public/emotes/setmanip.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

<?php
include_once "../../src/config.php";
include "../../src/accounts.php";
include "../../src/alert.php";
include_once "../../src/utils.php";

if (!authorize_user(true)) {
    return;
}

if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) {
    generate_alert("/404.php", "Not enough permissions", 403);
    exit;
}

if (!isset($_POST["id"], $_POST["action"])) {
    generate_alert("/emotes", "Not enough POST fields");
    exit;
}

$db = new PDO(DB_URL, DB_USER, DB_PASS);

// checking emote
$emote_id = $_POST["id"];
$stmt = $db->prepare("SELECT id, code, uploaded_by, visibility, created_at FROM emotes WHERE id = ?");
$stmt->execute([$emote_id]);
if ($stmt->rowCount() == 0) {
    generate_alert("/emotes", "Emote not found", 404);
    exit;
}
$emote = $stmt->fetch(PDO::FETCH_ASSOC);

$user_id = $_SESSION["user_id"];

// obtaining or creating a emote set
$stmt = $db->prepare("SELECT emote_set_id FROM acquired_emote_sets WHERE user_id = ? AND is_default = true");
$stmt->execute([$user_id]);
$emote_set_id = null;

if ($row = $stmt->fetch()) {
    $emote_set_id = $row["emote_set_id"];

    // checking ownership
    $stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?");
    $stmt->execute([$emote_set_id, $user_id]);

    if ($stmt->rowCount() == 0) {
        $_SESSION["user_emote_set_id"] = "";
        generate_alert("/emotes?id=$emote_id", "Bad ownership permissions on active emoteset", 403);
        exit;
    }
}

if ($emote_set_id == null) {
    $stmt = $db->prepare("INSERT INTO emote_sets(owner_id, name) VALUES (?, ?)");
    $stmt->execute([$user_id, $_SESSION["user_name"] . "'s emoteset"]);
    $emote_set_id = $db->lastInsertId();

    $stmt = $db->prepare("INSERT INTO acquired_emote_sets(user_id, emote_set_id, is_default) VALUES (?, ?, true)");
    $stmt->execute([$user_id, $emote_set_id]);
}

$_SESSION["user_emote_set_id"] = $emote_set_id;

// inserting emote
$stmt = $db->prepare("SELECT id FROM emote_set_contents WHERE emote_set_id = ? AND emote_id = ?");
$stmt->execute([$emote_set_id, $emote_id]);

$action = $_POST["action"];
$payload = [
    "emote" => $emote,
    "emoteset" => $_SESSION["user_active_emote_set"]
];

switch ($action) {
    case "add": {
        if ($stmt->rowCount() != 0) {
            generate_alert("/emotes?id=$emote_id", "This emote has been already added!");
            exit;
        }

        $stmt = $db->prepare("INSERT INTO emote_set_contents(emote_set_id, emote_id, added_by) VALUES (?, ?, ?)");
        $stmt->execute([$emote_set_id, $emote_id, $user_id]);

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_ADD", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "This emote has been added to your set. Enjoy!", 200);
        break;
    }
    case "remove": {
        if ($row = $stmt->fetch()) {
            $stmt = $db->prepare("DELETE FROM emote_set_contents WHERE id = ?");
            $stmt->execute([$row["id"]]);
        } else {
            generate_alert("/emotes?id=$emote_id", "This emote wasn't added!");
            $db = null;
            exit;
        }

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_REMOVE", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "This emote has been removed from your set.", 200);
        break;
    }
    case "alias": {
        if (!isset($_POST["value"])) {
            generate_alert("/emotes?id=$emote_id", "No value field");
            exit;
        }

        $value = str_safe($_POST["value"], EMOTE_NAME_MAX_LENGTH);

        $stmt = $db->prepare("SELECT esc.code AS alias_code, e.code FROM emote_set_contents esc
                INNER JOIN emotes e ON e.id = esc.emote_id
                WHERE esc.emote_set_id = ? AND esc.emote_id = ?");
        $stmt->execute([$emote_set_id, $emote_id]);

        if (empty($value)) {
            $value = null;

            if ($row = $stmt->fetch()) {
                $payload["emote"]["original_code"] = $row["alias_code"];
                $payload["emote"]["code"] = $row["code"];
            }
        } else {
            $row = $stmt->fetch();
            $payload["emote"]["original_code"] = $row["alias_code"] ?? $row["code"];
            $payload["emote"]["code"] = $value;
        }

        $stmt = $db->prepare("UPDATE emote_set_contents SET code = ? WHERE emote_set_id = ? AND emote_id = ?");
        $stmt->execute([$value, $emote_set_id, $emote_id]);

        if (ACCOUNT_LOG_ACTIONS) {
            $db->prepare("INSERT INTO actions(user_id, action_type, action_payload) VALUES (?, ?, ?)")
                ->execute([$user_id, "EMOTESET_ALIAS", json_encode($payload)]);
        }

        $db = null;

        generate_alert("/emotes?id=$emote_id", "Updated emote name!", 200);
        break;
    }
    default: {
        generate_alert("/emotes?id=$emote_id", "Unknown action");
        break;
    }
}