mid - 1;
                }
                else if (sid > p_priv->s_priv_list[mid].sid)
                {
                        left = mid + 1;
                }
                else // if (sid == p_priv->s_priv_list[mid].sid)
                {
                        left = mid;
                        break;
                }
        }

        *p_offset = left;

        return (sid == p_priv->s_priv_list[left].sid);
}

int setpriv(BBS_user_priv *p_priv, int sid, int priv, int is_favor)
{
        int offset;
        int i;

        if (sid == 0)
        {
                p_priv->g_priv = priv;
                return 0;
        }

        if (search_priv(p_priv, sid, &offset)) // found
        {
                p_priv->s_priv_list[offset].s_priv = priv;
                p_priv->s_priv_list[offset].is_favor = is_favor;
                return 0;
        }

        // not found
        if (p_priv->s_count >= BBS_max_section)
        {
                return -1;
        }

        // move items at [left, p_priv->s_count - 1] to [left + 1, p_priv->s_count]
        for (i = p_priv->s_count - 1; i >= offset; i--)
        {
                p_priv->s_priv_list[i + 1] = p_priv->s_priv_list[i];
        }
        p_priv->s_count++;

        // insert new item at offset left
        p_priv->s_priv_list[offset].sid = sid;
        p_priv->s_priv_list[offset].s_priv = priv;
        p_priv->s_priv_list[offset].is_favor = is_favor;

        return 0;
}

int getpriv(BBS_user_priv *p_priv, int sid, int *p_is_favor)
{
        int offset;

        if (search_priv(p_priv, sid, &offset)) // found
        {
                *p_is_favor = p_priv->s_priv_list[offset].is_favor;
                return p_priv->s_priv_list[offset].s_priv;
        }

        *p_is_favor = 0;
        return (sid >= 0 ? p_priv->g_priv : S_NONE);
}

int load_priv(MYSQL *db, BBS_user_priv *p_priv, int uid)
{
        MYSQL_RES *rs;
        MYSQL_ROW row;
        char sql[SQL_BUFFER_LEN];
        int priv;
        int is_favor;

        p_priv->uid = uid;
        p_priv->level = (uid == 0 ? P_GUEST : P_USER);
        p_priv->g_priv = S_DEFAULT;
        p_priv->s_count = 0;

        if (db == NULL)
                return 1;

        // Permission
        snprintf(sql, sizeof(sql),
                         "SELECT p_post, p_msg FROM user_list WHERE UID = %d AND verified",
                         uid);
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query user_list error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get user_list data failed\n");
                return -1;
        }
        if ((row = mysql_fetch_row(rs)))
        {
                p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0);
                p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0);
        }
        mysql_free_result(rs);

        // Admin
        snprintf(sql, sizeof(sql),
                         "SELECT major FROM admin_config WHERE UID = %d "
                         "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)",
                         uid);
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query admin_config error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get admin_config data failed\n");
                return -1;
        }
        if ((row = mysql_fetch_row(rs)))
        {
                p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S);
                p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN);
        }
        mysql_free_result(rs);

        // Section Master
        snprintf(sql, sizeof(sql),
                         "SELECT section_master.SID, major FROM section_master "
                         "INNER JOIN section_config ON section_master.SID = section_config.SID "
                         "WHERE UID = %d AND section_master.enable AND section_config.enable "
                         "AND (NOW() BETWEEN begin_dt AND end_dt)",
                         uid);
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query section_master error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get section_master data failed\n");
                return -1;
        }
        while ((row = mysql_fetch_row(rs)))
        {
                p_priv->level |= (atoi(row[1]) ? P_MAN_M : P_MAN_S);
                priv = (getpriv(p_priv, atoi(row[0]), &is_favor) | (atoi(row[1]) ? S_MAN_M : S_MAN_S));
                setpriv(p_priv, atoi(row[0]), priv, is_favor);
        }
        mysql_free_result(rs);

        // Section status
        snprintf(sql, sizeof(sql),
                         "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config "
                         "INNER JOIN section_class ON section_config.CID = section_class.CID "
                         "WHERE section_config.enable AND section_class.enable "
                         "ORDER BY SID");
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query section_config error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get section_config data failed\n");
                return -1;
        }
        while ((row = mysql_fetch_row(rs)))
        {
                int priv = getpriv(p_priv, atoi(row[0]), &is_favor);
                if (p_priv->level < atoi(row[2]))
                {
                        priv &= (~S_LIST);
                }
                if (p_priv->level < atoi(row[3]))
                {
                        priv &= (~S_POST);
                }
                if (!atoi(row[1]))
                {
                        priv &= (~S_GETEXP);
                }
                setpriv(p_priv, atoi(row[0]), priv, is_favor);
        }
        mysql_free_result(rs);

