--- lbbs/src/user_priv.c 2025/04/28 04:23:38 1.6 +++ lbbs/src/user_priv.c 2026/02/13 12:38:09 1.29 @@ -1,229 +1,278 @@ -/*************************************************************************** - user_priv.c - description - ------------------- - begin : Mon Oct 22 2004 - copyright : (C) 2004 by Leaflet - email : leaflet@leafok.com - ***************************************************************************/ - -/*************************************************************************** - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - ***************************************************************************/ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * user_priv + * - basic operations of user privilege + * + * Copyright (C) 2004-2026 Leaflet + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif #include "bbs.h" #include "common.h" +#include "database.h" +#include "log.h" +#include "user_priv.h" +#include +#include #include -int checklevel(BBS_user_priv *p_priv, int level) -{ - return (((p_priv->level & level)) ^ level ? 0 : 1); -} +BBS_user_priv BBS_priv; + +// External definitions for inline functions +extern inline int checklevel(BBS_user_priv *p_priv, int level); +extern inline int checklevel2(BBS_user_priv *p_priv, int level); +extern inline int checkpriv(BBS_user_priv *p_priv, int sid, int priv); +extern inline int is_favor(BBS_user_priv *p_priv, int sid); -int setpriv(BBS_user_priv *p_priv, int sid, int priv) +inline static int search_priv(BBS_user_priv *p_priv, int sid, int *p_offset) { - int i; - if (sid > 0) + int left = 0; + int right = p_priv->s_count - 1; + int mid = 0; + + while (left < right) { - for (i = 0; i < p_priv->s_count; i++) + mid = (left + right) / 2; + + if (sid < p_priv->s_priv_list[mid].sid) { - if (p_priv->s_priv_list[i].sid == sid) - { - p_priv->s_priv_list[i].s_priv = priv; - return 0; - } + right = mid - 1; } - if (i < BBS_max_section) + else if (sid > p_priv->s_priv_list[mid].sid) { - p_priv->s_priv_list[i].s_priv = priv; + left = mid + 1; } - else + else // if (sid == p_priv->s_priv_list[mid].sid) { - return -1; + left = mid; + break; } } - else + + *p_offset = left; + + return (sid == p_priv->s_priv_list[left].sid); +} + +int setpriv(BBS_user_priv *p_priv, int sid, int priv, int is_favor) +{ + int offset; + int i; + + if (sid == 0) { p_priv->g_priv = priv; + return 0; + } + + if (search_priv(p_priv, sid, &offset)) // found + { + p_priv->s_priv_list[offset].s_priv = priv; + p_priv->s_priv_list[offset].is_favor = is_favor; + return 0; + } + + // not found + if (p_priv->s_count >= BBS_max_section) + { + return -1; + } + + // move items at [left, p_priv->s_count - 1] to [left + 1, p_priv->s_count] + for (i = p_priv->s_count - 1; i >= offset; i--) + { + p_priv->s_priv_list[i + 1] = p_priv->s_priv_list[i]; } + p_priv->s_count++; + + // insert new item at offset left + p_priv->s_priv_list[offset].sid = sid; + p_priv->s_priv_list[offset].s_priv = priv; + p_priv->s_priv_list[offset].is_favor = is_favor; return 0; } -int getpriv(BBS_user_priv *p_priv, int sid) +int getpriv(BBS_user_priv *p_priv, int sid, int *p_is_favor) { - int i; - for (i = 0; i < p_priv->s_count; i++) + int offset; + + if (search_priv(p_priv, sid, &offset)) // found { - if (p_priv->s_priv_list[i].sid == sid) - return p_priv->s_priv_list[i].s_priv; + *p_is_favor = p_priv->s_priv_list[offset].is_favor; + return p_priv->s_priv_list[offset].s_priv; } + *p_is_favor = 0; return (sid >= 0 ? p_priv->g_priv : S_NONE); } -int checkpriv(BBS_user_priv *p_priv, int sid, int priv) -{ - return (((getpriv(p_priv, sid) & priv)) ^ priv ? 0 : 1); -} - -int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid) +int load_priv(MYSQL *db, BBS_user_priv *p_priv, int uid) { MYSQL_RES *rs; MYSQL_ROW row; - char sql[1024]; - int i; + char sql[SQL_BUFFER_LEN]; + int priv; + int is_favor; p_priv->uid = uid; p_priv->level = (uid == 0 ? P_GUEST : P_USER); p_priv->g_priv = S_DEFAULT; + p_priv->s_count = 0; if (db == NULL) return 1; - // Admin - sprintf(sql, "select aid,major from admin_config where UID=%ld" - " and enable and (now() between begin_dt and end_dt)", - uid); + // Permission + snprintf(sql, sizeof(sql), + "SELECT p_post, p_msg FROM user_list WHERE UID = %d AND verified", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query admin_config failed\n"); + log_error("Query user_list error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get admin_config data failed\n"); + log_error("Get user_list data failed"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { - p_priv->level |= (atoi(row[1]) ? P_ADMIN_M : P_ADMIN_S); - p_priv->g_priv |= (atoi(row[1]) ? S_ALL : S_ADMIN); + p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0); + p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0); } mysql_free_result(rs); - // Permission - sprintf(sql, "select p_post,p_msg,p_mail " - "from