Merged pull request #58.

Changed to Search All Threads

.gitattributes

@@ -0,0 +1 @@
+public/* linguist-vendored

Gemfile

@@ -7,16 +7,17 @@ gem 'jquery-rails'
 gem 'bcrypt' # To use ActiveModel's has_secure_password
 gem 'sanitize'
 gem 'strip_attributes'
-gem 'redcarpet', '~> 3.2.3'
+gem 'redcarpet'
 gem 'hirb' # pretty console output
 gem 'rb-readline'
 gem 'rest-client'
 gem 'activerecord-session_store'
 gem 'highlight_js-rails', github: 'RedstonerServer/highlight_js-rails'
 gem 'kaminari', github: 'jomo/kaminari', branch: 'patch-2' # pagination
-gem 'jquery-textcomplete-rails', github: 'RedstonerServer/jquery-textcomplete-rails' # @mentions
+gem 'jquery-textcomplete-rails' # @mentions
 gem 'actionpack-action_caching', github: 'antulik/actionpack-action_caching', ref: '8c6e52c69315d67437f480da5dce4b7c8737fb32'
 gem 'mail-gpg', github: 'jomo/mail-gpg', ref: 'a666b48ee866dfa3eaa700f9c5edf4d195d0f8c9'
+gem 'totp'
 
 # Gems used only for assets and not required
 # in production environments by default.

Gemfile.lock

@@ -5,15 +5,6 @@ GIT
     highlight_js-rails (8.4)
       rails (>= 3.1.1)
 
-GIT
-  remote: git://github.com/RedstonerServer/jquery-textcomplete-rails.git
-  revision: 8bf23af2d8fa1c5226c2b6889c7796adfe1f8772
-  specs:
-    jquery-textcomplete-rails (0.1.4)
-      coffee-rails (>= 3.2.0)
-      railties (>= 3.2.0)
-      sass-rails (>= 3.2.0)
-
 GIT
   remote: git://github.com/antulik/actionpack-action_caching.git
   revision: 8c6e52c69315d67437f480da5dce4b7c8737fb32
@@ -42,202 +33,224 @@ GIT
 
 GIT
   remote: git://github.com/rails/rails.git
-  revision: 2c8f567e53580872d8c6dfe61201e58793ca131e
+  revision: 22aec58a2565a76e0f55d05d045b7a45715c5bb9
   branch: 4-2-stable
   specs:
-    actionmailer (4.2.5.1)
-      actionpack (= 4.2.5.1)
-      actionview (= 4.2.5.1)
-      activejob (= 4.2.5.1)
+    actionmailer (4.2.10)
+      actionpack (= 4.2.10)
+      actionview (= 4.2.10)
+      activejob (= 4.2.10)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.5.1)
-      actionview (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    actionpack (4.2.10)
+      actionview (= 4.2.10)
+      activesupport (= 4.2.10)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.5.1)
-      activesupport (= 4.2.5.1)
+    actionview (4.2.10)
+      activesupport (= 4.2.10)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.5.1)
-      activesupport (= 4.2.5.1)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (4.2.10)
+      activesupport (= 4.2.10)
       globalid (>= 0.3.0)
-    activemodel (4.2.5.1)
-      activesupport (= 4.2.5.1)
+    activemodel (4.2.10)
+      activesupport (= 4.2.10)
       builder (~> 3.1)
-    activerecord (4.2.5.1)
-      activemodel (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    activerecord (4.2.10)
+      activemodel (= 4.2.10)
+      activesupport (= 4.2.10)
       arel (~> 6.0)
-    activesupport (4.2.5.1)
+    activesupport (4.2.10)
       i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    rails (4.2.5.1)
-      actionmailer (= 4.2.5.1)
-      actionpack (= 4.2.5.1)
-      actionview (= 4.2.5.1)
-      activejob (= 4.2.5.1)
-      activemodel (= 4.2.5.1)
-      activerecord (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    rails (4.2.10)
+      actionmailer (= 4.2.10)
+      actionpack (= 4.2.10)
+      actionview (= 4.2.10)
+      activejob (= 4.2.10)
+      activemodel (= 4.2.10)
+      activerecord (= 4.2.10)
+      activesupport (= 4.2.10)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.5.1)
+      railties (= 4.2.10)
       sprockets-rails
-    railties (4.2.5.1)
-      actionpack (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    railties (4.2.10)
+      actionpack (= 4.2.10)
+      activesupport (= 4.2.10)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activerecord-session_store (0.1.2)
-      actionpack (>= 4.0.0, < 5)
-      activerecord (>= 4.0.0, < 5)
-      railties (>= 4.0.0, < 5)
-    arel (6.0.3)
-    bcrypt (3.1.10)
-    better_errors (2.1.1)
+    activerecord-session_store (1.1.1)
+      actionpack (>= 4.0)
+      activerecord (>= 4.0)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0)
+    airbrussh (1.3.1)
+      sshkit (>= 1.6.1, != 1.7.0)
+    arel (6.0.4)
+    base32 (0.3.2)
+    bcrypt (3.1.12)
+    better_errors (2.5.0)
       coderay (>= 1.0.0)
-      erubis (>= 2.6.6)
+      erubi (>= 1.0.0)
       rack (>= 0.9.0)
-    binding_of_caller (0.7.2)
+    binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
-    builder (3.2.2)
-    capistrano (3.4.0)
+    builder (3.2.3)
+    capistrano (3.11.0)
+      airbrussh (>= 1.0.0)
       i18n
       rake (>= 10.0.0)
-      sshkit (~> 1.3)
+      sshkit (>= 1.9.0)
     capistrano-bundler (1.1.4)
       capistrano (~> 3.1)
       sshkit (~> 1.2)
-    capistrano-rails (1.1.6)
+    capistrano-rails (1.1.8)
       capistrano (~> 3.1)
       capistrano-bundler (~> 1.1)
-    capistrano-rbenv (2.0.4)
+    capistrano-rbenv (2.1.4)
       capistrano (~> 3.1)
       sshkit (~> 1.3)
     choice (0.2.0)
-    coderay (1.1.0)
-    coffee-rails (4.1.1)
+    coderay (1.1.2)
+    coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
-      railties (>= 4.0.0, < 5.1.x)
+      railties (>= 4.0.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.10.0)
-    concurrent-ruby (1.0.0)
-    crass (1.0.2)
-    debug_inspector (0.0.2)
-    domain_name (0.5.25)
+    coffee-script-source (1.12.2)
+    concurrent-ruby (1.1.3)
+    crass (1.0.4)
+    debug_inspector (0.0.3)
+    domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
+    erubi (1.7.1)
     erubis (2.7.0)
-    execjs (2.6.0)
-    globalid (0.3.6)
-      activesupport (>= 4.1.0)
-    gpgme (2.0.11)
-      mini_portile (>= 0.5.0)
+    execjs (2.7.0)
+    ffi (1.9.25)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    gpgme (2.0.16)
+      mini_portile2 (~> 2.3)
     hirb (0.7.3)
-    http-cookie (1.0.2)
+    http-cookie (1.0.3)
       domain_name (~> 0.5)
-    i18n (0.7.0)
-    jquery-rails (4.1.0)
-      rails-dom-testing (~> 1.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jquery-rails (4.3.3)
+      rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.3)
-    kgio (2.10.0)
-    loofah (2.0.3)
+    jquery-textcomplete-rails (0.1.5)
+      coffee-rails (>= 3.2.0)
+      railties (>= 3.2.0)
+      sass-rails (>= 3.2.0)
+    kgio (2.11.2)
+    loofah (2.2.3)
+      crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
-    mime-types (2.99)
-    mini_portile (0.6.2)
-    mini_portile2 (2.0.0)
-    minitest (5.8.4)
-    mysql2 (0.4.2)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2018.0812)
+    mini_mime (1.0.1)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    multi_json (1.13.1)
+    mysql2 (0.5.2)
     net-scp (1.2.1)
       net-ssh (>= 2.6.5)
-    net-ssh (3.0.2)
+    net-ssh (5.0.2)
     netrc (0.11.0)
-    nokogiri (1.6.7.2)
-      mini_portile2 (~> 2.0.0.rc2)
-    nokogumbo (1.4.7)
-      nokogiri
-    rack (1.6.4)
+    nokogiri (1.8.5)
+      mini_portile2 (~> 2.3.0)
+    nokogumbo (2.0.1)
+      nokogiri (~> 1.8, >= 1.8.4)
+    rack (1.6.11)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.7)
-      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6.0)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
+      nokogiri (~> 1.6)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-erd (1.4.5)
+    rails-erd (1.5.2)
       activerecord (>= 3.2)
       activesupport (>= 3.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    raindrops (0.15.0)
-    rake (10.5.0)
-    rb-readline (0.5.3)
-    redcarpet (3.2.3)
-    rest-client (1.8.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    raindrops (0.19.0)
+    rake (12.3.2)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rb-readline (0.5.5)
+    redcarpet (3.4.0)
+    rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    ruby-graphviz (1.2.2)
-    sanitize (4.0.1)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    ruby-graphviz (1.2.4)
+    sanitize (5.0.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.4.4)
-      nokogumbo (~> 1.4.1)
-    sass (3.4.21)
-    sass-rails (5.0.4)
-      railties (>= 4.0.0, < 5.0)
+      nokogiri (>= 1.8.0)
+      nokogumbo (~> 2.0)
+    sass (3.7.2)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
       sass (~> 3.1)
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
-    sprockets (3.5.2)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.2.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
-    sqlite3 (1.3.11)
-    sshkit (1.8.1)
+    sqlite3 (1.3.13)
+    sshkit (1.18.0)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
-    strip_attributes (1.7.1)
-      activemodel (>= 3.0, < 5.0)
-    thor (0.19.1)
-    thread_safe (0.3.5)
-    tilt (2.0.2)
-    tzinfo (1.2.2)
+    strip_attributes (1.8.0)
+      activemodel (>= 3.0, < 6.0)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (2.0.8)
+    totp (1.0.0)
+      base32
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    uglifier (2.7.2)
-      execjs (>= 0.3.0)
-      json (>= 1.8.0)
+    uglifier (4.1.20)
+      execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.1)
-    unicorn (5.0.1)
+    unf_ext (0.0.7.5)
+    unicorn (5.4.1)
       kgio (~> 2.6)
-      rack
       raindrops (~> 0.7)
-    webrick (1.3.1)
+    webrick (1.4.2)
 
