summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
authorilotterytea <iltsu@alright.party>2025-04-27 21:12:02 +0500
committerilotterytea <iltsu@alright.party>2025-04-27 21:12:02 +0500
commit9f1906c4cbb9878c5888723b7923fa8e4bebb51f (patch)
tree25f838ee0bb91f2a14d061906dde96967dd72a95 /public
parent00ab9aeaf0eac4c82e6480faee70add916db514f (diff)
feat: roles
Diffstat (limited to 'public')
-rw-r--r--public/emotes/index.php75
-rw-r--r--public/emotes/rate.php5
-rw-r--r--public/emotes/setmanip.php5
-rw-r--r--public/emotes/upload.php225
-rw-r--r--public/index.php7
-rw-r--r--public/report/index.php5
-rw-r--r--public/report/list.php6
-rw-r--r--public/report/send.php5
-rw-r--r--public/static/style.css13
-rw-r--r--public/users.php51
10 files changed, 245 insertions, 152 deletions
diff --git a/public/emotes/index.php b/public/emotes/index.php
index b9b3e2b..c278e93 100644
--- a/public/emotes/index.php
+++ b/public/emotes/index.php
@@ -179,46 +179,57 @@ if (CLIENT_REQUIRES_JSON) {
$stmt->execute([$_SESSION["user_emote_set_id"], $emote->get_id()]);
$added = $stmt->rowCount() > 0;
}
- ?>
- <form action="/emotes/setmanip.php" method="POST">
- <input type="text" name="id" value="<?php echo $emote->get_id() ?>"
- style="display: none;">
- <?php
- if ($added) { ?>
- <input type="text" name="action" value="remove" style="display: none;">
- <button type="submit" class="red">Remove from my channel</button>
- <?php
- } else { ?>
- <input type="text" name="action" value="add" style="display: none;">
- <button type="submit" class="green">Add to my channel</button>
+
+ if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_emoteset_own"]) {
+ echo '' ?>
+ <form action="/emotes/setmanip.php" method="POST">
+ <input type="text" name="id" value="<?php echo $emote->get_id() ?>"
+ style="display: none;">
<?php
- }
- ?>
- </form>
+ if ($added) { ?>
+ <input type="text" name="action" value="remove" style="display: none;">
+ <button type="submit" class="red">Remove from my channel</button>
+ <?php
+ } else { ?>
+ <input type="text" name="action" value="add" style="display: none;">
+ <button type="submit" class="green">Add to my channel</button>
+ <?php
+ }
+ ?>
+ </form>
+ <?php
+ ;
+ }
+ ?>
</div>
<div class="items row right full">
<?php
- $stmt = $db->prepare("SELECT rate FROM ratings WHERE user_id = ? AND emote_id = ?");
- $stmt->execute([$_SESSION["user_id"], $id]);
-
- if ($row = $stmt->fetch()) {
- echo 'You gave <img src="/static/img/icons/ratings/' . $row["rate"] . '.png" width="16" height="16"';
- echo 'title="' . RATING_NAMES[$row["rate"]] . '">';
- } else {
- foreach (RATING_NAMES as $key => $value) {
- echo '<form action="/emotes/rate.php" method="POST">';
- echo '<input type="text" name="id" value="' . $emote->get_id() . '"style="display: none;">';
- echo "<input type=\"text\" name=\"rate\" value=\"$key\" style=\"display:none;\">";
- echo '<button type="submit" class="transparent">';
- echo "<img
+ if (isset($_SESSION["user_role"])) {
+ if ($_SESSION["user_role"]["permission_rate"]) {
+ $stmt = $db->prepare("SELECT rate FROM ratings WHERE user_id = ? AND emote_id = ?");
+ $stmt->execute([$_SESSION["user_id"], $id]);
+
+ if ($row = $stmt->fetch()) {
+ echo 'You gave <img src="/static/img/icons/ratings/' . $row["rate"] . '.png" width="16" height="16"';
+ echo 'title="' . RATING_NAMES[$row["rate"]] . '">';
+ } else {
+ foreach (RATING_NAMES as $key => $value) {
+ echo '<form action="/emotes/rate.php" method="POST">';
+ echo '<input type="text" name="id" value="' . $emote->get_id() . '"style="display: none;">';
+ echo "<input type=\"text\" name=\"rate\" value=\"$key\" style=\"display:none;\">";
+ echo '<button type="submit" class="transparent">';
+ echo "<img
src=\"/static/img/icons/ratings/$key.png\" alt=\"$value!\"
title=\"IT'S A $value!\">";
