summaryrefslogtreecommitdiff
path: root/account
diff options
context:
space:
mode:
Diffstat (limited to 'account')
-rw-r--r--account/change_emoteset.php2
-rw-r--r--account/delete.php2
-rw-r--r--account/index.php24
-rw-r--r--account/login/index.php14
-rw-r--r--account/login/twitch.php14
-rw-r--r--account/register.php25
-rw-r--r--account/security.php6
7 files changed, 44 insertions, 43 deletions
diff --git a/account/change_emoteset.php b/account/change_emoteset.php
index 2452b23..2094b22 100644
--- a/account/change_emoteset.php
+++ b/account/change_emoteset.php
@@ -21,7 +21,7 @@ if (!isset($_POST["id"])) {
$emote_set_id = $_POST["id"];
$user_id = $_SESSION["user_id"];
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
$stmt->execute([$emote_set_id, $user_id]);
diff --git a/account/delete.php b/account/delete.php
index 34570a9..0a0bbb6 100644
--- a/account/delete.php
+++ b/account/delete.php
@@ -9,7 +9,7 @@ if (!isset($_SESSION["user_id"])) {
exit;
}
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$id = $_SESSION["user_id"];
diff --git a/account/index.php b/account/index.php
index 665087a..bb4bff6 100644
--- a/account/index.php
+++ b/account/index.php
@@ -13,13 +13,13 @@ if (!isset($_SESSION["user_id"], $_SESSION["user_name"])) {
exit;
}
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $username = str_safe($_POST["username"] ?? "", ACCOUNT_USERNAME_LENGTH[1]);
+ $username = str_safe($_POST["username"] ?? "", CONFIG['account']['maxusernamelength']);
if (!empty($username) && $username != $_SESSION["user_name"]) {
- if (!preg_match(ACCOUNT_USERNAME_REGEX, $username)) {
+ if (!preg_match(CONFIG['account']['regex'], $username)) {
generate_alert("/account", "Bad username");
exit;
}
@@ -43,8 +43,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$err = create_image_bundle(
$pfp["tmp_name"],
$_SERVER["DOCUMENT_ROOT"] . "/static/userdata/avatars/" . $_SESSION["user_id"],
- ACCOUNT_PFP_MAX_SIZE[0],
- ACCOUNT_PFP_MAX_SIZE[1],
+ CONFIG['account']['pfpsizex'],
+ CONFIG['account']['pfpsizey'],
true,
true
)
@@ -61,8 +61,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$err = create_image_bundle(
$banner["tmp_name"],
$_SERVER["DOCUMENT_ROOT"] . "/static/userdata/banners/" . $_SESSION["user_id"],
- ACCOUNT_BANNER_MAX_SIZE[0],
- ACCOUNT_BANNER_MAX_SIZE[1],
+ CONFIG['account']['bannersizex'],
+ CONFIG['account']['bannersizey'],
true,
true
)
@@ -79,8 +79,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$err = create_image_bundle(
$badge["tmp_name"],
$_SERVER["DOCUMENT_ROOT"] . "/static/userdata/badges/" . $badge_id,
- ACCOUNT_BADGE_MAX_SIZE[0],
- ACCOUNT_BADGE_MAX_SIZE[1],
+ CONFIG['account']['badgesizex'],
+ CONFIG['account']['badgesizey'],
true,
true
)
@@ -104,7 +104,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<html>
<head>
- <title>Account management - <?php echo INSTANCE_NAME ?></title>
+ <title>Account management - <?php echo CONFIG['instance']['name'] ?></title>
<link rel="stylesheet" href="/static/style.css">
<link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
</head>
@@ -293,9 +293,9 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
let validUsername = "";
username.addEventListener("input", (e) => {
- const regex = <?php echo ACCOUNT_USERNAME_REGEX ?>;
+ const regex = <?php echo CONFIG['account']['regex'] ?>;
- if (regex.test(e.target.value) && e.target.value.length <= <?php echo ACCOUNT_USERNAME_LENGTH[1] ?>) {
+ if (regex.test(e.target.value) && e.target.value.length <= <?php echo CONFIG['account']['maxusernamelength'] ?>) {
validUsername = e.target.value;
} else {
e.target.value = validUsername;
diff --git a/account/login/index.php b/account/login/index.php
index 7aef703..b4223f2 100644
--- a/account/login/index.php
+++ b/account/login/index.php
@@ -21,13 +21,13 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$password = $_POST["password"];
$remember = intval($_POST["remember"] ?? "0") != 0;
- $db = new PDO(DB_URL, DB_USER, DB_PASS);
+ $db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT secret_key, password FROM users WHERE username = ? AND password IS NOT NULL");
