Made having a confirmed email required to manage blog posts.

Changed the who's playing JSON file path.

Gemfile

@@ -16,6 +16,7 @@ gem 'highlight_js-rails', github: 'RedstonerServer/highlight_js-rails'
 gem 'kaminari', github: 'jomo/kaminari', branch: 'patch-2' # pagination
 gem 'jquery-textcomplete-rails', github: 'RedstonerServer/jquery-textcomplete-rails' # @mentions
 gem 'actionpack-action_caching', github: 'antulik/actionpack-action_caching', ref: '8c6e52c69315d67437f480da5dce4b7c8737fb32'
+gem 'mail-gpg', github: 'jomo/mail-gpg', ref: 'a666b48ee866dfa3eaa700f9c5edf4d195d0f8c9'
 
 # Gems used only for assets and not required
 # in production environments by default.

Gemfile.lock

@@ -31,6 +31,15 @@ GIT
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
 
+GIT
+  remote: git://github.com/jomo/mail-gpg.git
+  revision: a666b48ee866dfa3eaa700f9c5edf4d195d0f8c9
+  ref: a666b48ee866dfa3eaa700f9c5edf4d195d0f8c9
+  specs:
+    mail-gpg (0.3.1)
+      gpgme (~> 2.0, >= 2.0.2)
+      mail (~> 2.5, >= 2.5.3)
+
 GIT
   remote: git://github.com/rails/rails.git
   revision: 2c8f567e53580872d8c6dfe61201e58793ca131e
@@ -135,6 +144,8 @@ GEM
     execjs (2.6.0)
     globalid (0.3.6)
       activesupport (>= 4.1.0)
+    gpgme (2.0.11)
+      mini_portile (>= 0.5.0)
     hirb (0.7.3)
     http-cookie (1.0.2)
       domain_name (~> 0.5)
@@ -150,6 +161,7 @@ GEM
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     mime-types (2.99)
+    mini_portile (0.6.2)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mysql2 (0.4.2)
@@ -244,6 +256,7 @@ DEPENDENCIES
   jquery-rails
   jquery-textcomplete-rails!
   kaminari!
+  mail-gpg!
   mysql2
   rails!
   rails-erd

app/controllers/blogposts_controller.rb

@@ -69,7 +69,7 @@ class BlogpostsController < ApplicationController
   end
 
   def auth
-    unless mod?
+    unless mod? && current_user.confirmed?
       flash[:alert] = "You are not allowed to edit posts!"
       redirect_to @post ? @post : blogposts_path
     end

app/controllers/forumgroups_controller.rb

@@ -17,7 +17,7 @@ class ForumgroupsController < ApplicationController
   end
 
   def update
-    if admin?
+    if admin? && current_user.confirmed?
       @group = Forumgroup.find(params[:id])
       if @group.update_attributes(group_params)
         flash[:notice] = "Forum group updated"
@@ -41,7 +41,7 @@ class ForumgroupsController < ApplicationController
   end
 
   def create
-    if admin?
+    if admin? && current_user.confirmed?
       @group = Forumgroup.new(group_params)
       if @group.save
         flash[:notice] = "Forum group created."
@@ -57,7 +57,7 @@ class ForumgroupsController < ApplicationController
   end
 
   def destroy
-    if admin?
+    if admin? && current_user.confirmed?
       @group = Forumgroup.find(params[:id])
       if @group.destroy
         flash[:notice] = "forum group deleted."

app/controllers/forums_controller.rb

@@ -34,7 +34,7 @@ class ForumsController < ApplicationController
   end
 
   def update
-    if admin?
+    if admin? && current_user.confirmed?
       if @forum.update_attributes(forum_params)
         flash[:notice] = "Forum updated"
         redirect_to @forum
@@ -48,7 +48,7 @@ class ForumsController < ApplicationController
   end
 
   def create
-    if admin?
+    if admin? && current_user.confirmed?
       @forum = Forum.new(forum_params([:forumgroup_id]))
       if @forum.save
         flash[:notice] = "Forum created."
@@ -64,7 +64,7 @@ class ForumsController < ApplicationController
   end
 
   def destroy
-    if admin?
+    if admin? && current_user.confirmed?
       if @forum.destroy
         flash[:notice] = "Forum deleted."
       else

app/controllers/info_controller.rb

@@ -22,9 +22,9 @@ class InfoController < ApplicationController
   def create
     @info = Info.new(info_params)
     if @info.save
-      redirect_to @info, notice: 'Info has been created.'
+      redirect_to @info, notice: 'The info page has been created!'
     else
-      flash[:alert] = "Error creating info"
+      flash[:alert] = "An error occured while creating the info page."
       render action: "new"
     end
   end
@@ -32,18 +32,18 @@ class InfoController < ApplicationController
   def update
     @info.attributes = info_params()
     if @info.save
-      redirect_to @info, notice: 'Info has been updated.'
+      redirect_to @info, notice: 'The info page has been updated!'
     else
-      flash[:alert] = "There was a problem while updating the info"
+      flash[:alert] = "An error occured while updating the info page."
       render action: "edit"
     end
   end
 
   def destroy
     if @info.destroy
-      flash[:notice] = "Info deleted!"
+      flash[:notice] = "The info page has been deleted!"
     else
-      flash[:alert] = "There was a problem while deleting this info"
+      flash[:alert] = "An error occured while deleting the info page."
     end
     redirect_to info_index_path
   end
@@ -62,9 +62,9 @@ class InfoController < ApplicationController
   end
 
   def auth
-    unless mod?
+    unless mod? && current_user.confirmed?
-      flash[:alert] = "You are not allowed to edit info!"
+      flash[:alert] = "You are not allowed to edit info pages!"
       redirect_to @info ? @info : info_index_path
     end
   end
-end
+end

