loggedIn()) {
switch($_GET['mode']) {
case 'profile':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!empty($_POST['birthday']) && !preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_POST['birthday'])) {
print $flashii->printMessage("Format your birthdate properly. (YYYY-MM-DD)
", $redir);
exit;
}
$id = $_SESSION['uid'];
$website = $flashii->cleanString($_POST['website']);
$skype = $flashii->cleanString($_POST['skype']);
$steam = $flashii->cleanString($_POST['steam']);
$youtube = $flashii->cleanString($_POST['youtube']);
$yttype = (isset($_POST['youtubetype']) && $_POST['youtubetype']) ? 1 : 0;
$twitter = $flashii->cleanString($_POST['twitter']);
$birthday = strtotime($_POST['birthday']);
$osu = $flashii->cleanString($_POST['osu']);
$psn = $flashii->cleanString($_POST['psn']);
$xboxlive = $flashii->cleanString($_POST['xboxlive']);
$origin = $flashii->cleanString($_POST['origin']);
$soundcloud = $flashii->cleanString($_POST['soundcloud']);
$github = $flashii->cleanString($_POST['github']);
// Execute queries
$database->query("UPDATE `flashii_users` SET `website` = '$website', `skype` = '$skype', `steam` = '$steam', `youtube` = '$youtube', `youtube_type` = '$yttype', `twitter` = '$twitter', `osu` = '$osu', `xboxlive` = '$xboxlive', `eaorigin` = '$origin', `playstation` = '$psn', `birthdate` = '$birthday', `soundcloud` = '$soundcloud', `github` = '$github' WHERE `id` = '$id'");
print $flashii->printMessage("Successfully changed your profile!
", $redir);
break;
case 'gender':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
$id = $_SESSION['uid'];
$github = $flashii->cleanString($_POST['gender']);
$database->query("UPDATE `flashii_users` SET `gender` = '$github' WHERE `id` = '$id'");
print $flashii->printMessage("Successfully underwent gender reassignment surgery!
", $redir);
break;
case 'background':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("You need to be Tenshi or Staff to use this feature.
", $redir);
exit;
}
if(!$flashii->remoteFileExists($_POST['background'])) {
print $flashii->printMessage("The requested file does not exist.
", $redir);
exit;
}
if(!$flashii->checkImage($_POST['background'])) {
print $flashii->printMessage("The requested file is not a valid image file.
", $redir);
exit;
}
if(!$flashii->checkImageRes($_POST['background'], [[20, 20], [2560, 1440]])) {
print $flashii->printMessage("Backgrounds must be at least 20x20 and not bigger than 2560x1440.
", $redir);
exit;
}
if(!$flashii->getRemoteFileSize($_POST['background']) > 10485760) {
print $flashii->printMessage("File is not allowed to be bigger than 10MB.
", $redir);
exit;
}
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['background'])['mime']);
file_put_contents(FII_ASS_BG . $filename, file_get_contents($_POST['background']));
$database->query("UPDATE `flashii_users` SET `profilebg`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your Profile Background!
", $redir);
break;
case 'avatar':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!$flashii->remoteFileExists($_POST['avatar'])) {
print $flashii->printMessage("The requested file does not exist.
", $redir);
exit;
}
if(!$flashii->checkImage($_POST['avatar'])) {
print $flashii->printMessage("The requested file is not a valid image file.
", $redir);
exit;
}
if(!$flashii->checkImageRes($_POST['avatar'], [[20, 20], [500, 500]])) {
print $flashii->printMessage("Backgrounds must be at least 20x20 and not bigger than 2560x1440.
", $redir);
exit;
}
if(!$flashii->getRemoteFileSize($_POST['avatar']) > 10485760) {
print $flashii->printMessage("File is not allowed to be bigger than 10MB.
", $redir);
exit;
}
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['avatar'])['mime']);
file_put_contents(FII_ASS_AV . $filename, file_get_contents($_POST['avatar']));
$database->query("UPDATE `flashii_users` SET `avatar_url`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your Avatar!
", $redir);
break;
case 'markdown':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
$markdown = htmlentities($_POST['markdown'], ENT_QUOTES | ENT_IGNORE, "UTF-8");
$markdown = $database->real_escape_string($markdown);
$markdown = strip_tags($markdown);
$database->query("UPDATE `flashii_users` SET `profilemarkdown`='". $markdown ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your Profile Markdown!
", $redir);
break;
case 'email':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("The reCAPTCHA wasn't entered correctly. Go back and try it again.
", $redir);
exit;
}
if(!$flashii->checkEmail(@$_POST['emailnew'], true)) {
print $flashii->printMessage("The E-mail Address given has already been taken or was invalid.
", $redir);
exit;
}
if(@$_POST['emailnew'] != @$_POST['emailver']) {
print $flashii->printMessage("Addresses do not match.
", $redir);
exit;
}
$email = $flashii->cleanString(@$_POST['emailnew']);
$database->query("UPDATE `flashii_users` SET `email`='". $email ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your E-Mail Address!
", $redir);
break;
case 'username':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("You need to be Tenshi or Staff to use this feature.
", $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("The reCAPTCHA wasn't entered correctly. Go back and try it again.
