misuzu/public/profile.php

<?php
$mode = (string)($_GET['m'] ?? null);
$misuzuBypassLockdown = $mode === 'avatar';

require_once '../misuzu.php';

use_legacy_style();

$userId = (int)($_GET['u'] ?? 0);

switch ($mode) {
    case 'avatar':
        $avatar_filename = build_path(
            MSZ_ROOT,
            config_get_default('public/images/no-avatar.png', 'Avatar', 'default_path')
        );
        $user_avatar = "{$userId}.msz";
        $cropped_avatar = build_path(
            create_directory(build_path(MSZ_STORAGE, 'avatars/200x200')),
            $user_avatar
        );

        if (is_file($cropped_avatar)) {
            $avatar_filename = $cropped_avatar;
        } else {
            $original_avatar = build_path(MSZ_STORAGE, 'avatars/original', $user_avatar);

            if (is_file($original_avatar)) {
                try {
                    file_put_contents(
                        $cropped_avatar,
                        crop_image_centred_path($original_avatar, 200, 200)->getImagesBlob(),
                        LOCK_EX
                    );

                    $avatar_filename = $cropped_avatar;
                } catch (Exception $ex) {
                }
            }
        }

        header('Content-Type: ' . mime_content_type($avatar_filename));
        echo file_get_contents($avatar_filename);
        break;

    case 'background':
        $user_background = build_path(
            create_directory(build_path(MSZ_STORAGE, 'backgrounds/original')),
            "{$userId}.msz"
        );

        if (!is_file($user_background)) {
            echo render_error(404);
            break;
        }

        header('Content-Type: ' . mime_content_type($user_background));
        echo file_get_contents($user_background);
        break;

    default:
        $getProfile = db_prepare('
            SELECT
                u.*,
                COALESCE(u.`user_title`, r.`role_title`) as `user_title`,
                COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`,
                (
                    SELECT COUNT(`topic_id`)
                    FROM `msz_forum_topics`
                    WHERE `user_id` = u.`user_id`
                ) as `forum_topic_count`,
                (
                    SELECT COUNT(`post_id`)
                    FROM `msz_forum_posts`
                    WHERE `user_id` = u.`user_id`
                ) as `forum_post_count`,
                (
                    SELECT COUNT(`change_id`)
                    FROM `msz_changelog_changes`
                    WHERE `user_id` = u.`user_id`
                ) as `changelog_count`,
                (
                    SELECT COUNT(`comment_id`)
                    FROM `msz_comments_posts`
                    WHERE `user_id` = u.`user_id`
                ) as `comments_count`
            FROM `msz_users` as u
            LEFT JOIN `msz_roles` as r
            ON r.`role_id` = u.`display_role`
            WHERE `user_id` = :user_id
            OR LOWER(`username`) = LOWER(:username)
            LIMIT 1
        ');
        $getProfile->bindValue('user_id', $userId);
        $getProfile->bindValue('username', $_GET['u'] ?? '');
        $profile = $getProfile->execute() ? $getProfile->fetch() : [];

        if (!$profile) {
            http_response_code(404);
            echo tpl_render('user.notfound');
            break;
        }

        $isEditing = false;
        $userPerms = perms_get_user(MSZ_PERMS_USER, user_session_current('user_id', 0));
        $perms = [
            'edit_profile' => perms_check($userPerms, MSZ_PERM_USER_EDIT_PROFILE),
            'edit_avatar' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_AVATAR),
            'edit_background' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_BACKGROUND),
            'edit_about' => perms_check($userPerms, MSZ_PERM_USER_EDIT_ABOUT),
        ];

        if (user_session_active()) {
            $canEdit = user_session_current('user_id', 0) === $profile['user_id']
                || perms_check($userPerms, MSZ_PERM_USER_MANAGE_USERS);
            $isEditing = $canEdit && $mode === 'edit';

