yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

User/Cleanup

Browse Source 
* the great unfuckening of user and displayName
    * `login` is purely used as login with AUTH_MODE_SELF
    * `email` may now also be used to log in (if the system knows it)
    * `username` is purely used for display around the site, and lookups from web context
    * both must exist because of external logins
        a) that may be not unique
        b) you may not want to share with the rest of the world
    * todo: implement rename ( because of b) )
This commit is contained in:
Sarjuuk
2025-07-27 01:34:22 +02:00
parent bffdb9672e
commit 086760b9b1
19 changed files with 158 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/ajaxHandler/admin.class.php
View File

@@ -123,7 +123,7 @@ class AjaxAdmin extends AjaxHandler
if ($this->_get['type'] && $this->_get['type'] && $this->_get['typeid'] && $this->_get['typeid'])
$res = CommunityContent::getScreenshotsForManager($this->_get['type'], $this->_get['typeid']);
else if ($this->_get['user'])
if ($uId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE displayName = ?', $this->_get['user']))
if ($uId = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE LOWER(`username`) = LOWER(?)', $this->_get['user']))
$res = CommunityContent::getScreenshotsForManager(0, 0, $uId);
return 'ssm_screenshotData = '.Util::toJSON($res);

2
includes/ajaxHandler/edit.class.php
View File

@@ -41,7 +41,7 @@ class AjaxEdit extends AjaxHandler
$targetPath = 'static/uploads/guide/images/';
$tmpPath = 'static/uploads/temp/';
$tmpFile = User::$displayName.'-'.Type::GUIDE.'-0-'.Util::createHash(16);
$tmpFile = User::$username.'-'.Type::GUIDE.'-0-'.Util::createHash(16);
$uploader = new \qqFileUploader(['jpg', 'jpeg', 'png'], 10 * 1024 * 1024);
$result = $uploader->handleUpload($tmpPath, $tmpFile, true);

28
includes/ajaxHandler/profile.class.php
View File

@@ -112,7 +112,7 @@ class AjaxProfile extends AjaxHandler
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
if (!($uid = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE LOWER(`username`) = LOWER(?)', $this->_get['user'])))
{
trigger_error('AjaxProfile::handleLink - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
@@ -120,12 +120,12 @@ class AjaxProfile extends AjaxHandler
}
if ($this->undo)
DB::Aowow()->query('DELETE FROM ?_account_profiles WHERE accountId = ?d AND profileId IN (?a)', $uid, $this->_get['id']);
DB::Aowow()->query('DELETE FROM ?_account_profiles WHERE `accountId` = ?d AND `profileId` IN (?a)', $uid, $this->_get['id']);
else
{
foreach ($this->_get['id'] as $prId) // only link characters, not custom profiles
{
if ($prId = DB::Aowow()->selectCell('SELECT id FROM ?_profiler_profiles WHERE id = ?d AND realm IS NOT NULL', $prId))
if ($prId = DB::Aowow()->selectCell('SELECT `id` FROM ?_profiler_profiles WHERE `id` = ?d AND `realm` IS NOT NULL', $prId))
DB::Aowow()->query('INSERT IGNORE INTO ?_account_profiles VALUES (?d, ?d, 0)', $uid, $prId);
else
{
@@ -152,7 +152,7 @@ class AjaxProfile extends AjaxHandler
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
if (!($uid = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE LOWER(`username`) = LOWER(?)', $this->_get['user'])))
{
trigger_error('AjaxProfile::handlePin - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
@@ -160,10 +160,10 @@ class AjaxProfile extends AjaxHandler
}
// since only one character can be pinned at a time we can reset everything
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags & ?d WHERE accountId = ?d', ~PROFILER_CU_PINNED, $uid);
DB::Aowow()->query('UPDATE ?_account_profiles SET `extraFlags` = `extraFlags` & ?d WHERE `accountId` = ?d', ~PROFILER_CU_PINNED, $uid);
// and set a single char if necessary
if (!$this->undo)
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags | ?d WHERE profileId = ?d AND accountId = ?d', PROFILER_CU_PINNED, $this->_get['id'][0], $uid);
DB::Aowow()->query('UPDATE ?_account_profiles SET `extraFlags` = `extraFlags` | ?d WHERE `profileId` = ?d AND `accountId` = ?d', PROFILER_CU_PINNED, $this->_get['id'][0], $uid);
}
/* params
@@ -182,7 +182,7 @@ class AjaxProfile extends AjaxHandler
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
if (!($uid = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE LOWER(`username`) = LOWER(?)', $this->_get['user'])))
{
trigger_error('AjaxProfile::handlePrivacy - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
@@ -191,13 +191,13 @@ class AjaxProfile extends AjaxHandler
if ($this->undo)
{
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags & ?d WHERE profileId IN (?a) AND accountId = ?d', ~PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_profiler_profiles SET cuFlags = cuFlags & ?d WHERE id IN (?a) AND user = ?d', ~PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_account_profiles SET `extraFlags` = `extraFlags` & ?d WHERE `profileId` IN (?a) AND `accountId` = ?d', ~PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_profiler_profiles SET `cuFlags` = `cuFlags` & ?d WHERE `id` IN (?a) AND `user` = ?d', ~PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
}
else
{
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags | ?d WHERE profileId IN (?a) AND accountId = ?d', PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_profiler_profiles SET cuFlags = cuFlags | ?d WHERE id IN (?a) AND user = ?d', PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_account_profiles SET `extraFlags` = `extraFlags` | ?d WHERE `profileId` IN (?a) AND `accountId` = ?d', PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
DB::Aowow()->query('UPDATE ?_profiler_profiles SET `cuFlags` = `cuFlags` | ?d WHERE `id` IN (?a) AND `user` = ?d', PROFILER_CU_PUBLISHED, $this->_get['id'], $uid);
}
}
@@ -323,7 +323,7 @@ class AjaxProfile extends AjaxHandler
// todo (med): detail check this post-data
$cuProfile = array(
'user' => User::$id,
// 'userName' => User::$displayName,
// 'userName' => User::$username,
'name' => $this->_post['name'],
'level' => $this->_post['level'],
'class' => $this->_post['class'],
@@ -557,7 +557,7 @@ class AjaxProfile extends AjaxHandler
$profile['sourcename'] = $pBase['sourceName'];
$profile['description'] = $pBase['description'];
$profile['user'] = $pBase['user'];
$profile['username'] = DB::Aowow()->selectCell('SELECT displayName FROM ?_account WHERE id = ?d', $pBase['user']);
$profile['username'] = DB::Aowow()->selectCell('SELECT `username` FROM ?_account WHERE `id` = ?d', $pBase['user']);
}
// custom profiles inherit this when copied from real char :(
@@ -572,7 +572,7 @@ class AjaxProfile extends AjaxHandler
if ($_ = DB::Aowow()->selectCol('SELECT accountId FROM ?_account_profiles WHERE profileId = ?d', $pBase['id']))
$profile['bookmarks'] = $_;
// arena teams - [size(2|3|5) => DisplayName]; DisplayName gets urlized to use as link
// arena teams - [size(2|3|5) => name]; name gets urlized to use as link
if ($at = DB::Aowow()->selectCol('SELECT type AS ARRAY_KEY, name FROM ?_profiler_arena_team at JOIN ?_profiler_arena_team_member atm ON atm.arenaTeamId = at.id WHERE atm.profileId = ?d', $pBase['id']))
$profile['arenateams'] = $at;

