flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

further updates to indenting

Browse source
This commit is contained in:
flash 2015-09-14 23:41:43 +02:00
parent 26572dbd71
commit 415a8d642e
20 changed files with 688 additions and 307 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
_sakura/components/Configuration.php
View file

@ -28,7 +28,11 @@ class Configuration
self::$local = $local; self::$local = $local;
} else { } else {
// Otherwise trigger an error // Otherwise trigger an error
trigger_error('Failed to load local configuration file, check the structure of the file to see if you made mistake somewhere', E_USER_ERROR); trigger_error(
'Failed to load local configuration file,' .
' check the structure of the file to see if you made mistake somewhere',
E_USER_ERROR
);
} }
} }
@ -73,7 +77,10 @@ class Configuration
} }
// If it doesn't exist trigger an error to avoid explosions // If it doesn't exist trigger an error to avoid explosions
trigger_error('Unable to get local configuration value "' . $key . '"', E_USER_ERROR); trigger_error(
'Unable to get local configuration value "' . $key . '"',
E_USER_ERROR
);
} }
@ -111,7 +118,10 @@ class Configuration
} }
// Then return the value // Then return the value
trigger_error('Unable to get configuration value "' . $key . '"', E_USER_ERROR); trigger_error(
'Unable to get configuration value "' . $key . '"',
E_USER_ERROR
);
} }
} }

27
_sakura/components/Forum.php
View file

@ -44,12 +44,14 @@ class Forum
$return[$forum['forum_category']]['forums'][$forum['forum_id']] = $forum; $return[$forum['forum_category']]['forums'][$forum['forum_id']] = $forum;
// Get the topic count // Get the topic count
$return[$forum['forum_category']]['forums'][$forum['forum_id']]['topic_count'] = Database::count('topics', [ $return[$forum['forum_category']]['forums'][$forum['forum_id']]['topic_count'] =
Database::count('topics', [
'forum_id' => [$forum['forum_id'], '='], 'forum_id' => [$forum['forum_id'], '='],
])[0]; ])[0];
// Get the post count // Get the post count
$return[$forum['forum_category']]['forums'][$forum['forum_id']]['post_count'] = Database::count('posts', [ $return[$forum['forum_category']]['forums'][$forum['forum_id']]['post_count'] =
Database::count('posts', [
'forum_id' => [$forum['forum_id'], '='], 'forum_id' => [$forum['forum_id'], '='],
])[0]; ])[0];
@ -264,7 +266,12 @@ class Forum
'is_online' => Users::checkUserOnline($_POSTER['id']), 'is_online' => Users::checkUserOnline($_POSTER['id']),
'is_friend' => Users::checkFriend($_POSTER['id']), 'is_friend' => Users::checkFriend($_POSTER['id']),
'parsed_post' => self::parseMarkUp($post['post_text'], $post['parse_mode'], $post['enable_emotes']), 'parsed_post' => self::parseMarkUp($post['post_text'], $post['parse_mode'], $post['enable_emotes']),
'signature' => empty($_POSTER['userData']['signature']) ? '' : self::parseMarkUp($_POSTER['userData']['signature']['text'], $_POSTER['userData']['signature']['mode']), 'signature' => empty($_POSTER['userData']['signature']) ?
'' :
self::parseMarkUp(
$_POSTER['userData']['signature']['text'],
$_POSTER['userData']['signature']['mode']
),
]); ]);
// Just in case // Just in case
@ -328,8 +335,18 @@ class Forum
// Collect the stats // Collect the stats
return [ return [
'posts' => Database::count('posts', ['poster_id' => [$uid, '=']])[0], 'posts' => Database::count(
'topics' => count(Database::fetch('posts', true, ['poster_id' => [$uid, '=']], ['post_time'], null, ['topic_id'])), 'posts',
['poster_id' => [$uid, '=']]
)[0],
'topics' => Database::count(
'posts',
true,
['poster_id' => [$uid, '=']],
['post_time'],
null,
['topic_id']
)[0],
]; ];
} }

55
_sakura/components/Hashing.php
View file

@ -34,43 +34,36 @@ namespace Sakura;
class Hashing class Hashing
{ {
// These variables can be changed without break the existing hashes // These variables can be changed without break the existing hashes
private static $_PBKDF2_HASH_ALGORITHM = 'sha256'; private static $hashAlgorithm = 'sha256';
private static $_PBKDF2_ITERATIONS = 1000; private static $iterations = 1000;
private static $_PBKDF2_SALT_BYTES = 24; private static $saltBytes = 24;
private static $_PBKDF2_HASH_BYTES = 24; private static $hashBytes = 24;
// Changing these will break them though
private static $_HASH_ALGORITHM_INDEX = 0;
private static $_HASH_ITERATION_INDEX = 1;
private static $_HASH_SALT_INDEX = 2;
private static $_HASH_PBKDF2_INDEX = 3;
private static $_HASH_SECTIONS = 4;
// Returns an array formatted like: [algorithm, iterations, salt, hash] // Returns an array formatted like: [algorithm, iterations, salt, hash]
public static function create_hash($pass) public static function createHash($pass)
{ {
$salt = base64_encode( $salt = base64_encode(
\mcrypt_create_iv( \mcrypt_create_iv(
self::$_PBKDF2_SALT_BYTES, self::$saltBytes,
MCRYPT_DEV_URANDOM MCRYPT_DEV_URANDOM
) )
); );
$hash = base64_encode( $hash = base64_encode(
self::pbkdf2( self::pbkdf2(
self::$_PBKDF2_HASH_ALGORITHM, self::$hashAlgorithm,
$pass, $pass,
$salt, $salt,
self::$_PBKDF2_ITERATIONS, self::$iterations,
self::$_PBKDF2_HASH_BYTES, self::$hashBytes,
true true
) )
); );
$passwordData = array( $passwordData = array(
self::$_PBKDF2_HASH_ALGORITHM, self::$hashAlgorithm,
self::$_PBKDF2_ITERATIONS, self::$iterations,
$salt, $salt,
$hash, $hash,
); );
@ -80,22 +73,22 @@ class Hashing
} }
// Validates hashed password // Validates hashed password
public static function validate_password($password, $params) public static function validatePassword($password, $params)
{ {
if (count($params) < self::$_HASH_SECTIONS) { if (count($params) < 4) {
return false; return false;
} }
$pbkdf2 = base64_decode($params[self::$_HASH_PBKDF2_INDEX]); $pbkdf2 = base64_decode($params[3]);
$validate = self::slow_equals( $validate = self::slowEquals(
$pbkdf2, $pbkdf2,
$dick = self::pbkdf2( $dick = self::pbkdf2(
$params[self::$_HASH_ALGORITHM_INDEX], $params[0],
$password, $password,
$params[self::$_HASH_SALT_INDEX], $params[2],
(int) $params[self::$_HASH_ITERATION_INDEX], (int) $params[1],
strlen($pbkdf2), strlen($pbkdf2),
true true
) )
@ -106,7 +99,7 @@ class Hashing
} }
// Compares two strings $a and $b in length-constant time. // Compares two strings $a and $b in length-constant time.
public static function slow_equals($a, $b) public static function slowEquals($a, $b)
{ {
$diff = strlen($a) ^ strlen($b); $diff = strlen($a) ^ strlen($b);
@ -141,11 +134,17 @@ class Hashing
$algorithm = strtolower($algorithm); $algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) { if (!in_array($algorithm, hash_algos(), true)) {
trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR); trigger_error(
'PBKDF2 ERROR: Invalid hash algorithm.',
E_USER_ERROR
);
} }
if ($count <= 0 || $key_length <= 0) { if ($count <= 0 || $key_length <= 0) {
trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR); trigger_error(
'PBKDF2 ERROR: Invalid parameters.',
E_USER_ERROR
);
} }
if (function_exists('hash_pbkdf2')) { if (function_exists('hash_pbkdf2')) {

