hajime/public/sys/set2.php

489 lines
22 KiB
PHP
Raw Normal View History

2023-08-11 22:16:32 +00:00
<?php
// Flashii Accounts UCP settings changer
// The code here is godawful, if you love your eyes don't look at it.
// Require shit
require_once __DIR__ . '/../../startup.php';
// redir thing
$redir = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/');
// ugh
if(isset($_GET['mode']) && $flashii->loggedIn()) {
switch($_GET['mode']) {
case 'profile':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!empty($_POST['birthday']) && !preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_POST['birthday'])) {
print $flashii->printMessage("<h1>Format your birthdate properly. (YYYY-MM-DD)</h1>", $redir);
exit;
}
$id = $_SESSION['uid'];
$website = $flashii->cleanString($_POST['website']);
$skype = $flashii->cleanString($_POST['skype']);
$steam = $flashii->cleanString($_POST['steam']);
$youtube = $flashii->cleanString($_POST['youtube']);
$yttype = (isset($_POST['youtubetype']) && $_POST['youtubetype']) ? 1 : 0;
$twitter = $flashii->cleanString($_POST['twitter']);
$birthday = strtotime($_POST['birthday']);
$osu = $flashii->cleanString($_POST['osu']);
$psn = $flashii->cleanString($_POST['psn']);
$xboxlive = $flashii->cleanString($_POST['xboxlive']);
$origin = $flashii->cleanString($_POST['origin']);
$soundcloud = $flashii->cleanString($_POST['soundcloud']);
$github = $flashii->cleanString($_POST['github']);
// Execute queries
$database->query("UPDATE `flashii_users` SET `website` = '$website', `skype` = '$skype', `steam` = '$steam', `youtube` = '$youtube', `youtube_type` = '$yttype', `twitter` = '$twitter', `osu` = '$osu', `xboxlive` = '$xboxlive', `eaorigin` = '$origin', `playstation` = '$psn', `birthdate` = '$birthday', `soundcloud` = '$soundcloud', `github` = '$github' WHERE `id` = '$id'");
print $flashii->printMessage("<h1>Successfully changed your profile!</h1>", $redir);
break;
case 'gender':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
$id = $_SESSION['uid'];
$github = $flashii->cleanString($_POST['gender']);
$database->query("UPDATE `flashii_users` SET `gender` = '$github' WHERE `id` = '$id'");
print $flashii->printMessage("<h1>Successfully underwent gender reassignment surgery!</h1>", $redir);
break;
case 'background':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
exit;
}
if(!$flashii->remoteFileExists($_POST['background'])) {
print $flashii->printMessage("<h1>The requested file does not exist.</h1>", $redir);
exit;
}
if(!$flashii->checkImage($_POST['background'])) {
print $flashii->printMessage("<h1>The requested file is not a valid image file.</h1>", $redir);
exit;
}
if(!$flashii->checkImageRes($_POST['background'], [[20, 20], [2560, 1440]])) {
print $flashii->printMessage("<h1>Backgrounds must be at least 20x20 and not bigger than 2560x1440.</h1>", $redir);
exit;
}
if(!$flashii->getRemoteFileSize($_POST['background']) > 10485760) {
print $flashii->printMessage("<h1>File is not allowed to be bigger than 10MB.</h1>", $redir);
exit;
}
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['background'])['mime']);
file_put_contents(FII_ASS_BG . $filename, file_get_contents($_POST['background']));
$database->query("UPDATE `flashii_users` SET `profilebg`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your Profile Background!</h1>", $redir);
break;
case 'avatar':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!$flashii->remoteFileExists($_POST['avatar'])) {
print $flashii->printMessage("<h1>The requested file does not exist.</h1>", $redir);
exit;
}
if(!$flashii->checkImage($_POST['avatar'])) {
print $flashii->printMessage("<h1>The requested file is not a valid image file.</h1>", $redir);
exit;
}
if(!$flashii->checkImageRes($_POST['avatar'], [[20, 20], [500, 500]])) {
