diff options
| -rw-r--r-- | emotesets/addeditor.php | 54 | ||||
| -rw-r--r-- | emotesets/deleditor.php | 59 | ||||
| -rw-r--r-- | emotesets/index.php (renamed from emotesets.php) | 42 | ||||
| -rw-r--r-- | index.php | 2 | ||||
| -rw-r--r-- | lib/emote.php | 13 | ||||
| -rw-r--r-- | lib/partials.php | 2 | ||||
| -rw-r--r-- | users.php | 2 |
7 files changed, 169 insertions, 5 deletions
diff --git a/emotesets/addeditor.php b/emotesets/addeditor.php new file mode 100644 index 0000000..08d1e41 --- /dev/null +++ b/emotesets/addeditor.php @@ -0,0 +1,54 @@ +<?php +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php"; + +if (!authorize_user(true)) { + return; +} + +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +if (!isset($_POST["id"], $_POST["username"])) { + generate_alert("/emotesets/", "Not enough POST fields"); + exit; +} + +$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']); + +// checking emoteset +$emote_set_id = $_POST["id"]; +$stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?"); +$stmt->execute([$emote_set_id, $_SESSION['user_id']]); +if ($stmt->rowCount() == 0) { + generate_alert("/emotes", "Emoteset not found", 404); + exit; +} +$emote_set = $stmt->fetch(PDO::FETCH_ASSOC); + +// get user by username +$user_name = $_POST['username']; +$stmt = $db->prepare("SELECT id FROM users WHERE username = ?"); +$stmt->execute([$user_name]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "Username $user_name does not exist", 403); + exit; +} +$user_id = $stmt->fetch(PDO::FETCH_ASSOC)['id']; + +// checking if user has already acquired emote set +$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?"); +$stmt->execute([$user_id, $emote_set_id]); +if ($stmt->rowCount() > 0) { + generate_alert("/404.php", "User $user_name has acquired this emoteset.", 409); + exit; +} + +$db->prepare('INSERT INTO acquired_emote_sets(user_id, emote_set_id) VALUES (?, ?)') + ->execute([$user_id, $emote_set_id]); + +generate_alert("/emotesets/?id=$emote_set_id", "This emoteset has been acquired by $user_name.", 200);
\ No newline at end of file diff --git a/emotesets/deleditor.php b/emotesets/deleditor.php new file mode 100644 index 0000000..0476f37 --- /dev/null +++ b/emotesets/deleditor.php @@ -0,0 +1,59 @@ +<?php +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php"; + +if (!authorize_user(true)) { + return; +} + +$d = $_POST; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + $d = $_GET; +} + +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +if (!isset($d["id"], $d["username"])) { + generate_alert("/emotesets/", "Not enough POST fields"); + exit; +} + +$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']); + +// checking emoteset +$emote_set_id = $d["id"]; +$stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?"); +$stmt->execute([$emote_set_id, $_SESSION['user_id']]); +if ($stmt->rowCount() == 0) { + generate_alert("/emotes", "Emoteset not found", 404); + exit; +} +$emote_set = $stmt->fetch(PDO::FETCH_ASSOC); + +// get user by username +$user_name = $d['username']; +$stmt = $db->prepare("SELECT id FROM users WHERE username = ?"); +$stmt->execute([$user_name]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "Username $user_name does not exist", 403); + exit; +} +$user_id = $stmt->fetch(PDO::FETCH_ASSOC)['id']; + +// checking if user has already acquired emote set +$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?"); +$stmt->execute([$user_id, $emote_set_id]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "User $user_name has not acquired this emoteset.", 404); + exit; +} + +$db->prepare('DELETE FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?') + ->execute([$user_id, $emote_set_id]); + +generate_alert("/emotesets/?id=$emote_set_id", "User $user_name can not edit this emoteset anymore.", 200);
