This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/main/settings.php

407 lines
13 KiB
PHP
Raw Normal View History

2015-05-05 06:24:19 +00:00
<?php
/*
* Sakura User Settings
*/
// Declare Namespace
namespace Sakura;
2015-07-30 01:12:53 +00:00
// If this we're requesting notifications this page won't require templating
if(isset($_REQUEST['request-notifications']) && $_REQUEST['request-notifications']) {
define('SAKURA_NO_TPL', true);
}
2015-05-05 06:24:19 +00:00
// Include components
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php';
2015-05-09 00:56:55 +00:00
// Notifications
if(isset($_REQUEST['request-notifications']) && $_REQUEST['request-notifications']) {
2015-05-11 22:20:19 +00:00
// Set CORS header
header('Access-Control-Allow-Origin: *');
2015-05-09 00:56:55 +00:00
// Create the notification container array
$notifications = array();
// Check if the user is logged in
if(Users::checkLogin() && isset($_REQUEST['time']) && $_REQUEST['time'] > (time() - 1000) && isset($_REQUEST['session']) && $_REQUEST['session'] == session_id()) {
// Get the user's notifications from the past forever but exclude read notifications
$userNotifs = Users::getNotifications(null, 0, true, true);
// Add the proper values to the array
foreach($userNotifs as $notif) {
2015-05-11 22:20:19 +00:00
// Add the notification to the display array
$notifications[$notif['timestamp']] = [
'read' => $notif['notif_read'],
'title' => $notif['notif_title'],
'text' => $notif['notif_text'],
'link' => $notif['notif_link'],
'img' => $notif['notif_img'],
'timeout' => $notif['notif_timeout'],
'sound' => $notif['notif_sound']
];
2015-05-09 00:56:55 +00:00
}
}
// Set header, convert the array to json, print it and exit
print json_encode($notifications);
exit;
2015-06-19 23:44:16 +00:00
// Friends
2015-06-20 19:25:41 +00:00
} elseif(isset($_REQUEST['friend-action']) && $_REQUEST['friend-action'] && Users::checkLogin()) {
2015-06-19 23:44:16 +00:00
2015-06-20 16:06:07 +00:00
// Continue
$continue = true;
// Referrer
$redirect = isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/');
// Compare time and session so we know the link isn't forged
if(!isset($_REQUEST['add']) && !isset($_REQUEST['remove'])) {
2015-06-20 19:25:41 +00:00
if(!isset($_REQUEST['ajax'])) {
header('Location: /settings/friends');
exit;
}
2015-06-20 16:06:07 +00:00
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => $redirect,
'message' => 'One of the required operators isn\'t set.',
'success' => 0
];
// Prevent
$continue = false;
2015-06-19 23:44:16 +00:00
}
2015-06-20 16:06:07 +00:00
// Compare time and session so we know the link isn't forged
2015-06-20 19:25:41 +00:00
if($continue && $_REQUEST[(isset($_REQUEST['add']) ? 'add' : 'remove')] == Session::$userId) {
2015-06-20 16:06:07 +00:00
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => $redirect,
'message' => 'You can\'t be friends with yourself, stop trying to bend reality.',
'success' => 0
];
// Prevent
$continue = false;
2015-06-19 23:44:16 +00:00
}
2015-06-20 16:06:07 +00:00
// Compare time and session so we know the link isn't forged
if(!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => $redirect,
'message' => 'Timestamps differ too much, refresh the page and try again.',
'success' => 0
];
// Prevent
$continue = false;
2015-06-19 23:44:16 +00:00
}
2015-06-20 16:06:07 +00:00
// Match session ids for the same reason
if(!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => $redirect,
'message' => 'Invalid session, please try again.',
'success' => 0
];
// Prevent
$continue = false;
}
// Continue if nothing fucked up
if($continue) {
// Execute the action
2015-07-31 21:18:14 +00:00
$action = (isset($_REQUEST['add']) ? Users::addFriend($_REQUEST['add']) : Users::removeFriend($_REQUEST['remove'], true));
2015-06-20 16:06:07 +00:00
// Set the messages
$messages = [
'USER_NOT_EXIST' => 'The user you tried to add doesn\'t exist.',
'ALREADY_FRIENDS' => 'You are already friends with this person!',
'FRIENDS' => 'You are now mutual friends!',
'NOT_MUTUAL' => 'A friend request has been sent to this person.',
'ALREADY_REMOVED' => 'You aren\'t friends with this person.',
'REMOVED' => 'Removed this person from your friends list.'
