Passkey rework 🔫 (#839)

* WIP: Passkey rework 🔫

* Update tracker.php

* Update Torrent.php

* Update Torrent.php

* Update displaying_torrent.php

* Update viewforum.php

* Update Torrent.php

* Update functions.php

* Update functions.php

* Updated

* Update config.php

* Update functions.php

* Update usercp_viewprofile.tpl

* Update usercp_viewprofile.tpl

* Updated

* Updated

* Update usercp_viewprofile.tpl

* Update usercp_viewprofile.tpl

* Update displaying_torrent.php

library/ajax/gen_passkey.php

@@ -16,7 +16,9 @@ global $userdata, $lang;
 $req_uid = (int)$this->request['user_id'];
 
 if ($req_uid == $userdata['user_id'] || IS_ADMIN) {
-    if (empty($this->request['confirmed'])) {
+    $first_creation = !\TorrentPier\Legacy\Torrent::getPasskey($req_uid);
+
+    if (empty($this->request['confirmed']) && !$first_creation) {
         $this->prompt_for_confirm($lang['BT_GEN_PASSKEY_NEW']);
     }
 
@@ -26,6 +28,7 @@ if ($req_uid == $userdata['user_id'] || IS_ADMIN) {
 
     \TorrentPier\Legacy\Torrent::tracker_rm_user($req_uid);
 
+    $this->response['first_creation'] = $first_creation;
     $this->response['passkey'] = $passkey;
 } else {
     $this->ajax_die($lang['NOT_AUTHORISED']);

library/attach_mod/displaying_torrent.php

@@ -13,6 +13,21 @@ if (!defined('BB_ROOT')) {
 
 global $bb_cfg, $t_data, $poster_id, $is_auth, $dl_link_css, $dl_status_css, $lang, $images;
 
+$bt_user_id = $userdata['user_id'];
+$bt_topic_id = $t_data['topic_id'];
+
+$user_passkey = \TorrentPier\Legacy\Torrent::getPasskey($bt_user_id);
+
+if (!$user_passkey) {
+    $template->assign_block_vars('postrow.attach.tor_reged', array());
+    $template->assign_vars(array(
+        'TOR_BLOCKED' => true,
+        'TOR_BLOCKED_MSG' => $lang['PASSKEY_ALERT_INFO'],
+    ));
+
+    return;
+}
+
 $change_peers_bgr_over = true;
 $bgr_class_1 = 'row1';
 $bgr_class_2 = 'row2';
@@ -58,8 +73,6 @@ if ($bb_cfg['bt_allow_spmode_change']) {
     }
 }
 
-$bt_topic_id = $t_data['topic_id'];
-$bt_user_id = $userdata['user_id'];
 $attach_id = $attachments['_' . $post_id][$i]['attach_id'];
 $tracker_status = $attachments['_' . $post_id][$i]['tracker_status'];
 $download_count = $attachments['_' . $post_id][$i]['download_count'];
@@ -142,8 +155,7 @@ if ($tor_reged && $tor_info) {
     $tor_type = $tor_info['tor_type'];
 
     // Magnet link
-    $passkey = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = " . (int)$bt_user_id . " LIMIT 1");
-    $tor_magnet = create_magnet($tor_info['info_hash'], ($passkey['auth_key'] ?? ''));
+    $tor_magnet = create_magnet($tor_info['info_hash'], $user_passkey);
 
     // ratio limits
     $min_ratio_dl = $bb_cfg['bt_min_ratio_allow_dl_tor'];

library/config.php

@@ -372,7 +372,7 @@ $bb_cfg['last_visit_update_intrv'] = 3600; // sec
 $bb_cfg['invalid_logins'] = 5; // Количество неверных попыток ввода пароля, перед выводом проверки капчей
 $bb_cfg['new_user_reg_disabled'] = false; // Запретить регистрацию новых учетных записей
 $bb_cfg['unique_ip'] = false; // Запретить регистрацию нескольких учетных записей с одного ip
-$bb_cfg['auto_gen_passkey'] = true; // Генерировать passkey автоматически при регистрации
+$bb_cfg['auto_gen_passkey'] = false; // Генерировать passkey автоматически при регистрации
 $bb_cfg['new_user_reg_restricted'] = false; // Ограничить регистрацию новых пользователей по времени по указанному ниже интервалу
 $bb_cfg['new_user_reg_interval'] = [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23]; // Допустимые часы регистрации
 $bb_cfg['reg_email_activation'] = true; // Требовать активацию учетной записи по email

