diff --git a/.gitmodules b/.gitmodules index 70059b63..e69de29b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +0,0 @@ -[submodule "Web/static/img/oxygen-icons"] - path = Web/static/img/oxygen-icons - url = https://github.com/KDE/oxygen-icons5.git diff --git a/Web/Models/Entities/Comment.php b/Web/Models/Entities/Comment.php index 1afd0126..f9422761 100644 --- a/Web/Models/Entities/Comment.php +++ b/Web/Models/Entities/Comment.php @@ -34,11 +34,16 @@ class Comment extends Post */ function getOwner(bool $honourFlags = true, bool $real = false): RowModel { - if($honourFlags && $this->isPostedOnBehalfOfGroup()) { - if($this->getTarget() instanceof Post) - return (new Clubs)->get(abs($this->getTarget()->getTargetWall())); - } + if($honourFlags && $this->isPostedOnBehalfOfGroup() && $this->getTarget() instanceof Post) + return (new Clubs)->get(abs($this->getTarget()->getTargetWall())); return parent::getOwner($honourFlags, $real); } + + function canBeDeletedBy(User $user): bool + { + return $this->getOwner()->getId() == $user->getId() || + $this->getTarget()->getOwner()->getId() == $user->getId() || + $this->getTarget() instanceof Post && $this->getTarget()->getTargetWall() < 0 && (new Clubs)->get(abs($this->getTarget()->getTargetWall()))->canBeModifiedBy($user); + } } diff --git a/Web/Models/Entities/Traits/TRichText.php b/Web/Models/Entities/Traits/TRichText.php index 8f3461e7..b358bdc9 100644 --- a/Web/Models/Entities/Traits/TRichText.php +++ b/Web/Models/Entities/Traits/TRichText.php @@ -1,5 +1,6 @@ get($id); if(!$comment) $this->notFound(); - if($comment->getOwner()->getId() !== $this->user->id) - if($comment->getTarget()->getOwner()->getId() !== $this->user->id) - $this->throwError(403, "Forbidden", "У вас недостаточно прав чтобы редактировать этот ресурс."); + if(!$comment->canBeDeletedBy($this->user->identity)) + $this->throwError(403, "Forbidden", "У вас недостаточно прав чтобы редактировать этот ресурс."); $comment->delete(); $this->flashFail( diff --git a/Web/Presenters/OpenVKPresenter.php b/Web/Presenters/OpenVKPresenter.php index 6caf21d5..18a7c14b 100755 --- a/Web/Presenters/OpenVKPresenter.php +++ b/Web/Presenters/OpenVKPresenter.php @@ -34,10 +34,10 @@ abstract class OpenVKPresenter extends SimplePresenter ])); } - protected function setTempTheme(string $theme): void - { - Session::i()->set("_tempTheme", $theme); - } + protected function setTempTheme(string $theme): void + { + Session::i()->set("_tempTheme", $theme); + } protected function flashFail(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void { @@ -198,6 +198,7 @@ abstract class OpenVKPresenter extends SimplePresenter header("HTTP/1.1 403 Forbidden"); $this->getTemplatingEngine()->render(__DIR__ . "/templates/@banned.xml", [ "thisUser" => $this->user->identity, + "csrfToken" => $GLOBALS["csrfToken"], ]); exit; } @@ -221,25 +222,23 @@ abstract class OpenVKPresenter extends SimplePresenter { parent::onBeforeRender(); - if(!is_null($this->user)) { - $theme = $this->user->identity->getTheme(); - if(!is_null($theme) && $theme->overridesTemplates()) { - $this->template->_templatePath = $theme->getBaseDir() . "/tpl"; - } + $theme = NULL; + if(Session::i()->get("_tempTheme")) { + $theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")]; + Session::i()->set("_tempTheme", NULL); + } else if($this->requestParam("themePreview")) { + $theme = Themepacks::i()[$this->requestParam("themePreview")]; + } else if($this->user->identity !== null && $this->user->identity->getTheme()) { + $theme = $this->user->identity->getTheme(); } + $this->template->theme = $theme; + if(!is_null($theme) && $theme->overridesTemplates()) + $this->template->_templatePath = $theme->getBaseDir() . "/tpl"; + if(!is_null(Session::i()->get("_error"))) { $this->template->flashMessage = json_decode(Session::i()->get("_error")); Session::i()->set("_error", NULL); } - - if(Session::i()->get("_tempTheme")) - $this->template->theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")]; - else if($this->requestParam("themePreview")) - $this->template->theme = Themepacks::i()[$this->requestParam("themePreview")]; - else if($this->user->identity !== null && $this->user->identity->getTheme()) - $this->template->theme = $this->user->identity->getTheme(); - - // Знаю, каша ебаная, целестора рефактор всё равно сделает :))) } } diff --git a/Web/Presenters/UserPresenter.php b/Web/Presenters/UserPresenter.php index e2cc1f91..4f51175c 100644 --- a/Web/Presenters/UserPresenter.php +++ b/Web/Presenters/UserPresenter.php @@ -128,99 +128,99 @@ final class UserPresenter extends OpenVKPresenter if(!