app/controllers/statics_controller.rb

@@ -17,8 +17,29 @@ class StaticsController < ApplicationController
   end
 
   def online
-    json = JSON.parse(File.read("/etc/minecraft/redstoner/plugins/JavaUtils/players.json"))
+    @players = []
-    @players = json["players"].collect!{ |p| User.find_by(uuid: p["UUID"].tr("-", "")) or User.new(name: p["name"], ign: p["name"], uuid: p["UUID"].tr("-", ""), role: Role.get("normal"), badge: Badge.get("none"), confirmed: true) }.sort_by!(&:role).reverse!
+    @count = 0
-    @count = json["amount"]
+    begin
+      json = JSON.parse(File.read("/etc/minecraft/redstoner/plugins/ModuleLoader/players.json"))
+    rescue
+      flash.now[:alert] = "The server is currently offline."
+    else
+      case json["dataFormat"]
+      when "v1"
+        @players = json["players"].collect!{ |p| User.find_by(uuid: p["UUID"].tr("-", "")) or User.new(name: p["name"], ign: p["name"], uuid: p["UUID"].tr("-", ""), role: Role.get("normal"), badge: Badge.get("none"), confirmed: true) }
+        @count = json["amount"]
+      when "v2"
+        json["players"].reject{|p| !mod? && p["vanished"] == "true"}.each do |p|
+          @players.push(User.find_by(uuid: p["UUID"].tr("-", "")) || User.new(name: p["name"], ign: p["name"], uuid: p["UUID"].tr("-", ""), role: Role.get("normal"), badge: Badge.get("none"), confirmed: true))
+        end
+        @count = @players.count
+      else
+        flash.now[:alert] = "The server is using an incompatible data format. We are aware of this issue and are most likely already working on it."
+      end
+      @players.sort_by!(&:role).reverse!
+    end
+  end
+
+  def privacy
   end
 end

app/controllers/users_controller.rb

@@ -10,12 +10,22 @@ class UsersController < ApplicationController
     role = Role.find_by(name: params[:role])
     badge = Badge.find_by(name: params[:badge])
 
-    @users = User.search(params[:search], role, badge, params.include?(:staff))
+    @users = User.search(params[:search], role, badge, params.include?(:staff), params.include?(:donor))
     @count = @users.size
     @users = @users.page(params[:page]).per(100)
   end
 
   def show
+    begin
+      @ban_json = JSON.parse(File.read("/etc/minecraft/redstoner/banned-players.json")).detect {|u| u["uuid"].tr("-", "") == @user.uuid}
+    rescue
+      if @user.is?(current_user)
+        flash.now[:alert] = "An error occured while checking if you are banned from the server!"
+      else
+        flash.now[:alert] = "An error occured while checking if this user is banned from the server!"
+      end
+      @ban_json = nil
+    end
   end
 
   # SIGNUP
@@ -125,7 +135,7 @@ class UsersController < ApplicationController
   end
 
   def resend_mail
-    if (@user.is?(current_user) || mod?) && !@user.confirmed?
+    if (@user.is?(current_user) || (mod? && current_user.confirmed?)) && !@user.confirmed?
       RedstonerMailer.register_mail(@user, false).deliver_now
       flash[:notice] = "Check your inbox for the confirmation mail."
     else
@@ -135,11 +145,16 @@ class UsersController < ApplicationController
   end
 
   def update
-    if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
+    if (mod? && current_user.role >= @user.role && current_user.confirmed?) || (@user.is?(current_user) && confirmed?)
       if mod?
-        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
+        userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
       else
-        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark])
+        userdata = user_params([:name, :skype, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark])
+      end
+      if User.find_by(name: userdata[:name]) && User.find_by(name: userdata[:name]) != @user
+        flash[:alert] = "You have entered a name that belongs to someone else. Please try another."
+        redirect_to edit_user_path(@user)
+        return
       end
       if userdata[:role]
         role = Role.get(userdata[:role])
@@ -173,7 +188,7 @@ class UsersController < ApplicationController
   end
 
   def ban
-    if mod? && current_user.role >= @user.role
+    if mod? && current_user.role >= @user.role && current_user.confirmed?
       @user.role = Role.get :banned
       flash[:notice] = "'#{@user.name}' has been banned!"
     else
@@ -183,7 +198,7 @@ class UsersController < ApplicationController
   end
 
   def unban
-    if mod? && current_user.role >= @user.role
+    if mod? && current_user.role >= @user.role && current_user.confirmed?
       @user.role = Role.get :normal
       flash[:notice] = "\"#{@user.name}\" has been unbanned!"
     else
@@ -193,7 +208,7 @@ class UsersController < ApplicationController
   end
 
   def destroy
-    if superadmin?
+    if superadmin? && current_user.confirmed?
       if @user.destroy
         flash[:notice] = "User deleted forever."
         redirect_to users_url
@@ -208,28 +223,28 @@ class UsersController < ApplicationController
   end
 
   def edit_notifications
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role) || superadmin?
       flash[:alert] = "You are not allowed to edit this user's notification settings!"
       redirect_to @user
     end
   end
 
   def edit_login
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role) || superadmin?
       flash[:alert] = "You are not allowed to edit this user's login details!"
       redirect_to @user
     end
   end
 
   def edit_website_settings
-    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    unless @user.is?(current_user) || (admin? && current_user.role > @user.role) || superadmin?
       flash[:alert] = "You are not allowed to edit this user's website settings!"
       redirect_to @user
     end
   end
 
   def update_login
-    if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+    if @user.is?(current_user) || (admin? && current_user.role > @user.role && current_user.confirmed?) || (superadmin? && current_user.confirmed?)
       authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password])
       if params[:user][:password].present?
         @user.password              = params[:user][:password]
@@ -347,7 +362,7 @@ class UsersController < ApplicationController
   end
 
   def user_params(add = [])
-    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention] + add
+    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key] + add
     params.require(:user).permit(a)
   end
 end

app/mailers/redstoner_mailer.rb

@@ -19,29 +19,49 @@ class RedstonerMailer < ActionMailer::Base
   def new_thread_mention_mail(user, thread)
     @user   = user
     @thread = thread
-    mail(to: @user.email, subject: "#{thread.author.name} mentioned you in '#{thread.title}' on Redstoner")
+    if @user.public_key?
+      mail(to: @user.email, subject: "Encrypted Notification from Redstoner", gpg: {encrypt: true, keys: {@user.email => @user.public_key}})
+    else
+      mail(to: @user.email, subject: "#{thread.author.name} mentioned you in '#{thread.title}' on Redstoner")
+    end
   end
 