library/includes/functions.php

@@ -795,6 +795,10 @@ function generate_user_info($row, bool $group_mod = false): array
 
 function get_bt_userdata($user_id)
 {
+    if (!\TorrentPier\Legacy\Torrent::getPasskey($user_id)) {
+        return false;
+    }
+
     if (!$btu = CACHE('bb_cache')->get('btu_' . $user_id)) {
         $btu = DB()->fetch_row("
 			SELECT bt.*, SUM(tr.speed_up) AS speed_up, SUM(tr.speed_down) AS speed_down
@@ -805,14 +809,6 @@ function get_bt_userdata($user_id)
 			LIMIT 1
 		");
 
-        if (empty($btu)) {
-            if (!\TorrentPier\Legacy\Torrent::generate_passkey($user_id, true)) {
-                bb_simple_die('Could not generate passkey');
-            }
-
-            $btu = get_bt_userdata($user_id);
-        }
-
         CACHE('bb_cache')->set('btu_' . $user_id, $btu, 300);
     }
 
@@ -831,7 +827,9 @@ function show_bt_userdata($user_id)
 {
     global $lang, $template;
 
-    $btu = get_bt_userdata($user_id);
+    if (!$btu = get_bt_userdata($user_id)) {
+        return;
+    }
 
     $template->assign_vars(array(
         'SHOW_BT_USERDATA' => true,
@@ -1764,22 +1762,19 @@ function decode_text_match($txt)
  */
 function create_magnet($infohash, $auth_key): string
 {
-    global $bb_cfg, $images, $lang, $userdata;
+    global $bb_cfg, $images;
 
+    // Only for registered users
     if (IS_GUEST && $bb_cfg['bt_tor_browse_only_reg']) {
-        $passkey = false;
-    } elseif (empty($auth_key)) {
-        if (!$passkey = \TorrentPier\Legacy\Torrent::generate_passkey($userdata['user_id'], true)) {
-            bb_die($lang['PASSKEY_ERR_EMPTY']);
-        }
-        $auth_key = $passkey;
-    } else {
-        $passkey = $auth_key;
+        return false;
     }
 
-    $passkey_url = $passkey ? "?{$bb_cfg['passkey_key']}=$auth_key" : '';
+    // Hasn't passkey
+    if (!$auth_key) {
+        return false;
+    }
 
-    return '<a href="magnet:?xt=urn:btih:' . bin2hex($infohash) . '&tr=' . urlencode($bb_cfg['bt_announce_url'] . $passkey_url) . '"><img src="' . $images['icon_magnet'] . '" width="12" height="12" border="0" /></a>';
+    return '<a href="magnet:?xt=urn:btih:' . bin2hex($infohash) . '&tr=' . urlencode($bb_cfg['bt_announce_url'] . "?{$bb_cfg['passkey_key']}=$auth_key") . '"><img src="' . $images['icon_magnet'] . '" width="12" height="12" border="0" /></a>';
 }
 
 function set_die_append_msg($forum_id = null, $topic_id = null, $group_id = null)

library/includes/page_header.php

@@ -122,6 +122,7 @@ $template->assign_vars(array(
     'USER_OPTIONS_JS' => (IS_GUEST) ? '{}' : json_encode($user->opt_js, JSON_THROW_ON_ERROR),
 
     'USE_TABLESORTER' => !empty($page_cfg['use_tablesorter']),
+    'NEED_GEN_PASSKEY' => (!IS_GUEST && !\TorrentPier\Legacy\Torrent::getPasskey($userdata['user_id'])),
 