$id) $this->notFound(); - $user = $this->users->get($id); - if($_SERVER["REQUEST_METHOD"] === "POST") { - $this->willExecuteWriteAction(); + $user = $this->users->get($id); + if($_SERVER["REQUEST_METHOD"] === "POST") { + $this->willExecuteWriteAction(); + + if($_GET['act'] === "main" || $_GET['act'] == NULL) { + $user->setFirst_Name(empty($this->postParam("first_name")) ? $user->getFirstName() : $this->postParam("first_name")); + $user->setLast_Name(empty($this->postParam("last_name")) ? "" : $this->postParam("last_name")); + $user->setPseudo(empty($this->postParam("pseudo")) ? NULL : $this->postParam("pseudo")); + $user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status")); + if (strtotime($this->postParam("birthday")) < time()) + $user->setBirthday(strtotime($this->postParam("birthday"))); + + if ($this->postParam("marialstatus") <= 8 && $this->postParam("marialstatus") >= 0) + $user->setMarital_Status($this->postParam("marialstatus")); - if($_GET['act'] === "main" || $_GET['act'] == NULL) { - $user->setFirst_Name(empty($this->postParam("first_name")) ? $user->getFirstName() : $this->postParam("first_name")); - $user->setLast_Name(empty($this->postParam("last_name")) ? "" : $this->postParam("last_name")); - $user->setPseudo(empty($this->postParam("pseudo")) ? NULL : $this->postParam("pseudo")); - $user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status")); - if (strtotime($this->postParam("birthday")) < time()) - $user->setBirthday(strtotime($this->postParam("birthday"))); - - if ($this->postParam("marialstatus") <= 8 && $this->postParam("marialstatus") >= 0) - $user->setMarital_Status($this->postParam("marialstatus")); + if ($this->postParam("politViews") <= 9 && $this->postParam("politViews") >= 0) + $user->setPolit_Views($this->postParam("politViews")); + + if ($this->postParam("gender") <= 1 && $this->postParam("gender") >= 0) + $user->setSex($this->postParam("gender")); + + if(!empty($this->postParam("phone")) && $this->postParam("phone") !== $user->getPhone()) { + if(!OPENVK_ROOT_CONF["openvk"]["credentials"]["smsc"]["enable"]) + $this->flashFail("err", tr("error_segmentation"), "котлетки"); - if ($this->postParam("politViews") <= 9 && $this->postParam("politViews") >= 0) - $user->setPolit_Views($this->postParam("politViews")); + $code = $user->setPhoneWithVerification($this->postParam("phone")); - if ($this->postParam("gender") <= 1 && $this->postParam("gender") >= 0) - $user->setSex($this->postParam("gender")); - - if(!empty($this->postParam("phone")) && $this->postParam("phone") !== $user->getPhone()) { - if(!OPENVK_ROOT_CONF["openvk"]["credentials"]["smsc"]["enable"]) - $this->flashFail("err", tr("error_segmentation"), "котлетки"); - - $code = $user->setPhoneWithVerification($this->postParam("phone")); - - if(!Sms::send($this->postParam("phone"), "OPENVK - Your verification code is: $code")) - $this->flashFail("err", tr("error_segmentation"), "котлетки: Remote err!"); - } - } elseif($_GET['act'] === "contacts") { - if(empty($this->postParam("email_contact")) || Validator::i()->emailValid($this->postParam("email_contact"))) - $user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact")); - else - $this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment")); - - $telegram = $this->postParam("telegram"); - if(empty($telegram) || Validator::i()->telegramValid($telegram)) - if(strpos($telegram, "t.me/") === 0) - $user->setTelegram(empty($telegram) ? NULL : substr($telegram, 5)); - else - $user->setTelegram(empty($telegram) ? NULL : ltrim($telegram, "@")); - else - $this->flashFail("err", tr("invalid_telegram_name"), tr("invalid_telegram_name_comment")); - - $user->setCity(empty($this->postParam("city")) ? NULL : $this->postParam("city")); - $user->setAddress(empty($this->postParam("address")) ? NULL : $this->postParam("address")); - - $website = $this->postParam("website") ?? ""; - if(empty($website)) - $user->setWebsite(NULL); - else - $user->setWebsite((!parse_url($website, PHP_URL_SCHEME) ? "https://" : "") . $website); - } elseif($_GET['act'] === "interests") { - $user->setInterests(empty($this->postParam("interests")) ? NULL : ovk_proc_strtr($this->postParam("interests"), 300)); - $user->setFav_Music(empty($this->postParam("fav_music")) ? NULL : ovk_proc_strtr($this->postParam("fav_music"), 300)); - $user->setFav_Films(empty($this->postParam("fav_films")) ? NULL : ovk_proc_strtr($this->postParam("fav_films"), 300)); - $user->setFav_Shows(empty($this->postParam("fav_shows")) ? NULL : ovk_proc_strtr($this->postParam("fav_shows"), 300)); - $user->setFav_Books(empty($this->postParam("fav_books")) ? NULL : ovk_proc_strtr($this->postParam("fav_books"), 