progress!

This commit is contained in:
Pachira 2016-04-03 23:29:46 +02:00
parent 6d1a06039f
commit f9c08bf405
35 changed files with 895 additions and 811 deletions

View file

@ -57,7 +57,7 @@ class AuthController extends Controller
$message = 'Something happened! This probably happened because you went here without being logged in.'; $message = 'Something happened! This probably happened because you went here without being logged in.';
$redirect = (isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : Router::route('main.index')); $redirect = (isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : Router::route('main.index'));
Template::vars(['page' => ['success' => 0, 'redirect' => $redirect, 'message' => $message]]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -69,7 +69,7 @@ class AuthController extends Controller
$message = 'Goodbye!'; $message = 'Goodbye!';
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
Template::vars(['page' => ['success' => 1, 'redirect' => $redirect, 'message' => $message]]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -92,13 +92,12 @@ class AuthController extends Controller
public function loginPost() public function loginPost()
{ {
// Preliminarily set login to failed // Preliminarily set login to failed
$success = 0;
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
// Check if authentication is disallowed // Check if authentication is disallowed
if (Config::get('lock_authentication')) { if (Config::get('lock_authentication')) {
$message = 'Logging in is disabled for security checkups! Try again later.'; $message = 'Logging in is disabled for security checkups! Try again later.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -117,7 +116,7 @@ class AuthController extends Controller
if ($rates > 4) { if ($rates > 4) {
$message = 'Your have hit the login rate limit, try again later.'; $message = 'Your have hit the login rate limit, try again later.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -129,7 +128,7 @@ class AuthController extends Controller
if ($user->id === 0) { if ($user->id === 0) {
$this->touchRateLimit($user->id); $this->touchRateLimit($user->id);
$message = 'The user you tried to log into does not exist.'; $message = 'The user you tried to log into does not exist.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -140,7 +139,7 @@ class AuthController extends Controller
case 'disabled': case 'disabled':
$this->touchRateLimit($user->id); $this->touchRateLimit($user->id);
$message = 'Logging into this account is disabled.'; $message = 'Logging into this account is disabled.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
@ -154,7 +153,7 @@ class AuthController extends Controller
])) { ])) {
$this->touchRateLimit($user->id); $this->touchRateLimit($user->id);
$message = 'The password you entered was invalid.'; $message = 'The password you entered was invalid.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -163,8 +162,9 @@ class AuthController extends Controller
// Check if the user has the required privs to log in // Check if the user has the required privs to log in
if ($user->permission(Site::DEACTIVATED)) { if ($user->permission(Site::DEACTIVATED)) {
$this->touchRateLimit($user->id); $this->touchRateLimit($user->id);
$message = 'Your account does not have the required permissions to log in.'; $message = 'Your account is deactivated, activate it first!';
Template::vars(['page' => compact('success', 'redirect', 'message')]); $redirect = Router::route('auth.reactivate');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -193,8 +193,6 @@ class AuthController extends Controller
$this->touchRateLimit($user->id, true); $this->touchRateLimit($user->id, true);
$success = 1;
$redirect = $user->lastOnline $redirect = $user->lastOnline
? (isset($_REQUEST['redirect']) ? (isset($_REQUEST['redirect'])
? $_REQUEST['redirect'] ? $_REQUEST['redirect']
@ -203,7 +201,7 @@ class AuthController extends Controller
$message = 'Welcome' . ($user->lastOnline ? ' back' : '') . '!'; $message = 'Welcome' . ($user->lastOnline ? ' back' : '') . '!';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -239,14 +237,13 @@ class AuthController extends Controller
public function registerPost() public function registerPost()
{ {
// Preliminarily set registration to failed // Preliminarily set registration to failed
$success = 0;
$redirect = Router::route('auth.register'); $redirect = Router::route('auth.register');
// Check if authentication is disallowed // Check if authentication is disallowed
if (Config::get('lock_authentication') || Config::get('disable_registration')) { if (Config::get('lock_authentication') || Config::get('disable_registration')) {
$message = 'Registration is disabled for security checkups! Try again later.'; $message = 'Registration is disabled for security checkups! Try again later.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -255,7 +252,7 @@ class AuthController extends Controller
if (!isset($_POST['session']) || $_POST['session'] != session_id()) { if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
$message = "Your session expired, refreshing the page will most likely fix this!"; $message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -274,7 +271,7 @@ class AuthController extends Controller
if (!$terms) { if (!$terms) {
$message = 'You are required to agree to the Terms of Service.'; $message = 'You are required to agree to the Terms of Service.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -295,7 +292,7 @@ class AuthController extends Controller
if (!$response || !$response->success) { if (!$response || !$response->success) {
$message = 'Captcha verification failed, please try again.'; $message = 'Captcha verification failed, please try again.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -309,7 +306,7 @@ class AuthController extends Controller
$message = "{$user->username} is already a member here!" $message = "{$user->username} is already a member here!"
. " If this is you please use the password reset form instead of making a new account."; . " If this is you please use the password reset form instead of making a new account.";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -318,7 +315,7 @@ class AuthController extends Controller
if (strlen($username) < Config::get('username_min_length')) { if (strlen($username) < Config::get('username_min_length')) {
$message = 'Your name must be at least 3 characters long.'; $message = 'Your name must be at least 3 characters long.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -327,7 +324,7 @@ class AuthController extends Controller
if (strlen($username) > Config::get('username_max_length')) { if (strlen($username) > Config::get('username_max_length')) {
$message = 'Your name can\'t be longer than 16 characters.'; $message = 'Your name can\'t be longer than 16 characters.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -336,7 +333,7 @@ class AuthController extends Controller
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = 'Your e-mail address is formatted incorrectly.'; $message = 'Your e-mail address is formatted incorrectly.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -345,7 +342,7 @@ class AuthController extends Controller
if (!check_mx_record($email)) { if (!check_mx_record($email)) {
$message = 'No valid MX-Record found on the e-mail address you supplied.'; $message = 'No valid MX-Record found on the e-mail address you supplied.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -357,7 +354,7 @@ class AuthController extends Controller
if ($emailCheck) { if ($emailCheck) {
$message = 'Someone already registered using this email!'; $message = 'Someone already registered using this email!';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -366,7 +363,7 @@ class AuthController extends Controller
if (password_entropy($password) < Config::get('min_entropy')) { if (password_entropy($password) < Config::get('min_entropy')) {
$message = 'Your password is too weak, try adding some special characters.'; $message = 'Your password is too weak, try adding some special characters.';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -385,13 +382,12 @@ class AuthController extends Controller
} }
// Return true with a specific message if needed // Return true with a specific message if needed
$success = 1;
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
$message = $requireActive $message = $requireActive
? 'Your registration went through! An activation e-mail has been sent.' ? 'Your registration went through! An activation e-mail has been sent.'
: 'Your registration went through! Welcome to ' . Config::get('sitename') . '!'; : 'Your registration went through! Welcome to ' . Config::get('sitename') . '!';
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -404,7 +400,6 @@ class AuthController extends Controller
public function activate() public function activate()
{ {
// Preliminarily set activation to failed // Preliminarily set activation to failed
$success = 0;
$redirect = Router::route('main.index'); $redirect = Router::route('main.index');
// Attempt to get the required GET parameters // Attempt to get the required GET parameters
@ -418,7 +413,7 @@ class AuthController extends Controller
if ($user->id === 0) { if ($user->id === 0) {
$message = "This user does not exist! Contact us if you think this isn't right."; $message = "This user does not exist! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -427,7 +422,7 @@ class AuthController extends Controller
if (!$user->permission(Site::DEACTIVATED)) { if (!$user->permission(Site::DEACTIVATED)) {
$message = "Your account is already activated! Why are you here?"; $message = "Your account is already activated! Why are you here?";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -438,7 +433,7 @@ class AuthController extends Controller
if (!$action) { if (!$action) {
$message = "Invalid activation code! Contact us if you think this isn't right."; $message = "Invalid activation code! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -452,11 +447,10 @@ class AuthController extends Controller
$user->setMainRank($rankDefault); $user->setMainRank($rankDefault);
$user->removeRanks([$rankDeactive]); $user->removeRanks([$rankDeactive]);
$success = 1;
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
$message = "Your account is activated, welcome to " . Config::get('sitename') . "!"; $message = "Your account is activated, welcome to " . Config::get('sitename') . "!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -479,14 +473,13 @@ class AuthController extends Controller
public function reactivatePost() public function reactivatePost()
{ {
// Preliminarily set registration to failed // Preliminarily set registration to failed
$success = 0;
$redirect = Router::route('auth.reactivate'); $redirect = Router::route('auth.reactivate');
// Check if authentication is disallowed // Check if authentication is disallowed
if (Config::get('lock_authentication')) { if (Config::get('lock_authentication')) {
$message = "You can't request a reactivation at this time, sorry!"; $message = "You can't request a reactivation at this time, sorry!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -495,7 +488,7 @@ class AuthController extends Controller
if (!isset($_POST['session']) || $_POST['session'] != session_id()) { if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
$message = "Your session expired, refreshing the page will most likely fix this!"; $message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -514,7 +507,7 @@ class AuthController extends Controller
if (!$getUser) { if (!$getUser) {
$message = "User not found! Double check your username and e-mail address!"; $message = "User not found! Double check your username and e-mail address!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -526,7 +519,7 @@ class AuthController extends Controller
if (!$user->permission(Site::DEACTIVATED)) { if (!$user->permission(Site::DEACTIVATED)) {
$message = "Your account is already activated! Why are you here?"; $message = "Your account is already activated! Why are you here?";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -534,11 +527,10 @@ class AuthController extends Controller
// Send activation e-mail to user // Send activation e-mail to user
$this->sendActivationMail($user); $this->sendActivationMail($user);
$success = 1;
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
$message = "Sent the e-mail! Make sure to check your spam folder as well!"; $message = "Sent the e-mail! Make sure to check your spam folder as well!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -561,14 +553,13 @@ class AuthController extends Controller
public function resetPasswordPost() public function resetPasswordPost()
{ {
// Preliminarily set action to failed // Preliminarily set action to failed
$success = 0;
$redirect = Router::route('main.index'); $redirect = Router::route('main.index');
// Check if authentication is disallowed // Check if authentication is disallowed
if (Config::get('lock_authentication')) { if (Config::get('lock_authentication')) {
$message = "You can't request a reactivation at this time, sorry!"; $message = "You can't request a reactivation at this time, sorry!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -577,7 +568,7 @@ class AuthController extends Controller
if (!isset($_POST['session']) || $_POST['session'] != session_id()) { if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
$message = "Your session expired, refreshing the page will most likely fix this!"; $message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -596,7 +587,7 @@ class AuthController extends Controller
if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) { if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) {
$message = "This user does not exist! Contact us if you think this isn't right."; $message = "This user does not exist! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -605,7 +596,7 @@ class AuthController extends Controller
if ($user->permission(Site::DEACTIVATED)) { if ($user->permission(Site::DEACTIVATED)) {
$message = "Your account is deactivated, go activate it first..."; $message = "Your account is deactivated, go activate it first...";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -615,7 +606,7 @@ class AuthController extends Controller
if (password_entropy($password) < Config::get('min_entropy')) { if (password_entropy($password) < Config::get('min_entropy')) {
$message = "Your password doesn't meet the strength requirements!"; $message = "Your password doesn't meet the strength requirements!";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -626,7 +617,7 @@ class AuthController extends Controller
if (!$action) { if (!$action) {
$message = "Invalid verification code! Contact us if you think this isn't right."; $message = "Invalid verification code! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -645,19 +636,17 @@ class AuthController extends Controller
'password_chan' => time(), 'password_chan' => time(),
]); ]);
$success = 1;
$message = "Changed your password! You may now log in."; $message = "Changed your password! You may now log in.";
$redirect = Router::route('auth.login'); $redirect = Router::route('auth.login');
} else { } else {
// Send the e-mail // Send the e-mail
$this->sendPasswordMail($user); $this->sendPasswordMail($user);
$success = 1;
$message = "Sent the e-mail, keep an eye on your spam folder as well!"; $message = "Sent the e-mail, keep an eye on your spam folder as well!";
$redirect = Router::route('main.index'); $redirect = Router::route('main.index');
} }
Template::vars(['page' => compact('success', 'redirect', 'message')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }

View file

@ -385,9 +385,6 @@ class ForumController extends Controller
break; break;
} }
// Set pruned to true
$pruned = true;
// Delete the thread // Delete the thread
$thread->delete(); $thread->delete();
@ -453,7 +450,7 @@ class ForumController extends Controller
$message = "This post doesn't exist or you don't have access to it!"; $message = "This post doesn't exist or you don't have access to it!";
$redirect = Router::route('forums.index'); $redirect = Router::route('forums.index');
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -526,7 +523,7 @@ class ForumController extends Controller
$message = "This post doesn't exist or you don't have access to it!"; $message = "This post doesn't exist or you don't have access to it!";
$redirect = Router::route('forums.index'); $redirect = Router::route('forums.index');
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -540,7 +537,7 @@ class ForumController extends Controller
$message = "You are not allowed to post in this thread!"; $message = "You are not allowed to post in this thread!";
$redirect = Router::route('forums.thread', $thread->id); $redirect = Router::route('forums.thread', $thread->id);
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -564,7 +561,7 @@ class ForumController extends Controller
); );
$redirect = "{$route}#reply"; $redirect = "{$route}#reply";
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
if (!isset($_SESSION['replyText'])) { if (!isset($_SESSION['replyText'])) {
$_SESSION['replyText'] = []; $_SESSION['replyText'] = [];
@ -615,7 +612,7 @@ class ForumController extends Controller
$message = "This forum doesn't exist or you don't have access to it!"; $message = "This forum doesn't exist or you don't have access to it!";
$redirect = Router::route('forums.index'); $redirect = Router::route('forums.index');
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -654,7 +651,7 @@ class ForumController extends Controller
$redirect = Router::route('forums.new', $forum->id); $redirect = Router::route('forums.new', $forum->id);
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
if (!isset($_SESSION['replyText'])) { if (!isset($_SESSION['replyText'])) {
$_SESSION['replyText'] = []; $_SESSION['replyText'] = [];
@ -732,7 +729,7 @@ class ForumController extends Controller
$redirect = Router::route('forums.index'); $redirect = Router::route('forums.index');
} }
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -774,7 +771,7 @@ class ForumController extends Controller
$redirect = Router::route('forums.post', $post->id); $redirect = Router::route('forums.post', $post->id);
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
if (!isset($_SESSION['replyText'])) { if (!isset($_SESSION['replyText'])) {
$_SESSION['replyText'] = []; $_SESSION['replyText'] = [];
@ -853,7 +850,7 @@ class ForumController extends Controller
$redirect = Router::route('forums.index'); $redirect = Router::route('forums.index');
} }
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -876,7 +873,7 @@ class ForumController extends Controller
$redirect = Router::route('forums.thread', $thread->id); $redirect = Router::route('forums.thread', $thread->id);
} }
Template::vars(['page' => compact('message', 'redirect')]); Template::vars(compact('message', 'redirect'));
return Template::render('global/information'); return Template::render('global/information');
} }

View file

@ -161,8 +161,6 @@ class PremiumController extends Controller
return header("Location: {$failRoute}"); return header("Location: {$failRoute}");
} }
$pricePerMonth = Config::get('premium_price_per_month');
ActiveUser::$user->addPremium(self::PERIOD_PER_PAYMENT * $months); ActiveUser::$user->addPremium(self::PERIOD_PER_PAYMENT * $months);
return header("Location: {$successRoute}"); return header("Location: {$successRoute}");

