From 9f1906c4cbb9878c5888723b7923fa8e4bebb51f Mon Sep 17 00:00:00 2001 From: ilotterytea Date: Sun, 27 Apr 2025 21:12:02 +0500 Subject: feat: roles --- public/emotes/index.php | 75 ++++++++------- public/emotes/rate.php | 5 + public/emotes/setmanip.php | 5 + public/emotes/upload.php | 225 +++++++++++++++++++++++---------------------- public/index.php | 7 +- public/report/index.php | 5 + public/report/list.php | 6 ++ public/report/send.php | 5 + public/static/style.css | 13 +++ public/users.php | 51 ++++++++-- 10 files changed, 245 insertions(+), 152 deletions(-) (limited to 'public') diff --git a/public/emotes/index.php b/public/emotes/index.php index b9b3e2b..c278e93 100644 --- a/public/emotes/index.php +++ b/public/emotes/index.php @@ -179,46 +179,57 @@ if (CLIENT_REQUIRES_JSON) { $stmt->execute([$_SESSION["user_emote_set_id"], $emote->get_id()]); $added = $stmt->rowCount() > 0; } - ?> -
- - - - - - - + + if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_emoteset_own"]) { + echo '' ?> + + -
+ if ($added) { ?> + + + + + + + +
prepare("SELECT rate FROM ratings WHERE user_id = ? AND emote_id = ?"); - $stmt->execute([$_SESSION["user_id"], $id]); - - if ($row = $stmt->fetch()) { - echo 'You gave '; - } else { - foreach (RATING_NAMES as $key => $value) { - echo '
'; - echo ''; - echo ""; - echo '
'; + echo ''; + } + } + } + if ($_SESSION["user_role"]["permission_report"]) { + echo 'Report emote'; } } ?> - Report - emote
Uploader get_uploaded_by()) { diff --git a/public/emotes/rate.php b/public/emotes/rate.php index 3cc3e01..bf26bcd 100644 --- a/public/emotes/rate.php +++ b/public/emotes/rate.php @@ -8,6 +8,11 @@ if (!authorize_user(true)) { exit; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_rate"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + $id = intval(str_safe($_POST["id"] ?? "0", 10)); $rate = intval(str_safe($_POST["rate"] ?? "0", 2)); diff --git a/public/emotes/setmanip.php b/public/emotes/setmanip.php index b5796c7..5f3174f 100644 --- a/public/emotes/setmanip.php +++ b/public/emotes/setmanip.php @@ -7,6 +7,11 @@ if (!authorize_user(true)) { return; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + if (!isset($_POST["id"], $_POST["action"])) { generate_alert("/emotes", "Not enough POST fields"); exit; diff --git a/public/emotes/upload.php b/public/emotes/upload.php index 44d9161..4e90632 100644 --- a/public/emotes/upload.php +++ b/public/emotes/upload.php @@ -1,9 +1,23 @@ prepare("DELETE FROM emotes WHERE id = ?"); @@ -24,113 +38,6 @@ $max_width = max(128, 1); $max_height = max(128, 1); if ($_SERVER['REQUEST_METHOD'] != "POST") { - echo_upload_page(); - exit; -} - -if (!isset($_FILES["file"])) { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "No file set", - "data" => null - ]); - exit; -} - -$code = str_safe($_POST["code"] ?? "", 500); - -if ($code == "") { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "Invalid code", - "data" => null - ]); - exit; -} - -$image = $_FILES["file"]; - -if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) { - http_response_code(400); - echo json_encode([ - "status_code" => 400, - "message" => "Not a valid image", - "data" => null - ]); - exit; -} - -// creating a new emote record -$db = new PDO(DB_URL, DB_USER, DB_PASS); - -$uploaded_by = $_SESSION["user_id"] ?? null; - -$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)"); -$stmt->execute([$code, $mime, $ext, $uploaded_by]); - -$id = $db->lastInsertId(); - -if ($id == 0) { - $db = null; - http_response_code(500); - echo json_encode([ - "status_code" => 500, - "message" => "Failed to create an emote record", - "data" => null - ]); - exit; -} - -$path = "../static/userdata/emotes/$id"; - -if (!is_dir($path)) { - mkdir($path, 0777, true); -} - -// resizing the image - -// 3x image -$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -// 2x image -$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -// 1x image -$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4); -if ($resized_image) { - abort_upload($path, $db, $id, $resized_image); -} - -$db = null; - -if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") { - http_response_code(201); - echo json_encode([ - "status_code" => 201, - "message" => null, - "data" => [ - "id" => $id, - "code" => $code, - "ext" => $ext, - "mime" => $mime, - "uploaded_by" => $uploaded_by - ] - ]); - exit; -} - -header("Location: /emotes?id=$id", true, 307); - -function echo_upload_page() -{ include "../../src/partials.php"; echo '' ?