Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1141 Commits
2 Branches
Tree: 572dce17e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '572dce17e9'
${ noResults }
Gazelle/classes/security.class.php

security.class.php 3.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. <?php

  2. declare(strict_types = 1);

  3. 

  4. /**

  5.  * Security

  6.  *

  7.  * Designed to hold common authentication functions from various sources:

  8.  *  - classes/script_start.php

  9.  *  - "Quick SQL injection check"

  10.  */

  11. 

  12. class Security

  13. {

  14.     /**

  15.      * Check integer

  16.      *

  17.      * Makes sure a number ID is valid,

  18.      * e.g., a page ID requested by GET.

  19.      */

  20.     public function checkInt(...$IDs)

  21.     {

  22.         foreach ($IDs as $ID) {

  23.             if (!ID || !is_int($ID) || $ID < 1) {

  24.                 return "Expected an integer > 1, got $ID in Security::checkInt.";

  25.                 #error("Expected an integer > 1, got $ID in Security::checkInt.");

  26.             }

  27.         }

  28. 

  29.         return;

  30.     }

  31. 

  32. 

  33.     /**

  34.      * Setup pitfalls

  35.      *

  36.      * A series of quick sanity checks during app init.

  37.      * Previously in classes/script_start.php.

  38.      */

  39.     public function setupPitfalls()

  40.     {

  41.         $ENV = ENV::go();

  42. 

  43.         # Bad PHP version

  44.         if (version_compare(PHP_VERSION, $ENV->PHP_MIN, '<')) {

  45.             error("Gazelle requires PHP > $ENV->PHP_MIN.");

  46.         }

  47. 

  48.         # short_open_tag

  49.         if (!ini_get('short_open_tag')) {

  50.             error('short_open_tag != On in php.ini.');

  51.         }

  52. 

  53.         # apcu

  54.         if (!extension_loaded('apcu')) {

  55.             error('APCu extension php-apcu not loaded.');

  56.         }

  57. 

  58.         # mbstring

  59.         if (!extension_loaded('mbstring')) {

  60.             error('Multibyte string extension php-mbstring not loaded.');

  61.         }

  62. 

  63.         # memcache

  64.         if (!extension_loaded('memcache')) {

  65.             error('memcached extension php-memcache not loaded.');

  66.         }

  67. 

  68.         # mysqli

  69.         if (!extension_loaded('mysqli')) {

  70.             error('mysqli extension php-mysql not loaded.');

  71.         }

  72.         

  73.         # blake3

  74.         if ($ENV->FEATURE_BIOPHP && !extension_loaded('blake3')) {

  75.             error('Please install and enable the php-blake3 extension.');

  76.         }

  77. 

  78.         # Deal with dumbasses

  79.         if (isset($_REQUEST['info_hash']) || isset($_REQUEST['peer_id'])) {

  80.             error(

  81.                 'd14:failure reason40:Invalid .torrent, try downloading again.e',

  82.                 $NoHTML = true,

  83.                 $Debug = false

  84.             );

  85.         }

  86. 

  87.         return;

  88.     }

  89. 

  90. 

  91.     /**

  92.      * UserID checks

  93.      *

  94.      * @param array $Permissions Permission string

  95.      * @param int $UserID Defaults to $_GET['userid'] if none supplied.

  96.      * @return int $UserID The working $UserID.

  97.      */

  98.     public function checkUser($Permissions = [], $UserID = null)

  99.     {

  100.         /*

  101.         if (!$UserID) {

  102.             error('$UserID is required.');

  103.         }

  104.         */

  105. 

  106.         # No Gazelle args passed

  107.         if ($_GET['userid'] && empty($UserID)) {

  108.             $UserID = $_GET['userid'];

  109.         } else {

  110.             $UserID = G::$LoggedUser['ID'];

  111.         }

  112. 

  113.         # NaN

  114.         if (!is_int($UserID) && not_null($UserID)) {

  115.             error('$UserID must be an integer.');

  116.         }

  117. 

  118.         # $Permissions: string fallback as in View::show_header()

  119.         if (is_string($Permissions) && !empty($Permissions)) {

  120.             $Permissions = explode(',', $Permissions);

  121.         }

  122. 

  123.         # Check each permission and error out if necessary

  124.         foreach ($Permissions as $Permission) {

  125.             if (!check_perms($Permissions)) {

  126.                 error(403);

  127.                 break;

  128.             }

  129.         }

  130. 

  131.         # If all tests pass

  132.         return (int) $UserID;

  133.     }

  134. }