Last active
March 9, 2018 21:08
-
-
Save flashwave/39fee6d73fba95e9b2c6 to your computer and use it in GitHub Desktop.
This page is part in the series of: "The entirety of pre-2018 Flashii was a hackjob"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Sakura Main Index | |
| */ | |
| // Declare Namespace | |
| namespace Sakura; | |
| // Include components | |
| require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php'; | |
| // Add page specific things | |
| $renderData['page'] = [ | |
| 'title' => 'Settings' | |
| ]; | |
| if(isset($_GET['apply']) && $_GET['apply']) { | |
| if(!isset($_POST['mode'])) { | |
| print Templates::render('errors/information.tpl', array_merge($renderData, ['page' => ['redirect' => $_SERVER['PHP_SELF'], 'message' => 'oh god what the fuck did you just do oh shit please stop oh fuck what are you doing nooooooooooooooooooooooooooooooo', 'title' => 'Information']])); | |
| exit; | |
| } | |
| if(!isset($_POST['sessid']) || $_POST['sessid'] != session_id()) { | |
| print Templates::render('errors/information.tpl', array_merge($renderData, ['page' => ['redirect' => $_SERVER['PHP_SELF'], 'message' => 'Your session has expired, please try again!', 'title' => 'Information']])); | |
| exit; | |
| } | |
| if(!isset($_POST['timestamp']) || (time() - $_POST['timestamp']) > 1800) { | |
| print Templates::render('errors/information.tpl', array_merge($renderData, ['page' => ['redirect' => $_SERVER['PHP_SELF'], 'message' => 'The verification timestamp does not match, you probably took too long.', 'title' => 'Information']])); | |
| exit; | |
| } | |
| switch($_POST['mode']) { | |
| case 'avatar': | |
| $avatars = ROOT .'content/images/avatars/'; | |
| $filename = $avatars . Session::$userId; | |
| // Check if the upload went properly | |
| if($_FILES['avatar']['error'] !== UPLOAD_ERR_OK) { | |
| $msg = 'Upload failed! ['. $_FILES['avatar']['error'] .']'; | |
| break; | |
| } | |
| // Get the image data | |
| $info = getimagesize($_FILES['avatar']['tmp_name']); | |
| // Check if image is in fact actually an image | |
| if($info === false) { | |
| $msg = 'Image was not an image.'; | |
| break; | |
| } | |
| // Check if the filetype is allowed | |
| if(($info[2] !== IMAGETYPE_GIF) && ($info[2] !== IMAGETYPE_JPEG) && ($info[2] !== IMAGETYPE_PNG)) { | |
| $msg = 'Image was not an allowed type.'; | |
| break; | |
| } | |
| // Check if the resolution is yeah | |
| if($info[0] < 20 || $info[1] < 20 || $info[0] > 500 || $info[1] > 500) { | |
| $msg = 'Image resolution exceeds resolution limits.'; | |
| break; | |
| } | |
| // Check if the size is yeah | |
| if(filesize($_FILES['avatar']['tmp_name']) > 10000000) { | |
| $msg = 'Image resolution exceeds filesize limits.'; | |
| break; | |
| } | |
| // Append extension to filename | |
| $filename .= '.'. image_type_to_extension($info[2]); | |
| if(move_uploaded_file($_FILES['avatar']['tmp_name'], $filename)) { | |
| Database::update('users', [ | |
| [ | |
| 'avatar_url' => Session::$userId .'.'. image_type_to_extension($info[2]) | |
| ], | |
| [ | |
| 'id' => [Session::$userId, '='] | |
| ] | |
| ]); | |
| $msg = 'Your avatar has been changed!'; | |
| } else { | |
| $msg = 'Something fucked up and you have to try again!'; | |
| } | |
| break; | |
| case 'session': | |
| if(empty(Database::fetch('sessions', true, ['id' => [$_POST['sessionid'], '='], 'userid' => [Session::$userId, '=']]))) { | |
| $msg = 'Requested session does not exist.'; | |
| break; | |
| } | |
| $msg = 'Session deleted!'; | |
| Session::deleteSession($_POST['sessionid']); | |
| break; | |
| case 'page': | |
| $md = base64_encode($_POST['markdown']); | |
| Database::update('users', [ | |
| [ | |
| 'profile_md' => $md | |
| ], | |
| [ | |
| 'id' => [Session::$userId, '='] | |
| ] | |
| ]); | |
| $msg = 'Updated your profile page.'; | |
| break; | |
| case 'profile': | |
| $profileFields = Database::fetch('profilefields'); | |
| $profileSubmit = array(); | |
| foreach($profileFields as $value) { | |
| $idName = Main::cleanString($value['name'], true, true, true); | |
| if(isset($_POST[$idName]) && !empty($_POST[$idName])) | |
| $profileSubmit[$idName] = $_POST[$idName]; | |
| if(isset($value['additional']) && !empty($value['additional'])) { | |
| foreach(json_decode($value['additional'], true) as $addKey => $addVal) { | |
| $profileSubmit[$addKey] = isset($_POST[$addKey]) ? $_POST[$addKey] : ''; | |
| } | |
| } | |
| } | |
| $profileSubmit = json_encode($profileSubmit); | |
| Database::update('users', [ | |
| [ | |
| 'profile_data' => $profileSubmit | |
| ], | |
| [ | |
| 'id' => [Session::$userId, '='] | |