            $getFriendInfo = db_prepare('
                SELECT
                    :visitor as `visitor`, :profile as `profile`,
                    (
                        SELECT `relation_type`
                        FROM `msz_user_relations`
                        WHERE `user_id` = `visitor`
                        AND `subject_id` = `profile`
                    ) as `visitor_relation`,
                    (
                        SELECT `relation_type`
                        FROM `msz_user_relations`
                        WHERE `subject_id` = `visitor`
                        AND `user_id` = `profile`
                    ) as `profile_relation`,
                    (
                        SELECT MAX(`relation_created`)
                        FROM `msz_user_relations`
                        WHERE (`user_id` = `visitor` AND `subject_id` = `profile`)
                        OR (`user_id` = `profile` AND `subject_id` = `visitor`)
                    ) as `relation_created`
            ');
            $getFriendInfo->bindValue('visitor', user_session_current('user_id', 0));
            $getFriendInfo->bindValue('profile', $profile['user_id']);
            $friendInfo = $getFriendInfo->execute() ? $getFriendInfo->fetch(PDO::FETCH_ASSOC) : [];

            tpl_vars([
                'friend_info' => $friendInfo,
            ]);

            if ($isEditing) {
                tpl_vars([
                    'guidelines' => [
                        'avatar' => user_avatar_default_options(),
                        'background' => user_background_default_options(),
                    ],
                ]);
            }
        }

        if (!$isEditing) {
            tpl_var('profile_notices', ['The profile pages are still under much construction, more things will eventually populate the area where this container current exists.']);
        }

        tpl_vars([
            'profile' => $profile,
            'can_edit' => $canEdit ?? false,
            'is_editing' => $isEditing,
            'perms' => $perms,
            'profile_fields' => user_session_active() ? user_profile_fields_display($profile, !$isEditing) : [],
            'has_background' => is_file(build_path(MSZ_STORAGE, 'backgrounds/original', "{$profile['user_id']}.msz")),
        ]);
        echo tpl_render('user.profile');
        break;
}
You say 'a step backwards', I say 'modern web development'. 2018-03-14 01:39:02 +00:00			`<?php`
Prevent viewing the test site without logging in. 2018-09-27 22:27:30 +00:00			`$mode = (string)($_GET['m'] ?? null);`
			`$misuzuBypassLockdown = $mode === 'avatar';`

New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`require_once '../misuzu.php';`
You say 'a step backwards', I say 'modern web development'. 2018-03-14 01:39:02 +00:00
Use new style on the forum. 2018-10-21 22:11:14 +00:00			`use_legacy_style();`

cool profile editor v2 2018-09-23 19:12:40 +00:00			`$userId = (int)($_GET['u'] ?? 0);`
Fix profile.php errors. 2018-03-22 17:56:35 +00:00
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`switch ($mode) {`
			`case 'avatar':`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 20:30:55 +00:00			`$avatar_filename = build_path(`
			`MSZ_ROOT,`
			`config_get_default('public/images/no-avatar.png', 'Avatar', 'default_path')`
			`);`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`$user_avatar = "{$userId}.msz";`
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`$cropped_avatar = build_path(`
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00			`create_directory(build_path(MSZ_STORAGE, 'avatars/200x200')),`
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`$user_avatar`
			`);`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`if (is_file($cropped_avatar)) {`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`$avatar_filename = $cropped_avatar;`
			`} else {`
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00			`$original_avatar = build_path(MSZ_STORAGE, 'avatars/original', $user_avatar);`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`if (is_file($original_avatar)) {`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`try {`
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`file_put_contents(`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`$cropped_avatar,`
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`crop_image_centred_path($original_avatar, 200, 200)->getImagesBlob(),`
			`LOCK_EX`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`);`

			`$avatar_filename = $cropped_avatar;`
			`} catch (Exception $ex) {`
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`}`
			`}`
			`}`

