From 60f0877a5c965a71defc927bee5b10b9a0dda4e2 Mon Sep 17 00:00:00 2001
From: Fluffy-Bean <michal-gdula@protonmail.com>
Date: Wed, 9 Nov 2022 12:13:38 +0000
Subject: [PATCH] Fixed password reset bug Added logs for password resets Added
 checks to sanity

---
 account.php                | 142 ++++++++++++++++++++++++-------------
 app/account/account.php    |   7 +-
 app/gallery.json           |   2 +-
 app/sanity/check/_json.php |  20 ++++--
 app/sanity/sanity.php      |   6 +-
 css/main.css               |  32 +++------
 css/scss/_body.scss        |  47 ++++--------
 image.php                  |   2 +
 password-reset.php         |   8 +--
 profile.php                |   4 +-
 10 files changed, 153 insertions(+), 117 deletions(-)

diff --git a/account.php b/account.php
index 7ccb044..af3d3b0 100644
--- a/account.php
+++ b/account.php
@@ -3,11 +3,14 @@
 	
 	use App\Account;
 	use App\Diff;
+	use App\Make;
 
 	$user_info	= new Account();
 	$diff		= new Diff();
+	$make_stuff	= new Make();
 
 	$profile_info = $user_info->get_user_info($conn, $_SESSION['id']);
+	$join_date = new DateTime($profile_info['created_at']);
 ?>
 
 <!DOCTYPE html>
@@ -29,63 +32,94 @@
 		}
 
 		if ($user_info->is_loggedin($conn)) {
-		?>
-			<div class="defaultDecoration defaultSpacing defaultFonts">
-				<h2>Profile</h2>
-				<div class="pfp-upload">
-					<h3>Profile Picture</h3>
+			?>
+				<div class="profile-root defaultDecoration defaultSpacing defaultFonts">
 					<?php
 						if (is_file("usr/images/pfp/".$profile_info['pfp_path'])) {
-							echo "<img alt='profile picture' src='usr/images/pfp/".$profile_info['pfp_path']."'>";
+							echo "<img src='usr/images/pfp/".$profile_info['pfp_path']."'>";
+
+							$pfp_colour = $make_stuff->get_image_colour("usr/images/pfp/".$profile_info['pfp_path']);
+							if (empty($pfp_colour)) $pfp_colour = "var(--bg-3)";
+							?>
+								<style>
+									.profile-root {
+										background-image: linear-gradient(120deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
+									}
+									@media (max-width: 669px) {
+										.profile-root {
+											background-image: linear-gradient(200deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
+										}
+									}
+								</style>
+							<?php
 						} else {
-							echo "<img alt='profile picture' src='assets/no_image.png'>";
+							echo "<img src='assets/no_image.png'>";
 						}
 					?>
-					<form id="pfpForm" method="POST" enctype="multipart/form-data">
-						<input id="image" class="btn btn-neutral" type="file" placeholder="select image UwU">
-						<button id="pfpSubmit" class="btn btn-good btn-icon" type="submit"><img class="svg" src="assets/icons/upload.svg"></button>
-					</form>
+				<h2>
+					<?php
+						echo $_SESSION['username'];
+						if ($user_info->is_admin($conn, $_SESSION['id'])) echo "<span style='color: var(--accent); font-size: 16px; margin-left: 0.5rem;'>Admin</span>";
+					?>
+				</h2>
+				<div class="profile-info">
+					<p id="joinDate">Member since: <?php echo $join_date->format('d/m/Y T'); ?></p>
 					<script>
-						$("#pfpForm").submit(function(event) {
-							event.preventDefault();
-							// Check if image avalible
-							var file = $("#image").val();
+						var updateDate = new Date('<?php echo $join_date->format('m/d/Y T'); ?>');
+						var format = {year: 'numeric', month: 'short', day: 'numeric'};
+										
+						updateDate = updateDate.toLocaleDateString('en-GB', format);
 