54
includes/components/communitycontent.class.php
View File

@@ -31,13 +31,13 @@ class CommunityContent
private static string $coQuery =
'SELECT c.*,
a1.`displayName` AS `user`,
a2.`displayName` AS `editUser`,
a3.`displayName` AS `deleteUser`,
a4.`displayName` AS `responseUser`,
IFNULL(SUM(ur.`value`), 0) AS `rating`,
SUM(IF(ur.`userId` > 0 AND ur.`userId` = ?d, ur.`value`, 0)) AS `userRating`,
IF(r.`id` IS NULL, 0, 1) AS `userReported`
a1.`username` AS "user",
a2.`username` AS "editUser",
a3.`username` AS "deleteUser",
a4.`username` AS "responseUser",
IFNULL(SUM(ur.`value`), 0) AS "rating",
SUM(IF(ur.`userId` > 0 AND ur.`userId` = ?d, ur.`value`, 0)) AS "userRating",
IF(r.`id` IS NULL, 0, 1) AS "userReported"
FROM ?_comments c
JOIN ?_account a1 ON c.`userId` = a1.`id`
LEFT JOIN ?_account a2 ON c.`editUserId` = a2.`id`
@@ -51,7 +51,7 @@ class CommunityContent
ORDER BY c.`date` ASC';
private static string $ssQuery =
'SELECT s.`id` AS ARRAY_KEY, s.`id`, a.`displayName` AS `user`, s.`date`, s.`width`, s.`height`, s.`caption`, IF(s.`status` & ?d, 1, 0) AS "sticky", s.`type`, s.`typeId`
'SELECT s.`id` AS ARRAY_KEY, s.`id`, a.`username` AS "user", s.`date`, s.`width`, s.`height`, s.`caption`, IF(s.`status` & ?d, 1, 0) AS "sticky", s.`type`, s.`typeId`
FROM ?_screenshots s
LEFT JOIN ?_account a ON s.`userIdOwner` = a.`id`
WHERE { s.`userIdOwner` = ?d AND }{ s.`type` = ? AND }{ s.`typeId` = ? AND } s.`status` & ?d AND (s.`status` & ?d) = 0
@@ -59,7 +59,7 @@ class CommunityContent
{ LIMIT ?d }';
private static string $viQuery =
'SELECT v.`id` AS ARRAY_KEY, v.`id`, a.`displayName` AS `user`, v.`date`, v.`videoId`, v.`caption`, IF(v.`status` & ?d, 1, 0) AS "sticky", v.`type`, v.`typeId`
'SELECT v.`id` AS ARRAY_KEY, v.`id`, a.`username` AS "user", v.`date`, v.`videoId`, v.`caption`, IF(v.`status` & ?d, 1, 0) AS "sticky", v.`type`, v.`typeId`
FROM ?_videos v
LEFT JOIN ?_account a ON v.`userIdOwner` = a.`id`
WHERE { v.`userIdOwner` = ?d AND }{ v.`type` = ? AND }{ v.`typeId` = ? AND } v.`status` & ?d AND (v.`status` & ?d) = 0
@@ -68,14 +68,14 @@ class CommunityContent
private static string $previewQuery =
'SELECT c.`id`,
c.`body` AS `preview`,
c.`body` AS "preview",
c.`date`,
c.`replyTo` AS `commentid`,
IF(c.`flags` & ?d, 1, 0) AS `deleted`,
IF(c.`type` <> 0, c.`type`, c2.`type`) AS `type`,
IF(c.`typeId` <> 0, c.`typeId`, c2.`typeId`) AS `typeId`,
IFNULL(SUM(ur.`value`), 0) AS `rating`,
a.`displayName` AS `user`
c.`replyTo` AS "commentid",
IF(c.`flags` & ?d, 1, 0) AS "deleted",
IF(c.`type` <> 0, c.`type`, c2.`type`) AS "type",
IF(c.`typeId` <> 0, c.`typeId`, c2.`typeId`) AS "typeId",
IFNULL(SUM(ur.`value`), 0) AS "rating",
a.`username` AS "user"
FROM ?_comments c
JOIN ?_account a ON c.`userId` = a.`id`
LEFT JOIN ?_user_ratings ur ON ur.`entry` = c.`id` AND ur.`userId` <> 0 AND ur.`type` = 1
@@ -228,14 +228,14 @@ class CommunityContent
public static function getScreenshotsForManager($type, $typeId, $userId = 0)
{
$screenshots = DB::Aowow()->select('
SELECT s.id, a.displayName AS user, s.date, s.width, s.height, s.type, s.typeId, s.caption, s.status, s.status AS "flags"
$screenshots = DB::Aowow()->select(
'SELECT s.`id`, a.`username` AS "user", s.`date`, s.`width`, s.`height`, s.`type`, s.`typeId`, s.`caption`, s.`status`, s.`status` AS "flags"
FROM ?_screenshots s
LEFT JOIN ?_account a ON s.userIdOwner = a.id
LEFT JOIN ?_account a ON s.`userIdOwner` = a.`id`
WHERE
{ s.type = ?d}
{ AND s.typeId = ?d}
{ s.userIdOwner = ?d}
{ s.`type` = ?d}
{ AND s.`typeId` = ?d}
{ s.`userIdOwner` = ?d}
LIMIT 100',
$userId ? DBSIMPLE_SKIP : $type,
$userId ? DBSIMPLE_SKIP : $typeId,
@@ -300,11 +300,11 @@ class CommunityContent
{
// i GUESS .. ss_getALL ? everything : pending
$nFound = 0;
$pages = DB::Aowow()->select('
SELECT s.`type`, s.`typeId`, count(1) AS "count", MIN(s.`date`) AS "date"
FROM ?_screenshots s
{WHERE (s.status & ?d) = 0}
GROUP BY s.`type`, s.`typeId`',
$pages = DB::Aowow()->select(
'SELECT s.`type`, s.`typeId`, COUNT(1) AS "count", MIN(s.`date`) AS "date"
FROM ?_screenshots s
{ WHERE (s.`status` & ?d) = 0 }
GROUP BY s.`type`, s.`typeId`',
$all ? DBSIMPLE_SKIP : CC_FLAG_APPROVED | CC_FLAG_DELETED
);

