Moved render_info and render_error into Template class.
This commit is contained in:
parent
45500ce698
commit
c14195c4c3
45 changed files with 330 additions and 582 deletions
|
|
@ -22,7 +22,6 @@ Environment::setDebug(MSZ_DEBUG);
|
|||
mb_internal_encoding('utf-8');
|
||||
date_default_timezone_set('utc');
|
||||
|
||||
require_once MSZ_ROOT . '/utility.php';
|
||||
require_once MSZ_SOURCE . '/url.php';
|
||||
|
||||
$dbConfig = parse_ini_file(MSZ_CONFIG . '/config.ini', true, INI_SCANNER_TYPED);
|
||||
|
|
|
|||
|
|
@ -5,25 +5,17 @@ use RuntimeException;
|
|||
|
||||
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? url('index');
|
||||
|
||||
if(!is_local_url($redirect)) {
|
||||
echo render_info('Possible request forgery detected.', 403);
|
||||
return;
|
||||
}
|
||||
if(!is_local_url($redirect))
|
||||
Template::displayInfo('Possible request forgery detected.', 403);
|
||||
|
||||
if(!CSRF::validateRequest()) {
|
||||
echo render_info("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||
return;
|
||||
}
|
||||
if(!CSRF::validateRequest())
|
||||
Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_info('You must be logged in to manage comments.', 403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::displayInfo('You must be logged in to manage comments.', 403);
|
||||
|
||||
if($msz->hasActiveBan()) {
|
||||
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||
return;
|
||||
}
|
||||
if($msz->hasActiveBan())
|
||||
Template::displayInfo('You have been banned, check your profile for more information.', 403);
|
||||
|
||||
$currentUserInfo = $msz->getActiveUser();
|
||||
|
||||
|
|
@ -38,50 +30,37 @@ if(!empty($commentId)) {
|
|||
try {
|
||||
$commentInfo = $comments->getPost($commentId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_info('Post not found.', 404);
|
||||
return;
|
||||
Template::displayInfo('Post not found.', 404);
|
||||
}
|
||||
|
||||
$categoryInfo = $comments->getCategory(postInfo: $commentInfo);
|
||||
}
|
||||
|
||||
if($commentMode !== 'create' && empty($commentInfo)) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
}
|
||||
if($commentMode !== 'create' && empty($commentInfo))
|
||||
Template::throwError(400);
|
||||
|
||||
switch($commentMode) {
|
||||
case 'pin':
|
||||
case 'unpin':
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to pin comments.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo))
|
||||
Template::displayInfo("You're not allowed to pin comments.", 403);
|
||||
|
||||
if($commentInfo->isDeleted()) {
|
||||
echo render_info("This comment doesn't exist!", 400);
|
||||
break;
|
||||
}
|
||||
if($commentInfo->isDeleted())
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentInfo->isReply()) {
|
||||
echo render_info("You can't pin replies!", 400);
|
||||
break;
|
||||
}
|
||||
if($commentInfo->isReply())
|
||||
Template::displayInfo("You can't pin replies!", 400);
|
||||
|
||||
$isPinning = $commentMode === 'pin';
|
||||
|
||||
if($isPinning) {
|
||||
if($commentInfo->isPinned()) {
|
||||
echo render_info('This comment is already pinned.', 400);
|
||||
break;
|
||||
}
|
||||
if($commentInfo->isPinned())
|
||||
Template::displayInfo('This comment is already pinned.', 400);
|
||||
|
||||
$comments->pinPost($commentInfo);
|
||||
} else {
|
||||
if(!$commentInfo->isPinned()) {
|
||||
echo render_info("This comment isn't pinned yet.", 400);
|
||||
break;
|
||||
}
|
||||
if(!$commentInfo->isPinned())
|
||||
Template::displayInfo("This comment isn't pinned yet.", 400);
|
||||
|
||||
$comments->unpinPost($commentInfo);
|
||||
}
|
||||
|
|
@ -90,15 +69,11 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'vote':
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to vote on comments.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo))
|
||||
Template::displayInfo("You're not allowed to vote on comments.", 403);
|
||||
|
||||
if($commentInfo->isDeleted()) {
|
||||
echo render_info("This comment doesn't exist!", 400);
|
||||
break;
|
||||
}
|
||||
if($commentInfo->isDeleted())
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentVote > 0)
|
||||
$comments->addPostPositiveVote($commentInfo, $currentUserInfo);
|
||||
|
|
@ -112,27 +87,21 @@ switch($commentMode) {
|
|||
|
||||
case 'delete':
|
||||
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to delete comments.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo))
|
||||
Template::displayInfo("You're not allowed to delete comments.", 403);
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
|
||||
if($commentInfo->isDeleted()) {
|
||||
echo render_info(
|
||||
if($commentInfo->isDeleted())
|
||||
Template::displayInfo(
|
||||
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
400
|
||||
);
|
||||
break;
|
||||
}
|
||||
|
||||
$isOwnComment = $commentInfo->getUserId() === $currentUserInfo->getId();
|
||||
$isModAction = $canDeleteAny && !$isOwnComment;
|
||||
|
||||
if(!$isModAction && !$isOwnComment) {
|
||||
echo render_info("You're not allowed to delete comments made by others.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$isModAction && !$isOwnComment)
|
||||
Template::displayInfo("You're not allowed to delete comments made by others.", 403);
|
||||
|
||||
$comments->deletePost($commentInfo);
|
||||
|
||||
|
|
@ -150,15 +119,11 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'restore':
|
||||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) {
|
||||
echo render_info("You're not allowed to restore deleted comments.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
|
||||
Template::displayInfo("You're not allowed to restore deleted comments.", 403);
|
||||
|
||||
if(!$commentInfo->isDeleted()) {
|
||||
echo render_info("This comment isn't in a deleted state.", 400);
|
||||
break;
|
||||
}
|
||||
if(!$commentInfo->isDeleted())
|
||||
Template::displayInfo("This comment isn't in a deleted state.", 400);
|
||||
|
||||
$comments->restorePost($commentInfo);
