misuzu/public/relations.php

<?php
namespace Misuzu;

use Misuzu\Config;
use Misuzu\Users\User;
use Misuzu\Users\UserNotFoundException;
use Misuzu\Users\UserRelation;

require_once '../misuzu.php';

// basing whether or not this is an xhr request on whether a referrer header is present
// this page is never directy accessed, under normal circumstances
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
$isXHR = !$redirect;

if($isXHR) {
    header('Content-Type: application/json; charset=utf-8');
} elseif(!is_local_url($redirect)) {
    echo render_info('Possible request forgery detected.', 403);
    return;
}

if(!CSRF::validateRequest()) {
    echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403);
    return;
}

header(CSRF::header());

$currentUser = User::getCurrent();

if($currentUser === null) {
    echo render_info_or_json($isXHR, 'You must be logged in to manage relations.', 401);
    return;
}

if(user_warning_check_expiration($currentUser->getId(), MSZ_WARN_BAN) > 0) {
    echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403);
    return;
}

$subjectId = !empty($_GET['u']) && is_string($_GET['u']) ? (int)$_GET['u'] : 0;
$relationType = isset($_GET['m']) && is_string($_GET['m']) ? (int)$_GET['m'] : -1;

if($relationType < 0) {
    echo render_info_or_json($isXHR, 'Invalid relation type.', 400);
    return;
}

$relationType = $relationType > 0 ? UserRelation::TYPE_FOLLOW : UserRelation::TYPE_NONE;

try {
    $subjectInfo = User::byId($subjectId);
} catch(UserNotFoundException $ex) {
    echo render_info_or_json($isXHR, "That user doesn't exist.", 400);
    return;
}

if($relationType > 0)
    $subjectInfo->addFollower($currentUser);
else
    $subjectInfo->removeRelation($currentUser);

if(in_array($subjectInfo->getId(), Config::get('relations.replicate', Config::TYPE_ARR))) {
    if($relationType > 0)
        $currentUser->addFollower($subjectInfo);
    else
        $currentUser->removeRelation($subjectInfo);
}

if(!$isXHR) {
    redirect($redirect);
    return;
}

echo json_encode([
    'user_id' => $currentUser->getId(),
    'subject_id' => $subjectInfo->getId(),
    'relation_type' => $relationType,
]);
Added basic friends system. 2018-09-19 00:16:29 +02:00			`<?php`
Added namespaces to all files in public. 2019-09-29 00:43:51 +02:00			`namespace Misuzu;`

Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`use Misuzu\Config;`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`use Misuzu\Users\User;`
Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`use Misuzu\Users\UserNotFoundException;`
			`use Misuzu\Users\UserRelation;`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 22:30:55 +02:00			`require_once '../misuzu.php';`
Added basic friends system. 2018-09-19 00:16:29 +02:00
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`// basing whether or not this is an xhr request on whether a referrer header is present`
			`// this page is never directy accessed, under normal circumstances`
			`$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';`
			`$isXHR = !$redirect;`

Code style updates. 2019-06-10 19:04:53 +02:00			`if($isXHR) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`header('Content-Type: application/json; charset=utf-8');`
Code style updates. 2019-06-10 19:04:53 +02:00			`} elseif(!is_local_url($redirect)) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo render_info('Possible request forgery detected.', 403);`
Added basic friends system. 2018-09-19 00:16:29 +02:00			`return;`
			`}`

CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`if(!CSRF::validateRequest()) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403);`
			`return;`
			`}`

CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`header(CSRF::header());`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`$currentUser = User::getCurrent();`

			`if($currentUser === null) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo render_info_or_json($isXHR, 'You must be logged in to manage relations.', 401);`
Finished implementation of warning and banning system, closes #87. 2018-12-28 06:03:42 +01:00			`return;`
			`}`

Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`if(user_warning_check_expiration($currentUser->getId(), MSZ_WARN_BAN) > 0) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403);`
Added basic friends system. 2018-09-19 00:16:29 +02:00			`return;`
			`}`

Stricter checking on GET variables. 2019-03-18 23:02:30 +01:00			`$subjectId = !empty($_GET['u']) && is_string($_GET['u']) ? (int)$_GET['u'] : 0;`
Fixed unfollowing, closes #172. 2019-04-03 19:48:55 +02:00			`$relationType = isset($_GET['m']) && is_string($_GET['m']) ? (int)$_GET['m'] : -1;`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00
Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`if($relationType < 0) {`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo render_info_or_json($isXHR, 'Invalid relation type.', 400);`
			`return;`
			`}`

Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`$relationType = $relationType > 0 ? UserRelation::TYPE_FOLLOW : UserRelation::TYPE_NONE;`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00
Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`try {`
			`$subjectInfo = User::byId($subjectId);`
			`} catch(UserNotFoundException $ex) {`
			`echo render_info_or_json($isXHR, "That user doesn't exist.", 400);`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`return;`
			`}`

Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`if($relationType > 0)`
			`$subjectInfo->addFollower($currentUser);`
			`else`
			`$subjectInfo->removeRelation($currentUser);`
Fixed unfollowing, closes #172. 2019-04-03 19:48:55 +02:00
Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`if(in_array($subjectInfo->getId(), Config::get('relations.replicate', Config::TYPE_ARR))) {`
			`if($relationType > 0)`
			`$currentUser->addFollower($subjectInfo);`
			`else`
			`$currentUser->removeRelation($subjectInfo);`
Fixed unfollowing, closes #172. 2019-04-03 19:48:55 +02:00			`}`

Code style updates. 2019-06-10 19:04:53 +02:00			`if(!$isXHR) {`
Split the changelog manage section up into multiple files. 2019-06-08 23:46:24 +02:00			`redirect($redirect);`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`return;`
			`}`
Added basic friends system. 2018-09-19 00:16:29 +02:00
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`echo json_encode([`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`'user_id' => $currentUser->getId(),`
Made user relation code OOP. 2020-05-29 19:07:18 +00:00			`'subject_id' => $subjectInfo->getId(),`
Send relation actions through AJAX, closes #93. 2018-12-30 23:07:32 +01:00			`'relation_type' => $relationType,`
			`]);`