71
_sakura/components/Main.php
View file

@ -86,7 +86,11 @@ class Main
// Do the replacements // Do the replacements
foreach ($emotes as $emote) { foreach ($emotes as $emote) {
$text = str_replace($emote['emote_string'], '<img src="' . $emote['emote_path'] . '" class="emoticon" alt="' . $emote['emote_string'] . '" />', $text); $text = str_replace(
$emote['emote_string'],
'<img src="' . $emote['emote_path'] . '" class="emoticon" alt="' . $emote['emote_string'] . '" />',
$text
);
} }
// Return the parsed text // Return the parsed text
@ -99,7 +103,12 @@ class Main
{ {
// Attempt to get the response // Attempt to get the response
$resp = @file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . Configuration::getConfig('recaptcha_private') . '&response=' . $response); $resp = @file_get_contents(
'https://www.google.com/recaptcha/api/siteverify?secret='
. Configuration::getConfig('recaptcha_private')
. '&response='
. $response
);
// In the highly unlikely case that it failed to get anything forge a false // In the highly unlikely case that it failed to get anything forge a false
if (!$resp) { if (!$resp) {
@ -128,7 +137,12 @@ class Main
$backtrace = base64_encode(json_encode(debug_backtrace())); $backtrace = base64_encode(json_encode(debug_backtrace()));
// Check if this error has already been logged in the past // Check if this error has already been logged in the past
if ($past = Database::fetch('error_log', false, ['backtrace' => [$backtrace, '=', true], 'error_string' => [$errstr, '=']])) { if ($past = Database::fetch(
'error_log',
false,
['backtrace' => [$backtrace, '=', true],
'error_string' => [$errstr, '=']]
)) {
// If so assign the errid // If so assign the errid
$errid = $past['id']; $errid = $past['id'];
} else { } else {
@ -169,7 +183,8 @@ class Main
break; break;
default: default:
$error = '<b>Unknown error type</b> [' . $errno . ']: ' . $errstr . ' on line ' . $errline . ' in ' . $errfile; $error = '<b>Unknown error type</b> [' . $errno . ']: ' . $errstr . ' on line ' . $errline
. ' in ' . $errfile;
} }
// Truncate all previous outputs // Truncate all previous outputs
@ -183,13 +198,18 @@ class Main
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>Sakura Internal Error</title> <title>Sakura Internal Error</title>
<style type="text/css"> <style type="text/css">
body { margin: 0; padding: 0; background: #EEE; color: #000; font: 12px/20px Verdana, Arial, Helvetica, sans-serif; } body { margin: 0; padding: 0; background: #EEE; color: #000;
h1, h2 { font-weight: 100; background: #CAA; padding: 8px 5px 10px; margin: 0; font-style: italic; font-family: serif; } font: 12px/20px Verdana, Arial, Helvetica, sans-serif; }
h1, h2 { font-weight: 100; background: #CAA; padding: 8px 5px 10px;
margin: 0; font-style: italic; font-family: serif; }
h1 { border-radius: 8px 8px 0 0; } h1 { border-radius: 8px 8px 0 0; }
h2 { margin: 0 -10px; } h2 { margin: 0 -10px; }
.container { border: 1px solid #CAA; margin: 10px auto; background: #FFF; box-shadow: 2px 2px 1em #888; max-width: 1024px; border-radius: 10px; } .container { border: 1px solid #CAA; margin: 10px auto; background: #FFF;
box-shadow: 2px 2px 1em #888; max-width: 1024px; border-radius: 10px; }
.container .inner { padding: 0px 10px; } .container .inner { padding: 0px 10px; }
.container .inner .error { background: #555; color: #EEE; border-left: 5px solid #C22; padding: 4px 6px; text-shadow: 0px 1px 1px #888; white-space: pre-wrap; word-wrap: break-word; margin: 12px 0; border-radius: 5px; box-shadow: inset 0 0 1em #333; } .container .inner .error { background: #555; color: #EEE; border-left: 5px solid #C22;
padding: 4px 6px; text-shadow: 0px 1px 1px #888; white-space: pre-wrap;
word-wrap: break-word; margin: 12px 0; border-radius: 5px; box-shadow: inset 0 0 1em #333; }
.container .footer { border-top: 1px solid #CAA; font-size: x-small; padding: 0px 5px 1px; } .container .footer { border-top: 1px solid #CAA; font-size: x-small; padding: 0px 5px 1px; }
a { color: #77E; text-decoration: none; } a { color: #77E; text-decoration: none; }
a:hover { text-decoration: underline; } a:hover { text-decoration: underline; }
@ -204,9 +224,13 @@ class Main
if (isset($errid)) { if (isset($errid)) {
$errorPage .= '<p>The error and surrounding data has been logged.</p> $errorPage .= '<p>The error and surrounding data has been logged.</p>
<h2>' . (SAKURA_STABLE ? 'Report the following text to a staff member' : 'Logged as') . '</h2><pre class="error">' . $errid . '</pre>'; <h2>' . (SAKURA_STABLE ? 'Report the following text to a staff member' : 'Logged as') . '</h2>
<pre class="error">' . $errid . '</pre>';
} else { } else {
$errorPage .= '<p>Sakura was not able to log this error which could mean that there was an error with the database connection. If you\'re the system administrator check the database credentials and make sure the server is running and if you\'re not please let the system administrator know about this error if it occurs again.</p>'; $errorPage .= '<p>Sakura was not able to log this error which could mean that there was an error
with the database connection. If you\'re the system administrator check the database credentials
and make sure the server is running and if you\'re not please let the system administrator
know about this error if it occurs again.</p>';
} }
if (!SAKURA_STABLE) { if (!SAKURA_STABLE) {
@ -218,7 +242,15 @@ class Main
$errorPage .= '<h3>#' . $num . '</h3><pre class="error">'; $errorPage .= '<h3>#' . $num . '</h3><pre class="error">';
foreach ($trace as $key => $val) { foreach ($trace as $key => $val) {
$errorPage .= str_pad('[' . $key . ']', 12) . '=> ' . (is_array($val) || is_object($val) ? json_encode($val) : $val) . "\r\n"; $errorPage .=
str_pad(
'[' . $key . ']',
12
) . '=> ' . (
is_array($val) || is_object($val) ?
json_encode($val) :
$val
) . "\r\n";
} }
$errorPage .= '</pre>'; $errorPage .= '</pre>';
@ -306,9 +338,7 @@ class Main
// If we got an error return the error // If we got an error return the error
if (!$send) { if (!$send) {
return $mail->ErrorInfo; return $mail->ErrorInfo;
} }
// Else just return whatever // Else just return whatever
@ -463,7 +493,9 @@ class Main
{ {
// Get CloudFlare Subnet list // Get CloudFlare Subnet list
$cfhosts = file_get_contents(ROOT . '_sakura/' . Configuration::getLocalConfig('data', 'cfipv' . (self::ipVersion($ip)))); $cfhosts = file_get_contents(
ROOT . '_sakura/' . Configuration::getLocalConfig('data', 'cfipv' . (self::ipVersion($ip)))
);
// Replace \r\n with \n // Replace \r\n with \n
$cfhosts = str_replace("\r\n", "\n", $cfhosts); $cfhosts = str_replace("\r\n", "\n", $cfhosts);
@ -600,7 +632,14 @@ class Main
{ {
// Parse JSON file // Parse JSON file
$iso3166 = json_decode(utf8_encode(file_get_contents(ROOT . '_sakura/' . Configuration::getLocalConfig('data', 'iso3166'))), true); $iso3166 = json_decode(
utf8_encode(
file_get_contents(
ROOT . '_sakura/' . Configuration::getLocalConfig('data', 'iso3166')
)
),
true
);
// Check if key exists // Check if key exists
if (array_key_exists($code, $iso3166)) { if (array_key_exists($code, $iso3166)) {
@ -830,9 +869,7 @@ class Main
// Add userdata to table // Add userdata to table
if (!array_key_exists($row['uid'], $data['users'])) { if (!array_key_exists($row['uid'], $data['users'])) {
$data['users'][$row['uid']] = new User($row['uid']); $data['users'][$row['uid']] = new User($row['uid']);
} }
} }

2
_sakura/components/Payments.php
View file

@ -82,7 +82,7 @@ class Payments
// Create transaction // Create transaction
$trans = new Transaction(); $trans = new Transaction();
// Set transaction data (aka shit we already set but whatever who cares we need to set it again 500 times over again anyway, YAY TECHNOLOGY!) // Set transaction data
$trans->setAmount($amount) $trans->setAmount($amount)
->setItemList($list) ->setItemList($list)
->setDescription($transDescription) ->setDescription($transDescription)

14
_sakura/components/Sessions.php
View file

@ -20,9 +20,17 @@ class Session
session_start(); session_start();
} }
// Assign user and session IDs // Assign user ID
self::$userId = isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'id']) ? $_COOKIE[Configuration::getConfig('cookie_prefix') . 'id'] : 0; self::$userId =
self::$sessionId = isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'session']) ? $_COOKIE[Configuration::getConfig('cookie_prefix') . 'session'] : ''; isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'id']) ?
$_COOKIE[Configuration::getConfig('cookie_prefix') . 'id'] :
0;
// Assign session ID
self::$sessionId =
isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'session']) ?
$_COOKIE[Configuration::getConfig('cookie_prefix') . 'session'] :
'';
} }

255
_sakura/components/Urls.php
View file

@ -11,71 +11,224 @@ class Urls
protected $urls = [ protected $urls = [
// General site sections // General site sections
'SITE_HOME' => ['/', '/'], 'SITE_HOME' => [
'SITE_NEWS' => ['/news.php', '/news'], '/',
'SITE_NEWS_PAGE' => ['/news.php?page=%u', '/news/p%u'], '/',
'SITE_NEWS_POST' => ['/news.php?id=%u', '/news/%u'], ],
'SITE_NEWS_RSS' => ['/news.php?xml=true', '/news.xml'], 'SITE_NEWS' => [
'SITE_SEARCH' => ['/search.php', '/search'], '/news.php',
'SITE_PREMIUM' => ['/support.php', '/support'], '/news',
'SITE_DONATE_TRACK' => ['/support.php?tracker=true', '/support/tracker'], ],
'SITE_DONATE_TRACK_PAGE' => ['/support.php?tracker=true&page=%u', '/support/tracker/%u'], 'SITE_NEWS_PAGE' => [
'SITE_FAQ' => ['/faq.php', '/faq'], '/news.php?page=%u',
'SITE_LOGIN' => ['/authenticate.php', '/login'], '/news/p%u',
'SITE_LOGOUT' => ['/authenticate.php', '/logout'], ],
'SITE_REGISTER' => ['/authenticate.php', '/register'], 'SITE_NEWS_POST' => [
'SITE_FORGOT_PASSWORD' => ['/authenticate.php', '/forgotpassword'], '/news.php?id=%u',
'SITE_ACTIVATE' => ['/authenticate.php', '/activate'], '/news/%u',
'CHANGELOG' => ['/changelog.php', '/changelog'], ],
'INFO_PAGE' => ['/index.php?p=%s', '/p/%s'], 'SITE_NEWS_RSS' => [
'AUTH_ACTION' => ['/authenticate.php', '/authenticate'], '/news.php?xml=true',
'/news.xml',
],
'SITE_SEARCH' => [
'/search.php',
'/search',
],
'SITE_PREMIUM' => [
'/support.php',
'/support',
],
'SITE_DONATE_TRACK' => [
'/support.php?tracker=true',
'/support/tracker',
],
'SITE_DONATE_TRACK_PAGE' => [
'/support.php?tracker=true&page=%u',
'/support/tracker/%u',
],
'SITE_FAQ' => [
'/faq.php',
'/faq',
],
'SITE_LOGIN' => [
'/authenticate.php',
'/login',
],
'SITE_LOGOUT' => [
'/authenticate.php',
'/logout',
],
'SITE_REGISTER' => [
'/authenticate.php',
'/register',
],
'SITE_FORGOT_PASSWORD' => [
'/authenticate.php',
'/forgotpassword',
],
'SITE_ACTIVATE' => [
'/authenticate.php',
'/activate',
],
'CHANGELOG' => [
'/changelog.php',
'/changelog',
],
'INFO_PAGE' => [
'/index.php?p=%s',
'/p/%s',
],
'AUTH_ACTION' => [
'/authenticate.php',
'/authenticate',
],
// Memberlist // Memberlist
'MEMBERLIST_INDEX' => ['/members.php', '/members'], 'MEMBERLIST_INDEX' => [
'MEMBERLIST_SORT' => ['/members.php?sort=%s', '/members/%s'], '/members.php',
'MEMBERLIST_RANK' => ['/members.php?rank=%u', '/members/%u'], '/members',
'MEMBERLIST_PAGE' => ['/members.php?page=%u', '/members/p%u'], ],
'MEMBERLIST_SORT_RANK' => ['/members.php?sort=%s&rank=%u', '/members/%s/%u'], 'MEMBERLIST_SORT' => [
'MEMBERLIST_RANK_PAGE' => ['/members.php?rank=%u&page=%u', '/members/%u/p%u'], '/members.php?sort=%s',
'MEMBERLIST_SORT_PAGE' => ['/members.php?sort=%s&page=%u', '/members/%s/p%u'], '/members/%s',
'MEMBERLIST_ALL' => ['/members.php?sort=%s&rank=%u&page=%u', '/members/%s/%u/p%u'], ],
'MEMBERLIST_RANK' => [
'/members.php?rank=%u',
'/members/%u',
],
'MEMBERLIST_PAGE' => [
'/members.php?page=%u',
'/members/p%u',
],
'MEMBERLIST_SORT_RANK' => [
'/members.php?sort=%s&rank=%u',
'/members/%s/%u',
],
'MEMBERLIST_RANK_PAGE' => [
'/members.php?rank=%u&page=%u',
'/members/%u/p%u',
],
'MEMBERLIST_SORT_PAGE' => [
'/members.php?sort=%s&page=%u',
'/members/%s/p%u',
],
'MEMBERLIST_ALL' => [
'/members.php?sort=%s&rank=%u&page=%u',
'/members/%s/%u/p%u',
],
// Forums // Forums
'FORUM_INDEX' => ['/index.php?forum=true', '/forum'], 'FORUM_INDEX' => [
'FORUM_SUB' => ['/viewforum.php?f=%u', '/forum/%u'], '/index.php?forum=true',
'FORUM_THREAD' => ['/viewtopic.php?t=%u', '/forum/thread/%u'], '/forum',
'FORUM_POST' => ['/viewtopic.php?p=%u', '/forum/post/%u'], ],
'FORUM_REPLY' => ['/posting.php?t=%u', '/forum/thread/%u/reply'], 'FORUM_SUB' => [
'FORUM_NEW_THREAD' => ['/posting.php?f=%u', '/forum/%u/new'], '/viewforum.php?f=%u',
'FORUM_EDIT_POST' => ['/posting.php?p=%1$u&edit=%1$u', '/forum/post/%u/edit'], '/forum/%u',
'FORUM_DELETE_POST' => ['/posting.php?p=%1$u&delete=%1$u', '/forum/post/%u/delete'], ],
'FORUM_QUOTE_POST' => ['/posting.php?p=%1$u&quote=%1$u', '/forum/post/%u/quote'], 'FORUM_THREAD' => [
'/viewtopic.php?t=%u',
'/forum/thread/%u',
],
'FORUM_POST' => [
'/viewtopic.php?p=%u',
'/forum/post/%u',
],
'FORUM_REPLY' => [
'/posting.php?t=%u',
'/forum/thread/%u/reply',
],
'FORUM_NEW_THREAD' => [
'/posting.php?f=%u',
'/forum/%u/new',
],
'FORUM_EDIT_POST' => [
'/posting.php?p=%1$u&edit=%1$u',
'/forum/post/%u/edit',
],
'FORUM_DELETE_POST' => [
'/posting.php?p=%1$u&delete=%1$u',
'/forum/post/%u/delete',
],
'FORUM_QUOTE_POST' => [
'/posting.php?p=%1$u&quote=%1$u',
'/forum/post/%u/quote',
],
// Image serve references // Image serve references
'IMAGE_AVATAR' => ['/imageserve.php?m=avatar&u=%u', '/a/%u'], 'IMAGE_AVATAR' => [
'IMAGE_BACKGROUND' => ['/imageserve.php?m=background&u=%u', '/bg/%u'], '/imageserve.php?m=avatar&u=%u',
'IMAGE_HEADER' => ['/imageserve.php?m=header&u=%u', '/u/%u/header'], '/a/%u',
],
'IMAGE_BACKGROUND' => [
'/imageserve.php?m=background&u=%u',
'/bg/%u',
],
'IMAGE_HEADER' => [
'/imageserve.php?m=header&u=%u',
'/u/%u/header',
],
// User actions // User actions
'USER_LOGOUT' => ['/authenticate.php?mode=logout&time=%u&session=%s&redirect=%s', '/logout?mode=logout&time=%u&session=%s&redirect=%s'], 'USER_LOGOUT' => [
'USER_REPORT' => ['/report.php?mode=user&u=%u', '/u/%u/report'], '/authenticate.php?mode=logout&time=%u&session=%s&redirect=%s',
'USER_PROFILE' => ['/profile.php?u=%s', '/u/%s'], '/logout?mode=logout&time=%u&session=%s&redirect=%s',
'USER_GROUP' => ['/group.php?g=%u', '/g/%u'], ],
'USER_REPORT' => [
'/report.php?mode=user&u=%u',
'/u/%u/report',
],
'USER_PROFILE' => [
'/profile.php?u=%s',
'/u/%s',
],
'USER_GROUP' => [
'/group.php?g=%u',
'/g/%u',
],
// Settings urls // Settings urls
'SETTINGS_INDEX' => ['/settings.php', '/settings'], 'SETTINGS_INDEX' => [
'SETTING_CAT' => ['/settings.php?cat=%s', '/settings/%s'], '/settings.php',
'SETTING_MODE' => ['/settings.php?cat=%s&mode=%s', '/settings/%s/%s'], '/settings',
],
'SETTING_CAT' => [
'/settings.php?cat=%s',
'/settings/%s',
],
'SETTING_MODE' => [
'/settings.php?cat=%s&mode=%s',
'/settings/%s/%s',
],
// Friend Actions // Friend Actions
'FRIEND_ACTION' => ['/settings.php?friend-action=true', '/friends'], 'FRIEND_ACTION' => [
'FRIEND_ADD' => ['/settings.php?friend-action=true&add=%u&session=%s&time=%u&redirect=%s', '/friends?add=%u&session=%s&time=%u&redirect=%s'], '/settings.php?friend-action=true',
'FRIEND_REMOVE' => ['/settings.php?friend-action=true&remove=%u&session=%s&time=%u&redirect=%s', '/friends?remove=%u&session=%s&time=%u&redirect=%s'], '/friends',
],
'FRIEND_ADD' => [
'/settings.php?friend-action=true&add=%u&session=%s&time=%u&redirect=%s',
'/friends?add=%u&session=%s&time=%u&redirect=%s',
],
'FRIEND_REMOVE' => [
'/settings.php?friend-action=true&remove=%u&session=%s&time=%u&redirect=%s',
'/friends?remove=%u&session=%s&time=%u&redirect=%s',
],
// Manage urls // Manage urls
'MANAGE_INDEX' => ['/manage.php', '/manage'], 'MANAGE_INDEX' => [
'MANAGE_CAT' => ['/manage.php?cat=%s', '/manage/%s'], '/manage.php',
'MANAGE_MODE' => ['/manage.php?cat=%s&mode=%s', '/manage/%s/%s'], '/manage',
],
'MANAGE_CAT' => [
'/manage.php?cat=%s',
'/manage/%s',
],
'MANAGE_MODE' => [
'/manage.php?cat=%s&mode=%s',
'/manage/%s/%s',
],
]; ];

