lbbs/src/user_priv.c

/***************************************************************************
                          user_priv.c  -  description
                             -------------------
    begin                : Mon Oct 22 2004
    copyright            : (C) 2004 by Leaflet
    email                : leaflet@leafok.com
 ***************************************************************************/

/***************************************************************************
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 ***************************************************************************/

#include "bbs.h"
#include "common.h"
#include <mysql.h>

int
checklevel (BBS_user_priv * p_priv, int level)
{
  return (((p_priv->level & level)) ^ level ? 0 : 1);
}

int
setpriv (BBS_user_priv * p_priv, int sid, int priv)
{
  int i;
  if (sid > 0)
    {
      for (i = 0; i < p_priv->s_count; i++)
        {
          if (p_priv->s_priv_list[i].sid == sid)
            {
              p_priv->s_priv_list[i].s_priv = priv;
              return 0;
            }
        }
      if (i < BBS_max_section)
        {
          p_priv->s_priv_list[i].s_priv = priv;
        }
      else
        {
          return -1;
        }
    }
  else
    {
      p_priv->g_priv = priv;
    }

  return 0;
}

int
getpriv (BBS_user_priv * p_priv, int sid)
{
  int i;
  for (i = 0; i < p_priv->s_count; i++)
    {
      if (p_priv->s_priv_list[i].sid == sid)
        return p_priv->s_priv_list[i].s_priv;
    }

  return (sid>=0 ? p_priv->g_priv : S_NONE);
}

int
checkpriv (BBS_user_priv * p_priv, int sid, int priv)
{
  return (((getpriv (p_priv, sid) & priv)) ^ priv ? 0 : 1);
}


int
load_priv (MYSQL * db, BBS_user_priv * p_priv, long int uid,
           long int auth_uid, int priv_excluse)
{
  MYSQL_RES *rs;
  MYSQL_ROW row;
  char sql[1024];
  int i;

  p_priv->uid = uid;
  p_priv->auid = auth_uid;
  p_priv->level = (uid == 0 ? P_GUEST : P_USER);
  p_priv->level |= (auth_uid == 0 ? P_GUEST : P_AUTH_USER);
  p_priv->g_priv = S_DEFAULT;

  if (db == NULL)
    return 1;

  //Admin
  sprintf (sql, "select aid,major from admin_config where UID=%ld"
           " and enable and (now() between begin_dt and end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query admin_config failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get admin_config data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    {
      p_priv->level |= (atoi (row[1]) ? P_ADMIN_M : P_ADMIN_S);
      p_priv->g_priv |= (atoi (row[1]) ? S_ALL : S_ADMIN);
    }
  mysql_free_result (rs);

  //Permission
  sprintf (sql, "select p_post,p_msg,p_mail "
           "from user_list where UID=%ld", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get user_list data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    {
      p_priv->g_priv |= (atoi (row[0]) ? S_POST : 0);
      p_priv->g_priv |= (atoi (row[1]) ? S_MSG : 0);
      p_priv->g_priv |= (atoi (row[2]) ? S_MAIL : 0);
    }
  mysql_free_result (rs);

  //Verified
  sprintf (sql, "select verified from user_list where" " UID=%ld", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get user_list data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    p_priv->g_priv &= (atoi (row[0]) ? p_priv->g_priv : S_DEFAULT);
  mysql_free_result (rs);

  //IP ban
  sprintf (sql, "select begin_ip,end_ip from ban_ip_list"
           " where ('%s' between begin_ip and end_ip) and enable",
           hostaddr_client);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query ban_ip_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get ban_ip_list data failed\n");
      return -1;
    }
  if (mysql_num_rows (rs) > 0)
    p_priv->g_priv &= S_DEFAULT;
  mysql_free_result (rs);

  //Section Class Master
  sprintf (sql, "select SID from section_class_master"
           " left join section_config on section_class_master.CID"
           "=section_config.CID where UID=%ld and section_class_master.enable"
           " and (now() between begin_dt and end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_class_master failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_class_master data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      p_priv->level |= P_MAN_C;
      setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
               | S_MAN_M);
    }
  mysql_free_result (rs);