        // Section ban
        snprintf(sql, sizeof(sql),
                         "SELECT SID FROM ban_user_list WHERE UID = %d AND enable "
                         "AND (NOW() BETWEEN ban_dt AND unban_dt)",
                         uid);
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query ban_user_list error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get ban_user_list data failed\n");
                return -1;
        }
        while ((row = mysql_fetch_row(rs)))
        {
                priv = getpriv(p_priv, atoi(row[0]), &is_favor) & (~S_POST);
                setpriv(p_priv, atoi(row[0]), priv, is_favor);
        }
        mysql_free_result(rs);

        // User favor section
        snprintf(sql, sizeof(sql),
                         "SELECT SID FROM section_favorite WHERE UID = %d",
                         uid);
        if (mysql_query(db, sql) != 0)
        {
                log_error("Query section_favorite error: %s\n", mysql_error(db));
                return -1;
        }
        if ((rs = mysql_store_result(db)) == NULL)
        {
                log_error("Get section_favorite data failed\n");
                return -1;
        }
        while ((row = mysql_fetch_row(rs)))
        {
                priv = getpriv(p_priv, atoi(row[0]), &is_favor);
                if (!is_favor)
                {
                        setpriv(p_priv, atoi(row[0]), priv, 1);
                        priv = getpriv(p_priv, atoi(row[0]), &is_favor);
                }
        }
        mysql_free_result(rs);

