Merge remote-tracking branch 'origin/master' into RPTL

Author: Regular-Pokemon-Trainers-League

pokemonshowdown.com/credits.php

@@ -58,7 +58,7 @@
 				<li><p><strong>Andrew Werner</strong> [HoeenHero] <small>&ndash; Development</small></p></li>
 				<li><p><strong>Annika L.</strong> [Annika] <small>&ndash; Development</small></p></li>
 				<li><p><a href="http://monsan.to/" target="_blank" class="subtle"><strong>Chris Monsanto</strong> [chaos]</a> <small>&ndash; Development, Sysadmin</small></p></li>
-				<li><p><strong>Kris Johnson</strong> [dhelmise] <small>&ndash; Development</small></p></li>
+				<li><p><strong>Kris Johnson</strong> [dhelmise] <small>&ndash; Development, Art (battle animations)</small></p></li>
 				<li><p><strong>Leonard Craft III</strong> [DaWoblefet] <small>&ndash; Research (game mechanics)</small></p></li>
 				<li><p><strong>Mathieu Dias-Martins</strong> [Marty] <small>&ndash; Research (game mechanics), Development</small></p></li>
 				<li><p><strong>Mia A.</strong> [Hecate] <small>&ndash; Development</small></p></li>
@@ -106,7 +106,7 @@
 				<li><p>[<strong>Honko</strong>] <small>&ndash; Development (damage calculator)</small></p></li>
 				<li><p><strong>Ian Clail</strong> [Layell] <small>&ndash; Art (battle graphics, sprites)</small></p></li>
 				<li><p><strong>Jacob McLemore</strong> <small>&ndash; Development</small></p></li>
-				<li><p><strong>Erik Bruce</strong> [Kalalokki] <small>&ndash; Art (minisprite resizing)</small></p></li>
+				<li><p><a href="https://www.behance.net/erik-bruce" target="_blank" class="subtle"><strong>Erik Bruce</strong> [Kalalokki]</a> <small>&ndash; Art (minisprite resizing), Research (game mechanics)</small></p></li>
 				<li><p><a href="https://panpawn.github.io/" target="_blank" class="subtle"><strong>Jeremy Piemonte</strong> [panpawn]</a> <small>&ndash; Development</small></p></li>
 				<li><p><strong>Karthik Bandagonda</strong> <small>&ndash; Development</small></p></li>
 				<li><p><a href="http://leparagon.deviantart.com/" target="_blank" class="subtle">[<strong>leparagon</strong>]</a> <small>&ndash; Art (sprites, minisprite resizing)</small></p></li>

replay.pokemonshowdown.com/replay-manage.php

@@ -17,13 +17,13 @@
 $manage = false;
 $csrfOk = false;
 
-if (isset($_REQUEST['manage'])) {
-	require_once '../lib/ntbb-session.lib.php';
-	if (!$users->isLeader()) die("access denied");
-	$csrfOk = !!$users->csrfCheck();
-	$manage = true;
-	header('Cache-Control: max-age=0, no-cache, no-store, must-revalidate');
-}
+// this no longer needs to be in an if block, since the only reason to access
+// this at /manage is for managing. just assume they're always doing that
+require_once '../lib/ntbb-session.lib.php';
+if (!$users->isLeader()) die("access denied");
+$csrfOk = !!$users->csrfCheck();
+$manage = true;
+header('Cache-Control: max-age=0, no-cache, no-store, must-revalidate');
 
 if (preg_match('/[^A-Za-z0-9-]/', $id)) die("access denied");
 
@@ -66,16 +66,16 @@
 	if (!$password && !$manage) {
 		header('Cache-Control: max-age=0, no-cache, no-store, must-revalidate');
 		require_once '../lib/ntbb-session.lib.php';
-		if ($curuser['userid'] !== $replay['p1id'] && $curuser['userid'] !== $replay['p2id']) {
-			die("Access denied (you must be logged into " . $replay['p1id'] . " or " . $replay['p2id'] . ")");
+		if ($curuser['userid'] !== $p1id && $curuser['userid'] !== $p2id) {
+			die("Access denied (you must be logged into " . $p1id . " or " . $p2id . ")");
 		}
 		$url = '/' . $id . '-' . $replay['password'] . 'pw';
 		echo '<p>This private replay now has a new harder-to-guess URL:</p>';
 		echo '<p><a href="' . $url . '" data-target="replace">https://' . $psconfig['routes']['replays'] . $url . '</a></p>';
 		die();
 	}
 	if ($password !== $replay['password'] && !$manage) {
-		die("Access denied (please ask " . $replay['p1id'] . " or " . $replay['p2id'] . " for the password)");
+		die("Access denied (please ask " . $p1id . " or " . $p2id . " for the password)");
 	}
 }
 