 PLATFORMS
   ruby
@@ -254,23 +267,24 @@ DEPENDENCIES
   highlight_js-rails!
   hirb
   jquery-rails
-  jquery-textcomplete-rails!
+  jquery-textcomplete-rails
   kaminari!
   mail-gpg!
   mysql2
   rails!
   rails-erd
   rb-readline
-  redcarpet (~> 3.2.3)
+  redcarpet
   rest-client
   sanitize
   sass-rails
   sqlite3
   strip_attributes
+  totp
   tzinfo-data
   uglifier
   unicorn
   webrick
 
 BUNDLED WITH
-   1.11.2
+   1.17.3

LICENSE.txt

@@ -0,0 +1,116 @@
+CC0 1.0 Universal
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator and
+subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the
+purpose of contributing to a commons of creative, cultural and scientific
+works ("Commons") that the public can reliably and without fear of later
+claims of infringement build upon, modify, incorporate in other works, reuse
+and redistribute as freely as possible in any form whatsoever and for any
+purposes, including without limitation commercial purposes. These owners may
+contribute to the Commons to promote the ideal of a free culture and the
+further production of creative, cultural and scientific works, or to gain
+reputation or greater distribution for their Work in part through the use and
+efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation
+of additional consideration or compensation, the person associating CC0 with a
+Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
+and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
+and publicly distribute the Work under its terms, with knowledge of his or her
+Copyright and Related Rights in the Work and the meaning and intended legal
+effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not limited
+to, the following:
+
+  i. the right to reproduce, adapt, distribute, perform, display, communicate,
+  and translate a Work;
+
+  ii. moral rights retained by the original author(s) and/or performer(s);
+
+  iii. publicity and privacy rights pertaining to a person's image or likeness
+  depicted in a Work;
+
+  iv. rights protecting against unfair competition in regards to a Work,
+  subject to the limitations in paragraph 4(a), below;
+
+  v. rights protecting the extraction, dissemination, use and reuse of data in
+  a Work;
+
+  vi. database rights (such as those arising under Directive 96/9/EC of the
+  European Parliament and of the Council of 11 March 1996 on the legal
+  protection of databases, and under any national implementation thereof,
+  including any amended or successor version of such directive); and
+
+  vii. other similar, equivalent or corresponding rights throughout the world
+  based on applicable law or treaty, and any national implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention of,
+applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
+unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
+and Related Rights and associated claims and causes of action, whether now
+known or unknown (including existing as well as future claims and causes of
+action), in the Work (i) in all territories worldwide, (ii) for the maximum
+duration provided by applicable law or treaty (including future time
+extensions), (iii) in any current or future medium and for any number of
+copies, and (iv) for any purpose whatsoever, including without limitation
+commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
+the Waiver for the benefit of each member of the public at large and to the
+detriment of Affirmer's heirs and successors, fully intending that such Waiver
+shall not be subject to revocation, rescission, cancellation, termination, or
+any other legal or equitable action to disrupt the quiet enjoyment of the Work
+by the public as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason be
+judged legally invalid or ineffective under applicable law, then the Waiver
+shall be preserved to the maximum extent permitted taking into account
+Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
+is so judged Affirmer hereby grants to each affected person a royalty-free,
+non transferable, non sublicensable, non exclusive, irrevocable and
+unconditional license to exercise Affirmer's Copyright and Related Rights in
+the Work (i) in all territories worldwide, (ii) for the maximum duration
+provided by applicable law or treaty (including future time extensions), (iii)
+in any current or future medium and for any number of copies, and (iv) for any
+purpose whatsoever, including without limitation commercial, advertising or
+promotional purposes (the "License"). The License shall be deemed effective as
+of the date CC0 was applied by Affirmer to the Work. Should any part of the
+License for any reason be judged legally invalid or ineffective under
+applicable law, such partial invalidity or ineffectiveness shall not
+invalidate the remainder of the License, and in such case Affirmer hereby
+affirms that he or she will not (i) exercise any of his or her remaining
+Copyright and Related Rights in the Work or (ii) assert any associated claims
+and causes of action with respect to the Work, in either case contrary to
+Affirmer's express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+  a. No trademark or patent rights held by Affirmer are waived, abandoned,
+  surrendered, licensed or otherwise affected by this document.
+
+  b. Affirmer offers the Work as-is and makes no representations or warranties
+  of any kind concerning the Work, express, implied, statutory or otherwise,
+  including without limitation warranties of title, merchantability, fitness
+  for a particular purpose, non infringement, or the absence of latent or
+  other defects, accuracy, or the present or absence of errors, whether or not
+  discoverable, all to the greatest extent permissible under applicable law.
+
+  c. Affirmer disclaims responsibility for clearing rights of other persons
+  that may apply to the Work or any use thereof, including without limitation
+  any person's Copyright and Related Rights in the Work. Further, Affirmer
+  disclaims responsibility for obtaining any necessary consents, permissions
+  or other rights required for any use of the Work.
+
+  d. Affirmer understands and acknowledges that Creative Commons is not a
+  party to this document and has no duty or obligation with respect to this
+  CC0 or use of the Work.
+
+For more information, please see
+<http://creativecommons.org/publicdomain/zero/1.0/>

