lbbs/src/user_priv.c

/***************************************************************************
                          user_priv.c  -  description
                             -------------------
    begin                : Mon Oct 22 2004
    copyright            : (C) 2004 by Leaflet
    email                : leaflet@leafok.com
 ***************************************************************************/

/***************************************************************************
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 ***************************************************************************/

#include "bbs.h"
#include "common.h"
#include <mysql.h>

int
checklevel (BBS_user_priv * p_priv, int level)
{
  return (((p_priv->level & level)) ^ level ? 0 : 1);
}

int
setpriv (BBS_user_priv * p_priv, int sid, int priv)
{
  int i;
  if (sid > 0)
    {
      for (i = 0; i < p_priv->s_count; i++)
        {
          if (p_priv->s_priv_list[i].sid == sid)
            {
              p_priv->s_priv_list[i].s_priv = priv;
              return 0;
            }
        }
      if (i < BBS_max_section)
        {
          p_priv->s_priv_list[i].s_priv = priv;
        }
      else
        {
          return -1;
        }
    }
  else
    {
      p_priv->g_priv = priv;
    }

  return 0;
}

int
getpriv (BBS_user_priv * p_priv, int sid)
{
  int i;
  for (i = 0; i < p_priv->s_count; i++)
    {
      if (p_priv->s_priv_list[i].sid == sid)
        return p_priv->s_priv_list[i].s_priv;
    }

  return (sid>=0 ? p_priv->g_priv : S_NONE);
}

int
checkpriv (BBS_user_priv * p_priv, int sid, int priv)
{
  return (((getpriv (p_priv, sid) & priv)) ^ priv ? 0 : 1);
}


int
load_priv (MYSQL * db, BBS_user_priv * p_priv, long int uid,
           long int auth_uid, int priv_excluse)
{
  MYSQL_RES *rs;
  MYSQL_ROW row;
  char sql[1024];
  int i;

  p_priv->uid = uid;
  p_priv->auid = auth_uid;
  p_priv->level = (uid == 0 ? P_GUEST : P_USER);
  p_priv->level |= (auth_uid == 0 ? P_GUEST : P_AUTH_USER);
  p_priv->g_priv = S_DEFAULT;

  if (db == NULL)
    return 1;

  //Admin
  sprintf (sql, "select aid,major from admin_config where UID=%ld"
           " and enable and (now() between begin_dt and end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query admin_config failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get admin_config data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    {
      p_priv->level |= (atoi (row[1]) ? P_ADMIN_M : P_ADMIN_S);
      p_priv->g_priv |= (atoi (row[1]) ? S_ALL : S_ADMIN);
    }
  mysql_free_result (rs);

  //Permission
  sprintf (sql, "select p_post,p_msg,p_mail "
           "from user_list where UID=%ld", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get user_list data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    {
      p_priv->g_priv |= (atoi (row[0]) ? S_POST : 0);
      p_priv->g_priv |= (atoi (row[1]) ? S_MSG : 0);
      p_priv->g_priv |= (atoi (row[2]) ? S_MAIL : 0);
    }
  mysql_free_result (rs);

  //Verified
  sprintf (sql, "select verified from user_list where" " UID=%ld", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get user_list data failed\n");
      return -1;
    }
  if (row = mysql_fetch_row (rs))
    p_priv->g_priv &= (atoi (row[0]) ? p_priv->g_priv : S_DEFAULT);
  mysql_free_result (rs);

  //IP ban
  sprintf (sql, "select begin_ip,end_ip from ban_ip_list"
           " where ('%s' between begin_ip and end_ip) and enable",
           hostaddr_client);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query ban_ip_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get ban_ip_list data failed\n");
      return -1;
    }
  if (mysql_num_rows (rs) > 0)
    p_priv->g_priv &= S_DEFAULT;
  mysql_free_result (rs);

  //Section Class Master
  sprintf (sql, "select SID from section_class_master"
           " left join section_config on section_class_master.CID"
           "=section_config.CID where UID=%ld and section_class_master.enable"
           " and (now() between begin_dt and end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_class_master failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_class_master data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      p_priv->level |= P_MAN_C;
      setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
               | S_MAN_M);
    }
  mysql_free_result (rs);

