(time() - 1000) && isset($_REQUEST['session']) && $_REQUEST['session'] == session_id()) { // Get the user's notifications from the past forever but exclude read notifications $alerts = $currentUser->notifications(); // Add the proper values to the array foreach ($alerts as $alert) { // Add the notification to the display array $notifications[$alert->id] = [ 'read' => $alert->read, 'title' => $alert->title, 'text' => $alert->text, 'link' => $alert->link, 'img' => $alert->image, 'timeout' => $alert->timeout, 'sound' => $alert->sound, ]; $alert->toggleRead(); $alert->save(); } } // Check if friendOnline is set (so it doesn't tell you all your friends all online on first visit) $onlineFriends = isset($_SESSION['friendsOnline']) ? $_SESSION['friendsOnline'] : []; $onlineNotify = isset($_SESSION['friendsOnline']); // Set friendsOnline if (!$onlineNotify) { $_SESSION['friendsOnline'] = []; } // Populate the array foreach ($currentUser->friends(1) as $friend) { // Online status $online = $friend->isOnline(); // If true check if they're already in the array if ($online && !in_array($friend->id, $onlineFriends)) { // Add user to the online array $_SESSION['friendsOnline'][$friend->id] = $friend->id; // Add the notification to the display array if ($onlineNotify) { $notifications[] = [ 'read' => 0, 'title' => $friend->username . ' is online.', 'text' => '', 'link' => '', 'img' => Router::route('file.avatar', $friend->id), 'timeout' => 2000, 'sound' => false, ]; } } elseif (!$online && in_array($friend->id, $onlineFriends)) { // Remove the person from the array unset($_SESSION['friendsOnline'][$friend->id]); // Add the notification to the display array if ($onlineNotify) { $notifications[] = [ 'read' => 0, 'title' => $friend->username . ' is offline.', 'text' => '', 'link' => '', 'img' => Router::route('file.avatar', $friend->id), 'timeout' => 2000, 'sound' => false, ]; } } } // Set header, convert the array to json, print it and exit echo json_encode($notifications, JSON_NUMERIC_CHECK); exit; } elseif (isset($_REQUEST['comment-action']) && $_REQUEST['comment-action']) { // Referrer $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index')); // Continue $continue = true; // Match session ids for the same reason if (!Users::checkLogin()) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You must be logged in to do that!', 'success' => 0, ]; // Prevent $continue = false; } // Match session ids for the same reason if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Invalid session, please try again.', 'success' => 0, ]; // Prevent $continue = false; } // Match session ids for the same reason if (!isset($_REQUEST['category'])) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'No category was set.', 'success' => 0, ]; // Prevent $continue = false; } // Select the right action if ($continue) { $comments = new Comments($_REQUEST['category']); switch (isset($_REQUEST['mode']) ? $_REQUEST['mode'] : false) { case 'vote': $comment = $comments->getComment(isset($_REQUEST['id']) ? $_REQUEST['id'] : 0); // Check if the comment was actually made by the current user if (!$comment) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The requested comment does not exist.', 'success' => 0, ]; break; } // Check if the user can delete comments if (!$currentUser->permission(Site::VOTE_COMMENTS)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to vote on comments.', 'success' => 0, ]; break; } $comments->makeVote( $currentUser->id, isset($_REQUEST['id']) ? $_REQUEST['id'] : 0, isset($_REQUEST['state']) && $_REQUEST['state'] ? '1' : '0' ); $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your vote has been cast!', 'success' => 1, ]; break; case 'delete': $comment = $comments->getComment(isset($_REQUEST['id']) ? $_REQUEST['id'] : 0); // Check if the comment was actually made by the current user if (!$comment) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The requested comment does not exist.', 'success' => 0, ]; break; } // Check if the user can delete comments if (!$currentUser->permission(Site::DELETE_COMMENTS)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to delete comments.', 'success' => 0, ]; break; } // Check if the comment was actually made by the current user if ($comment['comment_poster'] !