29
_sakura/components/User.php
View file

@ -17,11 +17,24 @@ class User
{ {
// Get the user database row // Get the user database row
$this->data = Database::fetch('users', false, ['id' => [$uid, '=', true], 'username_clean' => [Main::cleanString($uid, true), '=', true]]); $this->data = Database::fetch(
'users',
false,
[
'id' => [$uid, '=', true],
'username_clean' => [Main::cleanString($uid, true), '=', true],
]
);
// Check if anything like the username exists // Check if anything like the username exists
if (empty($this->data)) { if (empty($this->data)) {
$this->data = Database::fetch('users', false, ['username_clean' => ['%' . Main::cleanString($uid, true) . '%', 'LIKE']]); $this->data = Database::fetch(
'users',
false,
[
'username_clean' => ['%' . Main::cleanString($uid, true) . '%', 'LIKE'],
]
);
} }
// Check if the user actually exists // Check if the user actually exists
@ -49,7 +62,11 @@ class User
} }
// Assign the user's main rank to a special variable since we'll use it a lot // Assign the user's main rank to a special variable since we'll use it a lot
$this->mainRank = $this->ranks[array_key_exists($this->data['rank_main'], $this->ranks) ? $this->data['rank_main'] : array_keys($this->ranks)[0]]; $this->mainRank = $this->ranks[
array_key_exists($this->data['rank_main'], $this->ranks) ?
$this->data['rank_main'] :
array_keys($this->ranks)[0]
];
} }
@ -204,7 +221,11 @@ class User
// If the field is set to be a link add a value for that as well // If the field is set to be a link add a value for that as well
if ($field['islink']) { if ($field['islink']) {
$profile[$fieldName]['link'] = str_replace('{{ VAL }}', $this->data['userData']['profileFields'][$fieldName], $field['linkformat']); $profile[$fieldName]['link'] = str_replace(
'{{ VAL }}',
$this->data['userData']['profileFields'][$fieldName],
$field['linkformat']
);
} }
// Check if we have additional options as well // Check if we have additional options as well

