flashii/misuzu
flashii/misuzu
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Split the changelog manage section up into multiple files.

Browse source
This commit is contained in:
flash 2019-06-08 23:46:24 +02:00
parent 1badccaa05
commit 5bc6c0728b
37 changed files with 399 additions and 401 deletions

2
misuzu.php
View file

@ -485,7 +485,7 @@ MIG;
}
}
} elseif (!$onLoginPage && !($onPasswordPage && config_get_default(false, 'Private', 'password_reset'))) {
header(sprintf('Location: %s', url('auth-login')));
url_redirect('auth-login');
exit;
}
}

8
public/auth.php
View file

@ -11,19 +11,19 @@ switch ($mode) {
break;
case 'reset':
header('Location: ' . url('auth-reset'));
url_redirect('auth-reset');
break;
case 'forgot':
header('Location: ' . url('auth-forgot'));
url_redirect('auth-forgot');
break;
case 'login':
default:
header('Location: ' . url('auth-login'));
url_redirect('auth-login');
break;
case 'register':
header('Location: ' . url('auth-register'));
url_redirect('auth-register');
break;
}

4
public/auth/index.php
View file

@ -1,2 +1,4 @@
<?php
header('Location: /auth/login.php');
require_once '../../misuzu.php';
url_redirect('auth-login');

36
public/auth/login.php
View file

@ -1,12 +1,12 @@
<?php
require_once '../../misuzu.php';
if (user_session_active()) {
header(sprintf('Location: %s', url('index')));
if(user_session_active()) {
url_redirect('index');
return;
}
if (!empty($_GET['resolve_user']) && is_string($_GET['resolve_user'])) {
if(!empty($_GET['resolve_user']) && is_string($_GET['resolve_user'])) {
header('Content-Type: text/plain; charset=utf-8');
echo user_id_from_username($_GET['resolve_user']);
return;
@ -18,8 +18,8 @@ $loginPermission = $siteIsPrivate ? intval(config_get_default(0, 'Private', 'per
$ipAddress = ip_remote_address();
$remainingAttempts = user_login_attempts_remaining($ipAddress);
while (!empty($_POST['login']) && is_array($_POST['login'])) {
if (!csrf_verify('login', $_POST['csrf'] ?? '')) {
while(!empty($_POST['login']) && is_array($_POST['login'])) {
if(!csrf_verify('login', $_POST['csrf'] ?? '')) {
$notices[] = 'Was unable to verify the request, please try again!';
break;
}
@ -27,13 +27,13 @@ while (!empty($_POST['login']) && is_array($_POST['login'])) {
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
$loginRedirect = empty($_POST['login']['redirect']) || !is_string($_POST['login']['redirect']) ? '' : $_POST['login']['redirect'];
if (empty($_POST['login']['username']) || empty($_POST['login']['password'])
if(empty($_POST['login']['username']) || empty($_POST['login']['password'])
|| !is_string($_POST['login']['username']) || !is_string($_POST['login']['password'])) {
$notices[] = "You didn't fill in a username and/or password.";
break;
}
if ($remainingAttempts < 1) {
if($remainingAttempts < 1) {
$notices[] = "There are too many failed login attempts from your IP address, please try again later.";
break;
}
@ -46,44 +46,44 @@ while (!empty($_POST['login']) && is_array($_POST['login'])) {
);
$loginFailedError = "Invalid username or password, {$attemptsRemainingError}.";
if (empty($userData) || $userData['user_id'] < 1) {
if(empty($userData) || $userData['user_id'] < 1) {
user_login_attempt_record(false, null, $ipAddress, $userAgent);
$notices[] = $loginFailedError;
break;
}
if (empty($userData['password'])) {
if(empty($userData['password'])) {
$notices[] = 'Your password has been invalidated, please reset it.';
break;
}
if (!is_null($userData['user_deleted']) || !password_verify($_POST['login']['password'], $userData['password'])) {
if(!is_null($userData['user_deleted']) || !password_verify($_POST['login']['password'], $userData['password'])) {
user_login_attempt_record(false, $userData['user_id'], $ipAddress, $userAgent);
$notices[] = $loginFailedError;
break;
}
if (user_password_needs_rehash($userData['password'])) {
if(user_password_needs_rehash($userData['password'])) {
user_password_set($userData['user_id'], $_POST['login']['password']);
}
if ($loginPermission > 0 && !perms_check_user(MSZ_PERMS_GENERAL, $userData['user_id'], $loginPermission)) {
if($loginPermission > 0 && !perms_check_user(MSZ_PERMS_GENERAL, $userData['user_id'], $loginPermission)) {
$notices[] = "Login succeeded, but you're not allowed to browse the site right now.";
user_login_attempt_record(true, $userData['user_id'], $ipAddress, $userAgent);
break;
}
if ($userData['totp_enabled']) {
header(sprintf('Location: %s', url('auth-two-factor', [
if($userData['totp_enabled']) {
url_redirect('auth-two-factor', [
'token' => user_auth_tfa_token_create($userData['user_id']),
])));
]);
return;
}
user_login_attempt_record(true, $userData['user_id'], $ipAddress, $userAgent);
$sessionKey = user_session_create($userData['user_id'], $ipAddress, $userAgent);
if (empty($sessionKey)) {
if(empty($sessionKey)) {
$notices[] = "Something broke while creating a session for you, please tell an administrator or developer about this!";
break;
}
@ -94,11 +94,11 @@ while (!empty($_POST['login']) && is_array($_POST['login'])) {
$cookieValue = base64url_encode(user_session_cookie_pack($userData['user_id'], $sessionKey));
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', true, true);
if (!is_local_url($loginRedirect)) {
if(!is_local_url($loginRedirect)) {
$loginRedirect = url('index');
}
header("Location: {$loginRedirect}");
redirect($loginRedirect);
return;
}

