Skip to content
Permalink
Browse files

Massive overhauls.

  • Loading branch information
flashwave committed Dec 12, 2019
1 parent 55c133f commit b1bde96e646a6608c2734dfed3dbc1961eac96c7
Showing with 1,080 additions and 614 deletions.
  1. +6 −7 misuzu.php
  2. +2 −1 public/auth/login.php
  3. +2 −1 public/auth/password.php
  4. +5 −3 public/auth/register.php
  5. +3 −1 public/auth/twofactor.php
  6. +9 −6 public/forum/posting.php
  7. +5 −3 public/manage/general/blacklist.php
  8. +11 −9 public/manage/users/role.php
  9. +9 −6 public/manage/users/user.php
  10. +3 −1 public/manage/users/warnings.php
  11. +1 −1 public/news.php
  12. +45 −7 public/news/feed.php
  13. +3 −2 public/profile.php
  14. +2 −2 src/CSRF.php
  15. +144 −0 src/Colour.php
  16. +54 −0 src/Debug/Stopwatch.php
  17. +115 −0 src/Feeds/AtomFeedSerializer.php
  18. +78 −0 src/Feeds/Feed.php
  19. +110 −0 src/Feeds/FeedItem.php
  20. +6 −0 src/Feeds/FeedSerializer.php
  21. +82 −0 src/Feeds/RssFeedSerializer.php
  22. +79 −0 src/Feeds/XmlFeedSerializer.php
  23. +1 −1 src/Forum/forum.php
  24. +2 −2 src/Forum/post.php
  25. +23 −0 src/Net/GeoIP.php
  26. +108 −0 src/Net/IPAddress.php
  27. +80 −0 src/Net/IPAddressBlacklist.php
  28. +0 −38 src/Net/geoip.php
  29. +0 −184 src/Net/ip.php
  30. +0 −6 src/Parsers/BBCode/BBCodeParser.php
  31. +44 −0 src/Parsers/Parser.php
  32. +12 −0 src/Parsers/PlainParser.php
  33. +0 −60 src/Parsers/parse.php
  34. +4 −9 src/TwigMisuzu.php
  35. +1 −1 src/Users/login_attempt.php
  36. +2 −1 src/Users/object.php
  37. +2 −2 src/Users/session.php
  38. +5 −5 src/Users/user.php
  39. +2 −2 src/audit_log.php
  40. +0 −136 src/colour.php
  41. +0 −95 src/news.php
  42. +1 −1 templates/changelog/change.twig
  43. +2 −2 templates/forum/macros.twig
  44. +2 −2 templates/forum/posting.twig
  45. +1 −1 templates/info/view.twig
  46. +4 −6 templates/manage/users/role.twig
  47. +2 −2 templates/manage/users/user.twig
  48. +2 −2 templates/news/macros.twig
  49. +4 −4 templates/profile/index.twig
  50. +2 −2 utility.php
@@ -1,8 +1,11 @@
<?php
namespace Misuzu;

use Misuzu\Database\{ Database, DatabaseMigrationManager };
use PDO;
use Misuzu\Database\Database;
use Misuzu\Database\DatabaseMigrationManager;
use Misuzu\Net\GeoIP;
use Misuzu\Net\IPAddress;

define('MSZ_STARTUP', microtime(true));
define('MSZ_ROOT', __DIR__);
@@ -37,7 +40,6 @@

require_once 'src/audit_log.php';
require_once 'src/changelog.php';
require_once 'src/colour.php';
require_once 'src/comments.php';
require_once 'src/manage.php';
require_once 'src/news.php';
@@ -50,9 +52,6 @@
require_once 'src/Forum/post.php';
require_once 'src/Forum/topic.php';
require_once 'src/Forum/validate.php';
require_once 'src/Net/geoip.php';
require_once 'src/Net/ip.php';
require_once 'src/Parsers/parse.php';
require_once 'src/Users/auth.php';
require_once 'src/Users/avatar.php';
require_once 'src/Users/background.php';
@@ -384,7 +383,7 @@ function migrate_down(PDO \$conn): void {
exit;
}

geoip_init(Config::get('geoip.database', Config::TYPE_STR, '/var/lib/GeoIP/GeoLite2-Country.mmdb'));
GeoIP::init(Config::get('geoip.database', Config::TYPE_STR, '/var/lib/GeoIP/GeoLite2-Country.mmdb'));

if(!MSZ_DEBUG) {
$twigCache = sys_get_temp_dir() . '/msz-tpl-cache-' . md5(MSZ_ROOT);
@@ -456,7 +455,7 @@ function migrate_down(PDO \$conn): void {
}