   def new_thread_reply_mail(user, reply)
     @user  = user
     @reply = reply
-    mail(to: @user.email, subject: "#{reply.author.name} replied to '#{reply.thread.title}' on Redstoner")
+    if @user.public_key?
+      mail(to: @user.email, subject: "Encrypted Notification from Redstoner", gpg: {encrypt: true, keys: {@user.email => @user.public_key}})
+    else
+      mail(to: @user.email, subject: "#{reply.author.name} replied to '#{reply.thread.title}' on Redstoner")
+    end
   end
 
   def new_post_mention_mail(user, post)
     @user = user
     @post = post
-    mail(to: @user.email, subject: "#{post.author.name} mentioned you in '#{post.title}' on Redstoner")
+    if @user.public_key?
+      mail(to: @user.email, subject: "Encrypted Notification from Redstoner", gpg: {encrypt: true, keys: {@user.email => @user.public_key}})
+    else
+      mail(to: @user.email, subject: "#{post.author.name} mentioned you in '#{post.title}' on Redstoner")
+    end
   end
 
   def new_post_comment_mail(user, comment)
     @user    = user
     @comment = comment
-    mail(to: @user.email, subject: "#{comment.author.name} replied to '#{comment.blogpost.title}' on Redstoner")
+    if @user.public_key?
+      mail(to: @user.email, subject: "Encrypted Notification from Redstoner", gpg: {encrypt: true, keys: {@user.email => @user.public_key}})
+    else
+      mail(to: @user.email, subject: "#{comment.author.name} replied to '#{comment.blogpost.title}' on Redstoner")
+    end
   end
 
   def email_change_confirm_mail(user)
     @user = user
-    mail(to: @user.email, subject: "Email change on Redstoner.com")
+    if @user.public_key?
+      mail(to: @user.email, subject: "Encrypted Notification from Redstoner", gpg: {encrypt: true, keys: {@user.email => @user.public_key}})
+    else
+      mail(to: @user.email, subject: "Email change on Redstoner.com")
+    end
   end
 end

app/models/blogpost.rb

@@ -8,6 +8,8 @@ class Blogpost < ActiveRecord::Base
   belongs_to :user_editor, class_name: "User", foreign_key: "user_editor_id"
   has_many :comments, :dependent => :destroy
   accepts_nested_attributes_for :comments
+  validates_length_of :title, in: 5..255
+  validates_length_of :content, in: 5..20000
 
   def author
     @author ||= if self.user_author.present?

app/models/forum.rb

@@ -4,6 +4,7 @@ class Forum < ActiveRecord::Base
   belongs_to :role_read, class_name: "Role", foreign_key: "role_read_id"
   belongs_to :role_write, class_name: "Role", foreign_key: "role_write_id"
   has_and_belongs_to_many :labels
+  validates_length_of :name, in: 4..30
 
   def to_s
     name

app/models/forumgroup.rb

@@ -7,7 +7,7 @@ class Forumgroup < ActiveRecord::Base
 
 
   validates_presence_of :name, :position
-  validates_length_of :name, in: 2..20
+  validates_length_of :name, in: 4..20
 
   def to_s
     name

app/models/forumthread.rb

@@ -11,6 +11,7 @@ class Forumthread < ActiveRecord::Base
 
   validates_presence_of :title, :author, :forum
   validates_presence_of :content
+  validates_length_of :title, in: 5..255
   validates_length_of :content, in: 5..20000
 
   accepts_nested_attributes_for :threadreplies

app/models/threadreply.rb

@@ -43,7 +43,7 @@ class Threadreply < ActiveRecord::Base
     unless old_content.present?
       posts.each do |post|
         # don't send mail to the author of this reply, don't send to banned/disabled users
-        if post.author != author && post.author.normal? && post.author.confirmed? # &&
+        if post.author != author && post.author.normal? && post.author.confirmed? && thread.can_read?(post.author)
           users << post.author if post.author.mail_other_thread_reply?
         end
       end

app/models/user.rb

@@ -22,6 +22,8 @@ class User < ActiveRecord::Base
   validates :email, uniqueness: {case_sensitive: false}, format: {with: /\A.+@(.+\..{2,}|\[(IPv6)?[0-9a-f:.]+\])\z/i, message: "That doesn't look like an email address."}
   validates :ign, uniqueness: {case_sensitive: false}, format: {with: /\A[a-z\d_]+\z/i, message: "Username is invalid (a-z, 0-9, _)."}
 
+  validates :public_key, format: {with: /\A(-----BEGIN PGP PUBLIC KEY BLOCK-----((.|\n)*?)-----END PGP PUBLIC KEY BLOCK-----)?\z/i, message: "That doesn't look like a PGP formatted public key."}
+
   has_many :blogposts
   has_many :comments
 
@@ -175,12 +177,14 @@ class User < ActiveRecord::Base
     self.email_token ||= SecureRandom.hex(16)
   end
 
-  def self.search (search, role, badge, staff)
+  def self.search (search, role, badge, staff, donor)
     users = User.joins(:role)
     if role
       users = users.where(role: role)
     elsif staff
       users = users.where("roles.value >= ?", Role.get(:mod).to_i)
+    elsif donor
+      users = users.where("badge_id = ? OR badge_id = ?", Badge.get(:donor), Badge.get(:donorplus))
     end
     users = users.where(badge: badge) if badge
     if search

app/views/blogposts/edit.html.erb

@@ -1,10 +1,20 @@
 <% title "Edit News: #{@post.title}" %>
 
+<%
+  def can_edit?
+    mod? && current_user.confirmed?
+  end
+%>
+
 <h1>Edit post</h1>
 <%= form_for @post do |f|%>
-  <%= f.text_field :title %>
+  <%= f.text_field :title, disabled: !can_edit? %>
-  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content} %>
+  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content, options: {disabled: !can_edit?}} %>
-  <p><%= f.submit "Update Post", class: "btn blue left" %></p>
+  <p><%= f.submit "Update Post", class: "btn blue left", disabled: !can_edit? %></p>
+<% end %>
+<p><%= button_to "Delete post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right", disabled: !can_edit? %></p>
+<div class="clear"></div>
+
+<% if !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your email before you can edit blog posts.</span>
 <% end %>
-<p><%= button_to "Delete post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right" %></p>
-<div class="clear"></div>

