2020-06-07 19:04:43 +03:00
|
|
|
|
<?php declare(strict_types=1);
|
|
|
|
|
namespace openvk\Web\Presenters;
|
|
|
|
|
use openvk\Web\Util\Sms;
|
2020-06-11 23:21:49 +03:00
|
|
|
|
use openvk\Web\Themes\Themepacks;
|
2022-08-09 08:58:47 +03:00
|
|
|
|
use openvk\Web\Models\Entities\{Photo, Post, EmailChangeVerification};
|
|
|
|
|
use openvk\Web\Models\Entities\Notifications\{CoinsTransferNotification, RatingUpNotification};
|
|
|
|
|
use openvk\Web\Models\Repositories\{Users, Clubs, Albums, Videos, Notes, Vouchers, EmailChangeVerifications};
|
2022-02-05 21:09:37 +03:00
|
|
|
|
use openvk\Web\Models\Exceptions\InvalidUserNameException;
|
2021-12-08 21:06:05 +03:00
|
|
|
|
use openvk\Web\Util\Validator;
|
2021-12-02 18:31:32 +03:00
|
|
|
|
use Chandler\Security\Authenticator;
|
|
|
|
|
use lfkeitel\phptotp\{Base32, Totp};
|
2021-12-02 19:12:45 +03:00
|
|
|
|
use chillerlan\QRCode\{QRCode, QROptions};
|
2022-05-06 17:17:08 +03:00
|
|
|
|
use Nette\Database\UniqueConstraintViolationException;
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
|
|
|
|
final class UserPresenter extends OpenVKPresenter
|
|
|
|
|
{
|
|
|
|
|
private $users;
|
2022-08-05 23:00:52 +03:00
|
|
|
|
|
|
|
|
|
public $deactivationTolerant = false;
|
2020-06-07 19:04:43 +03:00
|
|
|
|
function __construct(Users $users)
|
|
|
|
|
{
|
|
|
|
|
$this->users = $users;
|
|
|
|
|
|
|
|
|
|
parent::__construct();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderView(int $id): void
|
|
|
|
|
{
|
|
|
|
|
$user = $this->users->get($id);
|
2022-07-11 19:07:49 +03:00
|
|
|
|
if(!$user || $user->isDeleted()) {
|
2022-08-05 23:00:52 +03:00
|
|
|
|
if($user->isDeactivated()) {
|
|
|
|
|
$this->template->_template = "User/deactivated.xml";
|
|
|
|
|
|
|
|
|
|
$this->template->user = $user;
|
|
|
|
|
} else {
|
|
|
|
|
$this->template->_template = "User/deleted.xml";
|
|
|
|
|
}
|
2022-07-11 19:07:49 +03:00
|
|
|
|
} else {
|
2020-06-07 19:04:43 +03:00
|
|
|
|
$this->template->albums = (new Albums)->getUserAlbums($user);
|
|
|
|
|
$this->template->albumsCount = (new Albums)->getUserAlbumsCount($user);
|
|
|
|
|
$this->template->videos = (new Videos)->getByUser($user, 1, 2);
|
|
|
|
|
$this->template->videosCount = (new Videos)->getUserVideosCount($user);
|
|
|
|
|
$this->template->notes = (new Notes)->getUserNotes($user, 1, 4);
|
|
|
|
|
$this->template->notesCount = (new Notes)->getUserNotesCount($user);
|
2021-11-04 14:45:30 +03:00
|
|
|
|
|
2020-06-07 19:04:43 +03:00
|
|
|
|
$this->template->user = $user;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderFriends(int $id): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
$user = $this->users->get($id);
|
|
|
|
|
$page = abs($this->queryParam("p") ?? 1);
|
|
|
|
|
if(!$user)
|
|
|
|
|
$this->notFound();
|
2021-12-14 16:00:12 +03:00
|
|
|
|
elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
|
|
|
|
|
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
else
|
|
|
|
|
$this->template->user = $user;
|
|
|
|
|
|
|
|
|
|
$this->template->mode = in_array($this->queryParam("act"), [
|
|
|
|
|
"incoming", "outcoming", "friends"
|
|
|
|
|
]) ? $this->queryParam("act")
|
|
|
|
|
: "friends";
|
|
|
|
|
$this->template->page = $page;
|
|
|
|
|
|
|
|
|
|
if(!is_null($this->user)) {
|
|
|
|
|
if($this->template->mode !== "friends" && $this->user->id !== $id) {
|
|
|
|
|
$name = $user->getFullName();
|
|
|
|
|
$this->flash("err", "Ошибка доступа", "Вы не можете просматривать полный список подписок $name.");
|
|
|
|
|
|
2022-08-09 08:52:36 +03:00
|
|
|
|
$this->redirect($user->getURL());
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderGroups(int $id): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
$user = $this->users->get($id);
|
2021-12-14 16:00:12 +03:00
|
|
|
|
if(!$user)
|
2020-06-07 19:04:43 +03:00
|
|
|
|
$this->notFound();
|
2021-12-14 16:00:12 +03:00
|
|
|
|
elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
|
|
|
|
|
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
|
|
|
|
else {
|
2022-05-23 22:24:32 +03:00
|
|
|
|
if($this->queryParam("act") === "managed" && $this->user->id !== $user->getId())
|
|
|
|
|
$this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
|
|
|
|
|
|
2020-06-07 19:04:43 +03:00
|
|
|
|
$this->template->user = $user;
