--- lbbs/src/user_priv.c 2025/04/28 03:31:00 1.5 +++ lbbs/src/user_priv.c 2025/05/02 02:19:18 1.9 @@ -15,13 +15,23 @@ * * ***************************************************************************/ +#include "user_priv.h" #include "bbs.h" #include "common.h" +#include "log.h" +#include #include +BBS_user_priv BBS_priv; + int checklevel(BBS_user_priv *p_priv, int level) { - return (((p_priv->level & level)) ^ level ? 0 : 1); + if (level == P_GUEST) + { + return 1; + } + + return ((p_priv->level & level) ? 1 : 0); } int setpriv(BBS_user_priv *p_priv, int sid, int priv) @@ -68,11 +78,10 @@ int getpriv(BBS_user_priv *p_priv, int s int checkpriv(BBS_user_priv *p_priv, int sid, int priv) { - return (((getpriv(p_priv, sid) & priv)) ^ priv ? 0 : 1); + return (((getpriv(p_priv, sid) & priv)) == priv ? 1 : 0); } -int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid, - long int auth_uid, int priv_excluse) +int load_priv(MYSQL *db, BBS_user_priv *p_priv, long int uid) { MYSQL_RES *rs; MYSQL_ROW row; @@ -80,38 +89,14 @@ int load_priv(MYSQL *db, BBS_user_priv * int i; p_priv->uid = uid; - p_priv->auid = auth_uid; p_priv->level = (uid == 0 ? P_GUEST : P_USER); - p_priv->level |= (auth_uid == 0 ? P_GUEST : P_AUTH_USER); p_priv->g_priv = S_DEFAULT; if (db == NULL) return 1; - // Admin - sprintf(sql, "select aid,major from admin_config where UID=%ld" - " and enable and (now() between begin_dt and end_dt)", - uid); - if (mysql_query(db, sql) != 0) - { - log_error("Query admin_config failed\n"); - return -1; - } - if ((rs = mysql_store_result(db)) == NULL) - { - log_error("Get admin_config data failed\n"); - return -1; - } - if (row = mysql_fetch_row(rs)) - { - p_priv->level |= (atoi(row[1]) ? P_ADMIN_M : P_ADMIN_S); - p_priv->g_priv |= (atoi(row[1]) ? S_ALL : S_ADMIN); - } - mysql_free_result(rs); - // Permission - sprintf(sql, "select p_post,p_msg,p_mail " - "from user_list where UID=%ld", + sprintf(sql, "SELECT p_post, p_msg FROM user_list WHERE UID = %ld AND verified", uid); if (mysql_query(db, sql) != 0) { @@ -127,73 +112,35 @@ int load_priv(MYSQL *db, BBS_user_priv * { p_priv->g_priv |= (atoi(row[0]) ? S_POST : 0); p_priv->g_priv |= (atoi(row[1]) ? S_MSG : 0); - p_priv->g_priv |= (atoi(row[2]) ? S_MAIL : 0); } mysql_free_result(rs); - // Verified - sprintf(sql, "select verified from user_list where" - " UID=%ld", + // Admin + sprintf(sql, "SELECT major FROM admin_config WHERE UID = %ld " + "AND enable AND (NOW() BETWEEN begin_dt AND end_dt)", uid); if (mysql_query(db, sql) != 0) { - log_error("Query user_list failed\n"); + log_error("Query admin_config failed\n"); return -1; } if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get user_list data failed\n"); + log_error("Get admin_config data failed\n"); return -1; } if (row = mysql_fetch_row(rs)) - p_priv->g_priv &= (atoi(row[0]) ? p_priv->g_priv : S_DEFAULT); - mysql_free_result(rs); - - // IP ban - sprintf(sql, "select begin_ip,end_ip from ban_ip_list" - " where ('%s' between begin_ip and end_ip) and enable", - hostaddr_client); - if (mysql_query(db, sql) != 0) - { - log_error("Query ban_ip_list failed\n"); - return -1; - } - if ((rs = mysql_store_result(db)) == NULL) - { - log_error("Get ban_ip_list data failed\n"); - return -1; - } - if (mysql_num_rows(rs) > 0) - p_priv->g_priv &= S_DEFAULT; - mysql_free_result(rs); - - // Section Class Master - sprintf(sql, "select SID from section_class_master" - " left join section_config on section_class_master.CID" - "=section_config.CID where UID=%ld and section_class_master.enable" - " and (now() between