diff --git a/libraries/Controllers/AuthController.php b/libraries/Controllers/AuthController.php index b3ff19d..eb107e7 100644 --- a/libraries/Controllers/AuthController.php +++ b/libraries/Controllers/AuthController.php @@ -57,7 +57,7 @@ class AuthController extends Controller $message = 'Something happened! This probably happened because you went here without being logged in.'; $redirect = (isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : Router::route('main.index')); - Template::vars(['page' => ['success' => 0, 'redirect' => $redirect, 'message' => $message]]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -69,7 +69,7 @@ class AuthController extends Controller $message = 'Goodbye!'; $redirect = Router::route('auth.login'); - Template::vars(['page' => ['success' => 1, 'redirect' => $redirect, 'message' => $message]]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -92,13 +92,12 @@ class AuthController extends Controller public function loginPost() { // Preliminarily set login to failed - $success = 0; $redirect = Router::route('auth.login'); // Check if authentication is disallowed if (Config::get('lock_authentication')) { $message = 'Logging in is disabled for security checkups! Try again later.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -117,7 +116,7 @@ class AuthController extends Controller if ($rates > 4) { $message = 'Your have hit the login rate limit, try again later.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -129,7 +128,7 @@ class AuthController extends Controller if ($user->id === 0) { $this->touchRateLimit($user->id); $message = 'The user you tried to log into does not exist.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -140,7 +139,7 @@ class AuthController extends Controller case 'disabled': $this->touchRateLimit($user->id); $message = 'Logging into this account is disabled.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); @@ -154,7 +153,7 @@ class AuthController extends Controller ])) { $this->touchRateLimit($user->id); $message = 'The password you entered was invalid.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -163,8 +162,9 @@ class AuthController extends Controller // Check if the user has the required privs to log in if ($user->permission(Site::DEACTIVATED)) { $this->touchRateLimit($user->id); - $message = 'Your account does not have the required permissions to log in.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + $message = 'Your account is deactivated, activate it first!'; + $redirect = Router::route('auth.reactivate'); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -193,8 +193,6 @@ class AuthController extends Controller $this->touchRateLimit($user->id, true); - $success = 1; - $redirect = $user->lastOnline ? (isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] @@ -203,7 +201,7 @@ class AuthController extends Controller $message = 'Welcome' . ($user->lastOnline ? ' back' : '') . '!'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -239,14 +237,13 @@ class AuthController extends Controller public function registerPost() { // Preliminarily set registration to failed - $success = 0; $redirect = Router::route('auth.register'); // Check if authentication is disallowed if (Config::get('lock_authentication') || Config::get('disable_registration')) { $message = 'Registration is disabled for security checkups! Try again later.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -255,7 +252,7 @@ class AuthController extends Controller if (!isset($_POST['session']) || $_POST['session'] != session_id()) { $message = "Your session expired, refreshing the page will most likely fix this!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -274,7 +271,7 @@ class AuthController extends Controller if (!$terms) { $message = 'You are required to agree to the Terms of Service.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -295,7 +292,7 @@ class AuthController extends Controller if (!$response || !$response->success) { $message = 'Captcha verification failed, please try again.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -309,7 +306,7 @@ class AuthController extends Controller $message = "{$user->username} is already a member here!" . " If this is you please use the password reset form instead of making a new account."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -318,7 +315,7 @@ class AuthController extends Controller if (strlen($username) < Config::get('username_min_length')) { $message = 'Your name must be at least 3 characters long.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -327,7 +324,7 @@ class AuthController extends Controller if (strlen($username) > Config::get('username_max_length')) { $message = 'Your name can\'t be longer than 16 characters.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -336,7 +333,7 @@ class AuthController extends Controller if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $message = 'Your e-mail address is formatted incorrectly.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -345,7 +342,7 @@ class AuthController extends Controller if (!check_mx_record($email)) { $message = 'No valid MX-Record found on the e-mail address you supplied.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -357,7 +354,7 @@ class AuthController extends Controller if ($emailCheck) { $message = 'Someone already registered using this email!'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -366,7 +363,7 @@ class AuthController extends Controller if (password_entropy($password) < Config::get('min_entropy')) { $message = 'Your password is too weak, try adding some special characters.'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -385,13 +382,12 @@ class AuthController extends Controller } // Return true with a specific message if needed - $success = 1; $redirect = Router::route('auth.login'); $message = $requireActive ? 'Your registration went through! An activation e-mail has been sent.' : 'Your registration went through! Welcome to ' . Config::get('sitename') . '!'; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -404,7 +400,6 @@ class AuthController extends Controller public function activate() { // Preliminarily set activation to failed - $success = 0; $redirect = Router::route('main.index'); // Attempt to get the required GET parameters @@ -418,7 +413,7 @@ class AuthController extends Controller if ($user->id === 0) { $message = "This user does not exist! Contact us if you think this isn't right."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -427,7 +422,7 @@ class AuthController extends Controller if (!$user->permission(Site::DEACTIVATED)) { $message = "Your account is already activated! Why are you here?"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -438,7 +433,7 @@ class AuthController extends Controller if (!