sakura isn't dead? wow

This commit is contained in:
flash 2016-09-08 23:32:33 +02:00
parent 6097dd7442
commit 76d9502d57
8 changed files with 178 additions and 299 deletions

View file

@ -90,197 +90,142 @@ class AccountController extends Controller
} }
/** /**
* Renders the e-mail changing page. * Details such as email, username and password.
* @return string * @return string
*/ */
public function email() public function details()
{ {
// Check permission $user = CurrentSession::$user;
if (!CurrentSession::$user->permission(Site::CHANGE_EMAIL)) {
$message = "You aren't allowed to change your e-mail address."; // Check permissions
$redirect = route('settings.index'); $edit_email = $user->permission(Site::CHANGE_EMAIL);
return view('global/information', compact('message', 'redirect')); $edit_usern = $user->permission(Site::CHANGE_USERNAME);
$edit_title = $user->permission(Site::CHANGE_USERTITLE);
$edit_passw = $user->permission(Site::CHANGE_PASSWORD);
$last_name_change = 0;
if ($edit_usern) {
$last_name_change = $user->getUsernameHistory()[0]->change_time ?? 0;
} }
$email = $_POST['email'] ?? null; // Check eligibility for username changes
$username_allow = $edit_usern && (time() - $last_name_change) > 2592000;
if (session_check() && $email) { if (isset($_POST['session']) && session_check()) {
$redirect = route('settings.account.email'); $redirect = route('settings.account.details');
$email = $_POST['email'] ?? null;
// Validate e-mail address if ($email) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { // Validate e-mail address
$message = "The e-mail address you supplied is invalid!"; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return view('global/information', compact('redirect', 'message')); $message = "The e-mail address you supplied is invalid!";
return view('global/information', compact('redirect', 'message'));
}
// Check the MX record of the email
if (!check_mx_record($email)) {
$message = 'No valid MX-Record found on the e-mail address you supplied.';
return view('global/information', compact('redirect', 'message'));
}
// Check if the e-mail has already been used
$emailCheck = DB::table('users')
->where('email', $email)
->count();
if ($emailCheck) {
$message = 'Someone already used this e-mail!';
return view('global/information', compact('redirect', 'message'));
}
$user->setMail($email);
} }
// Check the MX record of the email $username = $_POST['username'] ?? null;
if (!check_mx_record($email)) {
$message = 'No valid MX-Record found on the e-mail address you supplied.'; if ($username) {
return view('global/information', compact('redirect', 'message')); $username_clean = clean_string($username, true);
// Check if the username is too short
if (strlen($username_clean) < config('user.name_min')) {
$message = "This username is too short!";
return view('global/information', compact('redirect', 'message'));
}
// Check if the username is too long
if (strlen($username_clean) > config('user.name_max')) {
$message = "This username is too long!";
return view('global/information', compact('redirect', 'message'));
}
// Check if this username hasn't been used in the last amount of days set in the config
$getOld = DB::table('username_history')
->where('username_old_clean', $username_clean)
->where('change_time', '>', (config('user.name_reserve') * 24 * 60 * 60))
->orderBy('change_id', 'desc')
->first();
// Check if anything was returned
if ($getOld && $getOld->user_id != $user->id) {
$message = "The username you tried to use is reserved, try again later!";
return view('global/information', compact('redirect', 'message'));
}
// Check if the username is already in use
$getInUse = DB::table('users')
->where('username_clean', $username_clean)
->count();
// Check if anything was returned
if ($getInUse) {
$message = "Someone is already using this name!";
return view('global/information', compact('redirect', 'message'));
}
$user->setUsername($username);
} }
// Check if the e-mail has already been used $title = $_POST['title'] ?? null;
$emailCheck = DB::table('users')
->where('email', $email) if ($title) {
->count(); if (strlen($title) > 64) {
if ($emailCheck) { $message = "This title is too long!";
$message = 'Someone already used this e-mail!'; return view('global/information', compact('redirect', 'message'));
return view('global/information', compact('redirect', 'message')); }
if ($title !== $user->title) {
// Update database
DB::table('users')
->where('user_id', $user->id)
->update([
'user_title' => $title,
]);
}
} }
CurrentSession::$user->setMail($email); $password = $_POST['password'] ?? null;