4
includes/types/guide.class.php
View File

@@ -29,8 +29,8 @@ class GuideList extends BaseType
protected $queryBase = 'SELECT g.*, g.id AS ARRAY_KEY FROM ?_guides g';
protected $queryOpts = array(
'g' => [['a', 'c'], 'g' => 'g.`id`'],
'a' => ['j' => ['?_account a ON a.id = g.userId', true], 's' => ', IFNULL(a.displayName, "") AS author'],
'c' => ['j' => ['?_comments c ON c.`type` = '.Type::GUIDE.' AND c.`typeId` = g.`id` AND (c.`flags` & '.CC_FLAG_DELETED.') = 0', true], 's' => ', COUNT(c.`id`) AS `comments`']
'a' => ['j' => ['?_account a ON a.`id` = g.`userId`', true], 's' => ', IFNULL(a.`username`, "") AS "author"'],
'c' => ['j' => ['?_comments c ON c.`type` = '.Type::GUIDE.' AND c.`typeId` = g.`id` AND (c.`flags` & '.CC_FLAG_DELETED.') = 0', true], 's' => ', COUNT(c.`id`) AS "comments"']
);
public function __construct(array $conditions = [], array $miscData = [])

12
includes/types/user.class.php
View File

@@ -18,7 +18,7 @@ class UserList extends BaseType
protected $queryBase = 'SELECT *, a.id AS ARRAY_KEY FROM ?_account a';
protected $queryOpts = array(
'a' => [['r']],
'r' => ['j' => ['?_account_reputation r ON r.userId = a.id', true], 's' => ', IFNULL(SUM(r.amount), 0) AS reputation', 'g' => 'a.id']
'r' => ['j' => ['?_account_reputation r ON r.`userId` = a.`id`', true], 's' => ', IFNULL(SUM(r.`amount`), 0) AS "reputation"', 'g' => 'a.`id`']
);
public function getListviewData() { }
@@ -29,7 +29,7 @@ class UserList extends BaseType
foreach ($this->iterate() as $__)
{
$data[$this->curTpl['displayName']] = array(
$data[$this->curTpl['username']] = array(
'border' => 0, // border around avatar (rarityColors)
'roles' => $this->curTpl['userGroups'],
'joined' => date(Util::$dateFormatInternal, $this->curTpl['joinDate']),
@@ -40,14 +40,14 @@ class UserList extends BaseType
'reputation' => $this->curTpl['reputation']
);
// custom titles (only ssen on user page..?)
// custom titles (only seen on user page..?)
if ($_ = $this->curTpl['title'])
$data[$this->curTpl['displayName']]['title'] = $_;
$data[$this->curTpl['username']]['title'] = $_;
if ($_ = $this->curTpl['avatar'])
{
$data[$this->curTpl['displayName']]['avatar'] = is_numeric($_) ? 2 : 1;
$data[$this->curTpl['displayName']]['avatarmore'] = $_;
$data[$this->curTpl['username']]['avatar'] = is_numeric($_) ? 2 : 1;
$data[$this->curTpl['username']]['avatarmore'] = $_;
}
// more optional data