== $currentUser->id) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You can\'t delete the comments of others.', 'success' => 0, ]; break; } $comments->removeComment(isset($_REQUEST['id']) ? $_REQUEST['id'] : 0); $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The comment has been deleted!', 'success' => 1, ]; break; case 'comment': // Check if the user can delete comments if (!$currentUser->permission(Site::CREATE_COMMENTS)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to comment.', 'success' => 0, ]; break; } // Attempt to make a new comment $comment = $comments->makeComment($currentUser->id, $_POST['replyto'], $_POST['comment']); // Messages $messages = [ 'TOO_SHORT' => 'The comment you\'re trying to make is too short!', 'TOO_LONG' => 'The comment you\'re trying to make is too long!', 'SUCCESS' => 'Posted!', ]; $renderData['page'] = [ 'redirect' => $redirect, 'message' => $messages[$comment[1]], 'success' => $comment[0], ]; break; default: $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Unknown action.', 'success' => 0, ]; } } // Print page contents or if the AJAX request is set only display the render data if (isset($_REQUEST['ajax'])) { echo $renderData['page']['message'] . '|' . $renderData['page']['success'] . '|' . $renderData['page']['redirect']; } else { // If not allowed print the restricted page Template::vars($renderData); // Print page contents echo Template::render('global/information'); } exit; } elseif (isset($_REQUEST['friend-action']) && $_REQUEST['friend-action'] && Users::checkLogin()) { // Continue $continue = true; // Referrer $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index')); // Compare time and session so we know the link isn't forged if (!isset($_REQUEST['add']) && !isset($_REQUEST['remove'])) { if (!isset($_REQUEST['ajax'])) { header('Location: ' . $redirect); exit; } $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'One of the required operators isn\'t set.', 'success' => 0, ]; // Prevent $continue = false; } // Compare time and session so we know the link isn't forged if ($continue && $_REQUEST[(isset($_REQUEST['add']) ? 'add' : 'remove')] == $currentUser->id) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You can\'t be friends with yourself, stop trying to bend reality.', 'success' => 0, ]; // Prevent $continue = false; } // Compare time and session so we know the link isn't forged if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Timestamps differ too much, refresh the page and try again.', 'success' => 0, ]; // Prevent $continue = false; } // Match session ids for the same reason if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Invalid session, please try again.', 'success' => 0, ]; // Prevent $continue = false; } // Continue if nothing fucked up if ($continue) { // Execute the action $action = (isset($_REQUEST['add']) ? $currentUser->addFriend($_REQUEST['add']) : $currentUser->removeFriend($_REQUEST['remove'], true)); // Set the messages $messages = [ 'USER_NOT_EXIST' => 'The user you tried to add doesn\'t exist.', 'ALREADY_FRIENDS' => 'You are already friends with this person!', 'FRIENDS' => 'You are now mutual friends!', 'NOT_MUTUAL' => 'A friend request has been sent to this person.', 'ALREADY_REMOVED' => 'You aren\'t friends with this person.', 'REMOVED' => 'Removed this person from your friends list.', ]; // Notification strings $notifStrings = [ 'FRIENDS' => ['%s accepted your friend request!', 'You can now do mutual friend things!'], 'NOT_MUTUAL' => ['%s added you as a friend!', 'Click here to add them as well.'], 'REMOVED' => ['%s removed you from their friends.', 'You can no longer do friend things now ;_;'], ]; // Add page specific things $renderData['page'] = [ 'redirect' => $redirect, 'message' => $messages[$action[1]], 'success' => $action[0], ]; // Create a notification if (array_key_exists($action[1], $notifStrings)) { // Get the current user's profile data $user = User::construct($currentUser->id); $friend = User::construct($_REQUEST[(isset($_REQUEST['add']) ? 