|
2021-12-24 23:17:05 +03:00
|
|
|
|
$this->template->page = (int) ($this->queryParam("p") ?? 1);
|
2021-11-20 13:47:59 +03:00
|
|
|
|
$this->template->admin = $this->queryParam("act") == "managed";
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
2021-11-10 11:45:06 +03:00
|
|
|
|
|
|
|
|
|
function renderPinClub(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
$club = (new Clubs)->get((int) $this->queryParam("club"));
|
|
|
|
|
if(!$club)
|
|
|
|
|
$this->notFound();
|
|
|
|
|
|
|
|
|
|
if(!$club->canBeModifiedBy($this->user->identity ?? NULL))
|
2021-12-25 19:03:21 +03:00
|
|
|
|
$this->flashFail("err", "Ошибка доступа", "У вас недостаточно прав, чтобы изменять этот ресурс.", NULL, true);
|
2021-11-10 11:45:06 +03:00
|
|
|
|
|
|
|
|
|
$isClubPinned = $this->user->identity->isClubPinned($club);
|
|
|
|
|
if(!$isClubPinned && $this->user->identity->getPinnedClubCount() > 10)
|
2021-12-25 19:03:21 +03:00
|
|
|
|
$this->flashFail("err", "Ошибка", "Находится в левом меню могут максимум 10 групп", NULL, true);
|
2021-11-10 11:45:06 +03:00
|
|
|
|
|
|
|
|
|
if($club->getOwner()->getId() === $this->user->identity->getId()) {
|
|
|
|
|
$club->setOwner_Club_Pinned(!$isClubPinned);
|
|
|
|
|
$club->save();
|
|
|
|
|
} else {
|
|
|
|
|
$manager = $club->getManager($this->user->identity);
|
|
|
|
|
if(!is_null($manager)) {
|
|
|
|
|
$manager->setClub_Pinned(!$isClubPinned);
|
|
|
|
|
$manager->save();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-25 19:03:21 +03:00
|
|
|
|
$this->returnJson([
|
|
|
|
|
"success" => true
|
|
|
|
|
]);
|
2021-11-10 11:45:06 +03:00
|
|
|
|
}
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
|
|
|
|
function renderEdit(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
$id = $this->user->id; #TODO: when ACL'll be done, allow admins to edit users via ?GUID=(chandler guid)
|
|
|
|
|
|
|
|
|
|
if(!$id)
|
|
|
|
|
$this->notFound();
|
2022-05-06 17:17:08 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$user = $this->users->get($id);
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] === "POST") {
|
2021-12-25 20:47:18 +03:00
|
|
|
|
$this->willExecuteWriteAction($_GET['act'] === "status");
|
2021-12-13 20:19:53 +03:00
|
|
|
|
|
|
|
|
|
if($_GET['act'] === "main" || $_GET['act'] == NULL) {
|
2022-02-05 21:09:37 +03:00
|
|
|
|
try {
|
|
|
|
|
$user->setFirst_Name(empty($this->postParam("first_name")) ? $user->getFirstName() : $this->postParam("first_name"));
|
|
|
|
|
$user->setLast_Name(empty($this->postParam("last_name")) ? "" : $this->postParam("last_name"));
|
|
|
|
|
} catch(InvalidUserNameException $ex) {
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("invalid_real_name"));
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$user->setPseudo(empty($this->postParam("pseudo")) ? NULL : $this->postParam("pseudo"));
|
|
|
|
|
$user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status"));
|
2022-02-07 20:07:03 +03:00
|
|
|
|
$user->setHometown(empty($this->postParam("hometown")) ? NULL : $this->postParam("hometown"));
|
|
|
|
|
|
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
if (strtotime($this->postParam("birthday")) < time())
|
2022-07-09 17:33:55 +03:00
|
|
|
|
$user->setBirthday(empty($this->postParam("birthday")) ? NULL : strtotime($this->postParam("birthday")));
|
|
|
|
|
|
|
|
|
|
if ($this->postParam("birthday_privacy") <= 1 && $this->postParam("birthday_privacy") >= 0)
|
|
|
|
|
$user->setBirthday_Privacy($this->postParam("birthday_privacy"));
|
2021-09-13 19:34:02 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
if ($this->postParam("marialstatus") <= 8 && $this->postParam("marialstatus") >= 0)
|
|
|
|
|
$user->setMarital_Status($this->postParam("marialstatus"));
|
|
|
|
|
|
|
|
|
|
if ($this->postParam("politViews") <= 9 && $this->postParam("politViews") >= 0)
|
|
|
|
|
$user->setPolit_Views($this->postParam("politViews"));
|
|
|
|
|
|
2022-09-08 16:18:24 +03:00
|
|
|
|
if ($this->postParam("gender"))
|
|
|
|
|
if($this->postParam("gender") == "hide")
|
|
|
|
|
$user->setGender(NULL);
|
2022-09-08 16:24:38 +03:00
|
|
|
|
elseif($this->postParam("gender") == "other")
|
|
|
|
|
if($this->postParam("other-gender-string"))
|
|
|
|
|
$user->setGender($this->postParam("other-gender-string"));
