X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/a87437e2c3abc10d7a51bf046197fa739cae1e23..32d7bb7e1d8c96f93c0d24884fe038c477c4df02:/hotline/transaction_handlers.go

diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index 3ecb6bd..56f7afa 100644
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -321,14 +321,29 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
 		reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
 	}
 
-	res = append(res, *reply)
-
 	id, _ := byteToInt(ID.Data)
 	otherClient, ok := cc.Server.Clients[uint16(id)]
 	if !ok {
 		return res, errors.New("invalid client ID")
 	}
 
+	// Check if target user has "Refuse private messages" flag
+	flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
+	if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+		res = append(res,
+			*NewTransaction(
+				tranServerMsg,
+				cc.ID,
+				NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+				NewField(fieldUserName, otherClient.UserName),
+				NewField(fieldUserID, *otherClient.ID),
+				NewField(fieldOptions, []byte{0, 2}),
+			),
+		)
+	} else {
+		res = append(res, *reply)
+	}
+
 	// Respond with auto reply if other client has it enabled
 	if len(otherClient.AutoReply) > 0 {
 		res = append(res,
@@ -462,7 +477,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 				return res, err
 			}
 			if err != nil {
-				panic(err)
+				return res, err
 			}
 		}
 	}
@@ -790,6 +805,15 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er
 			newAccess := accessBitmap{}
 			copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:])
 
+			// Prevent account from creating new account with greater permission
+			for i := 0; i < 64; i++ {
+				if newAccess.IsSet(i) {
+					if !cc.Authorize(i) {
+						return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err
+					}
+				}
+			}
+
 			err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess)
 			if err != nil {
 				return []Transaction{}, err
@@ -819,6 +843,16 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 	newAccess := accessBitmap{}
 	copy(newAccess[:], t.GetField(fieldUserAccess).Data[:])
 
+	// Prevent account from creating new account with greater permission
+	for i := 0; i < 64; i++ {
+		if newAccess.IsSet(i) {
+			if !cc.Authorize(i) {
+				res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
+				return res, err
+			}
+		}
+	}
+
 	if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil {
 		return []Transaction{}, err
 	}
@@ -1000,14 +1034,14 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e
 	newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data)
 	newsPost = strings.Replace(newsPost, "\n", "\r", -1)
 
+	// update news in memory
+	cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
+
 	// update news on disk
 	if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil {
 		return res, err
 	}
 
-	// update news in memory
-	cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
-
 	// Notify all clients of updated news
 	cc.sendAll(
 		tranNewMsg,
@@ -1704,15 +1738,33 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err
 	targetID := t.GetField(fieldUserID).Data
 	newChatID := cc.Server.NewPrivateChat(cc)
 
-	res = append(res,
-		*NewTransaction(
-			tranInviteToChat,
-			&targetID,
-			NewField(fieldChatID, newChatID),
-			NewField(fieldUserName, cc.UserName),
-			NewField(fieldUserID, *cc.ID),
-		),
-	)
+	// Check if target user has "Refuse private chat" flag
+	binary.BigEndian.Uint16(targetID)
+	targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)]
+
+	flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags)))
+	if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+		res = append(res,
+			*NewTransaction(
+				tranServerMsg,
+				cc.ID,
+				NewField(fieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
+				NewField(fieldUserName, targetClient.UserName),
+				NewField(fieldUserID, *targetClient.ID),
+				NewField(fieldOptions, []byte{0, 2}),
+			),
+		)
+	} else {
+		res = append(res,
+			*NewTransaction(
+				tranInviteToChat,
+				&targetID,
+				NewField(fieldChatID, newChatID),
+				NewField(fieldUserName, cc.UserName),
+				NewField(fieldUserID, *cc.ID),
+			),
+		)
+	}
 
 	res = append(res,
 		cc.NewReply(t,