			`header('Content-Type: ' . mime_content_type($avatar_filename));`
and also au revoir to all object trashy wrappings 2018-09-16 00:21:13 +00:00			`echo file_get_contents($avatar_filename);`
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`break;`

Some initial stuff for profile backgrounds. 2018-09-16 01:37:32 +00:00			`case 'background':`
			`$user_background = build_path(`
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00			`create_directory(build_path(MSZ_STORAGE, 'backgrounds/original')),`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`"{$userId}.msz"`
Some initial stuff for profile backgrounds. 2018-09-16 01:37:32 +00:00			`);`

			`if (!is_file($user_background)) {`
			`echo render_error(404);`
			`break;`
			`}`

			`header('Content-Type: ' . mime_content_type($user_background));`
			`echo file_get_contents($user_background);`
			`break;`

Add avatar uploading. 2018-03-24 04:31:42 +00:00			`default:`
Database stuff is now also procedural, would ya look at that. 2018-10-06 23:30:48 +00:00			`$getProfile = db_prepare('`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`SELECT`
			`u.*,`
member listing 2018-05-27 23:24:16 +00:00			COALESCE(u.`user_title`, r.`role_title`) as `user_title`,
Added per user colours, removed old chat key stuff and fixed a permissions editor error. 2018-07-18 16:01:17 +00:00			COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`,
unfinished forum stuff 2018-05-18 01:20:27 +00:00			`(`
			SELECT COUNT(`topic_id`)
CHAnGELOG 2018-07-06 01:28:06 +00:00			FROM `msz_forum_topics`
			WHERE `user_id` = u.`user_id`
unfinished forum stuff 2018-05-18 01:20:27 +00:00			) as `forum_topic_count`,
			`(`
			SELECT COUNT(`post_id`)
CHAnGELOG 2018-07-06 01:28:06 +00:00			FROM `msz_forum_posts`
			WHERE `user_id` = u.`user_id`
			) as `forum_post_count`,
			`(`
			SELECT COUNT(`change_id`)
			FROM `msz_changelog_changes`
			WHERE `user_id` = u.`user_id`
Display comment count on profiles. 2018-08-12 13:35:50 +00:00			) as `changelog_count`,
			`(`
			SELECT COUNT(`comment_id`)
			FROM `msz_comments_posts`
			WHERE `user_id` = u.`user_id`
			) as `comments_count`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			FROM `msz_users` as u
			LEFT JOIN `msz_roles` as r
			ON r.`role_id` = u.`display_role`
			WHERE `user_id` = :user_id
Added ability to get to profile by username. 2018-09-25 21:58:31 +00:00			OR LOWER(`username`) = LOWER(:username)
			`LIMIT 1`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`');`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`$getProfile->bindValue('user_id', $userId);`
Added ability to get to profile by username. 2018-09-25 21:58:31 +00:00			`$getProfile->bindValue('username', $_GET['u'] ?? '');`
bye bye ORM (successfully this time!) 2018-05-16 02:58:21 +00:00			`$profile = $getProfile->execute() ? $getProfile->fetch() : [];`

			`if (!$profile) {`
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`http_response_code(404);`
Restructure templating system. 2018-08-15 01:12:58 +00:00			`echo tpl_render('user.notfound');`
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`break;`
			`}`

Move more settings.php into functions. 2018-09-27 22:03:43 +00:00			`$isEditing = false;`
Made imperative bits of the session system procedural like the rest. 2018-10-02 22:34:05 +00:00			`$userPerms = perms_get_user(MSZ_PERMS_USER, user_session_current('user_id', 0));`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`$perms = [`
			`'edit_profile' => perms_check($userPerms, MSZ_PERM_USER_EDIT_PROFILE),`
			`'edit_avatar' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_AVATAR),`
			`'edit_background' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_BACKGROUND),`
			`'edit_about' => perms_check($userPerms, MSZ_PERM_USER_EDIT_ABOUT),`
			`];`