| ] | |
| ]); | |
| $msg = 'Updated profile.'; | |
| break; | |
| default: | |
| $msg = 'Something happened.'; | |
| } | |
| print Templates::render('errors/information.tpl', array_merge($renderData, ['page' => ['redirect' => $_SERVER['PHP_SELF'], 'message' => $msg, 'title' => 'Information']])); | |
| exit; | |
| } | |
| print Templates::render('global/header.tpl', $renderData); | |
| if(Users::checkLogin()) { | |
| ?> | |
| <div class="content homepage settings"> | |
| <div class="content-right content-column"> | |
| <div class="head">Navigation</div> | |
| <div class="right-menu-nav"> | |
| <div>General</div> | |
| <a href="?mode=home">Home</a> | |
| <a href="?mode=profile">Edit Profile</a> | |
| <div>Aesthetics</div> | |
| <a href="?mode=avatar">Avatar</a> | |
| <a href="?mode=page">Profile Page</a> | |
| <div>Danger zone</div> | |
| <a href="?mode=sessions">Sessions</a> | |
| </div> | |
| </div> | |
| <div class="content-left content-column"> | |
| <?php | |
| if(isset($_GET['mode'])) { | |
| switch($_GET['mode']) { | |
| case 'home': | |
| print '<div class="head">Settings / Home</div>'; | |
| print '<div class="settings-explanation">'; | |
| print 'Change various settings regarding your account.'; | |
| print '</div>'; | |
| print '<h1 class="stylised" style="text-align: center;">This is NOT the completed Settings area</h1>'; | |
| print '<div style="text-align: center;"><a class="default" href="/u/2" title="Flashwave">I</a> quickly threw this panel together so there\'s actually a way to edit your settings for now.<br />A better, improved and more functional settings area will be available soon! Tenshi features aren\'t supported yet. If you want any detail changed that isn\'t possible from here don\'t hesitate to contact <a href="/u/2" class="default">Flashwave</a>!</div>'; | |
| print '<h2 style="text-align: center;">tl;dr: a panel with more features and less suckage is coming soon</h2>'; | |
| break; | |
| // Profile | |
| case 'profile': | |
| $profileShit = Users::getUserProfileData(Session::$userId); | |
| $profileFields = Database::fetch('profilefields'); | |
| //var_dump($profileShit); | |
| //var_dump($profileFields); | |
| print '<div class="head">Settings / Edit Profile</div>'; | |
| print '<div class="settings-explanation">'; | |
| print 'These are the external account links etc. on your profile, shouldn\'t need any additional explanation for this one.<br /><b>Note:</b> Additional values like the checkbox under youtube will always show their default value as opposed to what you entered here. They do show up properly on your profile however.'; | |
| print '</div>'; | |
| print '<form method="post" action="?apply=true">'; | |
| print '<input type="hidden" name="sessid" value="'. session_id() .'" /><input type="hidden" name="timestamp" value="'. time() .'" /><input type="hidden" name="mode" value="profile" />'; | |
| foreach($profileFields as $field) { | |
| $fieldValue = ''; | |
| if(isset($profileShit[Main::cleanString($field['name'], true, true, true)])) | |
| $fieldValue = $profileShit[Main::cleanString($field['name'], true, true, true)]['value']; | |
| print '<div class="profile-field">'; | |
| print '<div><h2>'. $field['name'] .'</h2></div>'; | |
| print '<div><input type="text" name="'. Main::cleanString($field['name'], true, true, true) .'" value="'. $fieldValue .'" placeholder="'. $field['description'] .'" value="" class="inputStyling" /></div>'; | |
| if(!empty($field['additional'])) { | |
| foreach(json_decode($field['additional'], true) as $key => $value) { | |
| print '<div>'; | |
| print '<input type="'. $value[0] .'" id="'. $key .'" name="'. $key .'" /> '; | |
| print '<label style="font-size: 10px;" for="'. $key .'">'. $value[1] .'</label>'; | |
| print '</div>'; | |
| } | |
| } | |
| print '</div>'; | |
| } | |
| print '<div class="profile-save">'; | |
| print '<input type="submit" value="Save" name="submit" class="inputStyling" /> <input type="button" value="Reset" name="reset" onclick="window.location.reload();" class="inputStyling" />'; | |
| print '</div>'; | |
| print '</form>'; | |
| break; | |
| // Avatar | |
| case 'avatar': | |
| print '<div class="head">Settings / Avatar</div>'; | |
| print '<div class="settings-explanation">'; | |
| print 'Your avatar which is displayed all over the site and on your profile.<br />Maximum image size is 500x500, minimum image size is 20x20, maximum file size is 10 MB.'; | |
| print '</div>'; | |
| print '<form enctype="multipart/form-data" method="post" action="?apply=true">'; | |