300)); - $user->setFav_Quote(empty($this->postParam("fav_quote")) ? NULL : ovk_proc_strtr($this->postParam("fav_quote"), 300)); - $user->setAbout(empty($this->postParam("about")) ? NULL : ovk_proc_strtr($this->postParam("about"), 300)); - } elseif($_GET['act'] === "status") { - if(mb_strlen($this->postParam("status")) > 255) { - $statusLength = (string) mb_strlen($this->postParam("status")); - $this->flashFail("err", "Ошибка", "Статус слишком длинный ($statusLength символов вместо 255 символов)"); - } - - $user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status")); - $user->save(); - - header("HTTP/1.1 302 Found"); - header("Location: /id" . $user->getId()); - exit; + if(!Sms::send($this->postParam("phone"), "OPENVK - Your verification code is: $code")) + $this->flashFail("err", tr("error_segmentation"), "котлетки: Remote err!"); } - - try { - $user->save(); - } catch(\PDOException $ex) { - if($ex->getCode() == 23000) - $this->flashFail("err", tr("error"), tr("error_shorturl")); + } elseif($_GET['act'] === "contacts") { + if(empty($this->postParam("email_contact")) || Validator::i()->emailValid($this->postParam("email_contact"))) + $user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact")); + else + $this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment")); + + $telegram = $this->postParam("telegram"); + if(empty($telegram) || Validator::i()->telegramValid($telegram)) + if(strpos($telegram, "t.me/") === 0) + $user->setTelegram(empty($telegram) ? NULL : substr($telegram, 5)); else - throw $ex; - } + $user->setTelegram(empty($telegram) ? NULL : ltrim($telegram, "@")); + else + $this->flashFail("err", tr("invalid_telegram_name"), tr("invalid_telegram_name_comment")); + + $user->setCity(empty($this->postParam("city")) ? NULL : $this->postParam("city")); + $user->setAddress(empty($this->postParam("address")) ? NULL : $this->postParam("address")); - $this->flash("succ", tr("changes_saved"), tr("changes_saved_comment")); + $website = $this->postParam("website") ?? ""; + if(empty($website)) + $user->setWebsite(NULL); + else + $user->setWebsite((!parse_url($website, PHP_URL_SCHEME) ? "https://" : "") . $website); + } elseif($_GET['act'] === "interests") { + $user->setInterests(empty($this->postParam("interests")) ? NULL : ovk_proc_strtr($this->postParam("interests"), 300)); + $user->setFav_Music(empty($this->postParam("fav_music")) ? NULL : ovk_proc_strtr($this->postParam("fav_music"), 300)); + $user->setFav_Films(empty($this->postParam("fav_films")) ? NULL : ovk_proc_strtr($this->postParam("fav_films"), 300)); + $user->setFav_Shows(empty($this->postParam("fav_shows")) ? NULL : ovk_proc_strtr($this->postParam("fav_shows"), 300)); + $user->setFav_Books(empty($this->postParam("fav_books")) ? NULL : ovk_proc_strtr($this->postParam("fav_books"), 300)); + $user->setFav_Quote(empty($this->postParam("fav_quote")) ? NULL : ovk_proc_strtr($this->postParam("fav_quote"), 300)); + $user->setAbout(empty($this->postParam("about")) ? NULL : ovk_proc_strtr($this->postParam("about"), 300)); + } elseif($_GET['act'] === "status") { + if(mb_strlen($this->postParam("status")) > 255) { + $statusLength = (string) mb_strlen($this->postParam("status")); + $this->flashFail("err", "Ошибка", "Статус слишком длинный ($statusLength символов вместо 255 символов)"); + } + + $user->setStatus(empty($this->postParam("status")) ? NULL : $this->postParam("status")); + $user->save(); + + header("HTTP/1.1 302 Found"); + header("Location: /id" . $user->getId()); + exit; } - $this->template->mode = in_array($this->queryParam("act"), [ - "main", "contacts", "interests", "avatar" - ]) ? $this->queryParam("act") - : "main"; + try { + $user->save(); + } catch(\PDOException $ex) { + if($ex->getCode() == 23000) + $this->flashFail("err", tr("error"), tr("error_shorturl")); + else + throw $ex; + } - $this->template->user = $user; + $this->flash("succ", tr("changes_saved"), tr("changes_saved_comment")); + } + + $this->template->mode = in_array($this->queryParam("act"), [ + "main", "contacts", "interests", "avatar" + ]) ? $this->queryParam("act") + : "main"; + + $this->template->user = $user; } function renderVerifyPhone(): void diff --git a/Web/Presenters/templates/@banned.xml b/Web/Presenters/templates/@banned.xml index d75e09bb..f7583e82 100644 --- a/Web/Presenters/templates/@banned.xml +++ b/Web/Presenters/templates/@banned.xml @@ -1,22 +1,20 @@ {extends "@layout.xml"} -{block title}Вам бан{/block} +{block title}{_"banned_title"}{/block} {block header} - Вы были верискокнуты + {_"banned_header"} {/block} {block content}
- Пользователь заблокирован. + {_'banned_alt'}