CSRF::setGlobalSecretKey(Config::get('csrf.secret', Config::TYPE_STR, 'soup'));
CSRF::setGlobalIdentity(empty($userDisplayInfo) ? ip_remote_address() : $cookieData['session_token']);
CSRF::setGlobalIdentity(empty($userDisplayInfo) ? IPAddress::remote() : $cookieData['session_token']);

if(Config::get('private.enabled', Config::TYPE_BOOL)) {
$onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
@@ -1,6 +1,7 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddress;
use Misuzu\Users\User;

require_once '../../misuzu.php';
@@ -20,7 +21,7 @@
$siteIsPrivate = Config::get('private.enable', Config::TYPE_BOOL);
$loginPermCat = $siteIsPrivate ? Config::get('private.perm.cat', Config::TYPE_STR) : '';
$loginPermVal = $siteIsPrivate ? Config::get('private.perm.val', Config::TYPE_INT) : 0;
$ipAddress = ip_remote_address();
$ipAddress = IPAddress::remote();
$remainingAttempts = user_login_attempts_remaining($ipAddress);

while(!empty($_POST['login']) && is_array($_POST['login'])) {
@@ -2,6 +2,7 @@
namespace Misuzu;

use UnexpectedValueException;
use Misuzu\Net\IPAddress;

require_once '../../misuzu.php';

@@ -25,7 +26,7 @@
$notices = [];
$siteIsPrivate = Config::get('private.enable', Config::TYPE_BOOL);
$canResetPassword = $siteIsPrivate ? Config::get('private.allow_password_reset', Config::TYPE_BOOL, true) : true;
$ipAddress = ip_remote_address();
$ipAddress = IPAddress::remote();
$remainingAttempts = user_login_attempts_remaining($ipAddress);

while($canResetPassword) {
@@ -1,6 +1,8 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddress;
use Misuzu\Net\IPAddressBlacklist;
use Misuzu\Users\User;

require_once '../../misuzu.php';
@@ -12,10 +14,10 @@

$register = !empty($_POST['register']) && is_array($_POST['register']) ? $_POST['register'] : [];
$notices = [];
$ipAddress = ip_remote_address();
$ipAddress = IPAddress::remote();
$remainingAttempts = user_login_attempts_remaining($ipAddress);
$restricted = ip_blacklist_check(ip_remote_address()) ? 'blacklist'
: (user_warning_check_ip(ip_remote_address()) ? 'ban' : '');
$restricted = IPAddressBlacklist::check($ipAddress) ? 'blacklist'
: (user_warning_check_ip($ipAddress) ? 'ban' : '');

while(!$restricted && !empty($register)) {
if(!CSRF::validateRequest()) {
@@ -1,6 +1,8 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddress;

require_once '../../misuzu.php';

if(user_session_active()) {
@@ -10,7 +12,7 @@

$twofactor = !empty($_POST['twofactor']) && is_array($_POST['twofactor']) ? $_POST['twofactor'] : [];
$notices = [];
$ipAddress = ip_remote_address();
$ipAddress = IPAddress::remote();
$remainingAttempts = user_login_attempts_remaining($ipAddress);
$tokenInfo = user_auth_tfa_token_info(
!empty($_GET['token']) && is_string($_GET['token']) ? $_GET['token'] : (
@@ -1,6 +1,9 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddress;
use Misuzu\Parsers\Parser;

require_once '../../misuzu.php';

if(!user_session_active()) {
@@ -40,13 +43,13 @@
$postText = (string)($_POST['post']['text']);
$postParser = (int)($_POST['post']['parser']);

if(!parser_is_valid($postParser)) {
if(!Parser::isValid($postParser)) {
http_response_code(400);
return;
}

http_response_code(200);
echo parse_text(htmlspecialchars($postText), $postParser);
echo Parser::instance($postParser)->parseText(htmlspecialchars($postText));
return;
}

@@ -129,7 +132,7 @@
if(!empty($_POST)) {
$topicTitle = $_POST['post']['title'] ?? '';
$postText = $_POST['post']['text'] ?? '';
$postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);
$postParser = (int)($_POST['post']['parser'] ?? Parser::BBCODE);
$topicType = isset($_POST['post']['type']) ? (int)$_POST['post']['type'] : null;
$postSignature = isset($_POST['post']['signature']);

