diff --git a/account.php b/account.php
index dd1c3b8..ace194c 100644
--- a/account.php
+++ b/account.php
@@ -3,17 +3,37 @@ require_once('connection/SQL.php');
require_once('config.php');
require_once('include/view.php');
require_once('include/security.php');
+require_once('include/user.php');
+
+$user = validate_user();
+if (!$user->valid) {
+ http_response_code(403);
+ header("Location: index.php?err=account");
+ exit;
+}
if (isset($_POST['username']) && trim($_POST['username']) != "" && isset($_POST['password']) && isset($_POST['name']) && isset($_POST['email'])) {
// create new account
+ if (!$blog['register']) {
+ http_response_code(403);
+ header('axios-location: account.php');
+ exit;
+ }
+
if (!validate_csrf()) {
http_response_code(403);
header('axios-location: account.php?new');
exit;
}
+
$username = $_POST['username'];
- $exist = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s' OR `email`='%s'", array($username, $_POST["email"]))['num_rows'];
- if ($exist == 0) {
+ try {
+ $target_user = new User($username);
+
+ http_response_code(409); // 409 Conflict
+ header('axios-location: account.php?new&err=used');
+ exit;
+ } catch (NoUserException $e) {
if (preg_match('/^[a-z][a-z0-9\_\-]*$/', $username) && strlen($username) <= 20 && strlen($_POST['name']) <= 40 && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$SQL->query("INSERT INTO `user` (`username`, `pwd`, `name`, `email`) VALUES ('%s', '%s', '%s', '%s')", array($username, cavern_password_hash($_POST['password'], $username), htmlspecialchars($_POST['name']), $_POST['email']));
header('axios-location: index.php?ok=reg');
@@ -22,12 +42,8 @@ if (isset($_POST['username']) && trim($_POST['username']) != "" && isset($_POST[
header('axios-location: index.php?err=miss');
}
exit;
- } else {
- http_response_code(409); // 409 Conflict
- header('axios-location: account.php?new&err=used');
- exit;
}
-} else if (isset($_SESSION['cavern_username']) && isset($_POST['username']) && isset($_POST['old']) && (isset($_POST['name']) || isset($_POST['new']))) {
+} else if ($user->islogin && isset($_POST['username']) && isset($_POST['old']) && (isset($_POST['name']) || isset($_POST['new']))) {
// modify account data
if (!validate_csrf()) {
http_response_code(403);
@@ -35,7 +51,7 @@ if (isset($_POST['username']) && trim($_POST['username']) != "" && isset($_POST[
exit;
}
$username = $_POST['username'];
- if ($username != $_SESSION['cavern_username']) {
+ if ($username !== $user->username) {
// not the same person
http_response_code(403);
header('axios-location: account.php?err=edit');
@@ -77,11 +93,11 @@ if (isset($_POST['username']) && trim($_POST['username']) != "" && isset($_POST[
exit;
}
}
-} else if (!isset($_SESSION['cavern_username']) && !isset($_GET['new'])) {
- // if mode isn't definded, redirect to register page
+} else if (!$user->islogin && !isset($_GET['new'])) {
+ // if mode isn't defined, redirect to register page
header('Location: account.php?new');
exit;
-} else if (isset($_SESSION['cavern_username']) && isset($_GET['new'])) {
+} else if ($user->islogin && isset($_GET['new'])) {
// if someone is logged in, then redirect to account setting page
header('Location: account.php');
exit;
@@ -141,11 +157,6 @@ if (isset($_GET['new'])) {
$view->render();
} else {
// edit account data
- $username = $_SESSION['cavern_username'];
- $result = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s'", array($username));
- $name = $result['row']['name'];
- $email = $result['row']['email'];
-
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], "帳號");
$view->add_script_source("ts('.ts.dropdown').dropdown();");
$view->add_script("./include/js/security.js");
@@ -180,25 +191,25 @@ if (isset($_GET['new'])) {
-
) ?>?d=https%3A%2F%2Ftocas-ui.com%2Fassets%2Fimg%2F5e5e3a6.png&s=500)
+
?