4
public/auth/logout.php
View file

@ -2,14 +2,14 @@
require_once '../../misuzu.php';
if (!user_session_active()) {
header(sprintf('Location: %s', url('index')));
url_redirect('index');
return;
}
if (!empty($_GET['token']) && is_string($_GET['token']) && csrf_verify('logout', $_GET['token'])) {
setcookie('msz_auth', '', -9001, '/', '', true, true);
user_session_stop(true);
header(sprintf('Location: %s', url('index')));
url_redirect('index');
return;
}

8
public/auth/password.php
View file

@ -2,7 +2,7 @@
require_once '../../misuzu.php';
if (user_session_active()) {
header(sprintf('Location: %s', url('settings-account')));
url_redirect('settings-account');
return;
}
@ -14,7 +14,7 @@ $userId = !empty($reset['user']) ? (int)$reset['user'] : (
$username = $userId > 0 ? user_username_from_id($userId) : '';
if ($userId > 0 && empty($username)) {
header(sprintf('Location: %s', url('auth-forgot')));
url_redirect('auth-forgot');
return;
}
@ -64,7 +64,7 @@ while ($canResetPassword) {
user_recovery_token_invalidate($userId, $verificationCode);
header(sprintf('Location: %s', url('auth-login', ['redirect' => '/'])));
url_redirect('auth-login', ['redirect' => '/']);
return;
}
@ -121,7 +121,7 @@ MSG;
}
}
header(sprintf('Location: %s', url('auth-reset', ['user' => $forgotUser['user_id']])));
url_redirect('auth-reset', ['user' => $forgotUser['user_id']]);
return;
}

4
public/auth/register.php
View file

@ -2,7 +2,7 @@
require_once '../../misuzu.php';
if (user_session_active()) {
header(sprintf('Location: %s', url('index')));
url_redirect('index');
return;
}
@ -77,7 +77,7 @@ while (!$restricted && !empty($register)) {
}
user_role_add($createUser, MSZ_ROLE_MAIN);
header(sprintf('Location: %s', url('auth-login-welcome', ['username' => $register['username']])));
url_redirect('auth-login-welcome', ['username' => $register['username']]);
return;
}

6
public/auth/twofactor.php
View file

@ -2,7 +2,7 @@
require_once '../../misuzu.php';
if (user_session_active()) {
header(sprintf('Location: %s', url('index')));
url_redirect('index');
return;
}
@ -19,7 +19,7 @@ $tokenInfo = user_auth_tfa_token_info(
// checking user_totp_key specifically because there's a fringe chance that
// there's a token present, but totp is actually disabled
if (empty($tokenInfo['user_totp_key'])) {
header(sprintf('Location: %s', url('auth-login')));
url_redirect('auth-login');
return;
}
@ -74,7 +74,7 @@ while (!empty($twofactor)) {
$redirect = url('index');
}
header("Location: {$redirect}");
redirect($redirect);
return;
}

10
public/comments.php
View file

@ -74,7 +74,7 @@ switch ($commentMode) {
$commentPinned = comments_pin_status($commentInfo['comment_id'], $isPinning);
if (!$isXHR) {
header('Location: ' . $redirect . '#comment-' . $commentInfo['comment_id']);
redirect($redirect . '#comment-' . $commentInfo['comment_id']);
break;
}
@ -109,7 +109,7 @@ switch ($commentMode) {
);
if (!$isXHR) {
header('Location: ' . $redirect . '#comment-' . $commentInfo['comment_id']);
redirect($redirect . '#comment-' . $commentInfo['comment_id']);
break;
}
@ -162,7 +162,7 @@ switch ($commentMode) {
}
if ($redirect) {
header('Location: ' . $redirect);
redirect($redirect);
break;
}
@ -201,7 +201,7 @@ switch ($commentMode) {
]);
if ($redirect) {
header('Location: ' . $redirect . '#comment-' . $commentInfo['comment_id']);
redirect($redirect . '#comment-' . $commentInfo['comment_id']);
break;
}
@ -278,7 +278,7 @@ switch ($commentMode) {
}
if ($redirect) {
header('Location: ' . $redirect . '#comment-' . $commentId);
redirect($redirect . '#comment-' . $commentId);
break;
}

4
public/forum/forum.php
View file

@ -5,7 +5,7 @@ $forumId = !empty($_GET['f']) && is_string($_GET['f']) ? (int)$_GET['f'] : 0;
$forumId = max($forumId, 0);
if ($forumId === 0) {
header('Location: /forum/');
url_redirect('forum-index');
exit;
}
@ -32,7 +32,7 @@ tpl_var('forum_perms', $perms);
if ($forum['forum_type'] == MSZ_FORUM_TYPE_LINK) {
forum_increment_clicks($forum['forum_id']);
header('Location: ' . $forum['forum_link']);
redirect($forum['forum_link']);
return;
}

2
public/forum/index.php
View file

@ -12,7 +12,7 @@ switch ($indexMode) {
forum_mark_read($markEntireForum ? null : $forumId, user_session_current('user_id', 0));
}
header('Location: ' . url($markEntireForum ? 'forum-index' : 'forum-category', ['forum' => $forumId]));
url_redirect($markEntireForum ? 'forum-index' : 'forum-category', ['forum' => $forumId]);
break;
default:

2
public/forum/poll.php
View file

@ -93,4 +93,4 @@ foreach ($answers as $answerId) {
forum_poll_vote_cast($currentUserId, $poll['poll_id'], (int)$answerId);
}
header('Location: ' . url('forum-topic', ['topic' => $topicInfo['topic_id']]));
url_redirect('forum-topic', ['topic' => $topicInfo['topic_id']]);

