diff --git a/misuzu.php b/misuzu.php index 6f8b2ad..5561d70 100644 --- a/misuzu.php +++ b/misuzu.php @@ -22,7 +22,6 @@ Environment::setDebug(MSZ_DEBUG); mb_internal_encoding('utf-8'); date_default_timezone_set('utc'); -require_once MSZ_ROOT . '/utility.php'; require_once MSZ_SOURCE . '/url.php'; $dbConfig = parse_ini_file(MSZ_CONFIG . '/config.ini', true, INI_SCANNER_TYPED); diff --git a/public-legacy/comments.php b/public-legacy/comments.php index 567c5f4..076e9d3 100644 --- a/public-legacy/comments.php +++ b/public-legacy/comments.php @@ -5,25 +5,17 @@ use RuntimeException; $redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? url('index'); -if(!is_local_url($redirect)) { - echo render_info('Possible request forgery detected.', 403); - return; -} +if(!is_local_url($redirect)) + Template::displayInfo('Possible request forgery detected.', 403); -if(!CSRF::validateRequest()) { - echo render_info("Couldn't verify this request, please refresh the page and try again.", 403); - return; -} +if(!CSRF::validateRequest()) + Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403); -if(!$msz->isLoggedIn()) { - echo render_info('You must be logged in to manage comments.', 403); - return; -} +if(!$msz->isLoggedIn()) + Template::displayInfo('You must be logged in to manage comments.', 403); -if($msz->hasActiveBan()) { - echo render_info('You have been banned, check your profile for more information.', 403); - return; -} +if($msz->hasActiveBan()) + Template::displayInfo('You have been banned, check your profile for more information.', 403); $currentUserInfo = $msz->getActiveUser(); @@ -38,50 +30,37 @@ if(!empty($commentId)) { try { $commentInfo = $comments->getPost($commentId); } catch(RuntimeException $ex) { - echo render_info('Post not found.', 404); - return; + Template::displayInfo('Post not found.', 404); } $categoryInfo = $comments->getCategory(postInfo: $commentInfo); } -if($commentMode !== 'create' && empty($commentInfo)) { - echo render_error(400); - return; -} +if($commentMode !== 'create' && empty($commentInfo)) + Template::throwError(400); switch($commentMode) { case 'pin': case 'unpin': - if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo)) { - echo render_info("You're not allowed to pin comments.", 403); - break; - } + if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo)) + Template::displayInfo("You're not allowed to pin comments.", 403); - if($commentInfo->isDeleted()) { - echo render_info("This comment doesn't exist!", 400); - break; - } + if($commentInfo->isDeleted()) + Template::displayInfo("This comment doesn't exist!", 400); - if($commentInfo->isReply()) { - echo render_info("You can't pin replies!", 400); - break; - } + if($commentInfo->isReply()) + Template::displayInfo("You can't pin replies!", 400); $isPinning = $commentMode === 'pin'; if($isPinning) { - if($commentInfo->isPinned()) { - echo render_info('This comment is already pinned.', 400); - break; - } + if($commentInfo->isPinned()) + Template::displayInfo('This comment is already pinned.', 400); $comments->pinPost($commentInfo); } else { - if(!$commentInfo->isPinned()) { - echo render_info("This comment isn't pinned yet.", 400); - break; - } + if(!$commentInfo->isPinned()) + Template::displayInfo("This comment isn't pinned yet.", 400); $comments->unpinPost($commentInfo); } @@ -90,15 +69,11 @@ switch($commentMode) { break; case 'vote': - if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo)) { - echo render_info("You're not allowed to vote on comments.", 403); - break; - } + if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo)) + Template::displayInfo("You're not allowed to vote on comments.", 403); - if($commentInfo->isDeleted()) { - echo render_info("This comment doesn't exist!", 400); - break; - } + if($commentInfo->isDeleted()) + Template::displayInfo("This comment doesn't exist!", 400); if($commentVote > 0) $comments->addPostPositiveVote($commentInfo, $currentUserInfo); @@ -112,27 +87,21 @@ switch($commentMode) { case 'delete': $canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY); - if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo)) { - echo render_info("You're not allowed to delete comments.", 403); - break; - } + if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo)) + Template::displayInfo("You're not allowed to delete comments.", 403); $canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY); - if($commentInfo->isDeleted()) { - echo render_info( + if($commentInfo->isDeleted()) + Template::displayInfo( $canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.", 400 ); - break; - } $isOwnComment = $commentInfo->getUserId() === $currentUserInfo->getId(); $isModAction = $canDeleteAny && !$isOwnComment; - if(!$isModAction && !$isOwnComment) { - echo render_info("You're not allowed to delete comments made by others.", 403); - break; - } + if(!$isModAction && !$isOwnComment) + Template::displayInfo("You're not allowed to delete comments made by others.", 403); $comments->deletePost($commentInfo); @@ -150,15 +119,11 @@ switch($commentMode) { break; case 'restore': - if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) { - echo render_info("You're not allowed to restore deleted comments.", 403); - break; - } + if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) + Template::displayInfo("You're not allowed to restore deleted comments.", 403); - if(!$commentInfo->isDeleted()) { - echo render_info("This comment isn't in a deleted state.", 400); - break; - } + if(!$commentInfo->isDeleted()) + Template::displayInfo("This comment isn't in a deleted state.", 400); $comments->restorePost($commentInfo); @@ -172,15 +137,11 @@ switch($commentMode) { break; case 'create': - if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo)) { - echo render_info("You're not allowed to post comments.", 403); - break; - } + if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo)) + Template::displayInfo("You're not allowed to post comments.", 403); - if(empty($_POST['comment']) || !is_array($_POST['comment'])) { - echo render_info('Missing data.', 400); - break; - } + if(empty($_POST['comment']) || !is_array($_POST['comment'])) + Template::displayInfo('Missing data.', 400); try { $categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category']) @@ -188,15 +149,12 @@ switch($commentMode) { : 0; $categoryInfo = $comments->getCategory(categoryId: $categoryId); } catch(RuntimeException $ex) { - echo render_info('This comment category doesn\'t exist.', 404); - break; + Template::displayInfo('This comment category doesn\'t exist.', 404); } $canLock = $perms->check(Perm::G_COMMENTS_LOCK); - if($categoryInfo->isLocked() && !