app/controllers/application_controller.rb

@@ -1,6 +1,6 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :update_ip, :update_seen, :check_banned
+  before_filter :update_ip, :update_seen, :check_banned, :check_2fa
   # TODO: use SSL
 
 
@@ -41,6 +41,14 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def check_2fa
+    # Over complicated way of asking if the user is logged in as a mod without TOTP enabled while they are not on their login settings screen, logging out, or updating their login settings.
+    if current_user && current_user.mod? && !current_user.totp_enabled? && !(controller_name == "users" && action_name == "edit_login") && !(controller_name == "sessions" && action_name == "destroy") && !(controller_name == "users" && action_name == "update_login")
+      flash[:alert] = "Due to your staff rank, you are required to enable 2FA."
+      redirect_to :controller => "users", :action => "edit_login", :id => current_user.id
+    end
+  end
+
 
   #roles
   def disabled?

app/controllers/forums_controller.rb

@@ -89,7 +89,7 @@ class ForumsController < ApplicationController
   end
 
   def forum_params(add = [])
-    a = [:name, :position, :role_read_id, :role_write_id, :necro_length] + add
+    a = [:name, :position, :role_read_id, :role_write_id, :necro_length, :disable_deletion] + add
     params.require(:forum).permit(a)
   end
 end

app/controllers/forumthreads_controller.rb

@@ -10,6 +10,7 @@ class ForumthreadsController < ApplicationController
     @threads = Forumthread.filter(current_user, params[:title].try(:slice, 0..255), params[:content].try(:slice, 0..255), params[:reply].try(:slice, 0..255), params[:label], User.find_by(ign: params[:author].to_s.strip) || params[:author], params[:query].try(:slice, 0..255), Forum.find_by(id: params[:forum]))
     .page(params[:page]).per(30)
   end
+
   def show
     if params[:reverse] == "true"
       @replies = @thread.replies.order(id: :desc).page(params[:page])
@@ -72,7 +73,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def destroy
-    if mod? || @thread.author.is?(current_user)
+    if mod? || (@thread.author.is?(current_user) && !@thread.forum.disable_deletion)
       if @thread.destroy
         flash[:notice] = "Thread deleted!"
       else

app/controllers/sessions_controller.rb

@@ -21,6 +21,10 @@ class SessionsController < ApplicationController
           flash[:alert] = "Your account has been disabled!"
         elsif user.banned?
           flash[:alert] = "You are banned!"
+        elsif user.totp_enabled && !TOTP.valid?(user.totp_secret, params[:totp_code].to_i)
+          flash[:alert] = "You're doing it wrong!"
+          render action: 'new'
+          return
         else
           session[:user_id] = user.id
           flash[:notice] = "Logged in!"

app/controllers/statics_controller.rb

@@ -20,7 +20,7 @@ class StaticsController < ApplicationController
     @players = []
     @count = 0
     begin
-      json = JSON.parse(File.read("/etc/minecraft/redstoner/plugins/ModuleLoader/players.json"))
+      json = JSON.parse(File.read("/etc/minecraft/info/players.json"))
     rescue
       flash.now[:alert] = "The server is currently offline."
     else

app/controllers/users_controller.rb

@@ -17,7 +17,7 @@ class UsersController < ApplicationController
 
   def show
     begin
-      @ban_json = JSON.parse(File.read("/etc/minecraft/redstoner/banned-players.json")).detect {|u| u["uuid"].tr("-", "") == @user.uuid}
+      @ban_json = JSON.parse(File.read("/etc/minecraft/info/banned-players.json")).detect {|u| u["uuid"].tr("-", "") == @user.uuid}
     rescue
       flash.now[:alert] = "An error occured while checking if this user is banned from the server!"
       @ban_json = nil
@@ -87,6 +87,12 @@ class UsersController < ApplicationController
         @user.uuid = user_profile["id"]
         @user.ign  = user_profile["name"] # correct case
 
+        if User.find_by(uuid: @user.uuid)
+          flash[:alert] = "You already have a Redstoner account associated with this Minecraft account. Please log in instead."
+          redirect_to login_path
+          return
+        end
+
         if validate_token(@user.uuid, @user.email, params[:registration_token])
           destroy_token(params[:email])
           @user.last_ip = request.remote_ip # showing in mail
@@ -143,9 +149,9 @@ class UsersController < ApplicationController
   def update
     if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
       if mod?
-        userdata = user_params([:name, :skype, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
+        userdata = user_params([:name, :discord, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
       else
-        userdata = user_params([:name, :skype, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark])
+        userdata = user_params([:name, :discord, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark])
       end
       if User.find_by(name: userdata[:name]) && User.find_by(name: userdata[:name]) != @user
         flash[:alert] = "You have entered a name that belongs to someone else. Please try another."
@@ -229,6 +235,11 @@ class UsersController < ApplicationController
     unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
       flash[:alert] = "You are not allowed to edit this user's login details!"
       redirect_to @user
+      return
+    end
+
+    if !@user.totp_enabled
+      @user.update(totp_secret: TOTP.secret)
     end
   end
 