@@ -95,9 +95,13 @@ function userid($username) {
 $matchSuccess = preg_match('/\\n\\|tier\\|([^|]*)\\n/', $replay['log'], $matches);
 $format = $replay['format'];
 if ($matchSuccess) $format = $matches[1];
+$p1 = $replay['players'][0];
+$p2 = $replay['players'][1];
+$p1id = $users->userid($p1);
+$p2id = $users->userid($p2);
 
-$panels->setPageTitle($format.' replay: '.$replay['p1'].' vs. '.$replay['p2']);
-$panels->setPageDescription('Watch a replay of a Pokémon battle between ' . $replay['p1'] . ' and ' . $replay['p2'] . ' (' . $format . ')');
+$panels->setPageTitle($format.' replay: '.$p1.' vs. '.$p2);
+$panels->setPageDescription('Watch a replay of a Pokémon battle between ' . $p1 . ' and ' . $p2 . ' (' . $format . ')');
 $panels->setTab('replay');
 $panels->start();
 
@@ -134,7 +138,7 @@ function userid($username) {
 
 			<pre class="urlbox" style="word-wrap: break-word;"><?php echo htmlspecialchars('https://'.$psconfig['routes']['replays'].'/'.$fullid); ?></pre>
 
-			<h1 style="font-weight:normal;text-align:left"><strong><?= htmlspecialchars($format) ?></strong>: <a href="//<?= $psconfig['routes']['users'] ?>/<?= userid($replay['p1']) ?>" class="subtle"><?= htmlspecialchars($replay['p1']) ?></a> vs. <a href="//<?= $psconfig['routes']['users'] ?>/<?= userid($replay['p2']) ?>" class="subtle"><?= htmlspecialchars($replay['p2']) ?></a></h1>
+			<h1 style="font-weight:normal;text-align:left"><strong><?= htmlspecialchars($format) ?></strong>: <a href="//<?= $psconfig['routes']['users'] ?>/<?= userid($p1) ?>" class="subtle"><?= htmlspecialchars($p1) ?></a> vs. <a href="//<?= $psconfig['routes']['users'] ?>/<?= userid($p2) ?>" class="subtle"><?= htmlspecialchars($p2) ?></a></h1>
 			<p style="padding:0 1em;margin-top:0">
 				<small class="uploaddate" data-timestamp="<?= @$replay['uploadtime'] ?? @$replay['date'] ?>"><em>Uploaded:</em> <?php echo date("M j, Y", @$replay['uploadtime'] ?? @$replay['date']); ?><?= @$replay['rating'] ? ' | <em>Rating:</em> ' . $replay['rating'] : '' ?></small>
 			</p>

replay.pokemonshowdown.com/replays.lib.php

@@ -50,6 +50,27 @@ function genPassword() {
 		return $password;
 	}
 
+	function edit($replay) {
+		if ($replay['private'] === 3) {
+			$replay['private'] = 3;
+			$res = $this->db->prepare("UPDATE replays SET private = 3, password = NULL WHERE id = ? LIMIT 1");
+			$res->execute([$replay['id']]);
+		} else if ($replay['private'] === 2) {
+			$replay['private'] = 1;
+			$replay['password'] = NULL;
+			$res = $this->db->prepare("UPDATE replays SET private = 1, password = NULL WHERE id = ? LIMIT 1");
+			$res->execute([$replay['id']]);
+		} else if ($replay['private']) {
+			if (!$replay['password']) $replay['password'] = $this->genPassword();
+			$res = $this->db->prepare("UPDATE replays SET private = 1, password = ? WHERE id = ? LIMIT 1");
+			$res->execute([$replay['password'], $replay['id']]);
+		} else {
+			$res = $this->db->prepare("UPDATE replays SET private = 0, password = NULL WHERE id = ? LIMIT 1");
+			$res->execute([$replay['id']]);
+		}
+		return;
+	}
+
 	function get($id, $force = false) {
 		if (!$this->db) {
 			// if (!$force) return false;