22
public/forum/post.php
View file

@ -119,10 +119,10 @@ switch ($postMode) {
if (!$isXHR) {
if ($postRequestVerified && !$submissionConfirmed) {
header("Location: " . url('forum-post', [
url_redirect('forum-post', [
'post' => $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'],
]));
]);
break;
} elseif (!$postRequestVerified) {
echo tpl_render('forum.confirm', [
@ -158,7 +158,7 @@ switch ($postMode) {
break;
}
header("Location: " . url('forum-topic', ['topic' => $postInfo['topic_id']]));
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
break;
case 'nuke':
@ -169,10 +169,10 @@ switch ($postMode) {
if (!$isXHR) {
if ($postRequestVerified && !$submissionConfirmed) {
header("Location: " . url('forum-post', [
url_redirect('forum-post', [
'post' => $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'],
]));
]);
break;
} elseif (!$postRequestVerified) {
echo tpl_render('forum.confirm', [
@ -199,7 +199,7 @@ switch ($postMode) {
http_response_code(204);
if (!$isXHR) {
header("Location: " . url('forum-topic', ['topic' => $postInfo['topic_id']]));
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
}
break;
@ -211,10 +211,10 @@ switch ($postMode) {
if (!$isXHR) {
if ($postRequestVerified && !$submissionConfirmed) {
header("Location: " . url('forum-post', [
url_redirect('forum-post', [
'post' => $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'],
]));
]);
break;
} elseif (!$postRequestVerified) {
echo tpl_render('forum.confirm', [
@ -241,7 +241,7 @@ switch ($postMode) {
http_response_code(204);
if (!$isXHR) {
header("Location: " . url('forum-topic', ['topic' => $postInfo['topic_id']]));
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
}
break;
@ -271,8 +271,8 @@ switch ($postMode) {
break;
}
header('Location: ' . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $postFind['topic_id'],
'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1,
]));
]);
}

2
public/forum/posting.php
View file

@ -228,7 +228,7 @@ if (!empty($_POST)) {
'post' => $postId ?? 0,
'post_fragment' => 'p' . ($postId ?? 0),
]);
header("Location: {$redirect}");
redirect($redirect);
return;
}
}

2
public/forum/topic-priority.php
View file

@ -48,4 +48,4 @@ if (!forum_has_priority_voting($topic['forum_type'])) {
forum_topic_priority_increase($topicId, user_session_current('user_id', 0));
header('Location: ' . url('forum-topic', ['topic' => $topicId]));
url_redirect('forum-topic', ['topic' => $topicId]);

36
public/forum/topic.php
View file

@ -172,10 +172,10 @@ if (in_array($moderationMode, $validModerationModes, true)) {
]);
break;
} elseif (!$submissionConfirmed) {
header("Location: " . url(
url_redirect(
'forum-topic',
['topic' => $topic['topic_id']]
));
);
break;
}
}
@ -200,9 +200,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
break;
}
header('Location: ' . url('forum-category', [
url_redirect('forum-category', [
'forum' => $topic['forum_id'],
]));
]);
break;
case 'restore':
@ -224,9 +224,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
]);
break;
} elseif (!$submissionConfirmed) {
header("Location: " . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $topic['topic_id'],
]));
]);
break;
}
}
@ -242,9 +242,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
http_response_code(204);
if (!$isXHR) {
header('Location: ' . url('forum-category', [
url_redirect('forum-category', [
'forum' => $topic['forum_id'],
]));
]);
}
break;
@ -267,9 +267,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
]);
break;
} elseif (!$submissionConfirmed) {
header('Location: ' . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $topic['topic_id'],
]));
]);
break;
}
}
@ -285,9 +285,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
http_response_code(204);
if (!$isXHR) {
header('Location: ' . url('forum-category', [
url_redirect('forum-category', [
'forum' => $topic['forum_id'],
]));
]);
}
break;
@ -296,9 +296,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
audit_log(MSZ_AUDIT_FORUM_TOPIC_BUMP, $topicUserId, [$topic['topic_id']]);
}
header('Location: ' . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $topic['topic_id'],
]));
]);
break;
case 'lock':
@ -306,9 +306,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
audit_log(MSZ_AUDIT_FORUM_TOPIC_LOCK, $topicUserId, [$topic['topic_id']]);
}
header('Location: ' . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $topic['topic_id'],
]));
]);
break;
case 'unlock':
@ -316,9 +316,9 @@ if (in_array($moderationMode, $validModerationModes, true)) {
audit_log(MSZ_AUDIT_FORUM_TOPIC_UNLOCK, $topicUserId, [$topic['topic_id']]);
}
header('Location: ' . url('forum-topic', [
url_redirect('forum-topic', [
'topic' => $topic['topic_id'],
]));
]);
break;
}
return;

