feat(web/user): allow admins to edit user info and read system msgs

web/app/controllers/faq.php

@@ -84,8 +84,8 @@
 		题目相关问题请联系各校区的竞赛教练以及题目管理员。
 	</p>
 	<p class="card-text">
-		系统相关问题请邮件联系 <a href="https://sjzezoj.com/user/profile/baoshuo" class="uoj-username">baoshuo</a>（<a href="mailto:i@baoshuo.ren">i@baoshuo.ren</a>）
-		和 <a href="https://sjzezoj.com/user/profile/nekko" class="uoj-username">nekko</a>（<a href="mailto:1139855151@qq.com">1139855151@qq.com</a>）。
+		系统相关问题请邮件联系 <a href="https://sjzezoj.com/user/baoshuo" class="uoj-username">baoshuo</a>（<a href="mailto:i@baoshuo.ren">i@baoshuo.ren</a>）
+		和 <a href="https://sjzezoj.com/user/nekko" class="uoj-username">nekko</a>（<a href="mailto:1139855151@qq.com">1139855151@qq.com</a>）。
 	</p>
 
 	<h5 class="mt-4">开源项目</h5>

web/app/controllers/problem_solutions.php

@@ -180,7 +180,7 @@ EOD;
 				<?php $poster = queryUser($row['poster']); ?>
 				<div class="mb-3">
 					<span class="me-2 d-inline-block">
-						<a class="text-decoration-none" href="<?= HTML::url('/user/profile/'.$poster['username']) ?>">
+						<a class="text-decoration-none" href="<?= HTML::url('/user/'.$poster['username']) ?>">
 							<img src="<?= HTML::avatar_addr($poster, 64) ?>" width="32" height="32" class="rounded" />
 						</a>
 						<?= getUserLink($poster['username']) ?>

web/app/controllers/subdomain/blog/blog.php

@@ -206,7 +206,7 @@
 				<?php else: ?>
 				media-left
 				<?php endif ?>">
-				<a href="<?= HTML::url('/user/profile/'.$poster['username']) ?>" class="d-none d-sm-block
+				<a href="<?= HTML::url('/user/'.$poster['username']) ?>" class="d-none d-sm-block
 					<?php if (isset($REQUIRE_LIB['bootstrap5'])): ?>
 					text-decoration-none
 					<?php endif ?>">

web/app/controllers/user_info.php

@@ -81,9 +81,9 @@
 		</div>
 		<?php if (Auth::check()): ?>
 		<?php if (Auth::id() != $user['username']): ?>
-		<a type="button" class="btn btn-info btn-sm" href="/user/msg?enter=<?= $user['username'] ?>"><span class="glyphicon glyphicon-envelope"></span> <?= UOJLocale::get('send private message') ?></a>
+		<a type="button" class="btn btn-info btn-sm" href="/user_msg?enter=<?= $user['username'] ?>"><span class="glyphicon glyphicon-envelope"></span> <?= UOJLocale::get('send private message') ?></a>
 		<?php else: ?>
-		<a type="button" class="btn btn-info btn-sm" href="/user/modify-profile"><span class="glyphicon glyphicon-pencil"></span> <?= UOJLocale::get('modify my profile') ?></a>
+		<a type="button" class="btn btn-info btn-sm" href="/user/<?= $user['username'] ?>/edit"><span class="glyphicon glyphicon-pencil"></span> <?= UOJLocale::get('modify my profile') ?></a>
 		<?php endif ?>
 		<?php endif ?>
 		

web/app/controllers/user_info_edit.php

@@ -3,22 +3,32 @@
 		redirectToLogin();
 	}
 
+	if (!validateUsername($_GET['username']) || !($user = queryUser($_GET['username']))) {
+		become404Page();
+	}
+
+	if (!isSuperUser($myUser) && $myUser['username'] != $user['username']) {
+		become403Page();
+	}
+
 	function handlePost() {
-		global $myUser;
+		global $myUser, $user;
+		if ($user['username'] == Auth::id()) {
 			if (!isset($_POST['old_password'])) {
 				return '无效表单';
 			}
 			$old_password = $_POST['old_password'];
-		if (!validatePassword($old_password) || !checkPassword($myUser, $old_password)) {
+			if (!validatePassword($old_password) || !checkPassword($user, $old_password)) {
 				return "失败：密码错误。";
 			}
+		}
 		if ($_POST['ptag']) {
 			$password = $_POST['password'];
 			if (!validatePassword($password)) {
 				return "失败：无效密码。";
 			}
-			$password = getPasswordToStore($password, $myUser['username']);
-			DB::update("update user_info set password = '$password' where username = '{$myUser['username']}'");
+			$password = getPasswordToStore($password, $user['username']);
+			DB::update("update user_info set password = '$password' where username = '{$user['username']}'");
 		}
 