|
|
|
|
|
else
|
|
|
|
|
$user->setGender(NULL);
|
2022-09-08 16:18:24 +03:00
|
|
|
|
else
|
|
|
|
|
$user->setGender($this->postParam("gender"));
|
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
if(!empty($this->postParam("phone")) && $this->postParam("phone") !== $user->getPhone()) {
|
|
|
|
|
if(!OPENVK_ROOT_CONF["openvk"]["credentials"]["smsc"]["enable"])
|
|
|
|
|
$this->flashFail("err", tr("error_segmentation"), "котлетки");
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$code = $user->setPhoneWithVerification($this->postParam("phone"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
if(!Sms::send($this->postParam("phone"), "OPENVK - Your verification code is: $code"))
|
|
|
|
|
$this->flashFail("err", tr("error_segmentation"), "котлетки: Remote err!");
|
|
|
|
|
}
|
|
|
|
|
} elseif($_GET['act'] === "contacts") {
|
|
|
|
|
if(empty($this->postParam("email_contact")) || Validator::i()->emailValid($this->postParam("email_contact")))
|
|
|
|
|
$user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact"));
|
|
|
|
|
else
|
|
|
|
|
$this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment"));
|
2021-12-08 21:06:05 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$telegram = $this->postParam("telegram");
|
|
|
|
|
if(empty($telegram) || Validator::i()->telegramValid($telegram))
|
|
|
|
|
if(strpos($telegram, "t.me/") === 0)
|
|
|
|
|
$user->setTelegram(empty($telegram) ? NULL : substr($telegram, 5));
|
2021-11-12 19:56:41 +03:00
|
|
|
|
else
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$user->setTelegram(empty($telegram) ? NULL : ltrim($telegram, "@"));
|
|
|
|
|
else
|
|
|
|
|
$this->flashFail("err", tr("invalid_telegram_name"), tr("invalid_telegram_name_comment"));
|
2021-11-25 23:10:53 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$user->setCity(empty($this->postParam("city")) ? NULL : $this->postParam("city"));
|
|
|
|
|
$user->setAddress(empty($this->postParam("address")) ? NULL : $this->postParam("address"));
|
2022-02-07 20:07:03 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$website = $this->postParam("website") ?? "";
|
|
|
|
|
if(empty($website))
|
|
|
|
|
$user->setWebsite(NULL);
|
|
|
|
|
else
|
|
|
|
|
$user->setWebsite((!parse_url($website, PHP_URL_SCHEME) ? "https://" : "") . $website);
|
|
|
|
|
} elseif($_GET['act'] === "interests") {
|
|
|
|
|
$user->setInterests(empty($this->postParam("interests")) ? NULL : ovk_proc_strtr($this->postParam("interests"), 300));
|
|
|
|
|
$user->setFav_Music(empty($this->postParam("fav_music")) ? NULL : ovk_proc_strtr($this->postParam("fav_music"), 300));
|
|
|
|
|
$user->setFav_Films(empty($this->postParam("fav_films")) ? NULL : ovk_proc_strtr($this->postParam("fav_films"), 300));
|
|
|
|
|
$user->setFav_Shows(empty($this->postParam("fav_shows")) ? NULL : ovk_proc_strtr($this->postParam("fav_shows"), 300));
|
|
|
|
|
$user->setFav_Books(empty($this->postParam("fav_books")) ? NULL : ovk_proc_strtr($this->postParam("fav_books"), 300));
|
|
|
|
|
$user->setFav_Quote(empty($this->postParam("fav_quote")) ? NULL : ovk_proc_strtr($this->postParam("fav_quote"), 300));
|
|
|
|
|
$user->setAbout(empty($this->postParam("about")) ? NULL : ovk_proc_strtr($this->postParam("about"), 300));
|
|
|
|
|
} elseif($_GET['act'] === "status") {
|
|
|
|
|
if(mb_strlen($this->postParam("status")) > 255) {
|
|
|
|
|
$statusLength = (string) mb_strlen($this->postParam("status"));
|
2021-12-25 20:47:18 +03:00
|
|
|
|
$this->flashFail("err", "Ошибка", "Статус слишком длинный ($statusLength символов вместо 255 символов)", NULL, true);
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
2021-12-13 20:19:53 +03:00
|
|
|
|
|
|
|
|
|
$user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status"));
|
|
|
|
|
$user->save();
|
|
|
|
|
|
2021-12-25 20:47:18 +03:00
|
|
|
|
$this->returnJson([
|
|
|
|
|
"success" => true
|
|
|
|
|
]);
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
try {
|
|
|
|
|
$user->save();
|
|
|
|
|
} catch(\PDOException $ex) {
|
|
|
|
|
if($ex->getCode() == 23000)
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_shorturl"));
|
|
|
|
|
else
|
|
|
|
|
throw $ex;
|
|
|
|
|
}
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
2021-12-13 20:19:53 +03:00
|
|
|
|