", $redir);
exit;
}
$eligible = ((time() - $flashii->getUserdata($_SESSION['uid'])['last_namechange']) > 2592000);
if(!$eligible) {
print $flashii->printMessage("You are not eligible for a name change.
", $redir);
exit;
}
if(@$_POST['usernew'] != @$_POST['userver']) {
print $flashii->printMessage("Usernames do not match.
", $redir);
exit;
}
if(strlen(@$_POST['usernew']) < 3 || strlen(@$_POST['usernew']) > 20) {
print $flashii->printMessage("Username was either too long or too short.
", $redir);
exit;
}
if($flashii->checkIfUserExists(@$_POST['usernew'])) {
print $flashii->printMessage("Username is taken.
", $redir);
exit;
}
if(preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', @$_POST['usernew'])) {
print $flashii->printMessage("One or more characters in your username is disallowed.
", $redir);
exit;
}
$uname = $flashii->cleanString(@$_POST['usernew']);
$cname = strtolower($flashii->cleanString($uname));
$database->query("UPDATE `flashii_users` SET `username`='". $uname ."', `username_clean`='". $cname ."', `last_namechange`='". time() ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your username!
", $redir);
break;
case 'usertitle':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("You need to be Tenshi or Staff to use this feature.
", $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(strlen(@$_POST['usertitle']) > 64) {
print $flashii->printMessage("User title was too long.
", $redir);
exit;
}
$utitle = $flashii->cleanString(@$_POST['usertitle']);
$database->query("UPDATE `flashii_users` SET `usertitle`='". $utitle ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your user title!
", $redir);
break;
case 'password':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if($flashii->passHash($_POST['currentpw']) != $flashii->getUserdata($_SESSION['uid'])['password']) {
print $flashii->printMessage("Current password was incorrect.
", $redir);
exit;
}
if(strlen(@$_POST['newpw']) < 5 || strlen(@$_POST['newpw']) > 128) {
print $flashii->printMessage("New password was either too long or too short.
", $redir);
exit;
}
if(@$_POST['newpw'] != @$_POST['conpw']) {
print $flashii->printMessage("Passwords do not match.
", $redir);
exit;
}
$password = $flashii->passHash(@$_POST['newpw']);
$database->query("UPDATE `flashii_users` SET `password`='". $password ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully changed your password!
", $redir);
break;
case 'groups':
if(!isset($_POST['groupid'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
$userData = $flashii->getUserdata($_SESSION['uid']);
$userGroups = unserialize($userData['groups']);
if(isset($_POST['default']) || isset($_POST['leave'])) {
if(in_array($_POST['groupid'], $userGroups)) {
if(isset($_POST['default'])) {
$database->query("UPDATE `flashii_users` SET `userrole`='". $_POST['groupid'] ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Changed your default group.
", $redir);
exit;
} elseif(isset($_POST['leave'])) {
if($_POST['groupid'] == 0 || $_POST['groupid'] == 1) {
print $flashii->printMessage("This is a static group, you cannot leave this.
", $redir);
exit;
}
unset($userGroups[array_search($_POST['groupid'], $userGroups)]);
$newGroups = serialize($userGroups);
$database->query("UPDATE `flashii_users` SET `groups`='". $newGroups ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
if($_POST['groupid'] == $userData['userrole'])
$database->query("UPDATE `flashii_users` SET `userrole`='1' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("Successfully left the group.
", $redir);
exit;
}
} else {
print $flashii->printMessage("You are not authorised for this group.
", $redir);
exit;
}
exit;
}
print $flashii->printMessage("Failed to do whatever you tried to do.
", $redir);
break;
case 'deactivate':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("Invalid session.
", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 300) {
print $flashii->printMessage("Invalid timestamp.
", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("The reCAPTCHA wasn't entered correctly. Go back and try it again.
", $redir);
exit;
}
if(!isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['email']) || !isset($_POST['sensitive'])) {
print $flashii->printMessage("Invalid form data.
", $redir);
exit;
}
$userData = $flashii->getUserdata($_SESSION['uid']);
if($_POST['username'] != $userData['username']) {
print $flashii->printMessage("Invalid username.
", $redir);
exit;
}
if($flashii->passHash($_POST['password']) != $userData['password']) {
print $flashii->printMessage("Invalid password.
", $redir);
exit;
}
if($_POST['email'] != $userData['email']) {
print $flashii->printMessage("Invalid e-mail address.
", $redir);
exit;
}
if($_POST['sensitive'] != 'I am one hundred percent sure that I want to deactivate my account.') {
print $flashii->printMessage("Invalid sensitivity phrase.
", $redir);
exit;
}
if($_SESSION['uid'] == 303) {
print $flashii->printMessage("Go away malloc.
", $redir);
exit;
}
$database->query("UPDATE `flashii_users` SET `groups`='". serialize([0]) ."', `userrole`='0' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
$flashii->logout();
print $flashii->printMessage("Your account has been deactivated, sorry to see you go ;_;
", $redir);
break;
default:
print $flashii->printMessage("You're not supposed to be here go away!
", $redir);
}
} else {
print $flashii->printMessage("You're not supposed to be here go away!
", $redir);
}