app/views/blogposts/new.html.erb

@@ -1,9 +1,19 @@
 <% title "New Blog Post" %>
 
+<%
+  def can_create?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <h1>New Post</h1>
 <%= form_for @post do |f|%>
-  <%= f.text_field :title, placeholder: "Title" %>
+  <%= f.text_field :title, placeholder: "Title", disabled: !can_create? %>
-  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content} %>
+  <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content, options: {disabled: !can_create?}} %>
-  <p><%= f.submit "Create Post", class: "btn blue left" %></p>
+  <p><%= f.submit "Create Post", class: "btn blue left", disabled: !can_create? %></p>
   <div class="clear"></div>
+
+  <% if !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your email before you can create new blog posts.</span>
+  <% end %>
 <% end %>

app/views/forumgroups/edit.html.erb

@@ -1,5 +1,11 @@
 <% title "Manage Forums" %>
 
+<%
+  def can_edit?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <h1>Manage Forums</h1>
 <div class="item-group">
   <div class="header">
@@ -19,22 +25,26 @@
   <table>
     <tr>
       <td><%= f.label :name %></td>
-      <td><%= f.text_field :name, placeholder: "Name" %></td>
+      <td><%= f.text_field :name, placeholder: "Name", disabled: !can_edit? %></td>
     </tr>
     <tr>
       <td><%= f.label :position %></td>
-      <td><%= f.number_field :position, placeholder: "Position" %></td>
+      <td><%= f.number_field :position, placeholder: "Position", disabled: !can_edit? %></td>
     </tr>
     <tr>
       <td><%= f.label :role_read_id, "Min. read role" %></td>
-      <td><%= f.select :role_read_id, role_selection, include_blank: "None" %></td>
+      <td><%= f.select :role_read_id, role_selection, { include_blank: "None" }, { disabled: !can_edit? } %></td>
     </tr>
     <tr>
       <td><%= f.label :role_write_id, "Min. write role" %></td>
-      <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
+      <td><%= f.select :role_write_id, role_selection, { include_blank: false }, { disabled: !can_edit? } %></td>
     </tr>
   </table>
-  <p><%= f.submit "Update group", class: "btn blue left" %></p>
+  <p><%= f.submit "Update group", class: "btn blue left", disabled: !can_edit? %></p>
+<% end %>
+<p><%= button_to "Delete group", @group, :method => "delete", data: {confirm: "Delete group?\nForums + Threads will not be accessible!"}, class: "btn red right", disabled: !can_edit? %></p>
+<div class="clear"></div>
+
+<% if !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your email before you can edit forum groups.</span>
 <% end %>
-<p><%= button_to "Delete group", @group, :method => "delete", data: {confirm: "Delete group?\nForums + Threads will not be accessible!"}, class: "btn red right" %></p>
-<div class="clear"></div>

app/views/forumgroups/new.html.erb

@@ -1,26 +1,36 @@
 <% title "New Forum: #{@group.name}" %>
 
+<%
+  def can_create?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <h1>New forum group</h1>
 <% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
 <%= form_for @group do |f|%>
   <table>
     <tr>
       <td><%= f.label :name %></td>
-      <td><%= f.text_field :name, placeholder: "Name" %></td>
+      <td><%= f.text_field :name, placeholder: "Name", disabled: !can_create? %></td>
     </tr>
     <tr>
       <td><%= f.label :position %></td>
-      <td><%= f.number_field :position, placeholder: "Position" %></td>
+      <td><%= f.number_field :position, placeholder: "Position", disabled: !can_create? %></td>
     </tr>
     <tr>
       <td><%= f.label :role_read_id, "Min. read role" %></td>
-      <td><%= f.select :role_read_id, role_selection, include_blank: "None" %></td>
+      <td><%= f.select :role_read_id, role_selection, { include_blank: "None" }, { disabled: !can_create? } %></td>
     </tr>
     <tr>
       <td><%= f.label :role_write_id, "Min. write role" %></td>
-      <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
+      <td><%= f.select :role_write_id, role_selection, { include_blank: false }, { disabled: !can_create? } %></td>
     </tr>
   </table>
-  <p><%= f.submit "Create group", class: "btn blue left" %></p>
+  <p><%= f.submit "Create group", class: "btn blue left", disabled: !can_create? %></p>
   <div class="clear"></div>
-<% end %>
+
+  <% if !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your email before you can create new forum groups.</span>
+  <% end %>
+<% end %>

app/views/forums/edit.html.erb

@@ -1,5 +1,11 @@
 <% title "Edit Forum: #{@forum.name}" %>
 
+<%
+  def can_edit?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <%= link_to "(Edit) #{@forum.group.name}", edit_forumgroup_path(@forum.group) %> →  <%= @forum.name %>
 <h1>Edit Forum</h1>
 <% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
@@ -7,26 +13,30 @@
   <table>
     <tr>
       <td><%= f.label :name %></td>
-      <td><%= f.text_field :name, placeholder: "Name" %></td>
+      <td><%= f.text_field :name, placeholder: "Name", disabled: !can_edit? %></td>
     </tr>
     <tr>
       <td><%= f.label :position %></td>
-      <td><%= f.number_field :position, placeholder: "Position" %></td>
+      <td><%= f.number_field :position, placeholder: "Position", disabled: !can_edit? %></td>
     </tr>
     <tr>
       <td><%= f.label :role_read_id, "Min. read role" %></td>
-      <td><%= f.select :role_read_id, role_selection, include_blank: "None" %></td>
+      <td><%= f.select :role_read_id, role_selection, { include_blank: "None" }, { disabled: !can_edit? } %></td>
     </tr>
     <tr>
       <td><%= f.label :role_write_id, "Min. write role" %></td>
-      <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
+      <td><%= f.select :role_write_id, role_selection, { include_blank: false }, { disabled: !can_edit? } %></td>
     </tr>
     <tr>
       <td><%= f.label :necro_length, "Necropost warning delay (in days)" %></td>
-      <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)" %></td>
+      <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)", disabled: !can_edit? %></td>
     </tr>
   </table>
-  <p><%= f.submit "Update forum", class: "btn blue left" %></p>
+  <p><%= f.submit "Update forum", class: "btn blue left", disabled: !can_edit? %></p>
 <% end %>
-<p><%= button_to "Delete forum", @forum, method: "delete", data: {confirm: "Delete forum forever?\nThreads won't be accessible!"}, class: "btn red right" %></p>
+<p><%= button_to "Delete forum", @forum, method: "delete", data: {confirm: "Delete forum forever?\nThreads won't be accessible!"}, class: "btn red right", disabled: !can_edit? %></p>
 <div class="clear"></div>
+
+<% if !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your email before you can edit forums.</span>
+<% end %>