| print '<input type="hidden" name="sessid" value="'. session_id() .'" /><input type="hidden" name="timestamp" value="'. time() .'" /><input type="hidden" name="mode" value="avatar" /><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />'; | |
| print '<div style="text-align: center;"><img src="/a/'. Session::$userId .'" alt="Your Avatar" class="default-avatar-setting" /></div>'; | |
| print '<div style="text-align: center;"><input type="file" name="avatar" /></div>'; | |
| print '<div style="text-align: center;"><input type="submit" value="Submit" name="submit" class="inputStyling" /></div>'; | |
| print '</form>'; | |
| break; | |
| // Profile page | |
| case 'page': | |
| print '<div class="head">Settings / Profile Page</div>'; | |
| print '<div class="settings-explanation">'; | |
| print 'This is the big markdown block that\'s displayed on the left side of your profile.<br /><a class="default" href="/r/typography" target="_blank">Click here if you don\'t know how to markdown.</a>'; | |
| print '</div>'; | |
| print '<form method="post" action="?apply=true">'; | |
| print '<input type="hidden" name="sessid" value="'. session_id() .'" /><input type="hidden" name="timestamp" value="'. time() .'" /><input type="hidden" name="mode" value="page" />'; | |
| print '<div><textarea name="markdown" placeholder="# Welcome to my profile page!" class="inputStyling" style="width: calc(100% - 12px); height: 500px;" />'. base64_decode($renderData['user']['data']['profile_md']) .'</textarea></div>'; | |
| print '<div class="profile-save">'; | |
| print '<input type="submit" value="Save" name="submit" class="inputStyling" /> <input type="button" value="Reset" name="reset" onclick="window.location.reload();" class="inputStyling" />'; | |
| print '</div>'; | |
| print '</form>'; | |
| break; | |
| // Danger Zone | |
| case 'sessions': | |
| print '<div class="head">Settings / Sessions</div>'; | |
| print '<div class="settings-explanation">'; | |
| print 'Session keys are a way of identifying yourself with the system without keeping your password in memory. '; | |
| print 'If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn\'t be here hit the Kill button to kill the selected session. '; | |
| print 'If you get logged out after clicking one you\'ve most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.'; | |
| print '</div>'; | |
| $sessions = Database::fetch('sessions', true, ['userid' => [Session::$userId, '=']]); | |
| //var_dump($sessions); | |
| print '<table class="settings-table">'; | |
| print '<thead>'; | |
| print '<tr><th>IP</th style="width: 110px;"><th style="width: 270px;">Useragent</th><th>Login time</th><th>Expires</th><th></th></tr>'; | |
| print '</thead>'; | |
| print '<tfoot>'; | |
| print '<tr><th>IP</th><th>Useragent</th><th>Created</th><th>Expires</th><th></th></tr>'; | |
| print '</tfoot>'; | |
| print '<tbody>'; | |
| foreach($sessions as $session) { | |
| print '<tr'; | |
| if($session['skey'] == Session::$sessionId) | |
| print ' class="current-session"'; | |
| print '>'; | |
| print '<td>'; | |
| print $session['userip']; | |
| print '</td>'; | |
| print '<td>'; | |
| print $session['useragent']; | |
| print '</td>'; | |
| print '<td>'; | |
| print date('r', $session['started']); | |
| print '</td>'; | |
| print '<td>'; | |
| print $session['remember'] ? 'Never' : date('r', $session['expire']); | |
| print '</td>'; | |
| print '<td>'; | |
| print '<form method="post" action="?apply=true">'; | |
| print '<input type="hidden" name="sessid" value="'. session_id() .'" /><input type="hidden" name="timestamp" value="'. time() .'" /><input type="hidden" name="mode" value="session" />'; | |
| print '<input type="hidden" value="'. $session['id'] .'" name="sessionid" />'; | |
| print '<input type="submit" value="Kill" name="submit" />'; | |
| print '</form>'; | |
| print '</td>'; | |
| print '</tr>'; | |
| } | |
| print '</tbody>'; | |
| print '</table>'; | |
| break; | |
| default: | |
| header('Location: ?mode=home'); | |
| } | |
| } else { | |
| header('Location: ?mode=home'); | |
| } | |
| ?> | |
| </div> | |
| <div class="clear"></div> | |
| </div> | |
| <?php | |
| } else { | |
| ?> | |
| <div class="content standalone" style="padding: 20px;"> | |
| <h1>Login to view this page!</h1> | |
| If you actually are logged in something went wrong and you should report this to <a href="http://flashii.net/u/2" target="_blank" class="default">Flashwave</a>.<br /> | |
| If you aren't logged in please log in or create an account if you don't have one. | |
| </div> | |
| <?php | |
| } | |
| print Templates::render('global/footer.tpl', $renderData); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment