diff --git a/app/Controllers/Forum/PostController.php b/app/Controllers/Forum/PostController.php index fec0433..7f1e87d 100644 --- a/app/Controllers/Forum/PostController.php +++ b/app/Controllers/Forum/PostController.php @@ -12,6 +12,7 @@ use Sakura\DB; use Sakura\Forum\Forum; use Sakura\Forum\Post; use Sakura\Forum\Topic; +use Sakura\Perms; use Sakura\Perms\Forum as ForumPerms; /** @@ -178,8 +179,6 @@ class PostController extends Controller public function delete($id = 0) { - $action = isset($_POST['yes']) && session_check(); - $post = new Post($id); $topic = new Topic($post->topic); $forum = new Forum($topic->forum); @@ -211,8 +210,8 @@ class PostController extends Controller return view('global/information', compact('message', 'redirect')); } - if ($action !== null) { - if ($action) { + if (session_check('sessionid')) { + if (isset($_POST['yes'])) { // Set message $message = "Deleted the post!"; diff --git a/app/Controllers/Settings/AccountController.php b/app/Controllers/Settings/AccountController.php index 12ba7cc..cee7359 100644 --- a/app/Controllers/Settings/AccountController.php +++ b/app/Controllers/Settings/AccountController.php @@ -8,11 +8,8 @@ namespace Sakura\Controllers\Settings; use Sakura\ActiveUser; -use Sakura\Config; use Sakura\DB; use Sakura\Perms\Site; -use Sakura\Router; -use Sakura\Template; /** * Account settings. @@ -22,43 +19,98 @@ use Sakura\Template; */ class AccountController extends Controller { + public function profile() + { + // Check permission + if (!ActiveUser::$user->permission(Site::ALTER_PROFILE)) { + $message = "You aren't allowed to edit your profile!"; + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); + } + + if (session_check()) { + $redirect = route('settings.account.profile'); + $save = []; + $allowed = [ + 'website', + 'twitter', + 'github', + 'skype', + 'discord', + 'youtube', + 'steam', + 'osu', + 'lastfm', + ]; + + foreach ($allowed as $field) { + $save["user_{$field}"] = $_POST["profile_{$field}"] ?? null; + } + + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update($save); + + // Birthdays + if (isset($_POST['birthday_day'], $_POST['birthday_month'], $_POST['birthday_year'])) { + $day = intval($_POST['birthday_day']); + $month = intval($_POST['birthday_month']); + $year = intval($_POST['birthday_year']); + + if (!$day && !$month && !$year) { + $birthdate = null; + } else { + if (!checkdate($month, $day, $year ? $year : 1) + || $year > date("Y") + || ($year != 0 && $year < (date("Y") - 100))) { + $message = "Your birthdate was invalid, everything else was saved though!"; + + return view('global/information', compact('message', 'redirect')); + } + + // Combine it into a YYYY-MM-DD format + $birthdate = implode('-', compact('year', 'month', 'day')); + } + + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_birthday' => $birthdate, + ]); + } + + $message = "Updated your profile!"; + + return view('global/information', compact('message', 'redirect')); + } + + return view('settings/account/profile'); + } + public function email() { // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_EMAIL)) { $message = "You aren't allowed to change your e-mail address."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; $email = $_POST['email'] ?? null; - if ($session && $email) { - $redirect = Router::route('settings.account.email'); - - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && $email) { + $redirect = route('settings.account.email'); // Validate e-mail address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $message = "The e-mail address you supplied is invalid!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check the MX record of the email if (!check_mx_record($email)) { $message = 'No valid MX-Record found on the e-mail address you supplied.'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check if the e-mail has already been used @@ -67,18 +119,16 @@ class AccountController extends Controller ->count(); if ($emailCheck) { $message = 'Someone already used this e-mail!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } ActiveUser::$user->setMail($email); $message = 'Changed your e-mail address!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } - return Template::render('settings/account/email'); + return view('settings/account/email'); } public function username() @@ -86,39 +136,26 @@ class AccountController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_USERNAME)) { $message = "You aren't allowed to change your username."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('redirect', 'message')); } - $session = $_POST['session'] ?? null; $username = $_POST['username'] ?? null; - if ($session && $username) { - $redirect = Router::route('settings.account.username'); + if (session_check() && $username) { + $redirect = route('settings.account.username'); $username_clean = clean_string($username, true); - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } - // Check if the username is too short if (strlen($username_clean) < config('user.name_min')) { $message = "This username is too short!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check if the username is too long if (strlen($username_clean) > config('user.name_max')) { $message = "This username is too long!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check if this username hasn't been used in the last amount of days set in the config @@ -131,8 +168,7 @@ class AccountController extends Controller // Check if anything was returned if ($getOld && $getOld[0]->user_id != ActiveUser::$user->id) { $message = "The username you tried to use is reserved, try again later!