\ No newline at end of file diff --git a/emotesets.php b/emotesets/index.php index 35675ce..5be3bda 100644 --- a/emotesets.php +++ b/emotesets/index.php @@ -133,6 +133,8 @@ if (CLIENT_REQUIRES_JSON) { <?php html_navigation_bar() ?> <section class="content row"> <section class="content"> + <?php display_alert() ?> + <section class="box"> <div class="box navtab row"> <div class="grow"> @@ -155,6 +157,46 @@ if (CLIENT_REQUIRES_JSON) { } ?> </section> + + <?php if (!empty($emote_set)): ?> + <section class="box"> + <?php if (empty($emote_set->editors)): ?> + <p>This emoteset does not have any editors.</p> + <?php else: ?> + <p> + Editors: + <?php foreach ($emote_set->editors as $e): ?> + <a href="/users.php?id=<?= $e['id'] ?>"> + <?= $e['username'] ?> + </a> + <?php if (isset($emote_set->owner, $_SESSION['user_id']) && $emote_set->owner->id == $_SESSION['user_id'] && $e['id'] !== $emote_set->owner->id): ?> + <button> + <a + href="/emotesets/deleditor.php?id=<?= $emote_set->id ?>&username=<?= $e['username'] ?>"> + <img src="/static/img/icons/no.png" alt="X"> + </a> + </button> + <?php endif; ?> + <?php endforeach; ?> + </p> + <?php endif; ?> + </section> + <?php if (isset($_SESSION['user_id'], $emote_set->owner) && $emote_set->owner->id === $_SESSION['user_id']): ?> + <section class="box"> + <div class="navtab box"> + <p>Actions</p> + </div> + <div class="content box"> + <form action="/emotesets/addeditor.php" method="post" class="row small-gap"> + <p>Add editor:</p> + <input type="text" name="id" value="<?= $emote_set->id ?>" style="display:none"> + <input type="text" name="username" placeholder="TinyEmotes username"> + <button type="submit"><img src="/static/img/icons/yes.png" alt="Add"></button> + </form> + </div> + </section> + <?php endif; ?> + <?php endif; ?> </section> </section> </div> @@ -29,7 +29,7 @@ authorize_user(); <a href="/emotes">Emotes</a> <?php if (CONFIG['emoteset']['public']): ?> - <a href="/emotesets.php">Emotesets</a> + <a href="/emotesets/">Emotesets</a> <?php endif; ?> <?php if (CONFIG['account']['publiclist']): ?> diff --git a/lib/emote.php b/lib/emote.php index a724914..38e4f01 100644 --- a/lib/emote.php +++ b/lib/emote.php @@ -107,7 +107,7 @@ class Emoteset public string $id; public string $name; public User|null $owner; - public array $emotes; + public array $emotes, $editors; public bool $is_default; @@ -119,6 +119,7 @@ class Emoteset $s->name = $arr["name"]; $s->owner = $arr["owner_id"]; $s->emotes = $arr["emotes"] ?? []; + $s->editors = $arr["editors"] ?? []; $s->is_default = $arr["is_default"] ?? false; return $s; @@ -132,6 +133,14 @@ class Emoteset $arr["emotes"] = fetch_all_emotes_from_emoteset($db, $arr["id"], $user_id); + $stmt = $db->prepare('SELECT u.id, u.username FROM users u + INNER JOIN emote_sets es ON es.id = ? + INNER JOIN acquired_emote_sets aes ON aes.emote_set_id = es.id + WHERE aes.user_id = u.id + '); + $stmt->execute([$arr["id"]]); + $arr["editors"] = $stmt->fetchAll(PDO::FETCH_ASSOC); + return Emoteset::from_array($arr); } @@ -281,7 +290,7 @@ function html_display_emotes(array $emotes, int $scale = 3) function html_display_emoteset(array $emotesets) { foreach ($emotesets as $es) { - echo "<a href='/emotesets.php?id={$es->id}' class='box column small-gap'>"; + echo "<a href='/emotesets/?id={$es->id}' class='box column small-gap'>"; echo '<div>'; echo "<p>$es->name</p>"; diff --git a/lib/partials.php b/lib/partials.php index 60d1325..71a429a 100644 --- a/lib/partials.php +++ b/lib/partials.php @@ -13,7 +13,7 @@ function html_navigation_bar() <a href="/emotes" class="button">Emotes</a> <?php if (CONFIG['emoteset']['public']): ?> - <a href="/emotesets.php" class="button">Emotesets</a> + <a href="/emotesets/" class="button">Emotesets</a> <?php endif; ?> <?php if (CONFIG['account']['publiclist']): ?> @@ -514,7 +514,7 @@ if ($is_json) { echo " $preposition <a href=\""; if ($es_stmt->rowCount() == 1) { - echo '/emotesets.php?id=' . $payload["emoteset"]["id"]; + echo '/emotesets/?id=' . $payload["emoteset"]["id"]; } echo '">' . $payload["emoteset"]["name"] . '</a>'; |