A slow-burn existential crisis

README.txt

@@ -21,6 +21,7 @@ PRE-REQUISITES
 ----------------------------------------
 	* PHP 7.0
 	* Webserver with CGI enabled
+	* Composer
 	* A paper-clip and soldering-iron
 	* Also a lighter
 
@@ -30,9 +31,16 @@ PRE-REQUISITES
 INSTALLATION
 ----------------------------------------
 Drop Blagoblag in any directory on your webserver, then create an SQL
-database for Blagoblag. Make sure to make a "config.ini" file (from 
-"config.ini.example")-- at the minimum, you need to configure the SQL
-connection settings.
+database for Blagoblag-- UTF-8 character encoding, preferably.
+
+Then, make a "config.ini" file (from "config.ini.example")-- at the
+minimum, you need to configure the SQL connection settings.
+
+After that, just run "composer intall", then you should be running!
+
+As for setup, you should make your own user-account, then use the "root"
+account to elevate your account to archmage (highest login class)-- after
+that, delete the "root" account. :)
 
 
 

composer.json

@@ -1,6 +1,7 @@
 { "require":
 	{
 		"twig/twig": "1.*",
-		"falseclock/dbd-php": "1.*"
+		"erusev/parsedown": "*.*",
+		"consoletvs/profanity": "*.*"
 	}
 }

config.php.sample

@@ -1,4 +1,9 @@
 <?php
+// -------------------------------------
+// REQUIRED
+
+// -----------------
+// database stuff
 $db_type = "mysql";
 $db_host = "host=localhost;";
 $db_port = "port=3306;";
@@ -9,6 +14,28 @@ $db_name = "dbname=blagoblag;";
 $db_user = "USERNAME";
 $db_pass = "PASSWORD";
 
+// -----------------
+// etc
+$root = "blagoblag/";	// where blagoblag is, relative to the web-root
+			// AKA, the path you put in URLs
+
+// -------------------------------------
+// OPTIONAL
+
+// -----------------
+// branding
+$instance_title = "Blagoblag";	// your site's name, for branding <3
+$theme   = "default";       	// the theme you wanna use
+
+// -----------------
+// the url's relative to blagoblag's root, used to make a bunch of urls
+// these should change only if you use some URL rewriting in your webserver
+// (I.E., "/u/USERNAME" --> "/u/?name=USERNAME")
+
+$user_prefix_name = "u/?name=";	
+$user_prefix_id = "u/?id=";
+
+$post_prefix_name = "p/?name=";
+$post_prefix_id = "p/?id=";
 
-$theme   = "default";
 ?>

docs/last_time.txt

@@ -0,0 +1,2 @@
+Last time on blagoblag!!
+	* USER planted a post and failed to hold central dogma

p/edit/index.php

@@ -0,0 +1,45 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+$title = "Control Panel";
+$depth = "../../";
+$mark  = "u_edit_index";
+include $depth . "res/lib/load.php";
+
+// -------------------------------------
+
+$cur_id = user_logged_in();
+$edit_id = $_GET['id'] ?? $cur_id;
+
+// -------------------------------------
+
+$local_exports = array('user_id' => $edit_id,
+		'user_full_name' => unscrub(user_full_name($edit_id)),
+		'user_name' => user_name($edit_id),
+		'user_bio' => unscrub(user_biography($edit_id)),
+		'user_email' => user_email($edit_id),
+		'user_website' => user_website($edit_id));
+
+
+// --------------------------------------
+
+switch (1) {
+	case (user_logged_in() == false):
+		general_error("You're not even logged in, fool! >;c");
+		break;
+	case ($cur_id != $edit_id):
+		auth_enforce($cur_id, array("wizard", "archmage"), "edit other
+			people's accounts");
+		break;	
+}
+
+display_page($mark, $depth, $title, $local_exports);
+
+?>

p/edit/private/user_edit.php

@@ -0,0 +1,54 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+$depth = "../../../";
+include $depth . "res/lib/load.php";
+
+$cur_id = user_logged_in();
+$edit_id = $_GET['id'] ?? user_logged_in();
+
+$full	= scrub($_POST['full_name']);
+$bio	= scrub($_POST['bio']);
+$email	= scrub($_POST['email']);
+$url	= scrub($_POST['url']);
+$class  = scrub($_POST['login']) ?? false;
+
+// -------------------------------------
+
+input_enforce(array($full, $bio, $email, $url),
+		array("Full name", "Biography", "E-mail", "URL"),
+		array("string", "string", "email", "url"));
+
+// -------------------------------------
+
+switch (1) {
+	case (user_logged_in() == false):
+		general_error("Guests can't edit accounts, nerd!");
+		break;
+	case ($cur_id != $edit_id):
+		auth_enforce($cur_id, array("wizard", "archmage"), "edit other
+				people's accounts");
+		continue;
+}
+
+if ($class != false) {
+	$auth = auth_enforce($cur_id, array("archmage"),
+			"edit other people's classes");
+	if ($auth != false) {
+		$user_set($edit_id, "class", $class);
+	}
+}
+
+user_set($edit_id, "full_name", $full);
+user_set($edit_id, "biography", $bio);
+user_set($edit_id, "email", $email);
+user_set($edit_id, "website", $url);
+
+?>

p/index.php

@@ -8,42 +8,31 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details. */
 
+$title = "Control Panel";
 $depth = "../";
-$title = "";
 $mark  = "p_index";
-include "../res/lib/load.php";
+include $depth . "res/lib/load.php";
 