begin_dt and end_dt)", - uid); - if (mysql_query(db, sql) != 0) - { - log_error("Query section_class_master failed\n"); - return -1; - } - if ((rs = mysql_store_result(db)) == NULL) { - log_error("Get section_class_master data failed\n"); - return -1; - } - while (row = mysql_fetch_row(rs)) - { - p_priv->level |= P_MAN_C; - setpriv(p_priv, atoi(row[0]), getpriv(p_priv, atoi(row[0])) | S_MAN_M); + p_priv->level |= (atoi(row[0]) ? P_ADMIN_M : P_ADMIN_S); + p_priv->g_priv |= (atoi(row[0]) ? S_ALL : S_ADMIN); } mysql_free_result(rs); // Section Master - sprintf(sql, "select SID,major from section_master where" - " UID=%ld and enable and (now() between begin_dt and" - " end_dt)", + sprintf(sql, "SELECT section_master.SID, major FROM section_master " + "INNER JOIN section_config ON section_master.SID = section_config.SID " + "WHERE UID = %ld AND section_master.enable AND section_config.enable " + "AND (NOW() BETWEEN begin_dt AND end_dt)", uid); if (mysql_query(db, sql) != 0) { @@ -213,11 +160,10 @@ int load_priv(MYSQL *db, BBS_user_priv * mysql_free_result(rs); // Section status - sprintf(sql, "select SID,exp_get,read_user_level," - "write_user_level from section_config" - " left join section_class on section_config.CID=" - "section_class.CID where section_config.enable and" - " section_class.enable order by SID"); + sprintf(sql, "SELECT SID, exp_get, read_user_level, write_user_level FROM section_config " + "INNER JOIN section_class ON section_config.CID = section_class.CID " + "WHERE section_config.enable AND section_class.enable " + "ORDER BY SID"); if (mysql_query(db, sql) != 0) { log_error("Query section_config failed\n"); @@ -230,47 +176,26 @@ int load_priv(MYSQL *db, BBS_user_priv * } while (row = mysql_fetch_row(rs)) { + int priv = getpriv(p_priv, atoi(row[0])); if (p_priv->level < atoi(row[2])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_LIST)); + { + priv &= (~S_LIST); + } if (p_priv->level < atoi(row[3])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_POST)); + { + priv &= (~S_POST); + } if (!atoi(row[1])) - setpriv(p_priv, atoi(row[0]), - getpriv(p_priv, atoi(row[0])) & (~S_GETEXP)); - } - mysql_free_result(rs); - - // Section User priv - sprintf(sql, "select SID,`read`,`write` from section_user_priv" - " where UID=%ld order by SID", - uid); - if (mysql_query(db, sql) != 0) - { - log_error("Query section_user_priv failed\n"); - return -1; - } - if ((rs = mysql_store_result(db)) == NULL) - { - log_error("Get section_user_priv data failed\n"); - return -1; - } - while (row = mysql_fetch_row(rs)) - { - setpriv(p_priv, atoi(row[0]), - atoi(row[1]) ? (getpriv(p_priv, atoi(row[0])) | S_LIST) - : (getpriv(p_priv, atoi(row[0])) & ~S_LIST)); - setpriv(p_priv, atoi(row[0]), - atoi(row[2]) ? (getpriv(p_priv, atoi(row[0])) | S_POST) - : (getpriv(p_priv, atoi(row[0])) & ~S_POST)); + { + priv &= (~S_GETEXP); + } + setpriv(p_priv, atoi(row[0]), priv); } mysql_free_result(rs); // Section ban - sprintf(sql, "select SID from ban_user_list where" - " UID=%ld and enable and unban_UID=0 and" - " (now() between ban_dt and unban_dt)", + sprintf(sql, "SELECT SID FROM ban_user_list WHERE UID = %ld AND enable " + "AND (NOW() BETWEEN ban_dt AND unban_dt)", uid); if (mysql_query(db, sql) != 0) { @@ -289,13 +214,5 @@ int load_priv(MYSQL *db, BBS_user_priv * } mysql_free_result(rs); - // Priv exclusion - p_priv->g_priv &= (~priv_excluse); - for (i = 0; i < p_priv->s_count; i++) - p_priv->s_priv_list[i].s_priv &= (~priv_excluse); - - if (priv_excluse & S_MAN_M) - p_priv->level &= (P_AUTH_USER | P_USER); - return 0; }