93
includes/user.class.php
View File

@@ -8,23 +8,22 @@ if (!defined('AOWOW_REVISION'))
class User
{
public static int $id = 0;
public static string $displayName = '';
public static int $banStatus = 0x0; // see ACC_BAN_* defines
public static int $groups = 0x0;
public static int $perms = 0;
public static string $avatar = 'inv_misc_questionmark';
public static int $dailyVotes = 0;
public static $ip = null;
public static int $id = 0;
public static string $username = '';
public static int $banStatus = 0x0; // see ACC_BAN_* defines
public static int $groups = 0x0;
public static int $perms = 0;
public static ?string $email = null;
public static int $dailyVotes = 0;
public static ?string $ip = null;
public static Locale $preferedLoc;
private static int $reputation = 0;
private static string $dataKey = '';
private static bool $expires = false;
private static string $passHash = '';
private static int $excludeGroups = 1;
public static Locale $preferedLoc;
private static ?LocalProfileList $profiles = null;
private static int $reputation = 0;
private static string $dataKey = '';
private static bool $expires = false;
private static string $passHash = '';
private static int $excludeGroups = 1;
private static ?LocalProfileList $profiles = null;
public static function init()
{
@@ -64,7 +63,7 @@ class User
return false;
$uData = DB::Aowow()->SelectRow(
'SELECT a.`id`, a.`passHash`, a.`displayName`, a.`locale`, a.`userGroups`, a.`userPerms`, a.`allowExpire`, BIT_OR(ab.`typeMask`) AS "bans", IFNULL(SUM(r.`amount`), 0) AS "reputation", a.`avatar`, a.`dailyVotes`, a.`excludeGroups`
'SELECT a.`id`, a.`passHash`, a.`username`, a.`locale`, a.`userGroups`, a.`userPerms`, a.`allowExpire`, BIT_OR(ab.`typeMask`) AS "bans", IFNULL(SUM(r.`amount`), 0) AS "reputation", a.`dailyVotes`, a.`excludeGroups`
FROM ?_account a
LEFT JOIN ?_account_banned ab ON a.`id` = ab.`userId` AND ab.`end` > UNIX_TIMESTAMP()
LEFT JOIN ?_account_reputation r ON a.`id` = r.`userId`
@@ -87,7 +86,7 @@ class User
}
self::$id = intVal($uData['id']);
self::$displayName = $uData['displayName'];
self::$username = $uData['username'];
self::$passHash = $uData['passHash'];
self::$expires = (bool)$uData['allowExpire'];
self::$reputation = $uData['reputation'];
@@ -103,9 +102,6 @@ class User
self::$profiles = (new LocalProfileList($conditions));
if ($uData['avatar'])
self::$avatar = $uData['avatar'];
// stuff, that updates on a daily basis goes here (if you keep you session alive indefinitly, the signin-handler doesn't do very much)
// - conscutive visits
@@ -190,10 +186,10 @@ class User
$_SESSION['locale'] = self::$preferedLoc; // keep locale
$_SESSION['dataKey'] = self::$dataKey; // keep dataKey
self::$id = 0;
self::$displayName = '';
self::$perms = 0;
self::$groups = U_GROUP_NONE;
self::$id = 0;
self::$username = '';
self::$perms = 0;
self::$groups = U_GROUP_NONE;
}
@@ -201,16 +197,16 @@ class User
/* auth mechanisms */
/*******************/
public static function authenticate(string $name, string $password) : int
public static function authenticate(string $login, string $password) : int
{
$userId = 0;
$hash = '';
$result = match (Cfg::get('ACC_AUTH_MODE'))
{
AUTH_MODE_SELF => self::authSelf($name, $password, $userId, $hash),
AUTH_MODE_REALM => self::authRealm($name, $password, $userId, $hash),
AUTH_MODE_EXTERNAL => self::authExtern($name, $password, $userId, $hash),
AUTH_MODE_SELF => self::authSelf($login, $password, $userId, $hash),
AUTH_MODE_REALM => self::authRealm($login, $password, $userId, $hash),
AUTH_MODE_EXTERNAL => self::authExtern($login, $password, $userId, $hash),
default => AUTH_INTERNAL_ERR
};