 		$email = $_POST['email'];
@@ -26,7 +36,7 @@
 			return "失败：无效电子邮箱。";
 		}
 		$esc_email = DB::escape($email);
-		DB::update("update user_info set email = '$esc_email' where username = '{$myUser['username']}'");
+		DB::update("update user_info set email = '$esc_email' where username = '{$user['username']}'");
 
 		if ($_POST['Qtag']) {
 			$qq = $_POST['qq'];
@@ -34,19 +44,19 @@
 				return "失败：无效QQ。";
 			}
 			$esc_qq = DB::escape($qq);
-			DB::update("update user_info set qq = '$esc_qq' where username = '{$myUser['username']}'");
+			DB::update("update user_info set qq = '$esc_qq' where username = '{$user['username']}'");
 		} else {
-			DB::update("update user_info set QQ = NULL where username = '{$myUser['username']}'");
+			DB::update("update user_info set QQ = NULL where username = '{$user['username']}'");
 		}
 		if ($_POST['sex'] == "U" || $_POST['sex'] == 'M' || $_POST['sex'] == 'F') {
 			$sex = $_POST['sex'];
 			$esc_sex = DB::escape($sex);
-			DB::update("update user_info set sex = '$esc_sex' where username = '{$myUser['username']}'");
+			DB::update("update user_info set sex = '$esc_sex' where username = '{$user['username']}'");
 		}
 		
 		if (validateMotto($_POST['motto'])) {
 			$esc_motto = DB::escape($_POST['motto']);
-			DB::update("update user_info set motto = '$esc_motto' where username = '{$myUser['username']}'");
+			DB::update("update user_info set motto = '$esc_motto' where username = '{$user['username']}'");
 		}
 		