print $flashii->printMessage("<h1>Backgrounds must be at least 20x20 and not bigger than 2560x1440.</h1>", $redir);
exit;
}
if(!$flashii->getRemoteFileSize($_POST['avatar']) > 10485760) {
print $flashii->printMessage("<h1>File is not allowed to be bigger than 10MB.</h1>", $redir);
exit;
}
$filename = $_SESSION['uid'] .'_'. time() .'.'. str_replace('image/', '', getimagesize($_POST['avatar'])['mime']);
file_put_contents(FII_ASS_AV . $filename, file_get_contents($_POST['avatar']));
$database->query("UPDATE `flashii_users` SET `avatar_url`='".$filename."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your Avatar!</h1>", $redir);
break;
case 'markdown':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
$markdown = htmlentities($_POST['markdown'], ENT_QUOTES | ENT_IGNORE, "UTF-8");
$markdown = $database->real_escape_string($markdown);
$markdown = strip_tags($markdown);
$database->query("UPDATE `flashii_users` SET `profilemarkdown`='". $markdown ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your Profile Markdown!</h1>", $redir);
break;
case 'email':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
exit;
}
if(!$flashii->checkEmail(@$_POST['emailnew'], true)) {
print $flashii->printMessage("<h1>The E-mail Address given has already been taken or was invalid.</h1>", $redir);
exit;
}
if(@$_POST['emailnew'] != @$_POST['emailver']) {
print $flashii->printMessage("<h1>Addresses do not match.</h1>", $redir);
exit;
}
$email = $flashii->cleanString(@$_POST['emailnew']);
$database->query("UPDATE `flashii_users` SET `email`='". $email ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your E-Mail Address!</h1>", $redir);
break;
case 'username':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
exit;
}
$eligible = ((time() - $flashii->getUserdata($_SESSION['uid'])['last_namechange']) > 2592000);
if(!$eligible) {
print $flashii->printMessage("<h1>You are not eligible for a name change.</h1>", $redir);
exit;
}
if(@$_POST['usernew'] != @$_POST['userver']) {
print $flashii->printMessage("<h1>Usernames do not match.</h1>", $redir);
exit;
}
if(strlen(@$_POST['usernew']) < 3 || strlen(@$_POST['usernew']) > 20) {
print $flashii->printMessage("<h1>Username was either too long or too short.</h1>", $redir);
exit;
}
if($flashii->checkIfUserExists(@$_POST['usernew'])) {
print $flashii->printMessage("<h1>Username is taken.</h1>", $redir);
exit;
}
if(preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', @$_POST['usernew'])) {
print $flashii->printMessage("<h1>One or more characters in your username is disallowed.</h1>", $redir);
exit;
}
$uname = $flashii->cleanString(@$_POST['usernew']);
$cname = strtolower($flashii->cleanString($uname));
$database->query("UPDATE `flashii_users` SET `username`='". $uname ."', `username_clean`='". $cname ."', `last_namechange`='". time() ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your username!</h1>", $redir);
break;
case 'usertitle':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!$flashii->checkRank($fwSettings['premiumRanks'])) {
print $flashii->printMessage("<h1>You need to be Tenshi or Staff to use this feature.</h1>", $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(strlen(@$_POST['usertitle']) > 64) {
print $flashii->printMessage("<h1>User title was too long.</h1>", $redir);
exit;
}
$utitle = $flashii->cleanString(@$_POST['usertitle']);
$database->query("UPDATE `flashii_users` SET `usertitle`='". $utitle ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your user title!</h1>", $redir);
break;
case 'password':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if($flashii->passHash($_POST['currentpw']) != $flashii->getUserdata($_SESSION['uid'])['password']) {
print $flashii->printMessage("<h1>Current password was incorrect.</h1>", $redir);
exit;
}
if(strlen(@$_POST['newpw']) < 5 || strlen(@$_POST['newpw']) > 128) {
