mylesmarkevich/ops-Gazelle
1
0
Fork 0
mirror of https://github.com/OPSnet/Gazelle.git synced 2026-01-16 18:04:34 -05:00
Code Issues Projects Releases Wiki Activity
Files
774737c5740459f279ec4f58f4e3282347bcd827
ops-Gazelle/gazelle.php
Spine aa76bc8da8 ensure locked accounts are redirected
2025-09-17 22:07:58 +02:00

183 lines
5.8 KiB
PHP
Raw Blame History

<?php
// phpcs:disable PSR1.Files.SideEffects.FoundWithSymbols
namespace Gazelle;
use Gazelle\Util\Crypto;
use Gazelle\Util\Time;
// 1. Initialization
require_once __DIR__ . '/lib/bootstrap.php';
global $Cache, $Debug, $Twig;
// Get the user's actual IP address if they're proxied.
if (
!empty($_SERVER['HTTP_X_FORWARDED_FOR'])
&& proxyCheck($_SERVER['REMOTE_ADDR'])
&& filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)
) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$context = new RequestContext(
$_SERVER['SCRIPT_NAME'],
$_SERVER['REMOTE_ADDR'],
$_SERVER['HTTP_USER_AGENT'] ?? '[no-useragent]',
);
if (!$context->isValid()) {
exit;
}
$module = $context->module();
if (
in_array($module, ['announce', 'scrape'])
|| (
isset($_REQUEST['info_hash'])
&& isset($_REQUEST['peer_id'])
)
) {
die("d14:failure reason40:Invalid .torrent, try downloading again.e");
}
// 2. Do we have a viewer?
Base::setRequestContext($context);
$Viewer = null;
$cookie = null;
$SessionID = null;
$banMan = new Manager\Ban();
$userMan = new Manager\User();
// Authorization header only makes sense for the ajax endpoint
if (!empty($_SERVER['HTTP_AUTHORIZATION']) && $module === 'ajax') {
if ($banMan->isBanned($context->remoteAddr())) {
header('Content-type: application/json');
json_die('failure', 'your ip address has been banned');
}
[$success, $result] = $userMan->findByAuthorization($_SERVER['HTTP_AUTHORIZATION']);
if ($success) {
$Viewer = $result;
define('AUTHED_BY_TOKEN', true);
} else {
header('Content-type: application/json');
json_die('failure', $result);
}
} elseif (isset($_COOKIE['session'])) {
$cookie = new SessionCookie($_COOKIE['session']);
$Viewer = $userMan->findByCookie($cookie);
if (!$Viewer) {
$cookie->expire();
header('Location: login.php');
exit;
}
} elseif ($module === 'torrents' && ($_REQUEST['action'] ?? '') == 'download' && isset($_REQUEST['torrent_pass'])) {
$Viewer = $userMan->findByAnnounceKey($_REQUEST['torrent_pass']);
if (is_null($Viewer) || $Viewer->isDisabled() || $Viewer->isLocked()) {
http_response_code(403);
exit;
}
} elseif (!in_array($module, ['chat', 'enable', 'index', 'login', 'recovery', 'register'])) {
if (
// Ocelot is allowed
!($module === 'tools' && ($_GET['action'] ?? '') === 'ocelot' && ($_GET['key'] ?? '') === TRACKER_SECRET)
) {
// but for everything else, we need a $Viewer
header('Location: login.php');
exit;
}
}
// 3. We have a viewer (or this is a login or registration attempt)
if ($Viewer) {
// To proxify images (or not), or e.g. not render the name of a thread
// for a user who may lack the privileges to see it in the first place.
\Text::setViewer($Viewer);
Util\Twig::setViewer($Viewer);
$Viewer->requestContext()->setViewer($Viewer);
// these endpoints do not exist
if (in_array($module, OBSOLETE_ENDPOINTS)) {
$Viewer->logoutEverywhere();
$cookie?->expire();
header('Location: login.php');
exit;
}
if ($Viewer->hasAttr('admin-error-reporting')) {
error_reporting(E_ALL);
}
if ($Viewer->permitted('site_disable_ip_history')) {
$Viewer->requestContext()->anonymize();
}
if ($Viewer->ipaddr() != $Viewer->requestContext()->remoteAddr() && !$Viewer->permitted('site_disable_ip_history')) {
if ($banMan->isBanned($Viewer->requestContext()->remoteAddr())) {
Error403::error('Your IP address has been banned.');
}
(new Manager\IPv4())->register($Viewer, $Viewer->requestContext()->remoteAddr());
}
if ($Viewer->isLocked() && !in_array($module, ['chat', 'staffpm', 'ajax', 'locked', 'logout', 'login'])) {
$Viewer->requestContext()->setModule('locked');
$module = 'locked';
}
}
$Debug->mark('load page');
if (DEBUG_TWIG) {
$Twig->addExtension(new \Twig\Extension\DebugExtension());
}
// for sections/tools/development/process_info.php
$Cache->cache_value('php_' . getmypid(), [
'start' => Time::sqlTime(),
'document' => $module,
'query' => $_SERVER['QUERY_STRING'],
'get' => $_GET,
'post' => array_diff_key(
$_POST,
array_fill_keys(['password', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'], true)
)
], 600);
register_shutdown_function(
function () {
if (preg_match(DEBUG_URI, $_SERVER['REQUEST_URI'])) {
include DEBUG_TRACE; /** @phpstan-ignore-line */
}
$error = error_get_last();
if ($error['type'] == E_ERROR) {
global $Debug;
$Debug->saveCase(str_replace(SERVER_ROOT . '/', '', $error['message']));
}
}
);
// 4. Display the page
header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
$file = realpath(__DIR__ . "/sections/{$module}/index.php");
if ($file === false) {
Error400::error();
}
try {
include_once $file;
} catch (\Error | \Exception $e) {
// if there was an ongoing transaction, abort it
if ($e::class === DB\MysqlException::class) {
DB::DB()->rollback();
}
$errorLog = $Debug->saveError($e);
Error500::error(
$Viewer?->permitted('site_debug')
? ($e->getMessage() . " ({$errorLog->link()})")
: "That is not supposed to happen. Check to see whether someone has created a thread in the the Bugs forum, or create a new thread to explain what you were doing and reference the Error ID {$errorLog->id}."
);
} finally {
$Debug->mark('send to user');
if (!is_null($Viewer)) {
$Debug->profile($Viewer, $module);
}
}
Reference in New Issue View Git Blame Copy Permalink