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->template->mode = in_array($this->queryParam("act"), [
|
|
|
|
|
"main", "contacts", "interests", "avatar"
|
|
|
|
|
]) ? $this->queryParam("act")
|
|
|
|
|
: "main";
|
|
|
|
|
|
|
|
|
|
$this->template->user = $user;
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderVerifyPhone(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
2021-01-01 00:18:53 +03:00
|
|
|
|
$this->willExecuteWriteAction();
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
|
|
|
|
$user = $this->user->identity;
|
|
|
|
|
if(!$user->hasPendingNumberChange())
|
|
|
|
|
exit;
|
|
|
|
|
else
|
|
|
|
|
$this->template->change = $user->getPendingPhoneVerification();
|
|
|
|
|
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] === "POST") {
|
|
|
|
|
if(!$user->verifyNumber($this->postParam("code") ?? 0))
|
|
|
|
|
$this->flashFail("err", "Ошибка", "Не удалось подтвердить номер телефона: неверный код.");
|
|
|
|
|
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderSub(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
2021-01-01 00:18:53 +03:00
|
|
|
|
$this->willExecuteWriteAction();
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] !== "POST") exit("Invalid state");
|
|
|
|
|
|
|
|
|
|
$user = $this->users->get((int) $this->postParam("id"));
|
|
|
|
|
if(!$user) exit("Invalid state");
|
|
|
|
|
|
|
|
|
|
$user->toggleSubscription($this->user->identity);
|
|
|
|
|
|
2022-08-09 08:52:36 +03:00
|
|
|
|
$this->redirect($user->getURL());
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderSetAvatar(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
2021-01-01 00:18:53 +03:00
|
|
|
|
$this->willExecuteWriteAction();
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
|
|
|
|
$photo = new Photo;
|
|
|
|
|
try {
|
|
|
|
|
$photo->setOwner($this->user->id);
|
|
|
|
|
$photo->setDescription("Profile image");
|
|
|
|
|
$photo->setFile($_FILES["blob"]);
|
|
|
|
|
$photo->setCreated(time());
|
|
|
|
|
$photo->save();
|
|
|
|
|
} catch(ISE $ex) {
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_upload_failed"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
|
2022-07-29 12:41:43 +03:00
|
|
|
|
$album = (new Albums)->getUserAvatarAlbum($this->user->identity);
|
|
|
|
|
$album->addPhoto($photo);
|
|
|
|
|
$album->setEdited(time());
|
|
|
|
|
$album->save();
|
|
|
|
|
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("succ", tr("photo_saved"), tr("photo_saved_comment"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderSettings(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
$id = $this->user->id; #TODO: when ACL'll be done, allow admins to edit users via ?GUID=(chandler guid)
|
|
|
|
|
|
|
|
|
|
if(!$id)
|
|
|
|
|
$this->notFound();
|
2022-05-06 17:17:08 +03:00
|
|
|
|
|
2021-10-12 12:15:55 +03:00
|
|
|
|
if(in_array($this->queryParam("act"), ["finance", "finance.top-up"]) && !OPENVK_ROOT_CONF["openvk"]["preferences"]["commerce"])
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("feature_disabled"));
|
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
$user = $this->users->get($id);
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] === "POST") {
|
2021-01-01 00:18:53 +03:00
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
if($_GET['act'] === "main" || $_GET['act'] == NULL) {
|
|
|
|
|
if($this->postParam("old_pass") && $this->postParam("new_pass") && $this->postParam("repeat_pass")) {
|
|
|
|
|
if($this->postParam("new_pass") === $this->postParam("repeat_pass")) {
|
2021-12-02 18:31:32 +03:00
|
|
|
|
if($this->user->identity->is2faEnabled()) {
|
2022-05-06 17:17:08 +03:00
|
|
|
|
$code = $this->postParam("password_change_code");
|
2021-12-02 18:31:32 +03:00
|
|
|
|
if(!($code === (new Totp)->GenerateToken(Base32::decode($this->user->identity->get2faSecret())) || $this->user->identity->use2faBackupCode((int) $code)))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_2fa_code"));
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
if(!$this->user->identity->getChandlerUser()->updatePassword($this->postParam("new_pass"), $this->postParam("old_pass")))
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_old_password"));
|
2020-06-11 23:21:49 +03:00
|
|
|
|
} else {
