diff options
| -rw-r--r-- | public/account/change_emoteset.php | 36 | ||||
| -rw-r--r-- | public/emotes/index.php | 13 | ||||
| -rw-r--r-- | public/emotes/setmanip.php | 36 | ||||
| -rw-r--r-- | src/accounts.php | 22 | ||||
| -rw-r--r-- | src/partials.php | 21 |
5 files changed, 90 insertions, 38 deletions
diff --git a/public/account/change_emoteset.php b/public/account/change_emoteset.php new file mode 100644 index 0000000..c2fc209 --- /dev/null +++ b/public/account/change_emoteset.php @@ -0,0 +1,36 @@ +<?php +include_once "../../src/config.php"; +include_once "../../src/alert.php"; +include_once "../../src/accounts.php"; + +if (!authorize_user(true)) { + generate_alert("/404.php", "Unauthorized", 401); + exit; +} + +if ($_SERVER["REQUEST_METHOD"] != "POST") { + generate_alert("/404.php", "Method not allowed", 405); + exit; +} + +if (!isset($_POST["id"])) { + generate_alert("/404.php", "Emote set ID is not provided"); + exit; +} + +$emote_set_id = $_POST["id"]; +$user_id = $_SESSION["user_id"]; + +$db = new PDO(DB_URL, DB_USER, DB_PASS); + +$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?"); +$stmt->execute([$emote_set_id, $user_id]); + +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403); + exit; +} + +$_SESSION["user_active_emote_set_id"] = $emote_set_id; + +header("Location: " . $_POST["redirect"] ?? "/");
\ No newline at end of file diff --git a/public/emotes/index.php b/public/emotes/index.php index 8706319..4234297 100644 --- a/public/emotes/index.php +++ b/public/emotes/index.php @@ -31,7 +31,7 @@ function display_list_emotes(PDO &$db, string $search, string $sort_by, int $pag FROM emote_set_contents ec INNER JOIN emote_sets es ON es.id = ec.emote_set_id JOIN acquired_emote_sets aes ON aes.emote_set_id = es.id - WHERE ec.emote_id = e.id AND es.owner_id = ? AND aes.is_default = TRUE + WHERE ec.emote_id = e.id AND es.id = ? ) THEN 1 ELSE 0 END AS is_in_user_set, COALESCE(COUNT(r.rate), 0) AS rating FROM emotes e LEFT JOIN user_preferences up ON up.id = e.uploaded_by @@ -46,9 +46,10 @@ function display_list_emotes(PDO &$db, string $search, string $sort_by, int $pag "); $sql_search = "%$search%"; + $current_emote_set_id = $_SESSION["user_active_emote_set_id"] ?? ""; $stmt->bindParam(1, $current_user_id, PDO::PARAM_STR); - $stmt->bindParam(2, $user_id, PDO::PARAM_INT); + $stmt->bindParam(2, $current_emote_set_id, PDO::PARAM_STR); $stmt->bindParam(3, $search, PDO::PARAM_STR); $stmt->bindParam(4, $sql_search, PDO::PARAM_STR); $stmt->bindParam(5, $limit, PDO::PARAM_INT); @@ -281,9 +282,9 @@ if (CLIENT_REQUIRES_JSON) { <?php $added = false; - if (isset($_SESSION["user_emote_set_id"])) { + if (isset($_SESSION["user_active_emote_set_id"])) { $stmt = $db->prepare("SELECT id, code FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?"); - $stmt->execute([$_SESSION["user_emote_set_id"], $emote->get_id()]); + $stmt->execute([$_SESSION["user_active_emote_set_id"], $emote->get_id()]); $added = false; @@ -298,6 +299,8 @@ if (CLIENT_REQUIRES_JSON) { <form action="/emotes/setmanip.php" method="POST"> <input type="text" name="id" value="<?php echo $emote->get_id() ?>" style="display: none;"> + <input type="text" name="emote_set_id" + value="<?php echo $_SESSION["user_active_emote_set_id"] ?>" style="display: none;"> <?php if ($added) { ?> @@ -307,6 +310,8 @@ if (CLIENT_REQUIRES_JSON) { <form action="/emotes/setmanip.php" method="POST" class="row"> <input type="text" name="id" value="<?php echo $emote->get_id() ?>" style="display: none;"> + <input type="text" name="emote_set_id" + value="<?php echo $_SESSION["user_active_emote_set_id"] ?>" style="display: none;"> <input type="text" name="value" id="emote-alias-input" value="<?php echo $emote_current_name ?>" placeholder="<?php echo $emote->get_code() ?