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check if the username is already in use @@ -143,18 +179,16 @@ class AccountController extends Controller // Check if anything was returned if ($getInUse) { $message = "Someone is already using this name!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } ActiveUser::$user->setUsername($username, $username_clean); $message = "Changed your username!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } - return Template::render('settings/account/username'); + return view('settings/account/username'); } public function title() @@ -162,36 +196,23 @@ class AccountController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) { $message = "You aren't allowed to change your title."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('redirect', 'message')); } - $session = $_POST['session'] ?? null; $title = $_POST['title'] ?? null; - if ($session && $title !== null) { - $redirect = Router::route('settings.account.title'); - - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && $title !== null) { + $redirect = route('settings.account.title'); if (strlen($title) > 64) { $message = "This title is too long!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } if ($title === ActiveUser::$user->title) { $message = "This is already your title!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Update database @@ -202,11 +223,10 @@ class AccountController extends Controller ]); $message = "Changed your title!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } - return Template::render('settings/account/title'); + return view('settings/account/title'); } public function password() @@ -214,49 +234,35 @@ class AccountController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) { $message = "You aren't allowed to change your password."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('redirect', 'message')); } - $session = $_POST['session'] ?? null; $current = $_POST['current'] ?? null; $password = $_POST['password'] ?? null; - if ($session && $current && $password) { - $redirect = Router::route('settings.account.password'); - - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && $current && $password) { + $redirect = route('settings.account.password'); // Check current password if (!password_verify($current, ActiveUser::$user->password)) { $message = "Your password was invalid!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } // Check password entropy if (password_entropy($password) < config('user.pass_min_entropy')) { $message = "Your password isn't strong enough!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } ActiveUser::$user->setPassword($password); $message = "Changed your password!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } - return Template::render('settings/account/password'); + return view('settings/account/password'); } public function ranks() @@ -264,14 +270,10 @@ class AccountController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::ALTER_RANKS)) { $message = "You aren't allowed to manage your ranks."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('redirect', 'message')); } - $session = $_POST['session'] ?? null; $rank = $_POST['rank'] ?? null; $mode = $_POST['mode'] ?? null; @@ -283,46 +285,33 @@ class AccountController extends Controller config('rank.banned'), ]; - if ($session && $rank && $mode) { - $redirect = Router::route('settings.account.ranks'); - - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && $rank && $mode) { + $redirect = route('settings.account.ranks'); // Check if user has this rank if (!ActiveUser::$user->hasRanks([$rank])) { $message = "You aren't a part of this rank!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } if ($mode == 'remove') { if (in_array($rank, $locked)) { $message = "You aren't allowed to remove this rank from your account!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } ActiveUser::$user->removeRanks([$rank]); $message = "Removed the rank from your account!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } ActiveUser::$user->setMainRank($rank); $message = "Changed your main rank!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('redirect', 'message')); } - Template::vars(compact('locked')); - - return Template::render('settings/account/ranks'); + return view('settings/account/ranks', compact('locked')); } } diff --git a/app/Controllers/Settings/AdvancedController.php b/app/Controllers/Settings/AdvancedController.php index 53884d7..f46e642 100644 --- a/app/Controllers/Settings/AdvancedController.php +++ b/app/Controllers/Settings/AdvancedController.php @@ -10,8 +10,6 @@ namespace Sakura\Controllers\Settings; use Sakura\ActiveUser; use Sakura\DB; use Sakura\Perms\Site; -use Sakura\Router; -use Sakura\Template; /** * Advanced settings. @@ -26,26 +24,15 @@ class AdvancedController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) { $message = "You aren't allowed to manage sessions."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; $id = $_POST['id'] ?? null; $all = isset($_POST['all']); - if ($session && ($id || $all)) { - $redirect = Router::route('settings.advanced.sessions'); - - // Check if the CSRF session matches - if ($session !== session_id()) { - $message = "Your session expired, not the one you were intending to let expire though!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && ($id || $all)) { + $redirect = route('settings.advanced.sessions'); // End all sessions if ($all) { @@ -54,8 +41,7 @@ class AdvancedController extends Controller ->delete(); $message = "Deleted all active session associated with your account!