2018-03-14 01:39:02 +00:00
|
|
|
<?php
|
2018-09-27 22:27:30 +00:00
|
|
|
$mode = (string)($_GET['m'] ?? null);
|
|
|
|
|
$misuzuBypassLockdown = $mode === 'avatar';
|
|
|
|
|
|
2018-10-04 20:30:55 +00:00
|
|
|
require_once '../misuzu.php';
|
2018-03-14 01:39:02 +00:00
|
|
|
|
2018-03-24 04:31:42 +00:00
|
|
|
switch ($mode) {
|
|
|
|
|
case 'avatar':
|
2018-10-27 01:20:27 +00:00
|
|
|
$userId = (int)($_GET['u'] ?? 0);
|
2018-10-04 20:30:55 +00:00
|
|
|
$avatar_filename = build_path(
|
|
|
|
|
MSZ_ROOT,
|
|
|
|
|
config_get_default('public/images/no-avatar.png', 'Avatar', 'default_path')
|
|
|
|
|
);
|
2018-09-23 19:12:40 +00:00
|
|
|
$user_avatar = "{$userId}.msz";
|
2018-09-16 00:21:13 +00:00
|
|
|
$cropped_avatar = build_path(
|
2018-10-05 09:14:54 +00:00
|
|
|
create_directory(build_path(MSZ_STORAGE, 'avatars/200x200')),
|
2018-09-16 00:21:13 +00:00
|
|
|
$user_avatar
|
|
|
|
|
);
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-09-16 00:21:13 +00:00
|
|
|
if (is_file($cropped_avatar)) {
|
2018-05-16 02:58:21 +00:00
|
|
|
$avatar_filename = $cropped_avatar;
|
|
|
|
|
} else {
|
2018-10-05 09:14:54 +00:00
|
|
|
$original_avatar = build_path(MSZ_STORAGE, 'avatars/original', $user_avatar);
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-09-16 00:21:13 +00:00
|
|
|
if (is_file($original_avatar)) {
|
2018-05-16 02:58:21 +00:00
|
|
|
try {
|
2018-09-16 00:21:13 +00:00
|
|
|
file_put_contents(
|
2018-05-16 02:58:21 +00:00
|
|
|
$cropped_avatar,
|
2018-09-16 00:21:13 +00:00
|
|
|
crop_image_centred_path($original_avatar, 200, 200)->getImagesBlob(),
|
|
|
|
|
LOCK_EX
|
2018-05-16 02:58:21 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$avatar_filename = $cropped_avatar;
|
|
|
|
|
} catch (Exception $ex) {
|
2018-03-24 04:31:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
header('Content-Type: ' . mime_content_type($avatar_filename));
|
2018-09-16 00:21:13 +00:00
|
|
|
echo file_get_contents($avatar_filename);
|
2018-03-24 04:31:42 +00:00
|
|
|
break;
|
|
|
|
|
|
2018-09-16 01:37:32 +00:00
|
|
|
case 'background':
|
2018-10-27 01:20:27 +00:00
|
|
|
$userId = (int)($_GET['u'] ?? 0);
|
2018-09-16 01:37:32 +00:00
|
|
|
$user_background = build_path(
|
2018-10-05 09:14:54 +00:00
|
|
|
create_directory(build_path(MSZ_STORAGE, 'backgrounds/original')),
|
2018-09-23 19:12:40 +00:00
|
|
|
"{$userId}.msz"
|
2018-09-16 01:37:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!is_file($user_background)) {
|
|
|
|
|
echo render_error(404);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
header('Content-Type: ' . mime_content_type($user_background));
|
|
|
|
|
echo file_get_contents($user_background);
|
|
|
|
|
break;
|
|
|
|
|
|
2018-03-24 04:31:42 +00:00
|
|
|
default:
|
2018-10-27 01:20:27 +00:00
|
|
|
$getUserId = db_prepare('
|
2018-05-16 02:58:21 +00:00
|
|
|
SELECT
|
2018-10-27 01:20:27 +00:00
|
|
|
:user_id as `input_id`,
|
2018-08-12 13:35:50 +00:00
|
|
|
(
|
2018-10-27 01:20:27 +00:00
|
|
|
SELECT `user_id`
|
|
|
|
|
FROM `msz_users`
|
|
|
|
|
WHERE `user_id` = `input_id`
|
|
|
|
|
OR LOWER(`username`) = LOWER(`input_id`)
|
|
|
|
|
LIMIT 1
|
|
|
|
|
) as `user_id`
|
2018-05-16 02:58:21 +00:00
|
|
|
');
|
2018-10-27 01:20:27 +00:00
|
|
|
$getUserId->bindValue('user_id', $_GET['u'] ?? 0);
|
|
|
|
|
$userId = $getUserId->execute() ? ($getUserId->fetch(PDO::FETCH_ASSOC)['user_id'] ?? 0) : 0;
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-10-27 01:20:27 +00:00
|
|
|
if ($userId < 1) {
|
2018-03-24 04:31:42 +00:00
|
|
|
http_response_code(404);
|
2018-08-15 01:12:58 +00:00