@@ -251,6 +262,18 @@ class UsersController < ApplicationController
       @user.email_token = SecureRandom.hex(16) if mail_changed
       @user.confirmed   = !mail_changed
 
+      if params[:user][:totp_enabled] == "1" && !@user.totp_enabled
+        if TOTP.valid?(@user.totp_secret, params[:totp_code].to_i)
+          @user.totp_enabled = true
+        else
+          flash[:alert] = "Wrong TOTP code!"
+          render action: "edit_login"
+          return
+        end
+      elsif params[:user][:totp_enabled] == "0" && @user.totp_enabled
+        @user.totp_enabled = false
+      end
+
       # checking here for password so we can send back changes to the view
       if authenticated
         if @user.save
@@ -358,7 +381,7 @@ class UsersController < ApplicationController
   end
 
   def user_params(add = [])
-    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key] + add
+    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key, :totp_code] + add
     params.require(:user).permit(a)
   end
 end

app/helpers/users_helper.rb

@@ -51,5 +51,4 @@ module UsersHelper
       return nil
     end
   end
-
 end

app/mailers/redstoner_mailer.rb

@@ -1,8 +1,8 @@
 class RedstonerMailer < ActionMailer::Base
 
   add_template_helper(ApplicationHelper)
-  default from: "info@redstoner.com"
-  default reply_to: "redstonerserver+website@gmail.com"
+  default from: "\"Redstoner\" <noreply@redstoner.com>"
+  default reply_to: "staff@redstoner.com"
 
   def register_mail(user, uses_mc_pass)
     @user = user

app/models/user.rb

@@ -21,6 +21,7 @@ class User < ActiveRecord::Base
 
   validates :email, uniqueness: {case_sensitive: false}, format: {with: /\A.+@(.+\..{2,}|\[(IPv6)?[0-9a-f:.]+\])\z/i, message: "That doesn't look like an email address."}
   validates :ign, uniqueness: {case_sensitive: false}, format: {with: /\A[a-z\d_]+\z/i, message: "Username is invalid (a-z, 0-9, _)."}
+  validates :discord, uniqueness: {case_sensitive: false}, format: {with: /\A^(?!everyone|here|discordtag|.*```.*)([^@#:]{2,32}#[0-9]{4})$\z/i, message: "Discord name is invalid."}, allow_blank: true
 
   validates :public_key, format: {with: /\A(-----BEGIN PGP PUBLIC KEY BLOCK-----((.|\n)*?)-----END PGP PUBLIC KEY BLOCK-----)?\z/i, message: "That doesn't look like a PGP formatted public key."}
 
@@ -168,7 +169,7 @@ class User < ActiveRecord::Base
     self.ign.strip! if self.ign
     self.email.strip! if self.email
     self.about.strip! if self.about
-    self.skype.strip! if self.skype
+    self.discord.strip! if self.discord
     self.youtube.strip! if self.youtube
     self.twitter.strip! if self.twitter
   end

app/views/blogposts/edit.html.erb

@@ -1,10 +1,10 @@
-<% title "Edit News: #{@post.title}" %>
+<% title "Edit Post: #{@post.title}" %>
 
-<h1>Edit post</h1>
+<h1>Edit Post: #{@post.title}</h1>
 <%= form_for @post do |f|%>
   <%= f.text_field :title %>
   <%= render partial: "md_editor", locals: {name: "blogpost[content]", content: @post.content} %>
   <p><%= f.submit "Update Post", class: "btn blue left" %></p>
 <% end %>
-<p><%= button_to "Delete post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right" %></p>
+<p><%= button_to "Delete Post", @post, method: "delete", data: {confirm: "Delete post & comments forever?"}, class: "btn red right" %></p>
 <div class="clear"></div>

app/views/blogposts/index.html.erb

@@ -1,7 +1,7 @@
 <% title "News" %>
 
 <h1>News</h1>
-<%= link_to 'Make new Post', new_blogpost_path, class: "btn blue" if mod? %>
+<%= link_to 'New Post', new_blogpost_path, class: "btn blue" if mod? %>
 <div id="posts">
   <% @posts.each do |p| %>
     <div class="item-group with-avatar" id="post-<%= p.id %>">

app/views/comments/_new.html.erb

@@ -1,4 +1,4 @@
-<h3>New comment</h3>
+<h3>New Comment</h3>
 <%= form_for [@post, @comment] do |f| %>
   <%= render partial: "md_editor", locals: {name: "comment[content]", content: @comment.content} %>
   <p><%= f.submit class: "btn blue" %></p>

app/views/comments/edit.html.erb

@@ -1,10 +1,10 @@
 <% title "Edit Comment: #{@comment.blogpost.title}" %>
 
-<h1>Edit comment</h1>
+<h1>Edit Comment</h1>
 
 <%= form_for [@comment.blogpost, @comment] do |f| %>
   <%= render partial: "md_editor", locals: {name: "comment[content]", content: @comment.content} %>
   <p><%= f.submit "Update Comment", class: "btn blue left" %></p>
 <% end %>
-<p><%= button_to "Delete comment", [@comment.blogpost, @comment] , method: "delete", data: {confirm: "Delete comment forever?"}, class: "btn red right" %></p>
+<p><%= button_to "Delete Comment", [@comment.blogpost, @comment] , method: "delete", data: {confirm: "Delete comment forever?"}, class: "btn red right" %></p>
 <div class="clear"></div>

app/views/forumgroups/edit.html.erb

@@ -34,7 +34,7 @@
       <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
     </tr>
   </table>
-  <p><%= f.submit "Update group", class: "btn blue left" %></p>
+  <p><%= f.submit "Update Group", class: "btn blue left" %></p>
 <% end %>
-<p><%= button_to "Delete group", @group, :method => "delete", data: {confirm: "Delete group?\nForums + Threads will not be accessible!"}, class: "btn red right" %></p>
+<p><%= button_to "Delete Group", @group, :method => "delete", data: {confirm: "Delete group?\nForums + Threads will not be accessible!"}, class: "btn red right" %></p>
 <div class="clear"></div>

app/views/forumgroups/new.html.erb

@@ -1,6 +1,6 @@
 <% title "New Forum: #{@group.name}" %>
 
-<h1>New forum group</h1>
+<h1>New Forum Group</h1>
 <% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
 <%= form_for @group do |f|%>
   <table>
@@ -21,6 +21,6 @@
       <td><%= f.select :role_write_id, role_selection, include_blank: false %></td>
     </tr>
   </table>
-  <p><%= f.submit "Create group", class: "btn blue left" %></p>
+  <p><%= f.submit "Create Group", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>