];
// Notification strings
$notifStrings = [
'FRIENDS' => ['%s accepted your friend request!', 'You can now do mutual friend things!'],
'NOT_MUTUAL' => ['%s added you as a friend!', 'Click here to add them as well.'],
'REMOVED' => ['%s removed you from their friends.', 'You can no longer do friend things now ;_;']
];
// Add page specific things
$renderData['page'] = [
'title' => 'Managing Friends',
'redirect' => $redirect,
'message' => $messages[$action[1]],
'success' => $action[0]
];
// Create a notification
if(array_key_exists($action[1], $notifStrings)) {
// Get the current user's profile data
$user = Users::getUser(Session::$userId);
Users::createNotification(
$_REQUEST[(isset($_REQUEST['add']) ? 'add' : 'remove')],
sprintf($notifStrings[$action[1]][0], $user['username']),
$notifStrings[$action[1]][1],
60000,
'//'. Configuration::getLocalConfig('urls', 'main') .'/a/'. $user['id'],
'//'. Configuration::getLocalConfig('urls', 'main') .'/u/'. $user['id'],
'1'
);
}
2015-06-19 23:44:16 +00:00
}
2015-06-20 16:06:07 +00:00
2015-07-31 21:18:14 +00:00
if(isset($_REQUEST['direct']) && $_REQUEST['direct'] && !isset($_REQUEST['ajax'])) {
header('Location: '. $renderData['page']['redirect']);
exit;
}
2015-06-20 16:06:07 +00:00
// Print page contents or if the AJAX request is set only display the render data
print isset($_REQUEST['ajax']) ?
(
$renderData['page']['title']
. '|'
. $renderData['page']['message']
. '|'
. $renderData['page']['success']
. '|'
. $renderData['page']['redirect']
) :
Templates::render('errors/information.tpl', $renderData);
2015-06-19 23:44:16 +00:00
exit;
} elseif(isset($_POST['submit']) && isset($_POST['submit'])) {
// Continue
$continue = true;
// Check if the user is logged in
if(!Users::checkLogin() || !$continue) {
$renderData['page'] = [
'title' => 'Settings',
'redirect' => '/authenticate',
'message' => 'You must be logged in to edit your settings.',
'success' => 0
];
// Break
$continue = false;
}
// Check session variables
if(!isset($_REQUEST['timestamp']) || $_REQUEST['timestamp'] < time() - 1000 || !isset($_REQUEST['sessid']) || $_REQUEST['sessid'] != session_id() || !$continue) {
$renderData['page'] = [
'title' => 'Session expired',
'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/settings',
'message' => 'Your session has expired, please refresh the page and try again.',
'success' => 0
];
// Break
$continue = false;
}
// Change settings
if($continue) {
// Switch to the correct mode
switch($_POST['mode']) {
// Profile
case 'profile':
// Get profile fields and create storage var
$fields = Users::getProfileFields();
$store = [];
// Go over each field
foreach($fields as $field) {
// Add to the store array
if(isset($_POST['profile_'. $field['ident']]) && !empty($_POST['profile_'. $field['ident']])) {
$store[$field['ident']] = $_POST['profile_'. $field['ident']];
}
// Check if there's additional values we should keep in mind
if(isset($field['additional']) && !empty($field['additional'])) {
// Decode the json
$field['additional'] = json_decode($field['additional'], true);
// Go over each additional value
foreach($field['additional'] as $addKey => $addVal) {
// Skip if the value is empty
if(!isset($_POST['profile_additional_'. $addKey]) || empty($_POST['profile_additional_'. $addKey]))
continue;
// Add to the array
$store[$addKey] = $_POST['profile_additional_'. $addKey];
}
}
}
// Update database
Users::updateUserProfileFields(Session::$userId, $store);
// Set render data
$renderData['page'] = [
'title' => 'Profile update',
'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/settings',
'message' => 'Your profile has been updated!',
'success' => 1
];
break;
// Fallback
default:
// Set render data
$renderData['page'] = [
'title' => 'Unknown action',
'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/settings',
'message' => 'The requested method does not exist.',
'success' => 0
];
break;
}
}
// Print page contents or if the AJAX request is set only display the render data
print isset($_REQUEST['ajax']) ?