|
|
|
echo tpl_render('user.notfound');
|
2018-03-24 04:31:42 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-27 21:39:36 +00:00
|
|
|
$viewingOwnProfile = user_session_current('user_id', 0) === $userId;
|
2018-10-02 22:34:05 +00:00
|
|
|
$userPerms = perms_get_user(MSZ_PERMS_USER, user_session_current('user_id', 0));
|
2018-10-27 01:20:27 +00:00
|
|
|
$canEdit = user_session_active() && (
|
2018-10-27 21:39:36 +00:00
|
|
|
$viewingOwnProfile || perms_check($userPerms, MSZ_PERM_USER_MANAGE_USERS)
|
2018-10-27 01:20:27 +00:00
|
|
|
);
|
|
|
|
|
$isEditing = $mode === 'edit';
|
|
|
|
|
|
|
|
|
|
if (!$canEdit && $isEditing) {
|
|
|
|
|
echo render_error(403);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$notices = [];
|
|
|
|
|
|
|
|
|
|
if ($isEditing) {
|
|
|
|
|
$perms = [
|
|
|
|
|
'edit_profile' => perms_check($userPerms, MSZ_PERM_USER_EDIT_PROFILE),
|
|
|
|
|
'edit_avatar' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_AVATAR),
|
|
|
|
|
'edit_background' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_BACKGROUND),
|
|
|
|
|
'edit_about' => perms_check($userPerms, MSZ_PERM_USER_EDIT_ABOUT),
|
|
|
|
|
];
|
2018-09-18 22:16:29 +00:00
|
|
|
|
2018-09-23 19:12:40 +00:00
|
|
|
tpl_vars([
|
2018-10-27 01:20:27 +00:00
|
|
|
'perms' => $perms,
|
|
|
|
|
'guidelines' => [
|
|
|
|
|
'avatar' => $avatarProps = user_avatar_default_options(),
|
|
|
|
|
'background' => $backgroundProps = user_background_default_options(),
|
|
|
|
|
],
|
|
|
|
|
'background_attachments' => MSZ_USER_BACKGROUND_ATTACHMENTS_NAMES,
|
2018-09-23 19:12:40 +00:00
|
|
|
]);
|
2018-09-27 06:39:49 +00:00
|
|
|
|
2018-10-27 01:20:27 +00:00
|
|
|
if (!empty($_POST)) {
|
|
|
|
|
if (!csrf_verify('profile', $_POST['csrf'] ?? '')) {
|
|
|
|
|
$notices[] = MSZ_TMP_USER_ERROR_STRINGS['csrf'];
|
|
|
|
|
} else {
|
|
|
|
|
if (!empty($_POST['profile']) && is_array($_POST['profile'])) {
|
|
|
|
|
if (!$perms['edit_profile']) {
|
|
|
|
|
$notices[] = MSZ_TMP_USER_ERROR_STRINGS['profile']['not-allowed'];
|
|
|
|
|
} else {
|
|
|
|
|
$setUserFieldErrors = user_profile_fields_set($userId, $_POST['profile']);
|
|
|
|
|
|
|
|
|
|
if (count($setUserFieldErrors) > 0) {
|
|
|
|
|
foreach ($setUserFieldErrors as $name => $error) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['profile'][$error] ?? MSZ_TMP_USER_ERROR_STRINGS['profile']['_'],
|
|
|
|
|
$name,
|
|
|
|
|
user_profile_field_get_display_name($name)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($_POST['about']) && is_array($_POST['about'])) {
|
|
|
|
|
if (!$perms['edit_about']) {
|
|
|
|
|
$notices[] = MSZ_TMP_USER_ERROR_STRINGS['about']['not-allowed'];
|
|
|
|
|
} else {
|
|
|
|
|
$setAboutError = user_set_about_page(
|
|
|
|
|
$userId,
|
|
|
|
|
$_POST['about']['text'] ?? '',
|
|
|
|
|
(int)($_POST['about']['parser'] ?? MSZ_PARSER_PLAIN)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($setAboutError !== MSZ_USER_ABOUT_OK) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['about'][$setAboutError] ?? MSZ_TMP_USER_ERROR_STRINGS['about']['_'],
|
|
|
|
|
MSZ_USER_ABOUT_MAX_LENGTH
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($_FILES['avatar'])) {
|
|
|
|
|
if (!empty($_POST['avatar']['delete'])) {
|
|
|
|
|
user_avatar_delete($userId);
|
|
|
|
|
} else {
|
|
|
|
|
if (!$perms['edit_avatar']) {
|
|
|
|
|
$notices[] = MSZ_TMP_USER_ERROR_STRINGS['avatar']['not-allowed'];
|
|
|
|
|
} elseif (!empty($_FILES['avatar'])
|
|
|
|
|
&& is_array($_FILES['avatar'])
|
|
|
|
|
&& !empty($_FILES['avatar']['name']['file'])) {
|
|
|
|