@@ -170,7 +173,7 @@
}
}

if(!parser_is_valid($postParser)) {
if(!Parser::isValid($postParser)) {
$notices[] = 'Invalid parser selected.';
}

@@ -202,7 +205,7 @@
$topicId,
$forum['forum_id'],
user_session_current('user_id', 0),
ip_remote_address(),
IPAddress::remote(),
$postText,
$postParser,
$postSignature
@@ -212,7 +215,7 @@
break;

case 'edit':
if(!forum_post_update($postId, ip_remote_address(), $postText, $postParser, $postSignature, $postText !== $post['post_text'])) {
if(!forum_post_update($postId, IPAddress::remote(), $postText, $postParser, $postSignature, $postText !== $post['post_text'])) {
$notices[] = 'Post edit failed.';
}

@@ -1,6 +1,8 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddressBlacklist;

require_once '../../../misuzu.php';

if(!perms_check_user(MSZ_PERMS_GENERAL, user_session_current('user_id'), General::PERM_MANAGE_BLACKLIST)) {
@@ -18,7 +20,7 @@

if(!empty($_POST['blacklist']['remove']) && is_array($_POST['blacklist']['remove'])) {
foreach($_POST['blacklist']['remove'] as $cidr) {
if(!ip_blacklist_remove($cidr)) {
if(!IPAddressBlacklist::remove($cidr)) {
$notices[] = sprintf('Failed to remove "%s" from the blacklist.', $cidr);
}
}
@@ -34,7 +36,7 @@
continue;
}

if(!ip_blacklist_add($cidr)) {
if(!IPAddressBlacklist::add($cidr)) {
$notices[] = sprintf('Failed to add "%s" to the blacklist.', $cidr);
}
}
@@ -44,5 +46,5 @@

Template::render('manage.general.blacklist', [
'notices' => $notices,
'blacklist' => ip_blacklist_list(),
'blacklist' => IPAddressBlacklist::list(),
]);
@@ -45,21 +45,20 @@
return;
}

$roleColour = colour_create();
$roleColour = new Colour;

if(!empty($_POST['role']['colour']['inherit'])) {
colour_set_inherit($roleColour);
$roleColour->setInherit(true);
} else {
foreach(['red', 'green', 'blue'] as $key) {
$value = (int)($_POST['role']['colour'][$key] ?? -1);
$func = 'colour_set_' . ucfirst($key);

if($value < 0 || $value > 0xFF) {
echo 'invalid colour value';
try {
$roleColour->{'set' . ucfirst($key)}($value);
} catch(\Exception $ex){
echo $ex->getMessage();
return;
}

$func($roleColour, $value);
}
}

@@ -118,7 +117,7 @@
$updateRole->bind('role_name', $roleName);
$updateRole->bind('role_hierarchy', $roleHierarchy);
$updateRole->bind('role_hidden', $roleSecret ? 1 : 0);
$updateRole->bind('role_colour', $roleColour);
$updateRole->bind('role_colour', $roleColour->getRaw());
$updateRole->bind('role_description', $roleDescription);
$updateRole->bind('role_title', $roleTitle);
$updateRole->execute();
@@ -179,7 +178,10 @@
return;
}

Template::set(['edit_role' => $editRole]);
Template::set([
'edit_role' => $editRole,
'role_colour' => new Colour($editRole['role_colour']),
]);
}

Template::render('manage.users.role', [
@@ -139,17 +139,19 @@
}

if(!empty($_POST['colour']) && is_array($_POST['colour'])) {
$userColour = null;
$setUserInfo['user_colour'] = null;

if(!empty($_POST['colour']['enable'])) {
$userColour = colour_create();
$userColour = new Colour;

if(!colour_from_hex($userColour, (string)($_POST['colour']['hex'] ?? ''))) {
$notices[] = 'An invalid colour was supplied.';
try {
$userColour->setHex((string)($_POST['colour']['hex'] ?? ''));
} catch(\Exception $ex) {
$notices[] = $ex->getMessage();
}
}

$setUserInfo['user_colour'] = $userColour;
$setUserInfo['user_colour'] = $userColour->getRaw();
}
}

if(!empty($_POST['password']) && is_array($_POST['password'])) {
@@ -241,6 +243,7 @@