-							if (file == "") {
-								sniffleAdd('Gwha!', 'Pls provide image', 'var(--warning)', 'assets/icons/file-search.svg');
-								return;
-							}
-
-							// Make form
-							var formData = new FormData();
-
-							// Get image
-							var image_data = $("#image").prop("files")[0];
-							formData.append("image", image_data);
-							// Submit data
-							var submit = $("#pfpSubmit").val();
-							formData.append("pfp_submit", submit);
-
-							// Upload the information
-							$.ajax({
-								url: 'app/account/account.php',
-								type: 'post',
-								data: formData,
-								contentType: false,
-								processData: false,
-								success: function(response) {
-									$("#newSniff").html(response);
-								}
-							});
-
-							// Empty values
-							$("#image").val("");
-							$("#submit").val("");
-						});
+						$("#joinDate").html("Member since: "+updateDate);
 					</script>
 				</div>
-				<br>
-				<a href="profile.php?user=<?php echo $_SESSION['id']; ?>" class="btn btn-neutral">Go to profile</a>
+			</div>
+
+			<div class="defaultDecoration defaultSpacing defaultFonts">
+				<h2>Profile</h2>
+				<h3>Profile Picture</h3>
+				<form id="pfpForm" method="POST" enctype="multipart/form-data">
+					<input id="image" class="btn btn-neutral" type="file" placeholder="select image UwU">
+					<button id="pfpSubmit" class="btn btn-good btn-icon" type="submit"><img class="svg" src="assets/icons/upload.svg"></button>
+				</form>
+				<script>
+					$("#pfpForm").submit(function(event) {
+						event.preventDefault();
+						// Check if image avalible
+						var file = $("#image").val();
+
+						if (file == "") {
+							sniffleAdd('Gwha!', 'Pls provide image', 'var(--warning)', 'assets/icons/file-search.svg');
+							return;
+						}
+
+						// Make form
+						var formData = new FormData();
+
+						// Get image
+						var image_data = $("#image").prop("files")[0];
+						formData.append("image", image_data);
+						// Submit data
+						var submit = $("#pfpSubmit").val();
+						formData.append("pfp_submit", submit);
+
+						// Upload the information
+						$.ajax({
+							url: 'app/account/account.php',
+							type: 'post',
+							data: formData,
+							contentType: false,
+							processData: false,
+							success: function(response) {
+								$("#newSniff").html(response);
+							}
+						});
+
+						// Empty values
+						$("#image").val("");
+						$("#submit").val("");
+					});
+				</script>
 			</div>
 