        return 0;
}
1	sysadm	1.23	/* SPDX-License-Identifier: GPL-3.0-or-later */
2			/*
3			* user_priv
4			* - basic operations of user privilege
5			*
6	sysadm	1.24	* Copyright (C) 2004-2025 Leaflet <leaflet@leafok.com>
7	sysadm	1.23	*/
8	sysadm	1.1
9	sysadm	1.25	#ifdef HAVE_CONFIG_H
10			#include "config.h"
11			#endif
12
13	sysadm	1.1	#include "bbs.h"
14	sysadm	1.2	#include "common.h"
15	sysadm	1.10	#include "database.h"
16	sysadm	1.8	#include "log.h"
17	sysadm	1.21	#include "user_priv.h"
18	sysadm	1.8	#include <stdio.h>
19	sysadm	1.15	#include <stdlib.h>
20	sysadm	1.26	#include <mysql.h>
21	sysadm	1.1
22	sysadm	1.8	BBS_user_priv BBS_priv;
23
24	sysadm	1.18	inline static int search_priv(BBS_user_priv p_priv, int sid, int p_offset)
25	sysadm	1.2	{
26	sysadm	1.16	int left = 0;
27			int right = p_priv->s_count - 1;
28	sysadm	1.17	int mid = 0;
29	sysadm	1.16
30			while (left < right)
31			{
32			mid = (left + right) / 2;
33
34	sysadm	1.22	if (sid < p_priv->s_priv_list[mid].sid)
35	sysadm	1.5	{
36	sysadm	1.22	right = mid - 1;
37	sysadm	1.5	}
38	sysadm	1.22	else if (sid > p_priv->s_priv_list[mid].sid)
39	sysadm	1.5	{
40	sysadm	1.16	left = mid + 1;
41	sysadm	1.5	}
42	sysadm	1.22	else // if (sid == p_priv->s_priv_list[mid].sid)
43			{
44			left = mid;
45			break;
46			}
47	sysadm	1.2	}
48	sysadm	1.16
49	sysadm	1.18	*p_offset = left;
50
51	sysadm	1.22	return (sid == p_priv->s_priv_list[left].sid);
52	sysadm	1.18	}
53
54			int setpriv(BBS_user_priv *p_priv, int sid, int priv, int is_favor)
55			{
56			int offset;
57			int i;
58
59			if (sid == 0)
60			{
61			p_priv->g_priv = priv;
62			return 0;
63			}
64
65	sysadm	1.23	if (search_priv(p_priv, sid, &offset)) // found
66	sysadm	1.2	{
67	sysadm	1.18	p_priv->s_priv_list[offset].s_priv = priv;
68			p_priv->s_priv_list[offset].is_favor = is_favor;
69	sysadm	1.16	return 0;
70			}
71
72			// not found
73			if (p_priv->s_count >= BBS_max_section)
74			{
75			return -1;
76			}
77
78			// move items at [left, p_priv->s_count - 1] to [left + 1, p_priv->s_count]
79	sysadm	1.18	for (i = p_priv->s_count - 1; i >= offset; i--)
80	sysadm	1.16	{
81	sysadm	1.18	p_priv->s_priv_list[i + 1] = p_priv->s_priv_list[i];
82	sysadm	1.2	}
83	sysadm	1.17	p_priv->s_count++;
84
85	sysadm	1.16	// insert new item at offset left
86	sysadm	1.18	p_priv->s_priv_list[offset].sid = sid;
87			p_priv->s_priv_list[offset].s_priv = priv;
88			p_priv->s_priv_list[offset].is_favor = is_favor;
89	sysadm	1.5
90			return 0;
91			}
92
93	sysadm	1.17	int getpriv(BBS_user_priv p_priv, int sid, int p_is_favor)
94	sysadm	1.5	{
95	sysadm	1.18	int offset;
96	sysadm	1.2
97	sysadm	1.23	if (search_priv(p_priv, sid, &offset)) // found
98	sysadm	1.17	{
99	sysadm	1.18	*p_is_favor = p_priv->s_priv_list[offset].is_favor;
100			return p_priv->s_priv_list[offset].s_priv;
101	sysadm	1.17	}
102
103	sysadm	1.18	*p_is_favor = 0;
104	sysadm	1.5	return (sid >= 0 ? p_priv->g_priv : S_NONE);
105	sysadm	1.2	}
106
107	sysadm	1.20	int load_priv(MYSQL db, BBS_user_priv p_priv, int uid)
108	sysadm	1.2	{
109	sysadm	1.5	MYSQL_RES *rs;
110			MYSQL_ROW row;
111	sysadm	1.10	char sql[SQL_BUFFER_LEN];
112	sysadm	1.17	int priv;
113			int is_favor;
114	sysadm	1.5
115			p_priv->uid = uid;
116			p_priv->level = (uid == 0 ? P_GUEST : P_USER);
117			p_priv->g_priv = S_DEFAULT;
118	sysadm	1.14	p_priv->s_count = 0;
119	sysadm	1.5
120			if (db == NULL)
121			return 1;
122
123	sysadm	1.7	// Permission
124	sysadm	1.17	snprintf(sql, sizeof(sql),
125	sysadm	1.20	"SELECT p_post, p_msg FROM user_list WHERE UID = %d AND verified",
126	sysadm	1.16	uid);
127	sysadm	1.5	if (mysql_query(db, sql) != 0)
128			{
129	sysadm	1.15	log_error("Query user_list error: %s\n", mysql_error(db));
130	sysadm	1.5	return -1;
131			}
132			if ((rs = mysql_store_result(db)) == NULL)
133			{
134	sysadm	1.7	log_error("Get user_list data failed\n");
135	sysadm	1.5	return -1;
136			}
137	sysadm	1.10	if ((row = mysql_fetch_row(rs)))
138	sysadm	1.5	{
139	sysadm	1.7	p_priv->g_priv \|= (atoi(row[0]) ? S_POST : 0);
140			p_priv->g_priv \|= (atoi(row[1]) ? S_MSG : 0);
141	sysadm	1.5	}
142			mysql_free_result(rs);
143
144	sysadm	1.7	// Admin
145	sysadm	1.17	snprintf(sql, sizeof(sql),
146	sysadm	1.20	"SELECT major FROM admin_config WHERE UID = %d "
147	sysadm	1.17	"AND enable AND (NOW() BETWEEN begin_dt AND end_dt)",
148	sysadm	1.16	uid);