app/views/forums/edit.html.erb

@@ -25,8 +25,12 @@
       <td><%= f.label :necro_length, "Necropost warning delay (in days)" %></td>
       <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)" %></td>
     </tr>
+    <tr>
+      <td><%= f.label :disable_deletion, "Disable deletion of threads for non-staff" %></td>
+      <td><%= f.check_box :disable_deletion %></td>
+    </tr>
   </table>
-  <p><%= f.submit "Update forum", class: "btn blue left" %></p>
+  <p><%= f.submit "Update Forum", class: "btn blue left" %></p>
 <% end %>
-<p><%= button_to "Delete forum", @forum, method: "delete", data: {confirm: "Delete forum forever?\nThreads won't be accessible!"}, class: "btn red right" %></p>
+<p><%= button_to "Delete Forum", @forum, method: "delete", data: {confirm: "Delete forum forever?\nThreads won't be accessible!"}, class: "btn red right" %></p>
 <div class="clear"></div>

app/views/forums/index.html.erb

@@ -1,6 +1,6 @@
 <% title "Forums" %>
 
-<%= link_to "All threads", forumthreads_path, class: "btn blue right" %>
+<%= link_to "Search All Threads", forumthreads_path, class: "btn blue right" %>
 <br>
 <div id="forum_groups">
   <% @groups.each do |group| %>

app/views/forums/new.html.erb

@@ -25,8 +25,12 @@
       <td><%= f.label :necro_length, "Necropost warning delay (in days)" %></td>
       <td><%= f.number_field :necro_length, placeholder: "Warning Delay (leave blank for no warning)" %></td>
     </tr>
+    <tr>
+      <td><%= f.label :disable_deletion %></td>
+      <td><%= f.check_box :disable_deletion %></td>
+    </tr>
   </table>
   <%= f.hidden_field :forumgroup_id %>
-  <p><%= f.submit "Create forum", class: "btn blue left" %></p>
+  <p><%= f.submit "Create Forum", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>

app/views/forums/show.atom.builder

@@ -0,0 +1,19 @@
+atom_feed do |feed|
+  feed.title @forum.name + "'s Latest Threads"
+  feed.updated Time.now
+
+  @threads.limit(10).each do |thread|
+    unless thread.sticky?
+      feed.entry thread do |entry|
+        entry.updated thread.updated_at
+        entry.author do |a|
+          a.name thread.author.name
+          a.uri user_url(thread.author)
+        end
+        entry.url forumthread_url(thread)
+        entry.title thread.title
+        entry.content render_md(thread.content).html_safe, :type => 'html'
+      end
+    end
+  end
+end

app/views/forums/show.html.erb

@@ -6,7 +6,7 @@
 </h1>
 <% if @forum.can_write?(current_user) %>
   <p>
-    <%= link_to "New thread", new_forumthread_path(forum: @forum), class: "btn blue" %>
+    <%= link_to "New Thread", new_forumthread_path(forum: @forum), class: "btn blue" %>
   </p>
 <% end %>
 

app/views/forumthreads/edit.html.erb

@@ -11,7 +11,9 @@
   end
 %>
 
-<h1>Edit thread</h1>
+<% forum = Forum.find(@thread.forum_id) %>
+
+<h1>Edit Thread</h1>
 <%= link_to @thread.forum.group, forumgroup_path(@thread.forum.group) %> → <%= link_to @thread.forum, @thread.forum %> → <%= link_to @thread, @thread %> → Edit thread
 <%= form_for @thread do |f|%>
   <table>
@@ -35,7 +37,9 @@
     <%= f.text_field :title, placeholder: "Title" %>
   </div>
   <%= render partial: "md_editor", locals: {name: "forumthread[content]", content: @thread.content} %>
-  <p><%= f.submit "Update thread", class: "btn blue left" %></p>
+  <p><%= f.submit "Update Thread", class: "btn blue left" %></p>
+<% end %>
+<% if mod? || !forum.disable_deletion %>
+  <%= button_to "Delete Thread", @thread, :method => "delete", data: {confirm: "Delete thread & comments forever?"}, class: "btn red right" %>
 <% end %>
-<%= button_to "Delete thread", @thread, :method => "delete", data: {confirm: "Delete thread & comments forever?"}, class: "btn red right" %>
 <div class="clear"></div>

app/views/forumthreads/index.html.erb

@@ -10,14 +10,14 @@
     if params[:forum]
       text = "forum '#{Forum.find(params[:forum]).name}'"
       if params_list.except(:forum).any?
-        text = "Search results in #{text} (#{@threads.total_count})"
+        text = "Search Results in #{text} (#{@threads.total_count})"
       else
         text = text.capitalize
       end
     elsif params_list.any?
-      text = "Search results (#{@threads.total_count})"
+      text = "Search Results (#{@threads.total_count})"
     else
-      text = "All threads"
+      text = "All Threads"
     end
   %>
   <%= title text %>

app/views/forumthreads/new.html.erb

@@ -8,7 +8,7 @@
 %>
 
 <%= link_to @thread.forum.group, forumgroup_path(@thread.forum.group) %> → <%= link_to @thread.forum, @thread.forum %> → New thread
-<h1>New thread</h1>
+<h1>New Thread</h1>
 <%= form_for @thread do |f|%>
   <table>
     <% if mod? %>
@@ -30,6 +30,6 @@
   </div>
   <%= render partial: "md_editor", locals: {name: "forumthread[content]", content: @thread.content} %>
   <%= f.hidden_field :forum_id %>
-  <p><%= f.submit "Create thread", class: "btn blue left" %></p>
+  <p><%= f.submit "Create Thread", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>

app/views/layouts/_footer.html.erb

@@ -17,13 +17,8 @@
     <%= link_to "https://mstdn.io/@RedstonerServer", title: "Redstoner on Mastodon" do %>
       Mastodon <%= image_tag("mastodon.png") %>
     <% end %> |
-    <%= link_to "http://rdstnr4biap5nao2.onion", title: "Redstoner over Tor" do %>
-      Onion Service <%= image_tag("tor.png") %>
-    <% end %>
-    <% if current_user %>
-      | <%= link_to "/slack/?" + {mail: current_user.try(:email)}.to_param do %>
-        Join us on <img src="/slack/badge.svg" alt="Slack">
-      <% end %>
+    <%= link_to "https://discord.gg/QjfcPEJ", title: "Redstoner's Official Discord" do %>
+      Discord <%= image_tag("discord.png") %>
     <% end %>
   </div>
 </div>

app/views/layouts/application.html.erb

@@ -10,7 +10,7 @@
   <% end %>
   <%= csrf_meta_tags %>
   <%= favicon_link_tag "favicon.ico" %>
-  <%= javascript_include_tag "https://cdn.rawgit.com/jomo/ago.js/v0.0.1/ago.min.js", crossorigin: :anonymous, integrity: "sha256-xw0JUUdbuZQCVO+QScoxrlEsD4nZGCjMRh9PP8GLhcY=" %>
+  <%= javascript_include_tag "https://cdn.jsdelivr.net/gh/jomo/ago.js@0.0.1/ago.min.js", crossorigin: :anonymous, integrity: "sha256-xw0JUUdbuZQCVO+QScoxrlEsD4nZGCjMRh9PP8GLhcY=" %>
   <%= javascript_include_tag "application" %>
   <link type="application/atom+xml" rel="alternate" href="<%= blogposts_path(:atom) %>">
   <%= yield(:site_headers) %>