$action) { $message = "Invalid activation code! Contact us if you think this isn't right."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -452,11 +447,10 @@ class AuthController extends Controller $user->setMainRank($rankDefault); $user->removeRanks([$rankDeactive]); - $success = 1; $redirect = Router::route('auth.login'); $message = "Your account is activated, welcome to " . Config::get('sitename') . "!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -479,14 +473,13 @@ class AuthController extends Controller public function reactivatePost() { // Preliminarily set registration to failed - $success = 0; $redirect = Router::route('auth.reactivate'); // Check if authentication is disallowed if (Config::get('lock_authentication')) { $message = "You can't request a reactivation at this time, sorry!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -495,7 +488,7 @@ class AuthController extends Controller if (!isset($_POST['session']) || $_POST['session'] != session_id()) { $message = "Your session expired, refreshing the page will most likely fix this!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -514,7 +507,7 @@ class AuthController extends Controller if (!$getUser) { $message = "User not found! Double check your username and e-mail address!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -526,7 +519,7 @@ class AuthController extends Controller if (!$user->permission(Site::DEACTIVATED)) { $message = "Your account is already activated! Why are you here?"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -534,11 +527,10 @@ class AuthController extends Controller // Send activation e-mail to user $this->sendActivationMail($user); - $success = 1; $redirect = Router::route('auth.login'); $message = "Sent the e-mail! Make sure to check your spam folder as well!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -561,14 +553,13 @@ class AuthController extends Controller public function resetPasswordPost() { // Preliminarily set action to failed - $success = 0; $redirect = Router::route('main.index'); // Check if authentication is disallowed if (Config::get('lock_authentication')) { $message = "You can't request a reactivation at this time, sorry!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -577,7 +568,7 @@ class AuthController extends Controller if (!isset($_POST['session']) || $_POST['session'] != session_id()) { $message = "Your session expired, refreshing the page will most likely fix this!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -596,7 +587,7 @@ class AuthController extends Controller if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) { $message = "This user does not exist! Contact us if you think this isn't right."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -605,7 +596,7 @@ class AuthController extends Controller if ($user->permission(Site::DEACTIVATED)) { $message = "Your account is deactivated, go activate it first..."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -615,7 +606,7 @@ class AuthController extends Controller if (password_entropy($password) < Config::get('min_entropy')) { $message = "Your password doesn't meet the strength requirements!"; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -626,7 +617,7 @@ class AuthController extends Controller if (!$action) { $message = "Invalid verification code! Contact us if you think this isn't right."; - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -645,19 +636,17 @@ class AuthController extends Controller 'password_chan' => time(), ]); - $success = 1; $message = "Changed your password! You may now log in."; $redirect = Router::route('auth.login'); } else { // Send the e-mail $this->sendPasswordMail($user); - $success = 1; $message = "Sent the e-mail, keep an eye on your spam folder as well!"; $redirect = Router::route('main.index'); } - Template::vars(['page' => compact('success', 'redirect', 'message')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } diff --git a/libraries/Controllers/ForumController.php b/libraries/Controllers/ForumController.php index 62b2bca..61bc3e6 100644 --- a/libraries/Controllers/ForumController.php +++ b/libraries/Controllers/ForumController.php @@ -385,9 +385,6 @@ class ForumController extends Controller break; } - // Set pruned to true - $pruned = true; - // Delete the thread $thread->delete(); @@ -453,7 +450,7 @@ class ForumController extends Controller $message = "This post doesn't exist or you don't have access to it!"; $redirect = Router::route('forums.index'); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -526,7 +523,7 @@ class ForumController extends Controller $message = "This post doesn't exist or you don't have access to it!"; $redirect = Router::route('forums.index'); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -540,7 +537,7 @@ class ForumController extends Controller $message = "You are not allowed to post in this thread!"; $redirect = Router::route('forums.thread', $thread->id); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -564,7 +561,7 @@ class ForumController extends Controller ); $redirect = "{$route}#reply"; - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); if (!isset($_SESSION['replyText'])) { $_SESSION['replyText'] = []; @@ -615,7 +612,7 @@ class ForumController extends Controller $message = "This forum doesn't exist or you don't have access to it!"; $redirect = Router::route('forums.index'); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -654,7 +651,7 @@ class ForumController extends Controller $redirect = Router::route('forums.new', $forum->id); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); if (!isset($_SESSION['replyText'])) { $_SESSION['replyText'] = []; @@ -732,7 +729,7 @@ class ForumController extends Controller $redirect = Router::route('forums.index'); } - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -774,7 +771,7 @@ class ForumController extends Controller $redirect = Router::route('forums.post', $post->id); - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); if (!isset($_SESSION['replyText'])) { $_SESSION['replyText'] = []; @@ -853,7 +850,7 @@ class ForumController extends Controller $redirect = Router::route('forums.index'); } - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } @@ -876,7 +873,7 @@ class ForumController extends Controller $redirect = Router::route('forums.thread', $thread->id); } - Template::vars(['page' => compact('message', 'redirect')]); + Template::vars(compact('message', 'redirect')); return Template::render('global/information'); } diff --git a/libraries/Controllers/PremiumController.php b/libraries/Controllers/PremiumController.php index dafe2e7..d45d45a 100644 --- a/libraries/Controllers/PremiumController.php +++ b/libraries/Controllers/PremiumController.php @@ -161,8 +161,6 @@ class PremiumController extends Controller return header("Location: {$failRoute}"); } - $pricePerMonth = Config::get('premium_price_per_month'); - ActiveUser::$user->addPremium(self::PERIOD_PER_PAYMENT * $months); return header("Location: {$successRoute}"); diff --git a/libraries/Controllers/Settings/AccountController.php b/libraries/Controllers/Settings/AccountController.php index 35aaf19..287554f 100644 --- a/libraries/Controllers/Settings/AccountController.php +++ b/libraries/Controllers/Settings/AccountController.php @@ -7,6 +7,14 @@ namespace Sakura\Controllers\Settings; +use Sakura\ActiveUser; +use Sakura\Config; +use Sakura\DB; +use Sakura\Hashing; +use Sakura\Perms\Site; +use Sakura\Router; +use Sakura\Template; + /** * Account settings. * @@ -17,26 +25,309 @@ class AccountController extends Controller { public function email() { - return $this->go('account.email'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_EMAIL)) { + $message = "You aren't allowed to change your e-mail address."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $email = $_POST['email'] ?? null; + + if ($session && $email) { + $redirect = Router::route('settings.account.email'); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Validate e-mail address + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $message = "The e-mail address you supplied is invalid!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check the MX record of the email + if (!check_mx_record($email)) { + $message = 'No valid MX-Record found on the e-mail address you supplied.'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + // Check if the e-mail has already been used + $emailCheck = DB::table('users') + ->where('email', $email) + ->count(); + if ($emailCheck) { + $message = 'Someone already used this e-mail!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + ActiveUser::$user->setMail($email); + + $message = 'Changed your e-mail address!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + return Template::render('settings/account/email'); } public function username() { - return $this->go('account.username'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_USERNAME)) { + $message = "You aren't allowed to change your username."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $username = $_POST['username'] ?? null; + + if ($session && $username) { + $redirect = Router::route('settings.account.username'); + $username_clean = clean_string($username, true); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check if the username is too short + if (strlen($username_clean) < Config::get('username_min_length')) { + $message = "This username is too short!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check if the username is too long + if (strlen($username_clean) > Config::get('username_max_length')) { + $message = "This username is too long!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check if this username hasn't been used in the last amount of days set in the config + $getOld = DB::table('username_history') + ->where('username_old_clean', $username_clean) + ->where('change_time', '>', (Config::get('old_username_reserve') * 24 * 60 * 60)) + ->orderBy('change_id', 'desc') + ->get(); + + // Check if anything was returned + if ($getOld && $getOld[0]->user_id != ActiveUser::$user->id) { + $message = "The username you tried to use is reserved, try again later!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check if the username is already in use + $getInUse = DB::table('users') + ->where('username_clean', $username_clean) + ->get(); + + // Check if anything was returned + if ($getInUse) { + $message = "Someone is already using this name!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + ActiveUser::$user->setUsername($username, $username_clean); + + $message = "Changed your username!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + return Template::render('settings/account/username'); } public function title() { - return $this->go('account.usertitle'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) { + $message = "You aren't allowed to change your title."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $title = $_POST['title'] ?? null; + + if ($session && $title !== null) { + $redirect = Router::route('settings.account.title'); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + if (strlen($title) > 64) { + $message = "This title is too long!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + if ($title === ActiveUser::$user->title) { + $message = "This is already your title!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Update database + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_title' => $title, + ]); + + $message = "Changed your title!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + return Template::render('settings/account/title'); } public function password() { - return $this->go('account.password'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) { + $message = "You aren't allowed to change your password."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $current = $_POST['current'] ?? null; + $password = $_POST['password'] ?? null; + + if ($session && $current && $password) { + $redirect = Router::route('settings.account.password'); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check current password + if (!Hashing::validatePassword($current, [ + ActiveUser::$user->passwordAlgo, + ActiveUser::$user->passwordIter, + ActiveUser::$user->passwordSalt, + ActiveUser::$user->passwordHash, + ])) { + $message = "Your password was invalid!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check password entropy + if (password_entropy($password) < Config::get('min_entropy')) { + $message = "Your password isn't strong enough!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + ActiveUser::$user->setPassword($password); + + $message = "Changed your password!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + return Template::render('settings/account/password'); } public function ranks() { - return $this->go('account.ranks'); + // Check permission + if (!ActiveUser::$user->permission(Site::ALTER_RANKS)) { + $message = "You aren't allowed to manage your ranks."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $rank = $_POST['rank'] ?? null; + $mode = $_POST['mode'] ?? null; + + $locked = [ + Config::get('deactive_rank_id'), + Config::get('default_rank_id'), + Config::get('premium_rank_id'), + Config::get('restricted_rank_id'), + ]; + + if ($session && $rank && $mode) { + $redirect = Router::route('settings.account.ranks'); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check if user has this rank + if (!ActiveUser::$user->hasRanks([$rank])) { + $message = "You aren't a part of this rank!