|
||||
|
||||
|
|
@ -172,15 +137,11 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'create':
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to post comments.", 403);
|
||||
break;
|
||||
}
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo))
|
||||
Template::displayInfo("You're not allowed to post comments.", 403);
|
||||
|
||||
if(empty($_POST['comment']) || !is_array($_POST['comment'])) {
|
||||
echo render_info('Missing data.', 400);
|
||||
break;
|
||||
}
|
||||
if(empty($_POST['comment']) || !is_array($_POST['comment']))
|
||||
Template::displayInfo('Missing data.', 400);
|
||||
|
||||
try {
|
||||
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
|
||||
|
|
@ -188,15 +149,12 @@ switch($commentMode) {
|
|||
: 0;
|
||||
$categoryInfo = $comments->getCategory(categoryId: $categoryId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_info('This comment category doesn\'t exist.', 404);
|
||||
break;
|
||||
Template::displayInfo('This comment category doesn\'t exist.', 404);
|
||||
}
|
||||
|
||||
$canLock = $perms->check(Perm::G_COMMENTS_LOCK);
|
||||
if($categoryInfo->isLocked() && !$canLock) {
|
||||
echo render_info('This comment category has been locked.', 403);
|
||||
break;
|
||||
}
|
||||
if($categoryInfo->isLocked() && !$canLock)
|
||||
Template::displayInfo('This comment category has been locked.', 403);
|
||||
|
||||
$commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : '';
|
||||
$commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0);
|
||||
|
|
@ -214,27 +172,23 @@ switch($commentMode) {
|
|||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||
} else {
|
||||
if($canLock) {
|
||||
echo render_info('The action has been processed.', 400);
|
||||
Template::displayInfo('The action has been processed.', 400);
|
||||
} else {
|
||||
echo render_info('Your comment is too short.', 400);
|
||||
Template::displayInfo('Your comment is too short.', 400);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if(mb_strlen($commentText) > 5000) {
|
||||
echo render_info('Your comment is too long.', 400);
|
||||
break;
|
||||
}
|
||||
if(mb_strlen($commentText) > 5000)
|
||||
Template::displayInfo('Your comment is too long.', 400);
|
||||
|
||||
if($commentReply > 0) {
|
||||
try {
|
||||
$parentInfo = $comments->getPost($commentReply);
|
||||
} catch(RuntimeException $ex) {}
|
||||
|
||||
if(!isset($parentInfo) || $parentInfo->isDeleted()) {
|
||||
echo render_info('The comment you tried to reply to does not exist.', 404);
|
||||
break;
|
||||
}
|
||||
if(!isset($parentInfo) || $parentInfo->isDeleted())
|
||||
Template::displayInfo('The comment you tried to reply to does not exist.', 404);
|
||||
}
|
||||
|
||||
$commentInfo = $comments->createPost(
|
||||
|
|
@ -249,5 +203,5 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
default:
|
||||
echo render_info('Not found.', 404);
|
||||
Template::displayInfo('Not found.', 404);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ namespace Misuzu;
|
|||
|
||||
use stdClass;
|
||||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
$forum = $msz->getForum();
|
||||
$users = $msz->getUsers();
|
||||
|
|
@ -13,8 +12,7 @@ $categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
|||
try {
|
||||
$categoryInfo = $forum->getCategory(categoryId: $categoryId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
|
||||
|
|
@ -22,10 +20,8 @@ $perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
|
|||
$currentUser = $msz->getActiveUser();
|
||||
$currentUserId = $currentUser === null ? '0' : $currentUser->getId();
|
||||
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
if($msz->hasActiveBan())
|
||||
$perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW));
|
||||
|
|
@ -34,8 +30,10 @@ if($categoryInfo->isLink()) {
|
|||
if($categoryInfo->hasLinkTarget()) {
|
||||
$forum->incrementCategoryClicks($categoryInfo);
|
||||
redirect($categoryInfo->getLinkTarget());
|
||||
} else render_error(404);
|
||||
return;
|
||||
return;
|
||||
}
|
||||
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$forumPagination = new Pagination($forum->countTopics(
|
||||
|
|
@ -44,10 +42,8 @@ $forumPagination = new Pagination($forum->countTopics(
|
|||
deleted: $perms->check(Perm::F_POST_DELETE_ANY) ? null : false
|
||||
), 20);
|
||||
|
||||
if(!$forumPagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$forumPagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$userInfos = [];
|
||||
$userColours = [];
|
||||
|
|
|
|||
|
|
@ -12,10 +12,8 @@ $currentUser = $msz->getActiveUser();
|
|||
$currentUserId = $currentUser === null ? '0' : $currentUser->getId();
|
||||
|
||||
if($mode === 'mark') {
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(403);
|
||||
|
||||
$categoryId = filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
|
|
@ -45,10 +43,8 @@ if($mode === 'mark') {
|
|||
return;
|
||||
}
|
||||
|
||||
if($mode !== '') {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($mode !== '')
|
||||
Template::throwError(404);
|
||||
|
||||
$userInfos = [];
|
||||
$userColours = [];
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
$forum = $msz->getForum();
|
||||
$users = $msz->getUsers();
|
||||
|
|
@ -26,23 +24,17 @@ $currentMonth = (int)date('m');
|
|||
|
||||
if(!empty($yearMonth)) {
|
||||
$yearMonthLength = strlen($yearMonth);
|
||||
if(($yearMonthLength !== 4 && $yearMonthLength !== 6) || !ctype_digit($yearMonth)) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(($yearMonthLength !== 4 && $yearMonthLength !== 6) || !ctype_digit($yearMonth))
|
||||
Template::throwError(404);
|
||||
|
||||
$year = (int)substr($yearMonth, 0, 4);
|
||||
if($year < $config['forum_leader.first_year'] || $year > $currentYear) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($year < $config['forum_leader.first_year'] || $year > $currentYear)
|
||||
Template::throwError(404);
|
||||
|
||||
if($yearMonthLength === 6) {