app/views/redstoner_mailer/email_change_confirm_mail.html.erb

@@ -26,7 +26,7 @@
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+        <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>

app/views/redstoner_mailer/new_post_comment_mail.html.erb

@@ -25,7 +25,7 @@
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+        <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>

app/views/redstoner_mailer/new_post_mention_mail.html.erb

@@ -22,7 +22,7 @@
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+        <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>

app/views/redstoner_mailer/new_thread_mention_mail.html.erb

@@ -24,7 +24,7 @@
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+        <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>

app/views/redstoner_mailer/new_thread_reply_mail.html.erb

@@ -27,7 +27,7 @@
       <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
       <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
       <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-      <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+      <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
     </p>
   </div>
 </div>

app/views/redstoner_mailer/register_mail.html.erb

@@ -38,7 +38,7 @@
         <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
         <%= link_to "Mastodon", "https://mstdn.io/@RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> |
-        <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %>
+        <%= link_to "Email", "mailto:staff@redstoner.com", style: "text-decoration: none; color: #4096EE;" %>
       </p>
     </div>
   </div>

app/views/sessions/new.html.erb

@@ -1,6 +1,6 @@
-<% title "Log in" %>
+<% title "Log In" %>
 
-<h1>Log in</h1>
+<h1>Log In</h1>
 <p>Not a member? <%= link_to "Join us", signup_path %>!</p>
 <%= form_tag login_path do |f| %>
   <table>
@@ -16,6 +16,14 @@
       <td></td>
       <td><%= link_to "Lost your password?", lost_password_users_path %></td>
     </tr>
+    <tr>
+      <td><%= label_tag :totp_code %></td>
+      <td><%= text_field_tag :totp_code, nil, placeholder: "123456", required: false %></td>
+    </tr>
+    <tr>
+      <td></td>
+      <td>Leave this field blank if you do not have 2FA enabled.</td>
+    </tr>
   </table>
   <p><%= submit_tag "Log in", class: "btn blue" %></p>
 <% end %>

app/views/statics/donate.html.erb

@@ -19,6 +19,7 @@
 <ul>
   <li>The warm feeling of donating for a good thing, plus a huge "<b>thank you</b>"!
   <li>You can have a nickname. See <%= link_to "our nickname guidelines", info_path("12-nickname-guidelines") %>
+  <li>You can chat in <font color="red">color</font> in-game.</i>  
   <li>A "$" next to your name <i>(Including website)</i>
   <li><i>Donator+</i> has access to the in-game command <code>/lol id</code></li>
 </ul>
@@ -26,11 +27,11 @@
 <div class="donations">
   <div class="donation">
     <div class="left">
-      <img src="https://crafatar.com/renders/body/97a4928198f045998e0e7a97eabae6ae?overlay=true&scale=3" alt="sponsor's skin" class="body">
+      <img src="https://crafatar.com/renders/body/d2693e91-93e1-4e3f-929f-f38e1ce8df03?overlay=true&scale=3" alt="sponsor's skin" class="body">
     </div>
     <div>
       <h1>Donate to our server sponsor</h1>
-      <h4>PotatoKek pays for the server hardware. You can help him by donating here.</h4>
+      <h4>Pepich1851 pays for the server hardware. You can help him by donating here.</h4>
       <form target="_blank" method="post" action="https://www.paypal.com/cgi-bin/webscr">
         <% if current_user %>
           <input name="custom" type="hidden" placeholder="Your Minecraft name" value="<%= current_user.ign %>">

app/views/threadreplies/edit.html.erb

@@ -1,4 +1,4 @@
-<% title "Edit Thread Reply: #{@reply.thread.title}" %>
+<% title "Edit Reply: #{@reply.thread.title}" %>
 
 <%
   position = @reply.thread.replies.order(:id).index(@reply)
@@ -6,10 +6,10 @@
 %>
 
 <%= link_to @reply.thread.forum.group, forumgroup_path(@reply.thread.forum.group) %> → <%= link_to @reply.thread.forum, @reply.thread.forum %> → <%= link_to @reply.thread, forumthread_path(@reply.thread, page: page) + "#reply-#{@reply.id}" %> → Edit reply
-<h1>Edit reply</h1>
+<h1>Edit Reply</h1>
 <%= form_for [@reply.thread, @reply] do |f| %>
   <%= render partial: "md_editor", locals: {name: "threadreply[content]", content: @reply.content} %>
   <p><%= f.submit "Reply", class: "btn blue left" %></p>
 <% end %>
-<p><%= button_to "Delete reply", [@reply.thread, @reply], method: "delete", data: {confirm: "Delete reply forever?"}, class: "btn red right" %></p>
+<p><%= button_to "Delete Reply", [@reply.thread, @reply], method: "delete", data: {confirm: "Delete reply forever?"}, class: "btn red right" %></p>
 <div class="clear"></div>

app/views/users/change_password.html.erb

@@ -1,6 +1,6 @@
 <% title "Change Password" %>
 
-<h1>Change password</h1>
+<h1>Change Password</h1>
 
 <%= form_for @user do |f| %>
   <%= f.text_field :current_password %>

app/views/users/edit.html.erb

@@ -7,7 +7,7 @@
 %>
 
 <%= link_to @user.name, @user %> → Edit
-<h1>Edit profile</h1>
+<h1>Edit Profile</h1>
 
 <%= form_for @user do |f| %>
   <table>
@@ -43,9 +43,9 @@
         </tr>
       <% end %>
       <tr>
-        <td>Skype username</td>
+        <td>Discord username</td>
         <td>
-          <%= f.text_field :skype, placeholder: "Skype username", disabled: !can_edit? %>
+          <%= f.text_field :discord, placeholder: "Discord username", disabled: !can_edit? %>
         </td>
       </tr>
       <tr>
@@ -69,11 +69,11 @@
     </tbody>
   </table>
 