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_new_password"));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
|
|
|
|
}
|
2022-05-06 17:17:08 +03:00
|
|
|
|
|
|
|
|
|
if($this->postParam("new_email")) {
|
|
|
|
|
if(!Validator::i()->emailValid($this->postParam("new_email")))
|
|
|
|
|
$this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment"));
|
|
|
|
|
|
|
|
|
|
if(!Authenticator::verifyHash($this->postParam("email_change_pass"), $user->getChandlerUser()->getRaw()->passwordHash))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_password"));
|
|
|
|
|
|
|
|
|
|
if($user->is2faEnabled()) {
|
|
|
|
|
$code = $this->postParam("email_change_code");
|
|
|
|
|
if(!($code === (new Totp)->GenerateToken(Base32::decode($user->get2faSecret())) || $user->use2faBackupCode((int) $code)))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_2fa_code"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($this->postParam("new_email") !== $user->getEmail()) {
|
|
|
|
|
if (OPENVK_ROOT_CONF['openvk']['preferences']['security']['requireEmail']) {
|
|
|
|
|
$request = (new EmailChangeVerifications)->getLatestByUser($user);
|
|
|
|
|
if(!is_null($request) && $request->isNew())
|
|
|
|
|
$this->flashFail("err", tr("forbidden"), tr("email_rate_limit_error"));
|
|
|
|
|
|
|
|
|
|
$verification = new EmailChangeVerification;
|
|
|
|
|
$verification->setProfile($user->getId());
|
|
|
|
|
$verification->setNew_Email($this->postParam("new_email"));
|
|
|
|
|
$verification->save();
|
|
|
|
|
|
|
|
|
|
$params = [
|
|
|
|
|
"key" => $verification->getKey(),
|
|
|
|
|
"name" => $user->getCanonicalName(),
|
|
|
|
|
];
|
|
|
|
|
$this->sendmail($this->postParam("new_email"), "change-email", $params); #Vulnerability possible
|
|
|
|
|
$this->flashFail("succ", tr("information_-1"), tr("email_change_confirm_message"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2022-05-07 16:00:25 +03:00
|
|
|
|
$user->changeEmail($this->postParam("new_email"));
|
2022-05-06 17:17:08 +03:00
|
|
|
|
} catch(UniqueConstraintViolationException $ex) {
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("user_already_exists"));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
if(!$user->setShortCode(empty($this->postParam("sc")) ? NULL : $this->postParam("sc")))
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_shorturl_incorrect"));
|
2021-10-07 11:47:30 +03:00
|
|
|
|
} else if($_GET['act'] === "privacy") {
|
2020-06-11 23:21:49 +03:00
|
|
|
|
$settings = [
|
|
|
|
|
"page.read",
|
|
|
|
|
"page.info.read",
|
|
|
|
|
"groups.read",
|
|
|
|
|
"photos.read",
|
|
|
|
|
"videos.read",
|
|
|
|
|
"notes.read",
|
|
|
|
|
"friends.read",
|
|
|
|
|
"friends.add",
|
|
|
|
|
"wall.write",
|
2021-12-28 12:40:14 +03:00
|
|
|
|
"messages.write",
|
2020-06-11 23:21:49 +03:00
|
|
|
|
];
|
|
|
|
|
foreach($settings as $setting) {
|
|
|
|
|
$input = $this->postParam(str_replace(".", "_", $setting));
|
|
|
|
|
$user->setPrivacySetting($setting, min(3, abs($input ?? $user->getPrivacySetting($setting))));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
2021-10-07 11:47:30 +03:00
|
|
|
|
} else if($_GET['act'] === "finance.top-up") {
|
|
|
|
|
$token = $this->postParam("key0") . $this->postParam("key1") . $this->postParam("key2") . $this->postParam("key3");
|
|
|
|
|
$voucher = (new Vouchers)->getByToken($token);
|
|
|
|
|
if(!$voucher)
|
|
|
|
|
$this->flashFail("err", tr("invalid_voucher"), tr("voucher_bad"));
|
|
|
|
|
|
|
|
|
|
$perm = $voucher->willUse($user);
|
|
|
|
|
if(!$perm)
|
|
|
|
|
$this->flashFail("err", tr("invalid_voucher"), tr("voucher_bad"));
|
|
|
|
|
|
|
|
|
|
$user->setCoins($user->getCoins() + $voucher->getCoins());
|
|
|
|
|
$user->setRating($user->getRating() + $voucher->getRating());
|
|
|
|
|
$user->save();
|
|
|
|
|
|
|
|
|
|
$this->flashFail("succ", tr("voucher_good"), tr("voucher_redeemed"));
|
|
|
|
|
} else if($_GET['act'] === "interface") {
|
2020-06-11 23:21:49 +03:00
|
|
|
|
if (isset(Themepacks::i()[$this->postParam("style")]) || $this->postParam("style") === Themepacks::DEFAULT_THEME_ID)
|
2021-11-06 23:43:48 +03:00
|
|
|
|
{
|
2022-01-17 19:01:30 +03:00
|
|
|
|
if ($this->postParam("theme_for_session") != "1") $user->setStyle($this->postParam("style"));
|
2022-01-16 23:15:33 +03:00
|
|
|
|