286
public/manage/changelog.php
View file

@ -1,286 +0,0 @@
<?php
require_once '../../misuzu.php';
$changelogPerms = perms_get_user(user_session_current('user_id', 0))[MSZ_PERMS_CHANGELOG];
switch ($_GET['v'] ?? null) {
default:
case 'changes':
if (!perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
$changesCount = (int)db_query('
SELECT COUNT(`change_id`)
FROM `msz_changelog_changes`
')->fetchColumn();
$changelogPagination = pagination_create($changesCount, 30);
$changelogOffset = pagination_offset($changelogPagination, pagination_param());
if (!pagination_is_valid_offset($changelogOffset)) {
echo render_error(404);
break;
}
$getChanges = db_prepare('
SELECT
c.`change_id`, c.`change_log`, c.`change_created`, c.`change_action`,
u.`user_id`, u.`username`,
COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`,
DATE(`change_created`) AS `change_date`,
!ISNULL(c.`change_text`) AS `change_has_text`
FROM `msz_changelog_changes` AS c
LEFT JOIN `msz_users` AS u
ON u.`user_id` = c.`user_id`
LEFT JOIN `msz_roles` AS r
ON r.`role_id` = u.`display_role`
ORDER BY c.`change_id` DESC
LIMIT :offset, :take
');
$getChanges->bindValue('take', $changelogPagination['range']);
$getChanges->bindValue('offset', $changelogOffset);
$changes = db_fetch_all($getChanges);
$getTags = db_prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`
FROM `msz_changelog_change_tags` as ct
LEFT JOIN `msz_changelog_tags` as t
ON t.`tag_id` = ct.`tag_id`
WHERE ct.`change_id` = :change_id
');
// grab tags
for ($i = 0; $i < count($changes); $i++) {
$getTags->bindValue('change_id', $changes[$i]['change_id']);
$changes[$i]['tags'] = db_fetch_all($getTags);
}
echo tpl_render('manage.changelog.changes', [
'changelog_changes' => $changes,
'changelog_changes_count' => $changesCount,
'changelog_pagination' => $changelogPagination,
]);
break;
case 'change':
if (!perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
$changeId = (int)($_GET['c'] ?? 0);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_add', $_POST['csrf'] ?? '')) {
if (!empty($_POST['change']) && is_array($_POST['change'])) {
if ($changeId > 0) {
$postChange = db_prepare('
UPDATE `msz_changelog_changes`
SET `change_log` = :log,
`change_text` = :text,
`change_action` = :action,
`user_id` = :user,
`change_created` = :created
WHERE `change_id` = :change_id
');
$postChange->bindValue('change_id', $changeId);
} else {
$postChange = db_prepare('
INSERT INTO `msz_changelog_changes`
(
`change_log`, `change_text`, `change_action`,
`user_id`, `change_created`
)
VALUES
(:log, :text, :action, :user, :created)
');
}
$postChange->bindValue('log', $_POST['change']['log']);
$postChange->bindValue('action', $_POST['change']['action']);
$postChange->bindValue('text', strlen($_POST['change']['text'])
? $_POST['change']['text']
: null);
$postChange->bindValue('user', is_numeric($_POST['change']['user'])
? $_POST['change']['user']
: null);
$postChange->bindValue('created', strlen($_POST['change']['created'])
? $_POST['change']['created']
: null);
$postChange->execute();
if ($changeId < 1) {
$changeId = db_last_insert_id();
audit_log(MSZ_AUDIT_CHANGELOG_ENTRY_CREATE, user_session_current('user_id', 0), [$changeId]);
} else {
audit_log(MSZ_AUDIT_CHANGELOG_ENTRY_EDIT, user_session_current('user_id', 0), [$changeId]);
}
}
if(!empty($_POST['tags']) && is_array($_POST['tags']) && array_test($_POST['tags'], 'ctype_digit')) {
$setTags = array_apply($_POST['tags'], 'intval');
$removeTags = db_prepare(sprintf('
DELETE FROM `msz_changelog_change_tags`
WHERE `change_id` = :change_id
AND `tag_id` NOT IN (%s)
', implode(',', $setTags)));
$removeTags->bindValue('change_id', $changeId);
$removeTags->execute();
$addTag = db_prepare('
INSERT IGNORE INTO `msz_changelog_change_tags`
(`change_id`, `tag_id`)
VALUES
(:change_id, :tag_id)
');
$addTag->bindValue('change_id', $changeId);
foreach ($setTags as $role) {
$addTag->bindValue('tag_id', $role);
$addTag->execute();
}
}
}
$actions = [
['action_id' => MSZ_CHANGELOG_ACTION_ADD, 'action_name' => 'Added'],
['action_id' => MSZ_CHANGELOG_ACTION_REMOVE, 'action_name' => 'Removed'],
['action_id' => MSZ_CHANGELOG_ACTION_UPDATE, 'action_name' => 'Updated'],
['action_id' => MSZ_CHANGELOG_ACTION_FIX, 'action_name' => 'Fixed'],
['action_id' => MSZ_CHANGELOG_ACTION_IMPORT, 'action_name' => 'Imported'],
['action_id' => MSZ_CHANGELOG_ACTION_REVERT, 'action_name' => 'Reverted'],
];
tpl_var('changelog_actions', $actions);
if ($changeId > 0) {
$getChange = db_prepare('
SELECT
`change_id`, `change_log`, `change_text`, `user_id`,
`change_action`, `change_created`
FROM `msz_changelog_changes`
WHERE `change_id` = :change_id
');
$getChange->bindValue('change_id', $changeId);
$change = db_fetch($getChange);
if(!$change) {
header('Location: ?v=changes');
return;
}
}
$getChangeTags = db_prepare('
SELECT
ct.`tag_id`, ct.`tag_name`,
(
SELECT COUNT(`change_id`) > 0
FROM `msz_changelog_change_tags`
WHERE `tag_id` = ct.`tag_id`
AND `change_id` = :change_id
) AS `has_tag`
FROM `msz_changelog_tags` AS ct
');
$getChangeTags->bindValue('change_id', $change['change_id'] ?? 0);
$changeTags = db_fetch_all($getChangeTags);
echo tpl_render('manage.changelog.change_edit', [
'edit_change' => $change ?? null,
'edit_change_tags' => $changeTags,
]);
break;
case 'tags':
$canManageTags = perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_TAGS);
if (!$canManageTags) {
echo render_error(403);
break;
}
if ($canManageTags) {
$getTags = db_prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`, t.`tag_created`,
(
SELECT COUNT(ct.`change_id`)
FROM `msz_changelog_change_tags` as ct
WHERE ct.`tag_id` = t.`tag_id`
) as `tag_count`
FROM `msz_changelog_tags` as t
ORDER BY t.`tag_id` ASC
');
tpl_var('changelog_tags', db_fetch_all($getTags));
}
echo tpl_render('manage.changelog.tags');
break;
case 'tag':
if (!perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
echo render_error(403);
break;
}
$tagId = (int)($_GET['t'] ?? 0);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_tag', $_POST['csrf'] ?? '')) {
if (!empty($_POST['tag']) && is_array($_POST['tag'])) {
if ($tagId > 0) {
$updateTag = db_prepare('
UPDATE `msz_changelog_tags`
SET `tag_name` = :name,
`tag_description` = :description,
`tag_archived` = :archived
WHERE `tag_id` = :id
');
$updateTag->bindValue('id', $tagId);
} else {
$updateTag = db_prepare('
INSERT INTO `msz_changelog_tags`
(`tag_name`, `tag_description`, `tag_archived`)
VALUES
(:name, :description, :archived)
');
}
$updateTag->bindValue('name', $_POST['tag']['name']);
$updateTag->bindValue('description', $_POST['tag']['description']);
// this is fine, after being archived there shouldn't be any other changes being made
$updateTag->bindValue('archived', empty($_POST['tag']['archived']) ? null : date('Y-m-d H:i:s'));
$updateTag->execute();
if ($tagId < 1) {
$tagId = db_last_insert_id();
audit_log(MSZ_AUDIT_CHANGELOG_TAG_EDIT, user_session_current('user_id', 0), [$tagId]);
header('Location: ?v=tag&t=' . $tagId);
return;
} else {
audit_log(MSZ_AUDIT_CHANGELOG_TAG_CREATE, user_session_current('user_id', 0), [$tagId]);
}
}
}
if ($tagId > 0) {
$getTag = db_prepare('
SELECT `tag_id`, `tag_name`, `tag_description`, `tag_archived`, `tag_created`
FROM `msz_changelog_tags`
WHERE `tag_id` = :tag_id
');
$getTag->bindValue('tag_id', $tagId);
$tag = db_fetch($getTag);
if ($tag) {
tpl_var('edit_tag', $tag);
} else {
header('Location: ?v=tags');
return;
}
}
echo tpl_render('manage.changelog.tag_edit');
break;
}

