Updated 6 files and added 3 files (automated)

9 files changed, 228 insertions, 5 deletions

diff --git a/_upload/old.php b/_upload/old.php
index 1e42f1d..276c1f8 100644
--- a/_upload/old.php
+++ b/_upload/old.php
@@ -61,7 +61,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/navigation.php";
 
             <div>
                 <p><?= l("lang_upload_select") ?></p>
-                <input type="file" name="file" style="width: 100%;">
+                <input accept="image/png,image/jpeg,image/webp,image/gif,image/bmp,image/avif" type="file" name="file" style="width: 100%;">
                 <script>
                     window.onload = () => {
                         document.getElementsByName("file")[0].value = "";
diff --git a/admin/avatars/index.php b/admin/avatars/index.php
new file mode 100644
index 0000000..9a3c6b8
--- /dev/null
+++ b/admin/avatars/index.php
@@ -0,0 +1,93 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
+$title = "lang_admin_title";
+$title_pre = l("lang_admin_titles_avatars");
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/header.php";
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/navigation.php";
+
+?>
+
+<div class="container">
+    <br><br>
+    <a href="/admin">← <?= l("lang_admin_title") ?></a>
+    <h1><?= l("lang_admin_titles_avatars") ?></h1>
+
+    <select onchange="reloadPFP();" class="form-select" id="user">
+        <option value="">-- <?= l("lang_admin_avatars_none") ?> --</option>
+        <?php $letters = ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"]; foreach ([...$letters, "#"] as $letter) { $users = [];
+            foreach (array_filter(scandir($_SERVER["DOCUMENT_ROOT"] . "/includes/data/profiles"), function ($i) { return !str_starts_with($i, "."); }) as $_id) {
+                $id = substr($_id, 0, -5);
+                $name = getNameFromId($id, false);
+
+                if (str_starts_with(strtolower($name), $letter)) {
+                    $users[$id] = $name;
+                }
+            }
+
+            if (count($users) > 0): ?>
+                <optgroup label="<?= strtoupper($letter) ?>">
+                    <?php foreach ($users as $id => $name): ?>
+                    <option value="<?= $id ?>"><?= $name ?></option>
+                    <?php endforeach; ?>
+                </optgroup>
+            <?php endif;
+        } ?>
+    </select>
+
+    <div style="margin-top: 20px; display: grid; grid-template-columns: 96px 1fr; grid-gap: 20px;">
+        <img alt="" id="preview" style="border: none; background-color: black; width: 96px; height: 96px; border-radius: 999px;">
+        <div style="display: flex; align-items: center;">
+            <div>
+                <form action="/admin/avatars/update.php" method="post">
+                    <input type="hidden" id="id-input" name="id" value="" required>
+                    <input type="hidden" id="upload-input" name="upload" value="" required>
+                    <p>
+                        <input disabled class="form-control" onchange="updatePreview();" type="file" id="uploader" required>
+                    </p>
+                    <button id="upload-btn" class="disabled btn btn-primary"><?= l("lang_admin_avatars_upload") ?></button>
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <br><br>
+
+    <script>
+        function reloadPFP() {
+            document.getElementById("uploader").value = "";
+            document.getElementById("upload-btn").classList.add("disabled");
+            document.getElementById("uploader").classList.add("disabled");
+            document.getElementById("id-input").value = document.getElementById("user").value;
+            document.getElementById("preview").src = "/admin/avatars/url.php?id=" + document.getElementById("user").value;
+
+            if (document.getElementById("user").value !== "") {
+                document.getElementById("uploader").removeAttribute("disabled");
+            } else {
+                document.getElementById("uploader").setAttribute("disabled", "");
+            }
+        }
+
+        function updatePreview() {
+            if (document.getElementById("uploader").value !== "") {
+                document.getElementById("preview").src = URL.createObjectURL(document.getElementById("uploader").files[0]);
+
+                let reader = new FileReader();
+                reader.readAsDataURL(document.getElementById("uploader").files[0]);
+
+                reader.onload = function () {
+                    document.getElementById("upload-btn").classList.remove("disabled");
+                    document.getElementById("upload-input").value = reader.result;
+                }
+            } else {
+                document.getElementById("preview").src = "";
+                document.getElementById("upload-btn").classList.add("disabled");
+            }
+        }
+