View file

@ -7,6 +7,14 @@
namespace Sakura\Controllers\Settings; namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\Config;
use Sakura\DB;
use Sakura\Hashing;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template;
/** /**
* Account settings. * Account settings.
* *
@ -17,26 +25,309 @@ class AccountController extends Controller
{ {
public function email() public function email()
{ {
return $this->go('account.email'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_EMAIL)) {
$message = "You aren't allowed to change your e-mail address.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$email = $_POST['email'] ?? null;
if ($session && $email) {
$redirect = Router::route('settings.account.email');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Validate e-mail address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "The e-mail address you supplied is invalid!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check the MX record of the email
if (!check_mx_record($email)) {
$message = 'No valid MX-Record found on the e-mail address you supplied.';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
// Check if the e-mail has already been used
$emailCheck = DB::table('users')
->where('email', $email)
->count();
if ($emailCheck) {
$message = 'Someone already used this e-mail!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
ActiveUser::$user->setMail($email);
$message = 'Changed your e-mail address!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
return Template::render('settings/account/email');
} }
public function username() public function username()
{ {
return $this->go('account.username'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_USERNAME)) {
$message = "You aren't allowed to change your username.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$username = $_POST['username'] ?? null;
if ($session && $username) {
$redirect = Router::route('settings.account.username');
$username_clean = clean_string($username, true);
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check if the username is too short
if (strlen($username_clean) < Config::get('username_min_length')) {
$message = "This username is too short!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check if the username is too long
if (strlen($username_clean) > Config::get('username_max_length')) {
$message = "This username is too long!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check if this username hasn't been used in the last amount of days set in the config
$getOld = DB::table('username_history')
->where('username_old_clean', $username_clean)
->where('change_time', '>', (Config::get('old_username_reserve') * 24 * 60 * 60))
->orderBy('change_id', 'desc')
->get();
// Check if anything was returned
if ($getOld && $getOld[0]->user_id != ActiveUser::$user->id) {
$message = "The username you tried to use is reserved, try again later!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check if the username is already in use
$getInUse = DB::table('users')
->where('username_clean', $username_clean)
->get();
// Check if anything was returned
if ($getInUse) {
$message = "Someone is already using this name!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
ActiveUser::$user->setUsername($username, $username_clean);
$message = "Changed your username!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
return Template::render('settings/account/username');
} }
public function title() public function title()
{ {
return $this->go('account.usertitle'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) {
$message = "You aren't allowed to change your title.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$title = $_POST['title'] ?? null;
if ($session && $title !== null) {
$redirect = Router::route('settings.account.title');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
if (strlen($title) > 64) {
$message = "This title is too long!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
if ($title === ActiveUser::$user->title) {
$message = "This is already your title!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Update database
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->update([
'user_title' => $title,
]);
$message = "Changed your title!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
return Template::render('settings/account/title');
} }
public function password() public function password()
{ {
return $this->go('account.password'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) {
$message = "You aren't allowed to change your password.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$current = $_POST['current'] ?? null;
$password = $_POST['password'] ?? null;
if ($session && $current && $password) {
$redirect = Router::route('settings.account.password');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check current password
if (!Hashing::validatePassword($current, [
ActiveUser::$user->passwordAlgo,
ActiveUser::$user->passwordIter,
ActiveUser::$user->passwordSalt,
ActiveUser::$user->passwordHash,
])) {
$message = "Your password was invalid!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check password entropy
if (password_entropy($password) < Config::get('min_entropy')) {
$message = "Your password isn't strong enough!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
ActiveUser::$user->setPassword($password);
$message = "Changed your password!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
return Template::render('settings/account/password');
} }
public function ranks() public function ranks()
{ {
return $this->go('account.ranks'); // Check permission
if (!ActiveUser::$user->permission(Site::ALTER_RANKS)) {
$message = "You aren't allowed to manage your ranks.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$rank = $_POST['rank'] ?? null;
$mode = $_POST['mode'] ?? null;
$locked = [
Config::get('deactive_rank_id'),
Config::get('default_rank_id'),
Config::get('premium_rank_id'),
Config::get('restricted_rank_id'),
];
if ($session && $rank && $mode) {
$redirect = Router::route('settings.account.ranks');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check if user has this rank
if (!ActiveUser::$user->hasRanks([$rank])) {
$message = "You aren't a part of this rank!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
if ($mode == 'remove') {
if (in_array($rank, $locked)) {
$message = "You aren't allowed to remove this rank from your account!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
ActiveUser::$user->removeRanks([$rank]);
$message = "Removed the rank from your account!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
ActiveUser::$user->setMainRank($rank);
$message = "Changed your main rank!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
Template::vars(compact('locked'));
return Template::render('settings/account/ranks');
} }
} }

View file

@ -9,6 +9,9 @@ namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser; use Sakura\ActiveUser;
use Sakura\DB; use Sakura\DB;
use Sakura\Hashing;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template; use Sakura\Template;
/** /**
@ -21,6 +24,61 @@ class AdvancedController extends Controller
{ {
public function sessions() public function sessions()
{ {
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) {
$message = "You aren't allowed to manage sessions.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$id = $_POST['id'] ?? null;
$all = isset($_POST['all']);
if ($session && ($id || $all)) {
$redirect = Router::route('settings.advanced.sessions');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired, not the one you were intending to let expire though!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// End all sessions
if ($all) {
DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->delete();
$message = "Deleted all active session associated with your account!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Create the session statement
$session = DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->where('session_id', $id);
// Check if the session exists
if (!$session->count()) {
$message = "This session doesn't exist!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Delete it
$session->delete();
$message = "Deleted the session!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
$sessions = DB::table('sessions') $sessions = DB::table('sessions')
->where('user_id', ActiveUser::$user->id) ->where('user_id', ActiveUser::$user->id)
->get(); ->get();
@ -32,6 +90,55 @@ class AdvancedController extends Controller
public function deactivate() public function deactivate()
{ {
return $this->go('advanced.deactivate'); // Check permission
if (!ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
$message = "You aren't allowed to deactivate your account.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$password = $_POST['password'] ?? null;
if ($session && $password) {
$redirect = Router::route('settings.advanced.deactivate');
// Verify session
if ($session !== session_id()) {
$message = "Session verification failed!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check password
if (!Hashing::validatePassword($password, [
ActiveUser::$user->passwordAlgo,
ActiveUser::$user->passwordIter,
ActiveUser::$user->passwordSalt,
ActiveUser::$user->passwordHash,
])) {
$message = "Your password was invalid!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Deactivate account
ActiveUser::$user->removeRanks(array_keys(ActiveUser::$user->ranks));
ActiveUser::$user->addRanks([1]);
ActiveUser::$user->setMainRank(1);
// Destroy all active sessions
ActiveUser::$session->destroyAll();
$redirect = Router::route('main.index');
$message = "Farewell!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
return Template::render('settings/advanced/deactivate');
} }
} }

View file

@ -7,6 +7,12 @@
namespace Sakura\Controllers\Settings; namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\DB;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template;
/** /**
* Appearance settings. * Appearance settings.
* *
@ -17,26 +23,150 @@ class AppearanceController extends Controller
{ {
public function avatar() public function avatar()
{ {
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_AVATAR)) {
$message = "You aren't allowed to change your avatar.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
return $this->go('appearance.avatar'); return $this->go('appearance.avatar');
} }
public function background() public function background()
{ {
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_BACKGROUND)) {
$message = "You aren't allowed to change your background.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
return $this->go('appearance.background'); return $this->go('appearance.background');
} }
public function header() public function header()
{ {
return $this->go('appearance.header'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_HEADER)) {
$message = "You aren't allowed to change your profile header.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$header = $_POST['header'] ?? null;
return Template::render('settings/appearance/header');
} }
public function userpage() public function userpage()
{ {
return $this->go('appearance.userpage'); // Check permission
if (!(
ActiveUser::$user->page
&& ActiveUser::$user->permission(Site::CHANGE_USERPAGE)
) || !ActiveUser::$user->permission(Site::CREATE_USERPAGE)) {
$message = "You aren't allowed to change your userpage.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$userpage = $_POST['userpage'] ?? null;
$maxLength = 65535;
if ($session && $userpage) {
$redirect = Router::route('settings.appearance.userpage');
if ($session !== session_id()) {
$message = 'Your session expired!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
if (strlen($userpage) > $maxLength) {
$message = 'Your userpage is too long, shorten it a little!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
// Update database
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->update([
'user_page' => $userpage,
]);
$message = 'Updated your userpage!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
Template::vars(compact('maxLength'));
return Template::render('settings/appearance/userpage');
} }
public function signature() public function signature()
{ {
return $this->go('appearance.signature'); // Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_SIGNATURE)) {
$message = "You aren't allowed to change your signature.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$signature = $_POST['signature'] ?? null;
$maxLength = 500;
if ($session && $signature) {
$redirect = Router::route('settings.appearance.signature');
if ($session !== session_id()) {
$message = 'Your session expired!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
if (strlen($signature) > $maxLength) {
$message = 'Your signature is too long, shorten it a little!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
// Update database
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->update([
'user_signature' => $signature,
]);
$message = 'Updated your signature!';
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
Template::vars(compact('maxLength'));
return Template::render('settings/appearance/signature');
} }
} }