211
_sakura/components/Users.php
View file

@ -61,7 +61,8 @@ class Users
// Check if cookie bypass is false // Check if cookie bypass is false
if (!$bypassCookies) { if (!$bypassCookies) {
// Check if the cookies are set // Check if the cookies are set
if (!isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'id']) || !isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'session'])) { if (!isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'id']) ||
!isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'session'])) {
return false; return false;
} }
} }
@ -78,8 +79,23 @@ class Users
// Extend the cookie times if the remember flag is set // Extend the cookie times if the remember flag is set
if ($session == 2 && !$bypassCookies) { if ($session == 2 && !$bypassCookies) {
setcookie(Configuration::getConfig('cookie_prefix') . 'id', $uid, time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); // User ID cookie
setcookie(Configuration::getConfig('cookie_prefix') . 'session', $sid, time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); setcookie(
Configuration::getConfig('cookie_prefix') . 'id',
$uid,
time() + 604800,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
// Session ID cookie
setcookie(
Configuration::getConfig('cookie_prefix') . 'session',
$sid,
time() + 604800,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
} }
// Update last online // Update last online
@ -125,7 +141,7 @@ class Users
// Default hashing method // Default hashing method
default: default:
if (!Hashing::validate_password($password, [ if (!Hashing::validatePassword($password, [
$user['password_algo'], $user['password_algo'],
$user['password_iter'], $user['password_iter'],
$user['password_salt'], $user['password_salt'],
@ -146,8 +162,23 @@ class Users
// Set cookies // Set cookies
if ($cookies) { if ($cookies) {
setcookie(Configuration::getConfig('cookie_prefix') . 'id', $user['id'], time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); // User ID cookie
setcookie(Configuration::getConfig('cookie_prefix') . 'session', $sessionKey, time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); setcookie(
Configuration::getConfig('cookie_prefix') . 'id',
$user['id'],
time() + 604800,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
// Session ID cookie
setcookie(
Configuration::getConfig('cookie_prefix') . 'session',
$sessionKey,
time() + 604800,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
} }
// Successful login! (also has a thing for the legacy password system) // Successful login! (also has a thing for the legacy password system)
@ -170,8 +201,23 @@ class Users
} }
// Set cookies // Set cookies
setcookie(Configuration::getConfig('cookie_prefix') . 'id', 0, time() - 60, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); // User ID
setcookie(Configuration::getConfig('cookie_prefix') . 'session', '', time() - 60, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain')); setcookie(
Configuration::getConfig('cookie_prefix') . 'id',
0,
time() - 60,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
// Session ID
setcookie(
Configuration::getConfig('cookie_prefix') . 'session',
'',
time() - 60,
Configuration::getConfig('cookie_path'),
Configuration::getConfig('cookie_domain')
);
// Return true indicating a successful logout // Return true indicating a successful logout
return true; return true;
@ -250,7 +296,7 @@ class Users
// Set a few variables // Set a few variables
$usernameClean = Main::cleanString($username, true); $usernameClean = Main::cleanString($username, true);
$emailClean = Main::cleanString($email, true); $emailClean = Main::cleanString($email, true);
$password = Hashing::create_hash($password); $password = Hashing::createHash($password);
$requireActive = Configuration::getConfig('require_activation'); $requireActive = Configuration::getConfig('require_activation');
$userRank = $requireActive ? [1] : [2]; $userRank = $requireActive ? [1] : [2];
$userRankJson = json_encode($userRank); $userRankJson = json_encode($userRank);
@ -381,7 +427,7 @@ class Users
} }
// Hash the password // Hash the password
$password = Hashing::create_hash($newpass); $password = Hashing::createHash($newpass);
$time = time(); $time = time();
// Update the user // Update the user
@ -478,7 +524,13 @@ class Users
$message .= "--\r\n\r\nThanks\r\n\r\n" . Configuration::getConfig('mail_signature'); $message .= "--\r\n\r\nThanks\r\n\r\n" . Configuration::getConfig('mail_signature');
// Send the message // Send the message
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') . ' Activation Mail', $message); Main::sendMail(
[
$user['email'] => $user['username'],
],
Configuration::getConfig('sitename') . ' Activation Mail',
$message
);
// Return true indicating that the things have been sent // Return true indicating that the things have been sent
return true; return true;
@ -506,7 +558,8 @@ class Users
$rank = 2; $rank = 2;
$ranks = json_encode([2]); $ranks = json_encode([2]);
// Check if a key is set (there's an option to not set one for user management reasons but you can't really get around this anyway) /* Check if a key is set (there's an option to not set one for user
management reasons but you can't really get around this anyway) */
if ($requireKey) { if ($requireKey) {
// Check the action code // Check the action code
$action = Main::useActionCode('ACTIVATE', $key, $uid); $action = Main::useActionCode('ACTIVATE', $key, $uid);
@ -547,16 +600,12 @@ class Users
// Check if user exists // Check if user exists
if (!count($user) > 1) { if (!count($user) > 1) {
return [0, 'USER_NOT_EXIST']; return [0, 'USER_NOT_EXIST'];
} }
// Check if user is already deactivated // Check if user is already deactivated
if (Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1)) { if (Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1)) {
return [0, 'USER_ALREADY_DEACTIVE']; return [0, 'USER_ALREADY_DEACTIVE'];
} }
// Deactivate the account // Deactivate the account
@ -593,9 +642,7 @@ class Users
// Check if the code exists // Check if the code exists
if (!$id = self::checkRegistrationCode($code)) { if (!$id = self::checkRegistrationCode($code)) {
return false; return false;
} }
// Mark it as used // Mark it as used
@ -620,16 +667,16 @@ class Users
// Check if we're logged in // Check if we're logged in
if (!self::checkLogin()) { if (!self::checkLogin()) {
return false; return false;
} }
// Check if the user is not exceeding the maximum registration key amount // Check if the user is not exceeding the maximum registration key amount
if (count(Database::fetch('regcodes', true, ['uid' => [Session::$userId, '=']])) >= Configuration::getConfig('max_reg_keys')) { if (Database::count(
'regcodes',
true,
['uid' => [Session::$userId, '=']]
)[0] >= Configuration::getConfig('max_reg_keys')) {
return false; return false;
} }
// Generate a code by MD5'ing some random bullshit // Generate a code by MD5'ing some random bullshit
@ -660,9 +707,7 @@ class Users
// Check if the rank we're trying to set is actually there // Check if the rank we're trying to set is actually there
if (!in_array($rid, $ranks)) { if (!in_array($rid, $ranks)) {
return false; return false;
} }
// Update the row // Update the row
@ -692,12 +737,10 @@ class Users
// Go over all the new ranks // Go over all the new ranks
foreach ($ranks as $rank) { foreach ($ranks as $rank) {
// Check if the user already has this rank and set it if not // Check if the user already has this rank and set it if not
if (!in_array($rank, $current)) { if (!in_array($rank, $current)) {
$current[] = (int) $rank; $current[] = (int) $rank;
} }
} }
// Encode the array // Encode the array
@ -730,12 +773,10 @@ class Users
// Check the current ranks for ranks in the set array // Check the current ranks for ranks in the set array
foreach ($current as $key => $rank) { foreach ($current as $key => $rank) {
// Unset the rank // Unset the rank
if (in_array($rank, $ranks)) { if (in_array($rank, $ranks)) {
unset($current[$key]); unset($current[$key]);
} }
} }
// Encode the array // Encode the array
@ -765,9 +806,7 @@ class Users
// Check if the main rank is the specified rank // Check if the main rank is the specified rank
if (in_array($user['rank_main'], $ranks)) { if (in_array($user['rank_main'], $ranks)) {
return true; return true;
} }
// Decode the json for the user's ranks // Decode the json for the user's ranks
@ -775,12 +814,10 @@ class Users
// If not go over all ranks and check if the user has them // If not go over all ranks and check if the user has them
foreach ($ranks as $rank) { foreach ($ranks as $rank) {
// We check if $rank is in $user['ranks'] and if yes return true // We check if $rank is in $user['ranks'] and if yes return true
if (in_array($rank, $uRanks)) { if (in_array($rank, $uRanks)) {
return true; return true;
} }
} }
// If all fails return false // If all fails return false
@ -812,9 +849,7 @@ class Users
// If there's nothing just return null // If there's nothing just return null
if (!count($profileFields)) { if (!count($profileFields)) {
return null; return null;
} }
// Create output array // Create output array
@ -822,11 +857,9 @@ class Users
// Iterate over the fields and clean them up // Iterate over the fields and clean them up
foreach ($profileFields as $field) { foreach ($profileFields as $field) {
$fields[$field['id']] = $field; $fields[$field['id']] = $field;
$fields[$field['id']]['ident'] = Main::cleanString($field['name'], true, true); $fields[$field['id']]['ident'] = Main::cleanString($field['name'], true, true);
$fields[$field['id']]['addit'] = json_decode($field['additional'], true); $fields[$field['id']]['addit'] = json_decode($field['additional'], true);
} }
// Return the yeahs // Return the yeahs
@ -843,9 +876,7 @@ class Users
// If there's nothing just return null // If there's nothing just return null
if (!count($optionFields)) { if (!count($optionFields)) {
return null; return null;
} }
// Create output array // Create output array
@ -853,15 +884,11 @@ class Users
// Iterate over the fields and clean them up // Iterate over the fields and clean them up
foreach ($optionFields as $field) { foreach ($optionFields as $field) {
if (!Permissions::check('SITE', $field['require_perm'], Session::$userId, 1)) { if (!Permissions::check('SITE', $field['require_perm'], Session::$userId, 1)) {
continue; continue;
} }
$fields[$field['id']] = $field; $fields[$field['id']] = $field;
} }
// Return the yeahs // Return the yeahs
@ -878,9 +905,7 @@ class Users
// If there's nothing just return null // If there's nothing just return null
if (!count($profileFields)) { if (!count($profileFields)) {
return null; return null;
} }
// Assign the profileData variable // Assign the profileData variable
@ -888,9 +913,7 @@ class Users
// Once again if nothing was returned just return null // Once again if nothing was returned just return null
if (count($profileData) < 1 || $profileData == null || empty($profileData['profileFields'])) { if (count($profileData) < 1 || $profileData == null || empty($profileData['profileFields'])) {
return null; return null;
} }
// Redeclare profileData // Redeclare profileData
@ -901,15 +924,12 @@ class Users
// Check if profile fields aren't fake // Check if profile fields aren't fake
foreach ($profileFields as $field) { foreach ($profileFields as $field) {
// Completely strip all special characters from the field name // Completely strip all special characters from the field name
$fieldName = Main::cleanString($field['name'], true, true); $fieldName = Main::cleanString($field['name'], true, true);
// Check if the user has the current field set otherwise continue // Check if the user has the current field set otherwise continue
if (!array_key_exists($fieldName, $profileData)) { if (!array_key_exists($fieldName, $profileData)) {
continue; continue;
} }
// Assign field to output with value // Assign field to output with value
@ -920,34 +940,25 @@ class Users
// If the field is set to be a link add a value for that as well // If the field is set to be a link add a value for that as well
if ($field['islink']) { if ($field['islink']) {
$profile[$fieldName]['link'] = str_replace('{{ VAL }}', $profileData[$fieldName], $field['linkformat']); $profile[$fieldName]['link'] = str_replace('{{ VAL }}', $profileData[$fieldName], $field['linkformat']);
} }
// Check if we have additional options as well // Check if we have additional options as well
if ($field['additional'] != null) { if ($field['additional'] != null) {
// Decode the json of the additional stuff // Decode the json of the additional stuff
$additional = json_decode($field['additional'], true); $additional = json_decode($field['additional'], true);
// Go over all additional forms // Go over all additional forms
foreach ($additional as $subName => $subField) { foreach ($additional as $subName => $subField) {
// Check if the user has the current field set otherwise continue // Check if the user has the current field set otherwise continue
if (!array_key_exists($subName, $profileData)) { if (!array_key_exists($subName, $profileData)) {
continue; continue;
} }
// Assign field to output with value // Assign field to output with value
$profile[$fieldName][$subName] = $profileData[$subName]; $profile[$fieldName][$subName] = $profileData[$subName];
} }
} }
} }
// Return appropiate profile data // Return appropiate profile data
@ -989,9 +1000,7 @@ class Users
// Return false if the user doesn't exist because a user that doesn't exist can't be online // Return false if the user doesn't exist because a user that doesn't exist can't be online
if (empty($user)) { if (empty($user)) {
return false; return false;
} }
// Return true if the user was online in the last 5 minutes // Return true if the user was online in the last 5 minutes
@ -1029,15 +1038,12 @@ class Users
// If the user already exists do an update call, otherwise an insert call // If the user already exists do an update call, otherwise an insert call
if (empty($getUser)) { if (empty($getUser)) {
Database::insert('premium', [ Database::insert('premium', [
'uid' => $id, 'uid' => $id,
'startdate' => $start, 'startdate' => $start,
'expiredate' => $expire, 'expiredate' => $expire,
]); ]);
} else { } else {
Database::update('premium', [ Database::update('premium', [
[ [
'expiredate' => $expire, 'expiredate' => $expire,
@ -1046,7 +1052,6 @@ class Users
'uid' => [$id, '='], 'uid' => [$id, '='],
], ],
]); ]);
} }
// Return the expiration timestamp // Return the expiration timestamp
@ -1070,9 +1075,7 @@ class Users
// Check if the user has static premium // Check if the user has static premium
if (Permissions::check('SITE', 'STATIC_PREMIUM', $id, 1)) { if (Permissions::check('SITE', 'STATIC_PREMIUM', $id, 1)) {
return [2, 0, time() + 1]; return [2, 0, time() + 1];
} }
// Attempt to retrieve the premium record from the database // Attempt to retrieve the premium record from the database
@ -1082,18 +1085,14 @@ class Users
// If nothing was returned just return false // If nothing was returned just return false
if (empty($getRecord)) { if (empty($getRecord)) {
return [0]; return [0];
} }
// Check if the Tenshi hasn't expired // Check if the Tenshi hasn't expired
if ($getRecord['expiredate'] < time()) { if ($getRecord['expiredate'] < time()) {
self::removeUserPremium($id); self::removeUserPremium($id);
self::updatePremiumMeta($id); self::updatePremiumMeta($id);
return [0, $getRecord['startdate'], $getRecord['expiredate']]; return [0, $getRecord['startdate'], $getRecord['expiredate']];
} }
// Else return the start and expiration date // Else return the start and expiration date
@ -1113,22 +1112,16 @@ class Users
// Check if the user has premium // Check if the user has premium
if ($check[0] == 1) { if ($check[0] == 1) {
// If so add the rank to them // If so add the rank to them
self::addRanksToUser([$premiumRank], $id); self::addRanksToUser([$premiumRank], $id);
// Check if the user's default rank is standard user and update it to premium // Check if the user's default rank is standard user and update it to premium
if (self::getUser($id)['rank_main'] == 2) { if (self::getUser($id)['rank_main'] == 2) {
self::setDefaultRank($id, $premiumRank); self::setDefaultRank($id, $premiumRank);
} }
} elseif ($check[0] == 0 && count($check) > 1) { } elseif ($check[0] == 0 && count($check) > 1) {
// Else remove the rank from them // Else remove the rank from them
self::removeRanksFromUser([$premiumRank], $id); self::removeRanksFromUser([$premiumRank], $id);
} }
} }
@ -1151,9 +1144,7 @@ class Users
// Return false if no rank was found // Return false if no rank was found
if (empty($rank)) { if (empty($rank)) {
return self::$emptyRank; return self::$emptyRank;
} }
// If rank was found return rank data // If rank was found return rank data
@ -1185,9 +1176,7 @@ class Users
// Get all users (or use the supplied user list to keep server load down) // Get all users (or use the supplied user list to keep server load down)
if (!$users) { if (!$users) {
$users = self::getAllUsers(); $users = self::getAllUsers();
} }
// Make output array // Make output array
@ -1195,14 +1184,11 @@ class Users
// Go over all users and check if they have the rank id // Go over all users and check if they have the rank id
foreach ($users as $user) { foreach ($users as $user) {
// If so store the user's row in the array // If so store the user's row in the array
if (self::checkIfUserHasRanks([$rankId], $user, true) && ($excludeAbyss ? $user['password_algo'] != 'nologin' : true)) { if (self::checkIfUserHasRanks([$rankId], $user, true)
&& ($excludeAbyss ? $user['password_algo'] != 'nologin' : true)) {
$rank[] = $user; $rank[] = $user;
} }
} }
// Then return the array with the user rows // Then return the array with the user rows
@ -1222,23 +1208,17 @@ class Users
// Reorder shit // Reorder shit
foreach ($getUsers as $user) { foreach ($getUsers as $user) {
// Skip abyss // Skip abyss
if (!$includeAbyss && $user['password_algo'] == 'nologin') { if (!$includeAbyss && $user['password_algo'] == 'nologin') {
continue; continue;
} }
// Skip if inactive and not include deactivated users // Skip if inactive and not include deactivated users
if (!$includeInactive && Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1)) { if (!$includeInactive && Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1)) {
continue; continue;
} }
$users[$user['id']] = $user; $users[$user['id']] = $user;
} }
// and return an array with the users // and return an array with the users
@ -1258,9 +1238,7 @@ class Users
// Reorder shit // Reorder shit
foreach ($getRanks as $rank) { foreach ($getRanks as $rank) {
$ranks[$rank['id']] = $rank; $ranks[$rank['id']] = $rank;
} }
// and return an array with the ranks // and return an array with the ranks
@ -1291,15 +1269,11 @@ class Users
$conditions['uid'] = [($uid ? $uid : Session::$userId), '=']; $conditions['uid'] = [($uid ? $uid : Session::$userId), '='];
if ($timediff) { if ($timediff) {
$conditions['timestamp'] = [time() - $timediff, '>']; $conditions['timestamp'] = [time() - $timediff, '>'];
} }
if ($excludeRead) { if ($excludeRead) {
$conditions['notif_read'] = [0, '=']; $conditions['notif_read'] = [0, '='];
} }
// Get notifications for the database // Get notifications for the database
@ -1307,22 +1281,16 @@ class Users
// Mark the notifications as read // Mark the notifications as read
if ($markRead) { if ($markRead) {
// Iterate over all entries // Iterate over all entries
foreach ($notifications as $notification) { foreach ($notifications as $notification) {
// If the notifcation is already read skip // If the notifcation is already read skip
if ($notification['notif_read']) { if ($notification['notif_read']) {
continue; continue;
} }
// Mark them as read // Mark them as read
self::markNotificationRead($notification['id']); self::markNotificationRead($notification['id']);
} }
} }
// Return the notifications // Return the notifications
@ -1382,7 +1350,6 @@ class Users
// Go over each message and check if they are for the current user // Go over each message and check if they are for the current user
foreach ($messages as $message) { foreach ($messages as $message) {
// Store the message // Store the message
$store[$message['id']] = $message; $store[$message['id']] = $message;
@ -1391,7 +1358,6 @@ class Users
$store[$message['id']]['data']['from']['rank'] = self::getRank($_MSG_USR['rank_main']); $store[$message['id']]['data']['from']['rank'] = self::getRank($_MSG_USR['rank_main']);
$store[$message['id']]['data']['to']['user'] = ($_MSG_USR = self::getUser($message['to_user'])); $store[$message['id']]['data']['to']['user'] = ($_MSG_USR = self::getUser($message['to_user']));
$store[$message['id']]['data']['to']['rank'] = self::getRank($_MSG_USR['rank_main']); $store[$message['id']]['data']['to']['rank'] = self::getRank($_MSG_USR['rank_main']);
} }
// Return store array // Return store array
@ -1405,9 +1371,7 @@ class Users
// Assign $uid // Assign $uid
if (!$uid) { if (!$uid) {
$uid = Session::$userId; $uid = Session::$userId;
} }
// Get all friends // Get all friends
@ -1420,7 +1384,6 @@ class Users
// Iterate over the raw database return // Iterate over the raw database return
foreach ($getFriends as $key => $friend) { foreach ($getFriends as $key => $friend) {
// Add friend to array // Add friend to array
$friends[($timestamps ? $friend['fid'] : $key)] = $getData ? ([ $friends[($timestamps ? $friend['fid'] : $key)] = $getData ? ([
@ -1428,19 +1391,16 @@ class Users
'rank' => self::getRank($_UDATA['rank_main']), 'rank' => self::getRank($_UDATA['rank_main']),
]) : $friend[($timestamps ? 'timestamp' : 'fid')]; ]) : $friend[($timestamps ? 'timestamp' : 'fid')];
} }
// Check who is online and who isn't // Check who is online and who isn't
if ($checkOnline) { if ($checkOnline) {
// Check each user // Check each user
foreach ($friends as $key => $friend) { foreach ($friends as $key => $friend) {
$friends[
$friends[self::checkUserOnline($getData ? $friend['user']['id'] : $friend) ? 'online' : 'offline'][] = $friend; self::checkUserOnline($getData ? $friend['user']['id'] : $friend) ? 'online' : 'offline'
][] = $friend;
} }
} }
// Return formatted array // Return formatted array
@ -1454,9 +1414,7 @@ class Users
// Assign $of automatically if it's not set // Assign $of automatically if it's not set
if (!$uid) { if (!$uid) {
$uid = Session::$userId; $uid = Session::$userId;
} }
// Get all friend entries from other people involved the current user // Get all friend entries from other people involved the current user
@ -1469,19 +1427,15 @@ class Users
// Check if the friends are mutual // Check if the friends are mutual
foreach ($friends as $friend) { foreach ($friends as $friend) {
// Check if the friend is mutual // Check if the friend is mutual
if (!self::checkFriend($friend['uid'], $uid)) { if (!self::checkFriend($friend['uid'], $uid)) {
$pending[] = $getData ? ([ $pending[] = $getData ? ([
'user' => ($_UDATA = self::getUser($friend['uid'])), 'user' => ($_UDATA = self::getUser($friend['uid'])),
'rank' => self::getRank($_UDATA['rank_main']), 'rank' => self::getRank($_UDATA['rank_main']),
]) : $friend; ]) : $friend;
} }
} }
// Return the pending friends // Return the pending friends
@ -1495,9 +1449,7 @@ class Users
// Assign $uid // Assign $uid
if (!$uid) { if (!$uid) {
$uid = Session::$userId; $uid = Session::$userId;
} }
// Get the user's friends // Get the user's friends
@ -1505,9 +1457,7 @@ class Users
// Check if the friend is actually in the user's array // Check if the friend is actually in the user's array
if (!in_array($fid, $self)) { if (!in_array($fid, $self)) {
return 0; return 0;
} }
// Get the friend's friends // Get the friend's friends
@ -1515,9 +1465,7 @@ class Users
// Check if the friend is actually in the user's array // Check if the friend is actually in the user's array
if (in_array($uid, $friend)) { if (in_array($uid, $friend)) {
return 2; return 2;
} }
// Return true if all went through // Return true if all went through
@ -1531,16 +1479,12 @@ class Users
// Validate that the user exists // Validate that the user exists
if (!self::getUser($uid)) { if (!self::getUser($uid)) {
return [0, 'USER_NOT_EXIST']; return [0, 'USER_NOT_EXIST'];
} }
// Check if the user already has this user a friend // Check if the user already has this user a friend
if (Database::fetch('friends', false, ['fid' => [$uid, '='], 'uid' => [Session::$userId, '=']])) { if (Database::fetch('friends', false, ['fid' => [$uid, '='], 'uid' => [Session::$userId, '=']])) {
return [0, 'ALREADY_FRIENDS']; return [0, 'ALREADY_FRIENDS'];
} }
// Add friend // Add friend
@ -1561,9 +1505,7 @@ class Users
// Check if the user has this user a friend // Check if the user has this user a friend
if (!Database::fetch('friends', false, ['fid' => [$uid, '='], 'uid' => [Session::$userId, '=']])) { if (!Database::fetch('friends', false, ['fid' => [$uid, '='], 'uid' => [Session::$userId, '=']])) {
return [0, 'ALREADY_REMOVED']; return [0, 'ALREADY_REMOVED'];
} }
// Remove friend // Remove friend
@ -1574,12 +1516,10 @@ class Users
// Attempt to remove the request // Attempt to remove the request
if ($deleteRequest) { if ($deleteRequest) {
Database::delete('friends', [ Database::delete('friends', [
'fid' => [Session::$userId, '='], 'fid' => [Session::$userId, '='],
'uid' => [$uid, '='], 'uid' => [$uid, '='],
]); ]);
} }
// Return true because yay // Return true because yay
@ -1594,5 +1534,4 @@ class Users
return Database::fetch('users', false, ['password_algo' => ['nologin', '!=']], ['id', true], ['1'])['id']; return Database::fetch('users', false, ['password_algo' => ['nologin', '!=']], ['id', true], ['1'])['id'];
} }
} }