  //Section Master
  sprintf (sql, "select SID,major from section_master where"
           " UID=%ld and enable and (now() between begin_dt and"
           " end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_master failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_master data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      p_priv->level |= (atoi (row[1]) ? P_MAN_M : P_MAN_S);
      setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
               | (atoi (row[1]) ? S_MAN_M : S_MAN_S));
    }
  mysql_free_result (rs);

  //Section status
  sprintf (sql, "select SID,exp_get,read_user_level,"
           "write_user_level from section_config"
           " left join section_class on section_config.CID="
           "section_class.CID where section_config.enable and"
           " section_class.enable order by SID");
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_config failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_config data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      if (p_priv->level < atoi (row[2]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_LIST));
      if (p_priv->level < atoi (row[3]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_POST));
      if (!atoi (row[1]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_GETEXP));
    }
  mysql_free_result (rs);

  //Section User priv
  sprintf (sql, "select SID,`read`,`write` from section_user_priv"
           " where UID=%ld order by SID", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_user_priv failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_user_priv data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      setpriv (p_priv, atoi (row[0]),
               atoi (row[1]) ? (getpriv (p_priv, atoi (row[0])) | S_LIST)
               : (getpriv (p_priv, atoi (row[0])) & ~S_LIST));
      setpriv (p_priv, atoi (row[0]),
               atoi (row[2]) ? (getpriv (p_priv, atoi (row[0])) | S_POST)
               : (getpriv (p_priv, atoi (row[0])) & ~S_POST));
    }
  mysql_free_result (rs);

  //Section ban
  sprintf (sql, "select SID from ban_user_list where"
           " UID=%ld and enable and unban_UID=0 and"
           " (now() between ban_dt and unban_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query ban_user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get ban_user_list data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      setpriv (p_priv, atoi (row[0]),
               getpriv (p_priv, atoi (row[0])) & (~S_POST));
    }
  mysql_free_result (rs);

  //Priv exclusion
  p_priv->g_priv &= (~priv_excluse);
  for (i = 0; i < p_priv->s_count; i++)
    p_priv->s_priv_list[i].s_priv &= (~priv_excluse);

  if (priv_excluse & S_MAN_M)
    p_priv->level &= (P_AUTH_USER | P_USER);

