misuzu/misuzu.php

<?php
namespace Misuzu;

use PDO;
use Misuzu\Net\GeoIP;
use Misuzu\Net\IPAddress;
use Misuzu\Users\User;
use Misuzu\Users\UserNotFoundException;
use Misuzu\Users\UserSession;
use Misuzu\Users\UserSessionNotFoundException;

define('MSZ_STARTUP', microtime(true));
define('MSZ_ROOT', __DIR__);
define('MSZ_CLI', PHP_SAPI === 'cli');
define('MSZ_DEBUG', is_file(MSZ_ROOT . '/.debug'));
define('MSZ_PHP_MIN_VER', '7.4.0');

if(version_compare(PHP_VERSION, MSZ_PHP_MIN_VER, '<'))
    die("Misuzu requires <i>at least</i> PHP <b>" . MSZ_PHP_MIN_VER . "</b> to run.\r\n");
if(!extension_loaded('curl') || !extension_loaded('intl') || !extension_loaded('json')
    || !extension_loaded('mbstring') || !extension_loaded('pdo') || !extension_loaded('readline')
    || !extension_loaded('xml') || !extension_loaded('zip'))
    die("An extension required by Misuzu hasn't been installed.\r\n");

error_reporting(MSZ_DEBUG ? -1 : 0);
ini_set('display_errors', MSZ_DEBUG ? 'On' : 'Off');

mb_internal_encoding('utf-8');
date_default_timezone_set('utc');
set_include_path(get_include_path() . PATH_SEPARATOR . MSZ_ROOT);

set_exception_handler(function(\Throwable $ex) {
    if(MSZ_CLI) {
        echo (string)$ex;
    } else {
        http_response_code(500);
        ob_clean();

        if(MSZ_DEBUG) {
            header('Content-Type: text/plain; charset=utf-8');
            echo (string)$ex;
        } else {
            header('Content-Type: text/html; charset-utf-8');
            echo file_get_contents(MSZ_ROOT . '/templates/500.html');
        }
    }
    exit;
});

set_error_handler(function(int $errno, string $errstr, string $errfile, int $errline) {
    throw new \ErrorException($errstr, 0, $errno, $errfile, $errline);
    return true;
}, -1);

require_once 'vendor/autoload.php';

spl_autoload_register(function(string $className) {
    $parts = explode('\\', trim($className, '\\'), 2);
    if($parts[0] !== 'Misuzu')
        return;

    $classPath = MSZ_ROOT . '/src/' . str_replace('\\', '/', $parts[1]) . '.php';
    if(is_file($classPath))
        require_once $classPath;
});

class_alias(\Misuzu\Http\HttpResponseMessage::class, '\HttpResponse');
class_alias(\Misuzu\Http\HttpRequestMessage::class,  '\HttpRequest');

require_once 'utility.php';
require_once 'src/perms.php';
require_once 'src/manage.php';
require_once 'src/url.php';
require_once 'src/Forum/perms.php';
require_once 'src/Forum/forum.php';
require_once 'src/Forum/leaderboard.php';
require_once 'src/Forum/poll.php';
require_once 'src/Forum/post.php';
require_once 'src/Forum/topic.php';
require_once 'src/Forum/validate.php';
require_once 'src/Users/avatar.php';
require_once 'src/Users/background.php';
require_once 'src/Users/role.php';
require_once 'src/Users/user_legacy.php';
require_once 'src/Users/warning.php';

$dbConfig = parse_ini_file(MSZ_ROOT . '/config/config.ini', true, INI_SCANNER_TYPED);

if(empty($dbConfig)) {
    echo 'Database config is missing.';
    exit;
}

$dbConfig = $dbConfig['Database'] ?? $dbConfig['Database.mysql-main'] ?? [];

DB::init(DB::buildDSN($dbConfig), $dbConfig['username'] ?? '', $dbConfig['password'] ?? '', DB::ATTRS);