-<p><%= f.submit "Save profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p>
+<p><%= f.submit "Save Profile", class: "btn variable-size left", disabled: (!@user.confirmed? && @user.is?(current_user)) %></p>
 <p>
-  <%= link_to "Edit login details", edit_login_user_path(@user), class: "btn variable-size right" %>
-  <%= link_to "Notification settings", edit_notifications_user_path(@user), class: "btn variable-size right" %>
-  <%= link_to "Website settings", edit_website_settings_user_path(@user), class: "btn variable-size right" %>
+  <%= link_to "Login Settings", edit_login_user_path(@user), class: "btn variable-size right" %>
+  <%= link_to "Notification Settings", edit_notifications_user_path(@user), class: "btn variable-size right" %>
+  <%= link_to "Website Settings", edit_website_settings_user_path(@user), class: "btn variable-size right" %>
 </p>
 <div class="clear"></div>
 

app/views/users/edit_login.html.erb

@@ -1,7 +1,7 @@
 <% title "Edit Login Credentials: #{@user.name}" %>
 
-<%= link_to @user.name, @user %> → Edit Login credentials
-<h1>Edit Login credentials</h1>
+<%= link_to @user.name, @user %> → Edit Login settings
+<h1>Edit Login Settings</h1>
 
 
 <%= form_for @user, url: update_login_user_path(@user), method: :put do |f| %>
@@ -25,14 +25,51 @@
           <%= f.password_field :password_confirmation %>
         </td>
       </tr>
+    </tbody>
+  </table>
+  <hr>
+  <table>
+    <tbody>
+      <tr>
+        <td>2FA Enabled</td>
+        <td>
+          <%= f.check_box :totp_enabled %>
+        </td>
+      </tr>
+      <tr>
+        <td>TOTP Secret</td>
+        <td>
+          <% if !@user.totp_enabled? %>
+          <%= f.text_field :totp_secret, :readonly => true %>
+          <% else %>
+          <i>2FA is currently enabled. Disable 2FA to generate a new secret.</i>
+          <% end %>
+        </td>
+      </tr>
+    </tbody>
+  </table>
+  <hr>
+  <table>
+    <tbody>
       <tr>
         <td>Current password</td>
         <td>
           <%= password_field_tag :current_password, nil, disabled: !@user.is?(current_user) %>
         </td>
       </tr>
+      <% if !@user.totp_enabled? %>
+      <tr>
+        <td>TOTP Code</td>
+        <td>
+          <%= text_field_tag :totp_code, nil, disabled: !@user.is?(current_user) %>
+        </td>
+      </tr>
+      <tr>
+        <td></td>
+        <td><i>Leave this field blank if you are not enabling 2FA.</i></td>
+      <% end %>
     </tbody>
   </table>
-  <p><%= f.submit "Save changes", class: "btn blue left" %></p>
+  <p><%= f.submit "Save Changes", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>

app/views/users/edit_notifications.html.erb

@@ -48,6 +48,6 @@
   <h3>Public Key</h1>
   <p>All notification emails will be encrypted with this key if you supply it.</p>
   <%= f.text_area :public_key, placeholder: "-----BEGIN PGP PUBLIC KEY BLOCK-----" %>
-  <p><%= f.submit "Save changes", class: "btn blue left" %></p>
+  <p><%= f.submit "Save Changes", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>

app/views/users/edit_website_settings.html.erb

@@ -8,7 +8,7 @@
   <table>
     <tbody>
       <tr>
-        <td>Header moves with scrolling (Experimental - do not report bugs)</td>
+        <td>Header moves with scrolling</td>
         <td>
           <%= f.check_box :header_scroll %>
         </td>
@@ -20,15 +20,13 @@
         </td>
       </tr>
       <tr>
-        <td>Dark theme*</td>
+        <td>Dark theme</td>
         <td>
           <%= f.check_box :dark %>
         </td>
       </tr>
     </tbody>
   </table>
-  <p><%= f.submit "Save changes", class: "btn blue left" %></p>
+  <p><%= f.submit "Save Changes", class: "btn blue left" %></p>
   <div class="clear"></div>
 <% end %>
-<br><br><br>
-*Warning: If as a result to enabling this style your eyes get infected with a severe case of eye cancer, we are not reliable for any damage. Please contact your doctor in advance to ensure that in case of infection you will be treated accordingly. Quality theme  brought to you by Redempt™.

app/views/users/lost_password.html.erb

@@ -1,6 +1,6 @@
-<% title "Reset password" %>
+<% title "Reset Password" %>
 
-<h1>Reset password</h1>
+<h1>Reset Password</h1>
 <p>You lost your password? Don't do that!</p>
 <p>Luckily for you, you can reset your password. Please use the command <code>/gettoken &lt;your email address&gt;</code>, then fill in the form below:</p>
 <%= form_tag reset_password_users_path do |f| %>
@@ -22,5 +22,5 @@
       <td><%= password_field_tag :new_password, nil, placeholder: "secret", required: true, pattern: ".{8,}", title: "minimum 8 characters", "x-moz-errormessage" => "minimum 8 characters" %></td>
     </tr>
   </table>
-  <p><%= submit_tag "Reset password", class: "btn blue" %></p>
+  <p><%= submit_tag "Reset Password", class: "btn blue" %></p>
 <% end %>

app/views/users/new.html.erb

@@ -1,6 +1,6 @@
-<% title "Sign up" %>
+<% title "Sign Up" %>
 
-<h1>Sign up</h1>
+<h1>Sign Up</h1>
 
 <%= form_for @user do |f| %>
   <table>
@@ -38,7 +38,7 @@
     You can find more details in our info page about <a href="/info/15">tokens and website registration</a>.
   </p>
 
-  <%= f.submit "Sign up", class: "btn blue" %>
+  <%= f.submit "Sign Up", class: "btn blue" %>
 
   <p>Contact us ingame if you have problems signing up!</p>
 <% end %>

app/views/users/show.html.erb

@@ -25,7 +25,7 @@
   <% if !@user.confirmed? %>
     <% if @user.is?(current_user) || mod? %>
       <span class="user-unconfirmed">Please confirm your email <u><%= @user.email %></u> !</span>
-      <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn dark", form_class: "inline-block", data: {confirm: "Did you check your spam folder?"} %>
+      <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn blue", form_class: "inline-block", data: {confirm: "Did you check your spam folder?"} %>
     <% else %>
       <span class="user-unconfirmed">This user hasn't confirmed their email yet!</span>
     <% end %>
@@ -54,10 +54,10 @@
         <td><b>Role</b></td>
         <td><%= link_to @user.role, users_path(:role => @user.role.name) %></td>
       </tr>
-      <% if current_user && !@user.skype.blank? %>
+      <% if current_user && !@user.discord.blank? %>
       <tr>
-        <td><b>Skype</b></td>
-        <td><%= link_to @user.skype, "skype:#{@user.skype}?chat", target: "_blank" %></a></td>
+        <td><b>Discord</b></td>
+        <td><%= @user.discord %></td>
       </tr>
       <% end %>
       <% if !@user.youtube.blank? && !@user.youtube_channelname.blank? %>
@@ -82,15 +82,6 @@
         <td><b>Joined</b></td>
         <td><%= ago @user.created_at %></td>
       </tr>
-      <% if mod? || @user.is?(current_user) %>
-        <tr>
-          <td><b>Last IP</b></td>
-          <td><%= @user.last_ip %></td>
-        </tr>
-        <tr>
-          <td><b>Email</b></td>
-          <td><%= mail_to @user.email, @user.email, :subject => "Redstoner" %></td>
-        </tr>
       <tr>
         <td><b>Last seen</b></td>
         <td>
@@ -101,6 +92,15 @@
           <% end %>
         </td>
       </tr>
+      <% if mod? || @user.is?(current_user) %>
+        <tr>
+          <td><b>Last IP</b></td>
+          <td><%= @user.last_ip %></td>
+        </tr>
+        <tr>
+          <td><b>Email</b></td>
+          <td><%= mail_to @user.email, @user.email, :subject => "Redstoner" %></td>
+        </tr>
       <% end %>
     </tbody>
   </table>

config/deploy.rb

@@ -1,5 +1,5 @@
 # config valid only for current version of Capistrano
-lock '3.4.0'
+lock '3.11.0'
 
 set :repo_url, 'https://github.com/RedstonerServer/redstoner.com'
 