'add' : 'remove')]); $alert = new Notification; $alert->user = $friend->id; $alert->time = time(); $alert->sound = true; $alert->title = sprintf($notifStrings[$action[1]][0], $user->username); $alert->text = $notifStrings[$action[1]][1]; $alert->image = Router::route('file.avatar', $user->id); $alert->timeout = 60000; $alert->link = Router::route('user.profile', $user->id); $alert->save(); } } // Print page contents or if the AJAX request is set only display the render data if (isset($_REQUEST['ajax'])) { echo $renderData['page']['message'] . '|' . $renderData['page']['success'] . '|' . $renderData['page']['redirect']; } else { // If not allowed print the restricted page Template::vars($renderData); // Print page contents echo Template::render('global/information'); } exit; } elseif (isset($_POST['submit']) && isset($_POST['submit'])) { $continue = true; // Set redirector $redirect = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SETTINGS_INDEX'); // Check if the user is logged in if (!Users::checkLogin() || !$continue) { $renderData['page'] = [ 'redirect' => '/authenticate', 'message' => 'You must be logged in to edit your settings.', 'success' => 0, ]; $continue = false; } // Check session variables if (!isset($_POST['timestamp']) || !isset($_POST['mode']) || $_POST['timestamp'] < time() - 1000 || !isset($_POST['sessid']) || $_POST['sessid'] != session_id() || !$continue) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your session has expired, please refresh the page and try again.', 'success' => 0, ]; $continue = false; } // Change settings if ($continue) { // Switch to the correct mode switch ($_POST['mode']) { // Avatar & Background case 'avatar': case 'background': case 'header': // Assign $_POST['mode'] to a $mode variable because I ain't typin that more than once $mode = $_POST['mode']; // Assign the correct column and title to a variable switch ($mode) { case 'background': $column = 'user_background'; $msgTitle = 'Background'; $current = $currentUser->background; $permission = $currentUser->permission(Site::CHANGE_BACKGROUND); break; case 'header': $column = 'user_header'; $msgTitle = 'Header'; $current = $currentUser->header; $permission = $currentUser->permission(Site::CHANGE_HEADER); break; case 'avatar': default: $column = 'user_avatar'; $msgTitle = 'Avatar'; $current = $currentUser->avatar; $permission = $currentUser->permission(Site::CHANGE_AVATAR); } // Check if the user has the permissions to go ahead if (!$permission) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You are not allowed to alter your ' . strtolower($msgTitle) . '.', 'success' => 0, ]; break; } // Set path variables $filename = strtolower($msgTitle) . '_' . $currentUser->id; // Check if $_FILES is set if (!isset($_FILES[$mode]) && empty($_FILES[$mode])) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'No file was uploaded.', 'success' => 0, ]; break; } // Check if the upload went properly if ($_FILES[$mode]['error'] !== UPLOAD_ERR_OK && $_FILES[$mode]['error'] !== UPLOAD_ERR_NO_FILE) { // Get the error in text switch ($_FILES[$mode]['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $msg = 'The uploaded file exceeds the maximum filesize!'; break; case UPLOAD_ERR_PARTIAL: $msg = 'The upload was interrupted!'; break; case UPLOAD_ERR_NO_TMP_DIR: case UPLOAD_ERR_CANT_WRITE: $msg = 'Unable to save file to temporary location, contact the administrator!'; break; case UPLOAD_ERR_EXTENSION: default: $msg = 'An unknown exception occurred!'; break; } // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => $msg, 'success' => 0, ]; break; } // Check if we're not in removal mode if ($_FILES[$mode]['error'] != UPLOAD_ERR_NO_FILE) { // Get the meta data $metadata = getimagesize($_FILES[$mode]['tmp_name']); // Check if the image is actually an image if (!$metadata) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Uploaded file is not an image.', 'success' => 0, ]; break; } // Check if the image is an allowed filetype if ((($metadata[2] !== IMAGETYPE_GIF) && ($metadata[2] !== IMAGETYPE_JPEG) && ($metadata[2] !