ikibooru/user.html.l
2024-06-01 17:40:11 +03:00

58 lines
2.0 KiB
Plaintext

{%
local urlid = tonumber(request:path():match"^/user/(%d+)")
local user = urlid and DB.getuserbyid(urlid)
if verified and user and verified.id == user.id and request:post() and request:post().csrf and DB.csrfverify(verified.id, Escapes.urlunescape(request:post().csrf)) then
local newname = Escapes.urlspunescape(request:post().newname)
if DB.userinfoupdate(user.id, newname) then
user.displayname = newname
end
end
title = BigGlobe.cfg.sitename .. " - " .. (user and user.displayname or "User not found")
%}
{% function content() %}
{% if user then %}
<div style="display:inline-block;width:69%;vertical-align:top;">
<h2>{{ Escapes.htmlescape(user.displayname) }}'s uploads</h2>
<ul>
{% for k, obj in pairs(DB.getownedobjs(user.id)) do %}
{% local hidid = DB.objhideid(obj.id) %}
<li><a href="/obji/{{ hidid }}">{{ obj.name == "" and "<em>(Unnamed)</em>" or Escapes.htmlescape(obj.name) }}</a></li>
{% end %}
</ul>
{% if verified and verified.id == user.id then %}
<button id="newobjbtn">Create new object</button>
<script>
document.getElementById("newobjbtn").onclick = function() {
if(confirm("Are you sure? Objects cannot be deleted, and must be filled as soon as possible.")) {
window.location.href = "/addobj"
}
}
</script>
{% end %}
</div>
{% if verified and verified.id == user.id then %}
<div style="display:inline-block;width:29%;vertical-align:top;">
<form action="#" method="POST">
<input type="hidden" name="csrf" value="{{ Escapes.htmlescape(DB.csrf(verified.id)) }}" />
<h2>Profile Settings</h2>
<div>
<p style="margin-bottom:0;">Rename</p>
<input type="text" name="newname" autocomplete="off" value="{{ Escapes.htmlescape(user.displayname) }}" />
</div>
<div style="margin-top:1em;">
<input type="submit" value="Submit" />
</div>
</form>
</div>
{% end %}
{% else %}
<p>User not found.</p>
{% end %}
{% end %}
{# base.inc