 			<div class="warningDecoration defaultSpacing defaultFonts">
@@ -517,9 +551,19 @@
 											$("#sanityCheck").html(response);
 											thisButton.innerHTML = "Run check";
 											document.getElementById('sanityCheck').style.cssText = "transform: scale(1);opacity: 1;";
+										},
+										error: function(error) {
+											$("#sanityCheck").html(`<p class='alert alert-bad'>\
+											<span class='badge badge-critical'>Critical</span> \
+											An error occured when proccessing your request, sowwy :c\
+											<br>\
+											Response: ${error.status} - ${error.statusText}\
+											</p>`);
+											thisButton.innerHTML = "Run check";
+											document.getElementById('sanityCheck').style.cssText = "transform: scale(1);opacity: 1;";
 										}
 									});
-								}, 1000);
+								}, 621);
 							}
 						</script>
 					</div>
diff --git a/app/account/account.php b/app/account/account.php
index fb10677..a0b6e4f 100644
--- a/app/account/account.php
+++ b/app/account/account.php
@@ -499,16 +499,21 @@ if (isset($_POST['password_reset_submit'])) {
             if (mysqli_stmt_execute($stmt)) {
                 // Password updated!!!! Now goodbye
                 if ($user_id == $_SESSION["id"]) {
+                    mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset their password')");
+
                     // Check if password reset was done by user
                     session_destroy();
                     ?>
                         <script>
                             sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--success)', 'assets/icons/check.svg');
-                            setTimeout(function(){window.location.href = "account/login.php";}, 2000);
+                            setTimeout(function(){window.location.href = "account.php";}, 2000);
                         </script>
                     <?php
                 } else {
                     // An admin has changed the password
+                    $user_reset_info = $user_info->get_user_info($conn, $user_id);
+
+                    mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset ".$user_reset_info['username']." password')");
                     ?>
                         <script>
                             sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--success)', 'assets/icons/check.svg');
diff --git a/app/gallery.json b/app/gallery.json
index 23c271e..23f46cf 100644
--- a/app/gallery.json
+++ b/app/gallery.json
@@ -1,5 +1,5 @@
 {
     "license": "MIT",
-    "version": "22.11.08",
+    "version": "22.11.09",
     "branch": "main"
 }
\ No newline at end of file
diff --git a/app/sanity/check/_json.php b/app/sanity/check/_json.php
index b6d892e..e62eec7 100644
--- a/app/sanity/check/_json.php
+++ b/app/sanity/check/_json.php
@@ -1,11 +1,21 @@
 <?php
 if (defined('ROOT') && $_SESSION['id'] == 1) {
     if (!is_file(__DIR__."/../../../usr/conf/msg.json")) {
-        $results[] = array(
-            'type'=>'warning', 
-            'message'=>'msg.json is missing', 
-            'fix'=>'auto'
-        );
+        $manifest = json_decode(file_get_contents(__DIR__."/../../../usr/conf/conf.json"), true);
+        
+        if (isset($manifest['welcome_msg'])) {
+            $results[] = array(
+                'type'=>'warning', 
+                'message'=>'Welcome message is currently stored in conf.json. Please move it to msg.json', 
+                'fix'=>'auto'
+            );
+        } else {
+            $results[] = array(
+                'type'=>'warning', 
+                'message'=>'msg.json is missing', 
+                'fix'=>'auto'
+            );
+        }
     }
     
     if (!is_file(__DIR__."/../../../usr/conf/conf.json")) {
diff --git a/app/sanity/sanity.php b/app/sanity/sanity.php
index 9d570eb..8dfd2f6 100644
--- a/app/sanity/sanity.php
+++ b/app/sanity/sanity.php
@@ -31,7 +31,7 @@ if (isset($_POST['fix'])) {
     echo "<p><span style='color: var(--accent);'>[INFO]</span> Autofix complete in $autofix_time ms</p>";
 }
 
-if (isset($_POST['check'])) {
+elseif (isset($_POST['check'])) {
     if (empty($_SESSION['id'])) {
         echo "<p><span style='color: var(--warning);'>[ERROR]</span> You are not logged in</p>";
         exit();
@@ -80,4 +80,8 @@ if (isset($_POST['check'])) {
                 </button>";
         }
     }
+}
+
+else {
+    echo "<p class='alert alert-warning'><span class='badge badge-warning'>Warning</span> Bruh, what do you want?</p>";
 }
\ No newline at end of file
diff --git a/css/main.css b/css/main.css
index a7a5bdd..8fa32de 100644
--- a/css/main.css
+++ b/css/main.css
@@ -240,10 +240,10 @@ nav .btn {
   border-radius: 3px;
   position: relative;
   overflow: hidden;
-  transition: transform 0.15s cubic-bezier(0.19, 1, 0.22, 1);
+  transition: transform 0.4s cubic-bezier(0.25, 1.23, 0, 1.22);
 }
 .gallery-item:hover {
-  transform: scale(1.1) rotate(5deg);
+  transform: scale(1.15) rotate(5deg);
   box-shadow: 6px 6px 2px rgba(21, 21, 21, 0.4);
   z-index: 9;
 }
@@ -328,17 +328,17 @@ nav .btn {
  |-------------------------------------------------------------
 */
 .fullscreen-image {
-  width: 101vw;
-  height: 101vh;
+  width: 100vw;
+  height: 100vh;
   position: fixed;
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%);
+  transform: translateX(-50%) translateY(-50%) scale(0.9);
   background-color: rgba(21, 21, 21, 0.7333333333);
   -webkit-backdrop-filter: blur(20px);
           backdrop-filter: blur(20px);
   z-index: 999;
-  transition: opacity 0.5s cubic-bezier(0.075, 0.82, 0.165, 1);
+  transition: opacity 0.3s cubic-bezier(0.075, 0.82, 0.165, 1), transform 0.5s cubic-bezier(0.25, 1.23, 0, 1.22);
   display: none;
   opacity: 0;
 }
@@ -728,27 +728,14 @@ nav .btn {
  | ACCOUNT
  |-------------------------------------------------------------
 */
-.pfp-upload {
-  display: flex;
-  flex-direction: column;
-}
-.pfp-upload form {
+#pfpForm {
   display: flex;
   flex-direction: row;
   gap: 0.5rem;
 }
-.pfp-upload form > * {
+#pfpForm > * {
   margin: 0;
 }
-.pfp-upload > img {
-  margin: 0 auto 1rem;
-  width: 12rem;
-  height: 12rem;
-  -o-object-fit: cover;
-     object-fit: cover;
-  border-radius: 3px;
-  background-color: #121212;
-}
 