@@ -224,7 +220,7 @@ class User
return $result;
}
private static function authSelf(string $name, string $password, int &$userId, string &$hash) : int
private static function authSelf(string $nameOrEmail, string $password, int &$userId, string &$hash) : int
{
if (!self::$ip)
return AUTH_INTERNAL_ERR;
@@ -239,13 +235,16 @@ class User
if ($ipBan && $ipBan['count'] >= Cfg::get('ACC_FAILED_AUTH_COUNT') && $ipBan['active'])
return AUTH_IPBANNED;
$email = filter_var($nameOrEmail, FILTER_VALIDATE_EMAIL);
$query = DB::Aowow()->SelectRow(
'SELECT a.`id`, a.`passHash`, BIT_OR(ab.`typeMask`) AS "bans", a.`status`
FROM ?_account a
LEFT JOIN ?_account_banned ab ON a.`id` = ab.`userId` AND ab.`end` > UNIX_TIMESTAMP()
WHERE a.`user` = ?
WHERE { a.`email` = ? } { a.`login` = ? }
GROUP BY a.`id`',
$name
$email ?: DBSIMPLE_SKIP,
!$email ? $nameOrEmail : DBSIMPLE_SKIP
);
if (!$query)
@@ -290,7 +289,7 @@ class User
return AUTH_OK;
}
private static function authExtern(string $name, string $password, int &$userId, string &$hash) : int
private static function authExtern(string $nameOrEmail, string $password, int &$userId, string &$hash) : int
{
if (!file_exists('config/extAuth.php'))
{
@@ -308,11 +307,15 @@ class User
$extGroup = -1;
$extId = 0;
$result = \extAuth($name, $password, $extId, $extGroup);
$result = \extAuth($nameOrEmail, $password, $extId, $extGroup);
// assert we don't have an email passed back from extAuth
if (filter_var($nameOrEmail, FILTER_VALIDATE_EMAIL))
return AUTH_WRONGUSER;
if ($result == AUTH_OK && $extId)
{
if ($_ = self::checkOrCreateInDB($extId, $name, $extGroup))
if ($_ = self::checkOrCreateInDB($extId, $nameOrEmail, $extGroup))
$userId = $_;
else
return AUTH_INTERNAL_ERR;
@@ -331,10 +334,9 @@ class User
return $_;
}
$newId = DB::Aowow()->query('INSERT IGNORE INTO ?_account (`extId`, `user`, `passHash`, `displayName`, `email`, `joinDate`, `allowExpire`, `prevIP`, `prevLogin`, `locale`, `status`, `userGroups`) VALUES (?d, ?, "", ?, "", UNIX_TIMESTAMP(), 0, ?, UNIX_TIMESTAMP(), ?d, ?d, ?d)',
$newId = DB::Aowow()->query('INSERT IGNORE INTO ?_account (`extId`, `login`, `passHash`, `username`, `email`, `joinDate`, `allowExpire`, `prevIP`, `prevLogin`, `locale`, `status`, `userGroups`) VALUES (?d, "", "", ?, "", UNIX_TIMESTAMP(), 0, ?, UNIX_TIMESTAMP(), ?d, ?d, ?d)',
$extId,
$name,
Util::ucFirst($name),
$_SERVER["REMOTE_ADDR"] ?? '',
self::$preferedLoc->value,
ACC_STATUS_OK,
@@ -555,7 +557,7 @@ class User
{
$gUser = array(
'id' => self::$id,
'name' => self::$displayName,
'name' => self::$username,
'roles' => self::$groups,
'permissions' => self::$perms,
'cookies' => []
@@ -573,11 +575,18 @@ class User
$gUser['upvoteRep'] = Cfg::get('REP_REQ_UPVOTE');
$gUser['characters'] = self::getCharacters();
$gUser['excludegroups'] = self::$excludeGroups;
$gUser['settings'] = (new \StdClass); // existence is checked in Profiler.js before g_user.excludegroups is applied; has property premiumborder (NYI)
if (Cfg::get('DEBUG') && User::isInGroup(U_GROUP_DEV | U_GROUP_ADMIN | U_GROUP_TESTER))
$gUser['debug'] = true; // csv id-list output option on listviews; todo - set on per user basis
if (self::getPremiumBorder())
$gUser['settings'] = ['premiumborder' => 1];
else
$gUser['settings'] = (new \StdClass); // existence is checked in Profiler.js before g_user.excludegroups is applied
if (self::isPremium())
$gUser['premium'] = 1;
if ($_ = self::getProfilerExclusions())
$gUser = array_merge($gUser, $_);
@@ -716,6 +725,12 @@ class User
return $data;
}
// not sure what to set .. user selected?
public static function getPremiumBorder() : bool
{
return self::isInGroup(U_GROUP_PREMIUM);
}
}
?>