View file

@ -7,6 +7,8 @@
namespace Sakura\Controllers\Settings; namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\Perms\Site;
use Sakura\Template; use Sakura\Template;
/** /**
@ -19,11 +21,31 @@ class FriendsController extends Controller
{ {
public function listing() public function listing()
{ {
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) {
$message = "You aren't allowed to manage friends.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
return Template::render('settings/friends/listing'); return Template::render('settings/friends/listing');
} }
public function requests() public function requests()
{ {
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) {
$message = "You aren't allowed to manage friends.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
return Template::render('settings/friends/requests'); return Template::render('settings/friends/requests');
} }
} }

View file

@ -117,6 +117,9 @@ class Template
// json_decode filter (why doesn't this exist to begin with?) // json_decode filter (why doesn't this exist to begin with?)
self::$engine->addFilter(new Twig_SimpleFilter('json_decode', 'json_decode')); self::$engine->addFilter(new Twig_SimpleFilter('json_decode', 'json_decode'));
// byte_symbol filter
self::$engine->addFilter(new Twig_SimpleFilter('byte_symbol', 'byte_symbol'));
} }
/** /**

View file

@ -559,9 +559,6 @@ class User
*/ */
public function addFriend($uid) public function addFriend($uid)
{ {
// Create the foreign object
$user = User::construct($uid);
// Add friend // Add friend
DB::table('friends') DB::table('friends')
->insert([ ->insert([
@ -579,9 +576,6 @@ class User
*/ */
public function removeFriend($uid, $deleteRequest = false) public function removeFriend($uid, $deleteRequest = false)
{ {
// Create the foreign object
$user = User::construct($uid);
// Remove friend // Remove friend
DB::table('friends') DB::table('friends')
->where('user_id', $this->id) ->where('user_id', $this->id)
@ -1091,46 +1085,10 @@ class User
* Alter the user's username * Alter the user's username
* *
* @param string $username The new username. * @param string $username The new username.
* * @param string $username_clean The new (clean) username.
* @return array Status indicator.
*/ */
public function setUsername($username) public function setUsername($username, $username_clean)
{ {
// Create a cleaned version
$username_clean = clean_string($username, true);
// Check if the username is too short
if (strlen($username_clean) < Config::get('username_min_length')) {
return [0, 'TOO_SHORT'];
}
// Check if the username is too long
if (strlen($username_clean) > Config::get('username_max_length')) {
return [0, 'TOO_LONG'];
}
// Check if this username hasn't been used in the last amount of days set in the config
$getOld = DB::table('username_history')
->where('username_old_clean', $username_clean)
->where('change_time', '>', (Config::get('old_username_reserve') * 24 * 60 * 60))
->orderBy('change_id', 'desc')
->get();
// Check if anything was returned
if ($getOld && $getOld[0]->user_id != $this->id) {
return [0, 'TOO_RECENT', $getOld[0]['change_time']];
}
// Check if the username is already in use
$getInUse = DB::table('users')
->where('username_clean', $username_clean)
->get();
// Check if anything was returned
if ($getInUse) {
return [0, 'IN_USE', $getInUse[0]->user_id];
}
// Insert into username_history table // Insert into username_history table
DB::table('username_history') DB::table('username_history')
->insert([ ->insert([
@ -1149,88 +1107,32 @@ class User
'username' => $username, 'username' => $username,
'username_clean' => $username_clean, 'username_clean' => $username_clean,
]); ]);
// Return success
return [1, 'SUCCESS', $username];
} }
/** /**
* Alter a user's e-mail address * Alter a user's e-mail address
* *
* @param string $email The new e-mail address. * @param string $email The new e-mail address.
*
* @return array Status indicator.
*/ */
public function setEMailAddress($email) public function setMail($email)
{ {
// Validate e-mail address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return [0, 'INVALID'];
}
// Check if the username is already in use
$getInUse = DB::table('users')
->where('email', $email)
->get();
// Check if anything was returned
if ($getInUse) {
return [0, 'IN_USE', $getInUse[0]->user_id];
}
// Update userrow // Update userrow
DB::table('users') DB::table('users')
->where('user_id', $this->id) ->where('user_id', $this->id)
->update([ ->update([
'email' => $email, 'email' => $email,
]); ]);
// Return success
return [1, 'SUCCESS', $email];
} }
/** /**
* Change the user's password * Change the user's password
* *
* @param string $old The old password. * @param string $password The new password.
* @param string $new The new password
* @param string $confirm The new one again.
*
* @return array Status indicator.
*/ */
public function setPassword($old, $new, $confirm) public function setPassword($password)
{ {
// Validate password
switch ($this->passwordAlgo) {
// Disabled account
case 'disabled':
return [0, 'NO_LOGIN'];
// Default hashing method
default:
if (!Hashing::validatePassword($old, [
$this->passwordAlgo,
$this->passwordIter,
$this->passwordSalt,
$this->passwordHash,
])) {
return [0, 'INCORRECT_PASSWORD', $this->passwordChan];
}
}
// Check password entropy
if (password_entropy($new) < Config::get('min_entropy')) {
return [0, 'PASS_TOO_SHIT'];
}
// Passwords do not match
if ($new != $confirm) {
return [0, 'PASS_NOT_MATCH'];
}
// Create hash // Create hash
$password = Hashing::createHash($new); $password = Hashing::createHash($password);
// Update userrow // Update userrow
DB::table('users') DB::table('users')
@ -1242,9 +1144,6 @@ class User
'password_iter' => $password[1], 'password_iter' => $password[1],
'password_chan' => time(), 'password_chan' => time(),
]); ]);
// Return success
return [1, 'SUCCESS'];
} }
/** /**