 // -------------------------------------
 
-
 $id = $_GET['id'] ?? post_title_to_id($_GET['name']);
 $name = post_title($id);
 
 // -------------------------------------
 
-if (empty($_GET['id']) && empty($_GET['name'])) {
-	root_redirect('p/list/');
-} else if (!is_post_id($_GET['id']) && !is_post_title($_GET['name'])) {
-	general_error("We can't find that post! :(");
+if (empty($name)) {
+	root_redirect("p/list/");
 }
 
+$local_exports = array('post_id' => $id,
+		'post_title' => unscrub($name),
+		'post_author' => post_author($id),
+		'post_date' => post_date($id),
+		'post_text' => markdown(post_text($id)));
+
+
 // --------------------------------------
 
-$post_text = markdown(post_text($id));
-$post_date = post_date($id);
-$post_data = post_data($id);
-
-$user_id = post_author($id);
-$username = user_name($user_id);
-$full_name = user_full_name($user_id);
-
-$local_exports = array('post_id' => $id, 'post_text' => $post_text, 
-			'post_author' => $user_id,
-			'post_data' => $post_data, 'post_title' => $name,
-			'post_date' => $date);
-
-// -------------------------------------
-
 display_page($mark, $depth, $title, $local_exports);
 
 ?>

p/list/index.php

@@ -15,6 +15,12 @@ include "../../res/lib/load.php";
 
 // -------------------------------------
 
-display_page($mark, $depth, $title);
+$order = $_GET['order'] ?? "desc";
+
+$local_exports = array('order' => $order);
+
+// -------------------------------------
+
+display_page($mark, $depth, $title, $local_exports);
 
 ?>

p/new/private/post_create.php

@@ -11,17 +11,13 @@
 $depth = "../../../";
 include "../../../res/lib/load.php";
 
-$auth_user = scrub($_POST['auth_user']);
-$auth_pass = scrub($_POST['auth_pass']);
-$auth_id = user_name_to_id($auth_user);
-
 $title = scrub($_POST['title']);
 $desc = scrub($_POST['desc']);
 $text = scrub($_POST['text']);
 
 // -------------------------------------
 
-auth_enforce($auth_id, $auth_pass,
+auth_enforce(user_logged_in(),
 		array("contributor", "wizard", "archmage"), "make posts");
 
 input_enforce(array($title, $desc, $text),
@@ -30,9 +26,8 @@ input_enforce(array($title, $desc, $text),
 
 // -------------------------------------
 
-echo $auth_user . $auth_user_id;
-post_create($title, $auth_id, $desc, $text);
+post_create($title, user_logged_in(), $desc, $text);
 
-root_redirect("post.php?name=" . $title);
+root_redirect($GLOBALS['post_prefix_title'] . $title);
 
 ?>

res/lib/db.php

@@ -7,6 +7,9 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details. */
 
+/* note: should really make variable-naming more SQL-adherent and consistent
+ *       also rethink a lot fo these abstractions
+ *       also use prepared statements (as in http://bobby-tables.com/php) */
 
 // -------------------------------------
 // connection setup
@@ -115,7 +118,13 @@ function db_get_rows($table, $identifier, $value) {
 // Return the value of a specific column in a given row, identified by an
 // 'identifier' column set to the given value
 function db_get_cell($table, $identifier, $value, $cell) {
-	return db_get_rows($table, $identifier, $value)[0][$cell];
+	$results = db_get_rows($table, $identifier, $value);
+
+	if (count($results) > 0) {
+		return $results[0][$cell];
+	} else {
+		return false;
+	}
 }
 
 // !!!
@@ -143,7 +152,7 @@ function db_set_cell($table, $identifier, $value, $cell, $new_value) {
 
 	return db_cmd("update " . $table 
 			. " set " . $cell . " = " . $new_value
-			. " where " . $identifier . " = " . $value) . ";";
+			. " where " . $identifier . " = " . $value . ";");
 }
 
 // -------------------------------------

res/lib/load.php

@@ -11,6 +11,7 @@
 
 // PATH --> PATH
 // Take a path from root and turn it into a relative path.
+error_reporting(0);
 function root($path) {
 	return $GLOBALS['depth'] . $path;
 }
@@ -30,12 +31,24 @@ include(root("res/lib/db.php"));
 include(root("res/lib/url.php"));
 include(root("res/lib/post.php"));
 include(root("res/lib/blagoblag.php"));
+include(root("res/lib/token.php"));
 
 $loader= new Twig_Loader_Filesystem(root("res/themes/default/html"));
 $twig = new Twig_Environment($loader, ['cache' =>
 	root('cache/'), 'autoescape' => false]);
 