  //Section Master
  sprintf (sql, "select SID,major from section_master where"
           " UID=%ld and enable and (now() between begin_dt and"
           " end_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_master failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_master data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      p_priv->level |= (atoi (row[1]) ? P_MAN_M : P_MAN_S);
      setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
               | (atoi (row[1]) ? S_MAN_M : S_MAN_S));
    }
  mysql_free_result (rs);

  //Section status
  sprintf (sql, "select SID,exp_get,read_user_level,"
           "write_user_level from section_config"
           " left join section_class on section_config.CID="
           "section_class.CID where section_config.enable and"
           " section_class.enable order by SID");
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_config failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_config data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      if (p_priv->level < atoi (row[2]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_LIST));
      if (p_priv->level < atoi (row[3]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_POST));
      if (!atoi (row[1]))
        setpriv (p_priv, atoi (row[0]),
                 getpriv (p_priv, atoi (row[0])) & (~S_GETEXP));
    }
  mysql_free_result (rs);

  //Section User priv
  sprintf (sql, "select SID,`read`,`write` from section_user_priv"
           " where UID=%ld order by SID", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query section_user_priv failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get section_user_priv data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      setpriv (p_priv, atoi (row[0]),
               atoi (row[1]) ? (getpriv (p_priv, atoi (row[0])) | S_LIST)
               : (getpriv (p_priv, atoi (row[0])) & ~S_LIST));
      setpriv (p_priv, atoi (row[0]),
               atoi (row[2]) ? (getpriv (p_priv, atoi (row[0])) | S_POST)
               : (getpriv (p_priv, atoi (row[0])) & ~S_POST));
    }
  mysql_free_result (rs);

  //Section ban
  sprintf (sql, "select SID from ban_user_list where"
           " UID=%ld and enable and unban_UID=0 and"
           " (now() between ban_dt and unban_dt)", uid);
  if (mysql_query (db, sql) != 0)
    {
      log_error ("Query ban_user_list failed\n");
      return -1;
    }
  if ((rs = mysql_store_result (db)) == NULL)
    {
      log_error ("Get ban_user_list data failed\n");
      return -1;
    }
  while (row = mysql_fetch_row (rs))
    {
      setpriv (p_priv, atoi (row[0]),
               getpriv (p_priv, atoi (row[0])) & (~S_POST));
    }
  mysql_free_result (rs);

  //Priv exclusion
  p_priv->g_priv &= (~priv_excluse);
  for (i = 0; i < p_priv->s_count; i++)
    p_priv->s_priv_list[i].s_priv &= (~priv_excluse);

  if (priv_excluse & S_MAN_M)
    p_priv->level &= (P_AUTH_USER | P_USER);