$this->setSessionTheme($this->postParam("style"));
|
2021-11-06 23:43:48 +03:00
|
|
|
|
}
|
2020-06-07 19:04:43 +03:00
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
if ($this->postParam("style_avatar") <= 2 && $this->postParam("style_avatar") >= 0)
|
|
|
|
|
$user->setStyle_Avatar((int)$this->postParam("style_avatar"));
|
|
|
|
|
|
|
|
|
|
if (in_array($this->postParam("rating"), [0, 1]))
|
|
|
|
|
$user->setShow_Rating((int) $this->postParam("rating"));
|
2021-01-04 20:33:25 +03:00
|
|
|
|
|
|
|
|
|
if (in_array($this->postParam("microblog"), [0, 1]))
|
|
|
|
|
$user->setMicroblog((int) $this->postParam("microblog"));
|
2021-01-07 19:19:36 +03:00
|
|
|
|
|
|
|
|
|
if(in_array($this->postParam("nsfw"), [0, 1, 2]))
|
|
|
|
|
$user->setNsfwTolerance((int) $this->postParam("nsfw"));
|
2022-05-23 11:18:06 +03:00
|
|
|
|
|
|
|
|
|
if(in_array($this->postParam("main_page"), [0, 1]))
|
|
|
|
|
$user->setMain_Page((int) $this->postParam("main_page"));
|
2021-10-07 11:47:30 +03:00
|
|
|
|
} else if($_GET['act'] === "lMenu") {
|
2020-06-11 23:21:49 +03:00
|
|
|
|
$settings = [
|
2022-01-03 22:13:53 +03:00
|
|
|
|
"menu_bildoj" => "photos",
|
|
|
|
|
"menu_filmetoj" => "videos",
|
|
|
|
|
"menu_mesagoj" => "messages",
|
|
|
|
|
"menu_notatoj" => "notes",
|
|
|
|
|
"menu_grupoj" => "groups",
|
|
|
|
|
"menu_novajoj" => "news",
|
|
|
|
|
"menu_ligiloj" => "links",
|
|
|
|
|
"menu_standardo" => "poster",
|
2020-06-11 23:21:49 +03:00
|
|
|
|
];
|
|
|
|
|
foreach($settings as $checkbox => $setting)
|
|
|
|
|
$user->setLeftMenuItemStatus($setting, $this->checkbox($checkbox));
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
2020-06-11 23:21:49 +03:00
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$user->save();
|
|
|
|
|
} catch(\PDOException $ex) {
|
|
|
|
|
if($ex->getCode() == 23000)
|
2020-08-20 17:05:00 +03:00
|
|
|
|
$this->flashFail("err", tr("error"), tr("error_shorturl"));
|
2020-06-11 23:21:49 +03:00
|
|
|
|
else
|
|
|
|
|
throw $ex;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-06 17:17:08 +03:00
|
|
|
|
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
2020-06-11 23:21:49 +03:00
|
|
|
|
}
|
|
|
|
|
$this->template->mode = in_array($this->queryParam("act"), [
|
2022-09-03 23:11:08 +03:00
|
|
|
|
"main", "security", "privacy", "finance", "finance.top-up", "interface"
|
2020-06-11 23:21:49 +03:00
|
|
|
|
]) ? $this->queryParam("act")
|
|
|
|
|
: "main";
|
2022-05-07 15:42:25 +03:00
|
|
|
|
|
|
|
|
|
if($this->template->mode == "finance") {
|
|
|
|
|
$address = OPENVK_ROOT_CONF["openvk"]["preferences"]["ton"]["address"];
|
2022-08-20 18:03:39 +03:00
|
|
|
|
$text = str_replace("$1", (string) $this->user->identity->getId(), OPENVK_ROOT_CONF["openvk"]["preferences"]["ton"]["hint"]);
|
2022-05-07 15:42:25 +03:00
|
|
|
|
$qrCode = explode("base64,", (new QRCode(new QROptions([
|
|
|
|
|
"imageTransparent" => false
|
|
|
|
|
])))->render("ton://transfer/$address?text=$text"));
|
|
|
|
|
|
|
|
|
|
$this->template->qrCodeType = substr($qrCode[0], 5);
|
|
|
|
|
$this->template->qrCodeData = $qrCode[1];
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-11 23:21:49 +03:00
|
|
|
|
$this->template->user = $user;
|
|
|
|
|
$this->template->themes = Themepacks::i()->getThemeList();
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|
2021-12-02 18:31:32 +03:00
|
|
|
|
|
2022-08-05 23:00:52 +03:00
|
|
|
|
function renderDeactivate(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
|
|
|
|
$flags = 0;
|
|
|
|
|
$reason = $this->postParam("deactivate_reason");
|
|
|
|
|
$share = $this->postParam("deactivate_share");
|
|
|
|
|
|
|
|
|
|
if($share) {
|
|
|
|
|
$flags |= 0b00100000;
|
|
|
|
|
|
|
|
|
|
$post = new Post;
|
|
|
|
|
$post->setOwner($this->user->id);
|
|
|
|
|
$post->setWall($this->user->id);
|
|
|
|
|
$post->setCreated(time());
|
|
|
|
|
$post->setContent($reason);
|
|
|
|
|
$post->setFlags($flags);
|
|
|
|
|
$post->save();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->user->identity->deactivate($reason);
|
|
|
|
|
|
|
|
|
|
$this->redirect("/");
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-02 18:31:32 +03:00
|
|
|
|
function renderTwoFactorAuthSettings(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
|
|
|
|
|
if($this->user->identity->is2faEnabled()) {