|
||||
$month = (int)substr($yearMonth, 4, 2);
|
||||
if($month < 1 || $month > 12 || ($year === $config['forum_leader.first_year'] && $month < $config['forum_leader.first_month'])) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($month < 1 || $month > 12 || ($year === $config['forum_leader.first_year'] && $month < $config['forum_leader.first_month']))
|
||||
Template::throwError(404);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,71 +11,52 @@ $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) &
|
|||
|
||||
$postRequestVerified = CSRF::validateRequest();
|
||||
|
||||
if(!empty($postMode) && !$msz->isLoggedIn()) {
|
||||
echo render_info('You must be logged in to manage posts.', 401);
|
||||
return;
|
||||
}
|
||||
if(!empty($postMode) && !$msz->isLoggedIn())
|
||||
Template::displayInfo('You must be logged in to manage posts.', 401);
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
$currentUserId = $currentUser === null ? '0' : $currentUser->getId();
|
||||
|
||||
if($postMode !== '' && $msz->hasActiveBan()) {
|
||||
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||
return;
|
||||
}
|
||||
if($postMode !== '' && $msz->hasActiveBan())
|
||||
Template::displayInfo('You have been banned, check your profile for more information.', 403);
|
||||
|
||||
try {
|
||||
$postInfo = $forum->getPost(postId: $postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
|
||||
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
|
||||
|
||||
switch($postMode) {
|
||||
case 'delete':
|
||||
if($canDeleteAny) {
|
||||
if($postInfo->isDeleted()) {
|
||||
echo render_info('This post has already been marked as deleted.', 404);
|
||||
return;
|
||||
}
|
||||
if($postInfo->isDeleted())
|
||||
Template::displayInfo('This post has already been marked as deleted.', 404);
|
||||
} else {
|
||||
if($postInfo->isDeleted()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($postInfo->isDeleted())
|
||||
Template::throwError(404);
|
||||
|
||||
if(!$perms->check(Perm::F_POST_DELETE_OWN)) {
|
||||
echo render_info('You are not allowed to delete posts.', 403);
|
||||
return;
|
||||
}
|
||||
if(!$perms->check(Perm::F_POST_DELETE_OWN))
|
||||
Template::displayInfo('You are not allowed to delete posts.', 403);
|
||||
|
||||
if($postInfo->getUserId() !== $currentUser->getId()) {
|
||||
echo render_info('You can only delete your own posts.', 403);
|
||||
return;
|
||||
}
|
||||
if($postInfo->getUserId() !== $currentUser->getId())
|
||||
Template::displayInfo('You can only delete your own posts.', 403);
|
||||
|
||||
// posts may only be deleted within a week of creation, this should be a config value
|
||||
$deleteTimeFrame = 60 * 60 * 24 * 7;
|
||||
if($postInfo->getCreatedTime() < time() - $deleteTimeFrame) {
|
||||
echo render_info('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
return;
|
||||
}
|
||||
if($postInfo->getCreatedTime() < time() - $deleteTimeFrame)
|
||||
Template::displayInfo('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
}
|
||||
|
||||
$originalPostInfo = $forum->getPost(topicInfo: $postInfo->getTopicId());
|
||||
if($originalPostInfo->getId() === $postInfo->getId()) {
|
||||
echo render_info('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403);
|
||||
return;
|
||||
}
|
||||
if($originalPostInfo->getId() === $postInfo->getId())
|
||||
Template::displayInfo('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403);
|
||||
|
||||
if($postRequestVerified && !$submissionConfirmed) {
|
||||
url_redirect('forum-post', [
|
||||
|
|
@ -103,10 +84,8 @@ switch($postMode) {
|
|||
break;
|
||||
|
||||
case 'nuke':
|
||||
if(!$canDeleteAny) {
|
||||
echo render_error(403);
|
||||
break;
|
||||
}
|
||||
if(!$canDeleteAny)
|
||||
Template::throwError(403);
|
||||
|
||||
if($postRequestVerified && !$submissionConfirmed) {
|
||||
url_redirect('forum-post', [
|
||||
|
|
@ -134,10 +113,8 @@ switch($postMode) {
|
|||
break;
|
||||
|
||||
case 'restore':
|
||||
if(!$canDeleteAny) {
|
||||
echo render_error(403);
|
||||
break;
|
||||
}
|
||||
if(!$canDeleteAny)
|
||||
Template::throwError(403);
|
||||
|
||||
if($postRequestVerified && !$submissionConfirmed) {
|
||||
url_redirect('forum-post', [
|
||||
|
|
|
|||
|
|
@ -7,17 +7,13 @@ use Index\DateTime;
|
|||
use Misuzu\Forum\ForumTopicInfo;
|
||||
use Misuzu\Parsers\Parser;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(401);
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
$currentUserId = $currentUser->getId();
|
||||
if($msz->hasActiveBan()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if($msz->hasActiveBan())
|
||||
Template::throwError(403);
|
||||
|
||||
$forum = $msz->getForum();
|
||||
$users = $msz->getUsers();
|
||||
|
|
@ -42,10 +38,8 @@ if(!empty($_POST)) {
|
|||
$forumId = !empty($_GET['f']) && is_string($_GET['f']) ? (int)$_GET['f'] : 0;
|
||||
}
|
||||
|
||||
if(!in_array($mode, $forumPostingModes, true)) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
}
|
||||
if(!in_array($mode, $forumPostingModes, true))
|
||||
Template::throwError(400);
|
||||
|
||||
if($mode === 'preview') {
|
||||
header('Content-Type: text/plain; charset=utf-8');
|
||||
|
|
@ -63,10 +57,8 @@ if($mode === 'preview') {
|
|||
return;
|
||||
}
|
||||
|
||||
if(empty($postId) && empty($topicId) && empty($forumId)) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(empty($postId) && empty($topicId) && empty($forumId))
|
||||
Template::throwError(404);
|
||||
|
||||
if(empty($postId)) {
|
||||
$hasPostInfo = false;
|
||||
|
|
@ -74,14 +66,11 @@ if(empty($postId)) {
|
|||
try {
|
||||
$postInfo = $forum->getPost(postId: $postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($postInfo->isDeleted()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($postInfo->isDeleted())
|
||||
Template::throwError(404);
|
||||
|
||||
// should automatic cross-quoting be a thing? if so, check if $topicId is < 1 first <-- what did i mean by this?