View file

@ -244,383 +244,13 @@ if (isset($_POST['submit']) && isset($_POST['submit'])) {
]; ];
break; break;
// Usertitle
case 'usertitle':
// Check permissions
if (!$currentUser->permission(Site::CHANGE_USERTITLE)) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You aren\'t allowed to change your usertitle.',
'success' => 0,
];
break;
}
// Check length
if (isset($_POST['usertitle']) ? (strlen($_POST['usertitle']) > 64) : false) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Your usertitle is too long.',
'success' => 0,
];
break;
}
// Update database
DB::table('users')
->where('user_id', $currentUser->id)
->update([
'user_title' => (isset($_POST['usertitle']) ? $_POST['usertitle'] : null),
]);
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Updated your usertitle!',
'success' => 1,
];
break;
// Username changing
case 'username':
// Check permissions
if (!$currentUser->permission(Site::CHANGE_USERNAME)) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You aren\'t allowed to change your username.',
'success' => 0,
];
break;
}
// Attempt username change
$userNameChange = $currentUser->setUsername(isset($_POST['username']) ? $_POST['username'] : '');
// Messages
$messages = [
'TOO_SHORT' => 'Your new name is too short!',
'TOO_LONG' => 'Your new name is too long!',
'TOO_RECENT' => 'The username you tried to use is reserved, try again later.',
'IN_USE' => 'Someone already has this username!',
'SUCCESS' => 'Successfully changed your username!',
];
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => $messages[$userNameChange[1]],
'success' => $userNameChange[0],
];
break;
// E-mail changing
case 'email':
// Check permissions
if (!$currentUser->permission(Site::CHANGE_EMAIL)) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You aren\'t allowed to change your e-mail address.',
'success' => 0,
];
break;
}
// Attempt e-mail change
$emailChange = $currentUser->setEMailAddress(isset($_POST['email']) ? $_POST['email'] : '');
// Messages
$messages = [
'INVALID' => 'Your e-mail isn\'t considered valid!',
'IN_USE' => 'This e-mail address has already been used!',
'SUCCESS' => 'Successfully changed your e-mail address!',
];
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => $messages[$emailChange[1]],
'success' => $emailChange[0],
];
break;
// Password changing
case 'password':
// Check permissions
if (!$currentUser->permission(Site::CHANGE_PASSWORD)) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You aren\'t allowed to change your password.',
'success' => 0,
];
break;
}
// Attempt password change
$passChange = $currentUser->setPassword(isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '', isset($_POST['newpassword']) ? $_POST['newpassword'] : '', isset($_POST['newpasswordconfirm']) ? $_POST['newpasswordconfirm'] : '');
// Messages
$messages = [
'NO_LOGIN' => 'How are you even logged in right now?',
'INCORRECT_PASSWORD' => 'The password you provided is incorrect!',
'PASS_TOO_SHIT' => 'Your password isn\'t strong enough!',
'PASS_NOT_MATCH' => 'Your new passwords don\'t match!',
'SUCCESS' => 'Successfully changed your password!',
];
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => $messages[$passChange[1]],
'success' => $passChange[0],
];
break;
// Userpage
case 'userpage':
if (!isset($_POST['userpage'])) {
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'No userpage was supplied.',
'success' => 0,
];
}
// Update database
DB::table('users')
->where('user_id', $currentUser->id)
->update([
'user_page' => $_POST['userpage'],
]);
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Your userpage has been updated!',
'success' => 1,
];
break;
// Signature
case 'signature':
if (!isset($_POST['signature'])) {
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'No signature was supplied.',
'success' => 0,
];
}
// Update database
DB::table('users')
->where('user_id', $currentUser->id)
->update([
'user_signature' => $_POST['signature'],
]);
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Your signature has been updated!',
'success' => 1,
];
break;
// Ranks
case 'ranks':
// Check submit data
if (!isset($_POST['rank'])) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'No rank was set.',
'success' => 0,
];
break;
}
// Check if the user is part of the rank
if (!$currentUser->hasRanks([$_POST['rank']])) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You are not in this rank.',
'success' => 0,
];
break;
}
// Leaving
if (isset($_POST['remove'])) {
// Check if we're not trying to leave hardranks
if ($_POST['rank'] <= 2) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You can\'t remove this rank.',
'success' => 0,
];
break;
}
// Remove the rank
$currentUser->removeRanks([$_POST['rank']]);
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Removed the rank from your account.',
'success' => 0,
];
break;
}
// Set as default
$currentUser->setMainRank($_POST['rank']);
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Changed your main rank!',
'success' => 0,
];
break;
// Sessions
case 'sessions':
// Check if sessionid is set
if (!isset($_POST['sessionid'])) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'A required field wasn\'t set.',
'success' => 0,
];
break;
}
// Check if sessionid is set to all
if ($_POST['sessionid'] === 'all') {
// Delete all sessions assigned to the current user
DB::table('sessions')
->where('user_id', $currentUser->id)
->delete();
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Killed all active sessions!',
'success' => 1,
];
break;
}
// Check if the session is owned by the current user
$us = DB::table('sessions')
->where('user_id', $currentUser->id)
->where('session_id', $_POST['sessionid'])
->count();
if (!$us) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'The session you tried to kill doesn\'t exist.',
'success' => 0,
];
break;
}
// Delete the session
DB::table('sessions')
->where('user_id', $currentUser->id)
->where('session_id', $_POST['sessionid'])
->delete();
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Killed the session!',
'success' => 1,
];
break;
// Deactivation
case 'deactivate':
// Check permissions
if (!$currentUser->permission(Site::DEACTIVATE_ACCOUNT)) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'You aren\'t allowed to deactivate your account.',
'success' => 0,
];
break;
}
// Check fields
if (!isset($_POST['username'])
|| !isset($_POST['password'])
|| !isset($_POST['email'])
|| !isset($_POST['sensitive'])) {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'One or more forms wasn\'t set.',
'success' => 0,
];
break;
}
// Check values
if ($_POST['username'] !== $currentUser->username
|| !Hashing::validatePassword($_POST['password'], [$currentUser->passwordAlgo, $currentUser->passwordIter, $currentUser->passwordSalt, $currentUser->passwordHash])
|| $_POST['email'] !== $currentUser->email
|| md5($_POST['sensitive']) !== '81df445067d92dd02db9098ba82b0167') {
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'One or more forms wasn\'t correct.',
'success' => 0,
];
break;
}
// Deactivate account
$currentUser->removeRanks(array_keys($currentUser->ranks));
$currentUser->addRanks([1]);
$currentUser->setMainRank(1);
// Set render data
$renderData['page'] = [
'redirect' => $redirect,
'message' => 'Your account has been deactivated!',
'success' => 1,
];
break;
// Fallback // Fallback
default: default:
// Set render data // Set render data
$renderData['page'] = [ $renderData['page'] = [
'redirect' => $redirect, 'redirect' => $redirect,
'message' => 'The requested method does not exist.', 'message' => 'The requested method does not exist.',
'success' => 0, 'success' => 0,
]; ];
break; break;
@ -651,10 +281,8 @@ if (ActiveUser::$user->id) {
'home' => [ 'home' => [
'title' => 'Home', 'title' => 'Home',
'description' => [ 'description' => [
'Welcome to the Settings Panel. 'Welcome to the Settings Panel.
From here you can monitor, view and update your profile and preferences.', From here you can monitor, view and update your profile and preferences.',
], ],
'access' => !$currentUser->permission(Site::DEACTIVATED), 'access' => !$currentUser->permission(Site::DEACTIVATED),
'menu' => true, 'menu' => true,
@ -906,15 +534,6 @@ if (ActiveUser::$user->id) {
'max_size_view' => byte_symbol(Config::get($mode . '_max_fsize')), 'max_size_view' => byte_symbol(Config::get($mode . '_max_fsize')),
]; ];
break; break;
// Sessions
case 'advanced.sessions':
$sessions = DB::table('sessions')
->where('user_id', $currentUser->id)
->get();
$renderData['sessions'] = $sessions;
break;
} }
// Set parse variables // Set parse variables