== IMAGETYPE_PNG))) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'This filetype is not allowed.', 'success' => 0, ]; break; } // Check if the image is too large if (($metadata[0] > Config::get($mode . '_max_width') || $metadata[1] > Config::get($mode . '_max_height'))) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The resolution of this picture is too big.', 'success' => 0, ]; break; } // Check if the image is too small if (($metadata[0] < Config::get($mode . '_min_width') || $metadata[1] < Config::get($mode . '_min_height'))) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The resolution of this picture is too small.', 'success' => 0, ]; break; } // Check if the file is too large if ((filesize($_FILES[$mode]['tmp_name']) > Config::get($mode . '_max_fsize'))) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The filesize of this file is too large.', 'success' => 0, ]; break; } } // Open the old file and remove it $oldFile = new File($current); $oldFile->delete(); unset($oldFile); $fileId = 0; if ($_FILES[$mode]['error'] != UPLOAD_ERR_NO_FILE) { // Append extension to filename $filename .= image_type_to_extension($metadata[2]); // Store the file $file = File::create(file_get_contents($_FILES[$mode]['tmp_name']), $filename, $currentUser); // Assign the file id to a variable $fileId = $file->id; } // Update table DB::table('users') ->where('user_id', $currentUser->id) ->update([ $column => $fileId, ]); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Updated your ' . strtolower($msgTitle) . '!', 'success' => 1, ]; break; // Profile case 'profile': // Get profile fields and create storage var $fields = Users::getProfileFields(); // Delete all profile fields DB::table('user_profilefields') ->where('user_id', $currentUser->id) ->delete(); // Go over each field foreach ($fields as $field) { // Add to the store array if (isset($_POST['profile_' . $field['field_identity']]) && !empty($_POST['profile_' . $field['field_identity']])) { DB::table('user_profilefields') ->insert([ 'user_id' => $currentUser->id, 'field_name' => $field['field_identity'], 'field_value' => $_POST['profile_' . $field['field_identity']], ]); } // Check if there's additional values we should keep in mind if (isset($field['field_additional']) && !empty($field['field_additional'])) { // Go over each additional value foreach ($field['field_additional'] as $addKey => $addVal) { // Add to the array $store = (isset($_POST['profile_additional_' . $addKey]) || !empty($_POST['profile_additional_' . $addKey])) ? $_POST['profile_additional_' . $addKey] : false; DB::table('user_profilefields') ->insert([ 'user_id' => $currentUser->id, 'field_name' => $addKey, 'field_value' => $store, ]); } } } // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your profile has been updated!', 'success' => 1, ]; // Birthdays if (isset($_POST['birthday_day']) && isset($_POST['birthday_month']) && isset($_POST['birthday_year'])) { // Check if the values aren't fucked with if ($_POST['birthday_day'] < 0 || $_POST['birthday_day'] > 31 || $_POST['birthday_month'] < 0 || $_POST['birthday_month'] > 12 || ( $_POST['birthday_year'] != 0 && $_POST['birthday_year'] < (date("Y") - 100) ) || $_POST['birthday_year'] > date("Y")) { $renderData['page']['message'] = 'Your birthdate is invalid.'; $renderData['page']['success'] = 0; break; } // Check if the values aren't fucked with if (( $_POST['birthday_day'] < 1 && $_POST['birthday_month'] > 0 ) || ( $_POST['birthday_day'] > 0 && $_POST['birthday_month'] < 1) ) { $renderData['page']['message'] = 'Only setting a day or month is disallowed.'; $renderData['page']['success'] = 0; break; } // Check if the values aren't fucked with if ($_POST['birthday_year'] > 0 && ( $_POST['birthday_day'] < 1 || $_POST['birthday_month'] < 1 ) ) { $renderData['page']['message'] = 'Only setting a year is disallowed.'; $renderData['page']['success'] = 0; break; } $birthdate = implode( '-', [$_POST['birthday_year'], $_POST['birthday_month'], $_POST['birthday_day']] ); DB::table('users') ->where('user_id', $currentUser->id) ->update([ 'user_birthday' => $birthdate, ]); } break; // Site Options case 'options': // Get profile fields and create storage var $fields = Users::getOptionFields(); // Delete all option fields for this user DB::table('user_optionfields') ->where('user_id', $currentUser->id) ->delete(); // Go over each field foreach ($fields as $field) { // Make sure the user has sufficient permissions to complete this action if (!