>"> diff --git a/public/emotes/setmanip.php b/public/emotes/setmanip.php index 8e8d840..129790d 100644 --- a/public/emotes/setmanip.php +++ b/public/emotes/setmanip.php @@ -13,7 +13,7 @@ if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emotese exit; } -if (!isset($_POST["id"], $_POST["action"])) { +if (!isset($_POST["id"], $_POST["action"], $_POST["emote_set_id"])) { generate_alert("/emotes", "Not enough POST fields"); exit; } @@ -31,37 +31,17 @@ if ($stmt->rowCount() == 0) { $emote = $stmt->fetch(PDO::FETCH_ASSOC); $user_id = $_SESSION["user_id"]; +$emote_set_id = $_POST["emote_set_id"]; -// obtaining or creating a emote set -$stmt = $db->prepare("SELECT emote_set_id FROM acquired_emote_sets WHERE user_id = ? AND is_default = true"); -$stmt->execute([$user_id]); -$emote_set_id = null; +// checking emote set +$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?"); +$stmt->execute([$emote_set_id, $user_id]); -if ($row = $stmt->fetch()) { - $emote_set_id = $row["emote_set_id"]; - - // checking ownership - $stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?"); - $stmt->execute([$emote_set_id, $user_id]); - - if ($stmt->rowCount() == 0) { - $_SESSION["user_emote_set_id"] = ""; - generate_alert("/emotes?id=$emote_id", "Bad ownership permissions on active emoteset", 403); - exit; - } -} - -if ($emote_set_id == null) { - $stmt = $db->prepare("INSERT INTO emote_sets(owner_id, name) VALUES (?, ?)"); - $stmt->execute([$user_id, $_SESSION["user_name"] . "'s emoteset"]); - $emote_set_id = $db->lastInsertId(); - - $stmt = $db->prepare("INSERT INTO acquired_emote_sets(user_id, emote_set_id, is_default) VALUES (?, ?, true)"); - $stmt->execute([$user_id, $emote_set_id]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403); + exit; } -$_SESSION["user_emote_set_id"] = $emote_set_id; - // inserting emote $stmt = $db->prepare("SELECT id FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?"); $stmt->execute([$emote_set_id, $emote_id]); diff --git a/src/accounts.php b/src/accounts.php index 72c766f..51cb3f6 100644 --- a/src/accounts.php +++ b/src/accounts.php @@ -55,17 +55,27 @@ function authorize_user(bool $required = false): bool $_SESSION["user_role"] = $role_row; } - $stmt = $db->prepare("SELECT es.* FROM emote_sets es + $stmt = $db->prepare("SELECT es.*, aes.is_default FROM emote_sets es INNER JOIN acquired_emote_sets aes ON aes.emote_set_id = es.id - WHERE aes.user_id = ? AND aes.is_default = TRUE + WHERE aes.user_id = ? + ORDER BY + CASE WHEN es.id = ? THEN 0 ELSE 1 END, + es.id "); - $stmt->execute([$row["id"]]); + $stmt->execute([$row["id"], $_SESSION["user_active_emote_set_id"] ?? ""]); - $_SESSION["user_active_emote_set"] = null; + $emote_sets = $stmt->fetchAll(PDO::FETCH_ASSOC); - if ($emote_set_row = $stmt->fetch(PDO::FETCH_ASSOC)) { - $_SESSION["user_active_emote_set"] = $emote_set_row; + if (!isset($_SESSION["user_active_emote_set_id"])) { + foreach ($emote_sets as $es) { + if ($es["is_default"]) { + $_SESSION["user_active_emote_set"] = $es; + $_SESSION["user_active_emote_set_id"] = $es["id"]; + } + } } + + $_SESSION["user_emote_sets"] = $emote_sets; } else { session_regenerate_id(); session_unset(); diff --git a/src/partials.php b/src/partials.php index c9ee5cb..760923a 100644 --- a/src/partials.php +++ b/src/partials.php @@ -79,6 +79,27 @@ function html_navigation_bar() </div> <?php if (isset($_SESSION["user_id"])): ?> <div class="flex items-bottom small-gap" style="margin-left: auto;"> + <?php if (isset($_SESSION["user_emote_sets"])): ?> + <form action="/account/change_emoteset.php" method="POST" id="form-change-emoteset"> + <input type="text" name="redirect" value="<?php echo $_SERVER["REQUEST_URI"] ?>" style="display: none;"> + <div class="row small-gap"> + <label for="id">Current emote set: </label> + <select name="id" onchange="send_change_emoteset(event)"> + <?php + foreach ($_SESSION["user_emote_sets"] as $es) { + echo '<option value="' . $es["id"] . '">' . $es["name"] . '</option>'; + } + ?> + </select> + </div> + </form> + <script> + function send_change_emoteset(e) { + document.getElementById("form-change-emoteset").submit(); + } + </script> + <?php endif; ?> + <a href="/users.php?id=<?php echo $_SESSION["user_id"] ?>" class="flex items-bottom small-gap"> Signed in as <?php echo $_SESSION["user_name"] ?> <?php |