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + if ($mode == 'remove') { + if (in_array($rank, $locked)) { + $message = "You aren't allowed to remove this rank from your account!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + ActiveUser::$user->removeRanks([$rank]); + + $message = "Removed the rank from your account!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + ActiveUser::$user->setMainRank($rank); + + $message = "Changed your main rank!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + Template::vars(compact('locked')); + + return Template::render('settings/account/ranks'); } } diff --git a/libraries/Controllers/Settings/AdvancedController.php b/libraries/Controllers/Settings/AdvancedController.php index 09b65ae..42a50a7 100644 --- a/libraries/Controllers/Settings/AdvancedController.php +++ b/libraries/Controllers/Settings/AdvancedController.php @@ -9,6 +9,9 @@ namespace Sakura\Controllers\Settings; use Sakura\ActiveUser; use Sakura\DB; +use Sakura\Hashing; +use Sakura\Perms\Site; +use Sakura\Router; use Sakura\Template; /** @@ -21,6 +24,61 @@ class AdvancedController extends Controller { public function sessions() { + // Check permission + if (!ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) { + $message = "You aren't allowed to manage sessions."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $id = $_POST['id'] ?? null; + $all = isset($_POST['all']); + + if ($session && ($id || $all)) { + $redirect = Router::route('settings.advanced.sessions'); + + // Check if the CSRF session matches + if ($session !== session_id()) { + $message = "Your session expired, not the one you were intending to let expire though!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // End all sessions + if ($all) { + DB::table('sessions') + ->where('user_id', ActiveUser::$user->id) + ->delete(); + + $message = "Deleted all active session associated with your account!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Create the session statement + $session = DB::table('sessions') + ->where('user_id', ActiveUser::$user->id) + ->where('session_id', $id); + + // Check if the session exists + if (!$session->count()) { + $message = "This session doesn't exist!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Delete it + $session->delete(); + + $message = "Deleted the session!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + $sessions = DB::table('sessions') ->where('user_id', ActiveUser::$user->id) ->get(); @@ -32,6 +90,55 @@ class AdvancedController extends Controller public function deactivate() { - return $this->go('advanced.deactivate'); + // Check permission + if (!ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) { + $message = "You aren't allowed to deactivate your account."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $password = $_POST['password'] ?? null; + + if ($session && $password) { + $redirect = Router::route('settings.advanced.deactivate'); + + // Verify session + if ($session !== session_id()) { + $message = "Session verification failed!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Check password + if (!Hashing::validatePassword($password, [ + ActiveUser::$user->passwordAlgo, + ActiveUser::$user->passwordIter, + ActiveUser::$user->passwordSalt, + ActiveUser::$user->passwordHash, + ])) { + $message = "Your password was invalid!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + // Deactivate account + ActiveUser::$user->removeRanks(array_keys(ActiveUser::$user->ranks)); + ActiveUser::$user->addRanks([1]); + ActiveUser::$user->setMainRank(1); + + // Destroy all active sessions + ActiveUser::$session->destroyAll(); + + $redirect = Router::route('main.index'); + $message = "Farewell!"; + Template::vars(compact('redirect', 'message')); + return Template::render('global/information'); + } + + return Template::render('settings/advanced/deactivate'); } } diff --git a/libraries/Controllers/Settings/AppearanceController.php b/libraries/Controllers/Settings/AppearanceController.php index 35e2e83..ceda9ba 100644 --- a/libraries/Controllers/Settings/AppearanceController.php +++ b/libraries/Controllers/Settings/AppearanceController.php @@ -7,6 +7,12 @@ namespace Sakura\Controllers\Settings; +use Sakura\ActiveUser; +use Sakura\DB; +use Sakura\Perms\Site; +use Sakura\Router; +use Sakura\Template; + /** * Appearance settings. * @@ -17,26 +23,150 @@ class AppearanceController extends Controller { public function avatar() { + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_AVATAR)) { + $message = "You aren't allowed to change your avatar."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + return $this->go('appearance.avatar'); } public function background() { + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_BACKGROUND)) { + $message = "You aren't allowed to change your background."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + return $this->go('appearance.background'); } public function header() { - return $this->go('appearance.header'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_HEADER)) { + $message = "You aren't allowed to change your profile header."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $header = $_POST['header'] ?? null; + + return Template::render('settings/appearance/header'); } public function userpage() { - return $this->go('appearance.userpage'); + // Check permission + if (!( + ActiveUser::$user->page + && ActiveUser::$user->permission(Site::CHANGE_USERPAGE) + ) || !ActiveUser::$user->permission(Site::CREATE_USERPAGE)) { + $message = "You aren't allowed to change your userpage."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $userpage = $_POST['userpage'] ?? null; + + $maxLength = 65535; + + if ($session && $userpage) { + $redirect = Router::route('settings.appearance.userpage'); + + if ($session !== session_id()) { + $message = 'Your session expired!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + if (strlen($userpage) > $maxLength) { + $message = 'Your userpage is too long, shorten it a little!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + // Update database + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_page' => $userpage, + ]); + + $message = 'Updated your userpage!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + Template::vars(compact('maxLength')); + + return Template::render('settings/appearance/userpage'); } public function signature() { - return $this->go('appearance.signature'); + // Check permission + if (!ActiveUser::$user->permission(Site::CHANGE_SIGNATURE)) { + $message = "You aren't allowed to change your signature."