$currentUser->permission(constant('Sakura\Perms\Site::' . $field['option_permission']))) { continue; } if (isset($_POST['option_' . $field['option_id']]) && !empty($_POST['option_' . $field['option_id']])) { DB::table('user_optionfields') ->insert([ 'user_id' => $currentUser->id, 'field_name' => $field['option_id'], 'field_value' => $_POST['option_' . $field['option_id']], ]); } } // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Changed your options!', 'success' => 1, ]; break; // Usertitle case 'usertitle': // Check permissions if (!$currentUser->permission(Site::CHANGE_USERTITLE)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to change your usertitle.', 'success' => 0, ]; break; } // Check length if (isset($_POST['usertitle']) ? (strlen($_POST['usertitle']) > 64) : false) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your usertitle is too long.', 'success' => 0, ]; break; } // Update database DB::table('users') ->where('user_id', $currentUser->id) ->update([ 'user_title' => (isset($_POST['usertitle']) ? $_POST['usertitle'] : null), ]); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Updated your usertitle!', 'success' => 1, ]; break; // Username changing case 'username': // Check permissions if (!$currentUser->permission(Site::CHANGE_USERNAME)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to change your username.', 'success' => 0, ]; break; } // Attempt username change $userNameChange = $currentUser->setUsername(isset($_POST['username']) ? $_POST['username'] : ''); // Messages $messages = [ 'TOO_SHORT' => 'Your new name is too short!', 'TOO_LONG' => 'Your new name is too long!', 'TOO_RECENT' => 'The username you tried to use is reserved, try again later.', 'IN_USE' => 'Someone already has this username!', 'SUCCESS' => 'Successfully changed your username!', ]; // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => $messages[$userNameChange[1]], 'success' => $userNameChange[0], ]; break; // E-mail changing case 'email': // Check permissions if (!$currentUser->permission(Site::CHANGE_EMAIL)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to change your e-mail address.', 'success' => 0, ]; break; } // Attempt e-mail change $emailChange = $currentUser->setEMailAddress(isset($_POST['email']) ? $_POST['email'] : ''); // Messages $messages = [ 'INVALID' => 'Your e-mail isn\'t considered valid!', 'IN_USE' => 'This e-mail address has already been used!', 'SUCCESS' => 'Successfully changed your e-mail address!', ]; // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => $messages[$emailChange[1]], 'success' => $emailChange[0], ]; break; // Password changing case 'password': // Check permissions if (!$currentUser->permission(Site::CHANGE_PASSWORD)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to change your password.', 'success' => 0, ]; break; } // Attempt password change $passChange = $currentUser->setPassword(isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '', isset($_POST['newpassword']) ? $_POST['newpassword'] : '', isset($_POST['newpasswordconfirm']) ? $_POST['newpasswordconfirm'] : ''); // Messages $messages = [ 'NO_LOGIN' => 'How are you even logged in right now?', 'INCORRECT_PASSWORD' => 'The password you provided is incorrect!', 'PASS_TOO_SHIT' => 'Your password isn\'t strong enough!', 'PASS_NOT_MATCH' => 'Your new passwords don\'t match!', 'SUCCESS' => 'Successfully changed your password!', ]; // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => $messages[$passChange[1]], 'success' => $passChange[0], ]; break; // Userpage case 'userpage': if (!isset($_POST['userpage'])) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'No userpage was supplied.', 'success' => 0, ]; } // Update database DB::table('users') ->where('user_id', $currentUser->id) ->update([ 'user_page' => $_POST['userpage'], ]); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your userpage has been updated!', 'success' => 1, ]; break; // Signature case 'signature': if (!isset($_POST['signature'])) { // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'No signature was supplied.', 'success' => 0, ]; } // Update database DB::table('users') ->where('user_id', $currentUser->id) ->update([ 'user_signature' => $_POST['signature'], ]); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your signature has been updated!', 'success' => 1, ]; break; // Ranks case 'ranks': // Check submit data if (!isset($_POST['rank'])) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'No rank was set.', 'success' => 0, ]; break; } // Check if the user is part of the rank if (!