 .tabs {
   display: flex;
@@ -770,6 +757,7 @@ nav .btn {
 .logs {
   width: 100%;
   height: 0;
+  margin-bottom: 0;
   padding: 0;
   overflow-y: hidden;
   display: flex;
@@ -819,6 +807,7 @@ nav .btn {
 .bans {
   width: 100%;
   height: 0;
+  margin-bottom: 0;
   padding: 0;
   overflow-y: hidden;
   display: flex;
@@ -875,6 +864,7 @@ nav .btn {
 .user-settings {
   width: 100%;
   height: 0;
+  margin-bottom: 0;
   padding: 0;
   overflow-y: hidden;
   display: flex;
diff --git a/css/scss/_body.scss b/css/scss/_body.scss
index 3375a9a..44fbe1b 100644
--- a/css/scss/_body.scss
+++ b/css/scss/_body.scss
@@ -65,10 +65,10 @@
     position: relative;
     overflow: hidden;
 
-    transition: transform 0.15s cubic-bezier(.19, 1, .22, 1);
+    transition: transform 0.4s cubic-bezier(.25,1.23,0,1.22);
 
     &:hover {
-        transform: scale(1.1) rotate(5deg);
+        transform: scale(1.15) rotate(5deg);
         box-shadow: $shadow;
 
         z-index: 9;
@@ -176,19 +176,19 @@
  |-------------------------------------------------------------
 */
 .fullscreen-image {
-    width: 101vw; height: 101vh;
+    width: 100vw; height: 100vh;
 
     position: fixed;
     top: 50%;
     left: 50%;
-    transform: translateX(-50%) translateY(-50%);
+    transform: translateX(-50%) translateY(-50%) scale(0.9);
 
     background-color: $bg-alt;
     backdrop-filter: blur(20px);
 
     z-index: 999;
 
-    transition: opacity 0.5s cubic-bezier(0.075, 0.82, 0.165, 1);
+    transition: opacity 0.3s cubic-bezier(0.075, 0.82, 0.165, 1), transform 0.5s cubic-bezier(.25,1.23,0,1.22);;
 
     display: none;  // Automatically hidden, revealed on fullscreen
     opacity: 0;     // expose
@@ -715,36 +715,14 @@
  | ACCOUNT
  |-------------------------------------------------------------
 */
-.pfp-upload {
+#pfpForm {
     display: flex;
-    flex-direction: column;
+    flex-direction: row;
+    gap: 0.5rem;
 
