1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
include_once "../../src/config.php";
include "../../src/accounts.php";
include "../../src/alert.php";
include_once "../../src/utils.php";
if (!authorize_user(true)) {
return;
}
if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) {
generate_alert("/404.php", "Not enough permissions", 403);
exit;
}
if (!isset($_POST["id"], $_POST["action"])) {
generate_alert("/emotes", "Not enough POST fields");
exit;
}
$db = new PDO(DB_URL, DB_USER, DB_PASS);
// checking emote
$emote_id = $_POST["id"];
$stmt = $db->prepare("SELECT id FROM emotes WHERE id = ?");
$stmt->execute([$emote_id]);
if ($stmt->rowCount() == 0) {
generate_alert("/emotes", "Emote not found", 404);
exit;
}
$user_id = $_SESSION["user_id"];
// obtaining or creating a emote set
$stmt = $db->prepare("SELECT emote_set_id FROM acquired_emote_sets WHERE user_id = ? AND is_default = true");
$stmt->execute([$user_id]);
$emote_set_id = null;
if ($row = $stmt->fetch()) {
$emote_set_id = $row["emote_set_id"];
// checking ownership
$stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?");
$stmt->execute([$emote_set_id, $user_id]);
if ($stmt->rowCount() == 0) {
$_SESSION["user_emote_set_id"] = "";
generate_alert("/emotes?id=$emote_id", "Bad ownership permissions on active emoteset", 403);
exit;
}
}
if ($emote_set_id == null) {
$stmt = $db->prepare("INSERT INTO emote_sets(owner_id, name) VALUES (?, ?)");
$stmt->execute([$user_id, $_SESSION["user_name"] . "'s emoteset"]);
$emote_set_id = $db->lastInsertId();
$stmt = $db->prepare("INSERT INTO acquired_emote_sets(user_id, emote_set_id, is_default) VALUES (?, ?, true)");
$stmt->execute([$user_id, $emote_set_id]);
}
$_SESSION["user_emote_set_id"] = $emote_set_id;
// inserting emote
$stmt = $db->prepare("SELECT id FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?");
$stmt->execute([$emote_set_id, $emote_id]);
$action = $_POST["action"];
switch ($action) {
case "add": {
if ($stmt->rowCount() != 0) {
generate_alert("/emotes?id=$emote_id", "This emote has been already added!");
exit;
}
$stmt = $db->prepare("INSERT INTO emote_set_contents(emote_set_id, emote_id, added_by) VALUES (?, ?, ?)");
$stmt->execute([$emote_set_id, $emote_id, $user_id]);
$db = null;
generate_alert("/emotes?id=$emote_id", "This emote has been added to your set. Enjoy!", 200);
break;
}
case "remove": {
if ($row = $stmt->fetch()) {
$stmt = $db->prepare("DELETE FROM emote_set_contents WHERE id = ?");
$stmt->execute([$row["id"]]);
} else {
generate_alert("/emotes?id=$emote_id", "This emote wasn't added!");
$db = null;
exit;
}
$db = null;
generate_alert("/emotes?id=$emote_id", "This emote has been removed from your set.", 200);
break;
}
case "alias": {
if (!isset($_POST["value"])) {
generate_alert("/emotes?id=$emote_id", "No value field");
exit;
}
$value = str_safe($_POST["value"], EMOTE_NAME_MAX_LENGTH);
if (empty($value)) {
$value = null;
}
$stmt = $db->prepare("UPDATE emote_set_contents SET code = ? WHERE emote_set_id = ? AND emote_id = ?");
$stmt->execute([$value, $emote_set_id, $emote_id]);
$db = null;
generate_alert("/emotes?id=$emote_id", "Updated emote name!", 200);
break;
}
default: {
generate_alert("/emotes?id=$emote_id", "Unknown action");
break;
}
}
|