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } // Create the session statement @@ -66,16 +52,14 @@ class AdvancedController extends Controller // Check if the session exists if (!$session->count()) { $message = "This session doesn't exist!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } // Delete it $session->delete(); $message = "Deleted the session!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } $sessions = DB::table('sessions') @@ -83,9 +67,7 @@ class AdvancedController extends Controller ->get(); $active = ActiveUser::$session->sessionId; - Template::vars(compact('sessions', 'active')); - - return Template::render('settings/advanced/sessions'); + return view('settings/advanced/sessions', compact('sessions', 'active')); } public function deactivate() @@ -93,31 +75,18 @@ class AdvancedController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) { $message = "You aren't allowed to deactivate your account."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; $password = $_POST['password'] ?? null; - if ($session && $password) { - $redirect = Router::route('settings.advanced.deactivate'); - - // Verify session - if ($session !== session_id()) { - $message = "Session verification failed!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); - } + if (session_check() && $password) { + $redirect = route('settings.advanced.deactivate'); // Check password if (!ActiveUser::$user->verifyPassword($password)) { $message = "Your password was invalid!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } // Deactivate account @@ -128,12 +97,11 @@ class AdvancedController extends Controller // Destroy all active sessions ActiveUser::$session->destroyAll(); - $redirect = Router::route('main.index'); + $redirect = route('main.index'); $message = "Farewell!"; - Template::vars(compact('redirect', 'message')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/advanced/deactivate'); + return view('settings/advanced/deactivate'); } } diff --git a/app/Controllers/Settings/AppearanceController.php b/app/Controllers/Settings/AppearanceController.php index eda9941..f81827a 100644 --- a/app/Controllers/Settings/AppearanceController.php +++ b/app/Controllers/Settings/AppearanceController.php @@ -8,12 +8,9 @@ namespace Sakura\Controllers\Settings; use Sakura\ActiveUser; -use Sakura\Config; use Sakura\DB; use Sakura\File; use Sakura\Perms\Site; -use Sakura\Router; -use Sakura\Template; /** * Appearance settings. @@ -117,18 +114,13 @@ class AppearanceController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_AVATAR)) { $message = "You aren't allowed to change your avatar."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; - - if ($session) { + if (session_check()) { $avatar = $_FILES['avatar'] ?? null; - $redirect = Router::route('settings.appearance.avatar'); + $redirect = route('settings.appearance.avatar'); if ($avatar && $avatar['error'] !== UPLOAD_ERR_NO_FILE) { $upload = $this->handleUpload('avatar', $_FILES['avatar']); @@ -138,12 +130,10 @@ class AppearanceController extends Controller $message = "Deleted your avatar!"; } - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/appearance/avatar'); + return view('settings/appearance/avatar'); } public function background() @@ -151,18 +141,13 @@ class AppearanceController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_BACKGROUND)) { $message = "You aren't allowed to change your background."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; - - if ($session) { + if (session_check()) { $background = $_FILES['background'] ?? null; - $redirect = Router::route('settings.appearance.background'); + $redirect = route('settings.appearance.background'); if ($background && $background['error'] !== UPLOAD_ERR_NO_FILE) { $upload = $this->handleUpload('background', $_FILES['background']); @@ -172,12 +157,10 @@ class AppearanceController extends Controller $message = "Deleted your background!"; } - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/appearance/background'); + return view('settings/appearance/background'); } public function header() @@ -185,18 +168,13 @@ class AppearanceController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_HEADER)) { $message = "You aren't allowed to change your profile header."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; - - if ($session) { + if (session_check()) { $header = $_FILES['header'] ?? null; - $redirect = Router::route('settings.appearance.header'); + $redirect = route('settings.appearance.header'); if ($header && $header['error'] !== UPLOAD_ERR_NO_FILE) { $upload = $this->handleUpload('header', $_FILES['header']); @@ -206,12 +184,10 @@ class AppearanceController extends Controller $message = "Deleted your header!"; } - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/appearance/header'); + return view('settings/appearance/header'); } public function userpage() @@ -220,50 +196,34 @@ class AppearanceController extends Controller if (!( ActiveUser::$user->page && ActiveUser::$user->permission(Site::CHANGE_USERPAGE) - ) || !ActiveUser::$user->permission(Site::CREATE_USERPAGE)) { + ) && !ActiveUser::$user->permission(Site::CREATE_USERPAGE)) { $message = "You aren't allowed to change your userpage."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; $userpage = $_POST['userpage'] ?? null; + $maxLength = config('user.page_max'); - $maxLength = 65535; - - if ($session && $userpage) { - $redirect = Router::route('settings.appearance.userpage'); - - if ($session !