Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1100 Commits
2 Branches
Tree: f16b4bbfe2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f16b4bbfe2'
${ noResults }
Gazelle/classes/security.class.php

security.class.php 2.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. <?php

  2. declare(strict_types = 1);

  3. 

  4. /**

  5.  * Security

  6.  *

  7.  * Designed to hold common authentication functions from various sources:

  8.  *  - classes/script_start.php

  9.  *  - "Quick SQL injection check"

  10.  */

  11. 

  12. class Security

  13. {

  14.     /**

  15.      * Check integer

  16.      *

  17.      * Makes sure a number ID is valid,

  18.      * e.g., a page ID requested by GET.

  19.      */

  20.     public function checkInt($ID)

  21.     #public function checkInt(int|array $ID) # Union types need PHP 8 - unbelievable!

  22.     {

  23.         # Cast single ID to array

  24.         if (!is_array($ID)) {

  25.             $ID = [$ID];

  26.         }

  27. 

  28.         # Check each ID supplied

  29.         foreach ($ID as $ID) {

  30.             if (!ID || !is_int($ID) || $ID < 1) {

  31.                 error(400);

  32.             }

  33.         }

  34. 

  35.         return;

  36.     }

  37. 

  38. 

  39.     /**

  40.      * Setup pitfalls

  41.      *

  42.      * A series of quick sanity checks during app init.

  43.      * Previously in classes/script_start.php.

  44.      */

  45.     public function setupPitfalls()

  46.     {

  47.         # short_open_tag

  48.         if (!ini_get('short_open_tag')) {

  49.             error('short_open_tag != On in php.ini');

  50.         }

  51. 

  52.         # apcu

  53.         if (!extension_loaded('apcu')) {

  54.             error('APCu extension not loaded');

  55.         }

  56. 

  57.         # Deal with dumbasses

  58.         if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {

  59.             error(

  60.                 'd14:failure reason40:Invalid .torrent, try downloading again.e',

  61.                 $NoHTML = true,

  62.                 $Debug = false

  63.             );

  64.         }

  65. 

  66.         return;

  67.     }

  68. 

  69. 

  70.     /**

  71.      * UserID checks

  72.      *

  73.      * @param array $Permissions Permission string

  74.      * @param int $UserID Defaults to $_GET['userid'] if none supplied.

  75.      * @return int $UserID The working $UserID.

  76.      */

  77.     public function checkUser($Permissions = [], $UserID = null)

  78.     {

  79.         /*

  80.         if (!$UserID) {

  81.             error('$UserID is required.');

  82.         }

  83.         */

  84. 

  85.         # No Gazelle args passed

  86.         if ($_GET['userid'] && empty($UserID)) {

  87.             $UserID = $_GET['userid'];

  88.         } else {

  89.             $UserID = G::$LoggedUser['ID'];

  90.         }

  91. 

  92.         # NaN

  93.         if (!is_int($UserID) && not_null($UserID)) {

  94.             error('$UserID must be an integer.');

  95.         }

  96. 

  97.         # $Permissions: string fallback as in View::show_header()

  98.         if (is_string($Permissions) && !empty($Permissions)) {

  99.             $Permissions = explode(',', $Permissions);

  100.         }

  101. 

  102.         # Check each permission and error out if necessary

  103.         foreach ($Permissions as $Permission) {

  104.             if (!check_perms($Permissions)) {

  105.                 error(403);

  106.                 break;

  107.             }

  108.         }

  109. 

  110.         # If all tests pass

  111.         return (int) $UserID;

  112.     }

  113. }