127
public/manage/changelog/change.php Normal file
View file

@ -0,0 +1,127 @@
<?php
require_once '../../../misuzu.php';
if(!perms_check_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id'), MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
echo render_error(403);
return;
}
$changeId = (int)($_GET['c'] ?? 0);
if($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_add', $_POST['csrf'] ?? '')) {
if(!empty($_POST['change']) && is_array($_POST['change'])) {
if($changeId > 0) {
$postChange = db_prepare('
UPDATE `msz_changelog_changes`
SET `change_log` = :log,
`change_text` = :text,
`change_action` = :action,
`user_id` = :user,
`change_created` = :created
WHERE `change_id` = :change_id
');
$postChange->bindValue('change_id', $changeId);
} else {
$postChange = db_prepare('
INSERT INTO `msz_changelog_changes`
(
`change_log`, `change_text`, `change_action`,
`user_id`, `change_created`
)
VALUES
(:log, :text, :action, :user, :created)
');
}
$postChange->bindValue('log', $_POST['change']['log']);
$postChange->bindValue('action', $_POST['change']['action']);
$postChange->bindValue('text', strlen($_POST['change']['text'])
? $_POST['change']['text']
: null);
$postChange->bindValue('user', is_numeric($_POST['change']['user'])
? $_POST['change']['user']
: null);
$postChange->bindValue('created', strlen($_POST['change']['created'])
? $_POST['change']['created']
: null);
$postChange->execute();
if($changeId < 1) {
$changeId = db_last_insert_id();
audit_log(MSZ_AUDIT_CHANGELOG_ENTRY_CREATE, user_session_current('user_id', 0), [$changeId]);
} else {
audit_log(MSZ_AUDIT_CHANGELOG_ENTRY_EDIT, user_session_current('user_id', 0), [$changeId]);
}
}
if(!empty($_POST['tags']) && is_array($_POST['tags']) && array_test($_POST['tags'], 'ctype_digit')) {
$setTags = array_apply($_POST['tags'], 'intval');
$removeTags = db_prepare(sprintf('
DELETE FROM `msz_changelog_change_tags`
WHERE `change_id` = :change_id
AND `tag_id` NOT IN (%s)
', implode(',', $setTags)));
$removeTags->bindValue('change_id', $changeId);
$removeTags->execute();
$addTag = db_prepare('
INSERT IGNORE INTO `msz_changelog_change_tags`
(`change_id`, `tag_id`)
VALUES
(:change_id, :tag_id)
');
$addTag->bindValue('change_id', $changeId);
foreach ($setTags as $role) {
$addTag->bindValue('tag_id', $role);
$addTag->execute();
}
}
}
$actions = [
['action_id' => MSZ_CHANGELOG_ACTION_ADD, 'action_name' => 'Added'],
['action_id' => MSZ_CHANGELOG_ACTION_REMOVE, 'action_name' => 'Removed'],
['action_id' => MSZ_CHANGELOG_ACTION_UPDATE, 'action_name' => 'Updated'],
['action_id' => MSZ_CHANGELOG_ACTION_FIX, 'action_name' => 'Fixed'],
['action_id' => MSZ_CHANGELOG_ACTION_IMPORT, 'action_name' => 'Imported'],
['action_id' => MSZ_CHANGELOG_ACTION_REVERT, 'action_name' => 'Reverted'],
];
if($changeId > 0) {
$getChange = db_prepare('
SELECT
`change_id`, `change_log`, `change_text`, `user_id`,
`change_action`, `change_created`
FROM `msz_changelog_changes`
WHERE `change_id` = :change_id
');
$getChange->bindValue('change_id', $changeId);
$change = db_fetch($getChange);
if(!$change) {
url_redirect('manage-changelog-changes');
return;
}
}
$getChangeTags = db_prepare('
SELECT
ct.`tag_id`, ct.`tag_name`,
(
SELECT COUNT(`change_id`) > 0
FROM `msz_changelog_change_tags`
WHERE `tag_id` = ct.`tag_id`
AND `change_id` = :change_id
) AS `has_tag`
FROM `msz_changelog_tags` AS ct
');
$getChangeTags->bindValue('change_id', $change['change_id'] ?? 0);
$changeTags = db_fetch_all($getChangeTags);
echo tpl_render('manage.changelog.change', [
'change' => $change ?? null,
'change_tags' => $changeTags,
'change_actions' => $actions,
]);