 		return "ok";
@@ -60,8 +70,18 @@
 	$REQUIRE_LIB['md5'] = '';
 	?>
 <?php echoUOJPageHeader(UOJLocale::get('modify my profile')) ?>
-<h2 class="page-header"><?= UOJLocale::get('modify my profile') ?></h2>
+<h2 class="page-header">
+	<?php if ($user['username'] == Auth::id()): ?>
+		<?= UOJLocale::get('modify my profile') ?>
+	<?php else: ?>
+		修改 <?= $user['username'] ?> 的个人信息
+	<?php endif ?>
+</h2>
+<?php if (isSuperUser($myUser)): ?>
+	<p>您正在使用管理特权修改 <?= $user['username'] ?> 的个人信息。</p>
+<?php endif ?>
 <form id="form-update" class="form-horizontal">
+	<?php if ($user['username'] == Auth::id()): ?>
 	<h4><?= UOJLocale::get('please enter your password for authorization') ?></h4>
 	<div id="div-old_password" class="form-group">
 		<label for="input-old_password" class="col-sm-2 control-label"><?= UOJLocale::get('password') ?></label>
@@ -70,6 +90,7 @@
 			<span class="help-block" id="help-old_password"></span>
 		</div>
 	</div>
+	<?php endif ?>
 	<h4><?= UOJLocale::get('please enter your new profile') ?></h4>
 	<div id="div-password" class="form-group">
 		<label for="input-password" class="col-sm-2 control-label"><?= UOJLocale::get('new password') ?></label>
@@ -82,14 +103,14 @@
 	<div id="div-email" class="form-group">
 		<label for="input-email" class="col-sm-2 control-label"><?= UOJLocale::get('email') ?></label>
 		<div class="col-sm-3">
-			<input type="email" class="form-control" name="email" id="input-email" value="<?=$myUser['email']?>" placeholder="<?= UOJLocale::get('enter your email') ?>" maxlength="50" />
+			<input type="email" class="form-control" name="email" id="input-email" value="<?=$user['email']?>" placeholder="<?= UOJLocale::get('enter your email') ?>" maxlength="50" />
 			<span class="help-block" id="help-email"></span>
 		</div>
 	</div>
 	<div id="div-qq" class="form-group">
 		<label for="input-qq" class="col-sm-2 control-label"><?= UOJLocale::get('QQ') ?></label>
 		<div class="col-sm-3">
-			<input type="text" class="form-control" name="qq" id="input-qq" value="<?= $myUser['qq'] != 0 ? $myUser['qq'] : '' ?>" placeholder="<?= UOJLocale::get('enter your QQ') ?>" maxlength="50" />
+			<input type="text" class="form-control" name="qq" id="input-qq" value="<?= $user['qq'] != 0 ? $user['qq'] : '' ?>" placeholder="<?= UOJLocale::get('enter your QQ') ?>" maxlength="50" />
 			<span class="help-block" id="help-qq"></span>
 		</div>
 	</div>
@@ -97,16 +118,16 @@
 		<label for="input-sex" class="col-sm-2 control-label"><?= UOJLocale::get('sex') ?></label>
 		<div class="col-sm-3">
 			<select class="form-control" id="input-sex"  name="sex">
-				<option value="U"<?= Auth::user()['sex'] == 'U' ? ' selected="selected"' : ''?>><?= UOJLocale::get('refuse to answer') ?></option>
-				<option value="M"<?= Auth::user()['sex'] == 'M' ? ' selected="selected"' : ''?>><?= UOJLocale::get('male') ?></option>
-				<option value="F"<?= Auth::user()['sex'] == 'F' ? ' selected="selected"' : ''?>><?= UOJLocale::get('female') ?></option>
+				<option value="U"<?= $user['sex'] == 'U' ? ' selected="selected"' : ''?>><?= UOJLocale::get('refuse to answer') ?></option>
+				<option value="M"<?= $user['sex'] == 'M' ? ' selected="selected"' : ''?>><?= UOJLocale::get('male') ?></option>
+				<option value="F"<?= $user['sex'] == 'F' ? ' selected="selected"' : ''?>><?= UOJLocale::get('female') ?></option>
 			</select>
 		</div>
 	</div>
 	<div id="div-motto" class="form-group">
 		<label for="input-motto" class="col-sm-2 control-label"><?= UOJLocale::get('motto') ?></label>
 		<div class="col-sm-3">
-			<textarea class="form-control" id="input-motto"  name="motto"><?=HTML::escape($myUser['motto'])?></textarea>
+			<textarea class="form-control" id="input-motto"  name="motto"><?=HTML::escape($user['motto'])?></textarea>
 			<span class="help-block" id="help-motto">格言支持 Markdown 语法。</span>
 		</div>
 	</div>
@@ -126,7 +147,10 @@
 	function validateUpdatePost() {
 		var ok = true;
 		ok &= getFormErrorAndShowHelp('email', validateEmail);
+
+	<?php if ($user['username'] == Auth::id()): ?>
 		ok &= getFormErrorAndShowHelp('old_password', validatePassword);
+	<?php endif ?>
 
 		if ($('#input-password').val().length > 0)
 			ok &= getFormErrorAndShowHelp('password', validateSettingPassword);
@@ -138,14 +162,16 @@
 	function submitUpdatePost() {
 		if (!validateUpdatePost())
 			return;
-		$.post('/user/modify-profile', {
+		$.post('', {
 			change   : '',
 			etag     : $('#input-email').val().length,
 			ptag     : $('#input-password').val().length,
 			Qtag     : $('#input-qq').val().length,
 			email    : $('#input-email').val(),
 			password : md5($('#input-password').val(), "<?= getPasswordClientSalt() ?>"),
+		<?php if ($user['username'] == Auth::id()): ?>
 			old_password : md5($('#input-old_password').val(), "<?= getPasswordClientSalt() ?>"),
+		<?php endif ?>
 			qq       : $('#input-qq').val(),
 			sex      : $('#input-sex').val(),
 			motto    : $('#input-motto').val()
@@ -162,7 +188,7 @@
 						}
 					}],
 					onhidden : function(dialog) {
-						window.location.href = '/user/profile/<?=$myUser['username']?>';
+						window.location.href = '/user/<?=$user['username']?>';
 					}
 				});
 			} else {

web/app/controllers/user_msg.php

@@ -210,7 +210,7 @@ function submitMessagePost(conversationName) {
 		$('#help-message').text('');
 		$('#form-group-message').removeClass('has-error');
 