== session_id()) { - $message = 'Your session expired!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); - } + if (session_check() && $userpage) { + $redirect = route('settings.appearance.userpage'); if (strlen($userpage) > $maxLength) { $message = 'Your userpage is too long, shorten it a little!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + } else { + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_page' => $userpage, + ]); + + $message = 'Updated your userpage!'; } - // Update database - DB::table('users') - ->where('user_id', ActiveUser::$user->id) - ->update([ - 'user_page' => $userpage, - ]); - - $message = 'Updated your userpage!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - Template::vars(compact('maxLength')); - - return Template::render('settings/appearance/userpage'); + return view('settings/appearance/userpage', compact('maxLength')); } public function signature() @@ -271,47 +231,31 @@ class AppearanceController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::CHANGE_SIGNATURE)) { $message = "You aren't allowed to change your signature."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - $session = $_POST['session'] ?? null; $signature = $_POST['signature'] ?? null; + $maxLength = config('user.signature_max'); - $maxLength = 500; - - if ($session && $signature) { - $redirect = Router::route('settings.appearance.signature'); - - if ($session !== session_id()) { - $message = 'Your session expired!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); - } + if (session_check() && $signature) { + $redirect = route('settings.appearance.signature'); if (strlen($signature) > $maxLength) { $message = 'Your signature is too long, shorten it a little!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + } else { + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_signature' => $signature, + ]); + + $message = 'Updated your signature!'; } - // Update database - DB::table('users') - ->where('user_id', ActiveUser::$user->id) - ->update([ - 'user_signature' => $signature, - ]); - - $message = 'Updated your signature!'; - Template::vars(compact('message', 'redirect')); - return Template::render('global/information'); + return view('global/information', compact('message', 'redirect')); } - Template::vars(compact('maxLength')); - - return Template::render('settings/appearance/signature'); + return view('settings/appearance/signature', compact('maxLength')); } } diff --git a/app/Controllers/Settings/Controller.php b/app/Controllers/Settings/Controller.php index 2e27cc1..107e841 100644 --- a/app/Controllers/Settings/Controller.php +++ b/app/Controllers/Settings/Controller.php @@ -23,21 +23,32 @@ class Controller extends BaseController { public function __construct() { - $navigation = $this->navigation(); - - Template::vars(compact('navigation')); + Template::vars(['navigation' => $this->navigation()]); } public function navigation() { $nav = []; - // General - $nav["General"]["Home"] = Router::route('settings.general.home'); + // Account if (ActiveUser::$user->permission(Site::ALTER_PROFILE)) { - $nav["General"]["Profile"] = Router::route('settings.general.profile'); + $nav["Account"]["Profile"] = Router::route('settings.account.profile'); + } + if (ActiveUser::$user->permission(Site::CHANGE_EMAIL)) { + $nav["Account"]["E-mail address"] = Router::route('settings.account.email'); + } + if (ActiveUser::$user->permission(Site::CHANGE_USERNAME)) { + $nav["Account"]["Username"] = Router::route('settings.account.username'); + } + if (ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) { + $nav["Account"]["Title"] = Router::route('settings.account.title'); + } + if (ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) { + $nav["Account"]["Password"] = Router::route('settings.account.password'); + } + if (ActiveUser::$user->permission(Site::ALTER_RANKS)) { + $nav["Account"]["Ranks"] = Router::route('settings.account.ranks'); } - $nav["General"]["Options"] = Router::route('settings.general.options'); // Friends if (ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) { @@ -45,8 +56,6 @@ class Controller extends BaseController $nav["Friends"]["Requests"] = Router::route('settings.friends.requests'); } - // Groups - // Notifications $nav["Notifications"]["History"] = Router::route('settings.notifications.history'); @@ -70,23 +79,6 @@ class Controller extends BaseController $nav["Appearance"]["Signature"] = Router::route('settings.appearance.signature'); } - // Account - if (ActiveUser::$user->permission(Site::CHANGE_EMAIL)) { - $nav["Account"]["E-mail address"] = Router::route('settings.account.email'); - } - if (ActiveUser::$user->permission(Site::CHANGE_USERNAME)) { - $nav["Account"]["Username"] = Router::route('settings.account.username'); - } - if (ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) { - $nav["Account"]["Title"] = Router::route('settings.account.title'); - } - if (ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) { - $nav["Account"]["Password"] = Router::route('settings.account.password'); - } - if (ActiveUser::$user->permission(Site::ALTER_RANKS)) { - $nav["Account"]["Ranks"] = Router::route('settings.account.ranks'); - } - // Advanced if (ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) { $nav["Advanced"]["Sessions"] = Router::route('settings.advanced.sessions'); diff --git a/app/Controllers/Settings/FriendsController.php b/app/Controllers/Settings/FriendsController.php index 9588b20..4dac568 100644 --- a/app/Controllers/Settings/FriendsController.php +++ b/app/Controllers/Settings/FriendsController.php @@ -9,8 +9,6 @@ namespace Sakura\Controllers\Settings; use Sakura\ActiveUser; use Sakura\Perms\Site; -use Sakura\Router; -use Sakura\Template; /** * Friends settings. @@ -25,14 +23,11 @@ class FriendsController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) { $message = "You aren't allowed to manage friends."