flashii/misuzu
flashii/misuzu
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replaced confirm pages with dynamic requests on the forum.

Browse source
This commit is contained in:
flash 2024-12-18 03:07:48 +00:00
parent a8c777d725
commit 265e8f2d4b
18 changed files with 1159 additions and 437 deletions
public-legacy/forum
index.phppost.phptopic.php

39
public-legacy/forum/index.php
View file

@ -7,46 +7,7 @@ use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$mode = (string)filter_input(INPUT_GET, 'm');
$currentUser = $msz->authInfo->userInfo;
$currentUserId = $currentUser === null ? '0' : $currentUser->id;
if($mode === 'mark') {
if(!$msz->authInfo->isLoggedIn)
Template::throwError(403);
$categoryId = filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$categoryInfos = $categoryId === null
? $msz->forumCtx->categories->getCategories()
: $msz->forumCtx->categories->getCategoryChildren(parentInfo: $categoryId, includeSelf: true);
foreach($categoryInfos as $categoryInfo) {
$perms = $msz->authInfo->getPerms('forum', $categoryInfo);
if($perms->check(Perm::F_CATEGORY_LIST))
$msz->forumCtx->categories->updateUserReadCategory($currentUser, $categoryInfo);
}
Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId]));
return;
}
Template::render('confirm', [
'title' => 'Mark forum as read',
'message' => 'Are you sure you want to mark ' . ($categoryId < 1 ? 'the entire' : 'this') . ' forum as read?',
'return' => $msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId]),
'params' => [
'forum' => $categoryId,
]
]);
return;
}
if($mode !== '')
Template::throwError(404);
$categories = $msz->forumCtx->categories->getCategories(hidden: false, asTree: true);
foreach($categories as $categoryId => $category) {

139
public-legacy/forum/post.php
View file

@ -1,139 +0,0 @@
<?php
namespace Misuzu;
use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (string)$_GET['p'] : '0';
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
$postRequestVerified = CSRF::validateRequest();
if(!empty($postMode) && !$msz->authInfo->isLoggedIn)
Template::displayInfo('You must be logged in to manage posts.', 401);
$currentUser = $msz->authInfo->userInfo;
$currentUserId = $currentUser === null ? '0' : $currentUser->id;
if($postMode !== '' && $msz->usersCtx->hasActiveBan($currentUser))
Template::displayInfo('You have been banned, check your profile for more information.', 403);
try {
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId);
} catch(RuntimeException $ex) {
Template::throwError(404);
}
$perms = $msz->authInfo->getPerms('forum', $postInfo->categoryId);
if(!$perms->check(Perm::F_CATEGORY_VIEW))
Template::throwError(403);
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
switch($postMode) {
case 'delete':
if($canDeleteAny) {
if($postInfo->deleted)
Template::displayInfo('This post has already been marked as deleted.', 404);