|
||||
$topicId = $postInfo->getTopicId();
|
||||
|
|
@ -94,14 +83,11 @@ if(empty($topicId)) {
|
|||
try {
|
||||
$topicInfo = $forum->getTopic(topicId: $topicId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($topicInfo->isDeleted()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($topicInfo->isDeleted())
|
||||
Template::throwError(404);
|
||||
|
||||
$forumId = $topicInfo->getCategoryId();
|
||||
$originalPostInfo = $forum->getPost(topicInfo: $topicInfo);
|
||||
|
|
@ -114,8 +100,7 @@ if(empty($forumId)) {
|
|||
try {
|
||||
$categoryInfo = $forum->getCategory(categoryId: $forumId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$hasCategoryInfo = true;
|
||||
|
|
@ -127,15 +112,11 @@ if($categoryInfo->isArchived()
|
|||
|| (isset($topicInfo) && $topicInfo->isLocked() && !$perms->check(Perm::F_TOPIC_LOCK))
|
||||
|| !$perms->check(Perm::F_CATEGORY_VIEW)
|
||||
|| !$perms->check(Perm::F_POST_CREATE)
|
||||
|| (!isset($topicInfo) && !$perms->check(Perm::F_TOPIC_CREATE))) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|| (!isset($topicInfo) && !$perms->check(Perm::F_TOPIC_CREATE)))
|
||||
Template::throwError(403);
|
||||
|
||||
if(!$categoryInfo->mayHaveTopics()) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
}
|
||||
if(!$categoryInfo->mayHaveTopics())
|
||||
Template::throwError(400);
|
||||
|
||||
$topicTypes = [];
|
||||
|
||||
|
|
@ -151,10 +132,8 @@ if($mode === 'create' || $mode === 'edit') {
|
|||
}
|
||||
|
||||
// edit mode stuff
|
||||
if($mode === 'edit' && !$perms->check($postInfo->getUserId() === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if($mode === 'edit' && !$perms->check($postInfo->getUserId() === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
|
||||
Template::throwError(403);
|
||||
|
||||
$notices = [];
|
||||
|
||||
|
|
|
|||
|
|
@ -20,18 +20,15 @@ if($topicId < 1 && $postId > 0) {
|
|||
try {
|
||||
$postInfo = $forum->getPost(postId: $postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$categoryId = $postInfo->getCategoryId();
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
|
||||
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
|
||||
|
||||
if($postInfo->isDeleted() && !$canDeleteAny) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($postInfo->isDeleted() && !$canDeleteAny)
|
||||
Template::throwError(404);
|
||||
|
||||
$topicId = $postInfo->getTopicId();
|
||||
$preceedingPostCount = $forum->countPosts(
|
||||
|
|
@ -68,17 +65,15 @@ if(($topicIsNuked || $topicIsDeleted) && $forum->hasTopicRedirect($topicId)) {
|
|||
|
||||
if($topicIsNuked || !$canDeleteAny) {
|
||||
if(empty($topicRedirectInfo))
|
||||
echo render_error(404);
|
||||
else
|
||||
header('Location: ' . $topicRedirectInfo->getLinkTarget());
|
||||
Template::throwError(404);
|
||||
|
||||
header('Location: ' . $topicRedirectInfo->getLinkTarget());
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
// Maximum amount of posts a topic may contain to still be deletable by the author
|
||||
// this should be in the config
|
||||
|
|
@ -108,57 +103,39 @@ $validModerationModes = [
|
|||
];
|
||||
|
||||
if(in_array($moderationMode, $validModerationModes, true)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
echo render_info("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||
return;
|
||||
}
|
||||
if(!CSRF::validateRequest())
|
||||
Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_info('You must be logged in to manage posts.', 401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::displayInfo('You must be logged in to manage posts.', 401);
|
||||
|
||||
if($msz->hasActiveBan()) {
|
||||
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||
return;
|
||||
}
|
||||
if($msz->hasActiveBan())
|
||||
Template::displayInfo('You have been banned, check your profile for more information.', 403);
|
||||
|
||||
switch($moderationMode) {
|
||||
case 'delete':
|
||||
if($canDeleteAny) {
|
||||
if($topicInfo->isDeleted()) {
|
||||
echo render_info('This topic has already been marked as deleted.', 404);
|
||||
return;
|
||||
}
|
||||
if($topicInfo->isDeleted())
|
||||
Template::displayInfo('This topic has already been marked as deleted.', 404);
|
||||
} else {
|
||||
if($topicInfo->isDeleted()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($topicInfo->isDeleted())
|
||||
Template::throwError(404);
|
||||
|
||||
if(!$canDeleteOwn) {
|
||||
echo render_info("You aren't allowed to delete topics.", 403);
|
||||
return;
|
||||
}
|
||||
if(!$canDeleteOwn)
|
||||
Template::displayInfo("You aren't allowed to delete topics.", 403);
|
||||
|
||||
if($topicInfo->getUserId() !== $currentUser->getId()) {
|
||||
echo render_info('You can only delete your own topics.', 403);
|
||||
return;
|
||||
}
|
||||
if($topicInfo->getUserId() !== $currentUser->getId())
|
||||
Template::displayInfo('You can only delete your own topics.', 403);
|
||||
|
||||
// topics may only be deleted within a day of creation, this should be a config value
|
||||
$deleteTimeFrame = 60 * 60 * 24;
|
||||
if($topicInfo->getCreatedTime() < time() - $deleteTimeFrame) {
|
||||
echo render_info('This topic has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
return;
|
||||
}
|
||||
if($topicInfo->getCreatedTime() < time() - $deleteTimeFrame)
|
||||
Template::displayInfo('This topic has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
|
||||
// deleted posts are intentionally included
|
||||
