2016-03-28 01:18:59 +00:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Holds the account section controller.
|
|
|
|
* @package Sakura
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Sakura\Controllers\Settings;
|
|
|
|
|
2016-09-10 15:05:54 +00:00
|
|
|
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
|
2016-08-07 14:10:27 +00:00
|
|
|
use Sakura\CurrentSession;
|
2016-04-03 21:29:46 +00:00
|
|
|
use Sakura\DB;
|
|
|
|
|
2016-03-28 01:18:59 +00:00
|
|
|
/**
|
|
|
|
* Account settings.
|
|
|
|
* @package Sakura
|
|
|
|
* @author Julian van de Groep <me@flash.moe>
|
|
|
|
*/
|
|
|
|
class AccountController extends Controller
|
|
|
|
{
|
2016-08-05 02:35:37 +00:00
|
|
|
/**
|
|
|
|
* Renders the profile changing page.
|
2016-12-04 16:33:52 +00:00
|
|
|
* @throws HttpMethodNotAllowedException
|
2016-08-05 02:35:37 +00:00
|
|
|
* @return string
|
|
|
|
*/
|
2016-12-04 16:33:52 +00:00
|
|
|
public function profile(): string
|
2016-08-02 20:35:12 +00:00
|
|
|
{
|
2016-11-01 21:14:02 +00:00
|
|
|
if (!CurrentSession::$user->perms->changeProfile) {
|
2016-12-04 16:33:52 +00:00
|
|
|
throw new HttpMethodNotAllowedException;
|
2016-08-02 20:35:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (session_check()) {
|
|
|
|
$save = [];
|
|
|
|
$allowed = [
|
|
|
|
'website',
|
|
|
|
'twitter',
|
|
|
|
'github',
|
|
|
|
'skype',
|
|
|
|
'discord',
|
|
|
|
'youtube',
|
|
|
|
'steam',
|
|
|
|
'osu',
|
|
|
|
'lastfm',
|
|
|
|
];
|
|
|
|
|
|
|
|
foreach ($allowed as $field) {
|
|
|
|
$save["user_{$field}"] = $_POST["profile_{$field}"] ?? null;
|
|
|
|
}
|
|
|
|
|
|
|
|
DB::table('users')
|
2016-08-07 14:10:27 +00:00
|
|
|
->where('user_id', CurrentSession::$user->id)
|
2016-08-02 20:35:12 +00:00
|
|
|
->update($save);
|
|
|
|
|
|
|
|
// Birthdays
|
|
|
|
if (isset($_POST['birthday_day'], $_POST['birthday_month'], $_POST['birthday_year'])) {
|
|
|
|
$day = intval($_POST['birthday_day']);
|
|
|
|
$month = intval($_POST['birthday_month']);
|
|
|
|
$year = intval($_POST['birthday_year']);
|
|
|
|
|
|
|
|
if (!$day && !$month && !$year) {
|
|
|
|
$birthdate = null;
|
|
|
|
} else {
|
|
|
|
if (!checkdate($month, $day, $year ? $year : 1)
|
|
|
|
|| $year > date("Y")
|
|
|
|
|| ($year != 0 && $year < (date("Y") - 100))) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => "Your birthdate was invalid, everything else was saved though!"]
|
|
|
|
);
|
2016-08-02 20:35:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Combine it into a YYYY-MM-DD format
|
|
|
|
$birthdate = implode('-', compact('year', 'month', 'day'));
|
|
|
|
}
|
|
|
|
|
|
|
|
DB::table('users')
|
2016-08-07 14:10:27 +00:00
|
|
|
->where('user_id', CurrentSession::$user->id)
|
2016-08-02 20:35:12 +00:00
|
|
|
->update([
|
|
|
|
'user_birthday' => $birthdate,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(['error' => null]);
|
2016-08-02 20:35:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return view('settings/account/profile');
|
|
|
|
}
|
|
|
|
|
2016-08-05 02:35:37 +00:00
|
|
|
/**
|
2016-09-08 21:32:33 +00:00
|
|
|
* Details such as email, username and password.
