From 105e0560bf19873bac0bfbe9cf7ca6394bbc1dbc Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 18 Mar 2019 23:20:16 +0100 Subject: [PATCH] ARE YOU KIDDING MEEEEEEEEEEEEEEEEEEEE --- public/profile.php | 324 +++++++++++++++++++++++---------------------- 1 file changed, 163 insertions(+), 161 deletions(-) diff --git a/public/profile.php b/public/profile.php index 1fa8887a..9e5bd40a 100644 --- a/public/profile.php +++ b/public/profile.php @@ -57,197 +57,199 @@ if ($isEditing) { 'background_attachments' => MSZ_USER_BACKGROUND_ATTACHMENTS_NAMES, ]); - if (!csrf_verify('profile', $_POST['csrf'] ?? '')) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['csrf']; - } else { - if (!empty($_POST['profile']) && is_array($_POST['profile'])) { - if (!$perms['edit_profile']) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['profile']['not-allowed']; - } else { - $setUserFieldErrors = user_profile_fields_set($userId, $_POST['profile']); + if (!empty($_POST) && is_array($_POST)) { + if (!csrf_verify('profile', $_POST['csrf'] ?? '')) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['csrf']; + } else { + if (!empty($_POST['profile']) && is_array($_POST['profile'])) { + if (!$perms['edit_profile']) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['profile']['not-allowed']; + } else { + $setUserFieldErrors = user_profile_fields_set($userId, $_POST['profile']); - if (count($setUserFieldErrors) > 0) { - foreach ($setUserFieldErrors as $name => $error) { + if (count($setUserFieldErrors) > 0) { + foreach ($setUserFieldErrors as $name => $error) { + $notices[] = sprintf( + MSZ_TMP_USER_ERROR_STRINGS['profile'][$error] ?? MSZ_TMP_USER_ERROR_STRINGS['profile']['_'], + $name, + user_profile_field_get_display_name($name) + ); + } + } + } + } + + if (!empty($_POST['about']) && is_array($_POST['about'])) { + if (!$perms['edit_about']) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['about']['not-allowed']; + } else { + $setAboutError = user_set_about_page( + $userId, + $_POST['about']['text'] ?? '', + (int)($_POST['about']['parser'] ?? MSZ_PARSER_PLAIN) + ); + + if ($setAboutError !== MSZ_E_USER_ABOUT_OK) { $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['profile'][$error] ?? MSZ_TMP_USER_ERROR_STRINGS['profile']['_'], - $name, - user_profile_field_get_display_name($name) + MSZ_TMP_USER_ERROR_STRINGS['about'][$setAboutError] ?? MSZ_TMP_USER_ERROR_STRINGS['about']['_'], + MSZ_USER_ABOUT_MAX_LENGTH ); } } } - } - if (!empty($_POST['about']) && is_array($_POST['about'])) { - if (!$perms['edit_about']) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['about']['not-allowed']; - } else { - $setAboutError = user_set_about_page( - $userId, - $_POST['about']['text'] ?? '', - (int)($_POST['about']['parser'] ?? MSZ_PARSER_PLAIN) - ); - - if ($setAboutError !== MSZ_E_USER_ABOUT_OK) { - $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['about'][$setAboutError] ?? MSZ_TMP_USER_ERROR_STRINGS['about']['_'], - MSZ_USER_ABOUT_MAX_LENGTH + if (!empty($_POST['signature']) && is_array($_POST['signature'])) { + if (!$perms['edit_signature']) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['signature']['not-allowed']; + } else { + $setSignatureError = user_set_signature( + $userId, + $_POST['signature']['text'] ?? '', + (int)($_POST['signature']['parser'] ?? MSZ_PARSER_PLAIN) ); - } - } - } - if (!empty($_POST['signature']) && is_array($_POST['signature'])) { - if (!$perms['edit_signature']) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['signature']['not-allowed']; - } else { - $setSignatureError = user_set_signature( - $userId, - $_POST['signature']['text'] ?? '', - (int)($_POST['signature']['parser'] ?? MSZ_PARSER_PLAIN) - ); - - if ($setSignatureError !== MSZ_E_USER_SIGNATURE_OK) { - $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['signature'][$setSignatureError] ?? MSZ_TMP_USER_ERROR_STRINGS['signature']['_'], - MSZ_USER_SIGNATURE_MAX_LENGTH - ); - } - } - } - - if (!empty($_POST['birthdate']) && is_array($_POST['birthdate'])) { - if (!$perms['edit_birthdate']) { - $notices[] = "You aren't allow to change your birthdate."; - } else { - $setBirthdate = user_set_birthdate( - $userId, - (int)($_POST['birthdate']['day'] ?? 0), - (int)($_POST['birthdate']['month'] ?? 0), - (int)($_POST['birthdate']['year'] ?? 