app/views/forums/index.html.erb

@@ -56,6 +56,4 @@
 
 <% if admin? %>
   <%= link_to "New group", new_forumgroup_path, class: "btn blue" %>
-<% elsif mod? %>
-  <%= link_to "New group", "#", class: "btn blue", disabled: true %>
 <% end %>

app/views/forums/new.html.erb

@@ -1,5 +1,11 @@
 <% title "New Forum: #{@forum.group.name}" %>
 
+<%
+  def can_create?
+    admin? && current_user.confirmed?
+  end
+%>
+
 <%= link_to @forum.group, forumgroup_path(@forum.group) %> →  New forum
 <h1>New Forum</h1>
 <% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
@@ -7,26 +13,30 @@
   <table>
     <tr>
       <td><%= f.label :name %></td>
-      <td><%= f.text_field :name, placeholder: "Name" %></td>
+      <td><%= f.text_field :name, placeholder: "Name", disabled: !can_create? %></td>
     </tr>
     <tr>
       <td><%= f.label :position %></td>
-      <td><%= f.number_field :position, placeholder: "Position" %></td>
+      <td><%= f.number_field :position, placeholder: "Position", disabled: !can_create? %></td>
     </tr>
     <tr>
       <td><%= f.label :role_read_id, "Min. read role" %></td>
-      <td><%= f.select :role_read_id, role_selection, include_blank: "None" %></td>
+      <td><%= f.select :role_read_id, role_selection, { include_blank: "None"}, { disabled: !can_create? } %></td>
     </tr>
     <tr>
       <td><%= f.label :role_write_id, "Min. write role" %></td>
-      <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
+      <td><%= f.select :role_write_id, role_selection, { include_blank: false }, { disabled: !can_create? } %></td>
     </tr>
     <tr>
       <td><%= f.label :necro_length, "Necropost warning delay (in days)" %></td>
-      <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)" %></td>
+      <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)", disabled: !can_create? %></td>
     </tr>
   </table>
   <%= f.hidden_field :forumgroup_id %>
-  <p><%= f.submit "Create forum", class: "btn blue left" %></p>
+  <p><%= f.submit "Create forum", class: "btn blue left", disabled: !can_create? %></p>
   <div class="clear"></div>
+
+  <% if !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your email before you can create new forums.</span>
+  <% end %>
 <% end %>

app/views/info/edit.html.erb

@@ -1,10 +1,20 @@
 <% title "Edit Info: #{@info.title}" %>
 
+<%
+  def can_edit?
+    mod? && current_user.confirmed?
+  end
+%>
+
 <h1>Edit Info</h1>
 <%= form_for @info do |f|%>
-  <%= f.text_field :title%>
+  <%= f.text_field :title, disabled: !can_edit? %>
-  <%= render partial: "md_editor", locals: {name: "info[content]", content: @info.content} %>
+  <%= render partial: "md_editor", locals: {name: "info[content]", content: @info.content, options: {disabled: !can_edit?}} %>
-  <p><%= f.submit "Update Info", class: "btn blue left" %></p>
+  <p><%= f.submit "Update Info", class: "btn blue left", disabled: !can_edit? %></p>
+<% end %>
+<p><%= button_to "Delete Info", @info, method: "delete", data: {confirm: "Are you sure you want to delete this info page?"}, class: "btn red right", disabled: !can_edit? %></p>
+<div class="clear"></div>
+
+<% if !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your email before you can edit info pages.</span>
 <% end %>
-<p><%= button_to "Delete Info", @info, method: "delete", data: {confirm: "Delete Info forever?"}, class: "btn red right" %></p>
-<div class="clear"></div>

app/views/info/new.html.erb

@@ -1,9 +1,19 @@
 <% title "New Info" %>
 
+<%
+  def can_create?
+    mod? && current_user.confirmed?
+  end
+%>
+
 <h1>New Info</h1>
 <%= form_for @info, url: info_index_path do |f|%>
-  <%= f.text_field :title, placeholder: "Title" %>
+  <%= f.text_field :title, placeholder: "Title", disabled: !can_create? %>
-  <%= render partial: "md_editor", locals: {name: "info[content]", content: @info.content} %>
+  <%= render partial: "md_editor", locals: {name: "info[content]", content: @info.content, options: {disabled: !can_create?}} %>
-  <p><%= f.submit "Create Info", class: "btn blue left" %></p>
+  <p><%= f.submit "Create Info", class: "btn blue left", disabled: !can_create? %></p>
   <div class="clear"></div>
+
+  <% if !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your email before you can create new info pages.</span>
+  <% end %>
 <% end %>

app/views/layouts/_footer.html.erb

@@ -13,6 +13,12 @@
     <% end %> |
     <%= link_to "https://twitter.com/RedstonerServer", title: "Redstoner on Twitter" do %>
       Twitter <%= image_tag("twitter.png") %>
+    <% end %> |
+    <%= link_to "https://mstdn.io/@RedstonerServer", title: "Redstoner on Mastodon" do %>
+      Mastodon <%= image_tag("mastodon.png") %>
+    <% end %> |
+    <%= link_to "http://rdstnr4biap5nao2.onion", title: "Redstoner over Tor" do %>
+      Onion Service <%= image_tag("tor.png") %>
     <% end %>
     <% if current_user %>
       | <%= link_to "/slack/?" + {mail: current_user.try(:email)}.to_param do %>
@@ -20,4 +26,4 @@
       <% end %>
     <% end %>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/email_change_confirm_mail.html.erb

@@ -13,7 +13,7 @@
       </div>
       <p></p>
 
-      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game.</p>
+      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game.</p>
       <p>Your Redstoner team</p>
 
     </div>
@@ -25,9 +25,9 @@
       <p>You can contact us via:
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+        <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/new_post_comment_mail.html.erb

