flashii/misuzu
1
1
Fork 0
Code Issues 1 Pull requests Releases 140 Activity
misuzu/public/index.php

200 lines
6.4 KiB
PHP
Raw Normal View History

Imported into new repository.
2022-09-13 13:14:49 +00:00
<?php
namespace Misuzu;
Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix.
2023-07-22 15:02:41 +00:00
use RuntimeException;
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
Imported into new repository.
2022-09-13 13:14:49 +00:00
require_once __DIR__ . '/../misuzu.php';
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
set_exception_handler(function(\Throwable $ex) {
http_response_code(500);
ob_clean();
if(MSZ_DEBUG) {
header('Content-Type: text/plain; charset=utf-8');
echo (string)$ex;
} else {
header('Content-Type: text/html; charset=utf-8');
echo file_get_contents(MSZ_TEMPLATES . '/500.html');
}
exit;
});
// The whole wall of shit before the router setup and dispatch should be worked away
// Lockdown things should be middleware when there's no more legacy files
Imported into new repository.
2022-09-13 13:14:49 +00:00
$request = \Index\Http\HttpRequest::fromRequest();
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
ob_start();
if(file_exists(MSZ_ROOT . '/.migrating')) {
http_response_code(503);
if(!isset($_GET['_check'])) {
header('Content-Type: text/html; charset=utf-8');
echo file_get_contents(MSZ_TEMPLATES . '/503.html');
}
exit;
}
if(!MSZ_DEBUG) {
$twigCacheDirSfx = GitInfo::hash(true);
if(empty($twigCacheDirSfx))
$twigCacheDirSfx = md5(MSZ_ROOT);
$twigCache = sys_get_temp_dir() . '/msz-tpl-' . $twigCacheDirSfx;
if(!is_dir($twigCache))
mkdir($twigCache, 0775, true);
}
$globals = $cfg->getValues([
['site.name:s', 'Misuzu'],
'site.desc:s',
'site.url:s',
'eeprom.path:s',
'eeprom.app:s',
['auth.secret:s', 'meow'],
['csrf.secret:s', 'soup'],
]);
Template::init($msz, $twigCache ?? null, MSZ_DEBUG);
Template::set('globals', [
'site_name' => $globals['site.name'],
'site_description' => $globals['site.desc'],
'site_url' => $globals['site.url'],
'eeprom' => [
'path' => $globals['eeprom.path'],
'app' => $globals['eeprom.app'],
],
]);
$mszAssetsInfo = json_decode(file_get_contents(MSZ_ASSETS . '/current.json'));
if(!empty($mszAssetsInfo))
Template::set('assets', $mszAssetsInfo);
unset($mszAssetsInfo);
Template::addPath(MSZ_TEMPLATES);
AuthToken::setSecretKey($globals['auth.secret']);
if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {
$authToken = new AuthToken;
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$authToken->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? '0');
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
$authToken->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid') ?? '');
if($authToken->isValid())
$authToken->applyCookie(strtotime('1 year'));
AuthToken::nukeCookieLegacy();
}
if(!isset($authToken))
$authToken = AuthToken::unpack(filter_input(INPUT_COOKIE, 'msz_auth') ?? '');
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$users = $msz->getUsers();
$sessions = $msz->getSessions();
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
if($authToken->isValid()) {
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
try {
Rewrote Sessions backend.
2023-07-28 20:06:12 +00:00
$sessionInfo = $sessions->getSession(sessionToken: $authToken->getSessionToken());
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
if($sessionInfo->hasExpired()) {
Rewrote Sessions backend.
2023-07-28 20:06:12 +00:00
$sessions->deleteSessions(sessionInfos: $sessionInfo);
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
} elseif($sessionInfo->getUserId() === $authToken->getUserId()) {
$userInfo = $users->getUser($authToken->getUserId(), 'id');
Rewrote Sessions backend.