60
public/manage/changelog/index.php Normal file
View file

@ -0,0 +1,60 @@
<?php
require_once '../../../misuzu.php';
if(!perms_check_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id'), MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
echo render_error(403);
return;
}
$changesCount = (int)db_query('
SELECT COUNT(`change_id`)
FROM `msz_changelog_changes`
')->fetchColumn();
$changelogPagination = pagination_create($changesCount, 30);
$changelogOffset = pagination_offset($changelogPagination, pagination_param());
if(!pagination_is_valid_offset($changelogOffset)) {
echo render_error(404);
return;
}
$getChanges = db_prepare('
SELECT
c.`change_id`, c.`change_log`, c.`change_created`, c.`change_action`,
u.`user_id`, u.`username`,
COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`,
DATE(`change_created`) AS `change_date`,
!ISNULL(c.`change_text`) AS `change_has_text`
FROM `msz_changelog_changes` AS c
LEFT JOIN `msz_users` AS u
ON u.`user_id` = c.`user_id`
LEFT JOIN `msz_roles` AS r
ON r.`role_id` = u.`display_role`
ORDER BY c.`change_id` DESC
LIMIT :offset, :take
');
$getChanges->bindValue('take', $changelogPagination['range']);
$getChanges->bindValue('offset', $changelogOffset);
$changes = db_fetch_all($getChanges);
$getTags = db_prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`
FROM `msz_changelog_change_tags` as ct
LEFT JOIN `msz_changelog_tags` as t
ON t.`tag_id` = ct.`tag_id`
WHERE ct.`change_id` = :change_id
');
// grab tags
for($i = 0; $i < count($changes); $i++) {
$getTags->bindValue('change_id', $changes[$i]['change_id']);
$changes[$i]['tags'] = db_fetch_all($getTags);
}
echo tpl_render('manage.changelog.changes', [
'changelog_changes' => $changes,
'changelog_changes_count' => $changesCount,
'changelog_pagination' => $changelogPagination,
]);

62
public/manage/changelog/tag.php Normal file
View file

@ -0,0 +1,62 @@
<?php
require_once '../../../misuzu.php';
if(!perms_check_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id'), MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
echo render_error(403);
return;
}
$tagId = (int)($_GET['t'] ?? 0);
if(!empty($_POST['tag']) && is_array($_POST['tag']) && csrf_verify('changelog_tag', $_POST['csrf'] ?? '')) {
if ($tagId > 0) {
$updateTag = db_prepare('
UPDATE `msz_changelog_tags`
SET `tag_name` = :name,
`tag_description` = :description,
`tag_archived` = :archived
WHERE `tag_id` = :id
');
$updateTag->bindValue('id', $tagId);
} else {
$updateTag = db_prepare('
INSERT INTO `msz_changelog_tags`
(`tag_name`, `tag_description`, `tag_archived`)
VALUES
(:name, :description, :archived)
');
}
$updateTag->bindValue('name', $_POST['tag']['name']);
$updateTag->bindValue('description', $_POST['tag']['description']);
$updateTag->bindValue('archived', empty($_POST['tag']['archived']) ? null : date('Y-m-d H:i:s'));
$updateTag->execute();
if ($tagId < 1) {
$tagId = db_last_insert_id();
audit_log(MSZ_AUDIT_CHANGELOG_TAG_EDIT, user_session_current('user_id', 0), [$tagId]);
url_redirect('manage-changelog-tag', ['tag' => $tagId]);
return;
} else {
audit_log(MSZ_AUDIT_CHANGELOG_TAG_CREATE, user_session_current('user_id', 0), [$tagId]);
}
}
if ($tagId > 0) {
$getTag = db_prepare('
SELECT `tag_id`, `tag_name`, `tag_description`, `tag_archived`, `tag_created`
FROM `msz_changelog_tags`
WHERE `tag_id` = :tag_id
');
$getTag->bindValue('tag_id', $tagId);
$tag = db_fetch($getTag);
if ($tag) {
tpl_var('edit_tag', $tag);
} else {
url_redirect('manage-changelog-tags');
return;
}
}
echo tpl_render('manage.changelog.tag');

23
public/manage/changelog/tags.php Normal file
View file

@ -0,0 +1,23 @@
<?php
require_once '../../../misuzu.php';
if(!perms_check_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id'), MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
echo render_error(403);
return;
}
$getTags = db_prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`, t.`tag_created`,
(
SELECT COUNT(ct.`change_id`)
FROM `msz_changelog_change_tags` as ct
WHERE ct.`tag_id` = t.`tag_id`
) as `tag_count`
FROM `msz_changelog_tags` as t
ORDER BY t.`tag_id` ASC
');
echo tpl_render('manage.changelog.tags', [
'changelog_tags' => db_fetch_all($getTags),
]);

2
public/manage/index.php
View file

@ -1,4 +1,4 @@
<?php
require_once '../../misuzu.php';
header('Location: ' . url('manage-general-overview'));
url_redirect('manage-general-overview');