+// -------------------------------------
+// authentication
 
+global $logged_id;
+global $logged_in; $logged_in = false;
+
+$test_id = user_logged_in();
+
+$logged_id = $test_id ?? 0;
+if ($logged_id != 0) {
+	$logged_in = true;
+}
 
 // -------------------------------------
 // global variable declaration
@@ -67,6 +80,12 @@ $twig_exports = array('theme' => $GLOBALS['theme'],
 			'user' => $GLOBALS['user'],
 			'posts' => $GLOBALS['posts'],
 			'post' => $GLOBALS['post'],
-			'instance_title' => $GLOBALS['instance_title']);
+			'user_prefix_id' => $GLOBALS['user_prefix_id'],
+			'user_prefix_name' => $GLOBALS['user_prefix_name'],
+			'post_prefix_id' => $GLOBALS['post_prefix_id'],
+			'post_prefix_name' => $GLOBALS['post_prefix_name'],
+			'instance_title' => $GLOBALS['instance_title'],
+			'logged_id' => $GLOBALS['logged_id'],
+			'logged_in' => $GLOBALS['logged_in']);
 
 ?>

res/lib/sterilize.php

@@ -12,9 +12,9 @@
 // NUMBER STRING ARRAY [STRING] --> NIL
 // Make sure a user is both authenticated *and* permitted to do a given task,
 // aka in the right login-class.
-function auth_enforce($id, $password, $permitted, $message="do that") {
-	if (!user_valid_password($id, $password)) {
-		input_error("Sorry, your user-name or password is wrong.");
+function auth_enforce($id, $permitted, $message="do that") {
+	if (!user_logged_in()) {
+		input_error("Sorry, you're not logged in!");
 	}
 
 	$class = user_class($id);
@@ -22,6 +22,7 @@ function auth_enforce($id, $password, $permitted, $message="do that") {
 		perm_error("Mate, only a " . comma_sep($permitted, " or ")
 			. " can " . $message . "-- you hecking "
 			. $class . "!");
+		return false;
 	}
 }
 

res/lib/string.php

@@ -25,4 +25,11 @@ function string_wrap($value) {
 function strings_wrap($array) {
 	return array_map("string_wrap", $array);
 }
+
+// STRING NUMBER --> STRING
+// Return the nth word of a given string (space-seperated)
+function word_nth($string, $number) {
+	return explode(" ", $string)[$number];
+}
+
 ?>

res/lib/token.php

@@ -0,0 +1,91 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+
+function user_token_generate($id) {
+	return crypt($id . rand(0, 5000000));
+}
+
+// NUMBER --> NUMBER
+// Generate a new login-token and associate it with the user's account.
+// Returns the token number.
+function user_token_set($id, $token) {
+	setcookie("token", $token, time() + 60*60*24*30, "/");
+	setcookie("id", $id, time() + 60*60*24*30, "/");
+	echo "token" . $token;
+	db_set_cell("lusers", "id", $id, "token", $token);
+	return $token;
+}
+
+// NUMBER NUMBER --> BOOLEAN
+// Return whether or not a token is valid for a certain user account
+function user_token_validate($id, $token) {
+	$valid_token = db_get_cell("lusers", "id", $id, "token");
+
+	if (html_entity_decode($token) == $valid_token) {
+		return true;
+
+	} else {
+		return false;
+	}
+
+}
+
+
+// -------------------------------------
+
+
+// NUMBER --> NIL
+// Log a user in
+function user_log_in($id) {
+	$token = user_token_generate($id);
+	user_token_set($id, $token);
+
+	return true;
+}
+
+// NUMBER --> NIL
+// Log out a user, by burning the DB-token, and eating the log-in cookies
+function user_log_out($id) {
+	user_token_set($id, "escapee");
+	setcookie("token", "escapee", time(), "/");
+	setcookie("id", "death, the destroyer", time(), "/");
+
+	return true;
+}
+
+// -------------------------------------
+
+// NIL --> NUMBER/BOOLEAN
+// Return whether or not a user is logged in-- if yes, return user ID
+function user_logged_in() {
+	$id = $_COOKIE['id'] ?? 1;
+	$token = $_COOKIE['token'] ?? 1;
+
+	if (user_token_validate($id, $token)) {
+		return $id;
+	} else {
+		return false;
+	}
+}
+
+// -------------------------------------
+
+// NUMBER STRING --> BOOLEAN
+// Return whether or not a given password is valid.
+function user_valid_password($id, $password) {
+	if (password_verify($password, user_get($id, "hash"))) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+?>

res/lib/user.php

@@ -131,64 +131,13 @@ function user_posts($id) {
 // Return an array filled with all of a user's relevant data.
 function user_data($id) {
 	return array('full_name' => user_full_name($id),
+			'first_name' => word_nth(user_full_name($id), 0),
 			'name' => user_name($id),
 			'bio' => user_biography($id),
+			'class' => user_class($id),
 			'email' => user_email($id),
 			'website' => user_website($id),
 			'posts' => user_posts($id));
 }
 			
