488 lines
22 KiB
PHP
488 lines
22 KiB
PHP
<?php
|
|
// Flashii Accounts UCP settings changer
|
|
|
|
// The code here is godawful, if you love your eyes don't look at it.
|
|
|
|
// Require shit
|
|
require_once __DIR__ . '/../../startup.php';
|
|
|
|
// redir thing
|
|
$redir = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/');
|
|
|
|
// ugh
|
|
if(isset($_GET['mode']) && $flashii->loggedIn()) {
|
|
switch($_GET['mode']) {
|
|
case 'profile':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!empty($_POST['birthday']) && !preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_POST['birthday'])) {
|
|
print $flashii->printMessage("<h1>Format your birthdate properly. (YYYY-MM-DD)</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$id = $_SESSION['uid'];
|
|
|
|
$website = $flashii->cleanString($_POST['website']);
|
|
$skype = $flashii->cleanString($_POST['skype']);
|
|
$steam = $flashii->cleanString($_POST['steam']);
|
|
$youtube = $flashii->cleanString($_POST['youtube']);
|
|
$yttype = (isset($_POST['youtubetype']) && $_POST['youtubetype']) ? 1 : 0;
|
|
$twitter = $flashii->cleanString($_POST['twitter']);
|
|
$birthday = strtotime($_POST['birthday']);
|
|
$osu = $flashii->cleanString($_POST['osu']);
|
|
$psn = $flashii->cleanString($_POST['psn']);
|
|
$xboxlive = $flashii->cleanString($_POST['xboxlive']);
|
|
$origin = $flashii->cleanString($_POST['origin']);
|
|
$soundcloud = $flashii->cleanString($_POST['soundcloud']);
|
|
$github = $flashii->cleanString($_POST['github']);
|
|
|
|
// Execute queries
|
|
$database->query("UPDATE `flashii_users` SET `website` = '$website', `skype` = '$skype', `steam` = '$steam', `youtube` = '$youtube', `youtube_type` = '$yttype', `twitter` = '$twitter', `osu` = '$osu', `xboxlive` = '$xboxlive', `eaorigin` = '$origin', `playstation` = '$psn', `birthdate` = '$birthday', `soundcloud` = '$soundcloud', `github` = '$github' WHERE `id` = '$id'");
|
|
|
|
print $flashii->printMessage("<h1>Successfully changed your profile!</h1>", $redir);
|
|
break;
|
|
|
|
case 'gender':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$id = $_SESSION['uid'];
|
|
$github = $flashii->cleanString($_POST['gender']);
|
|
$database->query("UPDATE `flashii_users` SET `gender` = '$github' WHERE `id` = '$id'");
|
|
|
|
print $flashii->printMessage("<h1>Successfully underwent gender reassignment surgery!</h1>", $redir);
|
|
break;
|
|
|
|
case 'background':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
|
|
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->remoteFileExists($_POST['background'])) {
|
|
print $flashii->printMessage("<h1>The requested file does not exist.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkImage($_POST['background'])) {
|
|
print $flashii->printMessage("<h1>The requested file is not a valid image file.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkImageRes($_POST['background'], [[20, 20], [2560, 1440]])) {
|
|
print $flashii->printMessage("<h1>Backgrounds must be at least 20x20 and not bigger than 2560x1440.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->getRemoteFileSize($_POST['background']) > 10485760) {
|
|
print $flashii->printMessage("<h1>File is not allowed to be bigger than 10MB.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['background'])['mime']);
|
|
file_put_contents(FII_ASS_BG . $filename, file_get_contents($_POST['background']));
|
|
$database->query("UPDATE `flashii_users` SET `profilebg`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your Profile Background!</h1>", $redir);
|
|
break;
|
|
|
|
case 'avatar':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->remoteFileExists($_POST['avatar'])) {
|
|
print $flashii->printMessage("<h1>The requested file does not exist.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkImage($_POST['avatar'])) {
|
|
print $flashii->printMessage("<h1>The requested file is not a valid image file.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkImageRes($_POST['avatar'], [[20, 20], [500, 500]])) {
|
|
print $flashii->printMessage("<h1>Backgrounds must be at least 20x20 and not bigger than 2560x1440.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->getRemoteFileSize($_POST['avatar']) > 10485760) {
|
|
print $flashii->printMessage("<h1>File is not allowed to be bigger than 10MB.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['avatar'])['mime']);
|
|
file_put_contents(FII_ASS_AV . $filename, file_get_contents($_POST['avatar']));
|
|
$database->query("UPDATE `flashii_users` SET `avatar_url`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your Avatar!</h1>", $redir);
|
|
break;
|
|
|
|
case 'markdown':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$markdown = htmlentities($_POST['markdown'], ENT_QUOTES | ENT_IGNORE, "UTF-8");
|
|
$markdown = $database->real_escape_string($markdown);
|
|
$markdown = strip_tags($markdown);
|
|
|
|
$database->query("UPDATE `flashii_users` SET `profilemarkdown`='". $markdown ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your Profile Markdown!</h1>", $redir);
|
|
break;
|
|
|
|
case 'email':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
|
|
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkEmail(@$_POST['emailnew'], true)) {
|
|
print $flashii->printMessage("<h1>The E-mail Address given has already been taken or was invalid.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(@$_POST['emailnew'] != @$_POST['emailver']) {
|
|
print $flashii->printMessage("<h1>Addresses do not match.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$email = $flashii->cleanString(@$_POST['emailnew']);
|
|
|
|
$database->query("UPDATE `flashii_users` SET `email`='". $email ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your E-Mail Address!</h1>", $redir);
|
|
break;
|
|
|
|
case 'username':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
|
|
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
|
|
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$eligible = ((time() - $flashii->getUserdata($_SESSION['uid'])['last_namechange']) > 2592000);
|
|
|
|
if(!$eligible) {
|
|