Config::init();
Mailer::init(Config::get('mail.method', Config::TYPE_STR), [
    'host'        => Config::get('mail.host',           Config::TYPE_STR),
    'port'        => Config::get('mail.port',           Config::TYPE_INT, 25),
    'username'    => Config::get('mail.username',       Config::TYPE_STR),
    'password'    => Config::get('mail.password',       Config::TYPE_STR),
    'encryption'  => Config::get('mail.encryption',     Config::TYPE_STR),
    'sender_name' => Config::get('mail.sender.name',    Config::TYPE_STR),
    'sender_addr' => Config::get('mail.sender.address', Config::TYPE_STR),
]);

// replace this with a better storage mechanism
define('MSZ_STORAGE', Config::get('storage.path', Config::TYPE_STR, MSZ_ROOT . '/store'));
mkdirs(MSZ_STORAGE, true);

if(MSZ_CLI) { // Temporary backwards compatibility measure, remove this later
    if(realpath($_SERVER['SCRIPT_FILENAME']) === __FILE__) {
        if(($argv[1] ?? '') === 'cron' && ($argv[2] ?? '') === 'low')
            $argv[2] = '--slow';
        array_shift($argv);
        echo shell_exec(__DIR__ . '/msz ' . implode(' ', $argv));
    }
    return;
}

// Everything below here should eventually be moved to index.php, probably only initialised when required.
// Serving things like the css/js doesn't need to initialise sessions.

if(!mb_check_encoding()) {
    http_response_code(415);
    echo 'Invalid request encoding.';
    exit;
}

ob_start();

if(file_exists(MSZ_ROOT . '/.migrating')) {
    http_response_code(503);
    if(!isset($_GET['_check'])) {
        header('Content-Type: text/html; charset-utf-8');
        echo file_get_contents(MSZ_ROOT . '/templates/503.html');
    }
    exit;
}

if(!is_readable(MSZ_STORAGE) || !is_writable(MSZ_STORAGE)) {
    echo 'Cannot access storage directory.';
    exit;
}

GeoIP::init(Config::get('geoip.database', Config::TYPE_STR, '/var/lib/GeoIP/GeoLite2-Country.mmdb'));

if(!MSZ_DEBUG) {
    $twigCache = sys_get_temp_dir() . '/msz-tpl-cache-' . md5(MSZ_ROOT);
    mkdirs($twigCache, true);
}

Template::init($twigCache ?? null, MSZ_DEBUG);

Template::set('globals', [
    'site_name' => Config::get('site.name', Config::TYPE_STR, 'Misuzu'),
    'site_description' => Config::get('site.desc', Config::TYPE_STR),
    'site_url' => Config::get('site.url', Config::TYPE_STR),
    'site_twitter' => Config::get('social.twitter', Config::TYPE_STR),
]);

Template::addPath(MSZ_ROOT . '/templates');

if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {
    $authToken = (new AuthToken)
        ->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? 0)
        ->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid', FILTER_SANITIZE_STRING) ?? '');

    if($authToken->isValid())
        setcookie('msz_auth', $authToken->pack(), strtotime('1 year'), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);

    setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
    setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
}

if(!isset($authToken))
    $authToken = AuthToken::unpack(filter_input(INPUT_COOKIE, 'msz_auth', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) ?? '');

if($authToken->isValid()) {
    try {
        $sessionInfo = $authToken->getSession();
        if($sessionInfo->hasExpired()) {
            $sessionInfo->delete();
        } elseif($sessionInfo->getUserId() === $authToken->getUserId()) {
            $userInfo = $sessionInfo->getUser();
            if(!$userInfo->isDeleted()) {
                $sessionInfo->setCurrent();
                $userInfo->setCurrent();