-
-// -------------------------------------
-
-
-// NUMBER --> NUMBER
-// Generate a new login-token and associate it with the user's account.
-// Returns the token number.
-function user_token_create($id) {
-	$token = rand(0, 5000000);
-	db_set_cell("lusers", "id", $id, "token", rand(0, 5000000));
-	return $token;	
-}
-
-// NUMBER NUMBER --> BOOLEAN
-// Return whether or not a token is valid for a certain user account
-function user_token_validate($id, $token) {
-	$valid_token = db_get_cell("lusers", "id", $id, "token");
-
-	if ($token == $valid_token) {
-		return true;
-
-	} else {
-		return false;
-	}
-}
-
-
-// -------------------------------------
-
-
-// NUMBER --> NIL
-// Log a user in-- create a token, then make a cookie with said token.
-function user_log_in($id) {
-	$token = user_token_create($id);
-	setcookie("token", $token, 2628000);
-	setcookie("id", $id, 2628000);
-}
-
-function logged() {
-	if (user_token_validate($id, $_COOKIE['token'])) {
-		return $id;
-	} else {
-		return "no";
-	}
-}
-
-// -------------------------------------
-// NUMBER STRING --> BOOLEAN
-// Return whether or not a given password is valid.
-function user_valid_password($id, $password) {
-	return password_verify($password, user_get($id, "hash"));
-}
-
 ?>

res/themes/default/css/global.css

@@ -1,35 +1,91 @@
-/* The color-combo we're using:
- * https://www.colorcombos.com/color-schemes/116/ColorCombo116.html */
 body {
-	background-color: #CECFCE;
+	background-color: #FFFFFF;
 	font-family: sans-serif;
 	font-size: 17px;
 	color: #073642;
 	width: 100%;
 }
 
+p {
+	max-width: 700px;
+	padding-left: 10%;
+}
+
+form {
+	background-color: #EFEFEF;
+	margin: 10px;
+	border-radius: 5px;
+	max-width: 900px;
+	padding: 10px;
+}
+
+form label {
+	width: 100px;
+	display: inline-block;
+	font-weight: bold;
+	align: left;
+}
+
+.button {
+	background-color: #993232;
+	color: #FFFFFF;
+	padding: 10px;
+	border-radius: 5px;
+}
+
+.button a {
+	color: inherit;
+	text-decoration: none;
+}
+
+.button:hover {
+	background-color: #AFB170;
+}
+
+
+
+/* -------------------------------------
+ * navbar
+ * -----------------------------------*/
 nav {
-	background-color: #84596B;
+	background-color: #993232;
+	color: #FFFFFF;
 	width: 100%;
 	margin: 0;
 	padding: 0;
 }
 
 nav ul {
-	background-color: #84596B;
+	background-color: inherit;
+	color: inherit;
 	overflow: hidden;
-	color: #FFFFFF;
 }
 
 nav li {
+	background-color: inherit;
+	color: inherit;
 	display: block;
 	margin-left: 20px;
 	margin-right: 20px;
-	background-color: #84596B;
 	float: left;
 	padding: 10px;
 }
 
+nav li a {
+	background-color: inherit;
+	color: inherit;
+	text-decoration: none;
+	color: #FFFFFF;
+}
+
+nav li:hover {
+	background-color: #AFB170;
+}
+
+.right {
+	float: right;
+}
+
 #star {
 	margin-left: 1px;
 	margin-right: 1px;
@@ -43,32 +99,38 @@ nav li {
 	background-color: inherit;
 }
 
-nav li:hover {
-	background-color: #AFB170;
-}
-
-nav li a {
-	text-decoration: none;
-	color: #FFFFFF;
-}
-
-.right {
-	float: right;
-}
-
-p {
-	max-width: 700px;
-	padding-left: 10%;
-}
 
 
-.post_card {
-	height: 200px;
-	display: inline-block;
-	overflow: hidden;
-	max-width: 200px;
-	border-style: solid;
+/* -------------------------------------
+ * meta_post_card_*
+ * -----------------------------------*/
+
+.card {
+	float: left;
+	max-width: 370px;
+	border-style: dotted;
 	border-width: 2px;
 	border-color: #B58AA5;
 	border-radius: 5px;
+	margin: 10px;
+}
+
+.card p {
+	padding-right: 30px;
+	padding-left: 30px;
+	padding-bottom: 30px;
+}
+
+.title {
+	text-align: center;
+}
+
+.date {
+	font-size: 17px;
+	text-align: center;
+}
+
+.author {
+	font-size: 15px;
+	text-align: center;
 }

res/themes/default/css/p_index.css

@@ -0,0 +1,11 @@
+article {
+	max-width: 900px;
+	border-width: 2px;
+	border-style: dotted;
+	border-color: #B58AA5;
+	border-radius: 5px;
+
+}
+.title .author .date {
+	text-align: center;
+}

