more strict user validation & registration
This commit is contained in:
Tony Yang
42
user.php
42
user.php
@@ -2,28 +2,34 @@
|
||||
require_once('connection/SQL.php');
|
||||
require_once('config.php');
|
||||
require_once('include/view.php');
|
||||
require_once('include/user.php');
|
||||
|
||||
$user = validate_user();
|
||||
if (!$user->valid) {
|
||||
http_response_code(403);
|
||||
header("Location: index.php?err=account");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($_GET['username']) && trim($_GET['username']) != "") {
|
||||
$username = trim($_GET['username']);
|
||||
$result = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s'", array($username));
|
||||
if ($result['num_rows'] > 0) {
|
||||
$name = $result['row']['name'];
|
||||
$level = $result['row']['level'];
|
||||
$email = md5(strtolower($result['row']['email']));
|
||||
$role = cavern_level_to_role($level);
|
||||
$posts = cavern_query_result("SELECT * FROM `post` WHERE `username`='%s'", array($username));
|
||||
$posts_count = ($posts['num_rows'] > 0 ? $posts['num_rows'] : 0);
|
||||
} else {
|
||||
|
||||
try {
|
||||
$target_user = new User($username);
|
||||
} catch (NoUserException $e) {
|
||||
http_response_code(404);
|
||||
header('Location: user.php?err=no');
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($_SESSION['cavern_username'])) {
|
||||
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], $name);
|
||||
|
||||
$posts = cavern_query_result("SELECT * FROM `post` WHERE `username`='%s'", array($username));
|
||||
$posts_count = ($posts['num_rows'] > 0 ? $posts['num_rows'] : 0);
|
||||
|
||||
if ($user->islogin) {
|
||||
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], $target_user->name);
|
||||
$view->add_script_source("ts('.ts.dropdown').dropdown();");
|
||||
} else {
|
||||
$view = new View('theme/default.html', 'theme/nav/default.html', 'theme/sidebar.php', $blog['name'], $name);
|
||||
$view = new View('theme/default.html', 'theme/nav/default.html', 'theme/sidebar.php', $blog['name'], $target_user->name);
|
||||
}
|
||||
$view->add_script("./include/js/security.js");
|
||||
|
||||
@@ -35,11 +41,11 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
|
||||
}
|
||||
}
|
||||
?>
|
||||
<div class="ts big dividing header"><?= $name ?> 的個人資料</div>
|
||||
<div class="ts big dividing header"><?= $target_user->name ?> 的個人資料</div>
|
||||
<div class="ts stackable grid">
|
||||
<div class="column">
|
||||
<div class="ts center aligned flatted borderless segment">
|
||||
<img src="https://www.gravatar.com/avatar/<?= $email ?>?d=https%3A%2F%2Ftocas-ui.com%2Fassets%2Fimg%2F5e5e3a6.png&s=500" class="ts rounded image" id="avatar">
|
||||
<img src="https://www.gravatar.com/avatar/<?= md5(strtolower($target_user->email)) ?>?d=https%3A%2F%2Ftocas-ui.com%2Fassets%2Fimg%2F5e5e3a6.png&s=500" class="ts rounded image" id="avatar">
|
||||
</div>
|
||||
</div>
|
||||
<div class="stretched column">
|
||||
@@ -57,11 +63,11 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
|
||||
</tr>
|
||||
<tr>
|
||||
<td>暱稱</td>
|
||||
<td><?= $name ?></td>
|
||||
<td><?= $target_user->name ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>權限</td>
|
||||
<td><?= $role ?></td>
|
||||
<td><?= cavern_level_to_role($target_user->level) ?></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@@ -87,7 +93,7 @@ if (isset($_GET['username']) && trim($_GET['username']) != "") {
|
||||
<?php $view->render();
|
||||
} else {
|
||||
if (isset($_GET['err'])) {
|
||||
if (isset($_SESSION['cavern_username'])) {
|
||||
if ($user->islogin) {
|
||||
$view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], "使用者");
|
||||
$view->add_script_source("ts('.ts.dropdown').dropdown();");
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user