  return 0;
}
1	/***************************************************************************
2	user_priv.c - description
3	-------------------
4	begin : Mon Oct 22 2004
5	copyright : (C) 2004 by Leaflet
6	email : leaflet@leafok.com
7	***************************************************************************/
8
9	/***************************************************************************
10	* *
11	* This program is free software; you can redistribute it and/or modify *
12	* it under the terms of the GNU General Public License as published by *
13	* the Free Software Foundation; either version 2 of the License, or *
14	* (at your option) any later version. *
15	* *
16	***************************************************************************/
17
18	#include "bbs.h"
19	#include "common.h"
20	#include <mysql.h>
21
22	int
23	checklevel (BBS_user_priv * p_priv, int level)
24	{
25	return (((p_priv->level & level)) ^ level ? 0 : 1);
26	}
27
28	int
29	setpriv (BBS_user_priv * p_priv, int sid, int priv)
30	{
31	int i;
32	if (sid > 0)
33	{
34	for (i = 0; i < p_priv->s_count; i++)
35	{
36	if (p_priv->s_priv_list[i].sid == sid)
37	{
38	p_priv->s_priv_list[i].s_priv = priv;
39	return 0;
40	}
41	}
42	if (i < BBS_max_section)
43	{
44	p_priv->s_priv_list[i].s_priv = priv;
45	}
46	else
47	{
48	return -1;
49	}
50	}
51	else
52	{
53	p_priv->g_priv = priv;
54	}
55
56	return 0;
57	}
58
59	int
60	getpriv (BBS_user_priv * p_priv, int sid)
61	{
62	int i;
63	for (i = 0; i < p_priv->s_count; i++)
64	{
65	if (p_priv->s_priv_list[i].sid == sid)
66	return p_priv->s_priv_list[i].s_priv;
67	}
68
69	return (sid>=0 ? p_priv->g_priv : S_NONE);
70	}
71
72	int
73	checkpriv (BBS_user_priv * p_priv, int sid, int priv)
74	{
75	return (((getpriv (p_priv, sid) & priv)) ^ priv ? 0 : 1);
76	}
77
78
79	int
80	load_priv (MYSQL * db, BBS_user_priv * p_priv, long int uid,
81	long int auth_uid, int priv_excluse)
82	{
83	MYSQL_RES *rs;
84	MYSQL_ROW row;
85	char sql[1024];
86	int i;
87
88	p_priv->uid = uid;
89	p_priv->auid = auth_uid;
90	p_priv->level = (uid == 0 ? P_GUEST : P_USER);
91	p_priv->level \|= (auth_uid == 0 ? P_GUEST : P_AUTH_USER);
92	p_priv->g_priv = S_DEFAULT;
93
94	if (db == NULL)
95	return 1;
96
97	//Admin
98	sprintf (sql, "select aid,major from admin_config where UID=%ld"
99	" and enable and (now() between begin_dt and end_dt)", uid);
100	if (mysql_query (db, sql) != 0)
101	{
102	log_error ("Query admin_config failed\n");
103	return -1;
104	}
105	if ((rs = mysql_store_result (db)) == NULL)
106	{
107	log_error ("Get admin_config data failed\n");
108	return -1;
109	}
110	if (row = mysql_fetch_row (rs))
111	{
112	p_priv->level \|= (atoi (row[1]) ? P_ADMIN_M : P_ADMIN_S);
113	p_priv->g_priv \|= (atoi (row[1]) ? S_ALL : S_ADMIN);
114	}
115	mysql_free_result (rs);
116
117	//Permission
118	sprintf (sql, "select p_post,p_msg,p_mail "
119	"from user_list where UID=%ld", uid);
120	if (mysql_query (db, sql) != 0)
121	{
122	log_error ("Query user_list failed\n");
123	return -1;
124	}
125	if ((rs = mysql_store_result (db)) == NULL)
126	{
127	log_error ("Get user_list data failed\n");
128	return -1;
129	}
130	if (row = mysql_fetch_row (rs))
131	{
132	p_priv->g_priv \|= (atoi (row[0]) ? S_POST : 0);
133	p_priv->g_priv \|= (atoi (row[1]) ? S_MSG : 0);
134	p_priv->g_priv \|= (atoi (row[2]) ? S_MAIL : 0);
135	}
136	mysql_free_result (rs);
137
138	//Verified
139	sprintf (sql, "select verified from user_list where" " UID=%ld", uid);
140	if (mysql_query (db, sql) != 0)
141	{
142	log_error ("Query user_list failed\n");
143	return -1;
144	}
145	if ((rs = mysql_store_result (db)) == NULL)
146	{
147	log_error ("Get user_list data failed\n");
148	return -1;
149	}
150	if (row = mysql_fetch_row (rs))
151	p_priv->g_priv &= (atoi (row[0]) ? p_priv->g_priv : S_DEFAULT);
152	mysql_free_result (rs);
153
154	//IP ban
155	sprintf (sql, "select begin_ip,end_ip from ban_ip_list"
156	" where ('%s' between begin_ip and end_ip) and enable",
157	hostaddr_client);
158	if (mysql_query (db, sql) != 0)
159	{
160	log_error ("Query ban_ip_list failed\n");
161	return -1;
162	}
163	if ((rs = mysql_store_result (db)) == NULL)
164	{