@@ -14,7 +14,7 @@
     %>
     <p><%= link_to "Click here", blogpost_url(@comment.blogpost, page: page) + "#comment-#{@comment.id}", style: "text-decoration: none; color: #4096EE;" %> to view the blog post.</p>
 
-    <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
+    <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
     <p>Your Redstoner team</p>
 
   </div>
@@ -24,9 +24,9 @@
       <p>You can contact us via:
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+        <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/new_post_mention_mail.html.erb

@@ -10,7 +10,7 @@
 
     <p><%= link_to "Click here", blogpost_url(@post), style: "text-decoration: none; color: #4096EE;" %> to view the blog post.</p>
 
-      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
+      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
       <p>Your Redstoner team</p>
 
     </div>
@@ -21,9 +21,9 @@
       <p>You can contact us via:
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+        <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/new_thread_mention_mail.html.erb

@@ -11,7 +11,7 @@
 
     <p><%= link_to "Click here", forumthread_url(@thread), style: "text-decoration: none; color: #4096EE;" %> to view the thread.</p>
 
-      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
+      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
       <p>Your Redstoner team</p>
 
     </div>
@@ -23,9 +23,9 @@
       <p>You can contact us via:
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+        <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/new_thread_reply_mail.html.erb

@@ -15,7 +15,7 @@
     %>
     <p><%= link_to "Click here", forumthread_url(@reply.thread, page: page) + "#reply-#{@reply.id}", style: "text-decoration: none; color: #4096EE;" %> to view the thread.</p>
 
-    <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
+    <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game or on the forums!</p>
     <p>Your Redstoner team</p>
 
   </div>
@@ -26,8 +26,8 @@
     <p>You can contact us via:
       <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
       <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-      <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+      <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
       <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
     </p>
   </div>
-</div>
+</div>

app/views/redstoner_mailer/register_mail.html.erb

@@ -25,7 +25,7 @@
       </div>
       <p></p>
 
-      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game.</p>
+      <p>If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(staff: ""), style: "text-decoration: none; color: #4096EE;" %> in-game.</p>
       <p>Your Redstoner team</p>
 
     </div>
@@ -37,9 +37,9 @@
       <p>You can contact us via:
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> |
+        <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>
-</div>
+</div>

app/views/statics/donate.html.erb

@@ -1,3 +1,4 @@
+<% title "Donate" %>
 <h1>Donate</h1>
 
 <p>Running a server is really stressful and requires a lot of work.<br>
@@ -11,7 +12,7 @@
   <li>Donator+ ($20 or more)
 </ul>
 
-<p>We also have <%= link_to "list of users who donated", users_path(badge: "donor") %> already!</p>
+<p>We also have a <%= link_to "list of users who donated", users_path(donor: "") %> already!</p>
 
 <h3>Perks for you</h3>
 <p>For <i>Donator</i> and <i>Donator+</i></p>
@@ -25,11 +26,11 @@
 <div class="donations">
   <div class="donation">
     <div class="left">
-      <img src="<%= image_url("anonymous_skin.png") %>" alt="sponsor's skin" class="body">
+      <img src="https://crafatar.com/renders/body/97a4928198f045998e0e7a97eabae6ae?overlay=true&scale=3" alt="sponsor's skin" class="body">
     </div>
     <div>
       <h1>Donate to our server sponsor</h1>
-      <h4>They pay for our server, but prefer to stay anonymous</h4>
+      <h4>PotatoKek pays for the server hardware. You can help him by donating here.</h4>
       <form target="_blank" method="post" action="https://www.paypal.com/cgi-bin/webscr">
         <% if current_user %>
           <input name="custom" type="hidden" placeholder="Your Minecraft name" value="<%= current_user.ign %>">

app/views/statics/privacy.html.erb

@@ -0,0 +1,41 @@
+<% title "Privacy Policy" %>
+<h1>Privacy Policy</h1>
+<p>Please note that this privacy policy is not legally binding. It is simply a reference intended to inform you about what is done with your information. Also, this privacy policy only applies to the Redstoner website and forums. The Minecraft server will have its own privacy policy at some point.</p>
+<h2>How your information is stored and protected</h2>
+<p>Everything on the website is stored in a database, to which access is strictly limited. Only users of the administrator rank or former administrators who are well known and are trusted by the rest of the current administrators may access the database. Offsite backups of this data are made daily only to the network and servers of at least one current administrator via an encrypted SSH connection.</p>
+<p>Passwords are stored using the bcrypt algorithm. Plaintext passwords are never logged or stored anywhere.</p>
+<p>The website code is <%= link_to "open source", "https://github.com/RedstonerServer/redstoner.com" %> and undergoes heavy testing and review before it is deployed to ensure no exploitable bugs or backdoors make it onto the production server.</p>
+<p>All connections to our website are automatically forced to be made over HTTPS to ensure your data is protected while in transit. We maintain <%= link_to "good TLS paramters", "https://www.ssllabs.com/ssltest/analyze.html?d=redstoner.com" %> and also employ other techniques to ensure secure connections such as <%= link_to "being on the HSTS preload list", "https://hstspreload.org/?domain=redstoner.com" %> and OCSP stapling.</p>
+<h2>Information we collect</h2>
+<p>This information is needed in order for your account to be created:</p>
+<ul>
+  <li>Your Minecraft account's IGN and UUID.</li>
+  <li>Your email address.</li>
+  <li>A unique password.</li>
+</ul>
+<p>This information is optional and is obtained only if you provide it:</p>
+<ul>
+  <li>Your Skype username.</li>
+  <li>Your YouTube channel ID.</li>
+  <li>Your Twitter username.</li>
+</ul>
+<p>This information is also collected, however does not affect your Redstoner account directly:</p>
+<ul>
+  <li>Your IP address.</li>
+</ul>
+<h2>How your information is used and who it is visible to</h2>
+<ul>
+  <li><b>Minecraft account IGN and UUID</b> - This is used to link your Minecraft account with your Redstoner account. Anyone can see these.</li>
+  <li><b>Your email address</b> - This is used to send you email notifications about forums activity that you are involved in. These notifications can be disabled in your account settings. This is also used to perform a password reuse check, which is explained in more detail below. Only users of the moderator rank or higher can see your email address.</li>
+  <li><b>Your password</b> - This is used to authenticate you. This too is used to perform a password reuse check. The plaintext version is visible to no one, but the hashed version is visible only to users of the administrator rank or higher.</li>
+  <li><b>Your Skype username</b> - This is used to add a link to your profile that allows others to easily contact you over Skype. Anyone can see this.</li>
+  <li><b>Your YouTube channel</b> - This is used to add a link to your profile that allows others to easily find your YouTube channel. Anyone can see this.</li>
+  <li><b>Your Twitter username</b> - This is used to add a link to your profile that allows others to easily contact you over Twitter. Anyone can see this.</li>
+  <li><b>Your IP address</b> - This is used to help us identify and ban troublemakers from our forums. Only users of the moderator rank and above can see this.</li>
+</ul>
+<h2>Password reuse check</h2>
+<p>When you first sign up on our website, we use your email address and password to check if you are reusing your password with your Mojang account. This is done by attempting to log into Mojang's server using this information. If it succeeds, then your confirmation email will contain a note warning you not to reuse your password. <b>The information used to perform this check is never used to actually take over your Minecraft account. In fact, we can't because your password is hashed after the check and is totally unusable to us. If you get this warning not to reuse your password, it is still highly recommended that you change your password for your Mojang account and also use a password manager.</b></p>
+<h2>Who your information is shared with</h2>
+<p>We do not share your information with any third parties. The only time we will release information is if we are legally required to.</p>
+<hr>
+<p><sup>This privacy policy was last revised October 31, 2017.</sup></p>

