misuzu/public-legacy/settings/account.php

<?php
namespace Misuzu;

use RuntimeException;
use Misuzu\Users\User;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;

$authInfo = $msz->getAuthInfo();
if(!$authInfo->isLoggedIn())
    Template::throwError(401);

$errors = [];
$usersCtx = $msz->getUsersContext();
$users = $usersCtx->getUsers();
$roles = $usersCtx->getRoles();
$userInfo = $authInfo->getUserInfo();
$isRestricted = $usersCtx->hasActiveBan($userInfo);
$isVerifiedRequest = CSRF::validateRequest();

if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
    try {
        $roleInfo = $roles->getRole(($_POST['role']['id'] ?? 0));
    } catch(RuntimeException $ex) {}

    if(empty($roleInfo) || !$users->hasRole($userInfo, $roleInfo))
        $errors[] = "You're trying to modify a role that hasn't been assigned to you.";
    else {
        switch($_POST['role']['mode'] ?? '') {
            case 'display':
                $users->updateUser(
                    $userInfo,
                    displayRoleInfo: $roleInfo
                );
                break;

            case 'leave':
                if($roleInfo->isLeavable()) {
                    $users->removeRoles($userInfo, $roleInfo);
                    $msz->getPerms()->precalculatePermissions(
                        $msz->getForumContext()->getCategories(),
                        [$userInfo->getId()]
                    );
                } else
                    $errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";
                break;
        }
    }
}

if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTPKey() !== (bool)$_POST['tfa']['enable']) {
    $totpKey = '';

    if((bool)$_POST['tfa']['enable']) {
        $totpKey = TOTPGenerator::generateKey();
        $totpIssuer = $msz->getSiteInfo()->getName();
        $totpQrcode = (new QRCode(new QROptions([
            'version'    => 5,
            'outputType' => QRCode::OUTPUT_IMAGE_JPG,
            'eccLevel'   => QRCode::ECC_L,
        ])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->getName(), http_build_query([
            'secret' => $totpKey,
            'issuer' => $totpIssuer,
        ])));

        Template::set([
            'settings_2fa_code' => $totpKey,
            'settings_2fa_image' => $totpQrcode,
        ]);
    }

    $users->updateUser(userInfo: $userInfo, totpKey: $totpKey);
}

if($isVerifiedRequest && !empty($_POST['current_password'])) {
    if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) {
        $errors[] = 'Your password was incorrect.';
    } else {
        // Changing e-mail
        if(!empty($_POST['email']['new'])) {
            if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
                $errors[] = 'The addresses you entered did not match each other.';
            } elseif($userInfo->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {
                $errors[] = 'This is already your e-mail address!';
            } else {
                $checkMail = $users->validateEMailAddress($_POST['email']['new']);

                if($checkMail !== '') {
                    $errors[] = $users->validateEMailAddressText($checkMail);
                } else {
                    $users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']);
                    $msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]);
                }
            }
        }

        // Changing password
        if(!empty($_POST['password']['new'])) {
            if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) {
                $errors[] = 'The new passwords you entered did not match each other.';
            } else {
                $checkPassword = $users->validatePassword($_POST['password']['new']);

                if($checkPassword !== '') {
                    $errors[] = $users->validatePasswordText($checkPassword);
                } else {
                    $users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']);
                    $msz->createAuditLog('PERSONAL_PASSWORD_CHANGE');
                }
            }
        }
    }
}

// reload $userInfo object
if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest)
    $userInfo = $users->getUser($userInfo->getId(), 'id');

$userRoles = $roles->getRoles(userInfo: $userInfo);

Template::render('settings.account', [
    'errors' => $errors,
    'settings_user' => $userInfo,
    'settings_roles' => $userRoles,
    'is_restricted' => $isRestricted,
]);
Imported into new repository. 2022-09-13 13:14:49 +00:00			`<?php`
			`namespace Misuzu;`

Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix. 2023-07-22 15:02:41 +00:00			`use RuntimeException;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`use Misuzu\Users\User;`
			`use chillerlan\QRCode\QRCode;`
			`use chillerlan\QRCode\QROptions;`

Moved authentication related macros out of MisuzuContext. 2023-09-06 20:06:07 +00:00			`$authInfo = $msz->getAuthInfo();`
			`if(!$authInfo->isLoggedIn())`
Moved render_info and render_error into Template class. 2023-08-31 15:59:53 +00:00			`Template::throwError(401);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`$errors = [];`
Moved user related stuff into its own context object. 2023-09-06 13:50:19 +00:00			`$usersCtx = $msz->getUsersContext();`
			`$users = $usersCtx->getUsers();`
			`$roles = $usersCtx->getRoles();`
Moved authentication related macros out of MisuzuContext. 2023-09-06 20:06:07 +00:00			`$userInfo = $authInfo->getUserInfo();`
			`$isRestricted = $usersCtx->hasActiveBan($userInfo);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$isVerifiedRequest = CSRF::validateRequest();`