-		$.post('/user/msg', {
+		$.post('', {
 				user_msg : 1,
 				receiver : conversationName,
 				message : $('#input-message').val()
@@ -224,7 +224,7 @@ function refreshHistory(conversation, page) {
 		var ret = false;
 		$('#conversation-name').text(conversation);
 		$('#pageShow').text("第" + page.toString() + "页");
-		$.get('/user/msg', {
+		$.get('', {
 				getHistory : '',
 				conversationName : conversation,
 				pageNumber : page
@@ -246,7 +246,7 @@ function refreshHistory(conversation, page) {
 
 function refreshConversations() {
 	$("#conversations").empty();
-    $.get('/user/msg', {
+    $.get('', {
 			getConversations : ""
 		}, function(msg) {
 			var result = JSON.parse(msg);

web/app/controllers/user_system_msg.php

@@ -1,8 +1,16 @@
 <?php
-	if (!Auth::check() && UOJConfig::$data['switch']['force-login']) {
+	if (!Auth::check()) {
 		redirectToLogin();
 	}
 
+	if (!validateUsername($_GET['username']) || !($user = queryUser($_GET['username']))) {
+		become404Page();
+	}
+
+	if (!isSuperUser($myUser) && $myUser['username'] != $user['username']) {
+		become403Page();
+	}
+
 	$header_row = <<<EOD
 <tr>
 	<th>消息</th>
@@ -10,7 +18,7 @@
 </tr>
 EOD;
 	function echoSysMsg($msg) {
-		echo $msg['read_time'] == null ? '<tr class="warning">' : '<tr>';
+		echo $msg['read_time'] == null ? '<tr class="table-warning">' : '<tr>';
 		echo '<td>';
 		echo '<h4>'.$msg['title'].'</h4>';
 		echo $msg['content'];
@@ -21,6 +29,10 @@ EOD;
 	?>
 <?php echoUOJPageHeader('系统消息') ?>
 <h2>系统消息</h2>
-<?php echoLongTable(array('*'), 'user_system_msg', "receiver='" . Auth::id() . "'", 'order by id desc', $header_row, 'echoSysMsg', array('table_classes' => array('table'))) ?>
-<?php DB::update("update user_system_msg set read_time = now() where receiver = '" . Auth::id() . "'") ?>
+<?php echoLongTable(array('*'), 'user_system_msg', "receiver='" . $user['username'] . "'", 'order by id desc', $header_row, 'echoSysMsg', array('table_classes' => array('table'))) ?>
+<?php
+if (Auth::id() == $user['username']) {
+	DB::update("update user_system_msg set read_time = now() where receiver = '" . $user['username'] . "'");
+}
+	?>
 <?php echoUOJPageFooter() ?>

web/app/route.php

@@ -70,10 +70,12 @@ Route::group([
 		Route::any('/register', '/register.php');
 		Route::any('/forgot-password', '/forgot_pw.php');
 		Route::any('/reset-password', '/reset_pw.php');
-		Route::any('/user/profile/{username}', '/user_info.php');
-		Route::any('/user/modify-profile', '/change_user_info.php');
-		Route::any('/user/msg', '/user_msg.php');
-		Route::any('/user/system-msg', '/user_system_msg.php');
+
+		Route::any('/user/{username}', '/user_info.php');
+		Route::any('/user/{username}/edit', '/user_info_edit.php');
+		Route::any('/user_msg', '/user_msg.php');
+		Route::any('/user/{username}/system_msg', '/user_system_msg.php');
+
 		Route::any('/super-manage(?:/{tab})?', '/super_manage.php');
 		