2
public/news.php
View file

@ -26,4 +26,4 @@ if ($categoryId > 0) {
$location = url('news-category', ['category' => $categoryId, 'page' => pagination_param('page')]);
}
header("Location: {$location}");
redirect($location);

2
public/proxy.php
View file

@ -34,7 +34,7 @@ if (empty($parsedUrl['scheme'])
}
if (!config_get_default(false, 'Proxy', 'enabled')) {
header('Location: ' . $proxyUrlDecoded);
redirect($proxyUrlDecoded);
return;
}

2
public/relations.php
View file

@ -57,7 +57,7 @@ if (($relationType === MSZ_USER_RELATION_NONE || $relationType === MSZ_USER_RELA
}
if (!$isXHR) {
header('Location: ' . $redirect);
redirect($redirect);
return;
}

2
public/settings.php
View file

@ -1,4 +1,4 @@
<?php
require_once '../misuzu.php';
header('Location: ' . url('settings-index'));
url_redirect('settings-index');

2
public/settings/index.php
View file

@ -8,4 +8,4 @@ if (!user_session_active()) {
// do something with this page
header('Location: ' . url('settings-account'));
url_redirect('settings-account');

2
public/settings/sessions.php
View file

@ -37,7 +37,7 @@ if(!empty($_POST['session']) && csrf_verify('user_session', $_POST['csrf'] ?? ''
}
if($currentSessionKilled) {
header(sprintf('Location: %s', url('index')));
url_redirect('index');
return;
}
}

6
src/manage.php
View file

@ -55,15 +55,15 @@ function manage_get_menu(int $userId): array
}
if(perms_check($perms[MSZ_PERMS_FORUM], 0)) {
$menu['Forum']['Settings'] = '/manage/forum.php?v=settings';
$menu['Forum']['Settings'] = url('manage-forum-settings');
}
if(perms_check($perms[MSZ_PERMS_CHANGELOG], MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
$menu['Changelog']['Changes'] = '/manage/changelog.php?v=changes';
$menu['Changelog']['Changes'] = url('manage-changelog-changes');
}
if(perms_check($perms[MSZ_PERMS_CHANGELOG], MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
$menu['Changelog']['Tags'] = '/manage/changelog.php?v=tags';
$menu['Changelog']['Tags'] = url('manage-changelog-tags');
}
return $menu;

19
src/url.php
View file

@ -93,6 +93,7 @@ define('MSZ_URLS', [
'comment-unpin' => ['/comments.php', ['c' => '<comment>', 'csrf' => '{comments}', 'm' => 'unpin']],
'manage-index' => ['/manage'],
'manage-general-overview' => ['/manage/general/index.php'],
'manage-general-logs' => ['/manage/general/logs.php'],
'manage-general-emoticons' => ['/manage/general/emoticons.php'],
@ -102,10 +103,10 @@ define('MSZ_URLS', [
'manage-forum-categories' => ['/manage/forum/index.php'],
'manage-forum-category' => ['/manage/forum/category.php', ['f' => '<forum>']],
'manage-changelog-tag-create' => ['/manage/changelog.php', ['v' => 'tag']],
'manage-changelog-tag-edit' => ['/manage/changelog.php', ['v' => 'tag', 't' => '<tag>']],
'manage-changelog-change-create' => ['/manage/changelog.php', ['v' => 'change']],
'manage-changelog-change-edit' => ['/manage/changelog.php', ['v' => 'change', 'c' => '<change>']],
'manage-changelog-changes' => ['/manage/changelog/index.php'],
'manage-changelog-change' => ['/manage/changelog/change.php', ['c' => '<change>']],
'manage-changelog-tags' => ['/manage/changelog/tags.php'],
'manage-changelog-tag' => ['/manage/changelog/tag.php', ['t' => '<tag>']],
'manage-news-category-create' => ['/manage/news.php', ['v' => 'category']],
'manage-news-category-edit' => ['/manage/news.php', ['v' => 'category', 'c' => '<category>']],
@ -165,6 +166,16 @@ function url(string $name, array $variables = []): string
return $url;
}
function redirect(string $url): void
{
header(sprintf('Location: %s', $url));
}
function url_redirect(string $name, array $variables = []): void
{
redirect(url($name, $variables));
}
function url_variable(string $value, array $variables): string
{
if (starts_with($value, '<') && ends_with($value, '>')) {

2
templates/changelog/change.twig
View file

@ -4,7 +4,7 @@
{% set title = 'Changelog » Change #' ~ change.change_id %}
{% set canonical_url = url('changelog-change', {'change': change.change_id}) %}
{% set manage_link = '/manage/changelog.php?v=change&c=' ~ change.change_id %}
{% set manage_link = url('manage-changelog-change', {'change': change.change_id}) %}
{% set description = change.change_log %}
{% if change.change_action == constant('MSZ_CHANGELOG_ACTION_ADD') %}

4
templates/changelog/macros.twig
View file

@ -23,7 +23,7 @@
{% endmacro %}
{% macro changelog_entry(change, is_small, is_manage) %}
{% set change_url = url(is_manage ? 'manage-changelog-change-edit' : 'changelog-change', {'change': change.change_id}) %}
{% set change_url = url(is_manage ? 'manage-changelog-change' : 'changelog-change', {'change': change.change_id}) %}
{% set has_text = change.change_has_text|default(false)
or (change.change_text is defined and change.change_text|length > 0)
%}
@ -87,7 +87,7 @@
{% if is_manage %}
<div class="changelog__entry__tags">
{% for tag in change.tags %}
<a href="{{ url(is_manage ? 'manage-changelog-tag-edit' : 'changelog-tag', {'tag': tag.tag_id}) }}" class="changelog__entry__tag">
<a href="{{ url(is_manage ? 'manage-changelog-tag' : 'changelog-tag', {'tag': tag.tag_id}) }}" class="changelog__entry__tag">
{{ tag.tag_name }}
</a>
{% endfor %}

