misuzu/public/manage/users/user.php

<?php
namespace Misuzu;

use Misuzu\Users\User;
use Misuzu\Users\UserNotFoundException;
use Misuzu\Users\UserRole;
use Misuzu\Users\UserRoleNotFoundException;

require_once '../../../misuzu.php';

if(!User::hasCurrent() || !perms_check_user(MSZ_PERMS_USER, User::getCurrent()->getId(), MSZ_PERM_USER_MANAGE_USERS)) {
    echo render_error(403);
    return;
}

$notices = [];
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
$currentUser = User::getCurrent();
$currentUserId = $currentUser->getId();

try {
    $userInfo = User::byId($userId);
} catch(UserNotFoundException $ex) {
    echo render_error(404);
    return;
}

$canEdit = $currentUser->hasAuthorityOver($userInfo);
$canEditPerms = $canEdit && perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_PERMS);
$permissions = manage_perms_list(perms_get_user_raw($userId));

if(CSRF::validateRequest() && $canEdit) {
    if(!empty($_POST['roles']) && is_array($_POST['roles']) && array_test($_POST['roles'], 'ctype_digit')) {
        // Fetch existing roles
        $existingRoles = $userInfo->getRoles();

        // Initialise set array with existing roles
        $setRoles = $existingRoles;

        // Read user input array and throw intval on em
        $applyRoles = array_apply($_POST['roles'], 'intval');

        // Storage array for roles to dump
        $removeRoles = [];

        // STEP 1: Check for roles to be removed in the existing set.
        //         Roles that the current users isn't allowed to touch (hierarchy) will stay.
        foreach($setRoles as $role) {
            // Also prevent the main role from being removed.
            if($role->isDefault() || !$currentUser->hasAuthorityOver($role))
                continue;
            if(!in_array($role->getId(), $applyRoles))
                $removeRoles[] = $role;
        }

        // STEP 2: Purge the ones marked for removal.
        $setRoles = array_diff($setRoles, $removeRoles);

        // STEP 3: Add roles to the set array from the user input, if the user has authority over the given roles.
        foreach($applyRoles as $roleId) {
            try {
                $role = $existingRoles[$roleId] ?? UserRole::byId($roleId);
            } catch(UserRoleNotFoundException $ex) {
                continue;
            }
            if(!$currentUser->hasAuthorityOver($role))
                continue;
            if(!in_array($role, $setRoles))
                $setRoles[] = $role;
        }

        foreach($removeRoles as $role)
            $userInfo->removeRole($role);

        foreach($setRoles as $role)
            $userInfo->addRole($role);
    }

    $setUserInfo = [];

    if(!empty($_POST['user']) && is_array($_POST['user'])) {
        $setUserInfo['username'] = (string)($_POST['user']['username'] ?? '');
        $setUserInfo['email'] = (string)($_POST['user']['email'] ?? '');
        $setUserInfo['user_country'] = (string)($_POST['user']['country'] ?? '');
        $setUserInfo['user_title'] = (string)($_POST['user']['title'] ?? '');

        $displayRole = (int)($_POST['user']['display_role'] ?? 0);

        try {
            $userInfo->setDisplayRole(UserRole::byId($displayRole));
        } catch(UserRoleNotFoundException $ex) {}

        $usernameValidation = User::validateUsername($setUserInfo['username']);
        $emailValidation = User::validateEMailAddress($setUserInfo['email']);
        $countryValidation = strlen($setUserInfo['user_country']) === 2
            && ctype_alpha($setUserInfo['user_country'])
            && ctype_upper($setUserInfo['user_country']);

        if(!empty($usernameValidation))
            $notices[] = User::usernameValidationErrorString($usernameValidation);

        if(!empty($emailValidation)) {
            $notices[] = $emailValidation === 'in-use'
                ? 'This e-mail address has already been used!'
                : 'This e-mail address is invalid!';
        } else
            $setUserInfo['email'] = mb_strtolower($setUserInfo['email']);

        if(!$countryValidation)
            $notices[] = 'Country code was invalid.';

        if(strlen($setUserInfo['user_title']) < 1)
            $setUserInfo['user_title'] = null;
        elseif(strlen($setUserInfo['user_title']) > 64)
            $notices[] = 'User title was invalid.';
    }

    if(!empty($_POST['colour']) && is_array($_POST['colour'])) {
        $setUserInfo['user_colour'] = null;

        if(!empty($_POST['colour']['enable'])) {
            $userColour = new Colour;

            try {
                $userColour->setHex((string)($_POST['colour']['hex'] ?? ''));
            } catch(\Exception $ex) {
                $notices[] = $ex->getMessage();
            }