20
pages/account.php
View File

@@ -142,7 +142,7 @@ class AccountPage extends GenericPage
header('Location: '.$this->getNext(true), true, 302);
}
}
else if ($this->_get['token'] && ($_ = DB::Aowow()->selectCell('SELECT user FROM ?_account WHERE status IN (?a) AND token = ? AND statusTimer > UNIX_TIMESTAMP()', [ACC_STATUS_RECOVER_USER, ACC_STATUS_OK], $this->_get['token'])))
else if ($this->_get['token'] && ($_ = DB::Aowow()->selectCell('SELECT `username` FROM ?_account WHERE `status` IN (?a) AND `token` = ? AND `statusTimer` > UNIX_TIMESTAMP()', [ACC_STATUS_RECOVER_USER, ACC_STATUS_OK], $this->_get['token'])))
$this->user = $_;
break;
@@ -203,8 +203,8 @@ class AccountPage extends GenericPage
if (!User::isLoggedIn())
$this->forwardToSignIn('account');
$user = DB::Aowow()->selectRow('SELECT * FROM ?_account WHERE id = ?d', User::$id);
$bans = DB::Aowow()->select('SELECT ab.*, a.displayName, ab.id AS ARRAY_KEY FROM ?_account_banned ab LEFT JOIN ?_account a ON a.id = ab.staffId WHERE ab.userId = ?d', User::$id);
$user = DB::Aowow()->selectRow('SELECT * FROM ?_account WHERE `id` = ?d', User::$id);
$bans = DB::Aowow()->select('SELECT ab.*, a.`username`, ab.`id` AS ARRAY_KEY FROM ?_account_banned ab LEFT JOIN ?_account a ON a.`id` = ab.`staffId` WHERE ab.`userId` = ?d', User::$id);
/***********/
/* Infobox */
@@ -236,7 +236,7 @@ class AccountPage extends GenericPage
continue;
$this->banned = array(
'by' => [$b['staffId'], $b['displayName']],
'by' => [$b['staffId'], $b['username']],
'end' => $b['end'],
'reason' => $b['reason']
);
@@ -365,7 +365,7 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
return Lang::main('intError');
// reset account status, update expiration
DB::Aowow()->query('UPDATE ?_account SET prevIP = IF(curIp = ?, prevIP, curIP), curIP = IF(curIp = ?, curIP, ?), allowExpire = ?d, status = IF(status = ?d, status, 0), statusTimer = IF(status = ?d, statusTimer, 0), token = IF(status = ?d, token, "") WHERE user = ?',
DB::Aowow()->query('UPDATE ?_account SET `prevIP` = IF(`curIp` = ?, `prevIP`, `curIP`), `curIP` = IF(`curIp` = ?, `curIP`, ?), `allowExpire` = ?d, `status` = IF(`status` = ?d, `status`, 0), `statusTimer` = IF(`status` = ?d, `statusTimer`, 0), `token` = IF(`status` = ?d, `token`, "") WHERE LOWER(`username`) = LOWER(?)',
User::$ip, User::$ip, User::$ip,
$this->_post['remember_me'] != 'yes',
ACC_STATUS_NEW, ACC_STATUS_NEW, ACC_STATUS_NEW,
@@ -419,23 +419,23 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
return Lang::main('intError');
// limit account creation
$ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', User::$ip);
$ip = DB::Aowow()->selectRow('SELECT `ip`, `count`, `unbanDate` FROM ?_account_bannedips WHERE `type` = 1 AND `ip` = ?', User::$ip);
if ($ip && $ip['count'] >= Cfg::get('ACC_FAILED_AUTH_COUNT') && $ip['unbanDate'] >= time())
{
DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', Cfg::get('ACC_FAILED_AUTH_BLOCK'), User::$ip);
DB::Aowow()->query('UPDATE ?_account_bannedips SET `count` = `count` + 1, `unbanDate` = UNIX_TIMESTAMP() + ?d WHERE `ip` = ? AND `type` = 1', Cfg::get('ACC_FAILED_AUTH_BLOCK'), User::$ip);
return sprintf(Lang::account('signupExceeded'), Util::formatTime(Cfg::get('ACC_FAILED_AUTH_BLOCK') * 1000));
}
// username taken
if ($_ = DB::Aowow()->SelectCell('SELECT user FROM ?_account WHERE (user = ? OR email = ?) AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $this->_post['username'], $this->_post['email'], ACC_STATUS_NEW, ACC_STATUS_NEW))
if ($_ = DB::Aowow()->SelectCell('SELECT `username` FROM ?_account WHERE (`username` = ? OR `email` = ?) AND (`status` <> ?d OR (`status` = ?d AND `statusTimer` > UNIX_TIMESTAMP()))', $this->_post['username'], $this->_post['email'], ACC_STATUS_NEW, ACC_STATUS_NEW))
return $_ == $this->_post['username'] ? Lang::account('nameInUse') : Lang::account('mailInUse');
// create..
$token = Util::createHash();
$ok = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, email, joindate, curIP, allowExpire, locale, userGroups, status, statusTimer, token) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)',
$ok = DB::Aowow()->query('REPLACE INTO ?_account (`login`, `passHash`, `username`, `email`, `joindate`, `curIP`, `allowExpire`, `locale`, `userGroups`, `status`, `statusTimer`, `token`) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)',
$this->_post['username'],
User::hashCrypt($this->_post['password']),
Util::ucFirst($this->_post['username']),
$this->_post['username'],
$this->_post['email'],
User::$ip,
$this->_post['remember_me'] != 'yes',

2
pages/admin.php
View File

@@ -224,7 +224,7 @@ class AdminPage extends GenericPage
{
if (mb_strlen($this->_get['user']) >= 3)
{
if ($uId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE displayName = ?', ucFirst($this->_get['user'])))
if ($uId = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE LOWER(`username`) = LOWER(?)', $this->_get['user']))
{
$ssData = CommunityContent::getScreenshotsForManager(0, 0, $uId);
$nMatches = count($ssData);

2
pages/guide.php
View File

@@ -378,7 +378,7 @@ class GuidePage extends GenericPage
$buff = '<ul>';
$inp = fn($rev) => User::isInGroup(U_GROUP_STAFF) ? ($rev !== null ? '<input name="a" value="'.$rev.'" type="radio"/><input name="b" value="'.$rev.'" type="radio"/><b>' : '<b style="margin-left:28px;">') : '';
$logEntries = DB::Aowow()->select('SELECT a.`displayName` AS `name`, gcl.`date`, gcl.`status`, gcl.`msg`, gcl.`rev` FROM ?_guides_changelog gcl JOIN ?_account a ON a.`id` = gcl.`userId` WHERE gcl.`id` = ?d ORDER BY gcl.`date` DESC', $this->typeId);
$logEntries = DB::Aowow()->select('SELECT a.`username` AS `name`, gcl.`date`, gcl.`status`, gcl.`msg`, gcl.`rev` FROM ?_guides_changelog gcl JOIN ?_account a ON a.`id` = gcl.`userId` WHERE gcl.`id` = ?d ORDER BY gcl.`date` DESC', $this->typeId);
foreach ($logEntries as $log)
{
if ($log['status'] != GUIDE_STATUS_NONE)