$topicPostCount = $forum->countPosts(topicInfo: $topicInfo);
|
||||
if($topicPostCount > $deletePostThreshold) {
|
||||
echo render_info('This topic already has replies, you may no longer delete it. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
return;
|
||||
}
|
||||
if($topicPostCount > $deletePostThreshold)
|
||||
Template::displayInfo('This topic already has replies, you may no longer delete it. Ask a moderator to remove if it absolutely necessary.', 403);
|
||||
}
|
||||
|
||||
if(!isset($_GET['confirm'])) {
|
||||
|
|
@ -189,10 +166,8 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
|||
break;
|
||||
|
||||
case 'restore':
|
||||
if(!$canNukeOrRestore) {
|
||||
echo render_error(403);
|
||||
break;
|
||||
}
|
||||
if(!$canNukeOrRestore)
|
||||
Template::throwError(403);
|
||||
|
||||
if(!isset($_GET['confirm'])) {
|
||||
Template::render('forum.confirm', [
|
||||
|
|
@ -221,10 +196,8 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
|||
break;
|
||||
|
||||
case 'nuke':
|
||||
if(!$canNukeOrRestore) {
|
||||
echo render_error(403);
|
||||
break;
|
||||
}
|
||||
if(!$canNukeOrRestore)
|
||||
Template::throwError(403);
|
||||
|
||||
if(!isset($_GET['confirm'])) {
|
||||
Template::render('forum.confirm', [
|
||||
|
|
@ -297,10 +270,8 @@ $topicPagination = new Pagination($topicPosts, 10, 'page');
|
|||
if(isset($preceedingPostCount))
|
||||
$topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true);
|
||||
|
||||
if(!$topicPagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$topicPagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$postInfos = $forum->getPosts(
|
||||
topicInfo: $topicInfo,
|
||||
|
|
@ -308,10 +279,8 @@ $postInfos = $forum->getPosts(
|
|||
pagination: $topicPagination,
|
||||
);
|
||||
|
||||
if(empty($postInfos)) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(empty($postInfos))
|
||||
Template::throwError(404);
|
||||
|
||||
$originalPostInfo = $forum->getPost(topicInfo: $topicInfo);
|
||||
|
||||
|
|
|
|||
|
|
@ -7,10 +7,8 @@ use Index\DateTime;
|
|||
use Index\XArray;
|
||||
use Misuzu\Changelog\Changelog;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$changeActions = [];
|
||||
foreach(Changelog::ACTIONS as $action)
|
||||
|
|
@ -30,16 +28,16 @@ else
|
|||
$changeInfo = $changelog->getChange($changeId);
|
||||
$changeTagIds = XArray::select($changelog->getTags(changeInfo: $changeInfo), fn($tagInfo) => $tagInfo->getId());
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(CSRF::validateRequest()) {
|
||||
$changelog->deleteChange($changeInfo);
|
||||
$msz->createAuditLog('CHANGELOG_ENTRY_DELETE', [$changeInfo->getId()]);
|
||||
url_redirect('manage-changelog-changes');
|
||||
} else render_error(403);
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$changelog->deleteChange($changeInfo);
|
||||
$msz->createAuditLog('CHANGELOG_ENTRY_DELETE', [$changeInfo->getId()]);
|
||||
url_redirect('manage-changelog-changes');
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,18 +3,14 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$changelog = $msz->getChangelog();
|
||||
$changelogPagination = new Pagination($changelog->countChanges(), 30);
|
||||
|
||||
if(!$changelogPagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$changelogPagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$changeInfos = $changelog->getChanges(pagination: $changelogPagination);
|
||||
$changes = [];
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$changelog = $msz->getChangelog();
|
||||
$tagId = (string)filter_input(INPUT_GET, 't', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
@ -19,16 +17,16 @@ else
|
|||
$isNew = false;
|
||||
$tagInfo = $loadTagInfo();
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(CSRF::validateRequest()) {
|
||||
$changelog->deleteTag($tagInfo);
|
||||
$msz->createAuditLog('CHANGELOG_TAG_DELETE', [$tagInfo->getId()]);
|
||||
url_redirect('manage-changelog-tags');
|
||||
} else render_error(403);
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$changelog->deleteTag($tagInfo);
|
||||
$msz->createAuditLog('CHANGELOG_TAG_DELETE', [$tagInfo->getId()]);
|
||||
url_redirect('manage-changelog-tags');
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
Template::render('manage.changelog.tags', [
|
||||
'changelog_tags' => $msz->getChangelog()->getTags(),
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$perms = $msz->getPerms();
|
||||
$permsInfos = $perms->getPermissionInfo(categoryNames: Perm::INFO_FOR_FORUM_CATEGORY);
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$forum = $msz->getForum();
|
||||
|
||||
|
|
@ -33,10 +31,8 @@ if(filter_input(INPUT_GET, 'm') === 'explode') {
|
|||
}
|
||||
|
||||
$pagination = new Pagination($forum->countTopicRedirects(), 20);
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$redirs = $forum->getTopicRedirects(pagination: $pagination);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,10 +4,8 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$emotes = $msz->getEmotes();
|
||||
$emoteId = (string)filter_input(INPUT_GET, 'e', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
@ -20,8 +18,7 @@ else
|
|||
$emoteInfo = $emotes->getEmote($emoteId);
|
||||
$emoteStrings = $emotes->getEmoteStrings($emoteInfo);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
// make errors not echos lol
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$emotes = $msz->getEmotes();
|
||||
|
||||
|
|