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/friends/listing'); + return view('settings/friends/listing'); } public function requests() @@ -40,13 +35,10 @@ class FriendsController extends Controller // Check permission if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) { $message = "You aren't allowed to manage friends."; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); + $redirect = route('settings.index'); + return view('global/information', compact('message', 'redirect')); } - return Template::render('settings/friends/requests'); + return view('settings/friends/requests'); } } diff --git a/app/Controllers/Settings/GeneralController.php b/app/Controllers/Settings/GeneralController.php deleted file mode 100644 index 069c337..0000000 --- a/app/Controllers/Settings/GeneralController.php +++ /dev/null @@ -1,200 +0,0 @@ - - */ -class GeneralController extends Controller -{ - public function home() - { - return Template::render('settings/general/home'); - } - - public function profile() - { - // Check permission - if (!ActiveUser::$user->permission(Site::ALTER_PROFILE)) { - $message = "You aren't allowed to edit your profile!"; - $redirect = Router::route('settings.general.home'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); - } - - // Get profile fields - $rawFields = DB::table('profilefields') - ->get(); - - // Create output array - $fields = []; - - // Iterate over the fields and clean them up - foreach ($rawFields as $fieldData) { - $field = new stdClass; - $field->id = clean_string($fieldData->field_name, true, true); - $field->name = $fieldData->field_name; - $field->type = $fieldData->field_type; - $field->link = $fieldData->field_link; - $field->format = $fieldData->field_linkformat; - $field->description = $fieldData->field_description; - $field->additional = json_decode($fieldData->field_additional, true); - $fields[$fieldData->field_id] = $field; - } - - // Attempt to get the session value - $session = $_POST['session'] ?? null; - - if ($session) { - $redirect = Router::route('settings.general.profile'); - - // Go over each field - foreach ($fields as $field) { - // Add to the store table - if (isset($_POST["profile_{$field->id}"])) { - DB::table('user_profilefields') - ->insert([ - 'user_id' => ActiveUser::$user->id, - 'field_name' => $field->id, - 'field_value' => $_POST["profile_{$field->id}"], - ]); - } - - // Check if there's additional values we should keep in mind - if (!empty($field->additional)) { - // Go over each additional value - foreach ($field->additional as $addKey => $addVal) { - // Add to the array - $store = (isset($_POST["profile_additional_{$addKey}"])) - ? $_POST["profile_additional_{$addKey}"] - : false; - - DB::table('user_profilefields') - ->insert([ - 'user_id' => ActiveUser::$user->id, - 'field_name' => $addKey, - 'field_value' => $store, - ]); - } - } - } - - // Birthdays - if (isset($_POST['birthday_day']) - && isset($_POST['birthday_month']) - && isset($_POST['birthday_year'])) { - $day = intval($_POST['birthday_day']); - $month = intval($_POST['birthday_month']); - $year = intval($_POST['birthday_year']); - - // Check the values - if (!checkdate($month, $day, $year ? $year : 1) - || $year > date("Y") - || ($year != 0 && $year < (date("Y") - 100))) { - $message = "Your birthdate was considered invalid, everything else was saved though."; - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); - } - - // Combine it into a YYYY-MM-DD format - $birthdate = implode( - '-', - [$_POST['birthday_year'], $_POST['birthday_month'], $_POST['birthday_day']] - ); - - DB::table('users') - ->where('user_id', ActiveUser::$user->id) - ->update([ - 'user_birthday' => $birthdate, - ]); - } - - $message = "Updated your profile!"; - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); - } - - Template::vars(compact('fields')); - - return Template::render('settings/general/profile'); - } - - public function options() - { - // Get profile fields - $rawFields = DB::table('optionfields') - ->get(); - - // Create output array - $fields = []; - - // Iterate over the fields and clean them up - foreach ($rawFields as $fieldData) { - if (!ActiveUser::$user->permission(constant("Sakura\Perms\Site::{$fieldData->option_permission}"))) { - continue; - } - - $field = new stdClass; - $field->id = $fieldData->option_id; - $field->name = $fieldData->option_name; - $field->description = $fieldData->option_description; - $field->type = $fieldData->option_type; - $field->permission = $fieldData->option_permission; - $fields[$fieldData->option_id] = $field; - } - - // Attempt to get the session value - $session = $_POST['session'] ?? null; - - if ($session) { - // Delete all option fields for this user - DB::table('user_optionfields') - ->where('user_id', ActiveUser::$user->id) - ->delete(); - - // Go over each field - foreach ($fields as $field) { - if (isset($_POST["option_{$field->id}"])) { - DB::table('user_optionfields') - ->insert([ - 'user_id' => ActiveUser::$user->id, - 'field_name' => $field->id, - 'field_value' => $_POST["option_{$field->id}"], - ]); - } - } - - $message = "Updated your options!"; - $redirect = Router::route('settings.general.options'); - - Template::vars(compact('message', 