View file

@ -11,7 +11,7 @@ Router::filter('logoutCheck', function () {
if (ActiveUser::$user->isActive()) { if (ActiveUser::$user->isActive()) {
$message = "You must be logged out to do that!"; $message = "You must be logged out to do that!";
Template::vars(['page' => compact('message')]); Template::vars(compact('message'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -22,7 +22,7 @@ Router::filter('loginCheck', function () {
if (!ActiveUser::$user->isActive()) { if (!ActiveUser::$user->isActive()) {
$message = "You must be logged in to do that!"; $message = "You must be logged in to do that!";
Template::vars(['page' => compact('message')]); Template::vars(compact('message'));
return Template::render('global/information'); return Template::render('global/information');
} }
@ -199,10 +199,15 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () {
}); });
Router::get('/avatar', 'Settings.AppearanceController@avatar', 'settings.appearance.avatar'); Router::get('/avatar', 'Settings.AppearanceController@avatar', 'settings.appearance.avatar');
Router::post('/avatar', 'Settings.AppearanceController@avatar', 'settings.appearance.avatar');
Router::get('/background', 'Settings.AppearanceController@background', 'settings.appearance.background'); Router::get('/background', 'Settings.AppearanceController@background', 'settings.appearance.background');
Router::post('/background', 'Settings.AppearanceController@background', 'settings.appearance.background');
Router::get('/header', 'Settings.AppearanceController@header', 'settings.appearance.header'); Router::get('/header', 'Settings.AppearanceController@header', 'settings.appearance.header');
Router::post('/header', 'Settings.AppearanceController@header', 'settings.appearance.header');
Router::get('/userpage', 'Settings.AppearanceController@userpage', 'settings.appearance.userpage'); Router::get('/userpage', 'Settings.AppearanceController@userpage', 'settings.appearance.userpage');
Router::post('/userpage', 'Settings.AppearanceController@userpage', 'settings.appearance.userpage');
Router::get('/signature', 'Settings.AppearanceController@signature', 'settings.appearance.signature'); Router::get('/signature', 'Settings.AppearanceController@signature', 'settings.appearance.signature');
Router::post('/signature', 'Settings.AppearanceController@signature', 'settings.appearance.signature');
}); });
// Account section // Account section
@ -213,10 +218,15 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () {
}); });
Router::get('/email', 'Settings.AccountController@email', 'settings.account.email'); Router::get('/email', 'Settings.AccountController@email', 'settings.account.email');
Router::post('/email', 'Settings.AccountController@email', 'settings.account.email');
Router::get('/username', 'Settings.AccountController@username', 'settings.account.username'); Router::get('/username', 'Settings.AccountController@username', 'settings.account.username');
Router::post('/username', 'Settings.AccountController@username', 'settings.account.username');
Router::get('/title', 'Settings.AccountController@title', 'settings.account.title'); Router::get('/title', 'Settings.AccountController@title', 'settings.account.title');
Router::post('/title', 'Settings.AccountController@title', 'settings.account.title');
Router::get('/password', 'Settings.AccountController@password', 'settings.account.password'); Router::get('/password', 'Settings.AccountController@password', 'settings.account.password');
Router::post('/password', 'Settings.AccountController@password', 'settings.account.password');
Router::get('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks'); Router::get('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks');
Router::post('/ranks', 'Settings.AccountController@ranks', 'settings.account.ranks');
}); });
// Advanced section // Advanced section
@ -227,7 +237,9 @@ Router::group(['prefix' => 'settings', 'before' => 'loginCheck'], function () {
}); });
Router::get('/sessions', 'Settings.AdvancedController@sessions', 'settings.advanced.sessions'); Router::get('/sessions', 'Settings.AdvancedController@sessions', 'settings.advanced.sessions');
Router::post('/sessions', 'Settings.AdvancedController@sessions', 'settings.advanced.sessions');
Router::get('/deactivate', 'Settings.AdvancedController@deactivate', 'settings.advanced.deactivate'); Router::get('/deactivate', 'Settings.AdvancedController@deactivate', 'settings.advanced.deactivate');
Router::post('/deactivate', 'Settings.AdvancedController@deactivate', 'settings.advanced.deactivate');
}); });
}); });

View file

@ -10,12 +10,6 @@
<meta name="msapplication-TileColor" content="#9475b2" /> <meta name="msapplication-TileColor" content="#9475b2" />
<meta name="msapplication-TileImage" content="/content/images/icons/ms-icon-144x144.png" /> <meta name="msapplication-TileImage" content="/content/images/icons/ms-icon-144x144.png" />
<meta name="theme-color" content="#9475B2" /> <meta name="theme-color" content="#9475B2" />
{# want to start moving away from page.etc but older files are a thing #}
{% if message is not defined %}{% set message = page.message %}{% endif %}
{% if redirect is not defined %}{% set redirect = page.redirect %}{% endif %}
{% if redirectTimeout is not defined %}{% set redirectTimeout = page.redirectTimeout %}{% endif %}
{% if redirect %} {% if redirect %}
<meta http-equiv="refresh" content="{{ redirectTimeout ? redirectTimeout : '3' }}; URL={{ redirect }}" /> <meta http-equiv="refresh" content="{{ redirectTimeout ? redirectTimeout : '3' }}; URL={{ redirect }}" />
{% endif %} {% endif %}

View file

@ -1,19 +0,0 @@
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="emailAddressChangeForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="email" />
<h3 style="text-align: center;">Your e-mail address is currently set to <span style="font-weight: 700;">{{ user.email }}</span>.</h3>
<div class="profile-field">
<div><h2>E-mail address</h2></div>
<div><input type="text" name="email" placeholder="Enter your new e-mail address" class="inputStyling" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('emailAddressChangeForm', 'Changing E-mail address...');
});
</script>

View file

@ -1,26 +0,0 @@
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="changePasswordForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="password" />
<div class="profile-field">
<div><h2>Current Password</h2></div>
<div><input type="password" name="oldpassword" placeholder="Enter your current password for verification." class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div><input type="password" name="newpassword" placeholder="Enter your new password." class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Confirmation</h2></div>
<div><input type="password" name="newpasswordconfirm" placeholder="Enter your new password again to make sure you didn't fuck up." class="inputStyling" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('changePasswordForm', 'Changing password...');
});
</script>

View file

@ -1,22 +0,0 @@
<table class="settings-table">
<tbody>
{% for rank in user.ranks %}
<tr {% if rank.id == user.mainRankId %} class="current-session" {% endif %}>
<td style="font-weight: bold; color: {{ rank.colour }}; text-shadow: 0 0 7px {{ rank.colour }}; text-align: left;">
<a href="{{ route('members.rank', rank.id) }}" class="clean">{{ rank.name }}</a>
</td>
<td style="width: 90px;">
<form method="post" action="{{ sakura.currentPage }}">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="rank" value="{{ rank.id }}" />
<input type="hidden" name="mode" value="ranks" />
<input type="hidden" name="submit" value="hello" />
<button class="inputStyling small" name="default">Set as main</button>
<button class="inputStyling small" name="remove" {% if rank.id <= 2 %}disabled="disabled"{% endif %}>Remove</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>

View file

@ -1,24 +0,0 @@
{% set eligible = user.getUsernameHistory ? (date().timestamp - user.getUsernameHistory()[0].change_time) > 2592000 : true %}
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="changeUsernameForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="username" />
<h1 class="stylised" style="text-align: center; margin-top: 10px;{% if not eligible %} color: #c44;{% endif %}">You are {% if not eligible %}not {% endif %}eligible for a name change.</h1>
<h3 style="text-align: center;">{% if user.getUsernameHistory %}Your last name change was <time datetime="{{ user.getUsernameHistory[0]['change_time']|date('r') }}">{{ user.getUsernameHistory[0]['change_time']|date(config('date_format')) }}</time>.{% else %}This is your first username change.{% endif %}</h3>
{% if eligible %}
<div class="profile-field">
<div><h2>Username</h2></div>
<div><input type="text" name="username" placeholder="Enter your new username (at least {{ config('username_min_length') }} and at most {{ config('username_max_length') }} characters!)" class="inputStyling" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
{% endif %}
</form>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('changeUsernameForm', 'Changing username...');
});
</script>

View file

@ -1,19 +0,0 @@
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="changeUserTitleForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="usertitle" />
<h3 style="text-align: center;">Your current user title is:<br /><span style="font-weight: 700;">{{ user.title }}</span></h3>
<div class="profile-field">
<div><h2>Usertitle</h2></div>
<div><input type="text" name="usertitle" placeholder="Enter your new user title (Max 64 characters)" class="inputStyling" value="{{ user.userTitle }}" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('changeUserTitleForm', 'Updating Usertitle...');
});
</script>