@@ -13,9 +13,9 @@ set :default_environment, {
 
 set :keep_releases, 5
 
-set :deploy_to, -> { "/home/www-data/apps/#{fetch(:application)}" }
+set :deploy_to, -> { "/var/www/#{fetch(:application)}" }
 
-set :rbenv_ruby, '2.0.0-p648'
+set :rbenv_ruby, '2.5.0-dev'
 
 set :bundle_without, %w{development test}.join(' ')
 

config/environments/development.rb

@@ -37,12 +37,12 @@ Redstoner::Application.configure do
   }
 
   config.action_mailer.smtp_settings = {
-    address:        "smtp.gmail.com",
-    port:           587,
-    domain:         "google.com",
-    authentication: "plain",
-    user_name:      "redstonerserver@gmail.com",
-    password:       ENV["GMAIL_PASSWORD"],
+    address:        ENV["SMTP_ADDRESS"],
+    port:           ENV["SMTP_PORT"],
+    domain:         "redstoner.com",
+    authentication: ENV["SMTP_AUTH"],
+    user_name:      ENV["SMTP_USERNAME"],
+    password:       ENV["SMTP_PASSWORD"],
   }
 
 end

config/environments/production.rb

@@ -71,12 +71,12 @@ Redstoner::Application.configure do
   }
 
   config.action_mailer.smtp_settings = {
-    address:        "smtp.gmail.com",
-    port:           587,
-    domain:         "google.com",
-    authentication: "plain",
-    user_name:      "redstonerserver@gmail.com",
-    password:       ENV["GMAIL_PASSWORD"],
+    address:        ENV["SMTP_ADDRESS"],
+    port:           ENV["SMTP_PORT"],
+    domain:         "redstoner.com",
+    authentication: ENV["SMTP_AUTH"],
+    user_name:      ENV["SMTP_USERNAME"],
+    password:       ENV["SMTP_PASSWORD"],
   }
 
 end

config/unicorn.rb

@@ -3,8 +3,8 @@ timeout 15
 preload_app true
 
 
-stderr_path "/home/www-data/apps/redstoner/shared/log/unicorn.stderr.log"
-stdout_path "/home/www-data/apps/redstoner/shared/log/unicorn.stdout.log"
+stderr_path "/var/www/redstoner/shared/log/unicorn.stderr.log"
+stdout_path "/var/www/redstoner/shared/log/unicorn.stdout.log"
 
 before_fork do |server, worker|
   Signal.trap 'TERM' do

db/migrate/20180606223258_add_totp_to_users.rb

@@ -0,0 +1,6 @@
+class AddTotpToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :totp_secret, :string
+    add_column :users, :totp_enabled, :boolean, default: false
+  end
+end

db/migrate/20190222152220_drop_forums_labels.rb

@@ -0,0 +1,5 @@
+class DropForumsLabels < ActiveRecord::Migration
+  def change
+    drop_table :forums_labels
+  end
+end

db/migrate/20190222152638_remove_skype_add_discord_from_users.rb

@@ -0,0 +1,6 @@
+class RemoveSkypeAddDiscordFromUsers < ActiveRecord::Migration
+  def change
+    remove_column :users, :skype
+    add_column    :users, :discord, :string
+  end
+end

db/migrate/20190224093907_disable_deletion_forums.rb

@@ -0,0 +1,5 @@
+class DisableDeletionForums < ActiveRecord::Migration
+  def change
+    add_column :forums, :disable_deletion, :boolean
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171013001146) do
+ActiveRecord::Schema.define(version: 20190224093907) do
 
   create_table "badges", force: :cascade do |t|
     t.string  "name",   limit: 191
@@ -52,11 +52,7 @@ ActiveRecord::Schema.define(version: 20171013001146) do
     t.integer "role_write_id",    limit: 4
     t.integer "forumgroup_id",    limit: 4
     t.integer "necro_length",     limit: 4
-  end
-
-  create_table "forums_labels", id: false, force: :cascade do |t|
-    t.integer "forum_id", limit: 4
-    t.integer "label_id", limit: 4
+    t.boolean "disable_deletion",                 default: false
   end
 
   create_table "forumthreads", force: :cascade do |t|
@@ -134,7 +130,6 @@ ActiveRecord::Schema.define(version: 20171013001146) do
     t.string   "email",                       limit: 191
     t.text     "about",                       limit: 65535
     t.string   "last_ip",                     limit: 255
-    t.string   "skype",                       limit: 255
     t.string   "youtube",                     limit: 255
     t.string   "youtube_channelname",         limit: 255
     t.string   "twitter",                     limit: 255
@@ -154,12 +149,15 @@ ActiveRecord::Schema.define(version: 20171013001146) do
     t.boolean  "header_scroll",                             default: false
     t.boolean  "dark",                                      default: false
     t.text     "public_key",                  limit: 65535
+    t.string   "totp_secret",                 limit: 255
+    t.boolean  "totp_enabled",                              default: false
+    t.string   "discord",                     limit: 191
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
   add_index "users", ["ign"], name: "index_users_on_ign", unique: true, using: :btree
   add_index "users", ["name"], name: "index_users_on_name", unique: true, using: :btree
-  add_index "users", ["skype"], name: "index_users_on_skype", unique: true, using: :btree
+  add_index "users", ["discord"], name: "index_users_on_discord", unique: true, using: :btree
   add_index "users", ["twitter"], name: "index_users_on_twitter", unique: true, using: :btree
   add_index "users", ["uuid"], name: "index_users_on_uuid", unique: true, using: :btree
   add_index "users", ["youtube"], name: "index_users_on_youtube", unique: true, using: :btree

db/seeds.rb

@@ -32,7 +32,7 @@ deleted_user = User.create!(
   password_confirmation: userpw,
   role: Role.get(:disabled),
   badge: Badge.get(:none),
-  skype: "echo123",
+  discord: "echo123#9804",
   last_ip: "0.0.0.0",
   confirmed: true,
   last_seen: Time.utc(0).to_datetime,