} else {
if($postInfo->deleted)
Template::throwError(404);
if(!$perms->check(Perm::F_POST_DELETE_OWN))
Template::displayInfo('You are not allowed to delete posts.', 403);
if($postInfo->userId !== $currentUser->id)
Template::displayInfo('You can only delete your own posts.', 403);
// posts may only be deleted within a week of creation, this should be a config value
$deleteTimeFrame = 60 * 60 * 24 * 7;
if($postInfo->createdTime < time() - $deleteTimeFrame)
Template::displayInfo('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
}
$originalPostInfo = $msz->forumCtx->posts->getPost(topicInfo: $postInfo->topicId);
if($originalPostInfo->id === $postInfo->id)
Template::displayInfo('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403);
if($postRequestVerified && !$submissionConfirmed) {
Tools::redirect($msz->urls->format('forum-post', ['post' => $postInfo->id]));
break;
} elseif(!$postRequestVerified) {
Template::render('forum.confirm', [
'title' => 'Confirm post deletion',
'class' => 'far fa-trash-alt',
'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo->id),
'params' => [
'p' => $postInfo->id,
'm' => 'delete',
],
]);
break;
}
$msz->forumCtx->posts->deletePost($postInfo);
$msz->createAuditLog('FORUM_POST_DELETE', [$postInfo->id]);
Tools::redirect($msz->urls->format('forum-topic', ['topic' => $postInfo->topicId]));
break;
case 'nuke':
if(!$canDeleteAny)
Template::throwError(403);
if($postRequestVerified && !$submissionConfirmed) {
Tools::redirect($msz->urls->format('forum-post', ['post' => $postInfo->id]));
break;
} elseif(!$postRequestVerified) {
Template::render('forum.confirm', [
'title' => 'Confirm post nuke',
'class' => 'fas fa-radiation',
'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo->id),
'params' => [
'p' => $postInfo->id,
'm' => 'nuke',
],
]);
break;
}
$msz->forumCtx->posts->nukePost($postInfo->id);
$msz->createAuditLog('FORUM_POST_NUKE', [$postInfo->id]);
Tools::redirect($msz->urls->format('forum-topic', ['topic' => $postInfo->topicId]));
break;
case 'restore':
if(!$canDeleteAny)
Template::throwError(403);
if($postRequestVerified && !$submissionConfirmed) {
Tools::redirect($msz->urls->format('forum-post', ['post' => $postInfo->id]));
break;
} elseif(!$postRequestVerified) {
Template::render('forum.confirm', [
'title' => 'Confirm post restore',
'class' => 'fas fa-magic',
'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo->id),
'params' => [
'p' => $postInfo->id,
'm' => 'restore',
],
]);
break;
}
$msz->forumCtx->posts->restorePost($postInfo->id);
$msz->createAuditLog('FORUM_POST_RESTORE', [$postInfo->id]);
Tools::redirect($msz->urls->format('forum-topic', ['topic' => $postInfo->topicId]));
break;
default: // function as an alt for topic.php?p= by default
Tools::redirect($msz->urls->format('forum-post', ['post' => $postInfo->id]));
break;
}