View file

@ -1,37 +0,0 @@
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="changePasswordForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="deactivate" />
<div class="profile-field">
<div><h2>Username</h2></div>
<div><input type="text" name="username" placeholder="Case sensitive, must match completely" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Password</h2></div>
<div><input type="password" name="password" placeholder="Security" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>E-mail address</h2></div>
<div><input type="text" name="email" placeholder="More security" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Type &quot;I am one hundred percent sure that I want to deactivate my account.&quot; without the quotes.</h2></div>
<div><input type="text" name="sensitive" placeholder="Are you 100% case sensitively sure?" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div style="max-width: 512px; text-align: center; margin: 10px auto 0; background: repeating-linear-gradient(-45deg, #B33, #B33 10px, #B00 10px, #B00 20px); color: #FFF; border: 1px solid #C00; box-shadow: 0 0 3px #C00;">
<div>Before continuing realise that deactivating your account will remove you from every rank you're in and active Tenshi will not pause.</div>
<div>If your e-mail address is valid you can reactivate your account using the &quot;Resend Activation E-mail&quot; form on the authentication page.</div>
<div>Forum posts and other data you've published on the site <u><b>won't</b></u> be removed upon deactivation, if you want these gone you can go through them yourself.</div>
<div><h2>TL;DR: Deactivation removes all ranks from your account and won't be readded (except automated Tenshi) even if it was a joke.</h2></div>
</div>
</div>
<div class="profile-save">
<input style="background: repeating-linear-gradient(-45deg, #B33, #B33 10px, #B00 10px, #B00 20px); color: #FFF; border: 1px solid #C00; box-shadow: 0 0 3px #C00, inset 0 0 3px #C00;" type="submit" value="I understand, deactivate my account" name="submit" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('changePasswordForm', 'Changing password...');
});
</script>

View file

@ -1,41 +0,0 @@
<table class="settings-table">
<thead>
<tr><th style="width: 100px;">IP</th><th>Useragent</th><th style="width: 120px;">Login time</th><th></th></tr>
</thead>
<tfoot>
<tr><th>IP</th><th>Useragent</th><th>Login time</th><th></th></tr>
</tfoot>
<tbody>
{% for s in sessions %}
<tr {% if s.session_key == session.sessionId %} class="current-session"{% endif %}>
<td>
{{ s.user_ip }}
</td>
<td>
{{ s.user_agent }}
</td>
<td>
{{ s.session_start|date(config('date_format')) }}
</td>
<td style="width: 90px;">
<form method="post" action="{{ sakura.currentPage }}">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="sessionid" value="{{ s.session_id }}" />
<input type="hidden" name="mode" value="sessions" />
<button class="inputStyling small" name="submit">Kill</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<div class="profile-save">
<form method="post" action="{{ sakura.currentPage }}">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="sessionid" value="all" />
<input type="hidden" name="mode" value="sessions" />
<button class="inputStyling" name="submit">Kill all active sessions</button>
</form>
</div>

View file

@ -15,7 +15,7 @@
</div> </div>
</div> </div>
<div> <div>
<input type="submit" value="Submit" name="submit" class="inputStyling" /> <button value="{{ session_id() }}" name="session" class="inputStyling">Upload</button>
</div> </div>
</div> </div>
</form> </form>

View file

@ -1,15 +0,0 @@
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="signatureEditorForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="signature" />
<div><textarea name="signature" id="signatureEditor" class="inputStyling" style="width: calc(100% - 12px); height: 400px;">{{ user.signature }}</textarea></div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
window.addEventListener('load', function() {
prepareAjaxForm('signatureEditorForm', 'Updating signature...');
});
</script>

View file

@ -1,23 +0,0 @@
<!--div class="bbcode" id="userPagePreview" style="max-height: 500px; overflow-y: auto; background: #C2AEEE; box-shadow: inset 0 0 1em 1em #D3BFFF;">
<noscript>
<h1 class="stylised" style="margin: 1em auto;">The preview requires JavaScript, enable it.</h1>
</noscript>
</div-->
<hr class="default" />
<form enctype="multipart/form-data" method="post" action="{{ sakura.currentPage }}" id="userPageEditorForm">
<input type="hidden" name="sessid" value="{{ session_id() }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" />
<input type="hidden" name="mode" value="userpage" />
<div><textarea name="userpage" id="userPageEditor" placeholder="[header]Welcome to my userpage![/header]" class="inputStyling" style="width: calc(100% - 12px); height: 400px;">{% if user.page %}{{ user.page }}{% else %}[header]Welcome to my userpage![/header]{% endif %}</textarea></div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" />
<input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
<script type="text/javascript">
//document.getElementById('userPageEditor').addEventListener('keyup', updateUserPage);
window.addEventListener('load', function() {
prepareAjaxForm('userPageEditorForm', 'Updating user page...');
});
</script>

View file

@ -0,0 +1,21 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'E-mail address' %}
{% block description %}
<p>You e-mail address is used for password recovery and stuff like that!</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.email') }}">
<h3 style="text-align: center;">Your e-mail address is currently set to <span style="font-weight: 700;">{{ user.email }}</span>.</h3>
<div class="profile-field">
<div><h2>E-mail address</h2></div>
<div><input type="text" name="email" placeholder="Enter your new e-mail address" class="inputStyling" /></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -0,0 +1,3 @@
{% extends 'settings/master.twig' %}
{% set category = 'Account' %}

View file

@ -0,0 +1,24 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Password' %}
{% block description %}
<p>Used to authenticate with the site and certain related services.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.password') }}">
<div class="profile-field">
<div><h2>Current Password</h2></div>
<div><input type="password" name="current" placeholder="Enter your current password." class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div><input type="password" name="password" placeholder="Enter your new password." class="inputStyling" /></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -0,0 +1,29 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Ranks' %}
{% block description %}
<p>Manage what ranks you're in and what is set as your main rank. Your main rank is highlighted. You get the permissions of all of the ranks you're in combined.</p>
{% endblock %}
{% block settingsContent %}
<table class="settings-table">
<tbody>
{% for rank in user.ranks %}
<tr {% if rank.id == user.mainRankId %} class="current-session" {% endif %}>
<td style="font-weight: bold; color: {{ rank.colour }}; text-shadow: 0 0 7px {{ rank.colour }}; text-align: left;">
<a href="{{ route('members.rank', rank.id) }}" class="clean">{{ rank.name }}</a>
</td>
<td style="width: 90px;">
<form method="post" action="{{ sakura.currentPage }}">
<input type="hidden" name="session" value="{{ session_id() }}" />
<input type="hidden" name="rank" value="{{ rank.id }}" />
<button class="inputStyling small" name="mode" value="main">Set as main</button>
<button class="inputStyling small" name="mode" value="remove" {% if rank.id in locked %}disabled="disabled"{% endif %}>Remove</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% endblock %}

View file

@ -0,0 +1,21 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Title' %}
{% block description %}
<p>That little piece of text displayed besides your username in most places.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.title') }}">
<h3 style="text-align: center;">Your current user title is:<br /><span style="font-weight: 700;">{{ user.title }}</span></h3>
<div class="profile-field">
<div><h2>New title</h2></div>
<div><input type="text" name="title" placeholder="Enter your new user title (Max 64 characters)" class="inputStyling" value="{{ user.title }}" /></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
</form>
{% endblock %}

View file

@ -0,0 +1,27 @@
{% extends 'settings/account/master.twig' %}
{% set mode = 'Username' %}
{% block description %}
<p>Probably the biggest part of your identity on a site.</p>
<p><b>You can only change this once every 30 days so choose wisely.</b></p>
{% endblock %}
{% set eligible = user.getUsernameHistory ? (date().timestamp - user.getUsernameHistory()[0].change_time) > 2592000 : true %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.account.username') }}">
<h1 class="stylised" style="text-align: center; margin-top: 10px;{% if not eligible %} color: #c44;{% endif %}">You are {% if not eligible %}not {% endif %}eligible for a name change.</h1>
<h3 style="text-align: center;">{% if user.getUsernameHistory %}Your last name change was <time datetime="{{ user.getUsernameHistory[0]['change_time']|date('r') }}">{{ user.getUsernameHistory[0]['change_time']|date(config('date_format')) }}</time>.{% else %}This is your first username change.{% endif %}</h3>
{% if eligible %}
<div class="profile-field">
<div><h2>Username</h2></div>
<div><input type="text" name="username" placeholder="Enter your new username (at least {{ config('username_min_length') }} and at most {{ config('username_max_length') }} characters!)" class="inputStyling" /></div>
</div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
</div>
{% endif %}
</form>
{% endblock %}