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] === "POST") {
|
|
|
|
|
if(!Authenticator::verifyHash($this->postParam("password"), $this->user->identity->getChandlerUser()->getRaw()->passwordHash))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_password"));
|
|
|
|
|
|
|
|
|
|
$this->user->identity->generate2faBackupCodes();
|
|
|
|
|
$this->template->_template = "User/TwoFactorAuthCodes.xml";
|
|
|
|
|
$this->template->codes = $this->user->identity->get2faBackupCodes();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->redirect("/settings");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$secret = Base32::encode(Totp::GenerateSecret(16));
|
|
|
|
|
if($_SERVER["REQUEST_METHOD"] === "POST") {
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
|
|
|
|
if(!Authenticator::verifyHash($this->postParam("password"), $this->user->identity->getChandlerUser()->getRaw()->passwordHash))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_password"));
|
|
|
|
|
|
|
|
|
|
$secret = $this->postParam("secret");
|
|
|
|
|
$code = $this->postParam("code");
|
|
|
|
|
|
|
|
|
|
if($code === (new Totp)->GenerateToken(Base32::decode($secret))) {
|
|
|
|
|
$this->user->identity->set2fa_secret($secret);
|
|
|
|
|
$this->user->identity->save();
|
|
|
|
|
|
2021-12-02 19:12:45 +03:00
|
|
|
|
$this->flash("succ", tr("two_factor_authentication_enabled_message"), tr("two_factor_authentication_enabled_message_description"));
|
2021-12-02 18:31:32 +03:00
|
|
|
|
$this->redirect("/settings");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->template->secret = $secret;
|
|
|
|
|
$this->flash("err", tr("error"), tr("incorrect_code"));
|
|
|
|
|
} else {
|
|
|
|
|
$this->template->secret = $secret;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-08 13:06:26 +03:00
|
|
|
|
# Why are these crutch? For some reason, the QR code is not displayed if you just pass the render output to the view
|
2022-01-06 01:31:21 +03:00
|
|
|
|
|
|
|
|
|
$issuer = OPENVK_ROOT_CONF["openvk"]["appearance"]["name"];
|
|
|
|
|
$email = $this->user->identity->getEmail();
|
|
|
|
|
$qrCode = explode("base64,", (new QRCode(new QROptions([
|
2021-12-02 19:12:45 +03:00
|
|
|
|
"imageTransparent" => false
|
2022-01-06 01:31:21 +03:00
|
|
|
|
])))->render("otpauth://totp/$issuer:$email?secret=$secret&issuer=$issuer"));
|
|
|
|
|
|
|
|
|
|
$this->template->qrCodeType = substr($qrCode[0], 5);
|
|
|
|
|
$this->template->qrCodeData = $qrCode[1];
|
2021-12-02 18:31:32 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function renderDisableTwoFactorAuth(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
|
|
|
|
if(!Authenticator::verifyHash($this->postParam("password"), $this->user->identity->getChandlerUser()->getRaw()->passwordHash))
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("incorrect_password"));
|
|
|
|
|
|
|
|
|
|
$this->user->identity->set2fa_secret(NULL);
|
|
|
|
|
$this->user->identity->save();
|
|
|
|
|
$this->flashFail("succ", tr("information_-1"), tr("two_factor_authentication_disabled_message"));
|
|
|
|
|
}
|
2021-12-19 15:34:33 +03:00
|
|
|
|
|
2022-04-17 08:19:31 +03:00
|
|
|
|
function renderResetThemepack(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertNoCSRF();
|
|
|
|
|
|
|
|
|
|
$this->setSessionTheme(Themepacks::DEFAULT_THEME_ID);
|
|
|
|
|
|
|
|
|
|
if($this->user) {
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
|
|
|
|
$this->user->identity->setStyle(Themepacks::DEFAULT_THEME_ID);
|
|
|
|
|
$this->user->identity->save();
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-09 08:52:36 +03:00
|
|
|
|
$this->redirect("/");
|
2022-04-17 08:19:31 +03:00
|
|
|
|
}
|
|
|
|
|
|
2021-12-19 15:34:33 +03:00
|
|
|
|
function renderCoinsTransfer(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
2022-05-06 17:17:08 +03:00
|
|
|
|
if(!OPENVK_ROOT_CONF["openvk"]["preferences"]["commerce"])
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("feature_disabled"));
|
|
|
|
|
|
2021-12-19 15:34:33 +03:00
|
|
|
|
$receiverAddress = $this->postParam("receiver");
|
|
|
|
|
$value = (int) $this->postParam("value");
|
|
|
|
|
$message = $this->postParam("message");
|
|
|
|
|
|
|
|
|
|
if(!$receiverAddress || !$value)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_tranfer_points"), tr("not_all_information_has_been_entered"));