2
templates/changelog/master.twig
View file

@ -1,5 +1,5 @@
{% extends 'master.twig' %}
{% if manage_link is not defined %}
{% set manage_link = '/manage/changelog.php' %}
{% set manage_link = url('manage-changelog-changes') %}
{% endif %}

27
templates/manage/changelog/change_edit.twig → templates/manage/changelog/change.twig
View file

@ -2,52 +2,45 @@
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_csrf, input_text, input_select, input_checkbox %}
{% if edit_change is not null %}
{% set site_link = url('changelog-change', {'change': edit_change.change_id}) %}
{% if change is not null %}
{% set site_link = url('changelog-change', {'change': change.change_id}) %}
{% endif %}
{% block manage_content %}
<div class="container">
<form action="?v=change{{ edit_change is not null ? '&c=' ~ edit_change.change_id : '' }}" method="post">
<form action="{{ url('manage-changelog-change', {'change': change.change_id|default(0)}) }}" method="post">
{{ input_csrf('changelog_add') }}
{{ container_title(edit_change is not null ? 'Editing #' ~ edit_change.change_id : 'Adding a new change') }}
{{ container_title(change is not null ? 'Editing #' ~ change.change_id : 'Adding a new change') }}
<div style="display: flex; margin: 2px 5px;">
{{ input_select('change[action]', changelog_actions, edit_change.change_action|default(0), 'action_name', 'action_id') }}
{{ input_text('change[log]', '', edit_change is not null ? edit_change.change_log : '', 'text', '', true, {'maxlength':255,'style':'flex-grow:1'}) }}
{{ input_select('change[action]', change_actions, change.change_action|default(0), 'action_name', 'action_id') }}
{{ input_text('change[log]', '', change is not null ? change.change_log : '', 'text', '', true, {'maxlength':255,'style':'flex-grow:1'}) }}
</div>
<label class="form__label">
<div class="form__label__text">Text</div>
<div class="form__label__input">
<textarea class="input__textarea" name="change[text]" maxlength="65535">{{ edit_change is not null ? edit_change.change_text : '' }}</textarea>
</div>
</label>
<label class="form__label">
<div class="form__label__text">Action</div>
<div class="form__label__input">
<textarea class="input__textarea" name="change[text]" maxlength="65535">{{ change is not null ? change.change_text : '' }}</textarea>
</div>
</label>
<label class="form__label">
<div class="form__label__text">Contributor Id</div>
<div class="form__label__input">
{{ input_text('change[user]', '', edit_change.user_id|default(current_user.user_id), 'number', '', false, {'min':1}) }}
{{ input_text('change[user]', '', change.user_id|default(current_user.user_id), 'number', '', false, {'min':1}) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Created</div>
<div class="form__label__input">
{{ input_text('change[created]', '', (edit_change is not null ? edit_change.change_created : ''|date('Y-m-d H:i:s')), 'text', '', true) }}
{{ input_text('change[created]', '', (change is not null ? change.change_created : ''|date('Y-m-d H:i:s')), 'text', '', true) }}
</div>
</label>
<div class="manage__tags">
{% for tag in edit_change_tags %}
{% for tag in change_tags %}
<label class="manage__tag">
<div class="manage__tag__background"></div>
<div class="manage__tag__content">

10
templates/manage/changelog/changes.twig
View file

@ -3,16 +3,22 @@
{% from 'changelog/macros.twig' import changelog_listing %}
{% block manage_content %}
<a href="{{ url('manage-changelog-change-create') }}" class="input__button">Create new change</a>
{% set changelog_pagination = pagination(changelog_pagination, url('manage-changelog-changes')) %}
<div class="container">
{{ container_title('Changelog') }}
<div class="changelog__content">
<div class="changelog__pagination">
<a href="{{ url('manage-changelog-change') }}" class="input__button">Create new change</a>
{{ changelog_pagination }}
</div>
{{ changelog_listing(changelog_changes, false, false, true) }}
<div class="changelog__pagination">
{{ pagination(changelog_pagination, '/manage/changelog.php', null, {'v': 'changes'}) }}
{{ changelog_pagination }}
</div>
</div>
</div>

2
templates/manage/changelog/tag_edit.twig → templates/manage/changelog/tag.twig
View file

@ -4,7 +4,7 @@
{% block manage_content %}
<div class="container">
<form action="?v=tag{{ edit_tag is defined ? '&t=' ~ edit_tag.tag_id : '' }}" method="post">
<form action="{{ url('manage-changelog-tag', {'tag': edit_tag.tag_id|default(0)}) }}" method="post">
{{ input_csrf('changelog_tag') }}
{{ container_title(edit_tag is defined ? 'Editing ' ~ edit_tag.tag_name ~ ' (' ~ edit_tag.tag_id ~ ')' : 'Adding a new tag') }}

4
templates/manage/changelog/tags.twig
View file

@ -7,11 +7,11 @@
<div class="container changelog-actions-tags__panel changelog-actions-tags__panel--tags">
{{ container_title('Tags') }}
<a href="{{ url('manage-changelog-tag-create') }}" class="input__button">Create new tag</a>
<a href="{{ url('manage-changelog-tag') }}" class="input__button">Create new tag</a>
<div class="changelog-actions-tags__list">
{% for tag in changelog_tags %}
<a href="{{ url('manage-changelog-tag-edit', {'tag': tag.tag_id}) }}" class="changelog-actions-tags__entry">
<a href="{{ url('manage-changelog-tag', {'tag': tag.tag_id}) }}" class="changelog-actions-tags__entry">
<div class="listing__entry__content changelog-tags__content">
<div class="changelog-tags__text">
{{ tag.tag_name }} ({{ tag.tag_count }})