     'SITENAME' => $bb_cfg['sitename'],
     'U_INDEX' => BB_ROOT . "index.php",
@@ -189,6 +190,7 @@ $template->assign_vars(array(
     'POST_URL' => BB_ROOT . POST_URL,
     'POSTING_URL' => $bb_cfg['posting_url'],
     'PROFILE_URL' => BB_ROOT . PROFILE_URL,
+    'BONUS_URL' => BB_ROOT . BONUS_URL,
     'TOPIC_URL' => BB_ROOT . TOPIC_URL,
 
     'AJAX_HTML_DIR' => AJAX_HTML_DIR,

library/includes/ucp/bonus.php

@@ -56,7 +56,7 @@ if (isset($_POST['bonus_id'])) {
 } else {
     $template->assign_vars(array(
         'U_USER_PROFILE' => PROFILE_URL . $user_id,
-        'S_MODE_ACTION' => 'profile.php?mode=bonus',
+        'S_MODE_ACTION' => BONUS_URL,
         'PAGE_TITLE' => $lang['EXCHANGE_BONUS'],
         'MY_BONUS' => sprintf($lang['MY_BONUS'], $user_points),
     ));

library/language/source/main.php

@@ -1068,6 +1068,8 @@ $lang['BT_GEN_PASSKEY'] = 'create a new';
 $lang['BT_PASSKEY_VIEW'] = 'show';
 $lang['BT_GEN_PASSKEY_NEW'] = "Attention! After changing the new passkey, you will need to re-download all the active torrents! \n Are you sure you want to create a new passkey?";
 $lang['BT_NO_SEARCHABLE_FORUMS'] = 'No searchable forums found';
+$lang['PASSKEY_ALERT_TITLE'] = 'Creating a passkey';
+$lang['PASSKEY_ALERT_INFO'] = 'To use the tracker functionality, you need to create a passkey.';
 
 $lang['SEEDS'] = 'Seed';
 $lang['LEECHS'] = 'Leech';

src/Legacy/Torrent.php

@@ -558,14 +558,14 @@ class Torrent
     /**
      * Generate and save passkey for user
      *
-     * @param int $user_id
+     * @param int|string $user_id
      * @param bool $force_generate
      *
      * @return bool|string
      */
-    public static function generate_passkey($user_id, $force_generate = false)
+    public static function generate_passkey($user_id, bool $force_generate = false)
     {
-        global $bb_cfg, $lang, $sql;
+        global $bb_cfg, $lang;
 
         $user_id = (int)$user_id;
 
@@ -583,21 +583,17 @@ class Torrent
             }
         }
 
-        for ($i = 0; $i < 20; $i++) {
-            $passkey_val = make_rand_str(BT_AUTH_KEY_LENGTH);
-            $old_passkey = null;
+        $passkey_val = make_rand_str(BT_AUTH_KEY_LENGTH);
+        $old_passkey = self::getPasskey($user_id);
 
-            if ($row = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = $user_id LIMIT 1")) {
-                $old_passkey = $row['auth_key'];
-            }
-
-            // Insert new row
+        if (!$old_passkey) {
+            // Create first passkey
             DB()->query("INSERT IGNORE INTO " . BB_BT_USERS . " (user_id, auth_key) VALUES ($user_id, '$passkey_val')");
             if (DB()->affected_rows() == 1) {
                 return $passkey_val;
             }
-
-            // Update
+        } else {
+            // Update exists passkey
             DB()->query("UPDATE IGNORE " . BB_BT_USERS . " SET auth_key = '$passkey_val' WHERE user_id = $user_id");
             if (DB()->affected_rows() == 1) {
                 // Ocelot
@@ -607,6 +603,7 @@ class Torrent
                 return $passkey_val;
             }
         }
+
         return false;
     }
 
@@ -749,7 +746,7 @@ class Torrent
      */
     public static function getPasskey($user_id)
     {
-        if ($passkey = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = $user_id LIMIT 1")) {
+        if ($passkey = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = " . (int)$user_id . " LIMIT 1")) {
             return $passkey['auth_key'];
         }
 