                $sessionInfo->bump();

                if($sessionInfo->shouldBumpExpire())
                    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
            }
        }
    } catch(UserNotFoundException $ex) {
        UserSession::unsetCurrent();
        User::unsetCurrent();
    } catch(UserSessionNotFoundException $ex) {
        UserSession::unsetCurrent();
        User::unsetCurrent();
    }

    if(!UserSession::hasCurrent()) {
        setcookie('msz_auth', '', -9001, '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
        setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
    } else {
        $userDisplayInfo = DB::prepare('
            SELECT
                u.`user_id`, u.`username`, u.`user_background_settings`, u.`user_deleted`,
                COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`
            FROM `msz_users` AS u
            LEFT JOIN `msz_roles` AS r
            ON u.`display_role` = r.`role_id`
            WHERE `user_id` = :user_id
        ')  ->bind('user_id', $userInfo->getId())
            ->fetch();

        user_bump_last_active($userInfo->getId());

        $userDisplayInfo['perms'] = perms_get_user($userInfo->getId());
        $userDisplayInfo['ban_expiration'] = user_warning_check_expiration($userInfo->getId(), MSZ_WARN_BAN);
        $userDisplayInfo['silence_expiration'] = $userDisplayInfo['ban_expiration'] > 0 ? 0 : user_warning_check_expiration($userInfo->getId(), MSZ_WARN_SILENCE);
    }
}

CSRF::setGlobalSecretKey(Config::get('csrf.secret', Config::TYPE_STR, 'soup'));
CSRF::setGlobalIdentity(UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : IPAddress::remote());

if(Config::get('private.enabled', Config::TYPE_BOOL)) {
    $onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
    $onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');
    $misuzuBypassLockdown = !empty($misuzuBypassLockdown) || $onLoginPage;

    if(!$misuzuBypassLockdown) {
        if(UserSession::hasCurrent()) {
            $privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);
            $privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);

            if(!empty($privatePermCat) && $privatePermVal > 0) {
                if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {
                    // au revoir
                    unset($userDisplayInfo);
                    UserSession::unsetCurrent();
                    User::unsetCurrent();
                }
            }
        } elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {
            url_redirect('auth-login');
            exit;
        }
    }
}

if(!empty($userDisplayInfo)) // delete this
    Template::set('current_user', $userDisplayInfo);

$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
$hasManageAccess = User::hasCurrent()
    && !user_warning_check_restriction(User::getCurrent()->getId())
    && perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE);
Template::set('has_manage_access', $hasManageAccess);

if($inManageMode) {
    if(!$hasManageAccess) {
        echo render_error(403);
        exit;
    }

    Template::set('manage_menu', manage_get_menu(User::getCurrent()->getId()));
}
Type signatures + porting Zalgo from Ayase 2017-12-16 19:17:29 +00:00			`<?php`
			`namespace Misuzu;`

Rewrote database stuff. 2019-09-28 22:38:39 +00:00			`use PDO;`
Massive overhauls. 2019-12-12 00:42:28 +00:00			`use Misuzu\Net\GeoIP;`
			`use Misuzu\Net\IPAddress;`
Added sanity to changelog code. 2020-05-20 18:09:38 +00:00			`use Misuzu\Users\User;`
			`use Misuzu\Users\UserNotFoundException;`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`use Misuzu\Users\UserSession;`
			`use Misuzu\Users\UserSessionNotFoundException;`
Rewrote database stuff. 2019-09-28 22:38:39 +00:00
dropkicked phpunit out, no longer expose Application to Twig and also defines. 2018-09-16 19:45:40 +00:00			`define('MSZ_STARTUP', microtime(true));`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`define('MSZ_ROOT', __DIR__);`
// I FORGOT TO COMMIT THE FILES AHAHAHAHA 2019-12-06 01:04:10 +00:00			`define('MSZ_CLI', PHP_SAPI === 'cli');`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`define('MSZ_DEBUG', is_file(MSZ_ROOT . '/.debug'));`
Made config functions into a static class. 2019-12-03 18:52:20 +00:00			`define('MSZ_PHP_MIN_VER', '7.4.0');`
Rewrote forum permission backend (removed all WITH RECURSIVE statements). 2019-04-30 20:55:12 +00:00
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`if(version_compare(PHP_VERSION, MSZ_PHP_MIN_VER, '<'))`
			`die("Misuzu requires <i>at least</i> PHP <b>" . MSZ_PHP_MIN_VER . "</b> to run.\r\n");`
			`if(!extension_loaded('curl') \|\| !extension_loaded('intl') \|\| !extension_loaded('json')`
			`\|\| !extension_loaded('mbstring') \|\| !extension_loaded('pdo') \|\| !extension_loaded('readline')`
			`\|\| !extension_loaded('xml') \|\| !extension_loaded('zip'))`
			`die("An extension required by Misuzu hasn't been installed.\r\n");`
dropkicked phpunit out, no longer expose Application to Twig and also defines. 2018-09-16 19:45:40 +00:00
Use custom Whoops handler for error reporting. 2018-09-16 21:03:56 +00:00			`error_reporting(MSZ_DEBUG ? -1 : 0);`
			`ini_set('display_errors', MSZ_DEBUG ? 'On' : 'Off');`

Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`mb_internal_encoding('utf-8');`
			`date_default_timezone_set('utc');`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`set_include_path(get_include_path() . PATH_SEPARATOR . MSZ_ROOT);`
member listing 2018-05-27 23:24:16 +00:00
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`set_exception_handler(function(\Throwable $ex) {`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(MSZ_CLI) {`
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`echo (string)$ex;`
			`} else {`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`http_response_code(500);`
			`ob_clean();`

			`if(MSZ_DEBUG) {`
			`header('Content-Type: text/plain; charset=utf-8');`
			`echo (string)$ex;`
			`} else {`
			`header('Content-Type: text/html; charset-utf-8');`
			`echo file_get_contents(MSZ_ROOT . '/templates/500.html');`
			`}`
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`}`
			`exit;`
			`});`

			`set_error_handler(function(int $errno, string $errstr, string $errfile, int $errline) {`
			`throw new \ErrorException($errstr, 0, $errno, $errfile, $errline);`
			`return true;`
			`}, -1);`

Add root folder to include path and move utility functions around. 2018-09-28 08:56:51 +00:00			`require_once 'vendor/autoload.php';`
Checkpoint! Perms work on the index. 2018-08-23 18:13:37 +00:00
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`spl_autoload_register(function(string $className) {`
			`$parts = explode('\\', trim($className, '\\'), 2);`
			`if($parts[0] !== 'Misuzu')`
			`return;`

			`$classPath = MSZ_ROOT . '/src/' . str_replace('\\', '/', $parts[1]) . '.php';`
			`if(is_file($classPath))`
			`require_once $classPath;`
			`});`