149	sysadm	1.5	if (mysql_query(db, sql) != 0)
150			{
151	sysadm	1.15	log_error("Query admin_config error: %s\n", mysql_error(db));
152	sysadm	1.5	return -1;
153			}
154			if ((rs = mysql_store_result(db)) == NULL)
155			{
156	sysadm	1.7	log_error("Get admin_config data failed\n");
157	sysadm	1.5	return -1;
158			}
159	sysadm	1.10	if ((row = mysql_fetch_row(rs)))
160	sysadm	1.5	{
161	sysadm	1.9	p_priv->level \|= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S);
162			p_priv->g_priv \|= (atoi(row[0]) ? S_ALL : S_ADMIN);
163	sysadm	1.5	}
164			mysql_free_result(rs);
165
166			// Section Master
167	sysadm	1.17	snprintf(sql, sizeof(sql),
168			"SELECT section_master.SID, major FROM section_master "
169			"INNER JOIN section_config ON section_master.SID = section_config.SID "
170	sysadm	1.20	"WHERE UID = %d AND section_master.enable AND section_config.enable "
171	sysadm	1.17	"AND (NOW() BETWEEN begin_dt AND end_dt)",
172	sysadm	1.16	uid);
173	sysadm	1.5	if (mysql_query(db, sql) != 0)
174			{
175	sysadm	1.15	log_error("Query section_master error: %s\n", mysql_error(db));
176	sysadm	1.5	return -1;
177			}
178			if ((rs = mysql_store_result(db)) == NULL)
179			{
180			log_error("Get section_master data failed\n");
181			return -1;
182			}
183	sysadm	1.10	while ((row = mysql_fetch_row(rs)))
184	sysadm	1.5	{
185			p_priv->level \|= (atoi(row[1]) ? P_MAN_M : P_MAN_S);
186	sysadm	1.17	priv = (getpriv(p_priv, atoi(row[0]), &is_favor) \| (atoi(row[1]) ? S_MAN_M : S_MAN_S));
187			setpriv(p_priv, atoi(row[0]), priv, is_favor);
188	sysadm	1.5	}
189			mysql_free_result(rs);
190
191			// Section status
192	sysadm	1.17	snprintf(sql, sizeof(sql),
193			"SELECT SID, exp_get, read_user_level, write_user_level FROM section_config "
194			"INNER JOIN section_class ON section_config.CID = section_class.CID "
195			"WHERE section_config.enable AND section_class.enable "
196			"ORDER BY SID");
197	sysadm	1.5	if (mysql_query(db, sql) != 0)
198			{
199	sysadm	1.15	log_error("Query section_config error: %s\n", mysql_error(db));
200	sysadm	1.5	return -1;
201			}
202			if ((rs = mysql_store_result(db)) == NULL)
203			{
204			log_error("Get section_config data failed\n");
205			return -1;
206			}
207	sysadm	1.10	while ((row = mysql_fetch_row(rs)))
208	sysadm	1.5	{
209	sysadm	1.17	int priv = getpriv(p_priv, atoi(row[0]), &is_favor);
210	sysadm	1.5	if (p_priv->level < atoi(row[2]))
211	sysadm	1.7	{
212			priv &= (~S_LIST);
213			}
214	sysadm	1.5	if (p_priv->level < atoi(row[3]))
215	sysadm	1.7	{
216			priv &= (~S_POST);
217			}
218	sysadm	1.5	if (!atoi(row[1]))
219	sysadm	1.7	{
220			priv &= (~S_GETEXP);
221			}
222	sysadm	1.17	setpriv(p_priv, atoi(row[0]), priv, is_favor);
223	sysadm	1.5	}
224			mysql_free_result(rs);
225	sysadm	1.2
226	sysadm	1.5	// Section ban
227	sysadm	1.17	snprintf(sql, sizeof(sql),
228	sysadm	1.20	"SELECT SID FROM ban_user_list WHERE UID = %d AND enable "
229	sysadm	1.17	"AND (NOW() BETWEEN ban_dt AND unban_dt)",
230	sysadm	1.16	uid);
231	sysadm	1.5	if (mysql_query(db, sql) != 0)
232			{
233	sysadm	1.15	log_error("Query ban_user_list error: %s\n", mysql_error(db));
234	sysadm	1.5	return -1;
235			}
236			if ((rs = mysql_store_result(db)) == NULL)
237			{
238			log_error("Get ban_user_list data failed\n");
239			return -1;
240			}
241	sysadm	1.10	while ((row = mysql_fetch_row(rs)))
242	sysadm	1.5	{
243	sysadm	1.17	priv = getpriv(p_priv, atoi(row[0]), &is_favor) & (~S_POST);
244			setpriv(p_priv, atoi(row[0]), priv, is_favor);
245			}
246			mysql_free_result(rs);
247
248			// User favor section
249			snprintf(sql, sizeof(sql),
250	sysadm	1.20	"SELECT SID FROM section_favorite WHERE UID = %d",
251	sysadm	1.17	uid);
252			if (mysql_query(db, sql) != 0)
253			{
254			log_error("Query section_favorite error: %s\n", mysql_error(db));
255			return -1;
256			}
257			if ((rs = mysql_store_result(db)) == NULL)
258			{
259			log_error("Get section_favorite data failed\n");
260			return -1;
261			}
262			while ((row = mysql_fetch_row(rs)))
263			{
264			priv = getpriv(p_priv, atoi(row[0]), &is_favor);
265			if (!is_favor)
266			{
267			setpriv(p_priv, atoi(row[0]), priv, 1);
268			priv = getpriv(p_priv, atoi(row[0]), &is_favor);
269			}
270	sysadm	1.5	}
271			mysql_free_result(rs);
272
273			return 0;
274	sysadm	1.1	}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1