res/themes/default/css/post.css

@@ -1 +0,0 @@
-/* This is the CSS file for the post page *only* */

res/themes/default/css/u_index.css

@@ -0,0 +1,15 @@
+.user_info {
+	max-width: 900px;
+	border-width: 2px;
+	border-style: dotted;
+	border-color: #B58AA5;
+	border-radius: 5px;
+}
+
+.text {
+	margin: 20px;
+}
+
+.title .author .date {
+	text-align: center;
+}

res/themes/default/html/admin_index.twig.html

@@ -28,7 +28,6 @@
 
 		<hr />
 
-
 		<p><label>Login Group</label>
 			<select name="login">
 				<option value="contributor">Contributor</option>
@@ -71,3 +70,11 @@
 		<p><input type="submit" /></p>
 	</form>
 </section>
+
+<section>
+	<form action="private/post_delete.php" method="post">
+		<label>Post ID</label> <input type="number" name="id" />
+		<input type="submit" />
+	</form>
+</section>
+

res/themes/default/html/head.twig.html

@@ -2,6 +2,8 @@
 <html lang="en">
 <head>
 	<meta charset="UTF-8" />
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+
 	<link rel="stylesheet" type="text/css"
 		href="{{ depth }}res/themes/{{ theme }}/css/global.css">
 	<link rel="stylesheet" type="text/css"

res/themes/default/html/index.twig.html

@@ -1,5 +1,5 @@
 {% for post_id in posts %}
 	{% set post_id = post_id %}
-	{{ include('meta_post_card.twig.html') }}
+	{{ include('meta_post_card_big.twig.html') }}
 {% endfor %}
 

res/themes/default/html/meta_post_card.twig.html

@@ -1,15 +1,15 @@
-<ul class="post_card">
-	<li>
+<article class="card">
+	<h2 class="title">
 		<a href="{{ depth }}p/index.php?id={{ post_id }}">
 			{{ post[post_id]['title'] }}
 		</a>
-	</li>
+	</h2>
 	{% set author = post[post_id]['author'] %}
-	<li>
+	<h3 class="date">{{ post[post_id]['date'] }}</h3>
+	<h4 class="author">
 		<a href="{{ depth }}u/index.php?id={{ author }}">
 			{{ user[author]['full_name'] }}
 		</a>
-	</li>
-	<li>{{ post[post_id]['date'] }}</li>
-	<li><p>{{ post[post_id]['desc'] }}</p></li>
-</ul>
+	</h4>
+	<p>{{ post[post_id]['text'] }}</p>
+</article>

res/themes/default/html/meta_post_card_big.twig.html

@@ -0,0 +1,2 @@
+{{ include('meta_post_card_header.twig.html') }}
+{{ include('meta_post_card_big_body.twig.html') }}

res/themes/default/html/meta_post_card_big_body.twig.html

@@ -0,0 +1,2 @@
+	<p>{{ post[post_id]['text'] }}</p>
+</article>

res/themes/default/html/meta_post_card_header.twig.html

@@ -0,0 +1,13 @@
+<article class="card">
+	<h2 class="title">
+		<a href="{{ depth }}p/index.php?id={{ post_id }}">
+			{{ post[post_id]['title'] }}
+		</a>
+	</h2>
+	{% set author = post[post_id]['author'] %}
+	<h3 class="date">{{ post[post_id]['date'] }}</h3>
+	<h4 class="author">
+		<a href="{{ depth }}u/index.php?id={{ author }}">
+			{{ user[author]['full_name'] }}
+		</a>
+	</h4>

res/themes/default/html/meta_post_card_mini.twig.html

@@ -0,0 +1,2 @@
+{{ include('meta_post_card_header.twig.html') }}
+{{ include('meta_post_card_mini_body.twig.html') }}

res/themes/default/html/meta_post_card_mini_body.twig.html

@@ -0,0 +1,2 @@
+	<p>{{ post[post_id]['desc'] }}</p>
+</article>

res/themes/default/html/meta_user_card.twig.html

@@ -0,0 +1,8 @@
+<article class="card">
+	<h2 class="title">
+		<a href="{{ depth }}u/?id={{ user_id }}">
+			{{ user[user_id]['full_name'] }}
+		</a>
+	</h2>
+	<p>{{ user[user_id]['bio'] }}</p>
+</article>

res/themes/default/html/navbar.twig.html

@@ -10,8 +10,22 @@
 		<li id="nav_users">
 			<a href="{{ depth }}u/list/">Users</a>
 		</li>
+		{% if logged_in %}
+		<li class="right" id="nav_logout">
+			<a href="{{ depth }}u/out/">Logout</a>
+		</li>
+		<li class="right" id="nav_user">
+			<a href="{{ depth }}{{ user_prefix_id}}{{ logged_id }}">
+				{{ user[logged_id]['first_name'] }}
+			</a>
+		</li>
+		{% else %}
+		<li class="right" id="nav_login">
+			<a href="{{ depth }}u/old/">Login</a>
+		</li>
 		<li class="right" id="nav_register">
 			<a href="{{ depth }}u/new/">Register</a>
 		</li>
+		{% endif %}
 	</ul>	
 </nav>

res/themes/default/html/p_index.twig.html

@@ -1,9 +1,23 @@
-<h1>{{ post_title }}</h1>
-<h2>By
-	<a href="{{ depth }}u/index.php?name={{ user[post_author]['name'] }}">
+<article>
+<h1 class="title">{{ post_title }}</h1>
+<h2 class="author">By
+	<a href="{{ depth }}{{ user_prefix_name}}{{ user[post_author]['name'] }}">
 		{{ user[post_author]['full_name'] }}
 	</a>
 </h2>
 