$canLock) { - echo render_info('This comment category has been locked.', 403); - break; - } + if($categoryInfo->isLocked() && !$canLock) + Template::displayInfo('This comment category has been locked.', 403); $commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : ''; $commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0); @@ -214,27 +172,23 @@ switch($commentMode) { $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); } else { if($canLock) { - echo render_info('The action has been processed.', 400); + Template::displayInfo('The action has been processed.', 400); } else { - echo render_info('Your comment is too short.', 400); + Template::displayInfo('Your comment is too short.', 400); } break; } - if(mb_strlen($commentText) > 5000) { - echo render_info('Your comment is too long.', 400); - break; - } + if(mb_strlen($commentText) > 5000) + Template::displayInfo('Your comment is too long.', 400); if($commentReply > 0) { try { $parentInfo = $comments->getPost($commentReply); } catch(RuntimeException $ex) {} - if(!isset($parentInfo) || $parentInfo->isDeleted()) { - echo render_info('The comment you tried to reply to does not exist.', 404); - break; - } + if(!isset($parentInfo) || $parentInfo->isDeleted()) + Template::displayInfo('The comment you tried to reply to does not exist.', 404); } $commentInfo = $comments->createPost( @@ -249,5 +203,5 @@ switch($commentMode) { break; default: - echo render_info('Not found.', 404); + Template::displayInfo('Not found.', 404); } diff --git a/public-legacy/forum/forum.php b/public-legacy/forum/forum.php index 87f30df..61d6bd4 100644 --- a/public-legacy/forum/forum.php +++ b/public-legacy/forum/forum.php @@ -3,7 +3,6 @@ namespace Misuzu; use stdClass; use RuntimeException; -use Index\XArray; $forum = $msz->getForum(); $users = $msz->getUsers(); @@ -13,8 +12,7 @@ $categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT); try { $categoryInfo = $forum->getCategory(categoryId: $categoryId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo); @@ -22,10 +20,8 @@ $perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo); $currentUser = $msz->getActiveUser(); $currentUserId = $currentUser === null ? '0' : $currentUser->getId(); -if(!$perms->check(Perm::F_CATEGORY_VIEW)) { - echo render_error(403); - return; -} +if(!$perms->check(Perm::F_CATEGORY_VIEW)) + Template::throwError(403); if($msz->hasActiveBan()) $perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW)); @@ -34,8 +30,10 @@ if($categoryInfo->isLink()) { if($categoryInfo->hasLinkTarget()) { $forum->incrementCategoryClicks($categoryInfo); redirect($categoryInfo->getLinkTarget()); - } else render_error(404); - return; + return; + } + + Template::throwError(404); } $forumPagination = new Pagination($forum->countTopics( @@ -44,10 +42,8 @@ $forumPagination = new Pagination($forum->countTopics( deleted: $perms->check(Perm::F_POST_DELETE_ANY) ? null : false ), 20); -if(!$forumPagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$forumPagination->hasValidOffset()) + Template::throwError(404); $userInfos = []; $userColours = []; diff --git a/public-legacy/forum/index.php b/public-legacy/forum/index.php index 61819f5..a048bbf 100644 --- a/public-legacy/forum/index.php +++ b/public-legacy/forum/index.php @@ -12,10 +12,8 @@ $currentUser = $msz->getActiveUser(); $currentUserId = $currentUser === null ? '0' : $currentUser->getId(); if($mode === 'mark') { - if(!$msz->isLoggedIn()) { - echo render_error(403); - return; - } + if(!$msz->isLoggedIn()) + Template::throwError(403); $categoryId = filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT); @@ -45,10 +43,8 @@ if($mode === 'mark') { return; } -if($mode !== '') { - echo render_error(404); - return; -} +if($mode !== '') + Template::throwError(404); $userInfos = []; $userColours = []; diff --git a/public-legacy/forum/leaderboard.php b/public-legacy/forum/leaderboard.php index ad49c10..7984949 100644 --- a/public-legacy/forum/leaderboard.php +++ b/public-legacy/forum/leaderboard.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) + Template::throwError(403); $forum = $msz->getForum(); $users = $msz->getUsers(); @@ -26,23 +24,17 @@ $currentMonth = (int)date('m'); if(!empty($yearMonth)) { $yearMonthLength = strlen($yearMonth); - if(($yearMonthLength !== 4 && $yearMonthLength !== 6) || !ctype_digit($yearMonth)) { - echo render_error(404); - return; - } + if(($yearMonthLength !== 4 && $yearMonthLength !== 6) || !ctype_digit($yearMonth)) + Template::throwError(404); $year = (int)substr($yearMonth, 0, 4); - if($year < $config['forum_leader.first_year'] || $year > $currentYear) { - echo render_error(404); - return; - } + if($year < $config['forum_leader.first_year'] || $year > $currentYear) + Template::throwError(404); if($yearMonthLength === 6) { $month = (int)substr($yearMonth, 4, 2); - if($month < 1 || $month > 12 || ($year === $config['forum_leader.first_year'] && $month < $config['forum_leader.first_month'])) { - echo render_error(404); - return; - } + if($month < 1 || $month > 12 || ($year === $config['forum_leader.first_year'] && $month < $config['forum_leader.first_month'])) + Template::throwError(404); } } diff --git a/public-legacy/forum/post.php b/public-legacy/forum/post.php index a893bc5..ddc9ac0 100644 --- a/public-legacy/forum/post.php +++ b/public-legacy/forum/post.php @@ -11,71 +11,52 @@ $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) & $postRequestVerified = CSRF::validateRequest(); -if(!empty($postMode) && !$msz->isLoggedIn()) { - echo render_info('You must be logged in to manage posts.', 401); - return; -} +if(!empty($postMode) && !$msz->isLoggedIn()) + Template::displayInfo('You must be logged in to manage posts.', 401); $currentUser = $msz->getActiveUser(); $currentUserId = $currentUser === null ? '0' : $currentUser->getId(); -if($postMode !== '' && $msz->hasActiveBan()) { - echo render_info('You have been banned, check your profile for more information.', 403); - return; -} +if($postMode !