2023-07-28 20:06:12 +00:00
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
if(!$userInfo->isDeleted()) {
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$users->recordUserActivity($userInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
$sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
Rewrote Sessions backend.
2023-07-28 20:06:12 +00:00
if($sessionInfo->shouldBumpExpires())
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
$authToken->applyCookie($sessionInfo->getExpiresTime());
Allow non-super users to impersonate select users.
2023-07-28 21:20:19 +00:00
if($authToken->hasImpersonatedUserId()) {
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$allowToImpersonate = $userInfo->isSuperUser();
Allow non-super users to impersonate select users.
2023-07-28 21:20:19 +00:00
$impersonatedUserId = $authToken->getImpersonatedUserId();
if(!$allowToImpersonate) {
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
}
$removeImpersonationData = !$allowToImpersonate;
if($allowToImpersonate) {
$userInfoReal = $userInfo;
try {
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$userInfo = $users->getUser($impersonatedUserId, 'id');
Allow non-super users to impersonate select users.
2023-07-28 21:20:19 +00:00
} catch(RuntimeException $ex) {
$userInfo = $userInfoReal;
$removeImpersonationData = true;
}
}
if($removeImpersonationData) {
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
$authToken->removeImpersonatedUserId();
$authToken->applyCookie();
}
}
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$msz->setAuthInfo($authToken, $userInfo, $userInfoReal ?? null);
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
}
}
Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix.
2023-07-22 15:02:41 +00:00
} catch(RuntimeException $ex) {
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
AuthToken::nukeCookie();
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
}
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
}
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
if(!empty($userInfo))
$userInfo = $users->getUser((string)$userInfo->getId(), 'id');
if(!empty($userInfoReal))
$userInfoReal = $users->getUser((string)$userInfoReal->getId(), 'id');
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
CSRF::init(
$globals['csrf.secret'],
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
($msz->isLoggedIn() ? $authToken->getSessionToken() : $_SERVER['REMOTE_ADDR'])
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
);
Added new banning system. it actually works and isn't confusing this time around!
2023-07-26 18:19:46 +00:00
if(!empty($userInfo)) {
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
Template::set('current_user', $userInfo);
Added new banning system. it actually works and isn't confusing this time around!
2023-07-26 18:19:46 +00:00
Template::set('current_user_ban_info', $msz->tryGetActiveBan());
}
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
if(!empty($userInfoReal)) {
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
Template::set('current_user_real', $userInfoReal);
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
Template::set('current_user_real_colour', $users->getUserColour($userInfoReal));
}
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
$inManageMode = str_starts_with($_SERVER['REQUEST_URI'], '/manage');
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
Template::set('header_menu', $msz->getHeaderMenu($userInfo ?? null));
Template::set('user_menu', $msz->getUserMenu($userInfo ?? null, $inManageMode));
Template::set('display_debug_info', MSZ_DEBUG || (!empty($userInfo) && $userInfo->isSuperUser()));
Removed permissions stuff from the User object.
2023-07-29 18:15:30 +00:00
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
if($inManageMode) {
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
$hasManageAccess = $msz->isLoggedIn() && !$msz->hasActiveBan()
&& perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE);
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
if(!$hasManageAccess) {
echo render_error(403);
exit;
}
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00
Template::set('manage_menu', manage_get_menu($userInfo->getId()));
Restructured public folder and initialisation process.
2023-07-19 19:03:53 +00:00
}
$mszRequestPath = $request->getPath();
$mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/';
$mszLegacyPath = realpath($mszLegacyPathPrefix . $mszRequestPath);
if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
if(is_dir($mszLegacyPath))
$mszLegacyPath .= '/index.php';
if(is_file($mszLegacyPath)) {
require_once $mszLegacyPath;
return;
}
}
$msz->setUpHttp(str_contains($mszRequestPath, '.php'));
Changed name of context class and global variable.
2023-01-06 20:35:03 +00:00
$msz->dispatchHttp($request);
Reference in a new issue Copy permalink