$message = 'Changed your e-mail address!'; if ($password) {
// Check password entropy
if (password_entropy($password) < config('user.pass_min_entropy')) {
$message = "Your password isn't strong enough!";
return view('global/information', compact('redirect', 'message'));
}
$user->setPassword($password);
}
$message = "Saved!";
return view('global/information', compact('redirect', 'message')); return view('global/information', compact('redirect', 'message'));
} }
return view('settings/account/email'); return view('settings/account/details', compact(
} 'edit_email',
'edit_usern',
/** 'edit_title',
* Renders the username changing page. 'edit_passw',
* @return string 'last_name_change',
*/ 'username_allow'
public function username() ));
{
// Check permission
if (!CurrentSession::$user->permission(Site::CHANGE_USERNAME)) {
$message = "You aren't allowed to change your username.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
}
$username = $_POST['username'] ?? null;
if (session_check() && $username) {
$redirect = route('settings.account.username');
$username_clean = clean_string($username, true);
// Check if the username is too short
if (strlen($username_clean) < config('user.name_min')) {
$message = "This username is too short!";
return view('global/information', compact('redirect', 'message'));
}
// Check if the username is too long
if (strlen($username_clean) > config('user.name_max')) {
$message = "This username is too long!";
return view('global/information', compact('redirect', 'message'));
}
// Check if this username hasn't been used in the last amount of days set in the config
$getOld = DB::table('username_history')
->where('username_old_clean', $username_clean)
->where('change_time', '>', (config('user.name_reserve') * 24 * 60 * 60))
->orderBy('change_id', 'desc')
->get();
// Check if anything was returned
if ($getOld && $getOld[0]->user_id != CurrentSession::$user->id) {
$message = "The username you tried to use is reserved, try again later!";
return view('global/information', compact('redirect', 'message'));
}
// Check if the username is already in use
$getInUse = DB::table('users')
->where('username_clean', $username_clean)
->get();
// Check if anything was returned
if ($getInUse) {
$message = "Someone is already using this name!";
return view('global/information', compact('redirect', 'message'));
}
CurrentSession::$user->setUsername($username);
$message = "Changed your username!";
return view('global/information', compact('redirect', 'message'));
}
return view('settings/account/username');
}
/**
* Renders the user title changing page.
* @return string
*/
public function title()
{
// Check permission
if (!CurrentSession::$user->permission(Site::CHANGE_USERTITLE)) {
$message = "You aren't allowed to change your title.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
}
$title = $_POST['title'] ?? null;
if (session_check() && $title !== null) {
$redirect = route('settings.account.title');
if (strlen($title) > 64) {
$message = "This title is too long!";
return view('global/information', compact('redirect', 'message'));
}
if ($title === CurrentSession::$user->title) {
$message = "This is already your title!";
return view('global/information', compact('redirect', 'message'));
}
// Update database
DB::table('users')
->where('user_id', CurrentSession::$user->id)
->update([
'user_title' => $title,
]);
$message = "Changed your title!";
return view('global/information', compact('redirect', 'message'));
}
return view('settings/account/title');
}
/**
* Renders the password changing page.
* @return string
*/
public function password()
{
// Check permission
if (!CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) {
$message = "You aren't allowed to change your password.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
}
$current = $_POST['current'] ?? null;
$password = $_POST['password'] ?? null;
if (session_check() && $current && $password) {
$redirect = route('settings.account.password');
// Check current password
if (!password_verify($current, CurrentSession::$user->password)) {
$message = "Your password was invalid!";
return view('global/information', compact('redirect', 'message'));
}
// Check password entropy
if (password_entropy($password) < config('user.pass_min_entropy')) {
$message = "Your password isn't strong enough!";
return view('global/information', compact('redirect', 'message'));
}
CurrentSession::$user->setPassword($password);
$message = "Changed your password!";
return view('global/information', compact('redirect', 'message'));
}
return view('settings/account/password');
} }
/** /**