== '' && $msz->hasActiveBan()) + Template::displayInfo('You have been banned, check your profile for more information.', 403); try { $postInfo = $forum->getPost(postId: $postId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId()); -if(!$perms->check(Perm::F_CATEGORY_VIEW)) { - echo render_error(403); - return; -} +if(!$perms->check(Perm::F_CATEGORY_VIEW)) + Template::throwError(403); $canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY); switch($postMode) { case 'delete': if($canDeleteAny) { - if($postInfo->isDeleted()) { - echo render_info('This post has already been marked as deleted.', 404); - return; - } + if($postInfo->isDeleted()) + Template::displayInfo('This post has already been marked as deleted.', 404); } else { - if($postInfo->isDeleted()) { - echo render_error(404); - return; - } + if($postInfo->isDeleted()) + Template::throwError(404); - if(!$perms->check(Perm::F_POST_DELETE_OWN)) { - echo render_info('You are not allowed to delete posts.', 403); - return; - } + if(!$perms->check(Perm::F_POST_DELETE_OWN)) + Template::displayInfo('You are not allowed to delete posts.', 403); - if($postInfo->getUserId() !== $currentUser->getId()) { - echo render_info('You can only delete your own posts.', 403); - return; - } + if($postInfo->getUserId() !== $currentUser->getId()) + Template::displayInfo('You can only delete your own posts.', 403); // posts may only be deleted within a week of creation, this should be a config value $deleteTimeFrame = 60 * 60 * 24 * 7; - if($postInfo->getCreatedTime() < time() - $deleteTimeFrame) { - echo render_info('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403); - return; - } + if($postInfo->getCreatedTime() < time() - $deleteTimeFrame) + Template::displayInfo('This post has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403); } $originalPostInfo = $forum->getPost(topicInfo: $postInfo->getTopicId()); - if($originalPostInfo->getId() === $postInfo->getId()) { - echo render_info('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403); - return; - } + if($originalPostInfo->getId() === $postInfo->getId()) + Template::displayInfo('This is the opening post of the topic it belongs to, it may not be deleted without deleting the entire topic as well.', 403); if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [ @@ -103,10 +84,8 @@ switch($postMode) { break; case 'nuke': - if(!$canDeleteAny) { - echo render_error(403); - break; - } + if(!$canDeleteAny) + Template::throwError(403); if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [ @@ -134,10 +113,8 @@ switch($postMode) { break; case 'restore': - if(!$canDeleteAny) { - echo render_error(403); - break; - } + if(!$canDeleteAny) + Template::throwError(403); if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [ diff --git a/public-legacy/forum/posting.php b/public-legacy/forum/posting.php index ca7dc40..74fe268 100644 --- a/public-legacy/forum/posting.php +++ b/public-legacy/forum/posting.php @@ -7,17 +7,13 @@ use Index\DateTime; use Misuzu\Forum\ForumTopicInfo; use Misuzu\Parsers\Parser; -if(!$msz->isLoggedIn()) { - echo render_error(401); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(401); $currentUser = $msz->getActiveUser(); $currentUserId = $currentUser->getId(); -if($msz->hasActiveBan()) { - echo render_error(403); - return; -} +if($msz->hasActiveBan()) + Template::throwError(403); $forum = $msz->getForum(); $users = $msz->getUsers(); @@ -42,10 +38,8 @@ if(!empty($_POST)) { $forumId = !empty($_GET['f']) && is_string($_GET['f']) ? (int)$_GET['f'] : 0; } -if(!in_array($mode, $forumPostingModes, true)) { - echo render_error(400); - return; -} +if(!in_array($mode, $forumPostingModes, true)) + Template::throwError(400); if($mode === 'preview') { header('Content-Type: text/plain; charset=utf-8'); @@ -63,10 +57,8 @@ if($mode === 'preview') { return; } -if(empty($postId) && empty($topicId) && empty($forumId)) { - echo render_error(404); - return; -} +if(empty($postId) && empty($topicId) && empty($forumId)) + Template::throwError(404); if(empty($postId)) { $hasPostInfo = false; @@ -74,14 +66,11 @@ if(empty($postId)) { try { $postInfo = $forum->getPost(postId: $postId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } - if($postInfo->isDeleted()) { - echo render_error(404); - return; - } + if($postInfo->isDeleted()) + Template::throwError(404); // should automatic cross-quoting be a thing? if so, check if $topicId is < 1 first <-- what did i mean by this? $topicId = $postInfo->getTopicId(); @@ -94,14 +83,11 @@ if(empty($topicId)) { try { $topicInfo = $forum->getTopic(topicId: $topicId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } - if($topicInfo->isDeleted()) { - echo render_error(404); - return; - } + if($topicInfo->isDeleted()) + Template::throwError(404); $forumId = $topicInfo->getCategoryId(); $originalPostInfo = $forum->getPost(topicInfo: $topicInfo); @@ -114,8 +100,7 @@ if(empty($forumId)) { try { $categoryInfo = $forum->getCategory(categoryId: $forumId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $hasCategoryInfo = true; @@ -127,15 +112,11 @@ if($categoryInfo->isArchived() || (isset($topicInfo) && $topicInfo->isLocked() && !$perms->check(Perm::F_TOPIC_LOCK)) || !$perms->check(Perm::F_CATEGORY_VIEW) || !$perms->check(Perm::F_POST_CREATE) - || (!isset($topicInfo) && !$perms->check(Perm::F_TOPIC_CREATE))) { - echo render_error(403); - return; -} + || (!isset($topicInfo) && !$perms->check(Perm::F_TOPIC_CREATE))) + Template::throwError(403); -if(!$categoryInfo->mayHaveTopics()) { - echo render_error(400); - return; -} +if(!$categoryInfo->mayHaveTopics()) + Template::throwError(400); $topicTypes = []; @@ -151,10 +132,8 @@ if($mode === 'create' || $mode === 'edit') { } // edit mode stuff -if($mode === 'edit' && !$perms->check($postInfo->getUserId() === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) { - echo render_error(403); - return; -} +if($mode === 'edit' && !