30
_sakura/components/Whois.php
View file

@ -52,7 +52,10 @@ class Whois
// Check for neccesary keys // Check for neccesary keys
if (!array_key_exists('tld', $servers) || !array_key_exists('ip', $servers)) { if (!array_key_exists('tld', $servers) || !array_key_exists('ip', $servers)) {
trigger_error('One or more of the required whois lists isn\'t set, please check your whois servers file', E_USER_ERROR); trigger_error(
'One or more of the required whois lists isn\'t set, please check your whois servers file',
E_USER_ERROR
);
} }
// If everything is gucci set self::$servers // If everything is gucci set self::$servers
@ -113,7 +116,9 @@ class Whois
// Get proper whois server address // Get proper whois server address
if (!$server = $servers[$tld]) { if (!$server = $servers[$tld]) {
return 'Error: No appropriate whois server found for the TLD ' . $tld . ', check if the given address is correct.'; return 'Error: No appropriate whois server found for the TLD '
. $tld
. ', check if the given address is correct.';
} }
// Get results from whois server // Get results from whois server
@ -133,7 +138,12 @@ class Whois
$result = self::queryWhois(($server = $matches[1]), $address); $result = self::queryWhois(($server = $matches[1]), $address);
// ...and append the retrieved values to the return variable // ...and append the retrieved values to the return variable
$return .= "\r\n-------------\r\n\r\n" . $address . " domain lookup results from " . $server . ":\r\n" . $result; $return .= "\r\n-------------\r\n\r\n"
. $address
. " domain lookup results from "
. $server
. ":\r\n"
. $result;
} }
} }
} }
@ -188,7 +198,19 @@ class Whois
{ {
// Open socket // Open socket
$query = @fsockopen($server, $port, $errno, $errstr, $timeout) or trigger_error('Failed to open socket: ' . $errno . ' - ' . $errstr, E_USER_ERROR); $query = @fsockopen(
$server,
$port,
$errno,
$errstr,
$timeout
) or trigger_error(
'Failed to open socket: '
. $errno
. ' - '
. $errstr,
E_USER_ERROR
);
// Send address // Send address
fputs($query, $address . "\r\n"); fputs($query, $address . "\r\n");