0) - ); - - switch ($setBirthdate) { - case MSZ_E_USER_BIRTHDATE_USER: - $notices[] = 'Invalid user specified while setting birthdate?'; - break; - case MSZ_E_USER_BIRTHDATE_DATE: - $notices[] = 'The given birthdate is invalid.'; - break; - case MSZ_E_USER_BIRTHDATE_FAIL: - $notices[] = 'Failed to set birthdate.'; - break; - case MSZ_E_USER_BIRTHDATE_YEAR: - $notices[] = 'The given birth year is invalid.'; - break; - case MSZ_E_USER_BIRTHDATE_OK: - break; - default: - $notices[] = 'Something unexpected happened while setting your birthdate.'; - } - } - } - - if (!empty($_FILES['avatar'])) { - if (!empty($_POST['avatar']['delete'])) { - user_avatar_delete($userId); - } else { - if (!$perms['edit_avatar']) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['avatar']['not-allowed']; - } elseif (!empty($_FILES['avatar']) - && is_array($_FILES['avatar']) - && !empty($_FILES['avatar']['name']['file'])) { - if ($_FILES['avatar']['error']['file'] !== UPLOAD_ERR_OK) { + if ($setSignatureError !== MSZ_E_USER_SIGNATURE_OK) { $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload'][$_FILES['avatar']['error']['file']] - ?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload']['_'], - $_FILES['avatar']['error']['file'], - byte_symbol($avatarProps['max_size'], true), - $avatarProps['max_width'], - $avatarProps['max_height'] - ); - } else { - $setAvatar = user_avatar_set_from_path( - $userId, - $_FILES['avatar']['tmp_name']['file'], - $avatarProps + MSZ_TMP_USER_ERROR_STRINGS['signature'][$setSignatureError] ?? MSZ_TMP_USER_ERROR_STRINGS['signature']['_'], + MSZ_USER_SIGNATURE_MAX_LENGTH ); + } + } + } - if ($setAvatar !== MSZ_USER_AVATAR_NO_ERRORS) { + if (!empty($_POST['birthdate']) && is_array($_POST['birthdate'])) { + if (!$perms['edit_birthdate']) { + $notices[] = "You aren't allow to change your birthdate."; + } else { + $setBirthdate = user_set_birthdate( + $userId, + (int)($_POST['birthdate']['day'] ?? 0), + (int)($_POST['birthdate']['month'] ?? 0), + (int)($_POST['birthdate']['year'] ?? 0) + ); + + switch ($setBirthdate) { + case MSZ_E_USER_BIRTHDATE_USER: + $notices[] = 'Invalid user specified while setting birthdate?'; + break; + case MSZ_E_USER_BIRTHDATE_DATE: + $notices[] = 'The given birthdate is invalid.'; + break; + case MSZ_E_USER_BIRTHDATE_FAIL: + $notices[] = 'Failed to set birthdate.'; + break; + case MSZ_E_USER_BIRTHDATE_YEAR: + $notices[] = 'The given birth year is invalid.'; + break; + case MSZ_E_USER_BIRTHDATE_OK: + break; + default: + $notices[] = 'Something unexpected happened while setting your birthdate.'; + } + } + } + + if (!empty($_FILES['avatar'])) { + if (!empty($_POST['avatar']['delete'])) { + user_avatar_delete($userId); + } else { + if (!$perms['edit_avatar']) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['avatar']['not-allowed']; + } elseif (!empty($_FILES['avatar']) + && is_array($_FILES['avatar']) + && !empty($_FILES['avatar']['name']['file'])) { + if ($_FILES['avatar']['error']['file'] !== UPLOAD_ERR_OK) { $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['avatar']['set'][$setAvatar] - ?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['set']['_'], - $setAvatar, + MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload'][$_FILES['avatar']['error']['file']] + ?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['upload']['_'], + $_FILES['avatar']['error']['file'], byte_symbol($avatarProps['max_size'], true), $avatarProps['max_width'], $avatarProps['max_height'] ); - } - } - } - } - } - - if (!empty($_FILES['background'])) { - if ((int)($_POST['background']['attach'] ?? -1) === 0) { - user_background_delete($userId); - user_background_set_settings($userId, MSZ_USER_BACKGROUND_ATTACHMENT_NONE); - } else { - if (!$perms['edit_background']) { - $notices[] = MSZ_TMP_USER_ERROR_STRINGS['background']['not-allowed']; - } elseif (!empty($_FILES['background']) - && is_array($_FILES['background'])) { - if (!empty($_FILES['background']['name']['file'])) { - if ($_FILES['background']['error']['file'] !== UPLOAD_ERR_OK) { - $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['background']['upload'][$_FILES['background']['error']['file']] - ?? MSZ_TMP_USER_ERROR_STRINGS['background']['upload']['_'], - $_FILES['background']['error']['file'], - byte_symbol($backgroundProps['max_size'], true), - $backgroundProps['max_width'], - $backgroundProps['max_height'] - ); } else { - $setBackground = user_background_set_from_path( + $setAvatar = user_avatar_set_from_path( $userId, - $_FILES['background']['tmp_name']['file'], - $backgroundProps + $_FILES['avatar']['tmp_name']['file'], + $avatarProps ); - if ($setBackground !== MSZ_USER_BACKGROUND_NO_ERRORS) { + if ($setAvatar !