'redirect')); - - return Template::render('global/information'); - } - - Template::vars(compact('fields')); - - return Template::render('settings/general/options'); - } -} diff --git a/app/Controllers/Settings/GroupsController.php b/app/Controllers/Settings/GroupsController.php deleted file mode 100644 index 05355ef..0000000 --- a/app/Controllers/Settings/GroupsController.php +++ /dev/null @@ -1,27 +0,0 @@ - - */ -class GroupsController extends Controller -{ - public function listing() - { - return ""; - } - - public function invites() - { - return ""; - } -} diff --git a/app/Controllers/Settings/NotificationsController.php b/app/Controllers/Settings/NotificationsController.php index 257e883..8131622 100644 --- a/app/Controllers/Settings/NotificationsController.php +++ b/app/Controllers/Settings/NotificationsController.php @@ -7,8 +7,6 @@ namespace Sakura\Controllers\Settings; -use Sakura\Template; - /** * Notification settings. * @@ -19,6 +17,6 @@ class NotificationsController extends Controller { public function history() { - return Template::render('settings/notifications/history'); + return view('settings/notifications/history'); } } diff --git a/app/User.php b/app/User.php index a266e1d..1b10f67 100644 --- a/app/User.php +++ b/app/User.php @@ -165,6 +165,83 @@ class User */ public $signature = ''; + /** + * Whether the user's background should be displayed sitewide. + * + * @var bool + */ + public $backgroundSitewide = false; + + /** + * The user's website url. + * + * @var string + */ + public $website = ''; + + /** + * The user's twitter handle. + * + * @var string + */ + public $twitter = ''; + + /** + * The user's github username. + * + * @var string + */ + public $github = ''; + + /** + * The user's skype username. + * + * @var string + */ + public $skype = ''; + + /** + * The user's discord tag. + * + * @var string + */ + public $discord = ''; + + /** + * The user's youtube channel id/name. + * + * @var string + */ + public $youtube = ''; + + /** + * The thing that indicates if it's an id or a name. + * + * @var int + */ + public $youtubeType = 0; + + /** + * The user's steam community username. + * + * @var string + */ + public $steam = ''; + + /** + * The user's osu! username. + * + * @var string + */ + public $osu = ''; + + /** + * The user's lastfm username. + * + * @var string + */ + public $lastfm = ''; + /** * The user's birthday. * @@ -179,20 +256,6 @@ class User */ private $permissions; - /** - * The user's option fields. - * - * @var array - */ - private $optionFields = null; - - /** - * The user's profile fields. - * - * @var array - */ - private $profileFields = null; - /** * The User instance cache array. * @@ -281,24 +344,35 @@ class User // Populate the variables if ($userRow) { $userRow = $userRow[0]; - $this->id = $userRow->user_id; + $this->id = intval($userRow->user_id); $this->username = $userRow->username; $this->usernameClean = $userRow->username_clean; $this->password = $userRow->password; - $this->passwordChan = $userRow->password_chan; + $this->passwordChan = intval($userRow->password_chan); $this->email = $userRow->email; - $this->mainRankId = $userRow->rank_main; + $this->mainRankId = intval($userRow->rank_main); $this->colour = $userRow->user_colour; $this->title = $userRow->user_title; - $this->registered = $userRow->user_registered; - $this->lastOnline = $userRow->user_last_online; + $this->registered = intval($userRow->user_registered); + $this->lastOnline = intval($userRow->user_last_online); $this->birthday = $userRow->user_birthday; $this->country = $userRow->user_country; - $this->avatar = $userRow->user_avatar; - $this->background = $userRow->user_background; - $this->header = $userRow->user_header; + $this->avatar = intval($userRow->user_avatar); + $this->background = intval($userRow->user_background); + $this->header = intval($userRow->user_header); $this->page = $userRow->user_page; $this->signature = $userRow->user_signature; + $this->backgroundSitewide = boolval($userRow->user_background_sitewide); + $this->website = $userRow->user_website; + $this->twitter = $userRow->user_twitter; + $this->github = $userRow->user_github; + $this->skype = $userRow->user_skype; + $this->discord = $userRow->user_discord; + $this->youtube = $userRow->user_youtube; + $this->youtubeType = intval($userRow->user_youtube_type); + $this->steam = $userRow->user_steam; + $this->osu = $userRow->user_osu; + $this->lastfm = $userRow->user_lastfm; // Temporary backwards compatible IP storage system try { @@ -777,137 +851,6 @@ class User return $comments; } - /** - * Get the user's profile fields. - * - * @return array The profile fields. - */ - public function profileFields() - { - // Check if we have cached data - if ($this->profileFields) { - return $this->profileFields; - } - - // Create array and get values - $profile = []; - - $profileFields = DB::table('profilefields') - ->get(); - - $profileValuesRaw = DB::table('user_profilefields') - ->where('user_id', $this->id) - ->get(); - - $profileValues = array_column($profileValuesRaw, 'field_value', 'field_name'); - - // Check if anything was returned - if (!$profileFields || !