1
public/.htaccess
View file

@ -41,6 +41,7 @@ RewriteRule ^settings/([a-z]+)/?$ settings.php?cat=$1 [L,QSA]
RewriteRule ^settings/([a-z]+)/([a-z]+)/?$ settings.php?cat=$1&mode=$2 [L,QSA] RewriteRule ^settings/([a-z]+)/([a-z]+)/?$ settings.php?cat=$1&mode=$2 [L,QSA]
RewriteRule ^settings/([a-z]+)/([a-z]+)/p([0-9]+)/?$ settings.php?cat=$1&mode=$2&page=$3 [L,QSA] RewriteRule ^settings/([a-z]+)/([a-z]+)/p([0-9]+)/?$ settings.php?cat=$1&mode=$2&page=$3 [L,QSA]
RewriteRule ^friends/?$ settings.php?friend-action=true [L,QSA] RewriteRule ^friends/?$ settings.php?friend-action=true [L,QSA]
RewriteRule ^notifications/?$ settings.php?request-notifications=true [L,QSA]
# Members # Members
RewriteRule ^members/?$ members.php [L,QSA] RewriteRule ^members/?$ members.php [L,QSA]

16
public/authenticate.php
View file

@ -14,7 +14,8 @@ if (isset($_REQUEST['mode'])) {
// Continue // Continue
$continue = true; $continue = true;
// Make sure we're not in activate mode since adding a timestamp and accessing the PHP session id is kind of hard when you're in an e-mail client // Make sure we're not in activate mode since adding a timestamp
// and accessing the PHP session id is kind of hard when you're in an e-mail client
if (!isset($_REQUEST['mode']) || $_REQUEST['mode'] != 'activate') { if (!isset($_REQUEST['mode']) || $_REQUEST['mode'] != 'activate') {
// Compare time and session so we know the link isn't forged // Compare time and session so we know the link isn't forged
if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) { if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) {
@ -79,7 +80,12 @@ if (isset($_REQUEST['mode'])) {
case 'changepassword': case 'changepassword':
// Attempt change // Attempt change
$passforget = Users::resetPassword($_REQUEST['verk'], $_REQUEST['uid'], $_REQUEST['newpw'], $_REQUEST['verpw']); $passforget = Users::resetPassword(
$_REQUEST['verk'],
$_REQUEST['uid'],
$_REQUEST['newpw'],
$_REQUEST['verpw']
);
// Array containing "human understandable" messages // Array containing "human understandable" messages
$messages = [ $messages = [
@ -97,7 +103,11 @@ if (isset($_REQUEST['mode'])) {
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'redirect' => ($passforget[0] ? $urls->format('SITE_LOGIN') : $_SERVER['PHP_SELF'] . '?pw=true&uid=' . $_REQUEST['uid'] . '&verk=' . $_REQUEST['verk']), 'redirect' => (
$passforget[0] ?
$urls->format('SITE_LOGIN') :
$_SERVER['PHP_SELF'] . '?pw=true&uid=' . $_REQUEST['uid'] . '&verk=' . $_REQUEST['verk']
),
'message' => $messages[$passforget[1]], 'message' => $messages[$passforget[1]],
'success' => $passforget[0], 'success' => $passforget[0],

14
public/changelog.php
View file

@ -22,7 +22,15 @@ $changelogHTML = null;
foreach (array_reverse($changelog['changelog'], true) as $revisionId => $revisionData) { foreach (array_reverse($changelog['changelog'], true) as $revisionId => $revisionData) {
$changelogHTML .= '<div class="release" id="r' . $revisionId . '">'; $changelogHTML .= '<div class="release" id="r' . $revisionId . '">';
$changelogHTML .= '<a href="#r' . $revisionId . '" class="title" style="color: ' . $changelog['versions'][$revisionData[0]] . ';">Revision ' . $revisionId . ' (' . ucfirst($revisionData[0]) . ')</a>'; $changelogHTML .= '<a href="#r'
. $revisionId
. '" class="title" style="color: '
. $changelog['versions'][$revisionData[0]]
. ';">Revision '
. $revisionId
. ' ('
. ucfirst($revisionData[0])
. ')</a>';
unset($revisionData[0]); unset($revisionData[0]);
@ -54,7 +62,9 @@ foreach (array_reverse($changelog['changelog'], true) as $revisionId => $revisio
$changelogHTML .= $changeData['change']; $changelogHTML .= $changeData['change'];
$changelogHTML .= '</span>'; $changelogHTML .= '</span>';
$changelogHTML .= '<a class="changeuser" target="_blank" href="http://bitbucket.org/' . strtolower($changeData['user']) . '">'; $changelogHTML .= '<a class="changeuser" target="_blank" href="http://bitbucket.org/'
. strtolower($changeData['user'])
. '">';
$changelogHTML .= $changeData['user']; $changelogHTML .= $changeData['user'];
$changelogHTML .= '</a>'; $changelogHTML .= '</a>';

24
public/imageserve.php
View file

@ -23,9 +23,21 @@ if (isset($_GET['m'])) {
switch ($_GET['m']) { switch ($_GET['m']) {
case 'avatar': case 'avatar':
// Set paths // Set paths
$noAvatar = ROOT . str_replace('{{ TPL }}', $templateName, Configuration::getConfig('no_avatar_img')); $noAvatar = ROOT . str_replace(
$deactiveAvatar = ROOT . str_replace('{{ TPL }}', $templateName, Configuration::getConfig('deactivated_avatar_img')); '{{ TPL }}',
$bannedAvatar = ROOT . str_replace('{{ TPL }}', $templateName, Configuration::getConfig('banned_avatar_img')); $templateName,
Configuration::getConfig('no_avatar_img')
);
$deactiveAvatar = ROOT . str_replace(
'{{ TPL }}',
$templateName,
Configuration::getConfig('deactivated_avatar_img')
);
$bannedAvatar = ROOT . str_replace(
'{{ TPL }}',
$templateName,
Configuration::getConfig('banned_avatar_img')
);
// If ?u= isn't set or if it isn't numeric // If ?u= isn't set or if it isn't numeric
if (!isset($_GET['u']) || !is_numeric($_GET['u']) || $_GET['u'] == 0) { if (!isset($_GET['u']) || !is_numeric($_GET['u']) || $_GET['u'] == 0) {
@ -84,7 +96,8 @@ if (isset($_GET['m'])) {
} }
// Check if user has a background set // Check if user has a background set
if (empty($user->data['userData']['profileBackground']) || !file_exists($userDirPath . $user->data['userData']['profileBackground'])) { if (empty($user->data['userData']['profileBackground'])
|| !file_exists($userDirPath . $user->data['userData']['profileBackground'])) {
$serveImage = $noBackground; $serveImage = $noBackground;
break; break;
} }
@ -119,7 +132,8 @@ if (isset($_GET['m'])) {
} }
// Check if user has a background set // Check if user has a background set
if (empty($user->data['userData']['profileHeader']) || !file_exists($userDirPath . $user->data['userData']['profileHeader'])) { if (empty($user->data['userData']['profileHeader'])
|| !file_exists($userDirPath . $user->data['userData']['profileHeader'])) {
$serveImage = $noHeader; $serveImage = $noHeader;
break; break;
} }

12
public/index.php
View file

@ -58,7 +58,17 @@ $renderData['board'] = [
$renderData['stats'] = [ $renderData['stats'] = [
'userCount' => Database::count('users', ['password_algo' => ['nologin', '!='], 'rank_main' => ['1', '!=']])[0], 'userCount' => Database::count('users', ['password_algo' => ['nologin', '!='], 'rank_main' => ['1', '!=']])[0],
'newestUser' => ($_INDEX_NEWEST_USER = new User(Users::getNewestUserId())), 'newestUser' => ($_INDEX_NEWEST_USER = new User(Users::getNewestUserId())),
'lastRegDate' => ($_INDEX_LAST_REGDATE = date_diff(date_create(date('Y-m-d', $_INDEX_NEWEST_USER->data['regdate'])), date_create(date('Y-m-d')))->format('%a')) . ' day' . ($_INDEX_LAST_REGDATE == 1 ? '' : 's'), 'lastRegDate' => ($_INDEX_LAST_REGDATE = date_diff(
date_create(
date(
'Y-m-d',
$_INDEX_NEWEST_USER->data['regdate']
)
),
date_create(
date('Y-m-d')
)
)->format('%a')) . ' day' . ($_INDEX_LAST_REGDATE == 1 ? '' : 's'),
'topicCount' => Database::count('topics')[0], 'topicCount' => Database::count('topics')[0],
'postCount' => Database::count('posts')[0], 'postCount' => Database::count('posts')[0],
'onlineUsers' => Users::checkAllOnline(), 'onlineUsers' => Users::checkAllOnline(),

19
public/members.php
View file

@ -15,12 +15,23 @@ if (Users::checkLogin()) {
$renderData['page'] = [ $renderData['page'] = [
'ranks' => ($_MEMBERLIST_RANKS = Users::getAllRanks()), 'ranks' => ($_MEMBERLIST_RANKS = Users::getAllRanks()),
'active' => ($_MEMBERLIST_ACTIVE = (isset($_GET['rank']) && $_GET['rank'] && array_key_exists($_GET['rank'], $_MEMBERLIST_RANKS) ? $_GET['rank'] : 0)), 'active' => ($_MEMBERLIST_ACTIVE = (
'notfound' => ($_MEMBERLIST_NFOUND = (isset($_GET['rank']) && !array_key_exists($_GET['rank'], $_MEMBERLIST_RANKS) && $_GET['rank'] != 0)), isset($_GET['rank'])
&& $_GET['rank']
&& array_key_exists($_GET['rank'], $_MEMBERLIST_RANKS) ? $_GET['rank'] : 0
)),
'notfound' => ($_MEMBERLIST_NFOUND = (
isset($_GET['rank'])
&& !array_key_exists($_GET['rank'], $_MEMBERLIST_RANKS) && $_GET['rank'] != 0
)),
'sorts' => ($_MEMBERLIST_SORTS = ['boxes', 'rectangles', 'list']), 'sorts' => ($_MEMBERLIST_SORTS = ['boxes', 'rectangles', 'list']),
'sort' => isset($_GET['sort']) && $_GET['sort'] && in_array($_GET['sort'], $_MEMBERLIST_SORTS) ? $_GET['sort'] : $_MEMBERLIST_SORTS[0], 'sort' => isset($_GET['sort']) && $_GET['sort'] && in_array($_GET['sort'], $_MEMBERLIST_SORTS) ?
$_GET['sort'] :
$_MEMBERLIST_SORTS[0],
'page' => isset($_GET['page']) && ($_GET['page'] - 1) >= 0 ? $_GET['page'] - 1 : 0, 'page' => isset($_GET['page']) && ($_GET['page'] - 1) >= 0 ? $_GET['page'] - 1 : 0,
'users' => array_chunk($_MEMBERLIST_ACTIVE && !$_MEMBERLIST_NFOUND ? Users::getUsersInRank($_MEMBERLIST_ACTIVE, null, true, true) : Users::getAllUsers(), Configuration::getConfig('members_per_page'), true), 'users' => array_chunk($_MEMBERLIST_ACTIVE && !$_MEMBERLIST_NFOUND ?
Users::getUsersInRank($_MEMBERLIST_ACTIVE, null, true, true) :
Users::getAllUsers(), Configuration::getConfig('members_per_page'), true),
]; ];

10
public/news.php
View file

@ -86,10 +86,16 @@ if (isset($_GET['xml'])) {
// Create value // Create value
eval('$value = ' . $valueData['eval'] . ';'); eval('$value = ' . $valueData['eval'] . ';');
$value = str_replace('{EVAL}', $value, $valueData[(array_key_exists('cdata', $valueData) ? 'cdata' : 'text')]); $value = str_replace(
'{EVAL}',
$value,
$valueData[(array_key_exists('cdata', $valueData) ? 'cdata' : 'text')]
);
// Create text node or cdata container // Create text node or cdata container
$pElemText = (array_key_exists('cdata', $valueData)) ? $feed->createCDATASection($value) : $feed->createTextNode($value); $pElemText = (array_key_exists('cdata', $valueData)) ?
$feed->createCDATASection($value) :
$feed->createTextNode($value);
// Append them // Append them
$pElem->appendChild($pElemText); $pElem->appendChild($pElemText);