-<h3>{{ post_date }}</h3>
-<p>{{ post_text }}</p>
+<h3 class="date">{{ post_date }} - {{ post_id }}</h3>
+
+{% set logged_class = user[logged_id]['class'] %}
+{% if (post_author == logged_id) or (logged_class == "archmage")
+	or (logged_class == "wizard") %}
+<p>
+<a class="button" href="edit/?id={{ post_id }}">Edit post</a>
+<a class="button" href="oust/?id={{ post_id }}">Delete post</a>
+</p>
+{% endif %}
+
+<!-- ====================================================================== -->
+
+<div class="text">{{ post_text }}</div>
+</article>

res/themes/default/html/p_list_index.twig.html

@@ -1,19 +1,9 @@
-<table>
-	{% for id in posts %}
-	<tr>
-		<td>
-			<a href="{{ depth }}p/index.php?id={{ id }}">
-				{{ post[id]['title'] }}
-			</a>
-		</td>
-		<td>
-			<a href="{{ depth }}u/?id={{ post[id]['author'] }}">
-				{{ user[post[id]['author']]['full_name'] }}
-			</a>
-		</td>
-		<td>
-			{{ post[id]['date'] }}
-		</td>
-	</tr>
-	{% endfor %}
-</table>
+{% if logged_in == true %}
+<p><a class="button" href="new">New post</a></p>
+{% endif %}
+
+{% for post_id in posts %}
+	{% set post_id = post_id %}
+	{{ include('meta_post_card_mini.twig.html') }}
+{% endfor %}
+

res/themes/default/html/p_new_index.twig.html

@@ -1,17 +1,5 @@
 <section id="creation">
 	<form id="post_creation" action="private/post_create.php" method="post">
-
-		<section class="authentication">
-		<p><label>Username</label>
-			<input name="auth_user" type="text" />
-		</p>
-		<p><label>Password</label>
-			<input name="auth_pass" type="password">
-		</p>	
-		</section>
-		
-		<hr />
-
 		<section class="post_metadata">
 		<p><label>Title</label><input name="title" type="text" /></p>
 		<p><label>Desc</label><input name="desc" type="text" /></p>
@@ -23,6 +11,8 @@
 			<textarea name="text" rows="20" cols="80"></textarea>
 		</section>
 
-		<p><input type="submit" /></p>
+		<hr />
+
+		<p><input class="button" type="submit" /></p>
 	</form>
 </section>

res/themes/default/html/u_edit_index.twig.html

@@ -0,0 +1,49 @@
+<form id="user_redaction" action="private/user_edit.php?id={{ user_id }}"
+	method="post">
+	<p><label>Full Name</label><input name="full_name" type="text"
+		value="{{ user_full_name }}" /> </p>
+	<p><label>E-mail</label><input name="email" type="email" 
+		value="{{ user_email }}" /></p>
+	<p><label>Website</label><input name="url" type="url" 
+		value="{{ user_website }}" /></p>
+	<p><label>Biography</label>
+		<textarea cols=80 rows=5 name="bio">{{ user_bio }}</textarea>
+	</p>
+
+	<hr />
+
+	{% if user[logged_id]['class'] == "archmage" %}
+	<p><label>Login Group</label>
+		<select name="login">
+			<option value="{{ user[user_id]['class'] }}">
+				Current</option>
+			<option value="contributor">Contributor</option>
+			<option value="spectator">Spectator</option>
+			<option value="wizard">Wizard</option>
+			<option value="archmage">Archmage</option>
+		</select>
+	</p>
+	{% endif %}
+
+
+	<p><input class="button" type="submit" /></p>
+</form>
+
+{% if user_id == logged_id %}
+<form id="user_new_password" action="private/new_password.php" method="post">
+	<p><label>Old Password</label>
+		<input name="password" type="password" /></p>
+
+	<hr />
+
+	<p><label>New Password</label>
+		<input name="new_password" type="password" /></p>
+
+	<p><label>Repeat Password</label>
+		<input name="new_password_repeat" type="password" /></p>
+
+	<hr />
+
+	<p><input class="button" type="submit" /></p>
+</form>
+{% endif %}

res/themes/default/html/u_index.twig.html

@@ -1,11 +1,21 @@
-<h1>{{ user_full_name }}</h1>
-<h3>{{ user_website }} &lt;{{ user_email }}&gt;</h3>
-<h3>({{ user_name }})</h3>
-<p>{{ user_bio }}</p>
+<article class="user_info">
+<h1 class="title">{{ user_full_name }}</h1>
+<h3 class="author">{{ user_website }} &lt;{{ user_email }}&gt;</h3>
+<h3 class="date">({{ user_name }})</h3>
+<div class="text">{{ user_bio }}</div>
+</article>
+
+<p>
+{% if (logged_id == user_id) or (user[logged_id]['class'] == "archmage")
+	or (user[logged_id]['class'] == "wizard") %}
+<a class="button" href="edit/?id={{ user_id }}">Edit profile</a>
+<a class="button" href="delete">Delete user</a>
+{% endif %}
+</p>
 