$stmt->execute([$username]);
if ($row = $stmt->fetch()) {
if (password_verify($password, $row["password"])) {
- setcookie("secret_key", $row["secret_key"], $remember ? (time() + ACCOUNT_COOKIE_MAX_LIFETIME) : 0, "/");
+ setcookie("secret_key", $row["secret_key"], $remember ? (time() + CONFIG['account']['maxcookielifetime']) : 0, "/");
header("Location: /account");
exit;
} else {
@@ -44,7 +44,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<html>
<head>
- <title>Login - <?php echo INSTANCE_NAME ?></title>
+ <title>Login - <?php echo CONFIG['instance']['name'] ?></title>
<link rel="stylesheet" href="/static/style.css">
<link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
</head>
@@ -57,7 +57,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<?php display_alert() ?>
<section class="box">
<div class="box navtab">
- <p>Log in to <?php echo INSTANCE_NAME ?></p>
+ <p>Log in to <?php echo CONFIG['instance']['name'] ?></p>
</div>
<div class="box content">
<form action="/account/login/" method="post">
@@ -75,7 +75,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
</div>
<div>
<button type="submit">Log in</button>
- <?php if (ACCOUNT_REGISTRATION_ENABLE): ?>
+ <?php if (CONFIG['account']['registration']): ?>
<a href="/account/register.php">Register</a>
<?php endif; ?>
</div>
@@ -83,11 +83,11 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
</div>
</section>
- <?php if (TWITCH_REGISTRATION_ENABLE): ?>
+ <?php if (CONFIG['twitch']['registration']): ?>
<section class="box column">
<a href="/account/login/twitch.php" class="button purple big">Login with Twitch</a>
<p style="font-size: 12px;">Logging in via Twitch gives you the ability to use
- <?php echo INSTANCE_NAME ?> emotes in your Twitch chat.
+ <?php echo CONFIG['instance']['name'] ?> emotes in your Twitch chat.
</p>
</section>
<?php endif; ?>
diff --git a/account/login/twitch.php b/account/login/twitch.php
index 23f4ea5..5e61c33 100644
--- a/account/login/twitch.php
+++ b/account/login/twitch.php
@@ -3,14 +3,14 @@ include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
-if (!TWITCH_REGISTRATION_ENABLE) {
+if (!CONFIG['twitch']['registration']) {
generate_alert("/404.php", "Registration via Twitch is disabled", 405);
exit;
}
session_start();
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
if (isset($_GET["disconnect"], $_SESSION["user_id"])) {
$stmt = $db->prepare("SELECT c.id,
@@ -37,9 +37,9 @@ if (isset($_GET["disconnect"], $_SESSION["user_id"])) {
exit;
}
-$client_id = TWITCH_CLIENT_ID;
-$client_secret = TWITCH_SECRET_KEY;
-$redirect_uri = TWITCH_REDIRECT_URI;
+$client_id = CONFIG['twitch']['clientid'];
+$client_secret = CONFIG['twitch']['clientsecret'];
+$redirect_uri = CONFIG['twitch']['redirecturi'];
if (isset($_GET["error"])) {
header("Location: /account/login");
@@ -113,7 +113,7 @@ $user_name = "";
if ($row = $stmt->fetch()) {
if (isset($_SESSION["user_id"]) && $_SESSION["user_id"] != $row["id"]) {
- generate_alert("/account", "There is another " . INSTANCE_NAME . " account associated with that Twitch account", 409);
+ generate_alert("/account", "There is another " . CONFIG['instance']['name'] . " account associated with that Twitch account", 409);
exit;
}
@@ -168,7 +168,7 @@ if ($row = $stmt->fetch()) {
$_SESSION["user_id"] = $user_id;
$_SESSION["user_name"] = $user_name;
-setcookie("secret_key", $user_secret_key, time() + ACCOUNT_COOKIE_MAX_LIFETIME, "/");
+setcookie("secret_key", $user_secret_key, time() + CONFIG['account']['maxcookielifetime'], "/");
$db = null;
diff --git a/account/register.php b/account/register.php
index 76dc27c..59ea886 100644
--- a/account/register.php
+++ b/account/register.php
@@ -7,7 +7,7 @@ if (authorize_user()) {
exit;
}
-if (!ACCOUNT_REGISTRATION_ENABLE) {
+if (!CONFIG['account']['registration']) {
generate_alert("/404.php", "Account registration is disabled", 403);
exit;
}
@@ -24,23 +24,23 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["username"];
$username_length = strlen($username);