app/views/users/edit.html.erb

@@ -2,7 +2,7 @@
 
 <%
   def can_edit?
-    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role)
+    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?)
   end
 %>
 
@@ -23,7 +23,7 @@
           <td>Role</td>
           <td>
             <% if current_user.role >= @user.role %>
-              <%= f.select :role, Role.all_to(current_user.role) %>
+              <%= f.select :role, Role.all_to(current_user.role), {}, { disabled: !can_edit? } %>
             <% end %>
           </td>
         </tr>
@@ -31,7 +31,7 @@
           <td>Badge</td>
           <td>
             <% if current_user.role >= Role.get(:mod) %>
-              <%= f.select :badge, Badge.all %>
+              <%= f.select :badge, Badge.all, {}, { disabled: !can_edit? } %>
             <% end %>
           </td>
         </tr>
@@ -48,12 +48,6 @@
           <%= f.text_field :skype, placeholder: "Skype username", disabled: !can_edit? %>
         </td>
       </tr>
-      <tr>
-        <td>Show Skype to</td>
-        <td>
-          <%= f.select :skype_public, [["Staff only", false], ["All users", true]], {}, { disabled: !can_edit? } %>
-        </td>
-      </tr>
       <tr>
         <td>YouTube Channel ID</td>
         <td>
@@ -63,7 +57,7 @@
       <tr>
         <td>Twitter username</td>
         <td>
-          <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !(@user.is?(current_user) && confirmed? || (mod? && current_user.role >= @user.role)) %>
+          <%= f.text_field :twitter, placeholder: "Twitter username", disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
@@ -75,7 +69,7 @@
     </tbody>
   </table>
 
-<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p>
+<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: !can_edit? %></p>
 <p>
   <%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %>
   <%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %>
@@ -83,7 +77,9 @@
 </p>
 <div class="clear"></div>
 
-<% if !@user.confirmed? %>
+<% if !@user.is?(current_user) && !current_user.confirmed? %>
+  <span class='red-alert'>You must confirm your own email before you can edit other profiles.</span>
+<% elsif !@user.confirmed? %>
   <% if @user.is?(current_user) %>
       <span class='red-alert'>Please confirm your email address first!</span>
     <% else %>

app/views/users/edit_notifications.html.erb

@@ -1,5 +1,11 @@
 <% title "Edit Notification Settings: #{@user.name}" %>
 
+<%
+  def can_edit?
+    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?)
+  end
+%>
+
 <%= link_to @user.name, @user %> → Edit Notification Settings
 <h1>Edit Notification Settings</h1>
 
@@ -11,13 +17,13 @@
       <tr>
         <td>replies to my thread</td>
         <td>
-          <%= f.check_box :mail_own_thread_reply %>
+          <%= f.check_box :mail_own_thread_reply, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
         <td>replies to a thread I already replied to</td>
         <td>
-          <%= f.check_box :mail_other_thread_reply %>
+          <%= f.check_box :mail_other_thread_reply, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
@@ -26,13 +32,13 @@
           <i>(Currently used for staff only)</i>
         </td>
         <td>
-          <%= f.check_box :mail_own_blogpost_comment %>
+          <%= f.check_box :mail_own_blogpost_comment, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
         <td>comments a blog post I already commented</td>
         <td>
-          <%= f.check_box :mail_other_blogpost_comment %>
+          <%= f.check_box :mail_other_blogpost_comment, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
@@ -40,11 +46,20 @@
           mentions me in a thread or comment
         </td>
         <td>
-          <%= f.check_box :mail_mention %>
+          <%= f.check_box :mail_mention, disabled: !can_edit? %>
         </td>
       </tr>
     </tbody>
   </table>
-  <p><%= f.submit "Save changes", class: "btn blue left" %></p>
+  <h3>Public Key</h1>
+  <p>All notification emails will be encrypted with this key if you supply it.</p>
+  <%= f.text_area :public_key, placeholder: "-----BEGIN PGP PUBLIC KEY BLOCK-----", disabled: !can_edit? %>
+  <p><%= f.submit "Save changes", class: "btn blue left", disabled: !can_edit? %></p>
   <div class="clear"></div>
-<% end %>
+
+  <% if !@user.is?(current_user) && !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your own email before you can edit other user's notification settings.</span>
+  <% elsif !@user.confirmed? && @user.is?(current_user) %>
+    <span class='red-alert'>You need to confirm your email before you can edit your notification settings.</span>
+  <% end %>
+<% end %>

app/views/users/edit_website_settings.html.erb

@@ -1,5 +1,11 @@
 <% title "Edit Website Settings: #{@user.name}" %>
 
+<%
+  def can_edit?
+    (@user.is?(current_user) && confirmed?) || (mod? && current_user.role >= @user.role && current_user.confirmed?)
+  end
+%>
+
 <%= link_to @user.name, @user %> → Edit Website Settings
 <h1>Edit Website Settings</h1>
 
