--- lbbs/src/user_priv.c	2025/05/02 02:19:18	1.9
+++ lbbs/src/user_priv.c	2025/06/03 13:14:26	1.19
@@ -1,16 +1,15 @@
 /***************************************************************************
 						  user_priv.c  -  description
 							 -------------------
-	begin                : Mon Oct 22 2004
-	copyright            : (C) 2004 by Leaflet
-	email                : leaflet@leafok.com
+	Copyright            : (C) 2004-2025 by Leaflet
+	Email                : leaflet@leafok.com
  ***************************************************************************/
 
 /***************************************************************************
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
  *   it under the terms of the GNU General Public License as published by  *
- *   the Free Software Foundation; either version 2 of the License, or     *
+ *   the Free Software Foundation; either version 3 of the License, or     *
  *   (at your option) any later version.                                   *
  *                                                                         *
  ***************************************************************************/
@@ -18,89 +17,115 @@
 #include "user_priv.h"
 #include "bbs.h"
 #include "common.h"
+#include "database.h"
 #include "log.h"
 #include <stdio.h>
-#include <mysql.h>
+#include <stdlib.h>
+#include <mysql/mysql.h>
 
 BBS_user_priv BBS_priv;
 
-int checklevel(BBS_user_priv *p_priv, int level)
+inline static int search_priv(BBS_user_priv *p_priv, int sid, int *p_offset)
 {
-	if (level == P_GUEST)
-	{
-		return 1;
-	}
+	int left = 0;
+	int right = p_priv->s_count - 1;
+	int mid = 0;
 
-	return ((p_priv->level & level) ? 1 : 0);
-}
-
-int setpriv(BBS_user_priv *p_priv, int sid, int priv)
-{
-	int i;
-	if (sid > 0)
+	while (left < right)
 	{
-		for (i = 0; i < p_priv->s_count; i++)
-		{
-			if (p_priv->s_priv_list[i].sid == sid)
-			{
-				p_priv->s_priv_list[i].s_priv = priv;
-				return 0;
-			}
-		}
-		if (i < BBS_max_section)
+		mid = (left + right) / 2;
+
+		if (sid <= p_priv->s_priv_list[mid].sid)
 		{
-			p_priv->s_priv_list[i].s_priv = priv;
+			right = mid;
 		}
 		else
 		{
-			return -1;
+			left = mid + 1;
 		}
 	}
-	else
+
+	*p_offset = left;
+
+	return (left == right && sid == p_priv->s_priv_list[left].sid);
+}
+
+int setpriv(BBS_user_priv *p_priv, int sid, int priv, int is_favor)
+{
+	int offset;
+	int i;
+
+	if (sid == 0)
 	{
 		p_priv->g_priv = priv;
+		return 0;
+	}
+
+	if (search_priv(p_priv, sid, &offset)) //found
+	{
+		p_priv->s_priv_list[offset].s_priv = priv;
+		p_priv->s_priv_list[offset].is_favor = is_favor;
+		return 0;
+	}
+
+	// not found
+	if (p_priv->s_count >= BBS_max_section)
+	{
+		return -1;
 	}
 
+	// move items at [left, p_priv->s_count - 1] to [left + 1, p_priv->s_count]
+	for (i = p_priv->s_count - 1; i >= offset; i--)
+	{
+		p_priv->s_priv_list[i + 1] = p_priv->s_priv_list[i];
+	}
+	p_priv->s_count++;
+
+	// insert new item at offset left
+	p_priv->s_priv_list[offset].sid = sid;
+	p_priv->s_priv_list[offset].s_priv = priv;
+	p_priv->s_priv_list[offset].is_favor = is_favor;
+
 	return 0;
 }
 
-int getpriv(BBS_user_priv *p_priv, int sid)
+int getpriv(BBS_user_priv *p_priv, int sid, int *p_is_favor)
 {
-	int i;
-	for (i = 0; i < p_priv->s_count; i++)
+	int offset;
+
+	if (search_priv(p_priv, sid, &offset)) //found
 	{
-		if (p_priv->s_priv_list[i].sid == sid)
-			return p_priv->s_priv_list[i].s_priv;
+		*p_is_favor = p_priv->s_priv_list[offset].is_favor;
+		return p_priv->s_priv_list[offset].s_priv;
 	}
 
