github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-22 06:13:58 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat(view_torrent.php): Added checking auth to download

Browse source
This commit is contained in:
Roman Kelesidis 2025-07-30 19:28:37 +03:00
commit e070341675
No known key found for this signature in database
GPG key ID: D8157C4D4C4C6DB4
1 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
library/ajax/view_torrent.php
View file

@ -11,18 +11,30 @@ if (!defined('IN_AJAX')) {
die(basename(__FILE__)); die(basename(__FILE__));
} }
global $lang; global $lang, $userdata;
if (!isset($this->request['attach_id'])) { if (!isset($this->request['attach_id'])) {
$this->ajax_die($lang['EMPTY_ATTACH_ID']); $this->ajax_die($lang['EMPTY_ATTACH_ID']);
} }
$attach_id = (int)$this->request['attach_id']; $attach_id = (int)$this->request['attach_id'];
$torrent = DB()->fetch_row("SELECT attach_id, physical_filename FROM " . BB_ATTACHMENTS_DESC . " WHERE attach_id = $attach_id LIMIT 1"); $torrent = DB()->fetch_row("
SELECT
ad.attach_id, ad.physical_filename,
tor.forum_id
FROM " . BB_ATTACHMENTS_DESC . " ad
INNER JOIN " . BB_BT_TORRENTS . " tor ON (ad.attach_id = tor.attach_id)
WHERE ad.attach_id = $attach_id LIMIT 1");
if (!$torrent) { if (!$torrent) {
$this->ajax_die($lang['ERROR_BUILD']); $this->ajax_die($lang['ERROR_BUILD']);
} }
// Check rights
$is_auth = auth(AUTH_ALL, $torrent['forum_id'], $userdata);
if (!$is_auth['auth_download']) {
$this->ajax_die($lang['SORRY_AUTH_VIEW_ATTACH']);
}
$file_contents = null; $file_contents = null;
$filename = get_attachments_dir() . '/' . $torrent['physical_filename']; $filename = get_attachments_dir() . '/' . $torrent['physical_filename'];
if (!is_file($filename) || !$file_contents = file_get_contents($filename)) { if (!is_file($filename) || !$file_contents = file_get_contents($filename)) {
@ -37,7 +49,6 @@ try {
} }
$torrent = new TorrentPier\Legacy\TorrentFileList($tor); $torrent = new TorrentPier\Legacy\TorrentFileList($tor);
$tor_filelist = $torrent->get_filelist(); $tor_filelist = $torrent->get_filelist();
$this->response['html'] = $tor_filelist; $this->response['html'] = $tor_filelist;