28
pages/more.php
View File

@@ -188,23 +188,17 @@ class MorePage extends GenericPage
foreach ($tabs as [$t, $tabId, $tabName])
{
// stuff received
$res = DB::Aowow()->select('
SELECT
a.id AS ARRAY_KEY,
a.displayName AS username,
a.userGroups AS `groups`,
a.joinDate AS creation,
SUM(r.amount) AS reputation,
SUM(IF(r.`action` = 3, 1, 0)) AS comments,
SUM(IF(r.`action` = 6, 1, 0)) AS screenshots,
SUM(IF(r.`action` = 9, 1, 0)) AS reports
FROM ?_account_reputation r
JOIN ?_account a ON a.id = r.userId
{WHERE r.date > ?d}
GROUP BY a.id
ORDER BY reputation DESC
LIMIT ?d
', $t ?: DBSIMPLE_SKIP, Cfg::get('SQL_LIMIT_SEARCH'));
$res = DB::Aowow()->select(
'SELECT a.`id` AS ARRAY_KEY, a.`username`, a.`userGroups` AS "groups", a.`joinDate` AS "creation",
SUM(r.`amount`) AS "reputation", SUM(IF(r.`action` = 3, 1, 0)) AS "comments", SUM(IF(r.`action` = 6, 1, 0)) AS "screenshots", SUM(IF(r.`action` = 9, 1, 0)) AS "reports"
FROM ?_account_reputation r
JOIN ?_account a ON a.`id` = r.`userId`
{ WHERE r.`date` > ?d }
GROUP BY a.`id`
ORDER BY `reputation` DESC
LIMIT ?d',
$t ?: DBSIMPLE_SKIP, Cfg::get('SQL_LIMIT_SEARCH')
);
$data = [];
if ($res)

2
pages/screenshot.php
View File

@@ -375,7 +375,7 @@ class ScreenshotPage extends GenericPage
private function ssName() : string
{
return $this->imgHash ? User::$displayName.'-'.$this->destType.'-'.$this->destTypeId.'-'.$this->imgHash : '';
return $this->imgHash ? User::$username.'-'.$this->destType.'-'.$this->destTypeId.'-'.$this->imgHash : '';
}
protected static function checkCoords(string $val) : array

8
pages/user.php
View File

@@ -31,14 +31,14 @@ class UserPage extends GenericPage
if ($pageParam)
{
// todo: check if account is disabled or something
if ($user = DB::Aowow()->selectRow('SELECT a.`id`, a.`user`, a.`displayName`, a.`consecutiveVisits`, a.`userGroups`, a.`avatar`, a.`title`, a.`description`, a.`joinDate`, a.`prevLogin`, IFNULL(SUM(ar.`amount`), 0) AS "sumRep" FROM ?_account a LEFT JOIN ?_account_reputation ar ON a.`id` = ar.`userId` WHERE LOWER(a.`displayName`) = LOWER(?) GROUP BY a.`id`', $pageParam))
if ($user = DB::Aowow()->selectRow('SELECT a.`id`, a.`username`, a.`consecutiveVisits`, a.`userGroups`, a.`avatar`, a.`title`, a.`description`, a.`joinDate`, a.`prevLogin`, IFNULL(SUM(ar.`amount`), 0) AS "sumRep" FROM ?_account a LEFT JOIN ?_account_reputation ar ON a.`id` = ar.`userId` WHERE LOWER(a.`username`) = LOWER(?) GROUP BY a.`id`', $pageParam))
$this->user = $user;
else
$this->notFound(sprintf(Lang::user('notFound'), $pageParam));
}
else if (User::isLoggedIn())
{
header('Location: ?user='.User::$displayName, true, 302);
header('Location: ?user='.User::$username, true, 302);
die();
}
else
@@ -136,7 +136,7 @@ class UserPage extends GenericPage
/* Main Content */
/****************/
$this->name = $this->user['title'] ? $this->user['displayName'].'&nbsp;&lt;'.$this->user['title'].'&gt;' : sprintf(Lang::user('profileTitle'), $this->user['displayName']);
$this->name = $this->user['title'] ? $this->user['username'].'&nbsp;&lt;'.$this->user['title'].'&gt;' : Lang::user('profileTitle', [$this->user['username']]);
/**************/
/* Extra Tabs */
@@ -260,7 +260,7 @@ class UserPage extends GenericPage
if (!$this->user) // shouldn't happen .. but did
return;
array_unshift($this->title, sprintf(Lang::user('profileTitle'), $this->user['displayName']));
array_unshift($this->title, Lang::user('profileTitle', [$this->user['username']]));
}
protected function generatePath() { }

11
setup/db_structure.sql
View File

@@ -25,10 +25,10 @@ DROP TABLE IF EXISTS `aowow_account`;
CREATE TABLE `aowow_account` (
`id` int unsigned NOT NULL AUTO_INCREMENT,
`extId` int unsigned DEFAULT NULL COMMENT 'external user id',
`user` varchar(64) NOT NULL COMMENT 'login',
`login` varchar(64) NOT NULL DEFAULT '' COMMENT 'only used for login',
`passHash` varchar(128) NOT NULL,
`displayName` varchar(64) NOT NULL COMMENT 'nickname',
`email` varchar(64) NOT NULL,
`username` varchar(64) NOT NULL COMMENT 'unique; used for for links and display',
`email` varchar(64) DEFAULT NULL COMMENT 'unique; can be used for login if AUTH_SELF and can be NULL if not',
`joinDate` int unsigned NOT NULL COMMENT 'unixtime',
`allowExpire` tinyint unsigned NOT NULL,
`dailyVotes` smallint unsigned NOT NULL DEFAULT 0,
@@ -48,7 +48,8 @@ CREATE TABLE `aowow_account` (
`statusTimer` int unsigned NOT NULL DEFAULT 0,
`token` varchar(40) DEFAULT NULL COMMENT 'creation & recovery',
PRIMARY KEY (`id`),
UNIQUE KEY `user` (`user`)
UNIQUE KEY `username` (`username`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=COMPACT;
/*!40101 SET character_set_client = @saved_cs_client */;
@@ -3322,7 +3323,7 @@ UNLOCK TABLES;
LOCK TABLES `aowow_dbversion` WRITE;
/*!40000 ALTER TABLE `aowow_dbversion` DISABLE KEYS */;
INSERT INTO `aowow_dbversion` VALUES (1753563162,0,NULL,NULL);
INSERT INTO `aowow_dbversion` VALUES (1753572320,0,NULL,NULL);
/*!40000 ALTER TABLE `aowow_dbversion` ENABLE KEYS */;
UNLOCK TABLES;