 {% for post_id in user_posts %}
 	{% set post_id = post_id %}
 
-	{{ include ('meta_post_card.twig.html') }}
+	{{ include ('meta_post_card_mini.twig.html') }}
 {% endfor %}
 </ul>

res/themes/default/html/u_list_index.twig.html

@@ -1,7 +1,3 @@
-<ul id="user_list">
-	{% for user_id in users %}
-	<a href="{{ depth }}u/index.php?id={{ user_id }}">
-		<li class="user_name">{{ user[user_id]['full_name'] }}</li>
-	</a>
-	{% endfor %}
-</ul>
+{% for user_id in users %}
+	{{ include('meta_user_card.twig.html') }}
+{% endfor %}

res/themes/default/html/u_new_index.twig.html

@@ -1,15 +1,24 @@
 <form id="user_creation" action="private/user_create.php" method="post">
-	<p><label>Username</label><input name="name" type="text" /></p>
+	<p><label>Username</label> <input name="username" type="text" /></p>
 	<p><label>Password</label> <input name="password" type="password" /></p>
+	<p><label>Repeat Password</label>
+		<input name="password_repeat" type="password" /></p>
 
 	<hr />
 
-	<p><label>Full Name</label><input name="full_name" type="text"/> </p>
-	<p><label>Biography</label><input name="bio" type="text" /> </p>
-	<p><label>E-mail</label><input name="email" type="email" /></p>
-	<p><label>Website</label><input name="url" type="url" /></p>
+	<p><label>Full Name</label><input name="full_name" type="text" /></p>
+	<p><label>E-mail</label>
+		<input name="email" type="email"
+			placeholder="user@domain.tld" /></p>
+	<p><label>Website</label>
+		<input name="url" type="url"
+			placeholder="https://domain.tld" /></p>
+	<p><label>Biography</label>
+		<textarea cols=80 rows=5 name="bio"
+			placeholder="Say something about yourself!"></textarea>
+	</p>
 
 	<hr />
 
-	<p><input type="submit" /></p>
+	<p><input class="button" type="submit" /></p>
 </form>

u/edit/index.php

@@ -0,0 +1,45 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+$title = "Control Panel";
+$depth = "../../";
+$mark  = "u_edit_index";
+include $depth . "res/lib/load.php";
+
+// -------------------------------------
+
+$cur_id = user_logged_in();
+$edit_id = $_GET['id'] ?? $cur_id;
+
+// -------------------------------------
+
+$local_exports = array('user_id' => $edit_id,
+		'user_full_name' => unscrub(user_full_name($edit_id)),
+		'user_name' => user_name($edit_id),
+		'user_bio' => unscrub(user_biography($edit_id)),
+		'user_email' => user_email($edit_id),
+		'user_website' => user_website($edit_id));
+
+
+// --------------------------------------
+
+switch (1) {
+	case (user_logged_in() == false):
+		general_error("You're not even logged in, fool! >;c");
+		break;
+	case ($cur_id != $edit_id):
+		auth_enforce($cur_id, array("wizard", "archmage"), "edit other
+			people's accounts");
+		break;	
+}
+
+display_page($mark, $depth, $title, $local_exports);
+
+?>

u/edit/private/new_password.php

@@ -0,0 +1,42 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+$depth = "../../../";
+include $depth . "res/lib/load.php";
+
+$id = user_logged_in();
+
+$old_password = $_POST['password'];
+$password = $_POST['new_password'];
+$password_repeat = $_POST['new_password_repeat'];
+
+// -------------------------------------
+
+input_enforce(array($password),
+		array("Password"),
+		array("string"));
+
+if ($password != $password_repeat) {
+	general_error("Your passwords don't match.");
+}
+
+if (!user_valid_password($id, $old_password)) {
+	general_error("Your old password was wrong.");
+}
+
+// -------------------------------------
+
+$password = password_hash($password, PASSWORD_BCRYPT, array('cost' => 11));
+
+user_set($id, "hash", $password);
+
+root_redirect("");
+
+?>