            $setUserInfo['user_colour'] = $userColour->getRaw();
        }
    }

    if(!empty($_POST['password']) && is_array($_POST['password'])) {
        $passwordNewValue = (string)($_POST['password']['new'] ?? '');
        $passwordConfirmValue = (string)($_POST['password']['confirm'] ?? '');

        if(!empty($passwordNewValue)) {
            if($passwordNewValue !== $passwordConfirmValue)
                $notices[] = 'Confirm password does not match.';
            elseif(!empty(User::validatePassword($passwordNewValue)))
                $notices[] = 'New password is too weak.';
            else
                $setUserInfo['password'] = User::hashPassword($passwordNewValue);
        }
    }

    if(empty($notices) && !empty($setUserInfo)) {
        $userUpdate = DB::prepare(sprintf(
            '
                UPDATE `msz_users`
                SET %s
                WHERE `user_id` = :set_user_id
            ',
            pdo_prepare_array_update($setUserInfo, true)
        ));
        $userUpdate->bind('set_user_id', $userId);

        foreach($setUserInfo as $key => $value)
            $userUpdate->bind($key, $value);

        if(!$userUpdate->execute())
            $notices[] = 'Something went wrong while updating the user.';
    }

    if($canEditPerms && !empty($_POST['perms']) && is_array($_POST['perms'])) {
        $perms = manage_perms_apply($permissions, $_POST['perms']);

        if($perms !== null) {
            if(!perms_set_user_raw($userId, $perms))
                $notices[] = 'Failed to update permissions.';
        } else {
            if(!perms_delete_user($userId))
                $notices[] = 'Failed to remove permissions.';
        }

        // this smells, make it refresh/apply in a non-retarded way
        $permissions = manage_perms_list(perms_get_user_raw($userId));
    }
}

Template::render('manage.users.user', [
    'user_info' => $userInfo,
    'manage_notices' => $notices,
    'manage_roles' => UserRole::all(true),
    'can_edit_user' => $canEdit,
    'can_edit_perms' => $canEdit && $canEditPerms,
    'permissions' => $permissions ?? [],
]);
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`<?php`
Added namespaces to all files in public. 2019-09-29 00:43:51 +02:00			`namespace Misuzu;`

Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`use Misuzu\Users\User;`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`use Misuzu\Users\UserNotFoundException;`
			`use Misuzu\Users\UserRole;`
			`use Misuzu\Users\UserRoleNotFoundException;`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`require_once '../../../misuzu.php';`

Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`if(!User::hasCurrent() \|\| !perms_check_user(MSZ_PERMS_USER, User::getCurrent()->getId(), MSZ_PERM_USER_MANAGE_USERS)) {`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`echo render_error(403);`
			`return;`
			`}`

			`$notices = [];`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);`
			`$currentUser = User::getCurrent();`
			`$currentUserId = $currentUser->getId();`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`try {`
			`$userInfo = User::byId($userId);`
			`} catch(UserNotFoundException $ex) {`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`echo render_error(404);`
			`return;`
			`}`

Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`$canEdit = $currentUser->hasAuthorityOver($userInfo);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$canEditPerms = $canEdit && perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_PERMS);`
Fixed mobile menu no longer working. 2019-06-10 15:43:55 +02:00			`$permissions = manage_perms_list(perms_get_user_raw($userId));`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`if(CSRF::validateRequest() && $canEdit) {`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`if(!empty($_POST['roles']) && is_array($_POST['roles']) && array_test($_POST['roles'], 'ctype_digit')) {`
			`// Fetch existing roles`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`$existingRoles = $userInfo->getRoles();`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`// Initialise set array with existing roles`
			`$setRoles = $existingRoles;`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
			`// Read user input array and throw intval on em`
			`$applyRoles = array_apply($_POST['roles'], 'intval');`

			`// Storage array for roles to dump`
			`$removeRoles = [];`

			`// STEP 1: Check for roles to be removed in the existing set.`
			`// Roles that the current users isn't allowed to touch (hierarchy) will stay.`
			`foreach($setRoles as $role) {`
			`// Also prevent the main role from being removed.`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if($role->isDefault() \|\| !$currentUser->hasAuthorityOver($role))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`continue;`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!in_array($role->getId(), $applyRoles))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$removeRoles[] = $role;`
			`}`

			`// STEP 2: Purge the ones marked for removal.`
			`$setRoles = array_diff($setRoles, $removeRoles);`

			`// STEP 3: Add roles to the set array from the user input, if the user has authority over the given roles.`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`foreach($applyRoles as $roleId) {`
			`try {`
			`$role = $existingRoles[$roleId] ?? UserRole::byId($roleId);`
			`} catch(UserRoleNotFoundException $ex) {`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`continue;`
			`}`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!$currentUser->hasAuthorityOver($role))`
			`continue;`
			`if(!in_array($role, $setRoles))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$setRoles[] = $role;`
			`}`

Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`foreach($removeRoles as $role)`
			`$userInfo->removeRole($role);`

			`foreach($setRoles as $role)`
			`$userInfo->addRole($role);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`}`