@@ -10,25 +16,31 @@
       <tr>
         <td>Header moves with scrolling (Experimental - do not report bugs)</td>
         <td>
-          <%= f.check_box :header_scroll %>
+          <%= f.check_box :header_scroll, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
         <td>Show exact UTC times</td>
         <td>
-          <%= f.check_box :utc_time %>
+          <%= f.check_box :utc_time, disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
         <td>Dark theme*</td>
         <td>
-          <%= f.check_box :dark %>
+          <%= f.check_box :dark, disabled: !can_edit? %>
         </td>
       </tr>
     </tbody>
   </table>
-  <p><%= f.submit "Save changes", class: "btn blue left" %></p>
+  <p><%= f.submit "Save changes", class: "btn blue left", disabled: !can_edit? %></p>
   <div class="clear"></div>
+
+  <% if !@user.is?(current_user) && !current_user.confirmed? %>
+    <span class='red-alert'>You must confirm your own email before you can edit other user's website settings.</span>
+  <% elsif !@user.confirmed? && @user.is?(current_user) %>
+    <span class='red-alert'>You need to confirm your email before you can edit your website settings.</span>
+  <% end %>
 <% end %>
 <br><br><br>
 *Warning: If as a result to enabling this style your eyes get infected with a severe case of eye cancer, we are not reliable for any damage. Please contact your doctor in advance to ensure that in case of infection you will be treated accordingly. Quality theme  brought to you by Redempt™.

app/views/users/index.html.erb

@@ -14,6 +14,8 @@
       text = "All '#{params[:role]}' and '#{params[:badge]}' users"
     elsif params.include?(:staff)
       text = "All staff"
+    elsif params.include?(:donor)
+      text = "All donors"
     else
       text = "All users"
     end

app/views/users/show.html.erb

@@ -15,15 +15,28 @@
   <h1><%= @user.name %></h1>
 
   <div class="clear"></div>
-
+  <% if @ban_json && (@ban_json["expires"] == "forever" || !(DateTime.parse(@ban_json["expires"]) <= DateTime.now)) %>
-  <% if @user.banned? %>
+    <% if @user.is?(current_user) %>
-    <span class="user-banned">This user is banned!</span>
+      <span class="user-banned">You are banned on the server for "<%=@ban_json["reason"]%>"<%=" until #{@ban_json["expires"]}" unless @ban_json["expires"] == "forever"%></span>
+    <% else %>
+      <span class="user-banned">This user is banned on the server for "<%=@ban_json["reason"]%>"<%=" until #{@ban_json["expires"]}" unless @ban_json["expires"] == "forever"%></span>
+    <% end %>
   <% end %>
-
+  <% if @user.banned? %>
+    <% if @user.is?(current_user) %>
+      <span class="user-banned">You are banned on the website!</span>
+    <% else %>
+      <span class="user-banned">This user is banned on the website!</span>
+    <% end %>
+  <% end %>
+  <br>
   <% if !@user.confirmed? %>
-    <% if @user.is?(current_user) || mod? %>
+    <% if @user.is?(current_user) %>
-      <span class="user-unconfirmed">Please confirm your email <u><%= @user.email %></u> !</span>
+      <span class="user-unconfirmed">You haven't confirmed your email "<u><%= @user.email %></u>" yet!</span>
       <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn dark", form_class: "inline-block", data: {confirm: "Did you check your spam folder?"} %>
+    <% elsif mod? %>
+      <span class="user-unconfirmed">This user hasn't confirmed their email "<u><%= @user.email %></u>" yet!</span>
+      <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn dark", form_class: "inline-block" %>
     <% else %>
       <span class="user-unconfirmed">This user hasn't confirmed their email yet!</span>
     <% end %>
@@ -52,7 +65,7 @@
         <td><b>Role</b></td>
         <td><%= link_to @user.role, users_path(:role => @user.role.name) %></td>
       </tr>
-      <% if current_user && !@user.skype.blank? && (@user.skype_public || current_user == @user || mod?) %>
+      <% if current_user && !@user.skype.blank? %>
       <tr>
         <td><b>Skype</b></td>
         <td><%= link_to @user.skype, "skype:#{@user.skype}?chat", target: "_blank" %></a></td>

config/routes.rb

@@ -9,6 +9,7 @@ Redstoner::Application.routes.draw do
       get 'donate'
       get 'home'
       get 'online'
+      get 'privacy'
       get 'index'
     end
   end

db/migrate/20170708011014_remove_skype_visibility_from_users.rb

@@ -0,0 +1,6 @@
+class RemoveSkypeVisibilityFromUsers < ActiveRecord::Migration
+  def change
+    remove_column :users, :skype_public
+    User.update_all skype: nil
+  end
+end

db/migrate/20171013001146_add_public_key_to_users.rb

@@ -0,0 +1,5 @@
+class AddPublicKeyToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :public_key, :text
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170703003647) do
+ActiveRecord::Schema.define(version: 20171013001146) do
 
   create_table "badges", force: :cascade do |t|
     t.string  "name",   limit: 191
@@ -135,7 +135,6 @@ ActiveRecord::Schema.define(version: 20170703003647) do
     t.text     "about",                       limit: 65535
     t.string   "last_ip",                     limit: 255
     t.string   "skype",                       limit: 255
-    t.boolean  "skype_public",                              default: false
     t.string   "youtube",                     limit: 255
     t.string   "youtube_channelname",         limit: 255
     t.string   "twitter",                     limit: 255
@@ -154,6 +153,7 @@ ActiveRecord::Schema.define(version: 20170703003647) do
     t.boolean  "utc_time",                                  default: false
     t.boolean  "header_scroll",                             default: false
     t.boolean  "dark",                                      default: false
+    t.text     "public_key",                  limit: 65535
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree

db/seeds.rb

@@ -33,7 +33,6 @@ deleted_user = User.create!(
   role: Role.get(:disabled),
   badge: Badge.get(:none),
   skype: "echo123",
-  skype_public: true,
   last_ip: "0.0.0.0",
   confirmed: true,
   last_seen: Time.utc(0).to_datetime,