8
setup/tools/clisetup/account.us.php
View File

@@ -93,7 +93,7 @@ CLISetup::registerUtility(new class extends UtilityScript
return true;
}
if (DB::Aowow()->SelectCell('SELECT 1 FROM ?_account WHERE `user` = ? AND (`status` <> ?d OR (`status` = ?d AND `statusTimer` > UNIX_TIMESTAMP()))', $name, ACC_STATUS_NEW, ACC_STATUS_NEW))
if (DB::Aowow()->SelectCell('SELECT 1 FROM ?_account WHERE `username` = ? AND (`status` <> ?d OR (`status` = ?d AND `statusTimer` > UNIX_TIMESTAMP()))', $name, ACC_STATUS_NEW, ACC_STATUS_NEW))
{
CLI::write('[account] ' . Lang::account('nameInUse'), CLI::LOG_ERROR);
CLI::write();
@@ -103,10 +103,10 @@ CLISetup::registerUtility(new class extends UtilityScript
if (!$name || !$passw)
return false;
if (DB::Aowow()->query('REPLACE INTO ?_account (`user`, `passHash`, `displayName`, `joindate`, `email`, `allowExpire`, `userGroups`, `userPerms`) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, 0, ?d, 1)',
$name, User::hashCrypt($passw), Util::ucFirst($name), $email ?: Cfg::get('CONTACT_EMAIL'), U_GROUP_ADMIN))
if (DB::Aowow()->query('REPLACE INTO ?_account (`login`, `passHash`, `username`, `joindate`, `email`, `allowExpire`, `userGroups`, `userPerms`) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, 0, ?d, 1)',
$name, User::hashCrypt($passw), $name, $email ?: Cfg::get('CONTACT_EMAIL'), U_GROUP_ADMIN))
{
$newId = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE `user` = ?', $name);
$newId = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE `username` = ?', $name);
Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER);
CLI::write("[account] admin ".$name." created successfully", CLI::LOG_OK);

12
setup/updates/1753572319_01.sql Normal file
View File

@@ -0,0 +1,12 @@
ALTER TABLE `aowow_account`
DROP INDEX `user`,
CHANGE COLUMN `user` `login` varchar(64) NOT NULL DEFAULT '' COMMENT 'only used for login',
CHANGE COLUMN `displayName` `username` varchar(64) NOT NULL COMMENT 'unique; used for for links and display',
MODIFY COLUMN `email` varchar(64) DEFAULT NULL COMMENT 'unique; can be used for login if AUTH_SELF and can be NULL if not',
ADD CONSTRAINT `username` UNIQUE (`username`);
UPDATE `aowow_account`
SET `email` = NULL WHERE `email` = '';
ALTER TABLE `aowow_account`
ADD CONSTRAINT `email` UNIQUE (`email`);

2
template/bricks/headerMenu.tpl.php
View File

@@ -3,7 +3,7 @@
<?php
if (User::isLoggedIn()):
echo '<span id="toplinks-favorites"><a class="hassubmenu"></a>|</span>';
echo '<a id="toplinks-user">'.User::$displayName.'</a>';
echo '<a id="toplinks-user">'.User::$username.'</a>';
echo '<span id="toplinks-rep" title="'.Lang::main('reputationTip').'">(<a href="?reputation">'.User::getReputation().'</a>)</span>';
else:
echo '<a href="?account=signin">'.Lang::main('signIn').'</a>';

6
template/pages/acc-dashboard.tpl.php
View File

@@ -17,11 +17,7 @@
<script type="text/javascript">var g_pageInfo = { username: '<?=Util::jsEscape($this->gUser['name']); ?>' }</script>
<div class="text">
<div id="h1-icon-generic" class="h1-icon"></div>
<script type="text/javascript">
$WH.ge('h1-icon-generic').appendChild(Icon.createUser(<?=(is_numeric(User::$avatar) ? 2 : 1).' , \''.User::$avatar.'\''?>, 1, null, <?=User::isInGroup(U_GROUP_PREMIUM) ? 0 : 2; ?>, false, Icon.getPrivilegeBorder(<?=User::getReputation(); ?>)));
</script>
<h1 class="h1-icon"><?=Lang::account('myAccount'); ?></h1>
<h1><?=Lang::account('myAccount'); ?></h1>
<?php
// Banned-Minibox
if ($b = $this->banned):

2
template/pages/user.tpl.php
View File

@@ -14,7 +14,7 @@
$this->brick('infobox');
?>
<script type="text/javascript">var g_pageInfo = { username: '<?=Util::jsEscape($this->user['displayName']); ?>' }</script>
<script type="text/javascript">var g_pageInfo = { username: '<?=Util::jsEscape($this->user['username']); ?>' }</script>
<div class="text">
<div id="h1-icon-generic" class="h1-icon"></div>