> @@ -174,7 +81,7 @@ function echo_upload_page() + @@ -260,4 +167,104 @@ function echo_upload_page() 400, + "message" => "No file set", + "data" => null + ]); + exit; +} + +$code = str_safe($_POST["code"] ?? "", 500); + +if ($code == "") { + http_response_code(400); + echo json_encode([ + "status_code" => 400, + "message" => "Invalid code", + "data" => null + ]); + exit; +} + +$image = $_FILES["file"]; + +if (is_null(list($mime, $ext) = get_mime_and_ext($image["tmp_name"]))) { + http_response_code(400); + echo json_encode([ + "status_code" => 400, + "message" => "Not a valid image", + "data" => null + ]); + exit; +} + +// creating a new emote record +$db = new PDO(DB_URL, DB_USER, DB_PASS); + +$stmt = $db->prepare("INSERT INTO emotes(code, mime, ext, uploaded_by) VALUES (?, ?, ?, ?)"); +$stmt->execute([$code, $mime, $ext, $uploaded_by]); + +$id = $db->lastInsertId(); + +if ($id == 0) { + $db = null; + http_response_code(500); + echo json_encode([ + "status_code" => 500, + "message" => "Failed to create an emote record", + "data" => null + ]); + exit; +} + +$path = "../static/userdata/emotes/$id"; + +if (!is_dir($path)) { + mkdir($path, 0777, true); +} + +// resizing the image + +// 3x image +$resized_image = resize_image($image["tmp_name"], "$path/3x", $max_width, $max_height); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +// 2x image +$resized_image = resize_image($image["tmp_name"], "$path/2x", $max_width / 2, $max_height / 2); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +// 1x image +$resized_image = resize_image($image["tmp_name"], "$path/1x", $max_width / 4, $max_height / 4); +if ($resized_image) { + abort_upload($path, $db, $id, $resized_image); +} + +$db = null; + +if (isset($_SERVER["HTTP_ACCEPT"]) && $_SERVER["HTTP_ACCEPT"] == "application/json") { + http_response_code(201); + echo json_encode([ + "status_code" => 201, + "message" => null, + "data" => [ + "id" => $id, + "code" => $code, + "ext" => $ext, + "mime" => $mime, + "uploaded_by" => $uploaded_by + ] + ]); + exit; +} + +header("Location: /emotes?id=$id", true, 307); \ No newline at end of file diff --git a/public/index.php b/public/index.php index 2a6311f..8f1d7dd 100644 --- a/public/index.php +++ b/public/index.php @@ -1,5 +1,8 @@ @@ -17,7 +20,9 @@ include_once "../src/config.php"; Emotes Emotesets Users - Upload + Upload'; + } ?> Account Chat clients diff --git a/public/report/index.php b/public/report/index.php index e040123..179c2bd 100644 --- a/public/report/index.php +++ b/public/report/index.php @@ -9,6 +9,11 @@ if (!authorize_user(true)) { exit; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + $db = new PDO(DB_URL, DB_USER, DB_PASS); $report = null; $report_id = $_GET["id"] ?? ""; diff --git a/public/report/list.php b/public/report/list.php index 128f994..087eb55 100644 --- a/public/report/list.php +++ b/public/report/list.php @@ -3,11 +3,17 @@ include_once "../../src/accounts.php"; include_once "../../src/config.php"; include_once "../../src/partials.php"; include_once "../../src/utils.php"; +include_once "../../src/alert.php"; if (!authorize_user(true)) { exit; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + $db = new PDO(DB_URL, DB_USER, DB_PASS); $stmt = $db->prepare("SELECT * FROM reports WHERE sender_id = ? ORDER BY sent_at DESC"); diff --git a/public/report/send.php b/public/report/send.php index 0b7abaf..e5a77be 100644 --- a/public/report/send.php +++ b/public/report/send.php @@ -8,6 +8,11 @@ if (!authorize_user(true)) { exit; } +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + $db = new PDO(DB_URL, DB_USER, DB_PASS); if (!isset($_POST["contents"])) { diff --git a/public/static/style.css b/public/static/style.css index 099764f..0183846 100644 --- a/public/static/style.css +++ b/public/static/style.css @@ -401,6 +401,19 @@ a.box:hover { gap: 16px; } +.badge { + padding: 2px 8px; + border-radius: 4px; + border-width: 1px; + border-style: solid; +} + +.badge img { + max-width: 16px; + max-height: 16px; + vertical-align: middle; +} + .row { display: flex; flex-direction: row; diff --git a/public/users.php b/public/users.php index 4876a0f..4540f5a 100644 --- a/public/users.php +++ b/public/users.php @@ -4,6 +4,7 @@ include_once "../src/user.php"; include_once "../src/partials.php"; include_once "../src/utils.php"; include_once "../src/accounts.php"; +include_once "../src/alert.php"; authorize_user(); session_start(); @@ -124,7 +125,7 @@ if ($row = $stmt->fetch()) { } if ($user == null) { - header("Location: /404.php"); + generate_alert("/404.php", "The user you requested cannot be found", 404); exit; } @@ -211,7 +212,39 @@ $stmt->execute([$user->id()]); $contributions += intval($stmt->fetch()[0]); // getting status -$status = 1; +$status = "... i don't know who am i"; + +$stmt = $db->prepare("SELECT * FROM roles r INNER JOIN role_assigns ra ON ra.user_id = ? WHERE ra.role_id = r.id"); +$stmt->execute([$user->id()]); + +if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + $status = ''; + $status .= $row["name"]; + $status .= ''; +} // getting reactions $stmt = $db->prepare("SELECT rate, COUNT(*) AS c FROM ratings WHERE user_id = ? GROUP BY rate ORDER BY c DESC"); @@ -277,13 +310,7 @@ if ($is_json) { - + @@ -343,7 +370,11 @@ if ($is_json) {
Send a message - Report user + id() ?>">Report user'; + } + ?>
-- cgit v1.2.3
I am
Joined