-    form {
-        display: flex;
-        flex-direction: row;
-        gap: 0.5rem;
-
-        > * {
-            margin: 0;
-        }
+    > * {
+        margin: 0;
     }
-
-    & > img {
-        margin: 0 auto 1rem;
-
-        width: 12rem;
-        height: 12rem;
-
-        object-fit: cover;
-
-        @if calc($rad - 0.5rem) > 0 {
-        border-radius: calc($rad - 0.5rem);
-    } @else {
-        border-radius: 3px;
-    }
-        background-color: $black;
-    }
-
 }
 
 .tabs {
@@ -766,7 +744,8 @@
 .logs {
     width: 100%;
     height: 0;
-
+    
+    margin-bottom: 0;
     padding: 0;
 
     overflow-y: hidden;
@@ -827,6 +806,7 @@
     width: 100%;
     height: 0;
 
+    margin-bottom: 0;
     padding: 0;
 
     overflow-y: hidden;
@@ -893,6 +873,7 @@
     width: 100%;
     height: 0;
 
+    margin-bottom: 0;
     padding: 0;
 
     overflow-y: hidden;
diff --git a/image.php b/image.php
index a1e6912..b1c9a60 100644
--- a/image.php
+++ b/image.php
@@ -86,6 +86,7 @@
 				document.querySelector(".fullscreen-image > img").src = "<?php echo $image_path;?>";
 				setTimeout(function(){
 					document.querySelector(".fullscreen-image").style.opacity = 1;
+					document.querySelector(".fullscreen-image").style.transform = "translateX(-50%) translateY(-50%) scale(1)";
 				}, 1);
 			}
 
@@ -96,6 +97,7 @@
 				document.querySelector(".fullscreen-image").style.opacity = 0;
 				setTimeout(function(){
 					document.querySelector(".fullscreen-image").style.display = "none";
+					document.querySelector(".fullscreen-image").style.transform = "translateX(-50%) translateY(-50%) scale(0.9)";
 				}, 500);
 			}
 		</script>
diff --git a/password-reset.php b/password-reset.php
index 824d073..9057a2a 100644
--- a/password-reset.php
+++ b/password-reset.php
@@ -26,8 +26,8 @@
 		<p>After reset, you will be kicked out to login again</p>
 		<br>
 		<form id="passwordForm" method="POST" enctype="multipart/form-data">
-			<input id="currentPassword" class="btn btn-neutral" placeholder="Current password!!!!" type='password' disabled>
-			<br>
+			<!--<input id="currentPassword" class="btn btn-neutral" placeholder="Current password!!!!" type='password'>
+			<br>-->
 			<input id="newPassword" class="btn btn-neutral" type="password" name="new_password" placeholder="New Password">
 			<input id="confirmPassword" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Confirm Password">
 			<br>
@@ -40,13 +40,13 @@
 	<script>
 		$("#passwordForm").submit(function(event) {
 			event.preventDefault();
-			var current_password	= $("#currentPassword").val();
+			//var current_password	= $("#currentPassword").val();
 			var new_password		= $("#newPassword").val();
 			var confirm_password	= $("#confirmPassword").val();
 			var submit				= $("#passwordSubmit").val();
 			
 			$("#newSniff").load("app/account/account.php", {
-				current_password: current_password,
+				//current_password: current_password,
 				new_password: new_password,
 				confirm_password: confirm_password,
 				password_reset_submit: submit
diff --git a/profile.php b/profile.php
index 1544688..995168a 100644
--- a/profile.php
+++ b/profile.php
@@ -40,11 +40,11 @@
                     ?>
                         <style>
                             .profile-root {
-                                background-image: linear-gradient(to right, <?php echo $pfp_colour; ?>, var(--bg-3), var(--bg-3)) !important;
+                                background-image: linear-gradient(120deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
                             }
                             @media (max-width: 669px) {
                                 .profile-root {
-                                    background-image: linear-gradient(to bottom, <?php echo $pfp_colour; ?>, var(--bg-3)) !important;
+                                    background-image: linear-gradient(200deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
                                 }
                             }
                         </style>