- echo '</button></form>';
+ echo '</button></form>';
+ }
+ }
+ }
+ if ($_SESSION["user_role"]["permission_report"]) {
+ echo '<a class="button red" href="/report?emote_id=<?php echo $emote->get_id() ?>">Report emote</a>';
}
}
?>
- <a class="button red" href="/report?emote_id=<?php echo $emote->get_id() ?>">Report
- emote</a>
</div>
<?php
} else {
@@ -234,7 +245,7 @@ if (CLIENT_REQUIRES_JSON) {
<tr>
<th>Uploader</th>
<td><?php
- $username = "anonymous";
+ $username = ANONYMOUS_DEFAULT_NAME;
$link = "#";
if ($emote->get_uploaded_by()) {
diff --git a/public/emotes/rate.php b/public/emotes/rate.php
index 3cc3e01..bf26bcd 100644
--- a/public/emotes/rate.php
+++ b/public/emotes/rate.php
@@ -8,6 +8,11 @@ if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_rate"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$id = intval(str_safe($_POST["id"] ?? "0", 10));
$rate = intval(str_safe($_POST["rate"] ?? "0", 2));
diff --git a/public/emotes/setmanip.php b/public/emotes/setmanip.php
index b5796c7..5f3174f 100644
--- a/public/emotes/setmanip.php
+++ b/public/emotes/setmanip.php
@@ -7,6 +7,11 @@ if (!authorize_user(true)) {
return;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
if (!isset($_POST["id"], $_POST["action"])) {
generate_alert("/emotes", "Not enough POST fields");
exit;
diff --git a/public/emotes/upload.php b/public/emotes/upload.php
index 44d9161..4e90632 100644
--- a/public/emotes/upload.php
+++ b/public/emotes/upload.php
@@ -1,9 +1,23 @@
<?php
include "../../src/accounts.php";
include_once "../../src/config.php";
+include_once "../../src/alert.php";
authorize_user();
+if (!ANONYMOUS_UPLOAD && isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_upload"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
+$uploaded_by = null;
+$uploader_name = ANONYMOUS_DEFAULT_NAME;
+
+if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_upload"]) {
+ $uploaded_by = $_SESSION["user_id"] ?? null;
+ $uploader_name = $_SESSION["user_name"] ?? ANONYMOUS_DEFAULT_NAME;
+}
+
function abort_upload(string $path, PDO $db, string $id, string $response_text, int $response_code = 400)
{
$stmt = $db->prepare("DELETE FROM emotes WHERE id = ?");
@@ -24,113 +38,6 @@ $max_width = max(128, 1);
$max_height = max(128, 1);
if ($_SERVER['REQUEST_METHOD'] != "POST") {
- echo_upload_page();
- exit;
-}
-
-if (!isset($_FILES["file"])) {
- http_response_code(400);
- echo json_encode([
- "status_code" => 400,
- "message" => "No file set",
- "data" => null
- ]);
- exit;
-}
-
-$code = str_safe($_POST["code"] ?? "", 500);
-
-if ($code == "") {
- http_response_code(400);
- echo json_encode([
- "status_code" => 400,
- "message" => "Invalid code",
- "data" => null
- ]);
- exit;
-}
-
-$image = $_FILES["file"];
-
-if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) {
- http_response_code(400);
- echo json_encode([
- "status_code" => 400,
- "message" => "Not a valid image",
- "data" => null
- ]);
- exit;
-}
-
-// creating a new emote record
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-$uploaded_by = $_SESSION["user_id"] ?? null;
-
-$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)");
-$stmt->execute([$code, $mime, $ext, $uploaded_by]);
-
-$id = $db->lastInsertId();
-
-if ($id == 0) {
- $db = null;
- http_response_code(500);
- echo json_encode([
- "status_code" => 500,
- "message" => "Failed to create an emote record",
- "data" => null
- ]);
- exit;
-}
-
-$path = "../static/userdata/emotes/$id";
-
-if (!is_dir($path)) {
- mkdir($path, 0777, true);
-}
-
-// resizing the image
-
-// 3x image
-$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height);
-if ($resized_image) {
- abort_upload($path, $db, $id, $resized_image);
-}
-
-// 2x image
-$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2);
-if ($resized_image) {