$profileValues) { - return $profile; - } - - // Check if profile fields aren't fake - foreach ($profileFields as $field) { - // Completely strip all special characters from the field name - $fieldName = clean_string($field->field_name, true, true); - - // Check if the user has the current field set otherwise continue - if (!array_key_exists($fieldName, $profileValues)) { - continue; - } - - // Assign field to output with value - $profile[$fieldName] = []; - $profile[$fieldName]['name'] = $field->field_name; - $profile[$fieldName]['value'] = $profileValues[$fieldName]; - $profile[$fieldName]['islink'] = $field->field_link; - - // If the field is set to be a link add a value for that as well - if ($field->field_link) { - $profile[$fieldName]['link'] = str_replace( - '{{ VAL }}', - $profileValues[$fieldName], - $field->field_linkformat - ); - } - - // Check if we have additional options as well - if (!empty($field->field_additional)) { - // Decode the json of the additional stuff - $additional = json_decode($field->field_additional, true); - - // Go over all additional forms - foreach ($additional as $subName => $subField) { - // Check if the user has the current field set otherwise continue - if (!array_key_exists($subName, $profileValues)) { - continue; - } - - // Assign field to output with value - $profile[$fieldName][$subName] = $profileValues[$subName]; - } - } - } - - // Assign cache - $this->profileFields = $profile; - - // Return appropiate profile data - return $profile; - } - - /** - * Get a user's option fields. - * - * @return array The array containing the fields. - */ - public function optionFields() - { - // Check if we have cached data - if ($this->optionFields) { - return $this->optionFields; - } - - // Create array and get values - $options = []; - - $optionFields = DB::table('optionfields') - ->get(); - - $optionValuesRaw = DB::table('user_optionfields') - ->where('user_id', $this->id) - ->get(); - - $optionValues = array_column($optionValuesRaw, 'field_value', 'field_name'); - - // Check if anything was returned - if (!$optionFields || !$optionValues) { - return $options; - } - - // Check if option fields aren't fake - foreach ($optionFields as $field) { - // Check if the user has the current field set otherwise continue - if (!array_key_exists($field->option_id, $optionValues)) { - continue; - } - - // Make sure the user has the proper permissions to use this option - if (!$this->permission(constant('Sakura\Perms\Site::' . $field->option_permission))) { - continue; - } - - // Assign field to output with value - $options[$field->option_id] = $optionValues[$field->option_id]; - } - - // Assign cache - $this->optionFields = $options; - - // Return appropiate option data - return $options; - } - /** * Add premium in seconds. * diff --git a/config/config.example.ini b/config/config.example.ini index 5104fbc..6f77bea 100644 --- a/config/config.example.ini +++ b/config/config.example.ini @@ -80,9 +80,6 @@ twig_debug = false ; Show a small version of the changelog loaded from sakura.flash.moe show_changelog = false -; Enable twig debug mode -twig_debug = false - ; Host for the mahou serve command host = localhost:8000 @@ -151,6 +148,12 @@ name_reserve = 90 ; How long a user should be inactive till another person can use their name name_takeover = 365 +; Max length of a signature +signature_max = 500 + +; Max length of a userpage +page_max = 65535 + ; Premium settings [premium] max_months_at_once = 24 diff --git a/database/2013_01_27_221444_base_tables.php b/database/2013_01_27_221444_base_tables.php index a643b83..85b7710 100644 --- a/database/2013_01_27_221444_base_tables.php +++ b/database/2013_01_27_221444_base_tables.php @@ -3,9 +3,6 @@ use Illuminate\Database\Migrations\Migration; use Illuminate\Database\Schema\Blueprint; use Sakura\DB; -// this is based on what is in the live flashii table at the -// moment this migration was created to avoid merge conflicts. - class BaseTables extends Migration { /** @@ -451,11 +448,9 @@ class BaseTables extends Migration $table->integer('user_id') ->unsigned(); - $table->string('field_name', 255) - ->comment('Identifier of the field'); + $table->string('field_name', 255); - $table->string('field_value', 255) - ->comment('Value of the field'); + $table->string('field_value', 255); }); $schema->create('user_ranks', function (Blueprint $table) { diff --git a/database/2016_08_02_204141_move_options_and_profile_into_users.php b/database/2016_08_02_204141_move_options_and_profile_into_users.php new file mode 100644 index 0000000..183a60c --- /dev/null +++ b/database/2016_08_02_204141_move_options_and_profile_into_users.php @@ -0,0 +1,141 @@ +drop('optionfields'); + $schema->drop('profilefields'); + $schema->drop('user_optionfields'); + $schema->drop('user_profilefields'); + + $schema->table('users', function (Blueprint $table) { + $table->tinyInteger('user_background_sitewide') + ->default(0); + + $table->string('user_website', 255) + ->nullable() + ->default(null); + + $table->string('user_twitter', 255) + ->nullable() + ->default(null); + + $table->string('user_github', 255) + ->nullable() + ->default(null); + + $table->string('user_skype', 255) + ->nullable() + ->default(null); + + $table->string('user_discord', 255) + ->nullable() + ->default(null); + + $table->string('user_youtube', 255) + ->nullable() + ->default(null); + + $table->tinyInteger('user_youtube_type') + ->default(0); + + $table->string('user_steam', 255) + ->nullable() + ->default(null); + + $table->string('user_osu', 255) + ->nullable() + ->default(null); + + $table->string('user_lastfm', 255) + ->nullable() + ->default(null); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + $schema = DB::getSchemaBuilder(); + + $schema->table('users', function (Blueprint $table) { + $table->dropColumn([ + 'user_background_sitewide', + 'user_website', + 'user_twitter', + 'user_github', + 'user_skype', + 'user_discord', + 