--- lbbs/src/user_priv.c 2025/04/30 09:18:20 1.8 +++ lbbs/src/user_priv.c 2025/05/30 00:58:02 1.16 @@ -1,16 +1,15 @@ /*************************************************************************** user_priv.c - description ------------------- - begin : Mon Oct 22 2004 - copyright : (C) 2004 by Leaflet - email : leaflet@leafok.com + Copyright : (C) 2004-2025 by Leaflet + Email : leaflet@leafok.com ***************************************************************************/ /*************************************************************************** * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * + * the Free Software Foundation; either version 3 of the License, or * * (at your option) any later version. * * * ***************************************************************************/ @@ -18,84 +17,111 @@ #include "user_priv.h" #include "bbs.h" #include "common.h" +#include "database.h" #include "log.h" #include #include +#include BBS_user_priv BBS_priv; -int checklevel(BBS_user_priv *p_priv, int level) -{ - return (((p_priv->level & level)) ^ level ? 0 : 1); -} - int setpriv(BBS_user_priv *p_priv, int sid, int priv) { - int i; - if (sid > 0) + int left = 0; + int right = p_priv->s_count - 1; + int mid; + + if (sid == 0) { - for (i = 0; i < p_priv->s_count; i++) - { - if (p_priv->s_priv_list[i].sid == sid) - { - p_priv->s_priv_list[i].s_priv = priv; - return 0; - } - } - if (i < BBS_max_section) + p_priv->g_priv = priv; + return 0; + } + + while (left < right) + { + mid = (left + right) / 2; + + if (sid <= p_priv->s_priv_list[mid].sid) { - p_priv->s_priv_list[i].s_priv = priv; + right = mid; } else { - return -1; + left = mid + 1; } } - else + + if (sid == p_priv->s_priv_list[left].sid) // found { - p_priv->g_priv = priv; + p_priv->s_priv_list[left].s_priv = priv; + return 0; + } + + // not found + if (p_priv->s_count >= BBS_max_section) + { + return -1; } + // move items at [left, p_priv->s_count - 1] to [left + 1, p_priv->s_count] + for (right = p_priv->s_count - 1; right >= left; right--) + { + p_priv->s_priv_list[right + 1] = p_priv->s_priv_list[right]; + } + // insert new item at offset left + p_priv->s_priv_list[left].s_priv = priv; + return 0; } int getpriv(BBS_user_priv *p_priv, int sid) { - int i; - for (i = 0; i < p_priv->s_count; i++) + int left = 0; + int right = p_priv->s_count - 1; + int mid; + + while (left < right) + { + mid = (left + right) / 2; + + if (sid <= p_priv->s_priv_list[mid].sid) + { + right = mid; + } + else + { + left = mid + 1; + } + } + + if (sid == p_priv->s_priv_list[left].sid) // found { - if (p_priv->s_priv_list[i].sid == sid) - return p_priv->s_priv_list[i].s_priv; + return p_priv->s_priv_list[left].s_priv; } return (sid >= 0 ? p_priv->g_priv : S_NONE); } -int checkpriv(BBS_user_priv *p_priv, int sid, int priv) -{ - return (((getpriv(p_priv, sid) & priv)) ^ priv ? 0 : 1); -} - int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid) { MYSQL_RES *rs; MYSQL_ROW row; - char sql[1024]; - int i; + char sql[SQL_BUFFER_LEN]; p_priv->uid = uid; p_priv->level = (uid == 0 ? P_GUEST : P_USER); p_priv->g_priv = S_DEFAULT; + p_priv->s_count = 0; if (db == NULL) return 1; // Permission - sprintf(sql, "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified", - uid); + snprintf(sql, sizeof(sql), "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query user_list failed\n"); + log_error("Query user_list error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -103,7 +129,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get user_list data failed\n"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0); p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0); @@ -111,12 +137,12 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Admin - sprintf(sql, "SELECT major FROM admin_config WHERE UID = %ld " - "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)", - uid); + snprintf(sql, sizeof(sql), "SELECT major FROM admin_config WHERE UID = %ld " + "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query admin_config failed\n"); + log_error("Query admin_config error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -124,22 +150,22 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get admin_config data failed\n"); return -1; } - if (row = mysql_fetch_row(rs)) + if ((row = mysql_fetch_row(rs))) { - p_priv->level |= (atoi(row[1]) ? P_ADMIN_M : P_ADMIN_S); - p_priv->g_priv |= (atoi(row[1]) ? S_ALL : S_ADMIN); + p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S); + p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN); } mysql_free_result(rs); // Section Master - sprintf(sql, "SELECT section_master.SID, major FROM section_master " - "INNER JOIN section_config ON section_master.SID = section_config.SID " - "WHERE UID = %ld AND section_master.enable AND section_config.enable " - "AND (NOW() BETWEEN begin_dt AND end_dt)", - uid); + snprintf(sql, sizeof(sql), "SELECT section_master.SID, major FROM section_master " + "INNER JOIN section_config ON section_master.SID = section_config.SID " + "WHERE UID = %ld AND section_master.enable AND section_config.enable " + "AND (NOW() BETWEEN begin_dt AND end_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query section_master failed\n"); + log_error("Query section_master error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -147,7 +173,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get section_master data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { p_priv->level |= (atoi(row[1]) ? P_MAN_M : P_MAN_S); setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) | (atoi(row[1]) ? S_MAN_M : S_MAN_S)); @@ -155,13 +181,13 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Section status - sprintf(sql, "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " - "INNER JOIN section_class ON section_config.CID = section_class.CID " - "WHERE section_config.enable AND section_class.enable " - "ORDER BY SID"); + snprintf(sql, sizeof(sql), "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " + "INNER JOIN section_class ON section_config.CID = section_class.CID " + "WHERE section_config.enable AND section_class.enable " + "ORDER BY SID"); if (mysql_query(db, sql) != 0) { - log_error("Query section_config failed\n"); + log_error("Query section_config error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -169,7 +195,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get section_config data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { int priv = getpriv(p_priv, atoi(row[0])); if (p_priv->level < atoi(row[2])) @@ -189,12 +215,12 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Section ban - sprintf(sql, "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable " - "AND (NOW() BETWEEN ban_dt AND unban_dt)", - uid); + snprintf(sql, sizeof(sql), "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable " + "AND (NOW() BETWEEN ban_dt AND unban_dt)", + uid); if (mysql_query(db, sql) != 0) { - log_error("Query ban_user_list failed\n"); + log_error("Query ban_user_list error: %s\n", mysql_error(db)); return -1; } if ((rs = mysql_store_result(db)) == NULL) @@ -202,7 +228,7 @@ int load_priv(MYSQL *db, BBS_user_priv * log_error("Get ban_user_list data failed\n"); return -1; } - while (row = mysql_fetch_row(rs)) + while ((row = mysql_fetch_row(rs))) { setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) & (~S_POST));