ikibooru/user.html.l

{%
	local urlid = tonumber(request:path():match"^/user/(%d+)")
	
	local user = urlid and DB.getuserbyid(urlid)
	
	if verified and user and verified.id == user.id and request:post() and request:post().csrf and DB.csrfverify(verified.id, Escapes.urlunescape(request:post().csrf)) then
		local newname = Escapes.urlspunescape(request:post().newname)
		if DB.userinfoupdate(user.id, newname) then
			user.displayname = newname
		end
	end
	
	title = BigGlobe.cfg.sitename .. " - " .. (user and user.displayname or "User not found")
%}

{% function content() %}
	{% if user then %}
		<div style="display:inline-block;width:69%;vertical-align:top;">
			<h2>{{ Escapes.htmlescape(user.displayname) }}'s uploads</h2>
			<ul>
				{% for k, obj in pairs(DB.getownedobjs(user.id)) do %}
					{% local hidid = DB.objhideid(obj.id) %}
					<li><a href="/obji/{{ hidid }}">{{ obj.name == "" and "<em>(Unnamed)</em>" or Escapes.htmlescape(obj.name) }}</a></li>
				{% end %}
			</ul>
			{% if verified and verified.id == user.id then %}
				<button id="newobjbtn">Create new object</button>
				<script>
					document.getElementById("newobjbtn").onclick = function() {
						if(confirm("Are you sure? Objects cannot be deleted, and must be filled as soon as possible.")) {
							window.location.href = "/addobj"
						}
					}
				</script>
			{% end %}
		</div>
		{% if verified and verified.id == user.id then %}
			<div style="display:inline-block;width:29%;vertical-align:top;">
				<form action="#" method="POST">
					<input type="hidden" name="csrf" value="{{ Escapes.htmlescape(DB.csrf(verified.id)) }}" />
					
					<h2>Profile Settings</h2>
					<div>
						<p style="margin-bottom:0;">Rename</p>
						<input type="text" name="newname" autocomplete="off" value="{{ Escapes.htmlescape(user.displayname) }}" />
					</div>
					<div style="margin-top:1em;">
						<input type="submit" value="Submit" />
					</div>
				</form>
			</div>
		{% end %}
	{% else %}
		<p>User not found.</p>
	{% end %}
{% end %}

{# base.inc