styles/templates/default/page_header.tpl

@@ -456,7 +456,7 @@ $(document).ready(function() {
 					<tr><td>{L_UPLOADED}</td><td class="seedmed"><b>{UP_TOTAL}</b></td></tr>
 					<tr><td>{L_RELEASED}</td><td class="seedmed">{RELEASED}</td></tr>
 					<tr><td>{L_BONUS}</td><td class="seedmed">{UP_BONUS}</td></tr>
-					<!-- IF $bb_cfg['seed_bonus_enabled'] --><tr><td>{L_SEED_BONUS}</td><td><a href="profile.php?mode=bonus"><span class="points bold">{POINTS}</span></a></td></tr><!-- ENDIF -->
+					<!-- IF $bb_cfg['seed_bonus_enabled'] --><tr><td>{L_SEED_BONUS}</td><td><a href="{BONUS_URL}"><span class="points bold">{POINTS}</span></a></td></tr><!-- ENDIF -->
 				</table>
 			</div><!-- ENDIF -->
 			<!-- IF HTML_SIDEBAR_1 -->
@@ -470,6 +470,22 @@ $(document).ready(function() {
 <!--main_content-->
 <td id="main_content">
 	<div id="main_content_wrap">
+        <!-- IF NEED_GEN_PASSKEY -->
+        <script type="text/javascript">
+            ajax.callback.gen_passkey = function (data) {
+                if (data.first_creation) {
+                    window.location.reload();
+                }
+            };
+        </script>
+
+        <div class="alert alert-info" style="width: 95%;">
+            <h4 class="alert-heading">{L_PASSKEY_ALERT_TITLE}</h4>
+            <hr>
+            {L_PASSKEY_ALERT_INFO}
+            <a href="#" onclick="ajax.exec({ action: 'gen_passkey', user_id  : {SESSION_USER_ID} }); return false;">{L_BT_GEN_PASSKEY}</a>
+        </div>
+        <!-- ENDIF -->
 		<div id="latest_news">
 			<table cellspacing="0" cellpadding="0" width="100%">
 				<tr>

styles/templates/default/usercp_viewprofile.tpl

@@ -166,11 +166,15 @@ ajax.callback.index_data = function(data) {
 </script>
 <!-- ENDIF -->
 
-<!-- IF SHOW_PASSKEY -->
+<!-- IF SHOW_PASSKEY && not NEED_GEN_PASSKEY -->
 <script type="text/javascript">
-ajax.callback.gen_passkey = function(data){
-	$('#passkey').text(data.passkey);
-};
+    ajax.callback.gen_passkey = function (data) {
+        if (data.first_creation) {
+            window.location.reload();
+        } else if (data.passkey) {
+            $('#passkey').text(data.passkey);
+        }
+    };
 </script>
 <!-- ENDIF / SHOW_PASSKEY -->
 
@@ -385,28 +389,32 @@ ajax.callback.gen_passkey = function(data){
 			<tr id="bt_user_ratio" <!-- IF TRAF_STATS -->style="display: none;"<!-- ENDIF -->>
 				<th>{L_USER_RATIO}:</th>
 				<td>
+                    <!-- IF SHOW_BT_USERDATA -->
 					<!-- IF DOWN_TOTAL_BYTES gt MIN_DL_BYTES -->
 					<b id="u_ratio" class="gen">{USER_RATIO}</b>
 					[<a class="gen" href="#" onclick="toggle_block('ratio-expl'); return false;">?</a>]
 					<!-- ELSE -->
 					<span class="med" title="{L_IT_WILL_BE_DOWN} {MIN_DL_FOR_RATIO}"><b>{L_NONE}</b> (DL < {MIN_DL_FOR_RATIO})</span>
 					<!-- ENDIF -->
+                    <!-- ENDIF -->
 
 					<!-- IF SHOW_PASSKEY -->
-					[ {L_BT_PASSKEY}:  <span id="passkey-btn"><a class="med" href="#" onclick="$('#passkey-gen').show(); $('#passkey-btn').hide(); return false;">{L_BT_PASSKEY_VIEW}</a></span>
+					[ {L_BT_PASSKEY}: <span id="passkey-btn"><a class="med" href="#" onclick="$('#passkey-gen').show(); $('#passkey-btn').hide(); return false;">{L_BT_PASSKEY_VIEW}</a></span>
 					<span id="passkey-gen" class="med" style="display: none;">
-						<b id="passkey" class="med bold">{AUTH_KEY}</b>&nbsp;
+						<b id="passkey" class="med bold">{AUTH_KEY}</b>
 						<a href="#" onclick="ajax.exec({ action: 'gen_passkey', user_id  : {PROFILE_USER_ID} }); return false;">{L_BT_GEN_PASSKEY}</a>
 					</span> ]
 					<!-- ENDIF -->
 				</td>
 			</tr>
 
