github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 13:54:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Prevent infinity user adding into group (#937)

Browse source 
* Prevent infinity user adding into group

* Update group.php
This commit is contained in:
Roman Kelesidis 2023-10-03 20:23:43 +07:00 committed by GitHub
commit 628a066f91
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
group.php
View file

@ -199,14 +199,30 @@ if (!$group_id) {
if (!empty($_POST['add']) || !empty($_POST['remove']) || !empty($_POST['approve']) || !empty($_POST['deny'])) { if (!empty($_POST['add']) || !empty($_POST['remove']) || !empty($_POST['approve']) || !empty($_POST['deny'])) {
if (!$is_moderator) { if (!$is_moderator) {
set_die_append_msg(false, false, $group_id);
bb_die($lang['NOT_GROUP_MODERATOR']); bb_die($lang['NOT_GROUP_MODERATOR']);
} }
if (!empty($_POST['add'])) { if (!empty($_POST['add'])) {
if (isset($_POST['username']) && !($row = get_userdata($_POST['username'], true))) { if (isset($_POST['username']) && !($row = get_userdata($_POST['username'], true))) {
set_die_append_msg(false, false, $group_id);
bb_die($lang['COULD_NOT_ADD_USER']); bb_die($lang['COULD_NOT_ADD_USER']);
} }
// Prevent adding moderator
if ($row['user_id'] == $group_moderator) {
set_die_append_msg(false, false, $group_id);
bb_die(sprintf($lang['USER_IS_MOD_GROUP'], profile_url($row)));
}
// Prevent infinity user adding into group
if ($is_member = DB()->fetch_row("SELECT user_id FROM " . BB_USER_GROUP . " WHERE group_id = $group_id AND user_id = " . $row['user_id'] . " LIMIT 1")) {
if ($is_member['user_id']) {
set_die_append_msg(false, false, $group_id);
bb_die(sprintf($lang['USER_IS_MEMBER_GROUP'], profile_url($row)));
}
}
\TorrentPier\Legacy\Group::add_user_into_group($group_id, $row['user_id']); \TorrentPier\Legacy\Group::add_user_into_group($group_id, $row['user_id']);
if ($bb_cfg['group_send_email']) { if ($bb_cfg['group_send_email']) {
@ -234,6 +250,7 @@ if (!$group_id) {
$sql_in[] = (int)$members_id; $sql_in[] = (int)$members_id;
} }
if (!$sql_in = implode(',', $sql_in)) { if (!$sql_in = implode(',', $sql_in)) {
set_die_append_msg(false, false, $group_id);
bb_die($lang['NONE_SELECTED']); bb_die($lang['NONE_SELECTED']);
} }

3
library/language/source/main.php
View file

@ -725,7 +725,8 @@ $lang['GROUP_REQUEST'] = 'A request to join your group has been made.';
$lang['GROUP_APPROVED'] = 'Your request has been approved.'; $lang['GROUP_APPROVED'] = 'Your request has been approved.';
$lang['GROUP_ADDED'] = 'You have been added to this usergroup.'; $lang['GROUP_ADDED'] = 'You have been added to this usergroup.';
$lang['ALREADY_MEMBER_GROUP'] = 'You are already a member of this group'; $lang['ALREADY_MEMBER_GROUP'] = 'You are already a member of this group';
$lang['USER_IS_MEMBER_GROUP'] = 'User is already a member of this group'; $lang['USER_IS_MEMBER_GROUP'] = '%s is already a member of this group';
$lang['USER_IS_MOD_GROUP'] = '%s is a moderator of this group';
$lang['GROUP_TYPE_UPDATED'] = 'Successfully updated group type.'; $lang['GROUP_TYPE_UPDATED'] = 'Successfully updated group type.';
$lang['EFFECTIVE_DATE'] = 'Effective Date'; $lang['EFFECTIVE_DATE'] = 'Effective Date';