Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1097 Commits
2 Branches
Tree: 375989bb73
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '375989bb73'
${ noResults }
Gazelle/classes/security.class.php

security.class.php 2.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. <?php

  2. declare(strict_types = 1);

  3. 

  4. /**

  5.  * Security

  6.  *

  7.  * Designed to hold common authentication functions from various sources:

  8.  *  - classes/script_start.php

  9.  */

  10. 

  11. class Security

  12. {

  13.     /**

  14.      * Check integer

  15.      *

  16.      * Makes sure a number ID is valid,

  17.      * e.g., a page ID requested by GET.

  18.      */

  19.     public function checkInt($IDs)

  20.     {

  21.         # Temporary failsafe

  22.         # (int) 'dingus' = 0

  23.         # (int) 3.14 = 3

  24.         $IDs = (is_array($IDs) ?: [(int) $IDs]);

  25.         foreach ($IDs as $ID) {

  26.             $ID = (int) $ID;

  27. 

  28.             if (!is_int($ID) || $ID < 1) {

  29.                 error(400);

  30.             }

  31.         }

  32. 

  33.         return;

  34.     }

  35. 

  36.     /**

  37.      * Setup pitfalls

  38.      *

  39.      * A series of quick sanity checks during app init.

  40.      * Previously in classes/script_start.php.

  41.      */

  42.     public function SetupPitfalls()

  43.     {

  44.         # short_open_tag

  45.         if (!ini_get('short_open_tag')) {

  46.             error('short_open_tag != On in php.ini');

  47.         }

  48. 

  49.         # apcu

  50.         if (!extension_loaded('apcu')) {

  51.             error('APCu extension not loaded');

  52.         }

  53. 

  54.         # Deal with dumbasses

  55.         if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {

  56.             error(

  57.                 'd14:failure reason40:Invalid .torrent, try downloading again.e',

  58.                 $NoHTML = true,

  59.                 $Debug = false

  60.             );

  61.         }

  62. 

  63.         return;

  64.     }

  65. 

  66.     /**

  67.      * UserID checks

  68.      *

  69.      * @param array $Permissions Permission string

  70.      * @param int $UserID Defaults to $_GET['userid'] if none supplied.

  71.      * @return int $UserID The working $UserID.

  72.      */

  73.     public function checkUser($Permissions = [], $UserID = null)

  74.     {

  75.         /*

  76.         if (!$UserID) {

  77.             error('$UserID is required.');

  78.         }

  79.         */

  80. 

  81.         # No Gazelle args passed

  82.         if ($_GET['userid'] && empty($UserID)) {

  83.             $UserID = $_GET['userid'];

  84.         } else {

  85.             $UserID = G::$LoggedUser['ID'];

  86.         }

  87. 

  88.         # NaN

  89.         if (!is_int($UserID) && not_null($UserID)) {

  90.             error('$UserID must be an integer.');

  91.         }

  92. 

  93.         # $Permissions: string fallback as in View::show_header()

  94.         if (is_string($Permissions) && !empty($Permissions)) {

  95.             $Permissions = explode(',', $Permissions);

  96.         }

  97. 

  98.         # Check each permission and error out if necessary

  99.         foreach ($Permissions as $Permission) {

  100.             if (!check_perms($Permissions)) {

  101.                 error(403);

  102.                 break;

  103.             }

  104.         }

  105. 

  106.         # If all tests pass

  107.         return (int) $UserID;

  108.     }

  109. }