- abort_upload($path, $db, $id, $resized_image);
-}
-
-// 1x image
-$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4);
-if ($resized_image) {
- abort_upload($path, $db, $id, $resized_image);
-}
-
-$db = null;
-
-if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") {
- http_response_code(201);
- echo json_encode([
- "status_code" => 201,
- "message" => null,
- "data" => [
- "id" => $id,
- "code" => $code,
- "ext" => $ext,
- "mime" => $mime,
- "uploaded_by" => $uploaded_by
- ]
- ]);
- exit;
-}
-
-header("Location: /emotes?id=$id", true, 307);
-
-function echo_upload_page()
-{
include "../../src/partials.php";
echo '' ?>
@@ -174,7 +81,7 @@ function echo_upload_page()
<button type="submit" id="upload-button">Upload as
- <?php echo $_SESSION["user_name"] ?? "anonymous" ?></button>
+ <?php echo $uploader_name ?></button>
</form>
</div>
</section>
@@ -260,4 +167,104 @@ function echo_upload_page()
</html>
<?php
-} \ No newline at end of file
+ exit;
+}
+
+if (!isset($_FILES["file"])) {
+ http_response_code(400);
+ echo json_encode([
+ "status_code" => 400,
+ "message" => "No file set",
+ "data" => null
+ ]);
+ exit;
+}
+
+$code = str_safe($_POST["code"] ?? "", 500);
+
+if ($code == "") {
+ http_response_code(400);
+ echo json_encode([
+ "status_code" => 400,
+ "message" => "Invalid code",
+ "data" => null
+ ]);
+ exit;
+}
+
+$image = $_FILES["file"];
+
+if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) {
+ http_response_code(400);
+ echo json_encode([
+ "status_code" => 400,
+ "message" => "Not a valid image",
+ "data" => null
+ ]);
+ exit;
+}
+
+// creating a new emote record
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)");
+$stmt->execute([$code, $mime, $ext, $uploaded_by]);
+
+$id = $db->lastInsertId();
+
+if ($id == 0) {
+ $db = null;
+ http_response_code(500);
+ echo json_encode([
+ "status_code" => 500,
+ "message" => "Failed to create an emote record",
+ "data" => null
+ ]);
+ exit;
+}
+
+$path = "../static/userdata/emotes/$id";
+
+if (!is_dir($path)) {
+ mkdir($path, 0777, true);
+}
+
+// resizing the image
+
+// 3x image
+$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height);
+if ($resized_image) {
+ abort_upload($path, $db, $id, $resized_image);
+}
+
+// 2x image
+$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2);
+if ($resized_image) {
+ abort_upload($path, $db, $id, $resized_image);
+}
+
+// 1x image
+$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4);
+if ($resized_image) {
+ abort_upload($path, $db, $id, $resized_image);
+}
+
+$db = null;
+
+if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") {
+ http_response_code(201);
+ echo json_encode([
+ "status_code" => 201,
+ "message" => null,
+ "data" => [
+ "id" => $id,
+ "code" => $code,
+ "ext" => $ext,
+ "mime" => $mime,
+ "uploaded_by" => $uploaded_by
+ ]
+ ]);
+ exit;
+}
+
+header("Location: /emotes?id=$id", true, 307); \ No newline at end of file
diff --git a/public/index.php b/public/index.php
index 2a6311f..8f1d7dd 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,5 +1,8 @@
<?php
include_once "../src/config.php";
+include_once "../src/accounts.php";
+authorize_user();
+
?>
<html>
@@ -17,7 +20,9 @@ include_once "../src/config.php";
<a href="/emotes">Emotes</a>
<a href="/emotesets.php">Emotesets</a>
<a href="/users.php">Users</a>
- <a href="/emotes/upload.php">Upload</a>
+ <?php if (ANONYMOUS_UPLOAD || (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_upload"])) {
+ echo '<a href="/emotes/upload.php">Upload</a>';
+ } ?>
<a href="/account">Account</a>
<a href="/software">Chat clients</a>
</div>
diff --git a/public/report/index.php b/public/report/index.php
index e040123..179c2bd 100644
--- a/public/report/index.php
+++ b/public/report/index.php
@@ -9,6 +9,11 @@ if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$report = null;