(
$renderData['page']['title']
. '|'
. $renderData['page']['message']
. '|'
. $renderData['page']['success']
. '|'
. $renderData['page']['redirect']
) :
Templates::render('errors/information.tpl', $renderData);
exit;
2015-05-09 00:56:55 +00:00
}
2015-06-20 19:25:41 +00:00
if(Users::checkLogin()) {
// Settings page list
$pages = [
2015-07-31 21:18:14 +00:00
'home' => ['General', 'Home'],
'profile' => ['General', 'Edit Profile'],
'groups' => ['General', 'Groups'],
'friends' => ['Friends', 'List'],
'friendrequests' => ['Friends', 'Requests'],
'notifications' => ['Notifications', 'History'],
'avatar' => ['Aesthetics', 'Avatar'],
'background' => ['Aesthetics', 'Background'],
'page' => ['Aesthetics', 'Profile Page'],
'email' => ['Account', 'E-mail Address'],
'username' => ['Account', 'Username'],
'usertitle' => ['Account', 'User Title'],
'password' => ['Account', 'Password'],
'ranks' => ['Account', 'Ranks'],
'sessions' => ['Danger zone', 'Sessions'],
'regkeys' => ['Danger zone', 'Registration Keys'],
'deactivate' => ['Danger zone', 'Deactivate Account'],
'notfound' => ['Settings', '404']
2015-06-20 19:25:41 +00:00
];
// Current settings page
$currentPage = isset($_GET['mode']) ? (array_key_exists($_GET['mode'], $pages) ? $_GET['mode'] : 'notfound') : 'home';
// Render data
$renderData['page'] = [
2015-07-31 21:18:14 +00:00
'title' => $pages[$currentPage][0] .' / '. $pages[$currentPage][1],
'currentPage' => isset($_GET['page']) && ($_GET['page'] - 1) >= 0 ? $_GET['page'] - 1 : 0
2015-06-20 19:25:41 +00:00
];
// Section specific
switch($currentPage) {
2015-06-27 11:03:11 +00:00
// Profile
case 'profile':
$renderData['profile'] = [
'user' => Users::getUserProfileFields(Session::$userId),
'fields' => Users::getProfileFields()
2015-06-27 11:03:11 +00:00
];
break;
// Friends
2015-06-22 17:44:14 +00:00
case 'friends':
2015-07-31 21:18:14 +00:00
$renderData['friends'] = array_chunk(array_reverse(Users::getFriends(null, true, true)), 12, true);
break;
// Pending Friend Requests
case 'friendrequests':
$renderData['friends'] = array_chunk(array_reverse(Users::getPendingFriends(null, true)), 12, true);
2015-06-22 17:44:14 +00:00
break;
2015-06-20 19:25:41 +00:00
// Notification history
case 'notifications':
2015-07-31 21:18:14 +00:00
$renderData['notifs'] = array_chunk(array_reverse(Users::getNotifications(null, 0, false, true)), 10, true);
2015-06-20 19:25:41 +00:00
break;
2015-06-19 16:12:44 +00:00
2015-06-20 19:25:41 +00:00
}
// Print page contents
print Templates::render('settings/'. $currentPage .'.tpl', $renderData);
} else {
2015-05-11 22:20:19 +00:00
2015-06-29 12:40:00 +00:00
$renderData['page']['title'] = 'Restricted!';
2015-06-20 19:25:41 +00:00
print Templates::render('global/header.tpl', $renderData);
print Templates::render('elements/restricted.tpl', $renderData);
print Templates::render('global/footer.tpl', $renderData);
}