+        document.getElementById("user").value = "";
+        document.getElementById("uploader").value = "";
+    </script>
+</div>
+
+<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/footer.php"; ?>
\ No newline at end of file
diff --git a/admin/avatars/update.php b/admin/avatars/update.php
new file mode 100644
index 0000000..a835124
--- /dev/null
+++ b/admin/avatars/update.php
@@ -0,0 +1,97 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
+
+if (!isset($_POST["id"])) die();
+if (!isset($_POST["upload"])) die();
+
+if (!preg_match("/[a-zA-Z0-6]/m", $_POST["id"])) die();
+header("Content-Type: text/plain");
+
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/data/profiles/" . $_POST["id"] . ".json")) die();
+
+$name = tempnam("/tmp", "Delta-PFP-Upload-");
+$uuid = $_POST["id"];
+file_put_contents($name, base64_decode(explode(",", $_POST["upload"])[1]));
+
+$_FILES["upload"] = [
+    "error" => 0,
+    "type" => mime_content_type($name),
+    "tmp_name" => $name
+];
+
+var_dump($_FILES);
+var_dump(mime_content_type($name));
+
+if ($_FILES["upload"]["type"] !== "image/png" && $_FILES["upload"]["type"] !== "image/jpeg" && $_FILES["upload"]["type"] !== "image/webp" && $_FILES["upload"]["type"] !== "image/gif" && $_FILES["upload"]["type"] !== "image/bmp" && $_FILES["upload"]["type"] !== "image/avif") {
+    die();
+}
+
+$im = imagecreate(1, 1);
+
+switch ($_FILES["upload"]["type"]) {
+    case "image/png":
+        $im = imagecreatefrompng($_FILES["upload"]["tmp_name"]);
+        break;
+
+    case "image/jpeg":
+        $im = imagecreatefromjpeg($_FILES["upload"]["tmp_name"]);
+        break;
+
+    case "image/webp":
+        $im = imagecreatefromwebp($_FILES["upload"]["tmp_name"]);
+        break;
+
+    case "image/gif":
+        $im = imagecreatefromgif($_FILES["upload"]["tmp_name"]);
+        break;
+
+    case "image/bmp":
+        $im = imagecreatefrombmp($_FILES["upload"]["tmp_name"]);
+        break;
+
+    case "image/avif":
+        $im = imagecreatefromavif($_FILES["upload"]["tmp_name"]);
+        break;
+}
+
+$res = false;
+
+while (!$res) {
+    $res = imagewebp($im, $_SERVER['DOCUMENT_ROOT'] . "/uploads/temp-" . $uuid . ".webp");
+}
+
+$size = getimagesize($_SERVER['DOCUMENT_ROOT'] . "/uploads/temp-" . $uuid . ".webp");
+var_dump($size);
+
+$ratio_orig = $size[0] / $size[1];
+$width = 512;
+$height = 1080;
+
+if ($width / $height > $ratio_orig) {
+    $width = $height * $ratio_orig;
+} else {
+    $height = $width / $ratio_orig;
+}
+
+if ($size[0] > 512 || $size[1] > 512) {
+    imagescale($im, $width, $height);
+
+    $res = false;
+
+    while (!$res) {
+        $res = imagewebp($im, $_SERVER['DOCUMENT_ROOT'] . "/uploads/temp-" . $uuid . ".webp");
+
+        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/uploads/" . $uuid . ".webp")) {
+            if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/uploads/archive/" . $uuid . ".webp")) unlink($_SERVER['DOCUMENT_ROOT'] . "/uploads/archive/" . $uuid . ".webp");
+
+            rename($_SERVER['DOCUMENT_ROOT'] . "/uploads/" . $uuid . ".webp", $_SERVER['DOCUMENT_ROOT'] . "/uploads/archive/" . $uuid . ".webp");
+        }
+
+        rename($_SERVER['DOCUMENT_ROOT'] . "/uploads/temp-" . $uuid . ".webp", $_SERVER['DOCUMENT_ROOT'] . "/uploads/" . $uuid . ".webp");
+    }
+} else {
+    rename($_SERVER['DOCUMENT_ROOT'] . "/uploads/temp-" . $uuid . ".webp", $_SERVER['DOCUMENT_ROOT'] . "/uploads/" . $uuid . ".webp");
+}
+header("Location: /admin/avatars");
+die();
\ No newline at end of file
diff --git a/admin/avatars/url.php b/admin/avatars/url.php
new file mode 100644
index 0000000..788324f
--- /dev/null
+++ b/admin/avatars/url.php
@@ -0,0 +1,15 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
+
+if (!isset($_GET["id"])) die();
+if (!preg_match("/[a-zA-Z0-6]/m", $_GET["id"])) die();
+header("Content-Type: text/plain");
+
+if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/uploads/" . $_GET["id"] . ".webp")) {
+    header("Location: /uploads/" . $_GET["id"] . ".webp?__=" . bin2hex(random_bytes(32)));
+    die();
+} else {
+    header("Location: /defaultuser.png");
+    die();
+}
\ No newline at end of file
diff --git a/admin/index.php b/admin/index.php
index 6d14926..44b2f90 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -18,6 +18,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/navigation.php";
         <a href="/admin/handoff" class="list-group-item list-group-item-action"><?= l("lang_admin_titles_handoff") ?></a>
         <a href="/admin/support" class="list-group-item list-group-item-action"><?= l("lang_admin_titles_support") ?></a>
         <a href="/admin/codes" class="list-group-item list-group-item-action"><?= l("lang_admin_titles_codes") ?></a>
+        <a href="/admin/avatars" class="list-group-item list-group-item-action"><?= l("lang_admin_titles_avatars") ?></a>
     </div>
 