== MSZ_USER_AVATAR_NO_ERRORS) { $notices[] = sprintf( - MSZ_TMP_USER_ERROR_STRINGS['background']['set'][$setBackground] - ?? MSZ_TMP_USER_ERROR_STRINGS['background']['set']['_'], - $setBackground, - byte_symbol($backgroundProps['max_size'], true), - $backgroundProps['max_width'], - $backgroundProps['max_height'] + MSZ_TMP_USER_ERROR_STRINGS['avatar']['set'][$setAvatar] + ?? MSZ_TMP_USER_ERROR_STRINGS['avatar']['set']['_'], + $setAvatar, + byte_symbol($avatarProps['max_size'], true), + $avatarProps['max_width'], + $avatarProps['max_height'] ); } } } + } + } - $backgroundSettings = in_array($_POST['background']['attach'] ?? '', MSZ_USER_BACKGROUND_ATTACHMENTS) - ? (int)($_POST['background']['attach']) - : MSZ_USER_BACKGROUND_ATTACHMENTS[0]; + if (!empty($_FILES['background'])) { + if ((int)($_POST['background']['attach'] ?? -1) === 0) { + user_background_delete($userId); + user_background_set_settings($userId, MSZ_USER_BACKGROUND_ATTACHMENT_NONE); + } else { + if (!$perms['edit_background']) { + $notices[] = MSZ_TMP_USER_ERROR_STRINGS['background']['not-allowed']; + } elseif (!empty($_FILES['background']) + && is_array($_FILES['background'])) { + if (!empty($_FILES['background']['name']['file'])) { + if ($_FILES['background']['error']['file'] !== UPLOAD_ERR_OK) { + $notices[] = sprintf( + MSZ_TMP_USER_ERROR_STRINGS['background']['upload'][$_FILES['background']['error']['file']] + ?? MSZ_TMP_USER_ERROR_STRINGS['background']['upload']['_'], + $_FILES['background']['error']['file'], + byte_symbol($backgroundProps['max_size'], true), + $backgroundProps['max_width'], + $backgroundProps['max_height'] + ); + } else { + $setBackground = user_background_set_from_path( + $userId, + $_FILES['background']['tmp_name']['file'], + $backgroundProps + ); - if (!empty($_POST['background']['attr']['blend'])) { - $backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_BLEND; + if ($setBackground !== MSZ_USER_BACKGROUND_NO_ERRORS) { + $notices[] = sprintf( + MSZ_TMP_USER_ERROR_STRINGS['background']['set'][$setBackground] + ?? MSZ_TMP_USER_ERROR_STRINGS['background']['set']['_'], + $setBackground, + byte_symbol($backgroundProps['max_size'], true), + $backgroundProps['max_width'], + $backgroundProps['max_height'] + ); + } + } + } + + $backgroundSettings = in_array($_POST['background']['attach'] ?? '', MSZ_USER_BACKGROUND_ATTACHMENTS) + ? (int)($_POST['background']['attach']) + : MSZ_USER_BACKGROUND_ATTACHMENTS[0]; + + if (!empty($_POST['background']['attr']['blend'])) { + $backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_BLEND; + } + + if (!empty($_POST['background']['attr']['slide'])) { + $backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_SLIDE; + } + + user_background_set_settings($userId, $backgroundSettings); } - - if (!empty($_POST['background']['attr']['slide'])) { - $backgroundSettings |= MSZ_USER_BACKGROUND_ATTRIBUTE_SLIDE; - } - - user_background_set_settings($userId, $backgroundSettings); } } } - } - // Unset $isEditing and hope the user doesn't refresh their profile! - if (empty($notices)) { - $isEditing = false; + // Unset $isEditing and hope the user doesn't refresh their profile! + if (empty($notices)) { + $isEditing = false; + } } } @@ -290,7 +292,7 @@ switch ($profileMode) { $following = user_relation_users_from($userId, MSZ_USER_RELATION_FOLLOW, $followingPagination['range'], $followingOffset, $currentUserId); tpl_vars([ - 'title' => 'flash / following', + 'title' => $profile['username'] . ' / following', 'canonical_url' => url('user-profile-following', ['user' => $userId]), 'profile_users' => $following, 'profile_relation_pagination' => $followingPagination, @@ -311,7 +313,7 @@ switch ($profileMode) { $followers = user_relation_users_to($userId, MSZ_USER_RELATION_FOLLOW, $followerPagination['range'], $followerOffset, $currentUserId); tpl_vars([ - 'title' => 'flash / followers', + 'title' => $profile['username'] . ' / followers', 'canonical_url' => url('user-profile-followers', ['user' => $userId]), 'profile_users' => $followers, 'profile_relation_pagination' => $followerPagination, @@ -332,7 +334,7 @@ switch ($profileMode) { $topics = forum_topic_listing_user($userId, $currentUserId, $topicsOffset, $topicsPagination['range']); tpl_vars([ - 'title' => 'flash / topics', + 'title' => $profile['username'] . ' / topics', 'canonical_url' => url('user-profile-forum-topics', ['user' => $userId]), 'profile_topics' => $topics, 'profile_topics_pagination' => $topicsPagination,