--- lbbs/src/user_priv.c 2025/04/28 12:45:57 1.7 +++ lbbs/src/user_priv.c 2025/05/26 02:56:59 1.15 @@ -1,28 +1,29 @@ /*************************************************************************** user_priv.c - description ------------------- - begin : Mon Oct 22 2004 - copyright : (C) 2004 by Leaflet - email : leaflet@leafok.com + Copyright : (C) 2004-2025 by Leaflet + Email : leaflet@leafok.com ***************************************************************************/ /*************************************************************************** * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * + * the Free Software Foundation; either version 3 of the License, or * * (at your option) any later version. * * * ***************************************************************************/ +#include "user_priv.h" #include "bbs.h" #include "common.h" +#include "database.h" +#include "log.h" +#include #include +#include -int checklevel(BBS_user_priv *p_priv, int level) -{ - return (((p_priv->level & level)) ^ level ? 0 : 1); -} +BBS_user_priv BBS_priv; int setpriv(BBS_user_priv *p_priv, int sid, int priv) { @@ -66,31 +67,26 @@ int getpriv(BBS_user_priv *p_priv, int s return (sid >= 0 ? p_priv->g_priv : S_NONE); } -int checkpriv(BBS_user_priv *p_priv, int sid, int priv) -{ - return (((getpriv(p_priv, sid) & priv)) ^ priv ? 0 : 1); -} - int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid) { MYSQL_RES *rs; MYSQL_ROW row; - char sql[1024]; - int i; + char sql[SQL_BUFFER_LEN]; p_priv->uid = uid; p_priv->level = (uid == 0 ? P_GUEST : P_USER); p_priv->g_priv = S_DEFAULT; + p_priv->s_count = 0; if (db == NULL) return 1; // Permission - sprintf(sql, "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified", + snprintf(sql, sizeof(sql), "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified", uid); if (mysql_query(db, sql) != 0) { - log_error("Query user_list failed\n"); + log_error("Query user_list error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -98,7 +94,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get user_list data failed\n"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0); p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0); @@ -106,12 +102,12 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Admin - sprintf(sql, "SELECT major FROM admin_config WHERE UID = %ld " + snprintf(sql, sizeof(sql), "SELECT major FROM admin_config WHERE UID = %ld " "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)", uid); if (mysql_query(db, sql) != 0) { - log_error("Query admin_config failed\n"); + log_error("Query admin_config error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -119,22 +115,22 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get admin_config data failed\n"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { - p_priv->level |= (atoi(row[1]) ? P_ADMIN_M : P_ADMIN_S); - p_priv->g_priv |= (atoi(row[1]) ? S_ALL : S_ADMIN); + p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S); + p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN); } mysql_free_result(rs); // Section Master - sprintf(sql, "SELECT section_master.SID, major FROM section_master " + snprintf(sql, sizeof(sql), "SELECT section_master.SID, major FROM section_master " "INNER JOIN section_config ON section_master.SID = section_config.SID " "WHERE UID = %ld AND section_master.enable AND section_config.enable " "AND (NOW() BETWEEN begin_dt AND end_dt)", uid); if (mysql_query(db, sql) != 0) { - log_error("Query section_master failed\n"); + log_error("Query section_master error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -142,7 +138,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get section_master data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { p_priv->level |= (atoi(row[1]) ? P_MAN_M : P_MAN_S); setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) | (atoi(row[1]) ? S_MAN_M : S_MAN_S)); @@ -150,13 +146,13 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Section status - sprintf(sql, "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " + snprintf(sql, sizeof(sql), "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " "INNER JOIN section_class ON section_config.CID = section_class.CID " "WHERE section_config.enable AND section_class.enable " "ORDER BY SID"); if (mysql_query(db, sql) != 0) { - log_error("Query section_config failed\n"); + log_error("Query section_config error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -164,7 +160,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get section_config data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { int priv = getpriv(p_priv, atoi(row[0])); if (p_priv->level < atoi(row[2])) @@ -184,12 +180,12 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Section ban - sprintf(sql, "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable " + snprintf(sql, sizeof(sql), "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable " "AND (NOW() BETWEEN ban_dt AND unban_dt)", uid); if (mysql_query(db, sql) != 0) { - log_error("Query ban_user_list failed\n"); + log_error("Query ban_user_list error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -197,7 +193,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get ban_user_list data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) & (~S_POST));