			`if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {`
			`try {`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$roleInfo = $roles->getRole(($_POST['role']['id'] ?? 0));`
Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix. 2023-07-22 15:02:41 +00:00			`} catch(RuntimeException $ex) {}`
Imported into new repository. 2022-09-13 13:14:49 +00:00
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`if(empty($roleInfo) \|\| !$users->hasRole($userInfo, $roleInfo))`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$errors[] = "You're trying to modify a role that hasn't been assigned to you.";`
			`else {`
			`switch($_POST['role']['mode'] ?? '') {`
			`case 'display':`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$users->updateUser(`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$userInfo,`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`displayRoleInfo: $roleInfo`
			`);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`break;`

			`case 'leave':`
Rewrote permissions system. 2023-08-30 22:37:21 +00:00			`if($roleInfo->isLeavable()) {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$users->removeRoles($userInfo, $roleInfo);`
Added separate context class for forum stuff and split up handling of each object type. 2023-09-08 13:22:46 +00:00			`$msz->getPerms()->precalculatePermissions(`
			`$msz->getForumContext()->getCategories(),`
			`[$userInfo->getId()]`
			`);`
Rewrote permissions system. 2023-08-30 22:37:21 +00:00			`} else`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";`
			`break;`
			`}`
			`}`
			`}`

Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTPKey() !== (bool)$_POST['tfa']['enable']) {`
			`$totpKey = '';`

Imported into new repository. 2022-09-13 13:14:49 +00:00			`if((bool)$_POST['tfa']['enable']) {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$totpKey = TOTPGenerator::generateKey();`
Rewrote URL registry. 2023-09-08 20:40:48 +00:00			`$totpIssuer = $msz->getSiteInfo()->getName();`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$totpQrcode = (new QRCode(new QROptions([`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`'version' => 5,`
			`'outputType' => QRCode::OUTPUT_IMAGE_JPG,`
			`'eccLevel' => QRCode::ECC_L,`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->getName(), http_build_query([`
			`'secret' => $totpKey,`
			`'issuer' => $totpIssuer,`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`])));`

			`Template::set([`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`'settings_2fa_code' => $totpKey,`
			`'settings_2fa_image' => $totpQrcode,`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`]);`
			`}`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00
			`$users->updateUser(userInfo: $userInfo, totpKey: $totpKey);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

			`if($isVerifiedRequest && !empty($_POST['current_password'])) {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) {`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$errors[] = 'Your password was incorrect.';`
			`} else {`
			`// Changing e-mail`
			`if(!empty($_POST['email']['new'])) {`
			`if(empty($_POST['email']['confirm']) \|\| $_POST['email']['new'] !== $_POST['email']['confirm']) {`
			`$errors[] = 'The addresses you entered did not match each other.';`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`} elseif($userInfo->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$errors[] = 'This is already your e-mail address!';`
			`} else {`
Moved validation methods into the new Users class. 2023-08-30 23:41:44 +00:00			`$checkMail = $users->validateEMailAddress($_POST['email']['new']);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`if($checkMail !== '') {`
Moved validation methods into the new Users class. 2023-08-30 23:41:44 +00:00			`$errors[] = $users->validateEMailAddressText($checkMail);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`} else {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']);`
			`$msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`
			`}`
			`}`

			`// Changing password`
			`if(!empty($_POST['password']['new'])) {`
			`if(empty($_POST['password']['confirm']) \|\| $_POST['password']['new'] !== $_POST['password']['confirm']) {`
			`$errors[] = 'The new passwords you entered did not match each other.';`
			`} else {`
Moved validation methods into the new Users class. 2023-08-30 23:41:44 +00:00			`$checkPassword = $users->validatePassword($_POST['password']['new']);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`if($checkPassword !== '') {`
Moved validation methods into the new Users class. 2023-08-30 23:41:44 +00:00			`$errors[] = $users->validatePasswordText($checkPassword);`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`} else {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']);`
Rewrote audit log on new database backend. 2023-07-17 17:43:17 +00:00			`$msz->createAuditLog('PERSONAL_PASSWORD_CHANGE');`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`
			`}`
			`}`
			`}`
			`}`

Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`// reload $userInfo object`
			`if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest)`
			`$userInfo = $users->getUser($userInfo->getId(), 'id');`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$userRoles = $roles->getRoles(userInfo: $userInfo);`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00
Imported into new repository. 2022-09-13 13:14:49 +00:00			`Template::render('settings.account', [`
			`'errors' => $errors,`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`'settings_user' => $userInfo,`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`'settings_roles' => $userRoles,`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`'is_restricted' => $isRestricted,`
			`]);`