View file

@ -9,7 +9,6 @@ namespace Sakura\Controllers\Settings;
use Sakura\Controllers\Controller as BaseController; use Sakura\Controllers\Controller as BaseController;
use Sakura\CurrentSession; use Sakura\CurrentSession;
use Sakura\Perms\Site; use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template; use Sakura\Template;
/** /**
@ -37,59 +36,53 @@ class Controller extends BaseController
// Account // Account
if (CurrentSession::$user->permission(Site::ALTER_PROFILE)) { if (CurrentSession::$user->permission(Site::ALTER_PROFILE)) {
$nav["Account"]["Profile"] = Router::route('settings.account.profile'); $nav["Account"]["Profile"] = route('settings.account.profile');
} }
if (CurrentSession::$user->permission(Site::CHANGE_EMAIL)) { if (CurrentSession::$user->permission(Site::CHANGE_EMAIL)
$nav["Account"]["E-mail address"] = Router::route('settings.account.email'); || CurrentSession::$user->permission(Site::CHANGE_USERNAME)
} || CurrentSession::$user->permission(Site::CHANGE_USERTITLE)
if (CurrentSession::$user->permission(Site::CHANGE_USERNAME)) { || CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) {
$nav["Account"]["Username"] = Router::route('settings.account.username'); $nav["Account"]["Details"] = route('settings.account.details');
}
if (CurrentSession::$user->permission(Site::CHANGE_USERTITLE)) {
$nav["Account"]["Title"] = Router::route('settings.account.title');
}
if (CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) {
$nav["Account"]["Password"] = Router::route('settings.account.password');
} }
if (CurrentSession::$user->permission(Site::ALTER_RANKS)) { if (CurrentSession::$user->permission(Site::ALTER_RANKS)) {
$nav["Account"]["Ranks"] = Router::route('settings.account.ranks'); $nav["Account"]["Ranks"] = route('settings.account.ranks');
} }
// Friends // Friends
if (CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) { if (CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) {
$nav["Friends"]["Listing"] = Router::route('settings.friends.listing'); $nav["Friends"]["Listing"] = route('settings.friends.listing');
$nav["Friends"]["Requests"] = Router::route('settings.friends.requests'); $nav["Friends"]["Requests"] = route('settings.friends.requests');
} }
// Notifications // Notifications
$nav["Notifications"]["History"] = Router::route('settings.notifications.history'); $nav["Notifications"]["History"] = route('settings.notifications.history');
// Appearance // Appearance
if (CurrentSession::$user->permission(Site::CHANGE_AVATAR)) { if (CurrentSession::$user->permission(Site::CHANGE_AVATAR)) {
$nav["Appearance"]["Avatar"] = Router::route('settings.appearance.avatar'); $nav["Appearance"]["Avatar"] = route('settings.appearance.avatar');
} }
if (CurrentSession::$user->permission(Site::CHANGE_BACKGROUND)) { if (CurrentSession::$user->permission(Site::CHANGE_BACKGROUND)) {
$nav["Appearance"]["Background"] = Router::route('settings.appearance.background'); $nav["Appearance"]["Background"] = route('settings.appearance.background');
} }
if (CurrentSession::$user->permission(Site::CHANGE_HEADER)) { if (CurrentSession::$user->permission(Site::CHANGE_HEADER)) {
$nav["Appearance"]["Header"] = Router::route('settings.appearance.header'); $nav["Appearance"]["Header"] = route('settings.appearance.header');
} }
if (( if ((
CurrentSession::$user->page CurrentSession::$user->page
&& CurrentSession::$user->permission(Site::CHANGE_USERPAGE) && CurrentSession::$user->permission(Site::CHANGE_USERPAGE)
) || CurrentSession::$user->permission(Site::CREATE_USERPAGE)) { ) || CurrentSession::$user->permission(Site::CREATE_USERPAGE)) {
$nav["Appearance"]["Userpage"] = Router::route('settings.appearance.userpage'); $nav["Appearance"]["Userpage"] = route('settings.appearance.userpage');
} }
if (CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) { if (CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) {
$nav["Appearance"]["Signature"] = Router::route('settings.appearance.signature'); $nav["Appearance"]["Signature"] = route('settings.appearance.signature');
} }
// Advanced // Advanced
if (CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) { if (CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) {
$nav["Advanced"]["Sessions"] = Router::route('settings.advanced.sessions'); $nav["Advanced"]["Sessions"] = route('settings.advanced.sessions');
} }
if (CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) { if (CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
$nav["Advanced"]["Deactivate"] = Router::route('settings.advanced.deactivate'); $nav["Advanced"]["Deactivate"] = route('settings.advanced.deactivate');
} }
return $nav; return $nav;