|
if ($_FILES['avatar']['error']['file'] !== UPLOAD_ERR_OK) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload'][$_FILES['avatar']['error']['file']]
|
|
|
|
|
?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload']['_'],
|
|
|
|
|
$_FILES['avatar']['error']['file'],
|
|
|
|
|
byte_symbol($avatarProps['max_size'], true),
|
|
|
|
|
$avatarProps['max_width'],
|
|
|
|
|
$avatarProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$setAvatar = user_avatar_set_from_path(
|
|
|
|
|
$userId,
|
|
|
|
|
$_FILES['avatar']['tmp_name']['file'],
|
|
|
|
|
$avatarProps
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($setAvatar !== MSZ_USER_AVATAR_NO_ERRORS) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['avatar']['set'][$setAvatar]
|
|
|
|
|
?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['set']['_'],
|
|
|
|
|
$setAvatar,
|
|
|
|
|
byte_symbol($avatarProps['max_size'], true),
|
|
|
|
|
$avatarProps['max_width'],
|
|
|
|
|
$avatarProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($_FILES['background'])) {
|
2018-10-27 21:38:01 +00:00
|
|
|
if ((int)($_POST['background']['attach'] ?? -1) === 0) {
|
2018-10-27 01:20:27 +00:00
|
|
|
user_background_delete($userId);
|
|
|
|
|
user_background_set_settings($userId, MSZ_USER_BACKGROUND_ATTACHMENT_NONE);
|
|
|
|
|
} else {
|
2018-10-27 21:38:01 +00:00
|
|
|
if (!$perms['edit_background']) {
|
2018-10-27 01:20:27 +00:00
|
|
|
$notices[] = MSZ_TMP_USER_ERROR_STRINGS['background']['not-allowed'];
|
|
|
|
|
} elseif (!empty($_FILES['background'])
|
|
|
|
|
&& is_array($_FILES['background'])) {
|
|
|
|
|
if (!empty($_FILES['background']['name']['file'])) {
|
|
|
|
|
if ($_FILES['background']['error']['file'] !== UPLOAD_ERR_OK) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['background']['upload'][$_FILES['background']['error']['file']]
|
|
|
|
|
?? MSZ_TMP_USER_ERROR_STRINGS['background']['upload']['_'],
|
|
|
|
|
$_FILES['background']['error']['file'],
|
|
|
|
|
byte_symbol($backgroundProps['max_size'], true),
|
|
|
|
|
$backgroundProps['max_width'],
|
|
|
|
|
$backgroundProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$setBackground = user_background_set_from_path(
|
|
|
|
|
$userId,
|
|
|
|
|
$_FILES['background']['tmp_name']['file'],
|
|
|
|
|
$backgroundProps
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($setBackground !== MSZ_USER_BACKGROUND_NO_ERRORS) {
|
|
|
|
|
$notices[] = sprintf(
|
|
|
|
|
MSZ_TMP_USER_ERROR_STRINGS['background']['set'][$setBackground]
|
|
|
|
|
?? MSZ_TMP_USER_ERROR_STRINGS['background']['set']['_'],
|
|
|
|
|
$setBackground,
|
|
|
|
|
byte_symbol($backgroundProps['max_size'], true),
|
|
|
|
|
$backgroundProps['max_width'],
|
|
|
|
|
$backgroundProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-27 21:38:01 +00:00
|
|
|
$backgroundSettings = in_array($_POST['background']['attach'] ?? '', MSZ_USER_BACKGROUND_ATTACHMENTS)
|
|
|
|
|
? (int)($_POST['background']['attach'])
|
2018-10-27 01:20:27 +00:00
|
|
|
: MSZ_USER_BACKGROUND_ATTACHMENTS[0];
|
|
|
|
|
|
|
|
|
|
if (!empty($_POST['background']['attr']['blend'])) {
|
|
|
|
|
$backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_BLEND;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($_POST['background']['attr']['slide'])) {
|
|
|
|
|
$backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_SLIDE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user_background_set_settings($userId, $backgroundSettings);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If there are no notices, redirect to regular profile.