- if (ACCOUNT_USERNAME_LENGTH[0] > $username_length || $username_length > ACCOUNT_USERNAME_LENGTH[1]) {
- generate_alert("/account/register.php", sprintf("Username must be between %d-%d characters long", ACCOUNT_USERNAME_LENGTH[0], ACCOUNT_USERNAME_LENGTH[1]));
+ if (CONFIG['account']['minusernamelength'] > $username_length || $username_length > CONFIG['account']['maxusernamelength']) {
+ generate_alert("/account/register.php", sprintf("Username must be between %d-%d characters long", CONFIG['account']['minusernamelength'], CONFIG['account']['maxusernamelength']));
exit;
}
- if (!preg_match(ACCOUNT_USERNAME_REGEX, $username)) {
+ if (!preg_match(CONFIG['account']['regex'], $username)) {
generate_alert("/account/register.php", "Bad username");
exit;
}
$password = $_POST["password"];
- if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) {
- generate_alert("/account/register.php", "Password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters");
+ if (CONFIG['account']['minpasswordlength'] > strlen($password)) {
+ generate_alert("/account/register.php", "Password must be at least " . CONFIG['account']['minpasswordlength'] . " characters");
exit;
}
- $db = new PDO(DB_URL, DB_USER, DB_PASS);
+ $db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmt->execute([$username]);
@@ -50,7 +50,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
exit;
}
- $secret_key = generate_random_string(ACCOUNT_SECRET_KEY_LENGTH);
+ $secret_key = generate_random_string(CONFIG['account']['secretkeylength']);
$password = password_hash($password, PASSWORD_DEFAULT);
$id = bin2hex(random_bytes(16));
@@ -58,7 +58,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$stmt = $db->prepare("INSERT INTO users(id, username, password, secret_key) VALUES (?, ?, ?, ?)");
$stmt->execute([$id, $username, $password, $secret_key]);
- setcookie("secret_key", $secret_key, time() + ACCOUNT_COOKIE_MAX_LIFETIME, "/");
+ setcookie("secret_key", $secret_key, time() + CONFIG['account']['maxcookielifetime'], "/");
header("Location: /account");
exit;
}
@@ -67,7 +67,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<html>
<head>
- <title>Register an account - <?php echo INSTANCE_NAME ?></title>
+ <title>Register an account - <?php echo CONFIG['instance']['name'] ?></title>
<link rel="stylesheet" href="/static/style.css">
<link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
</head>
@@ -81,7 +81,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<?php display_alert() ?>
<section class="box">
<div class="box navtab">
- <p>Register an account in <?php echo INSTANCE_NAME ?></p>
+ <p>Register an account in <?php echo CONFIG['instance']['name'] ?></p>
</div>
<div class="box content">
<form action="/account/register.php" method="post">
@@ -98,7 +98,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
</div>
</form>
<p style="font-size: 12px;">
- Since <?php echo INSTANCE_NAME ?> doesn't require email and password reset via email is
+ Since <?php echo CONFIG['instance']['name'] ?> doesn't require email and password reset via
+ email is
not supported, please remember your passwords!
</p>
</div>
diff --git a/account/security.php b/account/security.php
index a0210b5..11738dc 100644
--- a/account/security.php
+++ b/account/security.php
@@ -10,7 +10,7 @@ if ($_SERVER["REQUEST_METHOD"] != "POST" || !authorize_user(true)) {
exit;
}
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_SESSION["user_id"]]);
@@ -25,8 +25,8 @@ if ($user["password"] != null && !password_verify($current_password, $user["pass
if (!empty($_POST["password-new"])) {
$password = $_POST["password-new"];
- if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) {
- generate_alert("/account", "Your password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters");
+ if (CONFIG['account']['minpasswordlength'] > strlen($password)) {
+ generate_alert("/account", "Your password must be at least " . CONFIG['account']['minpasswordlength'] . " characters");
exit;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 16:56:41 +0000