+            <!-- IF SHOW_BT_USERDATA -->
 			<tr id="ratio-expl" style="display: none;">
 				<td colspan="2" class="med tCenter">
 				( {L_UPLOADED} <b class="seedmed">{UP_TOTAL}</b> + {L_RELEASED} <b class="seedmed">{RELEASED}</b> + {L_BONUS} <b class="seedmed">{UP_BONUS}</b> ) / {L_DOWNLOADED} <b class="leechmed">{DOWN_TOTAL}</b>
 				</td>
 			</tr>
+            <!-- ENDIF -->
 
 			<!-- IF LOCATION -->
 			<tr>
@@ -448,6 +456,7 @@ ajax.callback.gen_passkey = function(data){
 				<td><b>{AGE}</b></td>
 			</tr>
 			<!-- ENDIF -->
+            <!-- IF SHOW_BT_USERDATA -->
 			<tr>
 				<td colspan="2" class="pad_4">
 					<table id="traf-stats-tbl" <!-- IF TRAF_STATS -->style="display: none;"<!-- ENDIF --> class="bCenter borderless" cellspacing="1">
@@ -487,11 +496,12 @@ ajax.callback.gen_passkey = function(data){
 							<td colspan="1">{L_MAX_SPEED}</td>
 							<td colspan="2">{L_DL_DL_SPEED}: {SPEED_DOWN}</td>
 							<td colspan="2">{L_DL_UL_SPEED}: {SPEED_UP}</td>
-							<!-- IF $bb_cfg['seed_bonus_enabled'] --><td colspan="1"><!-- IF PROFILE_USER --><a href="profile.php?mode=bonus">{L_EXCHANGE}</a><!-- ENDIF --></td><!-- ENDIF -->
+							<!-- IF $bb_cfg['seed_bonus_enabled'] --><td colspan="1"><!-- IF PROFILE_USER --><a href="{BONUS_URL}">{L_EXCHANGE}</a><!-- ENDIF --></td><!-- ENDIF -->
 						</tr>
 					</table>
 				</td>
 			</tr>
+            <!-- ENDIF -->
 		</table>
 		<!--/user_details-->
 	<!-- IF IS_AM --><span id="ip_list"></span><!-- ENDIF -->

tracker.php

@@ -692,7 +692,6 @@ if ($allowed_forums) {
 			$limit
 		";
 
-        $passkey = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = " . (int)$user_id . " LIMIT 1");
         // Build torrents table
         foreach (DB()->fetch_rowset($sql) as $tor) {
             $dl = $tor['speed_down'] ?? 0;
@@ -703,7 +702,7 @@ if ($allowed_forums) {
             $s_last = $tor['seeder_last_seen'];
             $att_id = $tor['attach_id'];
             $size = $tor['size'];
-            $tor_magnet = create_magnet($tor['info_hash'], ($passkey['auth_key'] ?? ''));
+            $tor_magnet = create_magnet($tor['info_hash'], \TorrentPier\Legacy\Torrent::getPasskey($user_id));
             $compl = $tor['complete_count'];
             $dl_sp = ($dl) ? humn_size($dl, 0, 'KB') . '/s' : '0 KB/s';
             $ul_sp = ($ul) ? humn_size($ul, 0, 'KB') . '/s' : '0 KB/s';

viewforum.php

@@ -470,7 +470,7 @@ foreach ($topic_rowset as $topic) {
     ));
 
     if (isset($topic['tor_size'])) {
-        $tor_magnet = create_magnet($topic['info_hash'], ($topic['auth_key'] ?? ''));
+        $tor_magnet = create_magnet($topic['info_hash'], ($topic['auth_key'] ?? false));
 
         $template->assign_block_vars('t.tor', array(
             'SEEDERS' => (int)$topic['seeders'],