$perms->check($postInfo->getUserId() === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) + Template::throwError(403); $notices = []; diff --git a/public-legacy/forum/topic.php b/public-legacy/forum/topic.php index 8a8ae75..a796ee7 100644 --- a/public-legacy/forum/topic.php +++ b/public-legacy/forum/topic.php @@ -20,18 +20,15 @@ if($topicId < 1 && $postId > 0) { try { $postInfo = $forum->getPost(postId: $postId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $categoryId = $postInfo->getCategoryId(); $perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId()); $canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY); - if($postInfo->isDeleted() && !$canDeleteAny) { - echo render_error(404); - return; - } + if($postInfo->isDeleted() && !$canDeleteAny) + Template::throwError(404); $topicId = $postInfo->getTopicId(); $preceedingPostCount = $forum->countPosts( @@ -68,17 +65,15 @@ if(($topicIsNuked || $topicIsDeleted) && $forum->hasTopicRedirect($topicId)) { if($topicIsNuked || !$canDeleteAny) { if(empty($topicRedirectInfo)) - echo render_error(404); - else - header('Location: ' . $topicRedirectInfo->getLinkTarget()); + Template::throwError(404); + + header('Location: ' . $topicRedirectInfo->getLinkTarget()); return; } } -if(!$perms->check(Perm::F_CATEGORY_VIEW)) { - echo render_error(403); - return; -} +if(!$perms->check(Perm::F_CATEGORY_VIEW)) + Template::throwError(403); // Maximum amount of posts a topic may contain to still be deletable by the author // this should be in the config @@ -108,57 +103,39 @@ $validModerationModes = [ ]; if(in_array($moderationMode, $validModerationModes, true)) { - if(!CSRF::validateRequest()) { - echo render_info("Couldn't verify this request, please refresh the page and try again.", 403); - return; - } + if(!CSRF::validateRequest()) + Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403); - if(!$msz->isLoggedIn()) { - echo render_info('You must be logged in to manage posts.', 401); - return; - } + if(!$msz->isLoggedIn()) + Template::displayInfo('You must be logged in to manage posts.', 401); - if($msz->hasActiveBan()) { - echo render_info('You have been banned, check your profile for more information.', 403); - return; - } + if($msz->hasActiveBan()) + Template::displayInfo('You have been banned, check your profile for more information.', 403); switch($moderationMode) { case 'delete': if($canDeleteAny) { - if($topicInfo->isDeleted()) { - echo render_info('This topic has already been marked as deleted.', 404); - return; - } + if($topicInfo->isDeleted()) + Template::displayInfo('This topic has already been marked as deleted.', 404); } else { - if($topicInfo->isDeleted()) { - echo render_error(404); - return; - } + if($topicInfo->isDeleted()) + Template::throwError(404); - if(!$canDeleteOwn) { - echo render_info("You aren't allowed to delete topics.", 403); - return; - } + if(!$canDeleteOwn) + Template::displayInfo("You aren't allowed to delete topics.", 403); - if($topicInfo->getUserId() !== $currentUser->getId()) { - echo render_info('You can only delete your own topics.', 403); - return; - } + if($topicInfo->getUserId() !== $currentUser->getId()) + Template::displayInfo('You can only delete your own topics.', 403); // topics may only be deleted within a day of creation, this should be a config value $deleteTimeFrame = 60 * 60 * 24; - if($topicInfo->getCreatedTime() < time() - $deleteTimeFrame) { - echo render_info('This topic has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403); - return; - } + if($topicInfo->getCreatedTime() < time() - $deleteTimeFrame) + Template::displayInfo('This topic has existed for too long. Ask a moderator to remove if it absolutely necessary.', 403); // deleted posts are intentionally included $topicPostCount = $forum->countPosts(topicInfo: $topicInfo); - if($topicPostCount > $deletePostThreshold) { - echo render_info('This topic already has replies, you may no longer delete it. Ask a moderator to remove if it absolutely necessary.', 403); - return; - } + if($topicPostCount > $deletePostThreshold) + Template::displayInfo('This topic already has replies, you may no longer delete it. Ask a moderator to remove if it absolutely necessary.', 403); } if(!isset($_GET['confirm'])) { @@ -189,10 +166,8 @@ if(in_array($moderationMode, $validModerationModes, true)) { break; case 'restore': - if(!$canNukeOrRestore) { - echo render_error(403); - break; - } + if(!$canNukeOrRestore) + Template::throwError(403); if(!isset($_GET['confirm'])) { Template::render('forum.confirm', [ @@ -221,10 +196,8 @@ if(in_array($moderationMode, $validModerationModes, true)) { break; case 'nuke': - if(!$canNukeOrRestore) { - echo render_error(403); - break; - } + if(!$canNukeOrRestore) + Template::throwError(403); if(!isset($_GET['confirm'])) { Template::render('forum.confirm', [ @@ -297,10 +270,8 @@ $topicPagination = new Pagination($topicPosts, 10, 'page'); if(isset($preceedingPostCount)) $topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true); -if(!$topicPagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$topicPagination->hasValidOffset()) + Template::throwError(404); $postInfos = $forum->getPosts( topicInfo: $topicInfo, @@ -308,10 +279,8 @@ $postInfos = $forum->getPosts( pagination: $topicPagination, ); -if(empty($postInfos)) { - echo render_error(404); - return; -} +if(empty($postInfos)) + Template::throwError(404); $originalPostInfo = $forum->getPost(topicInfo: $topicInfo); diff --git a/public-legacy/manage/changelog/change.php b/public-legacy/manage/changelog/change.php index 948081f..a8a51c6 100644 --- a/public-legacy/manage/changelog/change.php +++ b/public-legacy/manage/changelog/change.php @@ -7,10 +7,8 @@ use Index\DateTime; use Index\XArray; use Misuzu\Changelog\Changelog; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) + Template::throwError(403); $changeActions = []; foreach(Changelog::ACTIONS as $action) @@ -30,16 +28,16 @@ else $changeInfo = $changelog->getChange($changeId); $changeTagIds = XArray::select($changelog->getTags(changeInfo: $changeInfo), fn($tagInfo) => $tagInfo->getId()); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { - if(CSRF::validateRequest()) { - $changelog->deleteChange($changeInfo); - $msz->createAuditLog('CHANGELOG_ENTRY_DELETE', [$changeInfo->getId()]); - url_redirect('manage-changelog-changes'); - } else render_error(403); + if(!CSRF::validateRequest()) + Template::throwError(403); + + $changelog->deleteChange($changeInfo); + $msz->createAuditLog('CHANGELOG_ENTRY_DELETE', [$changeInfo->getId()]); + url_redirect('manage-changelog-changes'); return; } diff --git a/public-legacy/manage/changelog/index.php b/public-legacy/manage/changelog/index.php index 69d64c3..e6c37df 100644 --- a/public-legacy/manage/changelog/index.php +++ b/public-legacy/manage/changelog/index.php @@ -3,18 +3,14 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) + Template::throwError(403); $changelog = $msz->getChangelog(); $changelogPagination = new Pagination($changelog->countChanges(), 30); -if(!$changelogPagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$changelogPagination->hasValidOffset()) + Template::throwError(404); $changeInfos = $changelog->getChanges(pagination: $changelogPagination); $changes = []; diff --git a/public-legacy/manage/changelog/tag.php b/public-legacy/manage/changelog/tag.php index 1199b44..8e9d104 100644 --- a/public-legacy/manage/changelog/tag.php +++ b/public-legacy/manage/changelog/tag.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) + Template::throwError(403); $changelog = $msz->getChangelog(); $tagId = (string)filter_input(INPUT_GET, 't', FILTER_SANITIZE_NUMBER_INT); @@ -19,16 +17,16 @@ else $isNew = false; $tagInfo = $loadTagInfo(); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { - if(CSRF::validateRequest()) { - $changelog->deleteTag($tagInfo); - $msz->createAuditLog('CHANGELOG_TAG_DELETE', [$tagInfo->getId()]); - url_redirect('manage-changelog-tags'); - } else render_error(403); + if(!CSRF::validateRequest()) + Template::throwError(403); + + $changelog->deleteTag($tagInfo); + $msz->createAuditLog('CHANGELOG_TAG_DELETE', [$tagInfo->getId()]); + url_redirect('manage-changelog-tags'); return; } diff --git a/public-legacy/manage/changelog/tags.php b/public-legacy/manage/changelog/tags.php index 0742adf..2503b61 100644 --- a/public-legacy/manage/changelog/tags.php +++ b/public-legacy/manage/changelog/tags.php @@ -1,10 +1,8 @@ getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) + Template::throwError(403); Template::render('manage.changelog.tags', [ 'changelog_tags' => $msz->getChangelog()->getTags(), diff --git a/public-legacy/manage/forum/index.php b/public-legacy/manage/forum/index.php index 19136ee..3371eda 100644 --- a/public-legacy/manage/forum/index.php +++ b/public-legacy/manage/forum/index.php @@ -3,10 +3,8 @@ namespace Misuzu; use Misuzu\Perm; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) + Template::throwError(403); $perms = $msz->getPerms(); $permsInfos = $perms->getPermissionInfo(categoryNames: Perm::INFO_FOR_FORUM_CATEGORY); diff --git a/public-legacy/manage/forum/redirs.php b/public-legacy/manage/forum/redirs.php index 06ddfec..dd55c81 100644 --- a/public-legacy/manage/forum/redirs.php +++ b/public-legacy/manage/forum/redirs.php @@ -1,10 +1,8 @@ getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) + Template::throwError(403); $forum = $msz->getForum(); @@ -33,10 +31,8 @@ if(filter_input(INPUT_GET, 'm') === 'explode') { } $pagination = new Pagination($forum->countTopicRedirects(), 20); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $redirs = $forum->getTopicRedirects(pagination: $pagination); diff --git a/public-legacy/manage/general/emoticon.php b/public-legacy/manage/general/emoticon.php index b2d1bcd..b50b794 100644 --- a/public-legacy/manage/general/emoticon.php +++ b/public-legacy/manage/general/emoticon.php @@ -4,10 +4,8 @@ namespace Misuzu; use RuntimeException; use Index\XArray; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) + Template::throwError(403); $emotes = $msz->getEmotes(); $emoteId = (string)filter_input(INPUT_GET, 'e', FILTER_SANITIZE_NUMBER_INT); @@ -20,8 +18,7 @@ else $emoteInfo = $emotes->getEmote($emoteId); $emoteStrings = $emotes->getEmoteStrings($emoteInfo); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } // make errors not echos lol diff --git a/public-legacy/manage/general/emoticons.php b/public-legacy/manage/general/emoticons.php index 2a3a002..8f5a33e 100644 --- a/public-legacy/manage/general/emoticons.php +++ b/public-legacy/manage/general/emoticons.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) + Template::throwError(403); $emotes = $msz->getEmotes(); @@ -16,8 +14,7 @@ if(CSRF::validateRequest() && !empty($_GET['emote'])) { try { $emoteInfo = $emotes->getEmote($emoteId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if(!empty($_GET['delete'])) { diff --git a/public-legacy/manage/general/logs.php b/public-legacy/manage/general/logs.php index 66e2988..ecf7635 100644 --- a/public-legacy/manage/general/logs.php +++ b/public-legacy/manage/general/logs.php @@ -3,19 +3,15 @@ namespace Misuzu; use Misuzu\Pagination; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_LOGS_VIEW)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_LOGS_VIEW)) + Template::throwError(403); $users = $msz->getUsers(); $auditLog = $msz->getAuditLog(); $pagination = new Pagination($auditLog->countLogs(), 50); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $logs = $auditLog->getLogs(pagination: $pagination); $userInfos = []; diff --git a/public-legacy/manage/general/setting-delete.php b/public-legacy/manage/general/setting-delete.php index bd92db8..40995da 100644 --- a/public-legacy/manage/general/setting-delete.php +++ b/public-legacy/manage/general/setting-delete.php @@ -3,17 +3,13 @@ namespace Misuzu; use Misuzu\Config\CfgTools; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) + Template::throwError(403); $valueName = (string)filter_input(INPUT_GET, 'name'); $valueInfo = $cfg->getValueInfo($valueName); -if($valueInfo === null) { - echo render_error(404); - return; -} +if($valueInfo === null) + Template::throwError(404); if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { $valueName = $valueInfo->getName(); diff --git a/public-legacy/manage/general/setting.php b/public-legacy/manage/general/setting.php index 8354630..05c8617 100644 --- a/public-legacy/manage/general/setting.php +++ b/public-legacy/manage/general/setting.php @@ -3,10 +3,8 @@ namespace Misuzu; use Misuzu\Config\DbConfig; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) + Template::throwError(403); $isNew = true; $sName = (string)filter_input(INPUT_GET, 'name'); diff --git a/public-legacy/manage/general/settings.php b/public-legacy/manage/general/settings.php index 4acaa7c..71a396c 100644 --- a/public-legacy/manage/general/settings.php +++ b/public-legacy/manage/general/settings.php @@ -1,10 +1,8 @@ getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) + Template::throwError(403); $hidden = $cfg->getArray('settings.hidden'); $vars = $cfg->getAllValueInfos(); diff --git a/public-legacy/manage/news/categories.php b/public-legacy/manage/news/categories.php index df1584a..ae2de45 100644 --- a/public-legacy/manage/news/categories.php +++ b/public-legacy/manage/news/categories.php @@ -1,18 +1,14 @@ getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) + Template::throwError(403); $news = $msz->getNews(); $pagination = new Pagination($news->countCategories(), 15); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $categories = $news->getCategories(pagination: $pagination); diff --git a/public-legacy/manage/news/category.php b/public-legacy/manage/news/category.php index 98af6e1..6e186d7 100644 --- a/public-legacy/manage/news/category.php +++ b/public-legacy/manage/news/category.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) + Template::throwError(403); $news = $msz->getNews(); $categoryId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT); @@ -19,16 +17,16 @@ else $isNew = false; $categoryInfo = $loadCategoryInfo(); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { - if(CSRF::validateRequest()) { - $news->deleteCategory($categoryInfo); - $msz->createAuditLog('NEWS_CATEGORY_DELETE', [$categoryInfo->getId()]); - url_redirect('manage-news-categories'); - } else render_error(403); + if(!CSRF::validateRequest()) + Template::throwError(403); + + $news->deleteCategory($categoryInfo); + $msz->createAuditLog('NEWS_CATEGORY_DELETE', [$categoryInfo->getId()]); + url_redirect('manage-news-categories'); return; } diff --git a/public-legacy/manage/news/post.php b/public-legacy/manage/news/post.php index 6f2a6f4..11004b8 100644 --- a/public-legacy/manage/news/post.php +++ b/public-legacy/manage/news/post.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) + Template::throwError(403); $news = $msz->getNews(); $postId = (string)filter_input(INPUT_GET, 'p', FILTER_SANITIZE_NUMBER_INT); @@ -19,16 +17,16 @@ else $isNew = false; $postInfo = $loadPostInfo(); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { - if(CSRF::validateRequest()) { - $news->deletePost($postInfo); - $msz->createAuditLog('NEWS_POST_DELETE', [$postInfo->getId()]); - url_redirect('manage-news-posts'); - } else render_error(403); + if(!CSRF::validateRequest()) + Template::throwError(403); + + $news->deletePost($postInfo); + $msz->createAuditLog('NEWS_POST_DELETE', [$postInfo->getId()]); + url_redirect('manage-news-posts'); return; } diff --git a/public-legacy/manage/news/posts.php b/public-legacy/manage/news/posts.php index 3183259..2285d32 100644 --- a/public-legacy/manage/news/posts.php +++ b/public-legacy/manage/news/posts.php @@ -1,10 +1,8 @@ getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) + Template::throwError(403); $news = $msz->getNews(); $pagination = new Pagination($news->countPosts( @@ -12,10 +10,8 @@ $pagination = new Pagination($news->countPosts( includeDeleted: true ), 15); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $posts = $news->getAllPosts( includeScheduled: true, diff --git a/public-legacy/manage/users/ban.php b/public-legacy/manage/users/ban.php index 6e724a1..5f62f6d 100644 --- a/public-legacy/manage/users/ban.php +++ b/public-legacy/manage/users/ban.php @@ -5,26 +5,24 @@ use DateTimeInterface; use RuntimeException; use Index\DateTime; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) + Template::throwError(403); $bans = $msz->getBans(); if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) { - if(CSRF::validateRequest()) { - try { - $banInfo = $bans->getBan((string)filter_input(INPUT_GET, 'b')); - } catch(RuntimeException $ex) { - echo render_error(404); - return; - } + if(!CSRF::validateRequest()) + Template::throwError(403); - $bans->deleteBans($banInfo); - $msz->createAuditLog('BAN_DELETE', [$banInfo->getId(), $banInfo->getUserId()]); - url_redirect('manage-users-bans', ['user' => $banInfo->getUserId()]); - } else render_error(403); + try { + $banInfo = $bans->getBan((string)filter_input(INPUT_GET, 'b')); + } catch(RuntimeException $ex) { + Template::throwError(404); + } + + $bans->deleteBans($banInfo); + $msz->createAuditLog('BAN_DELETE', [$banInfo->getId(), $banInfo->getUserId()]); + url_redirect('manage-users-bans', ['user' => $banInfo->getUserId()]); return; } @@ -33,8 +31,7 @@ $users = $msz->getUsers(); try { $userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id'); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $modInfo = $msz->getActiveUser(); diff --git a/public-legacy/manage/users/bans.php b/public-legacy/manage/users/bans.php index 3eb35c1..4c726aa 100644 --- a/public-legacy/manage/users/bans.php +++ b/public-legacy/manage/users/bans.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) + Template::throwError(403); $users = $msz->getUsers(); @@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) { $userInfos[$filterUserId] = $filterUser; $userColours[$filterUserId] = $users->getUserColour($filterUser); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } } $bans = $msz->getBans(); $pagination = new Pagination($bans->countBans(userInfo: $filterUser), 10); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $banList = []; $banInfos = $bans->getBans(userInfo: $filterUser, activeFirst: true, pagination: $pagination); diff --git a/public-legacy/manage/users/index.php b/public-legacy/manage/users/index.php index c7fb189..4e41191 100644 --- a/public-legacy/manage/users/index.php +++ b/public-legacy/manage/users/index.php @@ -1,19 +1,15 @@ getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE)) + Template::throwError(403); $users = $msz->getUsers(); $roles = $msz->getRoles(); $pagination = new Pagination($users->countUsers(), 30); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $userList = []; $userInfos = $users->getUsers(pagination: $pagination, orderBy: 'id'); diff --git a/public-legacy/manage/users/note.php b/public-legacy/manage/users/note.php index 3bdb41f..ffc94ba 100644 --- a/public-legacy/manage/users/note.php +++ b/public-legacy/manage/users/note.php @@ -3,18 +3,14 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) + Template::throwError(403); $hasNoteId = filter_has_var(INPUT_GET, 'n'); $hasUserId = filter_has_var(INPUT_GET, 'u'); -if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId)) { - echo render_error(400); - return; -} +if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId)) + Template::throwError(400); $users = $msz->getUsers(); $modNotes = $msz->getModNotes(); @@ -25,8 +21,7 @@ if($hasUserId) { try { $userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id'); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $authorInfo = $msz->getActiveUser(); @@ -36,16 +31,16 @@ if($hasUserId) { try { $noteInfo = $modNotes->getNote((string)filter_input(INPUT_GET, 'n', FILTER_SANITIZE_NUMBER_INT)); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) { - if(CSRF::validateRequest()) { - $modNotes->deleteNotes($noteInfo); - $msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->getId(), $noteInfo->getUserId()]); - url_redirect('manage-users-notes', ['user' => $noteInfo->getUserId()]); - } else render_error(403); + if(!CSRF::validateRequest()) + Template::throwError(403); + + $modNotes->deleteNotes($noteInfo); + $msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->getId(), $noteInfo->getUserId()]); + url_redirect('manage-users-notes', ['user' => $noteInfo->getUserId()]); return; } diff --git a/public-legacy/manage/users/notes.php b/public-legacy/manage/users/notes.php index 1488869..0826250 100644 --- a/public-legacy/manage/users/notes.php +++ b/public-legacy/manage/users/notes.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) + Template::throwError(403); $users = $msz->getUsers(); @@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) { $userInfos[$filterUserId] = $filterUser; $userColours[$filterUserId] = $users->getUserColour($filterUser); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } } $modNotes = $msz->getModNotes(); $pagination = new Pagination($modNotes->countNotes(userInfo: $filterUser), 10); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $notes = []; $noteInfos = $modNotes->getNotes(userInfo: $filterUser, pagination: $pagination); diff --git a/public-legacy/manage/users/role.php b/public-legacy/manage/users/role.php index ddc955f..ab2b59c 100644 --- a/public-legacy/manage/users/role.php +++ b/public-legacy/manage/users/role.php @@ -7,10 +7,8 @@ use Index\Colour\ColourRGB; use Misuzu\Perm; $viewerPerms = $msz->getAuthInfo()->getPerms('user'); -if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) { - echo render_error(403); - return; -} +if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) + Template::throwError(403); $users = $msz->getUsers(); $roles = $msz->getRoles(); @@ -23,8 +21,7 @@ if(filter_has_var(INPUT_GET, 'r')) { $isNew = false; $roleInfo = $roles->getRole($roleId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } } else $isNew = true; diff --git a/public-legacy/manage/users/roles.php b/public-legacy/manage/users/roles.php index 31574bc..c94e883 100644 --- a/public-legacy/manage/users/roles.php +++ b/public-legacy/manage/users/roles.php @@ -1,18 +1,14 @@ getAuthInfo()->getPerms('user')->check(Perm::U_ROLES_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_ROLES_MANAGE)) + Template::throwError(403); $roles = $msz->getRoles(); $pagination = new Pagination($roles->countRoles(), 10); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $rolesAll = []; $roleInfos = $roles->getRoles(pagination: $pagination); diff --git a/public-legacy/manage/users/user.php b/public-legacy/manage/users/user.php index df94e83..2726ee0 100644 --- a/public-legacy/manage/users/user.php +++ b/public-legacy/manage/users/user.php @@ -8,10 +8,8 @@ use Misuzu\Auth\AuthTokenCookie; use Misuzu\Users\User; $viewerPerms = $msz->getAuthInfo()->getPerms('user'); -if(!$msz->isLoggedIn()) { - echo render_error(403); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(403); $users = $msz->getUsers(); $roles = $msz->getRoles(); @@ -28,10 +26,8 @@ $canImpersonate = $viewerPerms->check(Perm::U_CAN_IMPERSONATE); $canSendTestMail = $currentUser->isSuperUser(); $hasAccess = $canManageUsers || $canManageNotes || $canManageWarnings || $canManageBans; -if(!$hasAccess) { - echo render_error(403); - return; -} +if(!$hasAccess) + Template::throwError(403); $notices = []; $userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); @@ -39,8 +35,7 @@ $userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); try { $userInfo = $users->getUser($userId, 'id'); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $currentUserRank = $users->getUserRank($currentUser); diff --git a/public-legacy/manage/users/warning.php b/public-legacy/manage/users/warning.php index 9bfc6dc..e945583 100644 --- a/public-legacy/manage/users/warning.php +++ b/public-legacy/manage/users/warning.php @@ -3,26 +3,24 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) + Template::throwError(403); $warns = $msz->getWarnings(); if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) { - if(CSRF::validateRequest()) { - try { - $warnInfo = $warns->getWarning((string)filter_input(INPUT_GET, 'w')); - } catch(RuntimeException $ex) { - echo render_error(404); - return; - } + if(!CSRF::validateRequest()) + Template::throwError(403); - $warns->deleteWarnings($warnInfo); - $msz->createAuditLog('WARN_DELETE', [$warnInfo->getId(), $warnInfo->getUserId()]); - url_redirect('manage-users-warnings', ['user' => $warnInfo->getUserId()]); - } else render_error(403); + try { + $warnInfo = $warns->getWarning((string)filter_input(INPUT_GET, 'w')); + } catch(RuntimeException $ex) { + Template::throwError(404); + } + + $warns->deleteWarnings($warnInfo); + $msz->createAuditLog('WARN_DELETE', [$warnInfo->getId(), $warnInfo->getUserId()]); + url_redirect('manage-users-warnings', ['user' => $warnInfo->getUserId()]); return; } @@ -31,8 +29,7 @@ $users = $msz->getUsers(); try { $userInfo = $users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id'); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } $modInfo = $msz->getActiveUser(); diff --git a/public-legacy/manage/users/warnings.php b/public-legacy/manage/users/warnings.php index 8694144..2bb6322 100644 --- a/public-legacy/manage/users/warnings.php +++ b/public-legacy/manage/users/warnings.