|
2016-08-05 02:35:37 +00:00
|
|
|
* @return string
|
|
|
|
*/
|
2016-12-04 16:33:52 +00:00
|
|
|
public function details(): string
|
2016-03-28 01:18:59 +00:00
|
|
|
{
|
2016-09-08 21:32:33 +00:00
|
|
|
$user = CurrentSession::$user;
|
2016-11-01 21:14:02 +00:00
|
|
|
$edit_usern = $user->perms->changeUsername;
|
|
|
|
$edit_title = $user->perms->changeUserTitle;
|
2016-09-08 21:32:33 +00:00
|
|
|
$last_name_change = 0;
|
2016-03-28 01:18:59 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
if ($edit_usern) {
|
|
|
|
$last_name_change = $user->getUsernameHistory()[0]->change_time ?? 0;
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check eligibility for username changes
|
|
|
|
$username_allow = $edit_usern && (time() - $last_name_change) > 2592000;
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
if (isset($_POST['session']) && session_check()) {
|
|
|
|
$email = $_POST['email'] ?? null;
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-12-04 19:42:14 +00:00
|
|
|
if ($email !== null && strlen($email) > 0) {
|
2016-09-08 21:32:33 +00:00
|
|
|
// Validate e-mail address
|
|
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => "The e-mail address you supplied is invalid!"]
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check the MX record of the email
|
|
|
|
if (!check_mx_record($email)) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'No valid MX-Record found on the e-mail address you supplied.']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if the e-mail has already been used
|
|
|
|
$emailCheck = DB::table('users')
|
|
|
|
->where('email', $email)
|
|
|
|
->count();
|
|
|
|
if ($emailCheck) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'Someone already used this e-mail!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$user->setMail($email);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$username = $_POST['username'] ?? null;
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-12-04 19:42:14 +00:00
|
|
|
if ($username !== null && strlen($username) > 0) {
|
2016-09-08 21:32:33 +00:00
|
|
|
$username_clean = clean_string($username, true);
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if the username is too short
|
|
|
|
if (strlen($username_clean) < config('user.name_min')) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'This username is too short!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-03-28 01:18:59 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if the username is too long
|
|
|
|
if (strlen($username_clean) > config('user.name_max')) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'This username is too long!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if this username hasn't been used in the last amount of days set in the config
|
|
|
|
$getOld = DB::table('username_history')
|
|
|
|
->where('username_old_clean', $username_clean)
|
|
|
|
->where('change_time', '>', (config('user.name_reserve') * 24 * 60 * 60))
|
|
|
|
->orderBy('change_id', 'desc')
|
|
|
|
->first();
|
|
|
|
|
|
|
|
// Check if anything was returned
|
|
|
|
if ($getOld && $getOld->user_id != $user->id) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'The username you tried to use is reserved, try again later!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if the username is already in use
|
|
|
|
$getInUse = DB::table('users')
|
|
|
|
->where('username_clean', $username_clean)
|
|
|
|
->count();
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
// Check if anything was returned
|
|
|
|
if ($getInUse) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'Someone is already using this name!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$user->setUsername($username);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$title = $_POST['title'] ?? null;
|
2016-03-28 01:18:59 +00:00
|
|
|
|
2016-09-22 18:04:20 +00:00
|
|
|
if ($title !== null) {
|
2016-09-08 21:32:33 +00:00
|
|
|
if (strlen($title) > 64) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => 'This title is too long!']
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
if ($title !== $user->title) {
|
|
|
|
DB::table('users')
|
|
|
|
->where('user_id', $user->id)
|
|
|
|
->update([
|
|
|
|
'user_title' => $title,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$password = $_POST['password'] ?? null;
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
if ($password) {
|
|
|
|
// Check password entropy
|
|
|
|
if (password_entropy($password) < config('user.pass_min_entropy')) {
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(
|
|
|
|
['error' => "Your password isn't strong enough!"]
|
|
|
|
);
|
2016-09-08 21:32:33 +00:00
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
$user->setPassword($password);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-09-19 19:21:11 +00:00
|
|
|
return $this->json(['error' => null]);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-09-08 21:32:33 +00:00
|
|
|
return view('settings/account/details', compact(
|
|
|
|
'edit_usern',
|
|
|
|
'edit_title',
|
|
|
|
'last_name_change',
|
|
|
|
'username_allow'
|
|
|
|
));
|
2016-03-28 01:18:59 +00:00
|
|
|
}
|
|
|
|
|
2016-08-05 02:35:37 +00:00
|
|
|
/**
|
|
|
|
* Renders the rank management page.
