summaryrefslogtreecommitdiff
path: root/src/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/index.php')
-rw-r--r--src/index.php151
1 files changed, 136 insertions, 15 deletions
diff --git a/src/index.php b/src/index.php
index 1cc0d01..6258131 100644
--- a/src/index.php
+++ b/src/index.php
@@ -148,7 +148,7 @@ $GLOBALS["currentUser"] = &$currentUser;
if ($_action === "auth") {
if ($currentUser) {
- header("Location: .");
+ header("Location: " . $_GET["next"] ?? ".");
exit;
}
@@ -167,7 +167,7 @@ if ($_action === "auth") {
}
RequestUtils::setAuthorizedUser($user);
- header("Location: .");
+ header("Location: " . $_GET["next"] ?? ".");
} else {
_view("template_start", ["_title" => "Forum"]);
_view("template_navigation_start");
@@ -178,7 +178,7 @@ if ($_action === "auth") {
}
} elseif ($_action === "register") {
if ($currentUser) {
- header("Location: .");
+ header("Location: " . $_GET["next"] ?? ".");
exit;
}
@@ -259,7 +259,7 @@ if ($_action === "auth") {
}
} elseif ($_action === "logout") {
RequestUtils::unsetAuthorizedUser();
- header("Location: .");
+ header("Location: " . $_GET["next"] ?? ".");
} elseif ($_action === "viewtopic") {
$topicId = $_GET["topic"] ?? throw new Exception("Missing topic id");
$topic = new Topic();
@@ -343,8 +343,8 @@ if ($_action === "auth") {
/** @var Post $post */
foreach ($posts as $post) {
- /** @var ?User $postAuthor */
- $postAuthor = null;
+ /** @var ?User $topicAuthor */
+ $topicAuthor = null;
if ($post->authorId !== null && !isset($userCache[$post->authorId])) {
$usr = new User();
$usr->id = $post->authorId;
@@ -352,13 +352,13 @@ if ($_action === "auth") {
$userCache[$post->authorId] = &$usr;
}
if (isset($userCache[$post->authorId]))
- $postAuthor = &$userCache[$post->authorId];
+ $topicAuthor = &$userCache[$post->authorId];
$attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $post->id ]);
_view("view_post", [
"post" => $post,
- "postAuthor" => $postAuthor,
+ "postAuthor" => $topicAuthor,
"attachments" => $attachments,
]);
}
@@ -418,6 +418,20 @@ if ($_action === "auth") {
_view("form_newtopic");
_view("template_end");
}
+} elseif ($_action === "lookupuser") {
+ RequestUtils::ensureRequestMethod("GET");
+ $userHandle = $_GET["handle"] ?? throw new Exception("Missing handle");
+
+ $user = new User();
+ $user->name = $userHandle;
+
+ if (!$db->fetchWhere($user, "name")) {
+ http_response_code(404);
+ Messaging::error("No user with name @$userHandle");
+ exit;
+ }
+
+ header("Location: ./?_action=viewuser&user=" . urlencode($user->id));
} elseif ($_action === "viewuser") {
$userId = $_GET["user"] ?? throw new Exception("Missing user id");
$user = new User();
@@ -663,16 +677,16 @@ if ($_action === "auth") {
exit;
}
- $postAuthor = new User();
- $postAuthor->id = $post->authorId;
+ $topicAuthor = new User();
+ $topicAuthor->id = $post->authorId;
- if (!$db->fetch($postAuthor))
- $postAuthor = null;
+ if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
- $canDelete = ($currentUser->id === $postAuthor?->id && $postAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
+ $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
|| ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));
- if (!$canDelete) {
+ if (!$canEdit) {
http_response_code(403);
Messaging::error("You don't have permission to delete this post");
exit;
@@ -714,11 +728,118 @@ if ($_action === "auth") {
_view("template_navigation_end");
_view("form_delete_post_confirm", [
"post" => $post,
- "postAuthor" => $postAuthor,
+ "postAuthor" => $topicAuthor,
"attachments" => $attachments,
]);
_view("template_end");
}
+} elseif ($_action === "deletetopic") {
+ RequestUtils::ensureRequestMethod("POST");
+
+ if (!$currentUser) {
+ http_response_code(403);
+ Messaging::error("You need to be logged in to delete topics!");
+ exit;
+ }
+
+ $topicId = RequestUtils::getRequiredField("topic");
+
+ $topic = new Topic();
+ $topic->id = $topicId;
+
+ if (!$db->fetch($topic)) {
+ http_response_code(404);
+ Messaging::error("No topic exists with this id");
+ exit;
+ }
+
+ $topicAuthor = new User();
+ $topicAuthor->id = $topic->createdBy;
+
+ if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
+
+ $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_TOPIC))
+ || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_TOPIC));
+
+ if (!$canEdit) {
+ http_response_code(403);
+ Messaging::error("You don't have permission to delete this topic");
+ exit;
+ }
+
+ $confirm = $_POST["confirm"] ?? null;
+ if ($confirm !== null) {
+ $expectedConfirm = base64_encode(hash("sha256", "confirm" . $topic->id, true));
+ if ($confirm !== $expectedConfirm) {
+ http_response_code(400);
+ Messaging::error("Invalid confirmation");
+ exit;
+ }
+
+ if (!$db->delete($topic)) {
+ http_response_code(500);
+ Messaging::error("Failed to delete topic");
+ exit;
+ }
+
+ header("Location: .");
+ } else {
+ _view("template_start", ["_title" => "Forum"]);
+ _view("template_navigation_start");
+ _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
+ _view("template_navigation_end");
+ _view("form_delete_topic_confirm", [
+ "topic" => $topic,
+ "topicAuthor" => $topicAuthor,
+ ]);
+ _view("template_end");
+ }
+} elseif ($_action === "updatetopic") {
+ RequestUtils::ensureRequestMethod("POST");
+
+ if (!$currentUser) {
+ http_response_code(403);
+ Messaging::error("You need to be logged in to update topics!");
+ exit;
+ }
+
+ $topicId = RequestUtils::getRequiredField("topic");
+ $title = RequestUtils::getRequiredField("title");
+
+ $topic = new Topic();
+ $topic->id = $topicId;
+
+ if (!$db->fetch($topic)) {
+ http_response_code(404);
+ Messaging::error("No topic exists with this id");
+ exit;
+ }
+
+ $topicAuthor = new User();
+ $topicAuthor->id = $topic->createdBy;
+
+ if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
+
+ $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC))
+ || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC));
+
+ if (!$canEdit) {
+ http_response_code(403);
+ Messaging::error("You don't have permission to update this topic");
+ exit;
+ }
+
+ $topic->title = $title;
+
+ if (!$db->update($topic)) {
+ http_response_code(500);
+ Messaging::error("Failed to update topic");
+ exit;
+ }
+
+ header("Location: ./?_action=viewtopic&topic=" . urlencode($topicId));
} elseif ($_action === null) {
_view("template_start", ["_title" => "Forum"]);
_view("template_navigation_start");