|
|
|
|
|
|
|
|
|
|
if($value < 0)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_tranfer_points"), tr("negative_transfer_value"));
|
|
|
|
|
|
|
|
|
|
if(iconv_strlen($message) > 255)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_tranfer_points"), tr("message_is_too_long"));
|
|
|
|
|
|
|
|
|
|
$receiver = $this->users->getByAddress($receiverAddress);
|
|
|
|
|
if(!$receiver)
|
2022-05-06 17:17:08 +03:00
|
|
|
|
$this->flashFail("err", tr("failed_to_tranfer_points"), tr("receiver_not_found"));
|
2021-12-19 15:34:33 +03:00
|
|
|
|
|
|
|
|
|
if($this->user->identity->getCoins() < $value)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_tranfer_points"), tr("you_dont_have_enough_points"));
|
|
|
|
|
|
|
|
|
|
if($this->user->id !== $receiver->getId()) {
|
|
|
|
|
$this->user->identity->setCoins($this->user->identity->getCoins() - $value);
|
|
|
|
|
$this->user->identity->save();
|
|
|
|
|
|
|
|
|
|
$receiver->setCoins($receiver->getCoins() + $value);
|
|
|
|
|
$receiver->save();
|
|
|
|
|
|
|
|
|
|
(new CoinsTransferNotification($receiver, $this->user->identity, $value, $message))->emit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->flashFail("succ", tr("information_-1"), tr("points_transfer_successful", tr("points_amount", $value), $receiver->getURL(), htmlentities($receiver->getCanonicalName())));
|
|
|
|
|
}
|
2022-02-08 00:20:55 +03:00
|
|
|
|
|
|
|
|
|
function renderIncreaseRating(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertUserLoggedIn();
|
|
|
|
|
$this->willExecuteWriteAction();
|
|
|
|
|
|
|
|
|
|
if(!OPENVK_ROOT_CONF["openvk"]["preferences"]["commerce"])
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("feature_disabled"));
|
|
|
|
|
|
|
|
|
|
$receiverAddress = $this->postParam("receiver");
|
|
|
|
|
$value = (int) $this->postParam("value");
|
|
|
|
|
$message = $this->postParam("message");
|
|
|
|
|
|
|
|
|
|
if(!$receiverAddress || !$value)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_increase_rating"), tr("not_all_information_has_been_entered"));
|
|
|
|
|
|
|
|
|
|
if($value < 0)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_increase_rating"), tr("negative_rating_value"));
|
|
|
|
|
|
|
|
|
|
if(iconv_strlen($message) > 255)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_increase_rating"), tr("message_is_too_long"));
|
|
|
|
|
|
|
|
|
|
$receiver = $this->users->getByAddress($receiverAddress);
|
|
|
|
|
if(!$receiver)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_increase_rating"), tr("receiver_not_found"));
|
|
|
|
|
|
|
|
|
|
if($this->user->identity->getCoins() < $value)
|
|
|
|
|
$this->flashFail("err", tr("failed_to_increase_rating"), tr("you_dont_have_enough_points"));
|
|
|
|
|
|
|
|
|
|
$this->user->identity->setCoins($this->user->identity->getCoins() - $value);
|
|
|
|
|
$this->user->identity->save();
|
|
|
|
|
|
|
|
|
|
$receiver->setRating($receiver->getRating() + $value);
|
|
|
|
|
$receiver->save();
|
|
|
|
|
|
|
|
|
|
if($this->user->id !== $receiver->getId())
|
|
|
|
|
(new RatingUpNotification($receiver, $this->user->identity, $value, $message))->emit();
|
|
|
|
|
|
|
|
|
|
$this->flashFail("succ", tr("information_-1"), tr("rating_increase_successful", $receiver->getURL(), htmlentities($receiver->getCanonicalName()), $value));
|
|
|
|
|
}
|
2022-05-06 17:17:08 +03:00
|
|
|
|
|
|
|
|
|
function renderEmailChangeFinish(): void
|
|
|
|
|
{
|
|
|
|
|
$request = (new EmailChangeVerifications)->getByToken(str_replace(" ", "+", $this->queryParam("key")));
|
|
|
|
|
if(!$request || !$request->isStillValid()) {
|
|
|
|
|
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
|
|
|
|
|
$this->redirect("/settings");
|
|
|
|
|
} else {
|
|
|
|
|
$request->delete(false);
|
|
|
|
|
|
|
|
|
|
try {
|
2022-05-07 16:00:25 +03:00
|
|
|
|
$request->getUser()->changeEmail($request->getNewEmail());
|
2022-05-06 17:17:08 +03:00
|
|
|
|
} catch(UniqueConstraintViolationException $ex) {
|
|
|
|
|
$this->flashFail("err", tr("error"), tr("user_already_exists"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
|
|
|
|
$this->redirect("/settings");
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-07 19:04:43 +03:00
|
|
|
|
}
|