diff --git a/notification.php b/notification.php
index 21e1621..53cfd32 100644
--- a/notification.php
+++ b/notification.php
@@ -2,13 +2,21 @@
require_once('connection/SQL.php');
require_once('config.php');
require_once('include/view.php');
+require_once('include/user.php');
-if (isset($_SESSION['cavern_username'])) {
+$user = validate_user();
+if (!$user->valid) {
+ http_response_code(403);
+ header("Location: index.php?err=account");
+ exit;
+}
+
+if ($user->islogin) {
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], "通知");
$view->add_script_source("ts('.ts.dropdown:not(.basic)').dropdown();");
$view->add_script("./include/js/security.js");
- $notice_list = cavern_query_result("SELECT * FROM `notification` WHERE `username` = '%s' ORDER BY `time` DESC", array($_SESSION['cavern_username']));
+ $notice_list = cavern_query_result("SELECT * FROM `notification` WHERE `username` = '%s' ORDER BY `time` DESC", array($user->username));
if ($notice_list['num_rows'] > 0) {
$regex = array(
diff --git a/post.php b/post.php
index ad38acb..667b978 100644
--- a/post.php
+++ b/post.php
@@ -12,7 +12,7 @@ require_once('notification.php');
$user = validate_user();
if (!$user->valid) {
http_response_code(403);
- header("Location: ../index.php?err=account");
+ header("Location: index.php?err=account");
exit;
}
diff --git a/user.php b/user.php
index 727e71c..19ac4d7 100644
--- a/user.php
+++ b/user.php
@@ -2,28 +2,34 @@
require_once('connection/SQL.php');
require_once('config.php');
require_once('include/view.php');
+require_once('include/user.php');
+
+$user = validate_user();
+if (!$user->valid) {
+ http_response_code(403);
+ header("Location: index.php?err=account");
+ exit;
+}
if (isset($_GET['username']) && trim($_GET['username']) != "") {
$username = trim($_GET['username']);
- $result = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s'", array($username));
- if ($result['num_rows'] > 0) {
- $name = $result['row']['name'];
- $level = $result['row']['level'];
- $email = md5(strtolower($result['row']['email']));
- $role = cavern_level_to_role($level);
- $posts = cavern_query_result("SELECT * FROM `post` WHERE `username`='%s'", array($username));
- $posts_count = ($posts['num_rows'] > 0 ? $posts['num_rows'] : 0);
- } else {
+
+ try {
+ $target_user = new User($username);
+ } catch (NoUserException $e) {
http_response_code(404);
header('Location: user.php?err=no');
exit;
}
-
- if (isset($_SESSION['cavern_username'])) {
- $view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], $name);
+
+ $posts = cavern_query_result("SELECT * FROM `post` WHERE `username`='%s'", array($username));
+ $posts_count = ($posts['num_rows'] > 0 ? $posts['num_rows'] : 0);
+
+ if ($user->islogin) {
+ $view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], $target_user->name);
$view->add_script_source("ts('.ts.dropdown').dropdown();");
} else {
- $view = new View('theme/default.html', 'theme/nav/default.html', 'theme/sidebar.php', $blog['name'], $name);
+ $view = new View('theme/default.html', 'theme/nav/default.html', 'theme/sidebar.php', $blog['name'], $target_user->name);
}
$view->add_script("./include/js/security.js");
@@ -35,11 +41,11 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
}
}
?>
-
+
-

+
@@ -57,11 +63,11 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
暱稱 |
- = $name ?> |
+ = $target_user->name ?> |
權限 |
- = $role ?> |
+ = cavern_level_to_role($target_user->level) ?> |
@@ -87,7 +93,7 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
render();
} else {
if (isset($_GET['err'])) {
- if (isset($_SESSION['cavern_username'])) {
+ if ($user->islogin) {
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], "使用者");
$view->add_script_source("ts('.ts.dropdown').dropdown();");
} else {