 		Route::any('/download.php', '/download.php');

web/app/views/blog-nav.php

@@ -119,12 +119,12 @@ mb-4" role="navigation">
 					</a>
 					<ul class="dropdown-menu">
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/profile/' . Auth::id()) ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user/' . Auth::id()) ?>">
 								<?= UOJLocale::get('my profile') ?>
 							</a>
 						</li>
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/msg') ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user_msg') ?>">
 								<?= UOJLocale::get('private message') ?>
 								<?php if ($new_user_msg_num): ?>
 								<span class="badge bg-danger rounded-pill">
@@ -134,7 +134,7 @@ mb-4" role="navigation">
 							</a>
 						</li>
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/system-msg') ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user/'.Auth::id().'system_msg') ?>">
 								<?= UOJLocale::get('system message') ?>
 								<?php if ($new_system_msg_num): ?>
 								<span class="badge bg-danger rounded-pill">

web/app/views/main-nav.php

@@ -186,12 +186,12 @@ mb-4" role="navigation">
 					</a>
 					<ul class="dropdown-menu">
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/profile/' . Auth::id()) ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user/' . Auth::id()) ?>">
 								<?= UOJLocale::get('my profile') ?>
 							</a>
 						</li>
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/msg') ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user_msg') ?>">
 								<?= UOJLocale::get('private message') ?>
 								<?php if ($new_user_msg_num): ?>
 								<span class="badge bg-danger rounded-pill">
@@ -201,7 +201,7 @@ mb-4" role="navigation">
 							</a>
 						</li>
 						<li>
-							<a class="dropdown-item" href="<?= HTML::url('/user/system-msg') ?>">
+							<a class="dropdown-item" href="<?= HTML::url('/user/'.Auth::id().'/system_msg') ?>">
 								<?= UOJLocale::get('system message') ?>
 								<?php if ($new_system_msg_num): ?>
 								<span class="badge bg-danger rounded-pill">

web/app/views/page-header.php

@@ -267,9 +267,9 @@
 							<span class="uoj-username" data-link="0"><?= Auth::id() ?></span> <?= $new_msg_tot_html ?>
 						</a>
 						<ul class="dropdown-menu" role="menu">
-							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user/profile/' . Auth::id()) ?>"><?= UOJLocale::get('my profile') ?></a></li>
-							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user/msg') ?>"><?= UOJLocale::get('private message') ?>&nbsp;&nbsp;<?= $new_user_msg_num_html ?></a></li>
-							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user/system-msg') ?>"><?= UOJLocale::get('system message') ?>&nbsp;&nbsp;<?= $new_system_msg_num_html ?></a></li>
+							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user/' . Auth::id()) ?>"><?= UOJLocale::get('my profile') ?></a></li>
+							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user_msg') ?>"><?= UOJLocale::get('private message') ?>&nbsp;&nbsp;<?= $new_user_msg_num_html ?></a></li>
+							<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/user/'.Auth::id().'/system_msg') ?>"><?= UOJLocale::get('system message') ?>&nbsp;&nbsp;<?= $new_system_msg_num_html ?></a></li>
 							<?php if (isSuperUser(Auth::user())): ?>
 								<li role="presentation"><a class="dropdown-item" href="<?= HTML::url('/super-manage') ?>"><?= UOJLocale::get('system manage') ?></a></li>
 							<?php endif ?>

web/app/views/user-info.php

@@ -160,12 +160,13 @@ function fTime($time, $gran = -1) {
 		<nav class="nav mb-2">
 			<?php if (Auth::check()): ?>
 				<?php if (Auth::id() != $user['username']): ?>
-					<a class="nav-link" href="/user/msg?enter=<?= $user['username'] ?>">
+					<a class="nav-link" href="/user_msg?enter=<?= $user['username'] ?>">
 						<i class="bi bi-chat-left-dots"></i>
 						<?= UOJLocale::get('send private message') ?>
 					</a>
-				<?php else: ?>
-					<a class="nav-link" href="/user/modify-profile">
+				<?php endif ?>
+				<?php if (Auth::id() == $user['username'] || isSuperUser(Auth::user())): ?>
+					<a class="nav-link" href="/user/<?= $user['username'] ?>/edit">
 						<i class="bi bi-pencil"></i>
 						<?= UOJLocale::get('modify my profile') ?>
 					</a>

web/js/uoj.js

@@ -129,7 +129,7 @@ function getUserLink(username, realname) {
 	if (realname) {
 		text = text + ' <span class="uoj-realname d-inline-block">(' + realname + ')</span>';
 	}
-	return '<a class="uoj-username" href="' + uojHome + '/user/profile/' + username + '">' + text + '</a>';
+	return '<a class="uoj-username" href="' + uojHome + '/user/' + username + '">' + text + '</a>';
 }
 function getUserSpan(username, realname) {
 	if (!username) {