Made the router code less janky. 2020-05-14 21:39:38 +00:00			`class_alias(\Misuzu\Http\HttpResponseMessage::class, '\HttpResponse');`
			`class_alias(\Misuzu\Http\HttpRequestMessage::class, '\HttpRequest');`
Router beginnings. 2019-12-13 20:37:17 +00:00
Updated libraries and class loading code. 2020-05-12 23:09:03 +00:00			`require_once 'utility.php';`
Moved news pages into the router and made news object oriented. 2020-05-16 22:35:11 +00:00			`require_once 'src/perms.php';`
Add root folder to include path and move utility functions around. 2018-09-28 08:56:51 +00:00			`require_once 'src/manage.php';`
Started centralising URLs. 2019-01-24 20:54:24 +00:00			`require_once 'src/url.php';`
Moved news pages into the router and made news object oriented. 2020-05-16 22:35:11 +00:00			`require_once 'src/Forum/perms.php';`
Add root folder to include path and move utility functions around. 2018-09-28 08:56:51 +00:00			`require_once 'src/Forum/forum.php';`
Added private Forum Leaderboard page. 2019-03-31 16:49:16 +00:00			`require_once 'src/Forum/leaderboard.php';`
WIP poll support. 2019-04-17 23:59:33 +00:00			`require_once 'src/Forum/poll.php';`
Add root folder to include path and move utility functions around. 2018-09-28 08:56:51 +00:00			`require_once 'src/Forum/post.php';`
			`require_once 'src/Forum/topic.php';`
			`require_once 'src/Forum/validate.php';`
Move avatar and background functions into their own files. 2018-10-08 12:29:18 +00:00			`require_once 'src/Users/avatar.php';`
			`require_once 'src/Users/background.php';`
Add root folder to include path and move utility functions around. 2018-09-28 08:56:51 +00:00			`require_once 'src/Users/role.php';`
Renamed user class files. 2020-05-13 21:14:31 +00:00			`require_once 'src/Users/user_legacy.php';`
Added some base stuff for warnings. 2018-12-24 20:35:25 +00:00			`require_once 'src/Users/warning.php';`
Port ExceptionHandler from old Aitemu and created main class. 2018-01-02 19:37:13 +00:00
Moved all config except database creds into the database. 2019-08-14 19:40:36 +00:00			`$dbConfig = parse_ini_file(MSZ_ROOT . '/config/config.ini', true, INI_SCANNER_TYPED);`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00
Moved all config except database creds into the database. 2019-08-14 19:40:36 +00:00			`if(empty($dbConfig)) {`
			`echo 'Database config is missing.';`
			`exit;`
Use custom Whoops handler for error reporting. 2018-09-16 21:03:56 +00:00			`}`

Rewrote database stuff. 2019-09-28 22:38:39 +00:00			`$dbConfig = $dbConfig['Database'] ?? $dbConfig['Database.mysql-main'] ?? [];`

Router beginnings. 2019-12-13 20:37:17 +00:00			`DB::init(DB::buildDSN($dbConfig), $dbConfig['username'] ?? '', $dbConfig['password'] ?? '', DB::ATTRS);`
Moved all config except database creds into the database. 2019-08-14 19:40:36 +00:00
Made config functions into a static class. 2019-12-03 18:52:20 +00:00			`Config::init();`
Ported Mailer class from Hanyuu. 2019-12-03 19:09:18 +00:00			`Mailer::init(Config::get('mail.method', Config::TYPE_STR), [`
			`'host' => Config::get('mail.host', Config::TYPE_STR),`
			`'port' => Config::get('mail.port', Config::TYPE_INT, 25),`
			`'username' => Config::get('mail.username', Config::TYPE_STR),`
			`'password' => Config::get('mail.password', Config::TYPE_STR),`
			`'encryption' => Config::get('mail.encryption', Config::TYPE_STR),`
			`'sender_name' => Config::get('mail.sender.name', Config::TYPE_STR),`
			`'sender_addr' => Config::get('mail.sender.address', Config::TYPE_STR),`
			`]);`
You say 'a step backwards', I say 'modern web development'. 2018-03-14 01:39:02 +00:00
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00			`// replace this with a better storage mechanism`
Made config functions into a static class. 2019-12-03 18:52:20 +00:00			`define('MSZ_STORAGE', Config::get('storage.path', Config::TYPE_STR, MSZ_ROOT . '/store'));`
Removed some old utility functions. 2019-02-05 20:29:37 +00:00			`mkdirs(MSZ_STORAGE, true);`
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(MSZ_CLI) { // Temporary backwards compatibility measure, remove this later`
Code style updates. 2019-06-10 17:04:53 +00:00			`if(realpath($_SERVER['SCRIPT_FILENAME']) === __FILE__) {`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(($argv[1] ?? '') === 'cron' && ($argv[2] ?? '') === 'low')`
			`$argv[2] = '--slow';`
			`array_shift($argv);`
			`echo shell_exec(__DIR__ . '/msz ' . implode(' ', $argv));`
			`}`
			`return;`
Added command to drop a migration template into the database folder. 2018-07-18 03:06:27 +00:00			`}`

