flashwave
383e2ed0e0
This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
137 lines
4.9 KiB
PHP
137 lines
4.9 KiB
PHP
<?php
|
|
namespace Misuzu;
|
|
|
|
use RuntimeException;
|
|
use Misuzu\Users\User;
|
|
use chillerlan\QRCode\QRCode;
|
|
use chillerlan\QRCode\QROptions;
|
|
|
|
if(!$msz->isLoggedIn()) {
|
|
echo render_error(401);
|
|
return;
|
|
}
|
|
|
|
$errors = [];
|
|
$users = $msz->getUsers();
|
|
$roles = $msz->getRoles();
|
|
$userInfo = $msz->getActiveUser();
|
|
$isRestricted = $msz->hasActiveBan();
|
|
$isVerifiedRequest = CSRF::validateRequest();
|
|
|
|
if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
|
|
try {
|
|
$roleInfo = $roles->getRole(($_POST['role']['id'] ?? 0));
|
|
} catch(RuntimeException $ex) {}
|
|
|
|
if(empty($roleInfo) || !$users->hasRole($userInfo, $roleInfo))
|
|
$errors[] = "You're trying to modify a role that hasn't been assigned to you.";
|
|
else {
|
|
switch($_POST['role']['mode'] ?? '') {
|
|
case 'display':
|
|
$users->updateUser(
|
|
$userInfo,
|
|
displayRoleInfo: $roleInfo
|
|
);
|
|
break;
|
|
|
|
case 'leave':
|
|
if($roleInfo->isLeavable())
|
|
$users->removeRoles($userInfo, $roleInfo);
|
|
else
|
|
$errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTPKey() !== (bool)$_POST['tfa']['enable']) {
|
|
$totpKey = '';
|
|
|
|
if((bool)$_POST['tfa']['enable']) {
|
|
$totpKey = TOTPGenerator::generateKey();
|
|
$totpIssuer = $cfg->getString('site.name', 'Misuzu');
|
|
$totpQrcode = (new QRCode(new QROptions([
|
|
'version' => 5,
|
|
'outputType' => QRCode::OUTPUT_IMAGE_JPG,
|
|
'eccLevel' => QRCode::ECC_L,
|
|
])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->getName(), http_build_query([
|
|
'secret' => $totpKey,
|
|
'issuer' => $totpIssuer,
|
|
])));
|
|
|
|
Template::set([
|
|
'settings_2fa_code' => $totpKey,
|
|
'settings_2fa_image' => $totpQrcode,
|
|
]);
|
|
}
|
|
|
|
$users->updateUser(userInfo: $userInfo, totpKey: $totpKey);
|
|
}
|
|
|
|
if($isVerifiedRequest && !empty($_POST['current_password'])) {
|
|
if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) {
|
|
$errors[] = 'Your password was incorrect.';
|
|
} else {
|
|
// Changing e-mail
|
|
if(!empty($_POST['email']['new'])) {
|
|
if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
|
|
$errors[] = 'The addresses you entered did not match each other.';
|
|
} elseif($userInfo->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {
|
|
$errors[] = 'This is already your e-mail address!';
|
|
} else {
|
|
$checkMail = User::validateEMailAddress($_POST['email']['new'], true);
|
|
|
|
if($checkMail !== '') {
|
|
switch($checkMail) {
|
|
case 'dns':
|
|
$errors[] = 'No valid MX record exists for this domain.';
|
|
break;
|
|
|
|
case 'format':
|
|
$errors[] = 'The given e-mail address was incorrectly formatted.';
|
|
break;
|
|
|
|
case 'in-use':
|
|
$errors[] = 'This e-mail address is already in use.';
|
|
break;
|
|
|
|
default:
|
|
$errors[] = 'Unknown e-mail validation error.';
|
|
}
|
|
} else {
|
|
$users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']);
|
|
$msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Changing password
|
|
if(!empty($_POST['password']['new'])) {
|
|
if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) {
|
|
$errors[] = 'The new passwords you entered did not match each other.';
|
|
} else {
|
|
$checkPassword = User::validatePassword($_POST['password']['new']);
|
|
|
|
if($checkPassword !== '') {
|
|
$errors[] = 'The given passwords was too weak.';
|
|
} else {
|
|
$users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']);
|
|
$msz->createAuditLog('PERSONAL_PASSWORD_CHANGE');
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// reload $userInfo object
|
|
if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest)
|
|
$userInfo = $users->getUser($userInfo->getId(), 'id');
|
|
|
|
$userRoles = $roles->getRoles(userInfo: $userInfo);
|
|
|
|
Template::render('settings.account', [
|
|
'errors' => $errors,
|
|
'settings_user' => $userInfo,
|
|
'settings_roles' => $userRoles,
|
|
'is_restricted' => $isRestricted,
|
|
]);
|