@ -16,8 +14,7 @@ if(CSRF::validateRequest() && !empty($_GET['emote'])) {
|
|||
try {
|
||||
$emoteInfo = $emotes->getEmote($emoteId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if(!empty($_GET['delete'])) {
|
||||
|
|
|
|||
|
|
@ -3,19 +3,15 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_LOGS_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_LOGS_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$auditLog = $msz->getAuditLog();
|
||||
$pagination = new Pagination($auditLog->countLogs(), 50);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$logs = $auditLog->getLogs(pagination: $pagination);
|
||||
$userInfos = [];
|
||||
|
|
|
|||
|
|
@ -3,17 +3,13 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Config\CfgTools;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$valueName = (string)filter_input(INPUT_GET, 'name');
|
||||
$valueInfo = $cfg->getValueInfo($valueName);
|
||||
if($valueInfo === null) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if($valueInfo === null)
|
||||
Template::throwError(404);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$valueName = $valueInfo->getName();
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Config\DbConfig;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$isNew = true;
|
||||
$sName = (string)filter_input(INPUT_GET, 'name');
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$hidden = $cfg->getArray('settings.hidden');
|
||||
$vars = $cfg->getAllValueInfos();
|
||||
|
|
|
|||
|
|
@ -1,18 +1,14 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$news = $msz->getNews();
|
||||
$pagination = new Pagination($news->countCategories(), 15);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$categories = $news->getCategories(pagination: $pagination);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$news = $msz->getNews();
|
||||
$categoryId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
@ -19,16 +17,16 @@ else
|
|||
$isNew = false;
|
||||
$categoryInfo = $loadCategoryInfo();
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(CSRF::validateRequest()) {
|
||||
$news->deleteCategory($categoryInfo);
|
||||
$msz->createAuditLog('NEWS_CATEGORY_DELETE', [$categoryInfo->getId()]);
|
||||
url_redirect('manage-news-categories');
|
||||
} else render_error(403);
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$news->deleteCategory($categoryInfo);
|
||||
$msz->createAuditLog('NEWS_CATEGORY_DELETE', [$categoryInfo->getId()]);
|
||||
url_redirect('manage-news-categories');
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$news = $msz->getNews();
|
||||
$postId = (string)filter_input(INPUT_GET, 'p', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
@ -19,16 +17,16 @@ else
|
|||
$isNew = false;
|
||||
$postInfo = $loadPostInfo();
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(CSRF::validateRequest()) {
|
||||
$news->deletePost($postInfo);
|
||||
$msz->createAuditLog('NEWS_POST_DELETE', [$postInfo->getId()]);
|
||||
url_redirect('manage-news-posts');
|
||||
} else render_error(403);
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$news->deletePost($postInfo);
|
||||
$msz->createAuditLog('NEWS_POST_DELETE', [$postInfo->getId()]);
|
||||
url_redirect('manage-news-posts');
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$news = $msz->getNews();
|
||||
$pagination = new Pagination($news->countPosts(
|
||||
|
|
@ -12,10 +10,8 @@ $pagination = new Pagination($news->countPosts(
|
|||
includeDeleted: true
|
||||
), 15);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$posts = $news->getAllPosts(
|
||||
includeScheduled: true,
|
||||
|
|
|
|||
|
|
@ -5,26 +5,24 @@ use DateTimeInterface;
|
|||
use RuntimeException;
|
||||
use Index\DateTime;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$bans = $msz->getBans();
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if(CSRF::validateRequest()) {
|
||||
try {
|
||||
$banInfo = $bans->getBan((string)filter_input(INPUT_GET, 'b'));
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$bans->deleteBans($banInfo);
|
||||
$msz->createAuditLog('BAN_DELETE', [$banInfo->getId(), $banInfo->getUserId()]);
|
||||
url_redirect('manage-users-bans', ['user' => $banInfo->getUserId()]);
|
||||
} else render_error(403);
|
||||
try {
|
||||
$banInfo = $bans->getBan((string)filter_input(INPUT_GET, 'b'));
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$bans->deleteBans($banInfo);
|
||||
$msz->createAuditLog('BAN_DELETE', [$banInfo->getId(), $banInfo->getUserId()]);
|
||||
url_redirect('manage-users-bans', ['user' => $banInfo->getUserId()]);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -33,8 +31,7 @@ $users = $msz->getUsers();
|
|||
try {
|
||||
$userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$modInfo = $msz->getActiveUser();
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
|
||||
|
|
@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
$userInfos[$filterUserId] = $filterUser;
|
||||
$userColours[$filterUserId] = $users->getUserColour($filterUser);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
}
|
||||
|
||||
$bans = $msz->getBans();
|
||||
$pagination = new Pagination($bans->countBans(userInfo: $filterUser), 10);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$banList = [];
|
||||
$banInfos = $bans->getBans(userInfo: $filterUser, activeFirst: true, pagination: $pagination);
|
||||
|
|
|
|||
|
|
@ -1,19 +1,15 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$roles = $msz->getRoles();