Made imperative bits of the session system procedural like the rest. 2018-10-02 22:34:05 +00:00			`if (user_session_active()) {`
			`$canEdit = user_session_current('user_id', 0) === $profile['user_id']`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`\|\| perms_check($userPerms, MSZ_PERM_USER_MANAGE_USERS);`
			`$isEditing = $canEdit && $mode === 'edit';`

Database stuff is now also procedural, would ya look at that. 2018-10-06 23:30:48 +00:00			`$getFriendInfo = db_prepare('`
Added basic friends system. 2018-09-18 22:16:29 +00:00			`SELECT`
			:visitor as `visitor`, :profile as `profile`,
			`(`
			SELECT `relation_type`
			FROM `msz_user_relations`
			WHERE `user_id` = `visitor`
			AND `subject_id` = `profile`
			) as `visitor_relation`,
			`(`
			SELECT `relation_type`
			FROM `msz_user_relations`
			WHERE `subject_id` = `visitor`
			AND `user_id` = `profile`
			) as `profile_relation`,
			`(`
			SELECT MAX(`relation_created`)
			FROM `msz_user_relations`
			WHERE (`user_id` = `visitor` AND `subject_id` = `profile`)
			OR (`user_id` = `profile` AND `subject_id` = `visitor`)
			) as `relation_created`
			`');`
Made imperative bits of the session system procedural like the rest. 2018-10-02 22:34:05 +00:00			`$getFriendInfo->bindValue('visitor', user_session_current('user_id', 0));`
Added basic friends system. 2018-09-18 22:16:29 +00:00			`$getFriendInfo->bindValue('profile', $profile['user_id']);`
			`$friendInfo = $getFriendInfo->execute() ? $getFriendInfo->fetch(PDO::FETCH_ASSOC) : [];`

cool profile editor v2 2018-09-23 19:12:40 +00:00			`tpl_vars([`
			`'friend_info' => $friendInfo,`
			`]);`
Display guidelines section on profile in edit mode. 2018-09-27 06:39:49 +00:00
			`if ($isEditing) {`
			`tpl_vars([`
			`'guidelines' => [`
Changed avatar limitations. 2018-10-05 09:06:39 +00:00			`'avatar' => user_avatar_default_options(),`
			`'background' => user_background_default_options(),`
Display guidelines section on profile in edit mode. 2018-09-27 06:39:49 +00:00			`],`
			`]);`
			`}`
Added basic friends system. 2018-09-18 22:16:29 +00:00			`}`

Move more settings.php into functions. 2018-09-27 22:03:43 +00:00			`if (!$isEditing) {`
			`tpl_var('profile_notices', ['The profile pages are still under much construction, more things will eventually populate the area where this container current exists.']);`
			`}`

Some initial stuff for profile backgrounds. 2018-09-16 01:37:32 +00:00			`tpl_vars([`
			`'profile' => $profile,`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`'can_edit' => $canEdit ?? false,`
Move more settings.php into functions. 2018-09-27 22:03:43 +00:00			`'is_editing' => $isEditing,`
cool profile editor v2 2018-09-23 19:12:40 +00:00			`'perms' => $perms,`
Made imperative bits of the session system procedural like the rest. 2018-10-02 22:34:05 +00:00			`'profile_fields' => user_session_active() ? user_profile_fields_display($profile, !$isEditing) : [],`
Moved storage path into a constant. 2018-10-05 09:14:54 +00:00			`'has_background' => is_file(build_path(MSZ_STORAGE, 'backgrounds/original', "{$profile['user_id']}.msz")),`
Some initial stuff for profile backgrounds. 2018-09-16 01:37:32 +00:00			`]);`
Added edit profile button to own profile. 2018-09-17 09:20:15 +00:00			`echo tpl_render('user.profile');`
Add avatar uploading. 2018-03-24 04:31:42 +00:00			`break;`
			`}`