user_list where UID=%ld", - uid); + // Admin + snprintf(sql, sizeof(sql), + "SELECT major FROM admin_config WHERE UID = %d " + "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query user_list failed\n"); + log_error("Query admin_config error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get user_list data failed\n"); + log_error("Get admin_config data failed"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { - p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0); - p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0); - p_priv->g_priv |= (atoi(row[2]) ? S_MAIL : 0); + p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S); + p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN); } mysql_free_result(rs); // Section Master - sprintf(sql, "select SID,major from section_master where" - " UID=%ld and enable and (now() between begin_dt and" - " end_dt)", - uid); + snprintf(sql, sizeof(sql), + "SELECT section_master.SID, major FROM section_master " + "INNER JOIN section_config ON section_master.SID = section_config.SID " + "WHERE UID = %d AND section_master.enable AND section_config.enable " + "AND (NOW() BETWEEN begin_dt AND end_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query section_master failed\n"); + log_error("Query section_master error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get section_master data failed\n"); + log_error("Get section_master data failed"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { p_priv->level |= (atoi(row[1]) ? P_MAN_M : P_MAN_S); - setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) | (atoi(row[1]) ? S_MAN_M : S_MAN_S)); + priv = (getpriv(p_priv, atoi(row[0]), &is_favor) | (atoi(row[1]) ? S_MAN_M : S_MAN_S)); + setpriv(p_priv, atoi(row[0]), priv, is_favor); } mysql_free_result(rs); // Section status - sprintf(sql, "select SID,exp_get,read_user_level," - "write_user_level from section_config" - " left join section_class on section_config.CID=" - "section_class.CID where section_config.enable and" - " section_class.enable order by SID"); + snprintf(sql, sizeof(sql), + "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " + "INNER JOIN section_class ON section_config.CID = section_class.CID " + "WHERE section_config.enable AND section_class.enable " + "ORDER BY SID"); if (mysql_query(db, sql) != 0) { - log_error("Query section_config failed\n"); + log_error("Query section_config error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get section_config data failed\n"); + log_error("Get section_config data failed"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { + int priv = getpriv(p_priv, atoi(row[0]), &is_favor); if (p_priv->level < atoi(row[2])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_LIST)); + { + priv &= (~S_LIST); + } if (p_priv->level < atoi(row[3])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_POST)); + { + priv &= (~S_POST); + } if (!atoi(row[1])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_GETEXP)); + { + priv &= (~S_GETEXP); + } + setpriv(p_priv, atoi(row[0]), priv, is_favor); } mysql_free_result(rs); - // Section User priv - sprintf(sql, "select SID,`read`,`write` from section_user_priv" - " where UID=%ld order by SID", - uid); + // Section ban + snprintf(sql, sizeof(sql), + "SELECT SID FROM ban_user_list WHERE UID = %d AND enable " + "AND (NOW() BETWEEN ban_dt AND unban_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query section_user_priv failed\n"); + log_error("Query ban_user_list error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get section_user_priv data failed\n"); + log_error("Get ban_user_list data failed"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { - setpriv(p_priv, atoi(row[0]), - atoi(row[1]) ? (getpriv(p_priv, atoi(row[0])) | S_LIST) - : (getpriv(p_priv, atoi(row[0])) & ~S_LIST)); - setpriv(p_priv, atoi(row[0]), - atoi(row[2]) ? (getpriv(p_priv, atoi(row[0])) | S_POST) - : (getpriv(p_priv, atoi(row[0])) & ~S_POST)); + priv = getpriv(p_priv, atoi(row[0]), &is_favor) & (~S_POST); + setpriv(p_priv, atoi(row[0]), priv, is_favor); } mysql_free_result(rs); - // Section ban - sprintf(sql, "select SID from ban_user_list where" - " UID=%ld and enable and unban_UID=0 and" - " (now() between ban_dt and unban_dt)", - uid); + // User favor section + snprintf(sql, sizeof(sql), + "SELECT SID FROM section_favorite WHERE UID = %d", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query ban_user_list failed\n"); + log_error("Query section_favorite error: %s", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get ban_user_list data failed\n"); + log_error("Get section_favorite data failed"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_POST)); + priv = getpriv(p_priv, atoi(row[0]), &is_favor); + if (!is_favor) + { + setpriv(p_priv, atoi(row[0]), priv, 1); + priv = getpriv(p_priv, atoi(row[0]), &is_favor); + } } mysql_free_result(rs);