|
||||
$pagination = new Pagination($users->countUsers(), 30);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$userList = [];
|
||||
$userInfos = $users->getUsers(pagination: $pagination, orderBy: 'id');
|
||||
|
|
|
|||
|
|
@ -3,18 +3,14 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$hasNoteId = filter_has_var(INPUT_GET, 'n');
|
||||
$hasUserId = filter_has_var(INPUT_GET, 'u');
|
||||
|
||||
if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId)) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
}
|
||||
if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId))
|
||||
Template::throwError(400);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$modNotes = $msz->getModNotes();
|
||||
|
|
@ -25,8 +21,7 @@ if($hasUserId) {
|
|||
try {
|
||||
$userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$authorInfo = $msz->getActiveUser();
|
||||
|
|
@ -36,16 +31,16 @@ if($hasUserId) {
|
|||
try {
|
||||
$noteInfo = $modNotes->getNote((string)filter_input(INPUT_GET, 'n', FILTER_SANITIZE_NUMBER_INT));
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if(CSRF::validateRequest()) {
|
||||
$modNotes->deleteNotes($noteInfo);
|
||||
$msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->getId(), $noteInfo->getUserId()]);
|
||||
url_redirect('manage-users-notes', ['user' => $noteInfo->getUserId()]);
|
||||
} else render_error(403);
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$modNotes->deleteNotes($noteInfo);
|
||||
$msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->getId(), $noteInfo->getUserId()]);
|
||||
url_redirect('manage-users-notes', ['user' => $noteInfo->getUserId()]);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
|
||||
|
|
@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
$userInfos[$filterUserId] = $filterUser;
|
||||
$userColours[$filterUserId] = $users->getUserColour($filterUser);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
}
|
||||
|
||||
$modNotes = $msz->getModNotes();
|
||||
$pagination = new Pagination($modNotes->countNotes(userInfo: $filterUser), 10);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$notes = [];
|
||||
$noteInfos = $modNotes->getNotes(userInfo: $filterUser, pagination: $pagination);
|
||||
|
|
|
|||
|
|
@ -7,10 +7,8 @@ use Index\Colour\ColourRGB;
|
|||
use Misuzu\Perm;
|
||||
|
||||
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
|
||||
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$roles = $msz->getRoles();
|
||||
|
|
@ -23,8 +21,7 @@ if(filter_has_var(INPUT_GET, 'r')) {
|
|||
$isNew = false;
|
||||
$roleInfo = $roles->getRole($roleId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
} else $isNew = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,14 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_ROLES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$roles = $msz->getRoles();
|
||||
$pagination = new Pagination($roles->countRoles(), 10);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$rolesAll = [];
|
||||
$roleInfos = $roles->getRoles(pagination: $pagination);
|
||||
|
|
|
|||
|
|
@ -8,10 +8,8 @@ use Misuzu\Auth\AuthTokenCookie;
|
|||
use Misuzu\Users\User;
|
||||
|
||||
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$roles = $msz->getRoles();
|
||||
|
|
@ -28,10 +26,8 @@ $canImpersonate = $viewerPerms->check(Perm::U_CAN_IMPERSONATE);
|
|||
$canSendTestMail = $currentUser->isSuperUser();
|
||||
$hasAccess = $canManageUsers || $canManageNotes || $canManageWarnings || $canManageBans;
|
||||
|
||||
if(!$hasAccess) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$hasAccess)
|
||||
Template::throwError(403);
|
||||
|
||||
$notices = [];
|
||||
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
@ -39,8 +35,7 @@ $userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
|||
try {
|
||||
$userInfo = $users->getUser($userId, 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$currentUserRank = $users->getUserRank($currentUser);
|
||||
|
|
|
|||
|
|
@ -3,26 +3,24 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$warns = $msz->getWarnings();
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if(CSRF::validateRequest()) {
|
||||
try {
|
||||
$warnInfo = $warns->getWarning((string)filter_input(INPUT_GET, 'w'));
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
$warns->deleteWarnings($warnInfo);
|
||||
$msz->createAuditLog('WARN_DELETE', [$warnInfo->getId(), $warnInfo->getUserId()]);
|
||||
url_redirect('manage-users-warnings', ['user' => $warnInfo->getUserId()]);
|
||||
} else render_error(403);
|
||||
try {
|
||||
$warnInfo = $warns->getWarning((string)filter_input(INPUT_GET, 'w'));
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$warns->deleteWarnings($warnInfo);
|
||||
$msz->createAuditLog('WARN_DELETE', [$warnInfo->getId(), $warnInfo->getUserId()]);
|
||||
url_redirect('manage-users-warnings', ['user' => $warnInfo->getUserId()]);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -31,8 +29,7 @@ $users = $msz->getUsers();
|
|||
try {
|
||||
$userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
$modInfo = $msz->getActiveUser();
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$users = $msz->getUsers();
|
||||
|
||||
|
|
@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
$userInfos[$filterUserId] = $filterUser;
|
||||
$userColours[$filterUserId] = $users->getUserColour($filterUser);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
}
|
||||
|