print $flashii->printMessage("<h1>You are not eligible for a name change.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(@$_POST['usernew'] != @$_POST['userver']) {
|
|
print $flashii->printMessage("<h1>Usernames do not match.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(strlen(@$_POST['usernew']) < 3 || strlen(@$_POST['usernew']) > 20) {
|
|
print $flashii->printMessage("<h1>Username was either too long or too short.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($flashii->checkIfUserExists(@$_POST['usernew'])) {
|
|
print $flashii->printMessage("<h1>Username is taken.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', @$_POST['usernew'])) {
|
|
print $flashii->printMessage("<h1>One or more characters in your username is disallowed.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$uname = $flashii->cleanString(@$_POST['usernew']);
|
|
$cname = strtolower($flashii->cleanString($uname));
|
|
|
|
$database->query("UPDATE `flashii_users` SET `username`='". $uname ."', `username_clean`='". $cname ."', `last_namechange`='". time() ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your username!</h1>", $redir);
|
|
break;
|
|
|
|
case 'usertitle':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
|
|
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(strlen(@$_POST['usertitle']) > 64) {
|
|
print $flashii->printMessage("<h1>User title was too long.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$utitle = $flashii->cleanString(@$_POST['usertitle']);
|
|
|
|
$database->query("UPDATE `flashii_users` SET `usertitle`='". $utitle ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your user title!</h1>", $redir);
|
|
break;
|
|
|
|
case 'password':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($flashii->passHash($_POST['currentpw']) != $flashii->getUserdata($_SESSION['uid'])['password']) {
|
|
print $flashii->printMessage("<h1>Current password was incorrect.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(strlen(@$_POST['newpw']) < 5 || strlen(@$_POST['newpw']) > 128) {
|
|
print $flashii->printMessage("<h1>New password was either too long or too short.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(@$_POST['newpw'] != @$_POST['conpw']) {
|
|
print $flashii->printMessage("<h1>Passwords do not match.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$password = $flashii->passHash(@$_POST['newpw']);
|
|
|
|
$database->query("UPDATE `flashii_users` SET `password`='". $password ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Successfully changed your password!</h1>", $redir);
|
|
break;
|
|
|
|
case 'groups':
|
|
if(!isset($_POST['groupid'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$userData = $flashii->getUserdata($_SESSION['uid']);
|
|
|
|
$userGroups = unserialize($userData['groups']);
|
|
|
|
if(isset($_POST['default']) || isset($_POST['leave'])) {
|
|
if(in_array($_POST['groupid'], $userGroups)) {
|
|
|
|
if(isset($_POST['default'])) {
|
|
|
|
$database->query("UPDATE `flashii_users` SET `userrole`='". $_POST['groupid'] ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
print $flashii->printMessage("<h1>Changed your default group.</h1>", $redir);
|
|
exit;
|
|
|
|
} elseif(isset($_POST['leave'])) {
|
|
|
|
if($_POST['groupid'] == 0 || $_POST['groupid'] == 1) {
|
|
|
|
print $flashii->printMessage("<h1>This is a static group, you cannot leave this.</h1>", $redir);
|
|
exit;
|
|
|
|
}
|
|
|
|
unset($userGroups[array_search($_POST['groupid'], $userGroups)]);
|
|
|
|
$newGroups = serialize($userGroups);
|
|
|
|
$database->query("UPDATE `flashii_users` SET `groups`='". $newGroups ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
|
|
if($_POST['groupid'] == $userData['userrole'])
|
|
$database->query("UPDATE `flashii_users` SET `userrole`='1' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
|
|
print $flashii->printMessage("<h1>Successfully left the group.</h1>", $redir);
|
|
exit;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
print $flashii->printMessage("<h1>You are not authorised for this group.</h1>", $redir);
|
|
exit;
|
|
|
|
}
|
|
exit;
|
|
}
|
|
|
|
print $flashii->printMessage("<h1>Failed to do whatever you tried to do.</h1>", $redir);
|
|
break;
|
|
|
|
case 'deactivate':
|
|
if(!isset($_POST['submit'])) {
|
|
header('Location: '. $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
|
|
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 300) {
|
|
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
|
|
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if(!isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['email']) || !isset($_POST['sensitive'])) {
|
|
print $flashii->printMessage("<h1>Invalid form data.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$userData = $flashii->getUserdata($_SESSION['uid']);
|
|
|
|
if($_POST['username'] != $userData['username']) {
|
|
print $flashii->printMessage("<h1>Invalid username.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($flashii->passHash($_POST['password']) != $userData['password']) {
|
|
print $flashii->printMessage("<h1>Invalid password.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($_POST['email'] != $userData['email']) {
|
|
print $flashii->printMessage("<h1>Invalid e-mail address.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($_POST['sensitive'] != 'I am one hundred percent sure that I want to deactivate my account.') {
|
|
print $flashii->printMessage("<h1>Invalid sensitivity phrase.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
if($_SESSION['uid'] == 303) {
|
|
print $flashii->printMessage("<h1>Go away malloc.</h1>", $redir);
|
|
exit;
|
|
}
|
|
|
|
$database->query("UPDATE `flashii_users` SET `groups`='". serialize([0]) ."', `userrole`='0' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
|
|
$flashii->logout();
|
|
print $flashii->printMessage("<h1>Your account has been deactivated, sorry to see you go ;_;</h1>", $redir);
|
|
|
|
break;
|
|
|
|
default:
|
|
print $flashii->printMessage("<h1>You're not supposed to be here go away!</h1>", $redir);
|
|
}
|
|
} else {
|
|
print $flashii->printMessage("<h1>You're not supposed to be here go away!</h1>", $redir);
|
|
}
|