+	*p_is_favor = 0;
 	return (sid >= 0 ? p_priv->g_priv : S_NONE);
 }
 
-int checkpriv(BBS_user_priv *p_priv, int sid, int priv)
-{
-	return (((getpriv(p_priv, sid) & priv)) == priv ? 1 : 0);
-}
-
 int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid)
 {
 	MYSQL_RES *rs;
 	MYSQL_ROW row;
-	char sql[1024];
-	int i;
+	char sql[SQL_BUFFER_LEN];
+	int priv;
+	int is_favor;
 
 	p_priv->uid = uid;
 	p_priv->level = (uid == 0 ? P_GUEST : P_USER);
 	p_priv->g_priv = S_DEFAULT;
+	p_priv->s_count = 0;
 
 	if (db == NULL)
 		return 1;
 
 	// Permission
-	sprintf(sql, "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified",
-			uid);
+	snprintf(sql, sizeof(sql),
+			 "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified",
+			 uid);
 	if (mysql_query(db, sql) != 0)
 	{
-		log_error("Query user_list failed\n");
+		log_error("Query user_list error: %s\n", mysql_error(db));
 		return -1;
 	}
 	if ((rs = mysql_store_result(db)) == NULL)
@@ -108,7 +133,7 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		log_error("Get user_list data failed\n");
 		return -1;
 	}
-	if (row = mysql_fetch_row(rs))
+	if ((row = mysql_fetch_row(rs)))
 	{
 		p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0);
 		p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0);
@@ -116,12 +141,13 @@ int load_priv(MYSQL *db, BBS_user_priv *
 	mysql_free_result(rs);
 
 	// Admin
-	sprintf(sql, "SELECT major FROM admin_config WHERE UID = %ld "
-				 "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)",
-			uid);
+	snprintf(sql, sizeof(sql),
+			 "SELECT major FROM admin_config WHERE UID = %ld "
+			 "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)",
+			 uid);
 	if (mysql_query(db, sql) != 0)
 	{
-		log_error("Query admin_config failed\n");
+		log_error("Query admin_config error: %s\n", mysql_error(db));
 		return -1;
 	}
 	if ((rs = mysql_store_result(db)) == NULL)
@@ -129,7 +155,7 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		log_error("Get admin_config data failed\n");
 		return -1;
 	}
-	if (row = mysql_fetch_row(rs))
+	if ((row = mysql_fetch_row(rs)))
 	{
 		p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S);
 		p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN);
@@ -137,14 +163,15 @@ int load_priv(MYSQL *db, BBS_user_priv *
 	mysql_free_result(rs);
 
 	// Section Master
-	sprintf(sql, "SELECT section_master.SID, major FROM section_master "
-				 "INNER JOIN section_config ON section_master.SID = section_config.SID "
-				 "WHERE UID = %ld AND section_master.enable AND section_config.enable "
-				 "AND (NOW() BETWEEN begin_dt AND end_dt)",
-			uid);
+	snprintf(sql, sizeof(sql),
+			 "SELECT section_master.SID, major FROM section_master "
+			 "INNER JOIN section_config ON section_master.SID = section_config.SID "
+			 "WHERE UID = %ld AND section_master.enable AND section_config.enable "
+			 "AND (NOW() BETWEEN begin_dt AND end_dt)",
+			 uid);
 	if (mysql_query(db, sql) != 0)
 	{
-		log_error("Query section_master failed\n");
+		log_error("Query section_master error: %s\n", mysql_error(db));
 		return -1;
 	}
 	if ((rs = mysql_store_result(db)) == NULL)
@@ -152,21 +179,23 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		log_error("Get section_master data failed\n");
 		return -1;
 	}
-	while (row = mysql_fetch_row(rs))
+	while ((row = mysql_fetch_row(rs)))
 	{
 		p_priv->level |= (atoi(row[1]) ? P_MAN_M : P_MAN_S);
-		setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) | (atoi(row[1]) ? S_MAN_M : S_MAN_S));
+		priv = (getpriv(p_priv, atoi(row[0]), &is_favor) | (atoi(row[1]) ? S_MAN_M : S_MAN_S));
+		setpriv(p_priv, atoi(row[0]), priv, is_favor);
 	}
 	mysql_free_result(rs);
 
