diff --git a/create.php b/create.php index f220157b..eefe099f 100644 --- a/create.php +++ b/create.php @@ -21,6 +21,7 @@ $title = $_POST['title']; $subtitle = $_POST['subtitle']; $username = $_POST['username']; $password = $_POST['password']; +$email = $_POST['email']; $resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query([ 'mode' => 'check', @@ -39,6 +40,8 @@ if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username)) error(_('Invalid username')); if ($resp !== '1') error($config['error']['captcha']); +if (!filter_var($email, FILTER_VALIDATE_EMAIL)) + $email = ''; foreach (listBoards() as $i => $board) { if ($board['uri'] == $uri) @@ -66,12 +69,13 @@ error(_('The username you\'ve tried to enter already exists!')); $salt = generate_salt(); $password = hash('sha256', $salt . sha1($password)); -$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)'); +$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards, :email)'); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->bindValue(':type', 20); $query->bindValue(':boards', $uri); +$query->bindValue(':email', $email); $query->execute() or error(db_error($query)); $query = prepare('INSERT INTO ``boards`` (`uri`, `title`, `subtitle`) VALUES (:uri, :title, :subtitle)'); diff --git a/inc/config.php b/inc/config.php index 604e146d..da569b3d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1530,7 +1530,7 @@ // Edit any users' login information $config['mod']['editusers'] = ADMIN; // Change user's own password - $config['mod']['change_password'] = JANITOR; + $config['mod']['edit_profile'] = JANITOR; // Delete a user $config['mod']['deleteusers'] = ADMIN; // Create a user diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 3d78fb31..c24312f8 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1914,11 +1914,11 @@ function mod_deletebyip($boardName, $post, $global = false) { function mod_user($uid) { global $config, $mod; - if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id'])) + if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['edit_profile']) && $uid == $mod['id'])) error($config['error']['noaccess']); if (in_array($mod['boards'][0], array('infinity', 'z'))) - error('This board has password changing disabled.'); + error('This board has profile changing disabled.'); $query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); @@ -1997,8 +1997,8 @@ function mod_user($uid) { return; } - if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) { - if ($_POST['password'] != '') { + if (hasPermission($config['mod']['edit_profile']) && $uid == $mod['id']) { + if (isset($_POST['password']) && $_POST['password'] != '') { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); @@ -2013,13 +2013,50 @@ function mod_user($uid) { login($user['username'], $_POST['password']); setCookies(); } + + if (isset($_POST['username']) && $user['username'] !== $_POST['username']) { + if ($_POST['username'] == '') + error(sprintf($config['error']['required'], 'username')); + + if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $_POST['username'])) + error(_('Invalid username')); + + $query = prepare('SELECT `username` FROM ``mods``'); + $query->execute() or error(db_error($query)); + $users = $query->fetchAll(PDO::FETCH_ASSOC); + + foreach ($users as $i => $v) { + if (strtolower($_POST['username']) == strtolower($v['username'])) { + error(_('Refusing to change your username because another user is already using it.')); + } + } + + $query = prepare('UPDATE ``mods`` SET `username` = :username WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->bindValue(':username', $_POST['username']); + $query->execute() or error(db_error($query)); - if (hasPermission($config['mod']['manageusers'])) - header('Location: ?/users', true, $config['redirect_http']); - else - header('Location: ?/', true, $config['redirect_http']); + modLog('Renamed user "' . utf8tohtml($user['username']) . '" (#' . $user['id'] . ') to "' . utf8tohtml($_POST['username']) . '"'); + } + + if (isset($_POST['email']) && $user['email'] !== $_POST['email'] && (empty($_POST['email']) || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))) { + // account was renamed + $query = prepare('UPDATE ``mods`` SET `email` = :email WHERE `id` = :id'); + $query->bindValue(':id', $uid); + $query->bindValue(':email', $_POST['email']); + $query->execute() or error(db_error($query)); - return; + modLog('Changed user\'s email "' . utf8tohtml($user['email']) . '" (#' . $user['id'] . ') to "' . utf8tohtml($_POST['email']) . '"'); + } + + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (hasPermission($config['mod']['manageusers'])) + header('Location: ?