- Извините, {$thisUser->getCanonicalName()}, но вы были верискокнуты.
- А причина этому проста: {$thisUser->getBanReason()}. К сожалению, на этот раз - нам пришлось заблокировать вас навсегда. + {tr("banned_1", htmlentities($thisUser->getCanonicalName()))|noescape}
+ {tr("banned_2", htmlentities($thisUser->getBanReason()))|noescape}

- Вы всё ещё можете написать в службу поддержки, если считаете что произошла ошибка - или выйти. + {tr("banned_3", urlencode($csrfToken))|noescape}

-{/block} \ No newline at end of file +{/block} diff --git a/Web/Presenters/templates/@layout.xml b/Web/Presenters/templates/@layout.xml index ad47f7f4..caf16cde 100644 --- a/Web/Presenters/templates/@layout.xml +++ b/Web/Presenters/templates/@layout.xml @@ -201,8 +201,8 @@ style="max-width: 100%; margin-top: 50px;" /> {else} - Поддержка - Выйти + {_"menu_support"} + {_"menu_logout"} {/if} {else}
diff --git a/Web/Presenters/templates/Search/Index.xml b/Web/Presenters/templates/Search/Index.xml index 02f59cf5..b12c1c4e 100644 --- a/Web/Presenters/templates/Search/Index.xml +++ b/Web/Presenters/templates/Search/Index.xml @@ -9,7 +9,7 @@ {/block} {block header} - OpenVK » + {=OPENVK_ROOT_CONF["openvk"]["appearance"]["name"]} » {if $type === "users"} {tr("search_for_people")} {else} @@ -21,7 +21,7 @@ - +

diff --git a/Web/Presenters/templates/User/banned.xml b/Web/Presenters/templates/User/banned.xml index e5e2824b..a9cfed3c 100644 --- a/Web/Presenters/templates/User/banned.xml +++ b/Web/Presenters/templates/User/banned.xml @@ -1,7 +1,7 @@

Пользователь заблокирован.

- К сожалению, нам пришлось заблокировать страницу пользователя {$user->getFirstName()}.
- Комментарий модератора: {$user->getBanReason()}. + {tr("user_banned", htmlentities($user->getFirstName()))|noescape}
+ {_"user_banned_comment"} {$user->getBanReason()}.

diff --git a/Web/Presenters/templates/components/comment.xml b/Web/Presenters/templates/components/comment.xml index cfea3148..701db922 100644 --- a/Web/Presenters/templates/components/comment.xml +++ b/Web/Presenters/templates/components/comment.xml @@ -29,9 +29,7 @@
{$comment->getPublicationTime()} | - {var canDelete = $comment->getOwner()->getId() == $thisUser->getId()} - {var canDelete = $canDelete || $comment->getTarget()->getOwner()->getId() == $thisUser->getId()} - {if $canDelete} + {if $comment->canBeDeletedBy($thisUser)} {_"delete"} | {/if} Ответить diff --git a/Web/Presenters/templates/components/comments.xml b/Web/Presenters/templates/components/comments.xml index cfc103c7..0e04b73e 100644 --- a/Web/Presenters/templates/components/comments.xml +++ b/Web/Presenters/templates/components/comments.xml @@ -10,7 +10,9 @@ {foreach $comments as $comment} {include "comment.xml", comment => $comment} {/foreach} - {include "paginator.xml", conf => (object) ["page" => $page, "count" => $count, "amount" => sizeof($comments), "perPage" => 10]} +
+ {include "paginator.xml", conf => (object) ["page" => $page, "count" => $count, "amount" => sizeof($comments), "perPage" => 10]} +
{else}