$report_id = $_GET["id"] ?? "";
diff --git a/public/report/list.php b/public/report/list.php
index 128f994..087eb55 100644
--- a/public/report/list.php
+++ b/public/report/list.php
@@ -3,11 +3,17 @@ include_once "../../src/accounts.php";
include_once "../../src/config.php";
include_once "../../src/partials.php";
include_once "../../src/utils.php";
+include_once "../../src/alert.php";
if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$stmt = $db->prepare("SELECT * FROM reports WHERE sender_id = ? ORDER BY sent_at DESC");
diff --git a/public/report/send.php b/public/report/send.php
index 0b7abaf..e5a77be 100644
--- a/public/report/send.php
+++ b/public/report/send.php
@@ -8,6 +8,11 @@ if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
if (!isset($_POST["contents"])) {
diff --git a/public/static/style.css b/public/static/style.css
index 099764f..0183846 100644
--- a/public/static/style.css
+++ b/public/static/style.css
@@ -401,6 +401,19 @@ a.box:hover {
gap: 16px;
}
+.badge {
+ padding: 2px 8px;
+ border-radius: 4px;
+ border-width: 1px;
+ border-style: solid;
+}
+
+.badge img {
+ max-width: 16px;
+ max-height: 16px;
+ vertical-align: middle;
+}
+
.row {
display: flex;
flex-direction: row;
diff --git a/public/users.php b/public/users.php
index 4876a0f..4540f5a 100644
--- a/public/users.php
+++ b/public/users.php
@@ -4,6 +4,7 @@ include_once "../src/user.php";
include_once "../src/partials.php";
include_once "../src/utils.php";
include_once "../src/accounts.php";
+include_once "../src/alert.php";
authorize_user();
session_start();
@@ -124,7 +125,7 @@ if ($row = $stmt->fetch()) {
}
if ($user == null) {
- header("Location: /404.php");
+ generate_alert("/404.php", "The user you requested cannot be found", 404);
exit;
}
@@ -211,7 +212,39 @@ $stmt->execute([$user->id()]);
$contributions += intval($stmt->fetch()[0]);
// getting status
-$status = 1;
+$status = "... i don't know who am i";
+
+$stmt = $db->prepare("SELECT * FROM roles r INNER JOIN role_assigns ra ON ra.user_id = ? WHERE ra.role_id = r.id");
+$stmt->execute([$user->id()]);
+
+if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ $status = '<span class="badge" style="color: rgba('
+ . $row["foreground_color"] . ');';
+
+ $bg_color_parts = explode(":", $row["background_color"]);
+
+ switch ($bg_color_parts[0]) {
+ case "solid": {
+ $status .= "background: rgba($bg_color_parts[1]);";
+ break;
+ }
+ case "gradient": {
+ $status .= "background: linear-gradient(0deg, rgba($bg_color_parts[1]), rgba($bg_color_parts[2]));";
+ break;
+ }
+ case "img": {
+ $status .= "background-image: url('$bg_color_parts[1]');";
+ break;
+ }
+ default:
+ break;
+ }
+
+ $status .= '">';
+ $status .= '<img src="/static/img/icons/badges/' . $row["badge_id"] . '.webp" alt="">';
+ $status .= $row["name"];
+ $status .= '</span>';
+}
// getting reactions
$stmt = $db->prepare("SELECT rate, COUNT(*) AS c FROM ratings WHERE user_id = ? GROUP BY rate ORDER BY c DESC");
@@ -277,13 +310,7 @@ if ($is_json) {
<table class="vertical left">
<tr>
<th><img src="/static/img/icons/user.png"> I am </th>
- <td><?php
- if ($status == 1) {
- echo "Gemposter";
- } else {
- echo "Unknown";
- }
- ?></td>
+ <td><?php echo $status ?></td>
</tr>
<tr>
<th><img src="/static/img/icons/door_in.png"> Joined</th>
@@ -343,7 +370,11 @@ if ($is_json) {
<!-- ACTIONS -->
<section class="box column">
<a href="/message/send.php?user=<?php echo $user->id() ?>">Send a message</a>
- <a href="/report?user_id=<?php echo $user->id() ?>">Report user</a>
+ <?php
+ if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_report"]) {
+ echo '<a href="/report?user_id=<?php echo $user->id() ?>">Report user</a>';
+ }
+ ?>
</section>
</section>
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 18:21:26 +0000