|
|
|
|
|
if (empty($notices)) {
|
|
|
|
|
header("Location: /profile.php?u={$userId}");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-09-27 06:39:49 +00:00
|
|
|
}
|
2018-10-27 21:39:36 +00:00
|
|
|
} elseif ($viewingOwnProfile) {
|
2018-10-27 01:20:27 +00:00
|
|
|
$notices[] = 'The profile pages are still under much construction, more things will eventually populate the area where this container current exists.';
|
2018-09-18 22:16:29 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-27 01:20:27 +00:00
|
|
|
$getProfile = db_prepare(
|
|
|
|
|
sprintf(
|
|
|
|
|
'
|
|
|
|
|
SELECT
|
|
|
|
|
u.`user_id`, u.`username`, u.`user_country`,
|
|
|
|
|
u.`created_at`, u.`last_seen`,
|
2018-10-27 18:50:34 +00:00
|
|
|
u.`user_about_parser`, u.`user_about_content`, u.`user_background_settings`,
|
2018-10-27 01:20:27 +00:00
|
|
|
%1$s,
|
|
|
|
|
COALESCE(u.`user_title`, r.`role_title`) as `user_title`,
|
|
|
|
|
COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`,
|
|
|
|
|
`user_background_settings` & 0x0F as `user_background_attachment`,
|
|
|
|
|
(`user_background_settings` & %2$d) > 0 as `user_background_blend`,
|
|
|
|
|
(`user_background_settings` & %3$d) > 0 as `user_background_slide`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`topic_id`)
|
|
|
|
|
FROM `msz_forum_topics`
|
|
|
|
|
WHERE `user_id` = u.`user_id`
|
|
|
|
|
) as `forum_topic_count`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`post_id`)
|
|
|
|
|
FROM `msz_forum_posts`
|
|
|
|
|
WHERE `user_id` = u.`user_id`
|
|
|
|
|
) as `forum_post_count`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`change_id`)
|
|
|
|
|
FROM `msz_changelog_changes`
|
|
|
|
|
WHERE `user_id` = u.`user_id`
|
|
|
|
|
) as `changelog_count`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`comment_id`)
|
|
|
|
|
FROM `msz_comments_posts`
|
|
|
|
|
WHERE `user_id` = u.`user_id`
|
|
|
|
|
) as `comments_count`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON r.`role_id` = u.`display_role`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
LIMIT 1
|
|
|
|
|
',
|
|
|
|
|
pdo_prepare_array(user_profile_fields_get(), true, 'u.`user_%s`'),
|
|
|
|
|
MSZ_USER_BACKGROUND_ATTRIBUTE_BLEND,
|
|
|
|
|
MSZ_USER_BACKGROUND_ATTRIBUTE_SLIDE
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
$getProfile->bindValue('user_id', $userId);
|
|
|
|
|
$profile = $getProfile->execute() ? $getProfile->fetch(PDO::FETCH_ASSOC) : [];
|
2018-09-27 22:03:43 +00:00
|
|
|
|
2018-10-27 18:50:34 +00:00
|
|
|
$backgroundPath = build_path(MSZ_STORAGE, 'backgrounds/original', "{$profile['user_id']}.msz");
|
|
|
|
|
|
|
|
|
|
if (is_file($backgroundPath)) {
|
|
|
|
|
$backgroundInfo = getimagesize($backgroundPath);
|
|
|
|
|
|
|
|
|
|
if ($backgroundInfo) {
|
|
|
|
|
tpl_var('site_background', [
|
|
|
|
|
'url' => "/profile.php?m=background&u={$userId}",
|
|
|
|
|
'width' => $backgroundInfo[0],
|
|
|
|
|
'height' => $backgroundInfo[1],
|
|
|
|
|
'settings' => $profile['user_background_settings'],
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-27 01:20:27 +00:00
|
|
|
echo tpl_render('user.profile', [
|
2018-09-16 01:37:32 +00:00
|
|
|
'profile' => $profile,
|
2018-10-27 01:20:27 +00:00
|
|
|
'profile_notices' => $notices,
|
|
|
|
|
'can_edit' => $canEdit,
|
2018-09-27 22:03:43 +00:00
|
|
|
'is_editing' => $isEditing,
|
2018-10-02 22:34:05 +00:00
|
|
|
'profile_fields' => user_session_active() ? user_profile_fields_display($profile, !$isEditing) : [],
|
2018-10-27 01:20:27 +00:00
|
|
|
'friend_info' => user_session_active() ? user_relation_info(user_session_current('user_id', 0), $profile['user_id']) : [],
|
2018-09-16 01:37:32 +00:00
|
|
|
]);
|
2018-03-24 04:31:42 +00:00
|
|
|
break;
|
|
|
|
|
}
|