print $flashii->printMessage("<h1>New password was either too long or too short.</h1>", $redir);
exit;
}
if(@$_POST['newpw'] != @$_POST['conpw']) {
print $flashii->printMessage("<h1>Passwords do not match.</h1>", $redir);
exit;
}
$password = $flashii->passHash(@$_POST['newpw']);
$database->query("UPDATE `flashii_users` SET `password`='". $password ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully changed your password!</h1>", $redir);
break;
case 'groups':
if(!isset($_POST['groupid'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
$userData = $flashii->getUserdata($_SESSION['uid']);
$userGroups = unserialize($userData['groups']);
if(isset($_POST['default']) || isset($_POST['leave'])) {
if(in_array($_POST['groupid'], $userGroups)) {
if(isset($_POST['default'])) {
$database->query("UPDATE `flashii_users` SET `userrole`='". $_POST['groupid'] ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Changed your default group.</h1>", $redir);
exit;
} elseif(isset($_POST['leave'])) {
if($_POST['groupid'] == 0 || $_POST['groupid'] == 1) {
print $flashii->printMessage("<h1>This is a static group, you cannot leave this.</h1>", $redir);
exit;
}
unset($userGroups[array_search($_POST['groupid'], $userGroups)]);
$newGroups = serialize($userGroups);
$database->query("UPDATE `flashii_users` SET `groups`='". $newGroups ."' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
if($_POST['groupid'] == $userData['userrole'])
$database->query("UPDATE `flashii_users` SET `userrole`='1' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
print $flashii->printMessage("<h1>Successfully left the group.</h1>", $redir);
exit;
}
} else {
print $flashii->printMessage("<h1>You are not authorised for this group.</h1>", $redir);
exit;
}
exit;
}
print $flashii->printMessage("<h1>Failed to do whatever you tried to do.</h1>", $redir);
break;
case 'deactivate':
if(!isset($_POST['submit'])) {
header('Location: '. $redir);
exit;
}
if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) {
print $flashii->printMessage("<h1>Invalid session.</h1>", $redir);
exit;
}
if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 300) {
print $flashii->printMessage("<h1>Invalid timestamp.</h1>", $redir);
exit;
}
if(!recaptcha_check_answer($RECAPTCHAprivatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"])->is_valid) {
print $flashii->printMessage("<h1>The reCAPTCHA wasn't entered correctly. Go back and try it again.</h1>", $redir);
exit;
}
if(!isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['email']) || !isset($_POST['sensitive'])) {
print $flashii->printMessage("<h1>Invalid form data.</h1>", $redir);
exit;
}
$userData = $flashii->getUserdata($_SESSION['uid']);
if($_POST['username'] != $userData['username']) {
print $flashii->printMessage("<h1>Invalid username.</h1>", $redir);
exit;
}
if($flashii->passHash($_POST['password']) != $userData['password']) {
print $flashii->printMessage("<h1>Invalid password.</h1>", $redir);
exit;
}
if($_POST['email'] != $userData['email']) {
print $flashii->printMessage("<h1>Invalid e-mail address.</h1>", $redir);
exit;
}
if($_POST['sensitive'] != 'I am one hundred percent sure that I want to deactivate my account.') {
print $flashii->printMessage("<h1>Invalid sensitivity phrase.</h1>", $redir);
exit;
}
if($_SESSION['uid'] == 303) {
print $flashii->printMessage("<h1>Go away malloc.</h1>", $redir);
exit;
}
$database->query("UPDATE `flashii_users` SET `groups`='". serialize([0]) ."', `userrole`='0' WHERE `id`='".$_SESSION['uid']."' LIMIT 1");
$flashii->logout();
print $flashii->printMessage("<h1>Your account has been deactivated, sorry to see you go ;_;</h1>", $redir);
break;
default:
print $flashii->printMessage("<h1>You're not supposed to be here go away!</h1>", $redir);
}
} else {
print $flashii->printMessage("<h1>You're not supposed to be here go away!</h1>", $redir);
}