  return 0;
}
1	sysadm	1.1	/***************************************************************************
2			user_priv.c - description
3			-------------------
4			begin : Mon Oct 22 2004
5			copyright : (C) 2004 by Leaflet
6			email : leaflet@leafok.com
7			***************************************************************************/
8
9			/***************************************************************************
10			* *
11			* This program is free software; you can redistribute it and/or modify *
12			* it under the terms of the GNU General Public License as published by *
13			* the Free Software Foundation; either version 2 of the License, or *
14			* (at your option) any later version. *
15			* *
16			***************************************************************************/
17
18			#include "bbs.h"
19	sysadm	1.2	#include "common.h"
20	sysadm	1.1	#include <mysql.h>
21
22			int
23	sysadm	1.2	checklevel (BBS_user_priv * p_priv, int level)
24	sysadm	1.1	{
25	sysadm	1.2	return (((p_priv->level & level)) ^ level ? 0 : 1);
26			}
27
28			int
29			setpriv (BBS_user_priv * p_priv, int sid, int priv)
30			{
31			int i;
32			if (sid > 0)
33			{
34			for (i = 0; i < p_priv->s_count; i++)
35			{
36			if (p_priv->s_priv_list[i].sid == sid)
37			{
38			p_priv->s_priv_list[i].s_priv = priv;
39			return 0;
40			}
41			}
42			if (i < BBS_max_section)
43			{
44			p_priv->s_priv_list[i].s_priv = priv;
45			}
46			else
47			{
48			return -1;
49			}
50			}
51			else
52			{
53			p_priv->g_priv = priv;
54			}
55
56			return 0;
57			}
58
59			int
60			getpriv (BBS_user_priv * p_priv, int sid)
61			{
62			int i;
63			for (i = 0; i < p_priv->s_count; i++)
64			{
65			if (p_priv->s_priv_list[i].sid == sid)
66			return p_priv->s_priv_list[i].s_priv;
67			}
68
69	sysadm	1.3	return (sid>=0 ? p_priv->g_priv : S_NONE);
70	sysadm	1.2	}
71
72			int
73			checkpriv (BBS_user_priv * p_priv, int sid, int priv)
74			{
75			return (((getpriv (p_priv, sid) & priv)) ^ priv ? 0 : 1);
76			}
77
78
79			int
80			load_priv (MYSQL * db, BBS_user_priv * p_priv, long int uid,
81			long int auth_uid, int priv_excluse)
82			{
83			MYSQL_RES *rs;
84			MYSQL_ROW row;
85			char sql[1024];
86			int i;
87
88			p_priv->uid = uid;
89			p_priv->auid = auth_uid;
90			p_priv->level = (uid == 0 ? P_GUEST : P_USER);
91			p_priv->level \|= (auth_uid == 0 ? P_GUEST : P_AUTH_USER);
92			p_priv->g_priv = S_DEFAULT;
93
94			if (db == NULL)
95			return 1;
96
97			//Admin
98			sprintf (sql, "select aid,major from admin_config where UID=%ld"
99			" and enable and (now() between begin_dt and end_dt)", uid);
100			if (mysql_query (db, sql) != 0)
101			{
102			log_error ("Query admin_config failed\n");
103			return -1;
104			}
105			if ((rs = mysql_store_result (db)) == NULL)
106			{
107			log_error ("Get admin_config data failed\n");
108			return -1;
109			}
110			if (row = mysql_fetch_row (rs))
111			{
112			p_priv->level \|= (atoi (row[1]) ? P_ADMIN_M : P_ADMIN_S);
113			p_priv->g_priv \|= (atoi (row[1]) ? S_ALL : S_ADMIN);
114			}
115			mysql_free_result (rs);
116
117			//Permission
118			sprintf (sql, "select p_post,p_msg,p_mail "
119			"from user_list where UID=%ld", uid);
120			if (mysql_query (db, sql) != 0)
121			{
122			log_error ("Query user_list failed\n");
123			return -1;
124			}
125			if ((rs = mysql_store_result (db)) == NULL)
126			{
127			log_error ("Get user_list data failed\n");
128			return -1;
129			}
130			if (row = mysql_fetch_row (rs))
131			{
132			p_priv->g_priv \|= (atoi (row[0]) ? S_POST : 0);
133			p_priv->g_priv \|= (atoi (row[1]) ? S_MSG : 0);
134			p_priv->g_priv \|= (atoi (row[2]) ? S_MAIL : 0);
135			}
136			mysql_free_result (rs);
137
138			//Verified
139			sprintf (sql, "select verified from user_list where" " UID=%ld", uid);
140			if (mysql_query (db, sql) != 0)
141			{
142			log_error ("Query user_list failed\n");
143			return -1;
144			}
145			if ((rs = mysql_store_result (db)) == NULL)
146			{
147			log_error ("Get user_list data failed\n");
148			return -1;
149			}
150			if (row = mysql_fetch_row (rs))
151			p_priv->g_priv &= (atoi (row[0]) ? p_priv->g_priv : S_DEFAULT);
152			mysql_free_result (rs);
153
154			//IP ban
155			sprintf (sql, "select begin_ip,end_ip from ban_ip_list"
156			" where ('%s' between begin_ip and end_ip) and enable",
157			hostaddr_client);
158			if (mysql_query (db, sql) != 0)
159			{
160			log_error ("Query ban_ip_list failed\n");
161			return -1;
162			}