'user_youtube', + 'user_youtube_type', + 'user_steam', + 'user_osu', + 'user_lastfm', + ]); + }); + + $schema->create('optionfields', function (Blueprint $table) { + $table->string('option_id', 255) + ->unique(); + + $table->string('option_name', 255); + + $table->string('option_description', 255); + + $table->string('option_type', 255); + + $table->string('option_permission', 255); + }); + + $schema->create('profilefields', function (Blueprint $table) { + $table->increments('field_id') + ->unsigned(); + + $table->string('field_name', 255); + + $table->string('field_type', 255); + + $table->tinyInteger('field_link') + ->unsigned(); + + $table->string('field_linkformat', 255); + + $table->string('field_description', 255); + + $table->string('field_additional', 255); + }); + + $schema->create('user_optionfields', function (Blueprint $table) { + $table->integer('user_id') + ->unsigned(); + + $table->string('field_name', 255); + + $table->string('field_value', 255); + }); + + $schema->create('user_profilefields', function (Blueprint $table) { + $table->integer('user_id') + ->unsigned(); + + $table->string('field_name', 255); + + $table->string('field_value', 255); + }); + } +} diff --git a/resources/views/yuuno/master.twig b/resources/views/yuuno/master.twig index 78c44e4..b6b2a78 100644 --- a/resources/views/yuuno/master.twig +++ b/resources/views/yuuno/master.twig @@ -83,7 +83,7 @@
These are the external account links etc. on your profile, shouldn't need any additional explanation for this one.
+{% endblock %} + +{% set months = [ + "January", + "February", + "March", + "April", + "May", + "June", + "July", + "August", + "September", + "October", + "November", + "December", +] %} + +{% set fields = { + "website": { + "title": "Website", + "type": "url", + "placeholder": "The url of your site, personal blog, anything you want!", + "name": "profile_website", + "value": user.website, + }, + "twitter": { + "title": "Twitter", + "type": "text", + "placeholder": "The true shitpost platform.", + "name": "profile_twitter", + "value": user.twitter, + }, + "github": { + "title": "GitHub", + "type": "text", + "placeholder": "So we can find you on there too!", + "name": "profile_github", + "value": user.github, + }, + "skype": { + "title": "Skype", + "type": "text", + "placeholder": "Because people still use it for some reason...", + "name": "profile_skype", + "value": user.skype, + }, + "discord": { + "title": "Discord", + "type": "text", + "placeholder": "Somehow way better than Skype.", + "name": "profile_discord", + "value": user.discord, + }, + "youtube": { + "title": "YouTube", + "type": "text", + "placeholder": "Share your room tours with the world!", + "name": "profile_youtube", + "value": user.youtube, + }, + "steam": { + "title": "Steam", + "type": "text", + "placeholder": "Something something video games.", + "name": "profile_steam", + "value": user.steam, + }, + "osu": { + "title": "osu!", + "type": "text", + "placeholder": "Click circles like a mad motherfucker!", + "name": "profile_osu", + "value": user.osu, + }, + "lastfm": { + "title": "Last.fm", + "type": "text", + "placeholder": "Somehow WAYLT threads made for a good business model.", + "name": "profile_lastfm", + "value": user.lastfm, + }, +} %} + +{% set birthday = user.birthday|split('-') %} + +{% block settingsContent %} + +{% endblock %} diff --git a/resources/views/yuuno/settings/friends/listing.twig b/resources/views/yuuno/settings/friends/listing.twig index be6f324..81c40d4 100644 --- a/resources/views/yuuno/settings/friends/listing.twig +++ b/resources/views/yuuno/settings/friends/listing.twig @@ -1,4 +1,4 @@ -{% extends 'settings/general/master.twig' %} +{% extends 'settings/friends/master.twig' %} {% set friends = user.friends(1)|batch(12) %} diff --git a/resources/views/yuuno/settings/friends/requests.twig b/resources/views/yuuno/settings/friends/requests.twig index 519443d..24c114a 100644 --- a/resources/views/yuuno/settings/friends/requests.twig +++ b/resources/views/yuuno/settings/friends/requests.twig @@ -1,4 +1,4 @@ -{% extends 'settings/general/master.twig' %} +{% extends 'settings/friends/master.twig' %} {% set friends = user.friends(-1)|batch(12) %} diff --git a/resources/views/yuuno/settings/general/home.twig b/resources/views/yuuno/settings/general/home.twig deleted file mode 100644 index 40cbdee..0000000 --- a/resources/views/yuuno/settings/general/home.twig +++ /dev/null @@ -1,25 +0,0 @@ -{% extends 'settings/general/master.twig' %} - -{% set mode = 'Home' %} - -{% block description %} -Welcome to the Settings Panel! From here you can monitor, view and update your profile and preferences.
-{% endblock %} - -{% block settingsContent %} -These are a few personalisation options for the site while you're logged in.
-{% endblock %} - -{% block settingsContent %} - {% if fields %} - - {% else %} -These are the external account links etc. on your profile, shouldn't need any additional explanation for this one.
-{% endblock %} - -{% set months = { - 1: "January", - 2: "February", - 3: "March", - 4: "April", - 5: "May", - 6: "June", - 7: "July", - 8: "August", - 9: "September", - 10: "October", - 11: "November", - 12: "December", -} %} - -{% set birthday = user.birthday|split('-') %} - -{% block settingsContent %} - -{% endblock %} diff --git a/resources/views/yuuno/user/profile.twig b/resources/views/yuuno/user/profile.twig index 8b68597..5fda9a8 100644 --- a/resources/views/yuuno/user/profile.twig +++ b/resources/views/yuuno/user/profile.twig @@ -111,7 +111,7 @@ {% if user.isActive %}