u/edit/private/user_edit.php

@@ -0,0 +1,54 @@
+<?php
+/* This file is free software: you can redistribute it and/or modify
+   it under the terms of version 3 of the GNU Affero General Public
+   License as published by the Free Software Foundation.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details. */
+
+$depth = "../../../";
+include $depth . "res/lib/load.php";
+
+$cur_id = user_logged_in();
+$edit_id = $_GET['id'] ?? user_logged_in();
+
+$full	= scrub($_POST['full_name']);
+$bio	= scrub($_POST['bio']);
+$email	= scrub($_POST['email']);
+$url	= scrub($_POST['url']);
+$class  = scrub($_POST['login']) ?? false;
+
+// -------------------------------------
+
+input_enforce(array($full, $bio, $email, $url),
+		array("Full name", "Biography", "E-mail", "URL"),
+		array("string", "string", "email", "url"));
+
+// -------------------------------------
+
+switch (1) {
+	case (user_logged_in() == false):
+		general_error("Guests can't edit accounts, nerd!");
+		break;
+	case ($cur_id != $edit_id):
+		auth_enforce($cur_id, array("wizard", "archmage"), "edit other
+				people's accounts");
+		continue;
+}
+
+if ($class != false) {
+	$auth = auth_enforce($cur_id, array("archmage"),
+			"edit other people's classes");
+	if ($auth != false) {
+		$user_set($edit_id, "class", $class);
+	}
+}
+
+user_set($edit_id, "full_name", $full);
+user_set($edit_id, "biography", $bio);
+user_set($edit_id, "email", $email);
+user_set($edit_id, "website", $url);
+
+?>

u/index.php

@@ -47,7 +47,7 @@ array_map($push_post_data, $user_posts);
 $local_exports = array('user_id' => $id,
 			'user_full_name' => unscrub(user_full_name($id)),
 			'user_name' => $name,
-			'usr_bio' => unscrub(user_biography($id)),
+			'user_bio' => unscrub(user_biography($id)),
 			'user_email' => user_email($id),
 			'user_website' => user_website($id),
 			'user_posts' => $user_posts,

u/new/index.php

@@ -15,10 +15,17 @@ include "../../res/lib/load.php";
 
 // --------------------------------------
 
-if ($GLOBALS['registration'] == true) {
+switch (1) {
+	case (user_logged_in() != false):
+		general_error("You can't make an account… while using another
+				account. LOL");
+		break;
+	case ($GLOBALS['registration'] == true):
 		display_page($mark, $depth, $title);
-} else {
+		break;
+	default:
 		general_error("Sorry, registration's disabled on this server!");
+		break;
 }
 
 ?>

u/new/private/user_create.php

@@ -20,10 +20,6 @@ $pass	= scrub($_POST['password']);
 
 // -------------------------------------
 
-if ($GLOBALS['registration'] != true) {
-	general_error("Sorry, registration's disabled on this server!");
-}
-
 input_enforce(array($name, $full, $bio, $email, $url, $pass),
 		array("Username", "Full name", "Biography", "E-mail",
 		  	"URL", "Password"),
@@ -32,8 +28,19 @@ input_enforce(array($name, $full, $bio, $email, $url, $pass),
 
 // -------------------------------------
 
-user_create($name, $pass, "contributor", $full, $email, $url, $bio);
-
-root_redirect("u/index.php?name=" . $name);
+switch (1) {
+	case (user_logged_in() != false):
+		general_error("You can't make an account… while logged in to
+				another account. LOL");
+		break;
+	case ($GLOBALS['registration'] != true):
+		general_error("Sorry, registration's disabled on this server!");
+		break;
+	default:
+		user_create($name, $pass, "contributor", $full, $email, $url,
+				$bio);
+		root_redirect("u/index.php?name=" . $name);
+		break;
+}
 
 ?>

u/old/index.php

@@ -15,6 +15,14 @@ include "../../res/lib/load.php";
 
 // --------------------------------------
 
-display_page($mark, $depth, $title);
+switch (1) {
+	case (user_logged_in() != false):
+		general_error("You've already done that, you know. Log in, I
+				mean. You OK there, friend?");
+		break;
+	default:	
+		display_page($mark, $depth, $title);
+}
+
 
 ?>

u/old/private/user_login.php

@@ -11,21 +11,32 @@
 $depth = "../../../";
 include "../../../res/lib/load.php";
 
-$user	= scrub($_POST['name']);
-$pass	= scrub($_POST['password']);
+$user	= $_POST['name'];
+$pass	= $_POST['password'];
 
 // -------------------------------------
 
+$user_id = user_name_to_id($user);
 input_enforce(array($user, $pass),
 		array("Username", "Password"),
 		array("user_name", "string"));
 
 // -------------------------------------
 
-if (user_valid_password(user_name_to_id($user), $pass)) {
-	user_log_in(user_name_to_id($user));
+switch (1) {
+	case (user_logged_in() != false):
+		general_error("You've already done that, you know. Log in, I
+				mean. You OK there, friend?");
+		break;
+	default:
+		if (user_valid_password($user_id, $pass)) {
+			user_log_in($user_id);
+			root_redirect($GLOBALS['user_prefix_id'] . $user_id);
+		} else {
+			general_error("Sorry, it looks like you have the
+					wrong username or password!");
+		}
+		break;
 }
 
-root_redirect("u/index.php?name=" . $user);
-
 ?>