163			if ((rs = mysql_store_result (db)) == NULL)
164			{
165			log_error ("Get ban_ip_list data failed\n");
166			return -1;
167			}
168			if (mysql_num_rows (rs) > 0)
169			p_priv->g_priv &= S_DEFAULT;
170			mysql_free_result (rs);
171
172			//Section Class Master
173			sprintf (sql, "select SID from section_class_master"
174			" left join section_config on section_class_master.CID"
175			"=section_config.CID where UID=%ld and section_class_master.enable"
176			" and (now() between begin_dt and end_dt)", uid);
177			if (mysql_query (db, sql) != 0)
178			{
179			log_error ("Query section_class_master failed\n");
180			return -1;
181			}
182			if ((rs = mysql_store_result (db)) == NULL)
183			{
184			log_error ("Get section_class_master data failed\n");
185			return -1;
186			}
187			while (row = mysql_fetch_row (rs))
188			{
189			p_priv->level \|= P_MAN_C;
190			setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
191			\| S_MAN_M);
192			}
193			mysql_free_result (rs);
194
195			//Section Master
196			sprintf (sql, "select SID,major from section_master where"
197			" UID=%ld and enable and (now() between begin_dt and"
198			" end_dt)", uid);
199			if (mysql_query (db, sql) != 0)
200			{
201			log_error ("Query section_master failed\n");
202			return -1;
203			}
204			if ((rs = mysql_store_result (db)) == NULL)
205			{
206			log_error ("Get section_master data failed\n");
207			return -1;
208			}
209			while (row = mysql_fetch_row (rs))
210			{
211			p_priv->level \|= (atoi (row[1]) ? P_MAN_M : P_MAN_S);
212			setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
213			\| (atoi (row[1]) ? S_MAN_M : S_MAN_S));
214			}
215			mysql_free_result (rs);
216
217			//Section status
218			sprintf (sql, "select SID,exp_get,read_user_level,"
219			"write_user_level from section_config"
220			" left join section_class on section_config.CID="
221			"section_class.CID where section_config.enable and"
222			" section_class.enable order by SID");
223			if (mysql_query (db, sql) != 0)
224			{
225			log_error ("Query section_config failed\n");
226			return -1;
227			}
228			if ((rs = mysql_store_result (db)) == NULL)
229			{
230			log_error ("Get section_config data failed\n");
231			return -1;
232			}
233			while (row = mysql_fetch_row (rs))
234			{
235			if (p_priv->level < atoi (row[2]))
236			setpriv (p_priv, atoi (row[0]),
237			getpriv (p_priv, atoi (row[0])) & (~S_LIST));
238			if (p_priv->level < atoi (row[3]))
239			setpriv (p_priv, atoi (row[0]),
240			getpriv (p_priv, atoi (row[0])) & (~S_POST));
241			if (!atoi (row[1]))
242			setpriv (p_priv, atoi (row[0]),
243			getpriv (p_priv, atoi (row[0])) & (~S_GETEXP));
244			}
245			mysql_free_result (rs);
246
247			//Section User priv
248			sprintf (sql, "select SID,`read`,`write` from section_user_priv"
249			" where UID=%ld order by SID", uid);
250			if (mysql_query (db, sql) != 0)
251			{
252			log_error ("Query section_user_priv failed\n");
253			return -1;
254			}
255			if ((rs = mysql_store_result (db)) == NULL)
256			{
257			log_error ("Get section_user_priv data failed\n");
258			return -1;
259			}
260			while (row = mysql_fetch_row (rs))
261			{
262			setpriv (p_priv, atoi (row[0]),
263			atoi (row[1]) ? (getpriv (p_priv, atoi (row[0])) \| S_LIST)
264			: (getpriv (p_priv, atoi (row[0])) & ~S_LIST));
265			setpriv (p_priv, atoi (row[0]),
266			atoi (row[2]) ? (getpriv (p_priv, atoi (row[0])) \| S_POST)
267			: (getpriv (p_priv, atoi (row[0])) & ~S_POST));
268			}
269			mysql_free_result (rs);
270
271			//Section ban
272			sprintf (sql, "select SID from ban_user_list where"
273			" UID=%ld and enable and unban_UID=0 and"
274			" (now() between ban_dt and unban_dt)", uid);
275			if (mysql_query (db, sql) != 0)
276			{
277			log_error ("Query ban_user_list failed\n");
278			return -1;
279			}
280			if ((rs = mysql_store_result (db)) == NULL)
281			{
282			log_error ("Get ban_user_list data failed\n");
283			return -1;
284			}
285			while (row = mysql_fetch_row (rs))
286			{
287			setpriv (p_priv, atoi (row[0]),
288			getpriv (p_priv, atoi (row[0])) & (~S_POST));
289			}
290			mysql_free_result (rs);
291
292			//Priv exclusion
293			p_priv->g_priv &= (~priv_excluse);
294			for (i = 0; i < p_priv->s_count; i++)
295			p_priv->s_priv_list[i].s_priv &= (~priv_excluse);
296
297			if (priv_excluse & S_MAN_M)
298			p_priv->level &= (P_AUTH_USER \| P_USER);
299	sysadm	1.1
300			return 0;
301			}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1