Template::render('manage.users.user', [
'manage_user' => $manageUser,
'user_colour' => empty($manageUser['user_colour']) ? Colour::none() : new Colour($manageUser['user_colour']),
'manage_notices' => $notices,
'manage_roles' => $roles,
'can_edit_user' => $canEdit,
@@ -1,6 +1,8 @@
<?php
namespace Misuzu;

use Misuzu\Net\IPAddress;

require_once '../../../misuzu.php';

if(!perms_check_user(MSZ_PERMS_USER, user_session_current('user_id'), MSZ_PERM_USER_MANAGE_WARNINGS)) {
@@ -77,7 +79,7 @@
$warningsUser,
user_get_last_ip($warningsUser),
$currentUserId,
ip_remote_address(),
IPAddress::remote(),
$warningType,
$_POST['warning']['note'],
$_POST['warning']['private'],
@@ -16,7 +16,7 @@
$categoryId = !empty($_GET['c']) && is_string($_GET['c']) ? (int)$_GET['c'] : 0;
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;

if(!empty($feedMode) && news_feed_supported($feedMode)) {
if(!empty($feedMode) && in_array($feedMode, ['rss', 'atom'])) {
$location = empty($categoryId) ? url("news-feed-{$feedMode}") : url("news-category-feed-{$feedMode}", ['category' => $categoryId]);
}

@@ -1,11 +1,26 @@
<?php
namespace Misuzu;

use Misuzu\Feeds\Feed;
use Misuzu\Feeds\FeedItem;
use Misuzu\Feeds\AtomFeedSerializer;
use Misuzu\Feeds\RssFeedSerializer;
use Misuzu\Parsers\Parser;

require_once '../../misuzu.php';

$feedMode = trim($_SERVER['PATH_INFO'] ?? '', '/');

if(!news_feed_supported($feedMode)) {
switch($feedMode) {
case 'rss':
$feedSerializer = new RssFeedSerializer;
break;
case 'atom':
$feedSerializer = new AtomFeedSerializer;
break;
}

if(!isset($feedSerializer)) {
echo render_error(400);
return;
}
@@ -28,11 +43,34 @@
return;
}

$feed = (new Feed)
->setTitle(Config::get('site.name', Config::TYPE_STR, 'Misuzu') . ' » ' . ($category['category_name'] ?? 'Featured News'))
->setDescription($category['category_description'] ?? 'A live featured news feed.')
->setContentUrl(url_prefix(false) . (empty($category) ? url('news-index') : url('news-category', ['category' => $category['category_id']])))
->setFeedUrl(url_prefix(false) . (empty($category) ? url("news-feed-{$feedMode}") : url("news-category-feed-{$feedMode}", ['category' => $category['category_id']])));

foreach($posts as $post) {
$postUrl = url_prefix(false) . url('news-post', ['post' => $post['post_id']]);
$commentsUrl = url_prefix(false) . url('news-post-comments', ['post' => $post['post_id']]);
$authorUrl = url_prefix(false) . url('user-profile', ['user' => $post['user_id']]);

$feedItem = (new FeedItem)
->setTitle($post['post_title'])
->setSummary(first_paragraph($post['post_text']))
->setContent(Parser::instance(Parser::MARKDOWN)->parseText($post['post_text']))
->setCreationDate(strtotime($post['post_created']))
->setUniqueId($postUrl)
->setContentUrl($postUrl)
->setCommentsUrl($commentsUrl)
->setAuthorName($post['username'])
->setAuthorUrl($authorUrl);

if(!$feed->hasLastUpdate() || $feed->getLastUpdate() < $feedItem->getCreationDate())
$feed->setLastUpdate($feedItem->getCreationDate());

$feed->addItem($feedItem);
}

header("Content-Type: application/{$feedMode}+xml; charset=utf-8");

echo news_feed($feedMode, $posts, [
'title' => Config::get('site.name', Config::TYPE_STR, 'Misuzu') . ' » ' . ($category['category_name'] ?? 'Featured News'),
'subtitle' => $category['category_description'] ?? 'A live featured news feed.',
'html-url' => empty($category) ? url('news-index') : url('news-category', ['category' => $category['category_id']]),
'feed-url' => empty($category) ? url("news-feed-{$feedMode}") : url("news-category-feed-{$feedMode}", ['category' => $category['category_id']]),
]);
echo $feedSerializer->serializeFeed($feed);

0 comments on commit b1bde96

Please sign in to comment.
You can’t perform that action at this time.