			`$setUserInfo = [];`

			`if(!empty($_POST['user']) && is_array($_POST['user'])) {`
			`$setUserInfo['username'] = (string)($_POST['user']['username'] ?? '');`
			`$setUserInfo['email'] = (string)($_POST['user']['email'] ?? '');`
			`$setUserInfo['user_country'] = (string)($_POST['user']['country'] ?? '');`
			`$setUserInfo['user_title'] = (string)($_POST['user']['title'] ?? '');`

			`$displayRole = (int)($_POST['user']['display_role'] ?? 0);`

Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`try {`
			`$userInfo->setDisplayRole(UserRole::byId($displayRole));`
			`} catch(UserRoleNotFoundException $ex) {}`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`$usernameValidation = User::validateUsername($setUserInfo['username']);`
			`$emailValidation = User::validateEMailAddress($setUserInfo['email']);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$countryValidation = strlen($setUserInfo['user_country']) === 2`
			`&& ctype_alpha($setUserInfo['user_country'])`
			`&& ctype_upper($setUserInfo['user_country']);`

Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`if(!empty($usernameValidation))`
			`$notices[] = User::usernameValidationErrorString($usernameValidation);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
			`if(!empty($emailValidation)) {`
			`$notices[] = $emailValidation === 'in-use'`
			`? 'This e-mail address has already been used!'`
			`: 'This e-mail address is invalid!';`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`} else`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$setUserInfo['email'] = mb_strtolower($setUserInfo['email']);`

Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!$countryValidation)`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'Country code was invalid.';`

Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(strlen($setUserInfo['user_title']) < 1)`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$setUserInfo['user_title'] = null;`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`elseif(strlen($setUserInfo['user_title']) > 64)`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'User title was invalid.';`
			`}`

			`if(!empty($_POST['colour']) && is_array($_POST['colour'])) {`
Massive overhauls. 2019-12-12 01:42:28 +01:00			`$setUserInfo['user_colour'] = null;`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
			`if(!empty($_POST['colour']['enable'])) {`
Massive overhauls. 2019-12-12 01:42:28 +01:00			`$userColour = new Colour;`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Massive overhauls. 2019-12-12 01:42:28 +01:00			`try {`
			`$userColour->setHex((string)($_POST['colour']['hex'] ?? ''));`
			`} catch(\Exception $ex) {`
			`$notices[] = $ex->getMessage();`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`}`

Massive overhauls. 2019-12-12 01:42:28 +01:00			`$setUserInfo['user_colour'] = $userColour->getRaw();`
			`}`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`}`

			`if(!empty($_POST['password']) && is_array($_POST['password'])) {`
			`$passwordNewValue = (string)($_POST['password']['new'] ?? '');`
			`$passwordConfirmValue = (string)($_POST['password']['confirm'] ?? '');`

			`if(!empty($passwordNewValue)) {`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if($passwordNewValue !== $passwordConfirmValue)`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'Confirm password does not match.';`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`elseif(!empty(User::validatePassword($passwordNewValue)))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'New password is too weak.';`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`else`
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`$setUserInfo['password'] = User::hashPassword($passwordNewValue);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`}`
			`}`

			`if(empty($notices) && !empty($setUserInfo)) {`
Rewrote database stuff. 2019-09-29 00:38:39 +02:00			`$userUpdate = DB::prepare(sprintf(`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`'`
			UPDATE `msz_users`
			`SET %s`
			WHERE `user_id` = :set_user_id
			`',`
			`pdo_prepare_array_update($setUserInfo, true)`
			`));`
Rewrote database stuff. 2019-09-29 00:38:39 +02:00			`$userUpdate->bind('set_user_id', $userId);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`foreach($setUserInfo as $key => $value)`
Rewrote database stuff. 2019-09-29 00:38:39 +02:00			`$userUpdate->bind($key, $value);`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!$userUpdate->execute())`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'Something went wrong while updating the user.';`
			`}`

Fixed mobile menu no longer working. 2019-06-10 15:43:55 +02:00			`if($canEditPerms && !empty($_POST['perms']) && is_array($_POST['perms'])) {`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$perms = manage_perms_apply($permissions, $_POST['perms']);`

			`if($perms !== null) {`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!perms_set_user_raw($userId, $perms))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'Failed to update permissions.';`
			`} else {`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(!perms_delete_user($userId))`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`$notices[] = 'Failed to remove permissions.';`
			`}`

			`// this smells, make it refresh/apply in a non-retarded way`
			`$permissions = manage_perms_list(perms_get_user_raw($userId));`
			`}`
			`}`

Ported Template class from Hanyuu project. 2019-12-04 19:16:22 +01:00			`Template::render('manage.users.user', [`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`'user_info' => $userInfo,`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`'manage_notices' => $notices,`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`'manage_roles' => UserRole::all(true),`
Manage is now less of mess! 2019-06-10 00:10:59 +02:00			`'can_edit_user' => $canEdit,`
			`'can_edit_perms' => $canEdit && $canEditPerms,`
			`'permissions' => $permissions ?? [],`
			`]);`