1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php
include_once "../../src/alert.php";
include "../../src/accounts.php";
include "../../src/partials.php";
include_once "../../src/config.php";
include_once "../../src/utils.php";
include_once "../../src/images.php";
authorize_user();
if (!isset($_SESSION["user_id"], $_SESSION["user_name"])) {
header("Location: /account/login");
exit;
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$username = str_safe($_POST["username"], ACCOUNT_USERNAME_MAX_LENGTH);
if (!empty($username) && $username != $_SESSION["user_name"]) {
if (!preg_match(ACCOUNT_USERNAME_REGEX, $username)) {
generate_alert("/account", "Bad username");
exit;
}
$stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmt->execute([$username]);
if ($stmt->rowCount() == 0) {
$stmt = $db->prepare("UPDATE users SET username = ? WHERE id = ?");
$stmt->execute([$username, $_SESSION["user_id"]]);
} else {
generate_alert("/account", "The username has already taken");
exit;
}
}
if (isset($_FILES["pfp"])) {
$pfp = $_FILES["pfp"];
resize_image(
$pfp["tmp_name"],
"../static/userdata/avatars/" . $_SESSION["user_id"],
ACCOUNT_PFP_MAX_SIZE[0],
ACCOUNT_PFP_MAX_SIZE[1],
false
);
}
$db = null;
generate_alert("/account", "Your changes have been applied!", 200);
exit;
}
?>
<html>
<head>
<title>Account management - alright.party</title>
<link rel="stylesheet" href="/static/style.css">
</head>
<body>
<div class="container">
<div class="wrapper">
<?php html_navigation_bar() ?>
<section class="content">
<?php display_alert() ?>
<section class="box accman">
<h1>Account management</h1>
<form action="/account" method="POST" enctype="multipart/form-data">
<h2>Profile</h2>
<h3>Profile picture</h3>
<img src="/static/userdata/avatars/<?php echo $_SESSION["user_id"] ?>" id="pfp" width="64"
height="64">
<input type="file" name="pfp" id="pfp">
<h3>Username</h3>
<input type="text" name="username" id="username" value="<?php echo $_SESSION["user_name"] ?>">
<button type="submit">Save</button>
</form>
<hr>
<form action="/account/signout.php">
<h2>Security</h2>
<button type="submit">Sign out everywhere</button>
</form>
<form action="/account/delete.php">
<button class="red" type="submit">Delete me</button>
</form>
</section>
</section>
</div>
</div>
</body>
<script>
const username = document.getElementById("username");
let validUsername = "";
username.addEventListener("input", (e) => {
const regex = <?php echo ACCOUNT_USERNAME_REGEX ?>;
if (regex.test(e.target.value) && e.target.value.length <= <?php echo ACCOUNT_USERNAME_MAX_LENGTH ?>) {
validUsername = e.target.value;
} else {
e.target.value = validUsername;
}
});
</script>
</html>
|
