diff options
| author | ilotterytea <iltsu@alright.party> | 2025-04-27 21:12:02 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-04-27 21:12:02 +0500 |
| commit | 9f1906c4cbb9878c5888723b7923fa8e4bebb51f (patch) | |
| tree | 25f838ee0bb91f2a14d061906dde96967dd72a95 /public/emotes | |
| parent | 00ab9aeaf0eac4c82e6480faee70add916db514f (diff) | |
feat: roles
Diffstat (limited to 'public/emotes')
| -rw-r--r-- | public/emotes/index.php | 75 | ||||
| -rw-r--r-- | public/emotes/rate.php | 5 | ||||
| -rw-r--r-- | public/emotes/setmanip.php | 5 | ||||
| -rw-r--r-- | public/emotes/upload.php | 225 |
4 files changed, 169 insertions, 141 deletions
diff --git a/public/emotes/index.php b/public/emotes/index.php index b9b3e2b..c278e93 100644 --- a/public/emotes/index.php +++ b/public/emotes/index.php @@ -179,46 +179,57 @@ if (CLIENT_REQUIRES_JSON) { $stmt->execute([$_SESSION["user_emote_set_id"], $emote->get_id()]); $added = $stmt->rowCount() > 0; } - ?> - <form action="/emotes/setmanip.php" method="POST"> - <input type="text" name="id" value="<?php echo $emote->get_id() ?>" - style="display: none;"> - <?php - if ($added) { ?> - <input type="text" name="action" value="remove" style="display: none;"> - <button type="submit" class="red">Remove from my channel</button> - <?php - } else { ?> - <input type="text" name="action" value="add" style="display: none;"> - <button type="submit" class="green">Add to my channel</button> + + if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_emoteset_own"]) { + echo '' ?> + <form action="/emotes/setmanip.php" method="POST"> + <input type="text" name="id" value="<?php echo $emote->get_id() ?>" + style="display: none;"> <?php - } - ?> - </form> + if ($added) { ?> + <input type="text" name="action" value="remove" style="display: none;"> + <button type="submit" class="red">Remove from my channel</button> + <?php + } else { ?> + <input type="text" name="action" value="add" style="display: none;"> + <button type="submit" class="green">Add to my channel</button> + <?php + } + ?> + </form> + <?php + ; + } + ?> </div> <div class="items row right full"> <?php - $stmt = $db->prepare("SELECT rate FROM ratings WHERE user_id = ? AND emote_id = ?"); - $stmt->execute([$_SESSION["user_id"], $id]); - - if ($row = $stmt->fetch()) { - echo 'You gave <img src="/static/img/icons/ratings/' . $row["rate"] . '.png" width="16" height="16"'; - echo 'title="' . RATING_NAMES[$row["rate"]] . '">'; - } else { - foreach (RATING_NAMES as $key => $value) { - echo '<form action="/emotes/rate.php" method="POST">'; - echo '<input type="text" name="id" value="' . $emote->get_id() . '"style="display: none;">'; - echo "<input type=\"text\" name=\"rate\" value=\"$key\" style=\"display:none;\">"; - echo '<button type="submit" class="transparent">'; - echo "<img + if (isset($_SESSION["user_role"])) { + if ($_SESSION["user_role"]["permission_rate"]) { + $stmt = $db->prepare("SELECT rate FROM ratings WHERE user_id = ? AND emote_id = ?"); + $stmt->execute([$_SESSION["user_id"], $id]); + + if ($row = $stmt->fetch()) { + echo 'You gave <img src="/static/img/icons/ratings/' . $row["rate"] . '.png" width="16" height="16"'; + echo 'title="' . RATING_NAMES[$row["rate"]] . '">'; + } else { + foreach (RATING_NAMES as $key => $value) { + echo '<form action="/emotes/rate.php" method="POST">'; + echo '<input type="text" name="id" value="' . $emote->get_id() . '"style="display: none;">'; + echo "<input type=\"text\" name=\"rate\" value=\"$key\" style=\"display:none;\">"; + echo '<button type="submit" class="transparent">'; + echo "<img src=\"/static/img/icons/ratings/$key.png\" alt=\"$value!\" title=\"IT'S A $value!\">"; - echo '</button></form>'; + echo '</button></form>'; + } + } + } + if ($_SESSION["user_role"]["permission_report"]) { + echo '<a class="button red" href="/report?emote_id=<?php echo $emote->get_id() ?>">Report emote</a>'; } } ?> - <a class="button red" href="/report?emote_id=<?php echo $emote->get_id() ?>">Report - emote</a> </div> <?php } else { @@ -234,7 +245,7 @@ if (CLIENT_REQUIRES_JSON) { <tr> <th>Uploader</th> <td><?php - $username = "anonymous"; + $username = ANONYMOUS_DEFAULT_NAME; $link = "#"; if ($emote->get_uploaded_by()) { diff --git a/public/emotes/rate.php b/public/emotes/rate.php index 3cc3e01..bf26bcd 100644 --- a/public/emotes/rate.php +++ b/public/emotes/rate.php @@ -8,6 +8,11 @@ if (!authorize_user(true)) { exit; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_rate"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + $id = intval(str_safe($_POST["id"] ?? "0", 10)); $rate = intval(str_safe($_POST["rate"] ?? "0", 2)); diff --git a/public/emotes/setmanip.php b/public/emotes/setmanip.php index b5796c7..5f3174f 100644 --- a/public/emotes/setmanip.php +++ b/public/emotes/setmanip.php @@ -7,6 +7,11 @@ if (!authorize_user(true)) { return; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + if (!isset($_POST["id"], $_POST["action"])) { generate_alert("/emotes", "Not enough POST fields"); exit; diff --git a/public/emotes/upload.php b/public/emotes/upload.php index 44d9161..4e90632 100644 --- a/public/emotes/upload.php +++ b/public/emotes/upload.php @@ -1,9 +1,23 @@ <?php include "../../src/accounts.php"; include_once "../../src/config.php"; +include_once "../../src/alert.php"; authorize_user(); +if (!ANONYMOUS_UPLOAD && isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_upload"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +$uploaded_by = null; +$uploader_name = ANONYMOUS_DEFAULT_NAME; + +if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_upload"]) { + $uploaded_by = $_SESSION["user_id"] ?? null; + $uploader_name = $_SESSION["user_name"] ?? ANONYMOUS_DEFAULT_NAME; +} + function abort_upload(string $path, PDO $db, string $id, string $response_text, int $response_code = 400) { $stmt = $db->prepare("DELETE FROM emotes WHERE id = ?"); @@ -24,113 +38,6 @@ $max_width = max(128, 1); $max_height = max(128, 1); if ($_SERVER['REQUEST_METHOD'] != "POST") { - echo_upload_page(); - exit; -} - -if (!isset($_FILES["file"])) { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "No file set", - "data" => null - ]); - exit; -} - -$code = str_safe($_POST["code"] ?? "", 500); - -if ($code == "") { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "Invalid code", - "data" => null - ]); - exit; -} - -$image = $_FILES["file"]; - -if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "Not a valid image", - "data" => null - ]); - exit; -} - -// creating a new emote record -$db = new PDO(DB_URL, DB_USER, DB_PASS); - -$uploaded_by = $_SESSION["user_id"] ?? null; - -$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)"); -$stmt->execute([$code, $mime, $ext, $uploaded_by]); - -$id = $db->lastInsertId(); - -if ($id == 0) { - $db = null; - http_response_code(500); - echo json_encode([ - "status_code" => 500, - "message" => "Failed to create an emote record", - "data" => null - ]); - exit; -} - -$path = "../static/userdata/emotes/$id"; - -if (!is_dir($path)) { - mkdir($path, 0777, true); -} - -// resizing the image - -// 3x image -$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -// 2x image -$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -// 1x image -$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -$db = null; - -if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") { - http_response_code(201); - echo json_encode([ - "status_code" => 201, - "message" => null, - "data" => [ - "id" => $id, - "code" => $code, - "ext" => $ext, - "mime" => $mime, - "uploaded_by" => $uploaded_by - ] - ]); - exit; -} - -header("Location: /emotes?id=$id", true, 307); - -function echo_upload_page() -{ include "../../src/partials.php"; echo '' ?> @@ -174,7 +81,7 @@ function echo_upload_page() <button type="submit" id="upload-button">Upload as - <?php echo $_SESSION["user_name"] ?? "anonymous" ?></button> + <?php echo $uploader_name ?></button> </form> </div> </section> @@ -260,4 +167,104 @@ function echo_upload_page() </html> <?php -}
\ No newline at end of file + exit; +} + +if (!isset($_FILES["file"])) { + http_response_code(400); + echo json_encode([ + "status_code" => 400, + "message" => "No file set", + "data" => null + ]); + exit; +} + +$code = str_safe($_POST["code"] ?? "", 500); + +if ($code == "") { + http_response_code(400); + echo json_encode([ + "status_code" => 400, + "message" => "Invalid code", + "data" => null + ]); + exit; +} + +$image = $_FILES["file"]; + +if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) { + http_response_code(400); + echo json_encode([ + "status_code" => 400, + "message" => "Not a valid image", + "data" => null + ]); + exit; +} + +// creating a new emote record +$db = new PDO(DB_URL, DB_USER, DB_PASS); + +$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)"); +$stmt->execute([$code, $mime, $ext, $uploaded_by]); + +$id = $db->lastInsertId(); + +if ($id == 0) { + $db = null; + http_response_code(500); + echo json_encode([ + "status_code" => 500, + "message" => "Failed to create an emote record", + "data" => null + ]); + exit; +} + +$path = "../static/userdata/emotes/$id"; + +if (!is_dir($path)) { + mkdir($path, 0777, true); +} + +// resizing the image + +// 3x image +$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +// 2x image +$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +// 1x image +$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +$db = null; + +if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") { + http_response_code(201); + echo json_encode([ + "status_code" => 201, + "message" => null, + "data" => [ + "id" => $id, + "code" => $code, + "ext" => $ext, + "mime" => $mime, + "uploaded_by" => $uploaded_by + ] + ]); + exit; +} + +header("Location: /emotes?id=$id", true, 307);
\ No newline at end of file |