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + + $session = $_POST['session'] ?? null; + $signature = $_POST['signature'] ?? null; + + $maxLength = 500; + + if ($session && $signature) { + $redirect = Router::route('settings.appearance.signature'); + + if ($session !== session_id()) { + $message = 'Your session expired!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + if (strlen($signature) > $maxLength) { + $message = 'Your signature is too long, shorten it a little!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + // Update database + DB::table('users') + ->where('user_id', ActiveUser::$user->id) + ->update([ + 'user_signature' => $signature, + ]); + + $message = 'Updated your signature!'; + Template::vars(compact('message', 'redirect')); + return Template::render('global/information'); + } + + Template::vars(compact('maxLength')); + + return Template::render('settings/appearance/signature'); } } diff --git a/libraries/Controllers/Settings/FriendsController.php b/libraries/Controllers/Settings/FriendsController.php index 5e09b1e..4466772 100644 --- a/libraries/Controllers/Settings/FriendsController.php +++ b/libraries/Controllers/Settings/FriendsController.php @@ -7,6 +7,8 @@ namespace Sakura\Controllers\Settings; +use Sakura\ActiveUser; +use Sakura\Perms\Site; use Sakura\Template; /** @@ -19,11 +21,31 @@ class FriendsController extends Controller { public function listing() { + // Check permission + if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) { + $message = "You aren't allowed to manage friends."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + return Template::render('settings/friends/listing'); } public function requests() { + // Check permission + if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) { + $message = "You aren't allowed to manage friends."; + $redirect = Router::route('settings.general.home'); + + Template::vars(compact('message', 'redirect')); + + return Template::render('global/information'); + } + return Template::render('settings/friends/requests'); } } diff --git a/libraries/Template.php b/libraries/Template.php index 69b1ef1..8fae4bd 100644 --- a/libraries/Template.php +++ b/libraries/Template.php @@ -117,6 +117,9 @@ class Template // json_decode filter (why doesn't this exist to begin with?) self::$engine->addFilter(new Twig_SimpleFilter('json_decode', 'json_decode')); + + // byte_symbol filter + self::$engine->addFilter(new Twig_SimpleFilter('byte_symbol', 'byte_symbol')); } /** diff --git a/libraries/User.php b/libraries/User.php index 4e51a83..b4a4802 100644 --- a/libraries/User.php +++ b/libraries/User.php @@ -559,9 +559,6 @@ class User */ public function addFriend($uid) { - // Create the foreign object - $user = User::construct($uid); - // Add friend DB::table('friends') ->insert([ @@ -579,9 +576,6 @@ class User */ public function removeFriend($uid, $deleteRequest = false) { - // Create the foreign object - $user = User::construct($uid); - // Remove friend DB::table('friends') ->where('user_id', $this->id) @@ -1091,46 +1085,10 @@ class User * Alter the user's username * * @param string $username The new username. - * - * @return array Status indicator. + * @param string $username_clean The new (clean) username. */ - public function setUsername($username) + public function setUsername($username, $username_clean) { - // Create a cleaned version - $username_clean = clean_string($username, true); - - // Check if the username is too short - if (strlen($username_clean) < Config::get('username_min_length')) { - return [0, 'TOO_SHORT']; - } - - // Check if the username is too long - if (strlen($username_clean) > Config::get('username_max_length')) { - return [0, 'TOO_LONG']; - } - - // Check if this username hasn't been used in the last amount of days set in the config - $getOld = DB::table('username_history') - ->where('username_old_clean', $username_clean) - ->where('change_time', '>', (Config::get('old_username_reserve') * 24 * 60 * 60)) - ->orderBy('change_id', 'desc') - ->get(); - - // Check if anything was returned - if ($getOld && $getOld[0]->user_id != $this->id) { - return [0, 'TOO_RECENT', $getOld[0]['change_time']]; - } - - // Check if the username is already in use - $getInUse = DB::table('users') - ->where('username_clean', $username_clean) - ->get(); - - // Check if anything was returned - if ($getInUse) { - return [0, 'IN_USE', $getInUse[0]->user_id]; - } - // Insert into username_history table DB::table('username_history') ->insert([ @@ -1149,88 +1107,32 @@ class User 'username' => $username, 'username_clean' => $username_clean, ]); - - // Return success - return [1, 'SUCCESS', $username]; } /** * Alter a user's e-mail address * * @param string $email The new e-mail address. - * - * @return array Status indicator. */ - public function setEMailAddress($email) + public function setMail($email) { - // Validate e-mail address - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { - return [0, 'INVALID']; - } - - // Check if the username is already in use - $getInUse = DB::table('users') - ->where('email', $email) - ->get(); - - // Check if anything was returned - if ($getInUse) { - return [0, 'IN_USE', $getInUse[0]->user_id]; - } - // Update userrow DB::table('users') ->where('user_id', $this->id) ->update([ 'email' => $email, ]); - - // Return success - return [1, 'SUCCESS', $email]; } /** * Change the user's password * - * @param string $old The old password. - * @param string $new The new password - * @param string $confirm The new one again. - * - * @return array Status indicator. + * @param string $password The new password. */ - public function setPassword($old, $new, $confirm) + public function setPassword($password) { - // Validate password - switch ($this->passwordAlgo) { - // Disabled account - case 'disabled': - return [0, 'NO_LOGIN']; - - // Default hashing method - default: - if (!Hashing::validatePassword($old, [ - $this->passwordAlgo, - $this->passwordIter, - $this->passwordSalt, - $this->passwordHash, - ])) { - return [0, 'INCORRECT_PASSWORD', $this->passwordChan]; - } - - } - - // Check password entropy - if (password_entropy($new) < Config::get('min_entropy')) { - return [0, 'PASS_TOO_SHIT']; - } - - // Passwords do not match - if ($new != $confirm) { - return [0, 'PASS_NOT_MATCH']; - } - // Create hash - $password = Hashing::createHash($new); + $password = Hashing::createHash($password); // Update userrow DB::table('users') @@ -1242,9 +1144,6 @@ class User 'password_iter' => $password[1], 'password_chan' => time(), ]); - - // Return success - return [1, 'SUCCESS']; } /** diff --git a/public/settings.php b/public/settings.php index 38b23c1..be3f9d3 100644 --- a/public/settings.php +++ b/public/settings.php @@ -244,383 +244,13 @@ if (isset($_POST['submit']) && isset($_POST['submit'])) { ]; break; - // Usertitle - case 'usertitle': - // Check permissions - if (!$currentUser->permission(Site::CHANGE_USERTITLE)) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'You aren\'t allowed to change your usertitle.', - 'success' => 0, - ]; - break; - } - - // Check length - if (isset($_POST['usertitle']) ? (strlen($_POST['usertitle']) > 64) : false) { - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => 'Your usertitle is too long.', - 'success' => 0, - - ]; - break; - } - - // Update database - DB::table('users') - ->where('user_id', $currentUser->id) - ->update([ - 'user_title' => (isset($_POST['usertitle']) ? $_POST['usertitle'] : null), - ]); - - // Set render data - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => 'Updated your usertitle!', - 'success' => 1, - - ]; - break; - - // Username changing - case 'username': - // Check permissions - if (!$currentUser->permission(Site::CHANGE_USERNAME)) { - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => 'You aren\'t allowed to change your username.', - 'success' => 0, - - ]; - - break; - } - - // Attempt username change - $userNameChange = $currentUser->setUsername(isset($_POST['username']) ? $_POST['username'] : ''); - - // Messages - $messages = [ - 'TOO_SHORT' => 'Your new name is too short!', - 'TOO_LONG' => 'Your new name is too long!', - 'TOO_RECENT' => 'The username you tried to use is reserved, try again later.', - 'IN_USE' => 'Someone already has this username!', - 'SUCCESS' => 'Successfully changed your username!', - ]; - - // Set render data - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => $messages[$userNameChange[1]], - 'success' => $userNameChange[0], - - ]; - break; - - // E-mail changing - case 'email': - // Check permissions - if (!$currentUser->permission(Site::CHANGE_EMAIL)) { - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => 'You aren\'t allowed to change your e-mail address.', - 'success' => 0, - - ]; - - break; - } - - // Attempt e-mail change - $emailChange = $currentUser->setEMailAddress(isset($_POST['email']) ? $_POST['email'] : ''); - - // Messages - $messages = [ - 'INVALID' => 'Your e-mail isn\'t considered valid!', - 'IN_USE' => 'This e-mail address has already been used!', - 'SUCCESS' => 'Successfully changed your e-mail address!', - ]; - - // Set render data - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => $messages[$emailChange[1]], - 'success' => $emailChange[0], - - ]; - break; - - // Password changing - case 'password': - // Check permissions - if (!$currentUser->permission(Site::CHANGE_PASSWORD)) { - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => 'You aren\'t allowed to change your password.', - 'success' => 0, - - ]; - - break; - } - - // Attempt password change - $passChange = $currentUser->setPassword(isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '', isset($_POST['newpassword']) ? $_POST['newpassword'] : '', isset($_POST['newpasswordconfirm']) ? $_POST['newpasswordconfirm'] : ''); - - // Messages - $messages = [ - 'NO_LOGIN' => 'How are you even logged in right now?', - 'INCORRECT_PASSWORD' => 'The password you provided is incorrect!', - 'PASS_TOO_SHIT' => 'Your password isn\'t strong enough!', - 'PASS_NOT_MATCH' => 'Your new passwords don\'t match!', - 'SUCCESS' => 'Successfully changed your password!', - ]; - - // Set render data - $renderData['page'] = [ - - 'redirect' => $redirect, - 'message' => $messages[$passChange[1]], - 'success' => $passChange[0], - - ]; - break; - - // Userpage - case 'userpage': - if (!isset($_POST['userpage'])) { - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'No userpage was supplied.', - 'success' => 0, - ]; - } - - // Update database - DB::table('users') - ->where('user_id', $currentUser->id) - ->update([ - 'user_page' => $_POST['userpage'], - ]); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Your userpage has been updated!', - 'success' => 1, - ]; - break; - - // Signature - case 'signature': - if (!isset($_POST['signature'])) { - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'No signature was supplied.', - 'success' => 0, - ]; - } - - // Update database - DB::table('users') - ->where('user_id', $currentUser->id) - ->update([ - 'user_signature' => $_POST['signature'], - ]); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Your signature has been updated!', - 'success' => 1, - ]; - break; - - // Ranks - case 'ranks': - // Check submit data - if (!isset($_POST['rank'])) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'No rank was set.', - 'success' => 0, - ]; - break; - } - - // Check if the user is part of the rank - if (!$currentUser->hasRanks([$_POST['rank']])) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'You are not in this rank.', - 'success' => 0, - ]; - break; - } - - // Leaving - if (isset($_POST['remove'])) { - // Check if we're not trying to leave hardranks - if ($_POST['rank'] <= 2) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'You can\'t remove this rank.', - 'success' => 0, - ]; - break; - } - - // Remove the rank - $currentUser->removeRanks([$_POST['rank']]); - - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Removed the rank from your account.', - 'success' => 0, - ]; - break; - } - - // Set as default - $currentUser->setMainRank($_POST['rank']); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Changed your main rank!', - 'success' => 0, - ]; - break; - - // Sessions - case 'sessions': - // Check if sessionid is set - if (!isset($_POST['sessionid'])) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'A required field wasn\'t set.', - 'success' => 0, - ]; - break; - } - - // Check if sessionid is set to all - if ($_POST['sessionid'] === 'all') { - // Delete all sessions assigned to the current user - DB::table('sessions') - ->where('user_id', $currentUser->id) - ->delete(); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Killed all active sessions!', - 'success' => 1, - ]; - break; - } - - // Check if the session is owned by the current user - $us = DB::table('sessions') - ->where('user_id', $currentUser->id) - ->where('session_id', $_POST['sessionid']) - ->count(); - if (!$us) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'The session you tried to kill doesn\'t exist.', - 'success' => 0, - ]; - break; - } - - // Delete the session - DB::table('sessions') - ->where('user_id', $currentUser->id) - ->where('session_id', $_POST['sessionid']) - ->delete(); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Killed the session!', - 'success' => 1, - ]; - break; - - // Deactivation - case 'deactivate': - // Check permissions - if (!$currentUser->permission(Site::DEACTIVATE_ACCOUNT)) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'You aren\'t allowed to deactivate your account.', - 'success' => 0, - ]; - - break; - } - - // Check fields - if (!isset($_POST['username']) - || !isset($_POST['password']) - || !isset($_POST['email']) - || !isset($_POST['sensitive'])) { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'One or more forms wasn\'t set.', - 'success' => 0, - ]; - - break; - } - - // Check values - if ($_POST['username'] !== $currentUser->username - || !Hashing::validatePassword($_POST['password'], [$currentUser->passwordAlgo, $currentUser->passwordIter, $currentUser->passwordSalt, $currentUser->passwordHash]) - || $_POST['email'] !== $currentUser->email - || md5($_POST['sensitive']) !== '81df445067d92dd02db9098ba82b0167') { - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'One or more forms wasn\'t correct.', - 'success' => 0, - ]; - - break; - } - - // Deactivate account - $currentUser->removeRanks(array_keys($currentUser->ranks)); - $currentUser->addRanks([1]); - $currentUser->setMainRank(1); - - // Set render data - $renderData['page'] = [ - 'redirect' => $redirect, - 'message' => 'Your account has been deactivated!', - 'success' => 1, - ]; - break; - // Fallback default: // Set render data $renderData['page'] = [ - 'redirect' => $redirect, 'message' => 'The requested method does not exist.', 'success' => 0, - ]; break; @@ -651,10 +281,8 @@ if (ActiveUser::$user->id) { 'home' => [ 'title' => 'Home', 'description' => [ - 'Welcome to the Settings Panel. From here you can monitor, view and update your profile and preferences.', - ], 'access' => !$currentUser->permission(Site::DEACTIVATED), 'menu' => true, @@ -906,15 +534,6 @@ if (ActiveUser::$user->id) { 'max_size_view' => byte_symbol(Config::get($mode . '_max_fsize')), ]; break; - - // Sessions - case 'advanced.sessions': - $sessions = DB::table('sessions') - ->where('user_id', $currentUser->id) - ->get(); - - $renderData['sessions'] = $sessions; - break; } // Set parse variables diff --git a/routes.php b/routes.php index 30b192e..e70dfdc 100644 --- a/routes.php +++ b/routes.php @@ -11,7 +11,7 @@ Router::filter('logoutCheck', function () { if (ActiveUser::$user->isActive()) { $message = "You must be logged out to do that!"; - Template::vars(['page' => compact('message')]); + Template::vars(compact('message')); return Template::render('global/information'); } @@ -22,7 +22,7 @@ Router::filter('loginCheck', function () { if (!ActiveUser::$user->isActive()) { $message = "You must be logged in to do that!"; - Template::vars(['page' => compact('message')]); + Template::vars(compact('message')); return Template::render('global/information'); } @@ -199,10 +199,15 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () { }); Router::get('/avatar', 'Settings.AppearanceController@avatar', 'settings.appearance.avatar'); + Router::post('/avatar', 'Settings.AppearanceController@avatar', 'settings.appearance.avatar'); Router::get('/background', 'Settings.AppearanceController@background', 'settings.appearance.background'); + Router::post('/background', 'Settings.AppearanceController@background', 'settings.appearance.background'); Router::get('/header', 'Settings.AppearanceController@header', 'settings.appearance.header'); + Router::post('/header', 'Settings.AppearanceController@header', 'settings.appearance.header'); Router::get('/userpage', 'Settings.AppearanceController@userpage', 'settings.appearance.userpage'); + Router::post('/userpage', 'Settings.AppearanceController@userpage', 'settings.appearance.userpage'); Router::get('/signature', 'Settings.AppearanceController@signature', 'settings.appearance.signature'); + Router::post('/signature', 'Settings.AppearanceController@signature', 'settings.appearance.signature'); }); // Account section @@ -213,10 +218,15 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () { }); Router::get('/email', 'Settings.AccountController@email', 'settings.account.email'); + Router::post('/email', 'Settings.AccountController@email', 'settings.account.email'); Router::get('/username', 'Settings.AccountController@username', 'settings.account.username'); + Router::post('/username', 'Settings.AccountController@username', 'settings.account.username'); Router::get('/title', 'Settings.AccountController@title', 'settings.account.title'); + Router::post('/title', 'Settings.AccountController@title', 'settings.account.title'); Router::get('/password', 'Settings.AccountController@password', 'settings.account.password'); + Router::post('/password', 'Settings.AccountController@password', 'settings.account.password'); Router::get('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks'); + Router::post('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks'); }); // Advanced section @@ -227,7 +237,9 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () { }); Router::get('/sessions', 'Settings.AdvancedController@sessions', 'settings.advanced.sessions'); + Router::post('/sessions', 'Settings.AdvancedController@sessions', 'settings.advanced.sessions'); Router::get('/deactivate', 'Settings.AdvancedController@deactivate', 'settings.advanced.deactivate'); + Router::post('/deactivate', 'Settings.AdvancedController@deactivate', 'settings.advanced.deactivate'); }); }); diff --git a/templates/yuuno/global/master.twig b/templates/yuuno/global/master.twig index b69fd47..233cc79 100644 --- a/templates/yuuno/global/master.twig +++ b/templates/yuuno/global/master.twig @@ -10,12 +10,6 @@ - -{# want to start moving away from page.etc but older files are a thing #} -{% if message is not defined %}{% set message = page.message %}{% endif %} -{% if redirect is not defined %}{% set redirect = page.redirect %}{% endif %} -{% if redirectTimeout is not defined %}{% set redirectTimeout = page.redirectTimeout %}{% endif %} - {% if redirect %} {% endif %} diff --git a/templates/yuuno/old-settings/account.email.twig b/templates/yuuno/old-settings/account.email.twig deleted file mode 100644 index f3309d1..0000000 --- a/templates/yuuno/old-settings/account.email.twig +++ /dev/null @@ -1,19 +0,0 @@ -
- diff --git a/templates/yuuno/old-settings/account.password.twig b/templates/yuuno/old-settings/account.password.twig deleted file mode 100644 index 4beefc2..0000000 --- a/templates/yuuno/old-settings/account.password.twig +++ /dev/null @@ -1,26 +0,0 @@ - - diff --git a/templates/yuuno/old-settings/account.ranks.twig b/templates/yuuno/old-settings/account.ranks.twig deleted file mode 100644 index 93254a2..0000000 --- a/templates/yuuno/old-settings/account.ranks.twig +++ /dev/null @@ -1,22 +0,0 @@ -- {{ rank.name }} - | -- - | -
IP | Useragent | Login time | |
---|---|---|---|
IP | Useragent | Login time | |
- {{ s.user_ip }} - | -- {{ s.user_agent }} - | -- {{ s.session_start|date(config('date_format')) }} - | -- - | -
You e-mail address is used for password recovery and stuff like that!
+{% endblock %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/account/master.twig b/templates/yuuno/settings/account/master.twig new file mode 100644 index 0000000..3748acb --- /dev/null +++ b/templates/yuuno/settings/account/master.twig @@ -0,0 +1,3 @@ +{% extends 'settings/master.twig' %} + +{% set category = 'Account' %} diff --git a/templates/yuuno/settings/account/password.twig b/templates/yuuno/settings/account/password.twig new file mode 100644 index 0000000..d9e5598 --- /dev/null +++ b/templates/yuuno/settings/account/password.twig @@ -0,0 +1,24 @@ +{% extends 'settings/account/master.twig' %} + +{% set mode = 'Password' %} + +{% block description %} +Used to authenticate with the site and certain related services.
+{% endblock %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/account/ranks.twig b/templates/yuuno/settings/account/ranks.twig new file mode 100644 index 0000000..0da52ca --- /dev/null +++ b/templates/yuuno/settings/account/ranks.twig @@ -0,0 +1,29 @@ +{% extends 'settings/account/master.twig' %} + +{% set mode = 'Ranks' %} + +{% block description %} +Manage what ranks you're in and what is set as your main rank. Your main rank is highlighted. You get the permissions of all of the ranks you're in combined.
+{% endblock %} + +{% block settingsContent %} ++ {{ rank.name }} + | ++ + | +
That little piece of text displayed besides your username in most places.
+{% endblock %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/account/username.twig b/templates/yuuno/settings/account/username.twig new file mode 100644 index 0000000..23227a8 --- /dev/null +++ b/templates/yuuno/settings/account/username.twig @@ -0,0 +1,27 @@ +{% extends 'settings/account/master.twig' %} + +{% set mode = 'Username' %} + +{% block description %} +Probably the biggest part of your identity on a site.
+You can only change this once every 30 days so choose wisely.
+{% endblock %} + +{% set eligible = user.getUsernameHistory ? (date().timestamp - user.getUsernameHistory()[0].change_time) > 2592000 : true %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/advanced/deactivate.twig b/templates/yuuno/settings/advanced/deactivate.twig new file mode 100644 index 0000000..3dab31b --- /dev/null +++ b/templates/yuuno/settings/advanced/deactivate.twig @@ -0,0 +1,21 @@ +{% extends 'settings/advanced/master.twig' %} + +{% set mode = 'Deactivate' %} + +{% block description %} +You can deactivate your account here if you want to leave :(.
+This will remove your account from every rank it's a part of and make you unable to login.
+If you have an active Tenshi tag on your account it won't pause while your account is deactivated.
+{% endblock %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/advanced/sessions.twig b/templates/yuuno/settings/advanced/sessions.twig index 73df94e..096f440 100644 --- a/templates/yuuno/settings/advanced/sessions.twig +++ b/templates/yuuno/settings/advanced/sessions.twig @@ -1,9 +1,11 @@ {% extends 'settings/advanced/master.twig' %} -{% set mode = 'Home' %} +{% set mode = 'Sessions' %} {% block description %} -Welcome to the Settings Panel! From here you can monitor, view and update your profile and preferences.
+Session keys are a way of identifying yourself with the system without keeping your password in memory.
+If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn't be here hit the Kill button to kill the selected session.
+If you get logged out after clicking one you've most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.
{% endblock %} {% block settingsContent %} @@ -27,12 +29,9 @@Maximum image size is {{ config('header_max_width') }}x{{ config('header_max_height') }}, minimum image size is {{ config('header_min_width') }}x{{ config('header_min_height') }}, maximum file size is {{ config('header_max_fsize')|byte_symbol }}.
+{% endblock %} + +{% block settingsContent %} + +{% endblock %} diff --git a/templates/yuuno/settings/appearance/master.twig b/templates/yuuno/settings/appearance/master.twig new file mode 100644 index 0000000..ff94170 --- /dev/null +++ b/templates/yuuno/settings/appearance/master.twig @@ -0,0 +1,3 @@ +{% extends 'settings/master.twig' %} + +{% set category = 'Appearance' %} diff --git a/templates/yuuno/settings/appearance/signature.twig b/templates/yuuno/settings/appearance/signature.twig new file mode 100644 index 0000000..4540c6a --- /dev/null +++ b/templates/yuuno/settings/appearance/signature.twig @@ -0,0 +1,21 @@ +{% extends 'settings/appearance/master.twig' %} + +{% set mode = 'Signature' %} + +{% block description %} +This signature is displayed at the end of all your posts on the forum.
+{% endblock %} + +{% block settingsContent %} +The custom text that is displayed on your profile.
+{% endblock %} + +{% block settingsContent %} +