 	// Section status
-	sprintf(sql, "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config "
-				 "INNER JOIN section_class ON section_config.CID = section_class.CID "
-				 "WHERE section_config.enable AND section_class.enable "
-				 "ORDER BY SID");
+	snprintf(sql, sizeof(sql),
+			 "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config "
+			 "INNER JOIN section_class ON section_config.CID = section_class.CID "
+			 "WHERE section_config.enable AND section_class.enable "
+			 "ORDER BY SID");
 	if (mysql_query(db, sql) != 0)
 	{
-		log_error("Query section_config failed\n");
+		log_error("Query section_config error: %s\n", mysql_error(db));
 		return -1;
 	}
 	if ((rs = mysql_store_result(db)) == NULL)
@@ -174,9 +203,9 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		log_error("Get section_config data failed\n");
 		return -1;
 	}
-	while (row = mysql_fetch_row(rs))
+	while ((row = mysql_fetch_row(rs)))
 	{
-		int priv = getpriv(p_priv, atoi(row[0]));
+		int priv = getpriv(p_priv, atoi(row[0]), &is_favor);
 		if (p_priv->level < atoi(row[2]))
 		{
 			priv &= (~S_LIST);
@@ -189,17 +218,18 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		{
 			priv &= (~S_GETEXP);
 		}
-		setpriv(p_priv, atoi(row[0]), priv);
+		setpriv(p_priv, atoi(row[0]), priv, is_favor);
 	}
 	mysql_free_result(rs);
 
 	// Section ban
-	sprintf(sql, "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable "
-				 "AND (NOW() BETWEEN ban_dt AND unban_dt)",
-			uid);
+	snprintf(sql, sizeof(sql),
+			 "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable "
+			 "AND (NOW() BETWEEN ban_dt AND unban_dt)",
+			 uid);
 	if (mysql_query(db, sql) != 0)
 	{
-		log_error("Query ban_user_list failed\n");
+		log_error("Query ban_user_list error: %s\n", mysql_error(db));
 		return -1;
 	}
 	if ((rs = mysql_store_result(db)) == NULL)
@@ -207,10 +237,35 @@ int load_priv(MYSQL *db, BBS_user_priv *
 		log_error("Get ban_user_list data failed\n");
 		return -1;
 	}
-	while (row = mysql_fetch_row(rs))
+	while ((row = mysql_fetch_row(rs)))
+	{
+		priv = getpriv(p_priv, atoi(row[0]), &is_favor) & (~S_POST);
+		setpriv(p_priv, atoi(row[0]), priv, is_favor);
+	}
+	mysql_free_result(rs);
+
+	// User favor section
+	snprintf(sql, sizeof(sql),
+			 "SELECT SID FROM section_favorite WHERE UID = %ld",
+			 uid);
+	if (mysql_query(db, sql) != 0)
+	{
+		log_error("Query section_favorite error: %s\n", mysql_error(db));
+		return -1;
+	}
+	if ((rs = mysql_store_result(db)) == NULL)
+	{
+		log_error("Get section_favorite data failed\n");
+		return -1;
+	}
+	while ((row = mysql_fetch_row(rs)))
 	{
-		setpriv(p_priv, atoi(row[0]),
-				getpriv(p_priv, atoi(row[0])) & (~S_POST));
+		priv = getpriv(p_priv, atoi(row[0]), &is_favor);
+		if (!is_favor)
+		{
+			setpriv(p_priv, atoi(row[0]), priv, 1);
+			priv = getpriv(p_priv, atoi(row[0]), &is_favor);
+		}
 	}
 	mysql_free_result(rs);