$currentUser->hasRanks([$_POST['rank']])) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You are not in this rank.', 'success' => 0, ]; break; } // Leaving if (isset($_POST['remove'])) { // Check if we're not trying to leave hardranks if ($_POST['rank'] <= 2) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You can\'t remove this rank.', 'success' => 0, ]; break; } // Remove the rank $currentUser->removeRanks([$_POST['rank']]); $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Removed the rank from your account.', 'success' => 0, ]; break; } // Set as default $currentUser->setMainRank($_POST['rank']); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Changed your main rank!', 'success' => 0, ]; break; // Sessions case 'sessions': // Check if sessionid is set if (!isset($_POST['sessionid'])) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'A required field wasn\'t set.', 'success' => 0, ]; break; } // Check if sessionid is set to all if ($_POST['sessionid'] === 'all') { // Delete all sessions assigned to the current user DB::table('sessions') ->where('user_id', $currentUser->id) ->delete(); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Killed all active sessions!', 'success' => 1, ]; break; } // Check if the session is owned by the current user $us = DB::table('sessions') ->where('user_id', $currentUser->id) ->where('session_id', $_POST['sessionid']) ->count(); if (!$us) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The session you tried to kill doesn\'t exist.', 'success' => 0, ]; break; } // Delete the session DB::table('sessions') ->where('user_id', $currentUser->id) ->where('session_id', $_POST['sessionid']) ->delete(); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Killed the session!', 'success' => 1, ]; break; // Deactivation case 'deactivate': // Check permissions if (!$currentUser->permission(Site::DEACTIVATE_ACCOUNT)) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'You aren\'t allowed to deactivate your account.', 'success' => 0, ]; break; } // Check fields if (!isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['email']) || !isset($_POST['sensitive'])) { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'One or more forms wasn\'t set.', 'success' => 0, ]; break; } // Check values if ($_POST['username'] !== $currentUser->username || !Hashing::validatePassword($_POST['password'], [$currentUser->passwordAlgo, $currentUser->passwordIter, $currentUser->passwordSalt, $currentUser->passwordHash]) || $_POST['email'] !== $currentUser->email || md5($_POST['sensitive']) !== '81df445067d92dd02db9098ba82b0167') { $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'One or more forms wasn\'t correct.', 'success' => 0, ]; break; } // Deactivate account $currentUser->removeRanks(array_keys($currentUser->ranks)); $currentUser->addRanks([1]); $currentUser->setMainRank(1); // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'Your account has been deactivated!', 'success' => 1, ]; break; // Fallback default: // Set render data $renderData['page'] = [ 'redirect' => $redirect, 'message' => 'The requested method does not exist.', 'success' => 0, ]; break; } } // Print page contents or if the AJAX request is set only display the render data if (isset($_REQUEST['ajax'])) { echo $renderData['page']['message'] . '|' . $renderData['page']['success'] . '|' . $renderData['page']['redirect']; } else { // If not allowed print the restricted page Template::vars($renderData); // Print page contents echo Template::render('global/information'); } exit; } if (Users::checkLogin()) { // Settings page list $pages = [ 'general' => [ 'title' => 'General', 'modes' => [ 'home' => [ 'title' => 'Home', 'description' => [ 'Welcome to the Settings Panel. From here you can monitor, view and update your profile and preferences.', ], 'access' => !$currentUser->permission(Site::DEACTIVATED), 'menu' => true, ], 'profile' => [ 'title' => 'Edit Profile', 'description' => [ 'These are the external account links etc. on your profile, shouldn\'t need any additional explanation for this one.', ], 'access' => $currentUser->permission(Site::ALTER_PROFILE), 'menu' => true, ], 'options' => [ 'title' => 'Site Options', 'description' => [ 'These are a few personalisation options for the site while you\'re logged in.', ], 'access' => !$currentUser->permission(Site::DEACTIVATED), 'menu' => true, ], ], ], 'friends' => [ 'title' => 'Friends', 'modes' => [ 'listing' => [ 'title' => 'Listing', 'description' => [ 'Manage your friends.', ], 'access' => $currentUser->permission(Site::MANAGE_FRIENDS), 'menu' => true, ], 'requests' => [ 'title' => 'Requests', 'description' => [ 'Handle friend requests.', ], 'access' => $currentUser->permission(Site::MANAGE_FRIENDS), 'menu' => true, ], ], ]/*, 'messages' => [ 'title' => 'Messages', 'modes' => [ 'inbox' => [ 'title' => 'Inbox', 'description' => [ 'The list of messages you\'ve received.', ], 'access' => $currentUser->permission(Site::USE_MESSAGES), 'menu' => true, ], 'sent' => [ 'title' => 'Sent', 'description' => [ 'The list of messages you\'ve sent to other users.', ], 'access' => $currentUser->permission(Site::USE_MESSAGES), 'menu' => true, ], 'compose' => [ 'title' => 'Compose', 'description' => [ 'Write a new message.', ], 'access' => $currentUser->permission(Site::SEND_MESSAGES), 'menu' => true, ], 'read' => [ 'title' => 'Read', 'description' => [ 'Read a message.', ], 'access' => $currentUser->permission(Site::USE_MESSAGES), 'menu' => false, ], ], ]*/, 'notifications' => [ 'title' => 'Notifications', 'modes' => [ 'history' => [ 'title' => 'History', 'description' => [ 'The history of notifications that have been sent to you in the last month.', ], 'access' => !$currentUser->permission(Site::DEACTIVATED), 'menu' => true, ], ], ], 'appearance' => [ 'title' => 'Appearance', 'modes' => [ 'avatar' => [ 'title' => 'Avatar', 'description' => [ 'Your avatar which is displayed all over the site and on your profile.', 'Maximum image size is {{ avatar.max_width }}x{{ avatar.max_height }}, minimum image size is {{ avatar.min_width }}x{{ avatar.min_height }}, maximum file size is {{ avatar.max_size_view }}.', ], 'access' => $currentUser->permission(Site::CHANGE_AVATAR), 'menu' => true, ], 'background' => [ 'title' => 'Background', 'description' => [ 'The background that is displayed on your profile.', 'Maximum image size is {{ background.max_width }}x{{ background.max_height }}, minimum image size is {{ background.min_width }}x{{ background.min_height }}, maximum file size is {{ background.max_size_view }}.', ], 'access' => $currentUser->permission(Site::CHANGE_BACKGROUND), 'menu' => true, ], 'header' => [ 'title' => 'Header', 'description' => [ 'The header that is displayed on your profile.', 'Maximum image size is {{ header.max_width }}x{{ header.max_height }}, minimum image size is {{ header.min_width }}x{{ header.min_height }}, maximum file size is {{ header.max_size_view }}.', ], 'access' => $currentUser->permission(Site::CHANGE_HEADER), 'menu' => true, ], 'userpage' => [ 'title' => 'Userpage', 'description' => [ 'The custom text that is displayed on your profile.', ], 'access' => ( $currentUser->page && $currentUser->permission(Site::CHANGE_USERPAGE) ) || $currentUser->permission(Site::CREATE_USERPAGE), 'menu' => true, ], 'signature' => [ 'title' => 'Signature', 'description' => [ 'This signature is displayed at the end of all your posts (unless you choose not to show it).', ], 'access' => $currentUser->permission(Site::CHANGE_SIGNATURE), 'menu' => true, ], ], ], 'account' => [ 'title' => 'Account', 'modes' => [ 'email' => [ 'title' => 'E-mail Address', 'description' => [ 'You e-mail address is used for password recovery and stuff like that, we won\'t spam you ;).', ], 'access' => $currentUser->permission(Site::CHANGE_EMAIL), 'menu' => true, ], 'username' => [ 'title' => 'Username', 'description' => [ 'Probably the biggest part of your identity on a site.', 'You can only change this once every 30 days so choose wisely.', ], 'access' => $currentUser->permission(Site::CHANGE_USERNAME), 'menu' => true, ], 'usertitle' => [ 'title' => 'Usertitle', 'description' => [ 'That little piece of text displayed under your username on your profile.', ], 'access' => $currentUser->permission(Site::CHANGE_USERTITLE), 'menu' => true, ], 'password' => [ 'title' => 'Password', 'description' => [ 'Used to authenticate with the site and certain related services.', ], 'access' => $currentUser->permission(Site::CHANGE_PASSWORD), 'menu' => true, ], 'ranks' => [ 'title' => 'Ranks', 'description' => [ 'Manage what ranks you\'re in and what is set as your main rank. Your main rank is highlighted. You get the permissions of all of the ranks you\'re in combined.', ], 'access' => $currentUser->permission(Site::ALTER_RANKS), 'menu' => true, ], ], ], 'advanced' => [ 'title' => 'Advanced', 'modes' => [ 'sessions' => [ 'title' => 'Sessions', 'description' => [ 'Session keys are a way of identifying yourself with the system without keeping your password in memory.', 'If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn\'t be here hit the Kill button to kill the selected session.', 'If you get logged out after clicking one you\'ve most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.', ], 'access' => $currentUser->permission(Site::MANAGE_SESSIONS), 'menu' => true, ], 'deactivate' => [ 'title' => 'Deactivate Account', 'description' => [ 'You can deactivate your account here if you want to leave :(.', ], 'access' => $currentUser->permission(Site::DEACTIVATE_ACCOUNT), 'menu' => true, ], ], ], ]; // Current settings page $category = isset($_GET['cat']) ? ( array_key_exists($_GET['cat'], $pages) ? $_GET['cat'] : false ) : array_keys($pages)[0]; $mode = false; // Only continue setting mode if $category is true if ($category) { $mode = isset($_GET['mode']) && $category ? ( array_key_exists($_GET['mode'], $pages[$category]['modes']) ? $_GET['mode'] : false ) : array_keys($pages[$category]['modes'])[0]; } // Not found if (!$category || empty($category) || !$mode || empty($mode) || !$pages[$category]['modes'][$mode]['access']) { header('HTTP/1.0 404 Not Found'); // Set parse variables Template::vars($renderData); // Print page contents echo Template::render('global/notfound'); exit; } // Set templates directory $renderData['templates'] = 'settings'; // Render data $renderData['current'] = $category . '.' . $mode; // Settings pages $renderData['pages'] = $pages; // Page data $renderData['page'] = [ 'category' => $pages[$category]['title'], 'mode' => $pages[$category]['modes'][$mode]['title'], 'description' => $pages[$category]['modes'][$mode]['description'], ]; // Section specific switch ($category . '.' . $mode) { // Profile case 'general.profile': $renderData['profile'] = [ 'fields' => Users::getProfileFields(), 'months' => [ 1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December', ], ]; break; // Options case 'general.options': $renderData['options'] = [ 'fields' => Users::getOptionFields(), ]; break; // PM inbox case 'messages.inbox': $renderData['messages'] = []; break; // Avatar and background sizes case 'appearance.avatar': case 'appearance.background': case 'appearance.header': $renderData[$mode] = [ 'max_width' => Config::get($mode . '_max_width'), 'max_height' => Config::get($mode . '_max_height'), 'min_width' => Config::get($mode . '_min_width'), 'min_height' => Config::get($mode . '_min_height'), 'max_size' => Config::get($mode . '_max_fsize'), 'max_size_view' => Utils::getByteSymbol(Config::get($mode . '_max_fsize')), ]; break; // Sessions case 'advanced.sessions': $sessions = DB::table('sessions') ->where('user_id', $currentUser->id) ->get(); $renderData['sessions'] = $sessions; break; } // Set parse variables Template::vars($renderData); // Print page contents echo Template::render('meta/settings'); } else { // If not allowed print the restricted page Template::vars($renderData); // Print page contents echo Template::render('global/restricted'); }