Added better console command handling. 2020-05-26 18:44:06 +00:00			`// Everything below here should eventually be moved to index.php, probably only initialised when required.`
			`// Serving things like the css/js doesn't need to initialise sessions.`
Added Twitter auth command and some base functions. 2019-03-06 10:27:38 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!mb_check_encoding()) {`
			`http_response_code(415);`
			`echo 'Invalid request encoding.';`
			`exit;`
			`}`
Added request encoding check. 2019-03-18 20:57:50 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`ob_start();`
Added error reporting. 2018-07-14 17:57:21 +00:00
Moved 503 check higher up into the startup process. Since it no longer depends on Twig we don't have to initialise that, removing further points of failure. 2020-05-26 18:59:22 +00:00			`if(file_exists(MSZ_ROOT . '/.migrating')) {`
			`http_response_code(503);`
			`if(!isset($_GET['_check'])) {`
			`header('Content-Type: text/html; charset-utf-8');`
			`echo file_get_contents(MSZ_ROOT . '/templates/503.html');`
			`}`
			`exit;`
			`}`

Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!is_readable(MSZ_STORAGE) \|\| !is_writable(MSZ_STORAGE)) {`
			`echo 'Cannot access storage directory.';`
			`exit;`
			`}`
Add avatar uploading. 2018-03-24 04:31:42 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`GeoIP::init(Config::get('geoip.database', Config::TYPE_STR, '/var/lib/GeoIP/GeoLite2-Country.mmdb'));`
Moved GeoIP stuff into its own folder. 2018-10-05 11:00:37 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!MSZ_DEBUG) {`
			`$twigCache = sys_get_temp_dir() . '/msz-tpl-cache-' . md5(MSZ_ROOT);`
			`mkdirs($twigCache, true);`
			`}`
Removed some old utility functions. 2019-02-05 20:29:37 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`Template::init($twigCache ?? null, MSZ_DEBUG);`
dropkicked phpunit out, no longer expose Application to Twig and also defines. 2018-09-16 19:45:40 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`Template::set('globals', [`
			`'site_name' => Config::get('site.name', Config::TYPE_STR, 'Misuzu'),`
			`'site_description' => Config::get('site.desc', Config::TYPE_STR),`
			`'site_url' => Config::get('site.url', Config::TYPE_STR),`
			`'site_twitter' => Config::get('social.twitter', Config::TYPE_STR),`
			`]);`
dropkicked phpunit out, no longer expose Application to Twig and also defines. 2018-09-16 19:45:40 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`Template::addPath(MSZ_ROOT . '/templates');`
Initial permission stuffs. 2018-07-07 23:24:34 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {`
			`$authToken = (new AuthToken)`
			`->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? 0)`
			`->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid', FILTER_SANITIZE_STRING) ?? '');`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if($authToken->isValid())`
			`setcookie('msz_auth', $authToken->pack(), strtotime('1 year'), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);`
			`setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);`
			`}`
Merged auth cookies into one. 2019-02-12 15:26:39 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!isset($authToken))`
			`$authToken = AuthToken::unpack(filter_input(INPUT_COOKIE, 'msz_auth', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW \| FILTER_FLAG_STRIP_HIGH) ?? '');`
Updated 503 page to not depend on CSS or Twig existing. 2020-05-26 18:57:35 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if($authToken->isValid()) {`
			`try {`
			`$sessionInfo = $authToken->getSession();`
			`if($sessionInfo->hasExpired()) {`
			`$sessionInfo->delete();`
			`} elseif($sessionInfo->getUserId() === $authToken->getUserId()) {`
			`$userInfo = $sessionInfo->getUser();`
			`if(!$userInfo->isDeleted()) {`
			`$sessionInfo->setCurrent();`
			`$userInfo->setCurrent();`