     <br><br>
diff --git a/includes/functions.php b/includes/functions.php
index f751cf2..d8f5c7b 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -454,7 +454,7 @@ function formatDate($date, $withYear = true) {
     }
 }
 
-function getNameFromId($id) {
+function getNameFromId($id, $allowNickName = true) {
     if (preg_replace("/^[\da-f]{8}(-[\da-f]{4}){3}-[\da-f]{12}$/m", "OK", $id) !== "OK") return $id;
 
     if (file_exists($_SERVER["DOCUMENT_ROOT"] . "/includes/data/people/" . $id . ".json")) {
@@ -469,7 +469,12 @@ function getNameFromId($id) {
         return $data["title"][l("lang__name")] ?? $data["title"]["en"] ?? $data["title"][array_keys($data["title"])[0]] ?? "-";
     } elseif (file_exists($_SERVER["DOCUMENT_ROOT"] . "/includes/data/profiles/" . $id . ".json")) {
         $d = json_decode(pf_utf8_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/includes/data/profiles/" . $id . ".json")), true);
-        return $d["nick_name"] ?? $d["first_name"] . " " . $d["last_name"];
+
+        if ($allowNickName) {
+            return $d["nick_name"] ?? $d["first_name"] . " " . $d["last_name"];
+        } else {
+            return $d["first_name"] . " " . $d["last_name"];
+        }
     }
 
     return $id;
diff --git a/lang/en.json b/lang/en.json
index 9d212da..86a926f 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -1038,7 +1038,8 @@
       "objects": "Database objects",
       "requests": "Pending requests",
       "registrations": "Account registrations",
-      "support": "Support codes"
+      "support": "Support codes",
+      "avatars": "Profile pictures upload"
     },
     "save": "Save",
     "json": "The data you sent is not valid JSON data. Check the syntax and try again.",
@@ -1098,6 +1099,10 @@
     "modified": {
       "title": "Unable to change this request:",
       "description": "You cannot change this request as it was modified while you were reviewing it. Please review the request again."
+    },
+    "avatars": {
+      "none": "Click here to select a user",
+      "upload": "Upload new profile picture"
     }
   },
   "oobe": {
diff --git a/lang/fr.json b/lang/fr.json
index 2f821f2..4cee94f 100644
--- a/lang/fr.json
+++ b/lang/fr.json
@@ -1038,7 +1038,8 @@
       "objects": "Objets de la base de données",
       "requests": "Demandes en attente",
       "registrations": "Enregistrements de compte",
-      "support": "Codes du support"
+      "support": "Codes du support",
+      "avatars": "Téléversement des photos de profil"
     },
     "save": "Enregistrer",
     "json": "Les données que vous avez envoyées ne sont pas du JSON valide. Vérifiez la syntaxe et essayez de nouveau.",
@@ -1098,6 +1099,10 @@
     "modified": {
       "title": "Impossible de changer cette demande :",
       "description": "Vous ne pouvez pas changer cette demande car elle a été modifiée pendant que vous la relisiez. Merci de la relire à nouveau."
+    },
+    "avatars": {
+      "none": "Cliquez ici pour sélectionner un·e utilisateur·ice",
+      "upload": "Envoyer la nouvelle photo de profil"
     }
   },
   "oobe": {
diff --git a/support/index.php b/support/index.php
index 45fca3b..e5da28a 100644
--- a/support/index.php
+++ b/support/index.php
@@ -10,6 +10,8 @@ if (isset($_GET["t"]) && is_numeric($_GET["t"]) && (int)$_GET["t"] < 11) {
 }
 
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/functions.php";
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
+
 if (isset($p1)) {
     $title_pre = l("lang_support_titles_" . $p1);
 }