summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
Diffstat (limited to 'public')
-rw-r--r--public/account/change_emoteset.php36
-rw-r--r--public/emotes/index.php13
-rw-r--r--public/emotes/setmanip.php36
3 files changed, 53 insertions, 32 deletions
diff --git a/public/account/change_emoteset.php b/public/account/change_emoteset.php
new file mode 100644
index 0000000..c2fc209
--- /dev/null
+++ b/public/account/change_emoteset.php
@@ -0,0 +1,36 @@
+<?php
+include_once "../../src/config.php";
+include_once "../../src/alert.php";
+include_once "../../src/accounts.php";
+
+if (!authorize_user(true)) {
+ generate_alert("/404.php", "Unauthorized", 401);
+ exit;
+}
+
+if ($_SERVER["REQUEST_METHOD"] != "POST") {
+ generate_alert("/404.php", "Method not allowed", 405);
+ exit;
+}
+
+if (!isset($_POST["id"])) {
+ generate_alert("/404.php", "Emote set ID is not provided");
+ exit;
+}
+
+$emote_set_id = $_POST["id"];
+$user_id = $_SESSION["user_id"];
+
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
+$stmt->execute([$emote_set_id, $user_id]);
+
+if ($stmt->rowCount() == 0) {
+ generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403);
+ exit;
+}
+
+$_SESSION["user_active_emote_set_id"] = $emote_set_id;
+
+header("Location: " . $_POST["redirect"] ?? "/"); \ No newline at end of file
diff --git a/public/emotes/index.php b/public/emotes/index.php
index 8706319..4234297 100644
--- a/public/emotes/index.php
+++ b/public/emotes/index.php
@@ -31,7 +31,7 @@ function display_list_emotes(PDO &$db, string $search, string $sort_by, int $pag
FROM emote_set_contents ec
INNER JOIN emote_sets es ON es.id = ec.emote_set_id
JOIN acquired_emote_sets aes ON aes.emote_set_id = es.id
- WHERE ec.emote_id = e.id AND es.owner_id = ? AND aes.is_default = TRUE
+ WHERE ec.emote_id = e.id AND es.id = ?
) THEN 1 ELSE 0 END AS is_in_user_set, COALESCE(COUNT(r.rate), 0) AS rating
FROM emotes e
LEFT JOIN user_preferences up ON up.id = e.uploaded_by
@@ -46,9 +46,10 @@ function display_list_emotes(PDO &$db, string $search, string $sort_by, int $pag
");
$sql_search = "%$search%";
+ $current_emote_set_id = $_SESSION["user_active_emote_set_id"] ?? "";
$stmt->bindParam(1, $current_user_id, PDO::PARAM_STR);
- $stmt->bindParam(2, $user_id, PDO::PARAM_INT);
+ $stmt->bindParam(2, $current_emote_set_id, PDO::PARAM_STR);
$stmt->bindParam(3, $search, PDO::PARAM_STR);
$stmt->bindParam(4, $sql_search, PDO::PARAM_STR);
$stmt->bindParam(5, $limit, PDO::PARAM_INT);
@@ -281,9 +282,9 @@ if (CLIENT_REQUIRES_JSON) {
<?php
$added = false;
- if (isset($_SESSION["user_emote_set_id"])) {
+ if (isset($_SESSION["user_active_emote_set_id"])) {
$stmt = $db->prepare("SELECT id, code FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?");
- $stmt->execute([$_SESSION["user_emote_set_id"], $emote->get_id()]);
+ $stmt->execute([$_SESSION["user_active_emote_set_id"], $emote->get_id()]);
$added = false;
@@ -298,6 +299,8 @@ if (CLIENT_REQUIRES_JSON) {
<form action="/emotes/setmanip.php" method="POST">
<input type="text" name="id" value="<?php echo $emote->get_id() ?>"
style="display: none;">
+ <input type="text" name="emote_set_id"
+ value="<?php echo $_SESSION["user_active_emote_set_id"] ?>" style="display: none;">
<?php
if ($added) {
?>
@@ -307,6 +310,8 @@ if (CLIENT_REQUIRES_JSON) {
<form action="/emotes/setmanip.php" method="POST" class="row">
<input type="text" name="id" value="<?php echo $emote->get_id() ?>"
style="display: none;">
+ <input type="text" name="emote_set_id"
+ value="<?php echo $_SESSION["user_active_emote_set_id"] ?>" style="display: none;">
<input type="text" name="value" id="emote-alias-input"
value="<?php echo $emote_current_name ?>"
placeholder="<?php echo $emote->get_code() ?>">
diff --git a/public/emotes/setmanip.php b/public/emotes/setmanip.php
index 8e8d840..129790d 100644
--- a/public/emotes/setmanip.php
+++ b/public/emotes/setmanip.php
@@ -13,7 +13,7 @@ if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emotese
exit;
}
-if (!isset($_POST["id"], $_POST["action"])) {
+if (!isset($_POST["id"], $_POST["action"], $_POST["emote_set_id"])) {
generate_alert("/emotes", "Not enough POST fields");
exit;
}
@@ -31,37 +31,17 @@ if ($stmt->rowCount() == 0) {
$emote = $stmt->fetch(PDO::FETCH_ASSOC);
$user_id = $_SESSION["user_id"];
+$emote_set_id = $_POST["emote_set_id"];
-// obtaining or creating a emote set
-$stmt = $db->prepare("SELECT emote_set_id FROM acquired_emote_sets WHERE user_id = ? AND is_default = true");
-$stmt->execute([$user_id]);
-$emote_set_id = null;
+// checking emote set
+$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
+$stmt->execute([$emote_set_id, $user_id]);
-if ($row = $stmt->fetch()) {
- $emote_set_id = $row["emote_set_id"];
-
- // checking ownership
- $stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?");
- $stmt->execute([$emote_set_id, $user_id]);
-
- if ($stmt->rowCount() == 0) {
- $_SESSION["user_emote_set_id"] = "";
- generate_alert("/emotes?id=$emote_id", "Bad ownership permissions on active emoteset", 403);
- exit;
- }
-}
-
-if ($emote_set_id == null) {
- $stmt = $db->prepare("INSERT INTO emote_sets(owner_id, name) VALUES (?, ?)");
- $stmt->execute([$user_id, $_SESSION["user_name"] . "'s emoteset"]);
- $emote_set_id = $db->lastInsertId();
-
- $stmt = $db->prepare("INSERT INTO acquired_emote_sets(user_id, emote_set_id, is_default) VALUES (?, ?, true)");
- $stmt->execute([$user_id, $emote_set_id]);
+if ($stmt->rowCount() == 0) {
+ generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403);
+ exit;
}
-$_SESSION["user_emote_set_id"] = $emote_set_id;
-
// inserting emote
$stmt = $db->prepare("SELECT id FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?");
$stmt->execute([$emote_set_id, $emote_id]);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 16:58:10 +0000