12
public/posting.php
View file

@ -10,7 +10,17 @@ namespace Sakura;
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . '_sakura/sakura.php'; require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . '_sakura/sakura.php';
// Set location // Set location
$locId = isset($_GET['f']) ? $_GET['f'] : (isset($_GET['t']) ? $_GET['t'] : (isset($_GET['p']) ? Forum::getTopicIdFromPostId($_GET['p']) : 0)); $locId = isset($_GET['f']) ?
$_GET['f'] :
(
isset($_GET['t']) ?
$_GET['t'] :
(
isset($_GET['p']) ?
Forum::getTopicIdFromPostId($_GET['p']) :
0
)
);
$locMode = isset($_GET['f']) ? 'f' : (isset($_GET['t']) || isset($_GET['p']) ? 't' : null); $locMode = isset($_GET['f']) ? 'f' : (isset($_GET['t']) || isset($_GET['p']) ? 't' : null);
// Set additional render data // Set additional render data

133
public/settings.php
View file

@ -23,7 +23,10 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
$notifications = array(); $notifications = array();
// Check if the user is logged in // Check if the user is logged in
if (Users::checkLogin() && isset($_REQUEST['time']) && $_REQUEST['time'] > (time() - 1000) && isset($_REQUEST['session']) && $_REQUEST['session'] == session_id()) { if (Users::checkLogin()
&& isset($_REQUEST['time'])
&& $_REQUEST['time'] > (time() - 1000)
&& isset($_REQUEST['session']) && $_REQUEST['session'] == session_id()) {
// Get the user's notifications from the past forever but exclude read notifications // Get the user's notifications from the past forever but exclude read notifications
$userNotifs = Users::getNotifications(null, 0, true, true); $userNotifs = Users::getNotifications(null, 0, true, true);
@ -119,7 +122,9 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
// Continue if nothing fucked up // Continue if nothing fucked up
if ($continue) { if ($continue) {
// Execute the action // Execute the action
$action = (isset($_REQUEST['add']) ? Users::addFriend($_REQUEST['add']) : Users::removeFriend($_REQUEST['remove'], true)); $action = (isset($_REQUEST['add']) ?
Users::addFriend($_REQUEST['add']) :
Users::removeFriend($_REQUEST['remove'], true));
// Set the messages // Set the messages
$messages = [ $messages = [
@ -197,7 +202,11 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
} }
// Check session variables // Check session variables
if (!isset($_REQUEST['timestamp']) || $_REQUEST['timestamp'] < time() - 1000 || !isset($_REQUEST['sessid']) || $_REQUEST['sessid'] != session_id() || !$continue) { if (!isset($_REQUEST['timestamp'])
|| $_REQUEST['timestamp'] < time() - 1000
|| !isset($_REQUEST['sessid'])
|| $_REQUEST['sessid'] != session_id()
|| !$continue) {
$renderData['page'] = [ $renderData['page'] = [
'redirect' => $redirect, 'redirect' => $redirect,
@ -224,7 +233,10 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
case 'background': case 'background':
$userDataKey = 'profileBackground'; $userDataKey = 'profileBackground';
$msgTitle = 'Background'; $msgTitle = 'Background';
$permission = (!empty($currentUser->data['userData'][$userDataKey]) && $currentUser->checkPermission('SITE', 'CHANGE_BACKGROUND')) || $currentUser->checkPermission('SITE', 'CREATE_BACKGROUND'); $permission = (
!empty($currentUser->data['userData'][$userDataKey])
&& $currentUser->checkPermission('SITE', 'CHANGE_BACKGROUND')
) || $currentUser->checkPermission('SITE', 'CREATE_BACKGROUND');
break; break;
case 'avatar': case 'avatar':
@ -251,7 +263,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
// Set path variables // Set path variables
$filepath = ROOT . Configuration::getConfig('user_uploads') . '/'; $filepath = ROOT . Configuration::getConfig('user_uploads') . '/';
$filename = $filepath . $mode . '_' . Session::$userId; $filename = $filepath . $mode . '_' . Session::$userId;
$currfile = isset($currentUser->data['userData'][$userDataKey]) && !empty($_OLDFILE = $currentUser->data['userData'][$userDataKey]) ? $_OLDFILE : null; $currfile = isset($currentUser->data['userData'][$userDataKey])
&& !empty($_OLDFILE = $currentUser->data['userData'][$userDataKey]) ? $_OLDFILE : null;
// Check if $_FILES is set // Check if $_FILES is set
if (!isset($_FILES[$mode]) && empty($_FILES[$mode])) { if (!isset($_FILES[$mode]) && empty($_FILES[$mode])) {
@ -323,7 +336,9 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
} }
// Check if the image is an allowed filetype // Check if the image is an allowed filetype
if ((($metadata[2] !== IMAGETYPE_GIF) && ($metadata[2] !== IMAGETYPE_JPEG) && ($metadata[2] !== IMAGETYPE_PNG))) { if ((($metadata[2] !== IMAGETYPE_GIF)
&& ($metadata[2] !== IMAGETYPE_JPEG)
&& ($metadata[2] !== IMAGETYPE_PNG))) {
// Set render data // Set render data
$renderData['page'] = [ $renderData['page'] = [
@ -337,7 +352,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
} }
// Check if the image is too large // Check if the image is too large
if (($metadata[0] > Configuration::getConfig($mode . '_max_width') || $metadata[1] > Configuration::getConfig($mode . '_max_height'))) { if (($metadata[0] > Configuration::getConfig($mode . '_max_width')
|| $metadata[1] > Configuration::getConfig($mode . '_max_height'))) {
// Set render data // Set render data
$renderData['page'] = [ $renderData['page'] = [
@ -351,7 +367,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
} }
// Check if the image is too small // Check if the image is too small
if (($metadata[0] < Configuration::getConfig($mode . '_min_width') || $metadata[1] < Configuration::getConfig($mode . '_min_height'))) { if (($metadata[0] < Configuration::getConfig($mode . '_min_width')
|| $metadata[1] < Configuration::getConfig($mode . '_min_height'))) {
// Set render data // Set render data
$renderData['page'] = [ $renderData['page'] = [
@ -441,7 +458,10 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
// Go over each additional value // Go over each additional value
foreach ($field['additional'] as $addKey => $addVal) { foreach ($field['additional'] as $addKey => $addVal) {
// Add to the array // Add to the array
$store[$addKey] = (isset($_POST['profile_additional_' . $addKey]) || !empty($_POST['profile_additional_' . $addKey])) ? $_POST['profile_additional_' . $addKey] : false; $store[$addKey] = (isset($_POST['profile_additional_' . $addKey])
|| !empty($_POST['profile_additional_' . $addKey])) ?
$_POST['profile_additional_' . $addKey] :
false;
} }
} }
} }
@ -459,29 +479,54 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
]; ];
// Birthdays // Birthdays
if (isset($_POST['birthday_day']) && isset($_POST['birthday_month']) && isset($_POST['birthday_year'])) { if (isset($_POST['birthday_day'])
&& isset($_POST['birthday_month'])
&& isset($_POST['birthday_year'])) {
// Check if the values aren't fucked with // Check if the values aren't fucked with
if ($_POST['birthday_day'] < 0 || $_POST['birthday_day'] > 31 || $_POST['birthday_month'] < 0 || $_POST['birthday_month'] > 12 || ($_POST['birthday_year'] != 0 && $_POST['birthday_year'] < (date("Y") - 100)) || $_POST['birthday_year'] > date("Y")) { if ($_POST['birthday_day'] < 0
|| $_POST['birthday_day'] > 31
|| $_POST['birthday_month'] < 0
|| $_POST['birthday_month'] > 12
|| (
$_POST['birthday_year'] != 0
&& $_POST['birthday_year'] < (date("Y") - 100)
)
|| $_POST['birthday_year'] > date("Y")) {
$renderData['page']['message'] = 'Your birthdate is invalid.'; $renderData['page']['message'] = 'Your birthdate is invalid.';
$renderData['page']['success'] = 0; $renderData['page']['success'] = 0;
break; break;
} }
// Check if the values aren't fucked with // Check if the values aren't fucked with
if (($_POST['birthday_day'] < 1 && $_POST['birthday_month'] > 0) || ($_POST['birthday_day'] > 0 && $_POST['birthday_month'] < 1)) { if ((
$_POST['birthday_day'] < 1
&& $_POST['birthday_month'] > 0
)
|| (
$_POST['birthday_day'] > 0
&& $_POST['birthday_month'] < 1)
) {
$renderData['page']['message'] = 'Only setting a day or month is disallowed.'; $renderData['page']['message'] = 'Only setting a day or month is disallowed.';
$renderData['page']['success'] = 0; $renderData['page']['success'] = 0;
break; break;
} }
// Check if the values aren't fucked with // Check if the values aren't fucked with
if ($_POST['birthday_year'] > 0 && ($_POST['birthday_day'] < 1 || $_POST['birthday_month'] < 1)) { if ($_POST['birthday_year'] > 0
&& (
$_POST['birthday_day'] < 1
|| $_POST['birthday_month'] < 1
)
) {
$renderData['page']['message'] = 'Only setting a year is disallowed.'; $renderData['page']['message'] = 'Only setting a year is disallowed.';
$renderData['page']['success'] = 0; $renderData['page']['success'] = 0;
break; break;
} }
$birthdate = implode('-', [$_POST['birthday_year'], $_POST['birthday_month'], $_POST['birthday_day']]); $birthdate = implode(
'-',
[$_POST['birthday_year'], $_POST['birthday_month'], $_POST['birthday_day']]
);
Database::update('users', [ Database::update('users', [
[ [
@ -510,7 +555,10 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
continue; continue;
} }
$store[$field['id']] = isset($_POST['option_' . $field['id']]) && !empty($_POST['option_' . $field['id']]) ? $_POST['option_' . $field['id']] : null; $store[$field['id']] = isset($_POST['option_' . $field['id']])
&& !empty($_POST['option_' . $field['id']]) ?
$_POST['option_' . $field['id']] :
null;
} }
// Update database // Update database
@ -590,7 +638,8 @@ if (Users::checkLogin()) {
'title' => 'Home', 'title' => 'Home',
'description' => [ 'description' => [
'Welcome to the Settings Panel. From here you can monitor, view and update your profile and preferences.', 'Welcome to the Settings Panel.
From here you can monitor, view and update your profile and preferences.',
], ],
'access' => !$currentUser->checkPermission('SITE', 'DEACTIVATED'), 'access' => !$currentUser->checkPermission('SITE', 'DEACTIVATED'),
@ -602,7 +651,8 @@ if (Users::checkLogin()) {
'title' => 'Edit Profile', 'title' => 'Edit Profile',
'description' => [ 'description' => [
'These are the external account links etc. on your profile, shouldn\'t need any additional explanation for this one.', 'These are the external account links etc.
on your profile, shouldn\'t need any additional explanation for this one.',
], ],
'access' => $currentUser->checkPermission('SITE', 'ALTER_PROFILE'), 'access' => $currentUser->checkPermission('SITE', 'ALTER_PROFILE'),
@ -763,7 +813,9 @@ if (Users::checkLogin()) {
'description' => [ 'description' => [
'Your avatar which is displayed all over the site and on your profile.', 'Your avatar which is displayed all over the site and on your profile.',
'Maximum image size is {{ avatar.max_width }}x{{ avatar.max_height }}, minimum image size is {{ avatar.min_width }}x{{ avatar.min_height }}, maximum file size is {{ avatar.max_size_view }}.', 'Maximum image size is {{ avatar.max_width }}x{{ avatar.max_height }},
minimum image size is {{ avatar.min_width }}x{{ avatar.min_height }},
maximum file size is {{ avatar.max_size_view }}.',
], ],
'access' => $currentUser->checkPermission('SITE', 'CHANGE_AVATAR'), 'access' => $currentUser->checkPermission('SITE', 'CHANGE_AVATAR'),
@ -776,10 +828,15 @@ if (Users::checkLogin()) {
'description' => [ 'description' => [
'The background that is displayed on your profile.', 'The background that is displayed on your profile.',
'Maximum image size is {{ background.max_width }}x{{ background.max_height }}, minimum image size is {{ background.min_width }}x{{ background.min_height }}, maximum file size is {{ background.max_size_view }}.', 'Maximum image size is {{ background.max_width }}x{{ background.max_height }},
minimum image size is {{ background.min_width }}x{{ background.min_height }},
maximum file size is {{ background.max_size_view }}.',
], ],
'access' => (isset($currentUser->data['userData']['profileBackground']) && $currentUser->checkPermission('SITE', 'CHANGE_BACKGROUND')) || $currentUser->checkPermission('SITE', 'CREATE_BACKGROUND'), 'access' => (
isset($currentUser->data['userData']['profileBackground'])
&& $currentUser->checkPermission('SITE', 'CHANGE_BACKGROUND')
) || $currentUser->checkPermission('SITE', 'CREATE_BACKGROUND'),
'menu' => true, 'menu' => true,
], ],
@ -791,7 +848,10 @@ if (Users::checkLogin()) {
'The custom text that is displayed on your profile.', 'The custom text that is displayed on your profile.',
], ],
'access' => (isset($currentUser->data['userData']['userPage']) && $currentUser->checkPermission('SITE', 'CHANGE_USERPAGE')) || $currentUser->checkPermission('SITE', 'CREATE_USERPAGE'), 'access' => (
isset($currentUser->data['userData']['userPage'])
&& $currentUser->checkPermission('SITE', 'CHANGE_USERPAGE')
) || $currentUser->checkPermission('SITE', 'CREATE_USERPAGE'),
'menu' => true, 'menu' => true,
], ],
@ -859,7 +919,9 @@ if (Users::checkLogin()) {
'title' => 'Ranks', 'title' => 'Ranks',
'description' => [ 'description' => [
'Manage what ranks you\'re in and what is set as your main rank. Your main rank is highlighted. You get the permissions of all of the ranks you\'re in combined.', 'Manage what ranks you\'re in and what is set as your main rank.
Your main rank is highlighted.
You get the permissions of all of the ranks you\'re in combined.',
], ],
'access' => $currentUser->checkPermission('SITE', 'ALTER_RANKS'), 'access' => $currentUser->checkPermission('SITE', 'ALTER_RANKS'),
@ -881,9 +943,13 @@ if (Users::checkLogin()) {
'title' => 'Sessions', 'title' => 'Sessions',
'description' => [ 'description' => [
'Session keys are a way of identifying yourself with the system without keeping your password in memory.', 'Session keys are a way of identifying yourself with the system without keeping
'If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn\'t be here hit the Kill button to kill the selected session.', your password in memory.',
'If you get logged out after clicking one you\'ve most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.', 'If someone finds one of your session keys they could possibly compromise your account,
if you see any sessions here that shouldn\'t be here hit the Kill button to kill the
selected session.',
'If you get logged out after clicking one you\'ve most likely killed your current session,
to make it easier to avoid this from happening your current session is highlighted.',
], ],
'access' => $currentUser->checkPermission('SITE', 'MANAGE_SESSIONS'), 'access' => $currentUser->checkPermission('SITE', 'MANAGE_SESSIONS'),
@ -895,7 +961,8 @@ if (Users::checkLogin()) {
'title' => 'Registration Keys', 'title' => 'Registration Keys',
'description' => [ 'description' => [
'Sometimes we activate the registration key system which means that users can only register using your "referer" keys, this means we can keep unwanted people from registering.', 'Sometimes we activate the registration key system which means that users can only
register using your "referer" keys,this means we can keep unwanted people from registering.',
'Each user can generate 5 of these keys, bans and deactivates render these keys useless.', 'Each user can generate 5 of these keys, bans and deactivates render these keys useless.',
], ],
@ -923,16 +990,24 @@ if (Users::checkLogin()) {
]; ];
// Current settings page // Current settings page
$category = isset($_GET['cat']) ? (array_key_exists($_GET['cat'], $pages) ? $_GET['cat'] : false) : array_keys($pages)[0]; $category = isset($_GET['cat']) ? (
array_key_exists($_GET['cat'], $pages) ? $_GET['cat'] : false
) : array_keys($pages)[0];
$mode = false; $mode = false;
// Only continue setting mode if $category is true // Only continue setting mode if $category is true
if ($category) { if ($category) {
$mode = isset($_GET['mode']) && $category ? (array_key_exists($_GET['mode'], $pages[$category]['modes']) ? $_GET['mode'] : false) : array_keys($pages[$category]['modes'])[0]; $mode = isset($_GET['mode']) && $category ? (
array_key_exists($_GET['mode'], $pages[$category]['modes']) ? $_GET['mode'] : false
) : array_keys($pages[$category]['modes'])[0];
} }
// Not found // Not found
if (!$category || empty($category) || !$mode || empty($mode) || !$pages[$category]['modes'][$mode]['access']) { if (!$category
|| empty($category)
|| !$mode
|| empty($mode)
|| !$pages[$category]['modes'][$mode]['access']) {
header('HTTP/1.0 404 Not Found'); header('HTTP/1.0 404 Not Found');
print Templates::render('global/notfound.tpl', $renderData); print Templates::render('global/notfound.tpl', $renderData);
exit; exit;

