summaryrefslogtreecommitdiff
path: root/emotes/setmanip.php
blob: cf8add6d514d6091f11ab93e61fa5ee7d9ba7598 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
include "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";

if (!authorize_user(true)) {
    return;
}

if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) {
    generate_alert("/404.php", "Not enough permissions", 403);
    exit;
}

if (!isset($_POST["id"], $_POST["action"], $_POST["emote_set_id"])) {
    generate_alert("/emotes", "Not enough POST fields");
    exit;
}

$db = new PDO(DB_URL, DB_USER, DB_PASS);

// checking emote
$emote_id = $_POST["id"];
$stmt = $db->prepare("SELECT id, code, uploaded_by, visibility, created_at FROM emotes WHERE id = ?");
$stmt->execute([$emote_id]);
if ($stmt->rowCount() == 0) {
    generate_alert("/emotes", "Emote not found", 404);
    exit;
}
$emote = $stmt->fetch(PDO::FETCH_ASSOC);

$user_id = $_SESSION["user_id"];
$emote_set_id = $_POST["emote_set_id"];

// checking emote set
$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
$stmt->execute([$emote_set_id, $user_id]);

if ($stmt->rowCount() == 0) {
    generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403);
    exit;
}

// inserting emote
$stmt = $db->prepare("SELECT id FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?");
$stmt->execute([$emote_set_id, $emote_id]);

$action = $_POST["action"];
$payload = [
    "emote" => $emote,
    "emoteset" => $_SESSION["user_active_emote_set"]
];

switch ($action) {
    case "add": {
        if ($stmt->rowCount() != 0) {
            generate_alert("/emotes?id=$emote_id", "This emote has been already added!");
            exit;
        }

        $stmt = $db->prepare("INSERT INTO emote_set_contents(emote_set_id, emote_id, added_by) VALUES (?, ?, ?)");
        $stmt->execute([$emote_set_id, $emote_id, $user_id]);

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_ADD", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "This emote has been added to your set. Enjoy!", 200);
        break;
    }
    case "remove": {
        if ($row = $stmt->fetch()) {
            $stmt = $db->prepare("DELETE FROM emote_set_contents WHERE id = ?");
            $stmt->execute([$row["id"]]);
        } else {
            generate_alert("/emotes?id=$emote_id", "This emote wasn't added!");
            $db = null;
            exit;
        }

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_REMOVE", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "This emote has been removed from your set.", 200);
        break;
    }
    case "alias": {
        if (!isset($_POST["value"])) {
            generate_alert("/emotes?id=$emote_id", "No value field");
            exit;
        }

        $value = str_safe($_POST["value"], EMOTE_NAME_MAX_LENGTH);

        $stmt = $db->prepare("SELECT esc.code AS alias_code, e.code FROM emote_set_contents esc
                INNER JOIN emotes e ON e.id = esc.emote_id
                WHERE esc.emote_set_id = ? AND esc.emote_id = ?");
        $stmt->execute([$emote_set_id, $emote_id]);

        if (empty($value)) {
            $value = null;

            if ($row = $stmt->fetch()) {
                $payload["emote"]["original_code"] = $row["alias_code"];
                $payload["emote"]["code"] = $row["code"];
            }
        } else {
            $row = $stmt->fetch();
            $payload["emote"]["original_code"] = $row["alias_code"] ?? $row["code"];
            $payload["emote"]["code"] = $value;
        }

        $stmt = $db->prepare("UPDATE emote_set_contents SET code = ? WHERE emote_set_id = ? AND emote_id = ?");
        $stmt->execute([$value, $emote_set_id, $emote_id]);

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_ALIAS", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "Updated emote name!", 200);
        break;
    }
    default: {
        generate_alert("/emotes?id=$emote_id", "Unknown action");
        break;
    }
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 13:48:33 +0000