169
public-legacy/forum/topic.php
View file

@ -10,8 +10,6 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
$topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0;
$categoryId = null;
$moderationMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
$currentUser = $msz->authInfo->userInfo;
$currentUserId = $currentUser === null ? '0' : $currentUser->id;
@ -70,7 +68,7 @@ if($topicIsNuked || $topicIsDeleted) {
}
}
if(empty($topicRedirectInfo))
if(empty($topicRedirectInfo) && !$canDeleteAny)
Template::throwError(404);
}
@ -99,170 +97,6 @@ $canDelete = !$topicIsDeleted && (
)
);
$validModerationModes = [
'delete', 'restore', 'nuke',
'bump', 'lock', 'unlock',
];
if(in_array($moderationMode, $validModerationModes, true)) {
if(!CSRF::validateRequest())
Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
if(!$msz->authInfo->isLoggedIn)
Template::displayInfo('You must be logged in to manage posts.', 401);
if($msz->usersCtx->hasActiveBan($currentUser))
Template::displayInfo('You have been banned, check your profile for more information.', 403);
switch($moderationMode) {
case 'delete':
if($canDeleteAny) {
if($topicInfo->deleted)
Template::displayInfo('This topic has already been marked as deleted.', 404);
} else {
if($topicInfo->deleted)
Template::throwError(404);
if(!$canDeleteOwn)
Template::displayInfo("You aren't allowed to delete topics.", 403);
if($topicInfo->userId !== $currentUser->id)
Template::displayInfo('You can only delete your own topics.', 403);
// topics may only be deleted within a day of creation, this should be a config value
$deleteTimeFrame = 60 * 60 * 24;
if($topicInfo->createdTime < time() - $deleteTimeFrame)
Template::displayInfo('This topic has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
// deleted posts are intentionally included
$topicPostCount = $msz->forumCtx->posts->countPosts(topicInfo: $topicInfo);
if($topicPostCount > $deletePostThreshold)
Template::displayInfo('This topic already has replies, you may no longer delete it. Ask a moderator to remove if it absolutely necessary.', 403);
}
if(!isset($_GET['confirm'])) {
Template::render('forum.confirm', [
'title' => 'Confirm topic deletion',
'class' => 'far fa-trash-alt',
'message' => sprintf('You are about to delete topic #%d. Are you sure about that?', $topicInfo->id),
'params' => [
't' => $topicInfo->id,
'm' => 'delete',
],
]);
break;
} elseif(!$submissionConfirmed) {
Tools::redirect($msz->urls->format(
'forum-topic',
['topic' => $topicInfo->id]
));
break;
}
$msz->forumCtx->topics->deleteTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_DELETE', [$topicInfo->id]);
Tools::redirect($msz->urls->format('forum-category', [
'forum' => $categoryInfo->id,
]));
break;
case 'restore':
if(!$canNukeOrRestore)
Template::throwError(403);
if(!isset($_GET['confirm'])) {
Template::render('forum.confirm', [
'title' => 'Confirm topic restore',
'class' => 'fas fa-magic',
'message' => sprintf('You are about to restore topic #%d. Are you sure about that?', $topicInfo->id),
'params' => [
't' => $topicInfo->id,
'm' => 'restore',
],
]);
break;
} elseif(!$submissionConfirmed) {
Tools::redirect($msz->urls->format('forum-topic', [
'topic' => $topicInfo->id,
]));
break;
}
$msz->forumCtx->topics->restoreTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_RESTORE', [$topicInfo->id]);
Tools::redirect($msz->urls->format('forum-category', [
'forum' => $categoryInfo->id,
]));
break;
case 'nuke':
if(!$canNukeOrRestore)
Template::throwError(403);
if(!isset($_GET['confirm'])) {
Template::render('forum.confirm', [
'title' => 'Confirm topic nuke',
'class' => 'fas fa-radiation',
'message' => sprintf('You are about to PERMANENTLY DELETE topic #%d. Are you sure about that?', $topicInfo->id),
'params' => [
't' => $topicInfo->id,
'm' => 'nuke',
],
]);
break;
} elseif(!$submissionConfirmed) {
Tools::redirect($msz->urls->format('forum-topic', [
'topic' => $topicInfo->id,
]));
break;
}
$msz->forumCtx->topics->nukeTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_NUKE', [$topicInfo->id]);
Tools::redirect($msz->urls->format('forum-category', [
'forum' => $categoryInfo->id,
]));
break;
case 'bump':
if($canBumpTopic) {
$msz->forumCtx->topics->bumpTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_BUMP', [$topicInfo->id]);
}
Tools::redirect($msz->urls->format('forum-topic', [
'topic' => $topicInfo->id,
]));
break;
case 'lock':
if($canLockTopic && !$topicIsLocked) {
$msz->forumCtx->topics->lockTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_LOCK', [$topicInfo->id]);
}
Tools::redirect($msz->urls->format('forum-topic', [
'topic' => $topicInfo->id,
]));
break;
case 'unlock':
if($canLockTopic && $topicIsLocked) {
$msz->forumCtx->topics->unlockTopic($topicInfo->id);
$msz->createAuditLog('FORUM_TOPIC_UNLOCK', [$topicInfo->id]);
}
Tools::redirect($msz->urls->format('forum-topic', [
'topic' => $topicInfo->id,
]));
break;
}
return;
}
$topicPosts = $topicInfo->postsCount;
if($canDeleteAny)
$topicPosts += $topicInfo->deletedPostsCount;
@ -331,6 +165,7 @@ Template::render('forum.topic', [
'can_reply' => $canReply,
'topic_pagination' => $topicPagination,
'topic_can_delete' => $canDelete,
'topic_can_delete_any' => $canDeleteAny,
'topic_can_nuke_or_restore' => $canNukeOrRestore,
'topic_can_bump' => $canBumpTopic,
'topic_can_lock' => $canLockTopic,