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) { - echo render_error(403); - return; -} +if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) + Template::throwError(403); $users = $msz->getUsers(); @@ -25,18 +23,15 @@ if(filter_has_var(INPUT_GET, 'u')) { $userInfos[$filterUserId] = $filterUser; $userColours[$filterUserId] = $users->getUserColour($filterUser); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } } $warns = $msz->getWarnings(); $pagination = new Pagination($warns->countWarnings(userInfo: $filterUser), 10); -if(!$pagination->hasValidOffset()) { - echo render_error(404); - return; -} +if(!$pagination->hasValidOffset()) + Template::throwError(404); $warnList = []; $warnInfos = $warns->getWarnings(userInfo: $filterUser, pagination: $pagination); diff --git a/public-legacy/members.php b/public-legacy/members.php index 9b74c45..508d5e5 100644 --- a/public-legacy/members.php +++ b/public-legacy/members.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->isLoggedIn()) { - echo render_error(403); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(403); // TODO: restore forum-topics and forum-posts orderings @@ -53,8 +51,7 @@ $orderFields = [ if(empty($orderBy)) { $orderBy = $defaultOrder; } elseif(!array_key_exists($orderBy, $orderFields)) { - echo render_error(400); - return; + Template::throwError(400); } if(array_key_exists('alt', $orderFields[$orderBy])) @@ -63,8 +60,7 @@ if(array_key_exists('alt', $orderFields[$orderBy])) if(empty($orderDir)) { $orderDir = 'asc'; } elseif(!array_key_exists($orderDir, $orderDirs)) { - echo render_error(400); - return; + Template::throwError(400); } if($roleId === null) { @@ -73,8 +69,7 @@ if($roleId === null) { try { $roleInfo = $roles->getRole($roleId); } catch(RuntimeException $ex) { - echo render_error(404); - return; + Template::throwError(404); } } diff --git a/public-legacy/profile.php b/public-legacy/profile.php index 7101523..077fbd9 100644 --- a/public-legacy/profile.php +++ b/public-legacy/profile.php @@ -46,8 +46,7 @@ if($userInfo->isDeleted()) { switch($profileMode) { default: - echo render_error(404); - return; + Template::throwError(404); case 'forum-topics': url_redirect('search-query', ['query' => sprintf('type:forum:topic author:%s', $userInfo->getName()), 'section' => 'topics']); @@ -80,10 +79,8 @@ $avatarInfo = new UserAvatarAsset($userInfo); $backgroundInfo = new UserBackgroundAsset($userInfo); if($isEditing) { - if(!$canEdit) { - echo render_error(403); - return; - } + if(!$canEdit) + Template::throwError(403); $perms = $viewerPerms->checkMany([ 'edit_profile' => Perm::U_PROFILE_EDIT, diff --git a/public-legacy/search.php b/public-legacy/search.php index 95272e6..1682487 100644 --- a/public-legacy/search.php +++ b/public-legacy/search.php @@ -6,10 +6,8 @@ use RuntimeException; use Index\XArray; use Misuzu\Comments\CommentsCategory; -if(!$msz->isLoggedIn()) { - echo render_error(403); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(403); $searchQuery = !empty($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : ''; diff --git a/public-legacy/settings/account.php b/public-legacy/settings/account.php index e8c54df..58a59bc 100644 --- a/public-legacy/settings/account.php +++ b/public-legacy/settings/account.php @@ -6,10 +6,8 @@ use Misuzu\Users\User; use chillerlan\QRCode\QRCode; use chillerlan\QRCode\QROptions; -if(!$msz->isLoggedIn()) { - echo render_error(401); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(401); $errors = []; $users = $msz->getUsers(); diff --git a/public-legacy/settings/data.php b/public-legacy/settings/data.php index b867c7a..9c76f7e 100644 --- a/public-legacy/settings/data.php +++ b/public-legacy/settings/data.php @@ -6,10 +6,8 @@ use Index\XString; use Index\IO\FileStream; use Misuzu\Users\UserInfo; -if(!$msz->isLoggedIn()) { - echo render_error(401); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(401); $dbConn = $msz->getDbConn(); diff --git a/public-legacy/settings/index.php b/public-legacy/settings/index.php index 9ae3d3a..a5ef449 100644 --- a/public-legacy/settings/index.php +++ b/public-legacy/settings/index.php @@ -1,9 +1,7 @@ isLoggedIn()) { - echo render_error(401); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(401); url_redirect('settings-account'); diff --git a/public-legacy/settings/logs.php b/public-legacy/settings/logs.php index a5832e2..ac19d04 100644 --- a/public-legacy/settings/logs.php +++ b/public-legacy/settings/logs.php @@ -4,10 +4,8 @@ namespace Misuzu; use Misuzu\Pagination; $currentUser = $msz->getActiveUser(); -if($currentUser === null) { - echo render_error(401); - return; -} +if($currentUser === null) + Template::throwError(401); $loginAttempts = $msz->getLoginAttempts(); $auditLog = $msz->getAuditLog(); diff --git a/public-legacy/settings/sessions.php b/public-legacy/settings/sessions.php index dc19636..6852b1a 100644 --- a/public-legacy/settings/sessions.php +++ b/public-legacy/settings/sessions.php @@ -3,10 +3,8 @@ namespace Misuzu; use RuntimeException; -if(!$msz->isLoggedIn()) { - echo render_error(401); - return; -} +if(!$msz->isLoggedIn()) + Template::throwError(401); $errors = []; $sessions = $msz->getSessions(); diff --git a/public/index.php b/public/index.php index d232d92..c2a32dd 100644 --- a/public/index.php +++ b/public/index.php @@ -236,10 +236,8 @@ if($inManageMode) { } } - if(!$hasManageAccess) { - echo render_error(403); - exit; - } + if(!$hasManageAccess) + Template::throwError(403); } $mszRequestPath = $request->getPath(); diff --git a/src/Template.php b/src/Template.php index 26b1038..2b668d5 100644 --- a/src/Template.php +++ b/src/Template.php @@ -59,4 +59,19 @@ final class Template { throw new InvalidArgumentException('First parameter must be of type array or string.'); } } + + public static function displayInfo(?string $message, int $statusCode, ?string $template = null): never { + http_response_code($statusCode); + + self::$vars['http_code'] = $statusCode; + if(!empty($message)) + self::$vars['message'] = $message; + + self::render(sprintf($template ?? 'errors.%d', $statusCode)); + exit; + } + + public static function throwError(int $statusCode, ?string $template = null): never { + self::displayInfo(null, $statusCode, $template); + } } diff --git a/utility.php b/utility.php deleted file mode 100644 index f9dcd95..0000000 --- a/utility.php +++ /dev/null @@ -1,19 +0,0 @@ -