/users', true, $config['redirect_http']); + else + header('Location: ?/', true, $config['redirect_http']); + + return; + } } if (hasPermission($config['mod']['modlog'])) { @@ -2032,21 +2069,18 @@ function mod_user($uid) { } if ($mod['type'] >= ADMIN){ - $boards = listBoards(); + $boards = listBoards(); } else { - $boards2 = explode(',', $user['boards']); - - foreach($boards2 as $string){ - - $boards[] = array("uri"=>$string, "title"=>"MY BOARD"); - - } - + $boards2 = explode(',', $user['boards']); + foreach ($boards2 as $string){ + $boards[] = array("uri"=>$string, "title" => _("My board")); + } } + $user['boards'] = explode(',', $user['boards']); - mod_page(_('Edit user'), 'mod/user.html', array( + mod_page(_('Edit user profile'), 'mod/user.html', array( 'user' => $user, 'logs' => $log, 'boards' => $boards, @@ -2114,7 +2148,7 @@ function mod_users() { if (!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); - $query = query("SELECT ``m``.`id`, ``m``.`username`, ``m``.`boards`, ``m``.`type`, + $query = query("SELECT ``m``.`id`, ``m``.`username`, ``m``.`boards`, ``m``.`type`, ``m``.`email`, ``ml``.`time` last, ``ml``.`text` action FROM ``mods`` AS m LEFT JOIN ( @@ -2125,7 +2159,7 @@ function mod_users() { FROM ``modlogs`` GROUP BY `mod` ) AS ml2 USING (`mod`, time) - ) AS ml ON m.id = ml.`mod` ORDER BY ``m``.`type` DESC;") or error(db_error()); + ) AS ml ON m.id = ml.`mod` GROUP BY ``m``.`id` ORDER BY ``m``.`type` DESC;") or error(db_error()); $users = $query->fetchAll(PDO::FETCH_ASSOC); foreach ($users as &$user) { diff --git a/install.sql b/install.sql index 7990c0a8..86527a11 100644 --- a/install.sql +++ b/install.sql @@ -138,6 +138,7 @@ CREATE TABLE IF NOT EXISTS `mods` ( `salt` char(32) CHARACTER SET ascii NOT NULL, `type` smallint(2) NOT NULL, `boards` text CHARACTER SET utf8 NOT NULL, + `email` varchar(1024) DEFAULT '', PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`,`username`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ; diff --git a/templates/8chan/create.html b/templates/8chan/create.html index be0cf4b7..6f8af2f7 100644 --- a/templates/8chan/create.html +++ b/templates/8chan/create.html @@ -7,6 +7,7 @@ Subtitle {% trans %}(must be < 200 chars){% endtrans %} {% trans %}Username{% endtrans %} {% trans %}(must contain only alphanumeric, periods and underscores){% endtrans %} {% trans %}Password{% endtrans %} {% trans %}(write this down){% endtrans %} +{% trans %}Email{% endtrans %} {% trans %}(optional, for board recovery){% endtrans %} {% trans %}CAPTCHA{% endtrans %}{{ captcha['html'] }}

diff --git a/templates/mod/dashboard.html b/templates/mod/dashboard.html index a97f0480..c7a516dc 100644 --- a/templates/mod/dashboard.html +++ b/templates/mod/dashboard.html @@ -66,7 +66,7 @@ {% if mod|hasPermission(config.mod.manageusers) %}
  • {% trans 'Manage users' %}
    • {% elseif mod|hasPermission(config.mod.change_password) %} -
  • {% trans 'Change password' %}
    • +
  • {% trans 'Edit profile' %} (username, email, password)
    • {% endif %} {% if mod|hasPermission(config.mod.themes) %}
  • {% trans 'Manage themes' %}
    • diff --git a/templates/mod/user.html b/templates/mod/user.html index 08598fe5..100f56e6 100644 --- a/templates/mod/user.html +++ b/templates/mod/user.html @@ -8,9 +8,9 @@ - + + + + + {% if new %} @@ -42,6 +52,7 @@ {% endif %} + {% if mod|hasPermission(config.mod.editusers) %} + {% endif %}
    {% trans 'Username' %}{% trans 'Username' %}
    {% if not mod|hasPermission(config.mod.editusers) %}({% trans 'warning: changing your username
    will log you out and change all occurrences
    of your old username to the new one in
    your board\'s logs' %}){% endif %}    		 - {% if new or mod|hasPermission(config.mod.editusers) %} + {% if new or mod|hasPermission(config.mod.edit_profile) %} {% else %} {{ user.username|e }} @@ -20,13 +20,23 @@
    {% trans 'Password' %}{% if not new %} ({% trans 'new; optional' %}){% endif %} - {% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.change_password) and user.id == mod.id)) %} + {% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.edit_profile) and user.id == mod.id)) %} {% else %} - {% endif %}
    {% trans 'Email' %}
    ({% trans 'if you forget your board password
    email admin@8chan.co from this
    address to request a reset; optional' %})    		 + {% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.edit_profile) and user.id == mod.id)) %} + + {% else %} + - + {% endif %} +
    {% trans 'Group' %}
    {% trans 'Boards' %} @@ -73,6 +84,7 @@