View file

@ -0,0 +1,21 @@
{% extends 'settings/advanced/master.twig' %}
{% set mode = 'Deactivate' %}
{% block description %}
<p>You can deactivate your account here if you want to leave :(.</p>
<p>This will remove your account from every rank it's a part of and make you unable to login.</p>
<p>If you have an active Tenshi tag on your account it won't pause while your account is deactivated.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.advanced.deactivate') }}">
<div class="profile-field">
<div><h2>Enter your password to continue</h2></div>
<div><input type="password" name="password" class="inputStyling" /></div>
</div>
<div class="profile-save">
<button style="background: repeating-linear-gradient(-45deg, #B33, #B33 10px, #B00 10px, #B00 20px); color: #FFF; border: 1px solid #C00; box-shadow: 0 0 3px #C00, inset 0 0 3px #C00;" name="session" value="{{ session_id() }}" class="inputStyling">I understand, deactivate my account</button>
</div>
</form>
{% endblock %}

View file

@ -1,9 +1,11 @@
{% extends 'settings/advanced/master.twig' %} {% extends 'settings/advanced/master.twig' %}
{% set mode = 'Home' %} {% set mode = 'Sessions' %}
{% block description %} {% block description %}
<p>Welcome to the Settings Panel! From here you can monitor, view and update your profile and preferences.</p> <p>Session keys are a way of identifying yourself with the system without keeping your password in memory.</p>
<p>If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn't be here hit the Kill button to kill the selected session.</p>
<p>If you get logged out after clicking one you've most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.</p>
{% endblock %} {% endblock %}
{% block settingsContent %} {% block settingsContent %}
@ -27,12 +29,9 @@
<time datetime="{{ s.session_start|date('r') }}">{{ s.session_start|date(config('date_format')) }}</time> <time datetime="{{ s.session_start|date('r') }}">{{ s.session_start|date(config('date_format')) }}</time>
</td> </td>
<td style="width: 90px;"> <td style="width: 90px;">
<form method="post" action="/settings.php?cat=advanced&amp;mode=sessions"> <form method="post" action="{{ route('settings.advanced.sessions') }}">
<input type="hidden" name="sessid" value="{{ session_id() }}" /> <input type="hidden" name="id" value="{{ s.session_id }}" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" /> <button class="inputStyling small" name="session" value="{{ session_id() }}">Kill</button>
<input type="hidden" name="sessionid" value="{{ s.session_id }}" />
<input type="hidden" name="mode" value="sessions" />
<button class="inputStyling small" name="submit">Kill</button>
</form> </form>
</td> </td>
</tr> </tr>
@ -40,12 +39,9 @@
</tbody> </tbody>
</table> </table>
<div class="profile-save"> <div class="profile-save">
<form method="post" action="/settings.php?cat=advanced&amp;mode=sessions"> <form method="post" action="{{ route('settings.advanced.sessions') }}">
<input type="hidden" name="sessid" value="{{ session_id() }}" /> <input type="hidden" name="all" value="1" />
<input type="hidden" name="timestamp" value="{{ date().timestamp }}" /> <button class="inputStyling" name="session" value="{{ session_id() }}">Kill all active sessions</button>
<input type="hidden" name="sessionid" value="all" />
<input type="hidden" name="mode" value="sessions" />
<button class="inputStyling" name="submit">Kill all active sessions</button>
</form> </form>
</div> </div>
{% endblock %} {% endblock %}

View file

@ -0,0 +1,35 @@
<script type="text/javascript">
var parser = new AJAX(),
textMax = {{ maxLength }},
form = document.getElementById("settingsEditor"),
preview = document.getElementById("settingsPreview");
parser.setUrl("{{ route('helper.bbcode.parse') }}");
parser.contentType("application/x-www-form-urlencoded");
function settingsPreview() {
var text = form.value;
if (text.length == 0) {
preview.innerHTML = "";
} else if (text.length > textMax) {
preview.innerHTML = "<span style='color: red;'>Too long!</span>";
} else {
parser.setSend({"text":text});
parser.addCallback(200, function () {
preview.innerHTML = parser.response();
var codeBlocks = preview.querySelectorAll("pre code");
for (var _i in codeBlocks) {
if ((typeof codeBlocks[_i]).toLowerCase() === 'object') {
hljs.highlightBlock(codeBlocks[_i]);
}
}
});
parser.start(HTTPMethods.POST);
}
}
</script>

View file

@ -0,0 +1,27 @@
{% extends 'settings/appearance/master.twig' %}
{% set mode = 'Header' %}
{% block description %}
<p>Maximum image size is {{ config('header_max_width') }}x{{ config('header_max_height') }}, minimum image size is {{ config('header_min_width') }}x{{ config('header_min_height') }}, maximum file size is {{ config('header_max_fsize')|byte_symbol }}.</p>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.appearance.header') }}">
<input type="hidden" name="MAX_FILE_SIZE" value="{{ config('header_max_fsize') }}" />
<div style="text-align: center;">
<div>
<img src="{{ route('user.header', user.id) }}" alt="Your Header" class="default-avatar-setting" style="max-width: 90%; max-height: 90%;" />
</div>
<div>
<input type="file" name="header" />
<div style="font-size: .8em;">
(Leave upload box empty to remove header)
</div>
</div>
<div>
<button value="{{ session_id() }}" name="session" class="inputStyling">Upload</button>
</div>
</div>
</form>
{% endblock %}

View file

@ -0,0 +1,3 @@
{% extends 'settings/master.twig' %}
{% set category = 'Appearance' %}

View file

@ -0,0 +1,21 @@
{% extends 'settings/appearance/master.twig' %}
{% set mode = 'Signature' %}
{% block description %}
<p>This signature is displayed at the end of all your posts on the forum.</p>
{% endblock %}
{% block settingsContent %}
<div class="bbcode" id="settingsPreview" style="max-height: 500px; overflow-y: auto; background: #C2AEEE; box-shadow: inset 0 0 1em 1em #D3BFFF;">{{ user.signature()|raw|nl2br }}</div>
<hr class="default" />
<form enctype="multipart/form-data" method="post" action="{{ route('settings.appearance.signature') }}">
<div><textarea name="signature" id="settingsEditor" class="inputStyling" style="width: calc(100% - 12px); height: 400px;">{{ user.signature }}</textarea></div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
<button type="button" class="inputStyling" onclick="settingsPreview();">Preview</button>
</div>
</form>
{% include 'settings/appearance/_preview.twig' %}
{% endblock %}

View file

@ -0,0 +1,21 @@
{% extends 'settings/appearance/master.twig' %}
{% set mode = 'Userpage' %}
{% block description %}
<p>The custom text that is displayed on your profile.</p>
{% endblock %}
{% block settingsContent %}
<div class="bbcode" id="settingsPreview" style="max-height: 500px; overflow-y: auto; background: #C2AEEE; box-shadow: inset 0 0 1em 1em #D3BFFF;">{{ user.userPage()|raw|nl2br }}</div>
<hr class="default" />
<form enctype="multipart/form-data" method="post" action="{{ route('settings.appearance.userpage') }}">
<div><textarea name="userpage" id="settingsEditor" class="inputStyling" style="width: calc(100% - 12px); height: 400px;">{% if user.page %}{{ user.page }}{% else %}[header]Welcome to my userpage![/header]{% endif %}</textarea></div>
<div class="profile-save">
<button value="{{ session_id() }}" name="session" class="inputStyling">Save</button>
<button type="reset" class="inputStyling">Reset</button>
<button type="button" class="inputStyling" onclick="settingsPreview();">Preview</button>
</div>
</form>
{% include 'settings/appearance/_preview.twig' %}
{% endblock %}