165	log_error ("Get ban_ip_list data failed\n");
166	return -1;
167	}
168	if (mysql_num_rows (rs) > 0)
169	p_priv->g_priv &= S_DEFAULT;
170	mysql_free_result (rs);
171
172	//Section Class Master
173	sprintf (sql, "select SID from section_class_master"
174	" left join section_config on section_class_master.CID"
175	"=section_config.CID where UID=%ld and section_class_master.enable"
176	" and (now() between begin_dt and end_dt)", uid);
177	if (mysql_query (db, sql) != 0)
178	{
179	log_error ("Query section_class_master failed\n");
180	return -1;
181	}
182	if ((rs = mysql_store_result (db)) == NULL)
183	{
184	log_error ("Get section_class_master data failed\n");
185	return -1;
186	}
187	while (row = mysql_fetch_row (rs))
188	{
189	p_priv->level \|= P_MAN_C;
190	setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
191	\| S_MAN_M);
192	}
193	mysql_free_result (rs);
194
195	//Section Master
196	sprintf (sql, "select SID,major from section_master where"
197	" UID=%ld and enable and (now() between begin_dt and"
198	" end_dt)", uid);
199	if (mysql_query (db, sql) != 0)
200	{
201	log_error ("Query section_master failed\n");
202	return -1;
203	}
204	if ((rs = mysql_store_result (db)) == NULL)
205	{
206	log_error ("Get section_master data failed\n");
207	return -1;
208	}
209	while (row = mysql_fetch_row (rs))
210	{
211	p_priv->level \|= (atoi (row[1]) ? P_MAN_M : P_MAN_S);
212	setpriv (p_priv, atoi (row[0]), getpriv (p_priv, atoi (row[0]))
213	\| (atoi (row[1]) ? S_MAN_M : S_MAN_S));
214	}
215	mysql_free_result (rs);
216
217	//Section status
218	sprintf (sql, "select SID,exp_get,read_user_level,"
219	"write_user_level from section_config"
220	" left join section_class on section_config.CID="
221	"section_class.CID where section_config.enable and"
222	" section_class.enable order by SID");
223	if (mysql_query (db, sql) != 0)
224	{
225	log_error ("Query section_config failed\n");
226	return -1;
227	}
228	if ((rs = mysql_store_result (db)) == NULL)
229	{
230	log_error ("Get section_config data failed\n");
231	return -1;
232	}
233	while (row = mysql_fetch_row (rs))
234	{
235	if (p_priv->level < atoi (row[2]))
236	setpriv (p_priv, atoi (row[0]),
237	getpriv (p_priv, atoi (row[0])) & (~S_LIST));
238	if (p_priv->level < atoi (row[3]))
239	setpriv (p_priv, atoi (row[0]),
240	getpriv (p_priv, atoi (row[0])) & (~S_POST));
241	if (!atoi (row[1]))
242	setpriv (p_priv, atoi (row[0]),
243	getpriv (p_priv, atoi (row[0])) & (~S_GETEXP));
244	}
245	mysql_free_result (rs);
246
247	//Section User priv
248	sprintf (sql, "select SID,`read`,`write` from section_user_priv"
249	" where UID=%ld order by SID", uid);
250	if (mysql_query (db, sql) != 0)
251	{
252	log_error ("Query section_user_priv failed\n");
253	return -1;
254	}
255	if ((rs = mysql_store_result (db)) == NULL)
256	{
257	log_error ("Get section_user_priv data failed\n");
258	return -1;
259	}
260	while (row = mysql_fetch_row (rs))
261	{
262	setpriv (p_priv, atoi (row[0]),
263	atoi (row[1]) ? (getpriv (p_priv, atoi (row[0])) \| S_LIST)
264	: (getpriv (p_priv, atoi (row[0])) & ~S_LIST));
265	setpriv (p_priv, atoi (row[0]),
266	atoi (row[2]) ? (getpriv (p_priv, atoi (row[0])) \| S_POST)
267	: (getpriv (p_priv, atoi (row[0])) & ~S_POST));
268	}
269	mysql_free_result (rs);
270
271	//Section ban
272	sprintf (sql, "select SID from ban_user_list where"
273	" UID=%ld and enable and unban_UID=0 and"
274	" (now() between ban_dt and unban_dt)", uid);
275	if (mysql_query (db, sql) != 0)
276	{
277	log_error ("Query ban_user_list failed\n");
278	return -1;
279	}
280	if ((rs = mysql_store_result (db)) == NULL)
281	{
282	log_error ("Get ban_user_list data failed\n");
283	return -1;
284	}
285	while (row = mysql_fetch_row (rs))
286	{
287	setpriv (p_priv, atoi (row[0]),
288	getpriv (p_priv, atoi (row[0])) & (~S_POST));
289	}
290	mysql_free_result (rs);
291
292	//Priv exclusion
293	p_priv->g_priv &= (~priv_excluse);
294	for (i = 0; i < p_priv->s_count; i++)
295	p_priv->s_priv_list[i].s_priv &= (~priv_excluse);
296
297	if (priv_excluse & S_MAN_M)
298	p_priv->level &= (P_AUTH_USER \| P_USER);
299
300	return 0;
301	}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1