View file

@ -0,0 +1,40 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Details' %}
{% block description %}
<p>Alter the details of your account, leave fields blank to leave them unchanged.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.details') }}">
{% if edit_email %}
<div class="profile-field">
<div><h2>E-mail address</h2></div>
<div><input type="text" name="email" placeholder="{{ user.email }}" class="inputStyling"></div>
</div>
{% endif %}
{% if edit_usern %}
<div class="profile-field">
<div><h2>Username {% if last_name_change %}(last change was <time class="time-ago" datetime="{{ last_name_change|date('r') }}">{{ last_name_change|date(config('general.date_format')) }}</time>){% endif %}</h2></div>
<div><input type="text" name="username"{% if username_allow %} placeholder="At least {{ config('user.name_min') }} and at most {{ config('user.name_max') }} characters!"{% else %}disabled placeholder="You can't change your name right now!" {% endif %} class="inputStyling"></div>
</div>
{% endif %}
{% if edit_title %}
<div class="profile-field">
<div><h2>Title</h2></div>
<div><input type="text" name="title" placeholder="Max 64 characters, leaving this empty will actually reset it" class="inputStyling" value="{{ user.title }}"></div>
</div>
{% endif %}
{% if edit_passw %}
<div class="profile-field">
<div><h2>Password</h2></div>
<div><input type="password" name="password" placeholder="Must be at least decently strong, size doesn't matter" class="inputStyling"></div>
</div>
{% endif %}
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -1,21 +0,0 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'E-mail address' %}
{% block description %}
<p>You e-mail address is used for password recovery and stuff like that!</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.email') }}">
<h3 style="text-align: center;">Your e-mail address is currently set to <span style="font-weight: 700;">{{ user.email }}</span>.</h3>
<div class="profile-field">
<div><h2>E-mail address</h2></div>
<div><input type="text" name="email" placeholder="Enter your new e-mail address" class="inputStyling"></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -1,24 +0,0 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Password' %}
{% block description %}
<p>Used to authenticate with the site and certain related services.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.password') }}">
<div class="profile-field">
<div><h2>Current Password</h2></div>
<div><input type="password" name="current" placeholder="Enter your current password." class="inputStyling"></div>
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div><input type="password" name="password" placeholder="Enter your new password." class="inputStyling"></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -1,21 +0,0 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Title' %}
{% block description %}
<p>That little piece of text displayed besides your username in most places.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.title') }}">
<h3 style="text-align: center;">Your current user title is:<br><span style="font-weight: 700;">{{ user.title }}</span></h3>
<div class="profile-field">
<div><h2>New title</h2></div>
<div><input type="text" name="title" placeholder="Enter your new user title (Max 64 characters)" class="inputStyling" value="{{ user.title }}"></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -1,27 +0,0 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Username' %}
{% block description %}
<p>Probably the biggest part of your identity on a site.</p>
<p><b>You can only change this once every 30 days so choose wisely.</b></p>
{% endblock %}
{% set eligible = user.getUsernameHistory ? (date().timestamp - user.getUsernameHistory()[0].change_time) > 2592000 : true %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.username') }}">
<h1 class="stylised" style="text-align: center; margin-top: 10px;{% if not eligible %} color: #c44;{% endif %}">You are {% if not eligible %}not {% endif %}eligible for a name change.</h1>
<h3 style="text-align: center;">{% if user.getUsernameHistory %}Your last name change was <time class="time-ago" datetime="{{ user.getUsernameHistory[0]['change_time']|date('r') }}">{{ user.getUsernameHistory[0]['change_time']|date(config('general.date_format')) }}</time>.{% else %}This is your first username change.{% endif %}</h3>
{% if eligible %}
<div class="profile-field">
<div><h2>Username</h2></div>
<div><input type="text" name="username" placeholder="Enter your new username (at least {{ config('user.name_min') }} and at most {{ config('user.name_max') }} characters!)" class="inputStyling"></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
{% endif %}
</form>
{% endblock %}

View file

@ -226,14 +226,8 @@ Router::group(['before' => 'maintenance'], function () {
Router::get('/profile', 'Settings.AccountController@profile', 'settings.account.profile'); Router::get('/profile', 'Settings.AccountController@profile', 'settings.account.profile');
Router::post('/profile', 'Settings.AccountController@profile', 'settings.account.profile'); Router::post('/profile', 'Settings.AccountController@profile', 'settings.account.profile');
Router::get('/email', 'Settings.AccountController@email', 'settings.account.email'); Router::get('/details', 'Settings.AccountController@details', 'settings.account.details');
Router::post('/email', 'Settings.AccountController@email', 'settings.account.email'); Router::post('/details', 'Settings.AccountController@details', 'settings.account.details');
Router::get('/username', 'Settings.AccountController@username', 'settings.account.username');
Router::post('/username', 'Settings.AccountController@username', 'settings.account.username');
Router::get('/title', 'Settings.AccountController@title', 'settings.account.title');
Router::post('/title', 'Settings.AccountController@title', 'settings.account.title');
Router::get('/password', 'Settings.AccountController@password', 'settings.account.password');
Router::post('/password', 'Settings.AccountController@password', 'settings.account.password');
Router::get('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks'); Router::get('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks');
Router::post('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks'); Router::post('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks');
}); });