|
2016-12-04 16:33:52 +00:00
|
|
|
* @throws HttpMethodNotAllowedException
|
2016-08-05 02:35:37 +00:00
|
|
|
* @return string
|
|
|
|
*/
|
2016-12-04 16:33:52 +00:00
|
|
|
public function ranks(): string
|
2016-03-28 01:18:59 +00:00
|
|
|
{
|
2016-11-01 21:14:02 +00:00
|
|
|
if (!CurrentSession::$user->perms->manageRanks) {
|
2016-12-04 16:33:52 +00:00
|
|
|
throw new HttpMethodNotAllowedException;
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$rank = $_POST['rank'] ?? null;
|
|
|
|
$mode = $_POST['mode'] ?? null;
|
|
|
|
|
|
|
|
$locked = [
|
2016-07-26 17:29:53 +00:00
|
|
|
config('rank.regular'),
|
|
|
|
config('rank.premium'),
|
|
|
|
config('rank.alumni'),
|
|
|
|
config('rank.banned'),
|
2016-04-03 21:29:46 +00:00
|
|
|
];
|
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
if (session_check() && $rank && $mode) {
|
2016-08-07 14:10:27 +00:00
|
|
|
if (!CurrentSession::$user->hasRanks([$rank])) {
|
2016-12-09 18:09:33 +00:00
|
|
|
return $this->json(['error' => "You aren't a part of this rank!"]);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
switch ($mode) {
|
|
|
|
case 'remove':
|
|
|
|
if (in_array($rank, $locked)) {
|
|
|
|
return $this->json(['error' => "You aren't allowed to remove this rank from your account!"]);
|
|
|
|
}
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
CurrentSession::$user->removeRanks([$rank]);
|
|
|
|
break;
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
case 'main':
|
|
|
|
CurrentSession::$user->setMainRank($rank);
|
|
|
|
break;
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
return $this->json(['error' => null]);
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('settings/account/ranks', compact('locked'));
|
2016-03-28 01:18:59 +00:00
|
|
|
}
|
2016-09-16 20:18:59 +00:00
|
|
|
/**
|
|
|
|
* Renders the userpage editing page.
|
2016-12-04 16:33:52 +00:00
|
|
|
* @throws HttpMethodNotAllowedException
|
|
|
|
* @return string
|
2016-09-16 20:18:59 +00:00
|
|
|
*/
|
2016-12-04 16:33:52 +00:00
|
|
|
public function userpage(): string
|
2016-09-16 20:18:59 +00:00
|
|
|
{
|
2016-11-01 21:14:02 +00:00
|
|
|
if (!CurrentSession::$user->perms->changeUserpage) {
|
2016-12-04 16:33:52 +00:00
|
|
|
throw new HttpMethodNotAllowedException;
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$userpage = $_POST['userpage'] ?? null;
|
|
|
|
$maxLength = config('user.page_max');
|
|
|
|
|
|
|
|
if (session_check() && $userpage) {
|
|
|
|
if (strlen($userpage) > $maxLength) {
|
2016-12-09 18:09:33 +00:00
|
|
|
return $this->json(['error' => 'Your userpage is too long, shorten it a little!']);
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
DB::table('users')
|
|
|
|
->where('user_id', CurrentSession::$user->id)
|
|
|
|
->update([
|
|
|
|
'user_page' => $userpage,
|
|
|
|
]);
|
|
|
|
|
|
|
|
return $this->json(['error' => null]);
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return view('settings/account/userpage', compact('maxLength'));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Renders the signature changing page.
|
2016-12-04 16:33:52 +00:00
|
|
|
* @throws HttpMethodNotAllowedException
|
2016-09-16 20:18:59 +00:00
|
|
|
* @return string
|
|
|
|
*/
|
2016-12-04 16:33:52 +00:00
|
|
|
public function signature(): string
|
2016-09-16 20:18:59 +00:00
|
|
|
{
|
2016-11-01 21:14:02 +00:00
|
|
|
if (!CurrentSession::$user->perms->changeSignature) {
|
2016-12-04 16:33:52 +00:00
|
|
|
throw new HttpMethodNotAllowedException;
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$signature = $_POST['signature'] ?? null;
|
|
|
|
$maxLength = config('user.signature_max');
|
|
|
|
|
|
|
|
if (session_check() && $signature) {
|
|
|
|
if (strlen($signature) > $maxLength) {
|
2016-12-09 18:09:33 +00:00
|
|
|
return $this->json(['error' => 'Your signature is too long, shorten it a little!']);
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
2016-12-09 18:09:33 +00:00
|
|
|
DB::table('users')
|
|
|
|
->where('user_id', CurrentSession::$user->id)
|
|
|
|
->update([
|
|
|
|
'user_signature' => $signature,
|
|
|
|
]);
|
|
|
|
|
|
|
|
return $this->json(['error' => null]);
|
2016-09-16 20:18:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return view('settings/account/signature', compact('maxLength'));
|
|
|
|
}
|
2016-03-28 01:18:59 +00:00
|
|
|
}
|