||||
$warns = $msz->getWarnings();
|
||||
$pagination = new Pagination($warns->countWarnings(userInfo: $filterUser), 10);
|
||||
|
||||
if(!$pagination->hasValidOffset()) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
}
|
||||
if(!$pagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
||||
$warnList = [];
|
||||
$warnInfos = $warns->getWarnings(userInfo: $filterUser, pagination: $pagination);
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(403);
|
||||
|
||||
// TODO: restore forum-topics and forum-posts orderings
|
||||
|
||||
|
|
@ -53,8 +51,7 @@ $orderFields = [
|
|||
if(empty($orderBy)) {
|
||||
$orderBy = $defaultOrder;
|
||||
} elseif(!array_key_exists($orderBy, $orderFields)) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
Template::throwError(400);
|
||||
}
|
||||
|
||||
if(array_key_exists('alt', $orderFields[$orderBy]))
|
||||
|
|
@ -63,8 +60,7 @@ if(array_key_exists('alt', $orderFields[$orderBy]))
|
|||
if(empty($orderDir)) {
|
||||
$orderDir = 'asc';
|
||||
} elseif(!array_key_exists($orderDir, $orderDirs)) {
|
||||
echo render_error(400);
|
||||
return;
|
||||
Template::throwError(400);
|
||||
}
|
||||
|
||||
if($roleId === null) {
|
||||
|
|
@ -73,8 +69,7 @@ if($roleId === null) {
|
|||
try {
|
||||
$roleInfo = $roles->getRole($roleId);
|
||||
} catch(RuntimeException $ex) {
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ if($userInfo->isDeleted()) {
|
|||
|
||||
switch($profileMode) {
|
||||
default:
|
||||
echo render_error(404);
|
||||
return;
|
||||
Template::throwError(404);
|
||||
|
||||
case 'forum-topics':
|
||||
url_redirect('search-query', ['query' => sprintf('type:forum:topic author:%s', $userInfo->getName()), 'section' => 'topics']);
|
||||
|
|
@ -80,10 +79,8 @@ $avatarInfo = new UserAvatarAsset($userInfo);
|
|||
$backgroundInfo = new UserBackgroundAsset($userInfo);
|
||||
|
||||
if($isEditing) {
|
||||
if(!$canEdit) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$canEdit)
|
||||
Template::throwError(403);
|
||||
|
||||
$perms = $viewerPerms->checkMany([
|
||||
'edit_profile' => Perm::U_PROFILE_EDIT,
|
||||
|
|
|
|||
|
|
@ -6,10 +6,8 @@ use RuntimeException;
|
|||
use Index\XArray;
|
||||
use Misuzu\Comments\CommentsCategory;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(403);
|
||||
|
||||
$searchQuery = !empty($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : '';
|
||||
|
||||
|
|
|
|||
|
|
@ -6,10 +6,8 @@ use Misuzu\Users\User;
|
|||
use chillerlan\QRCode\QRCode;
|
||||
use chillerlan\QRCode\QROptions;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(401);
|
||||
|
||||
$errors = [];
|
||||
$users = $msz->getUsers();
|
||||
|
|
|
|||
|
|
@ -6,10 +6,8 @@ use Index\XString;
|
|||
use Index\IO\FileStream;
|
||||
use Misuzu\Users\UserInfo;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(401);
|
||||
|
||||
$dbConn = $msz->getDbConn();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(401);
|
||||
|
||||
url_redirect('settings-account');
|
||||
|
|
|
|||
|
|
@ -4,10 +4,8 @@ namespace Misuzu;
|
|||
use Misuzu\Pagination;
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
if($currentUser === null) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if($currentUser === null)
|
||||
Template::throwError(401);
|
||||
|
||||
$loginAttempts = $msz->getLoginAttempts();
|
||||
$auditLog = $msz->getAuditLog();
|
||||
|
|
|
|||
|
|
@ -3,10 +3,8 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(401);
|
||||
return;
|
||||
}
|
||||
if(!$msz->isLoggedIn())
|
||||
Template::throwError(401);
|
||||
|
||||
$errors = [];
|
||||
$sessions = $msz->getSessions();
|
||||
|
|
|
|||
|
|
@ -236,10 +236,8 @@ if($inManageMode) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!$hasManageAccess) {
|
||||
echo render_error(403);
|
||||
exit;
|
||||
}
|
||||
if(!$hasManageAccess)
|
||||
Template::throwError(403);
|
||||
}
|
||||
|
||||
$mszRequestPath = $request->getPath();
|
||||
|
|
|
|||
|
|
@ -59,4 +59,19 @@ final class Template {
|
|||
throw new InvalidArgumentException('First parameter must be of type array or string.');
|
||||
}
|
||||
}
|
||||
|
||||
public static function displayInfo(?string $message, int $statusCode, ?string $template = null): never {
|
||||
http_response_code($statusCode);
|
||||
|
||||
self::$vars['http_code'] = $statusCode;
|
||||
if(!empty($message))
|
||||
self::$vars['message'] = $message;
|
||||
|
||||
self::render(sprintf($template ?? 'errors.%d', $statusCode));
|
||||
exit;
|
||||
}
|
||||
|
||||
public static function throwError(int $statusCode, ?string $template = null): never {
|
||||
self::displayInfo(null, $statusCode, $template);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
19
utility.php
19
utility.php
|
|
@ -1,19 +0,0 @@
|
|||
<?php
|
||||
// render_error and render_info need to be nuked from orbit
|
||||
|
||||
function render_error(int $code, string $template = 'errors.%d'): string {
|
||||
return render_info(null, $code, $template);
|
||||
}
|
||||
|
||||
function render_info(?string $message, int $httpCode, string $template = 'errors.%d'): string {
|
||||
http_response_code($httpCode);
|
||||
|
||||
\Misuzu\Template::set('http_code', $httpCode);
|
||||
|
||||
if(!empty($message))
|
||||
\Misuzu\Template::set('message', $message);
|
||||
|
||||
$template = sprintf($template, $httpCode);
|
||||
|
||||
return \Misuzu\Template::renderRaw(sprintf($template, $httpCode));
|
||||
}
|
||||
Loading…
Reference in a new issue