			`$sessionInfo->bump();`

			`if($sessionInfo->shouldBumpExpire())`
			`setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`}`
			`}`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`} catch(UserNotFoundException $ex) {`
			`UserSession::unsetCurrent();`
			`User::unsetCurrent();`
			`} catch(UserSessionNotFoundException $ex) {`
			`UserSession::unsetCurrent();`
			`User::unsetCurrent();`
			`}`
Merged auth cookies into one. 2019-02-12 15:26:39 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!UserSession::hasCurrent()) {`
			`setcookie('msz_auth', '', -9001, '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);`
			`setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);`
			`} else {`
			`$userDisplayInfo = DB::prepare('`
			`SELECT`
			u.`user_id`, u.`username`, u.`user_background_settings`, u.`user_deleted`,
			COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`
			FROM `msz_users` AS u
			LEFT JOIN `msz_roles` AS r
			ON u.`display_role` = r.`role_id`
			WHERE `user_id` = :user_id
			`') ->bind('user_id', $userInfo->getId())`
			`->fetch();`

			`user_bump_last_active($userInfo->getId());`

			`$userDisplayInfo['perms'] = perms_get_user($userInfo->getId());`
			`$userDisplayInfo['ban_expiration'] = user_warning_check_expiration($userInfo->getId(), MSZ_WARN_BAN);`
			`$userDisplayInfo['silence_expiration'] = $userDisplayInfo['ban_expiration'] > 0 ? 0 : user_warning_check_expiration($userInfo->getId(), MSZ_WARN_SILENCE);`
Backlog of things. 2018-03-31 22:28:32 +00:00			`}`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`}`
Backlog of things. 2018-03-31 22:28:32 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`CSRF::setGlobalSecretKey(Config::get('csrf.secret', Config::TYPE_STR, 'soup'));`
			`CSRF::setGlobalIdentity(UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : IPAddress::remote());`

			`if(Config::get('private.enabled', Config::TYPE_BOOL)) {`
			`$onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');`
			`$onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');`
			`$misuzuBypassLockdown = !empty($misuzuBypassLockdown) \|\| $onLoginPage;`

			`if(!$misuzuBypassLockdown) {`
			`if(UserSession::hasCurrent()) {`
			`$privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);`
			`$privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);`

			`if(!empty($privatePermCat) && $privatePermVal > 0) {`
			`if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {`
			`// au revoir`
			`unset($userDisplayInfo);`
			`UserSession::unsetCurrent();`
			`User::unsetCurrent();`
Removed getPrivateInfo from Application class. 2018-10-05 07:33:26 +00:00			`}`
Improved private mode, replaces Auth.staging. 2018-09-28 07:56:55 +00:00			`}`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`} elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {`
			`url_redirect('auth-login');`
			`exit;`
Improved private mode, replaces Auth.staging. 2018-09-28 07:56:55 +00:00			`}`
Prevent viewing the test site without logging in. 2018-09-27 22:27:30 +00:00			`}`
Added better console command handling. 2020-05-26 18:44:06 +00:00			`}`
Prevent viewing the test site without logging in. 2018-09-27 22:27:30 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if(!empty($userDisplayInfo)) // delete this`
			`Template::set('current_user', $userDisplayInfo);`
Fixed another one of em oversights. 2018-10-02 23:09:41 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');`
			`$hasManageAccess = User::hasCurrent()`
			`&& !user_warning_check_restriction(User::getCurrent()->getId())`
			`&& perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE);`
			`Template::set('has_manage_access', $hasManageAccess);`
Now with functional pagination! 2018-03-28 00:35:37 +00:00
Added better console command handling. 2020-05-26 18:44:06 +00:00			`if($inManageMode) {`
			`if(!$hasManageAccess) {`
			`echo render_error(403);`
			`exit;`
Now with functional pagination! 2018-03-28 00:35:37 +00:00			`}`
Added better console command handling. 2020-05-26 18:44:06 +00:00
			`Template::set('manage_menu', manage_get_menu(User::getCurrent()->getId()));`
You say 'a step backwards', I say 'modern web development'. 2018-03-14 01:39:02 +00:00			`}`