44
public/support.php
View file

@ -10,7 +10,9 @@ namespace Sakura;
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . '_sakura/sakura.php'; require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . '_sakura/sakura.php';
// Switch between modes (we only allow this to be used by logged in user) // Switch between modes (we only allow this to be used by logged in user)
if (isset($_REQUEST['mode']) && Users::checkLogin() && Permissions::check('SITE', 'OBTAIN_PREMIUM', Session::$userId, 1)) { if (isset($_REQUEST['mode'])
&& Users::checkLogin()
&& Permissions::check('SITE', 'OBTAIN_PREMIUM', Session::$userId, 1)) {
// Initialise Payments class // Initialise Payments class
if (!Payments::init()) { if (!Payments::init()) {
header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true'); header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true');
@ -19,19 +21,24 @@ if (isset($_REQUEST['mode']) && Users::checkLogin() && Permissions::check('SITE'
// Create the purchase // Create the purchase
case 'purchase': case 'purchase':
// Compare time and session so we know the link isn't forged // Compare time and session so we know the link isn't forged
if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) { if (!isset($_REQUEST['time'])
|| $_REQUEST['time'] < time() - 1000) {
header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true'); header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true');
break; break;
} }
// Match session ids for the same reason // Match session ids for the same reason
if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) { if (!isset($_REQUEST['session'])
|| $_REQUEST['session'] != session_id()) {
header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true'); header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true');
break; break;
} }
// Half if shit isn't gucci // Half if shit isn't gucci
if (!isset($_POST['months']) || !is_numeric($_POST['months']) || (int) $_POST['months'] < 1 || (int) $_POST['months'] > Configuration::getConfig('premium_amount_max')) { if (!isset($_POST['months'])
|| !is_numeric($_POST['months'])
|| (int) $_POST['months'] < 1
|| (int) $_POST['months'] > Configuration::getConfig('premium_amount_max')) {
header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true'); header('Location: ' . $urls->format('SITE_PREMIUM') . '?fail=true');
} else { } else {
// Calculate the total // Calculate the total
@ -39,10 +46,19 @@ if (isset($_REQUEST['mode']) && Users::checkLogin() && Permissions::check('SITE'
$total = number_format($total, 2, '.', ''); $total = number_format($total, 2, '.', '');
// Generate item name // Generate item name
$itemName = Configuration::getConfig('sitename') . ' Premium - ' . (string) $_POST['months'] . ' month' . ((int) $_POST['months'] == 1 ? '' : 's'); $itemName = Configuration::getConfig('sitename')
. ' Premium - '
. (string) $_POST['months']
. ' month'
. ((int) $_POST['months'] == 1 ? '' : 's');
// Attempt to create a transaction // Attempt to create a transaction
if ($transaction = Payments::createTransaction($total, $itemName, Configuration::getConfig('sitename') . ' Premium Purchase', 'http://' . Configuration::getConfig('url_main') . $urls->format('SITE_PREMIUM'))) { if ($transaction = Payments::createTransaction(
$total,
$itemName,
Configuration::getConfig('sitename') . ' Premium Purchase',
'http://' . Configuration::getConfig('url_main') . $urls->format('SITE_PREMIUM')
)) {
// Store the amount of months in the global session array // Store the amount of months in the global session array
$_SESSION['premiumMonths'] = (int) $_POST['months']; $_SESSION['premiumMonths'] = (int) $_POST['months'];
@ -59,7 +75,10 @@ if (isset($_REQUEST['mode']) && Users::checkLogin() && Permissions::check('SITE'
// Finalising the purchase // Finalising the purchase
case 'finish': case 'finish':
// Check if the success GET request is set and is true // Check if the success GET request is set and is true
if (isset($_GET['success']) && isset($_GET['paymentId']) && isset($_GET['PayerID']) && isset($_SESSION['premiumMonths'])) { if (isset($_GET['success'])
&& isset($_GET['paymentId'])
&& isset($_GET['PayerID'])
&& isset($_SESSION['premiumMonths'])) {
// Attempt to complete the transaction // Attempt to complete the transaction
try { try {
$finalise = Payments::completeTransaction($_GET['paymentId'], $_GET['PayerID']); $finalise = Payments::completeTransaction($_GET['paymentId'], $_GET['PayerID']);
@ -72,7 +91,16 @@ if (isset($_REQUEST['mode']) && Users::checkLogin() && Permissions::check('SITE'
// Make the user premium // Make the user premium
$expiration = Users::addUserPremium(Session::$userId, (2628000 * $_SESSION['premiumMonths'])); $expiration = Users::addUserPremium(Session::$userId, (2628000 * $_SESSION['premiumMonths']));
Users::updatePremiumMeta(Session::$userId); Users::updatePremiumMeta(Session::$userId);
Main::updatePremiumTracker(Session::$userId, ((float) Configuration::getConfig('premium_price_per_month') * $_SESSION['premiumMonths']), $currentUser->data['username'] . ' bought premium for ' . $_SESSION['premiumMonths'] . ' month' . ($_SESSION['premiumMonths'] == 1 ? '' : 's') . '.'); Main::updatePremiumTracker(
Session::$userId,
((float) Configuration::getConfig('premium_price_per_month') * $_SESSION['premiumMonths']),
$currentUser->data['username']
. ' bought premium for '
. $_SESSION['premiumMonths']
. ' month'
. ($_SESSION['premiumMonths'] == 1 ? '' : 's')
. '.'
);
// Redirect to the complete // Redirect to the complete
header('Location: ' . $urls->format('SITE_PREMIUM') . '?mode=complete'); header('Location: ' . $urls->format('SITE_PREMIUM') . '?mode=complete');