From 369087d61e36460a28a51d5d6e891aca461953f5 Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Thu, 2 Feb 2023 19:55:41 -0500
Subject: [PATCH 01/24] chore(deps): update dependencies/requirements

---
 composer.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/composer.json b/composer.json
index c530929139..7ce18e88c0 100644
--- a/composer.json
+++ b/composer.json
@@ -8,7 +8,7 @@
     ],
     "license": "MIT",
     "require": {
-        "php": "^7.4",
+        "php": "~8.1",
         "boxconnect/deviant-php": "dev-master",
         "doctrine/dbal": "2.2",
         "erusev/parsedown": "^1.7",
@@ -22,7 +22,7 @@
         "illuminate/support": "^5.6|^6.0|^7.0|^8.0",
         "intervention/image": "^2.4",
         "laracasts/flash": "^3.0",
-        "laravel/framework": "8.0",
+        "laravel/framework": "^8.0",
         "laravel/helpers": "^1.4",
         "laravel/socialite": "^5.2",
         "laravel/tinker": "^2.0",
@@ -34,7 +34,7 @@
         "socialiteproviders/tumblr": "^4.1",
         "socialiteproviders/twitch": "^5.3",
         "socialiteproviders/twitter": "^4.1",
-        "spatie/laravel-honeypot": "^2.3.0"
+        "spatie/laravel-honeypot": "^4.1"
     },
     "require-dev": {
         "beyondcode/laravel-dump-server": "^1.0",

From b1bc11ddaf9cd0643f4dd690f69383898c4b73fa Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Thu, 2 Feb 2023 20:00:10 -0500
Subject: [PATCH 02/24] chore(deps): update doctrine/dbal

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 7ce18e88c0..70a3429869 100644
--- a/composer.json
+++ b/composer.json
@@ -10,7 +10,7 @@
     "require": {
         "php": "~8.1",
         "boxconnect/deviant-php": "dev-master",
-        "doctrine/dbal": "2.2",
+        "doctrine/dbal": "^2.2",
         "erusev/parsedown": "^1.7",
         "ezyang/htmlpurifier": "^4.10",
         "fideloper/proxy": "^4.0",

From 130ccb2b09f1e8dd4ab9c0b5cdd468ddd9d91492 Mon Sep 17 00:00:00 2001
From: Uri <45401276+preimpression@users.noreply.github.com>
Date: Sun, 28 May 2023 08:50:51 -0400
Subject: [PATCH 03/24] fix: fix lowercase "auth" references (#523)

* hotfix: Fixing error with lowercase "auth"

* hotfix: Adding "auth" fix to CommentPolicy
---
 app/Policies/CommentPolicy.php                 | 2 +-
 resources/views/admin/reports/report.blade.php | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/Policies/CommentPolicy.php b/app/Policies/CommentPolicy.php
index 2ae835b7e6..5b554228ed 100644
--- a/app/Policies/CommentPolicy.php
+++ b/app/Policies/CommentPolicy.php
@@ -27,7 +27,7 @@ public function create($user) : bool
      */
     public function delete($user, Comment $comment) : bool
     {
-            if(auth::user()->isStaff) {
+            if(Auth::user()->isStaff) {
                 return true;
             }
             else {
diff --git a/resources/views/admin/reports/report.blade.php b/resources/views/admin/reports/report.blade.php
index df38b7577c..fea7737a46 100644
--- a/resources/views/admin/reports/report.blade.php
+++ b/resources/views/admin/reports/report.blade.php
@@ -6,7 +6,7 @@
     {!! breadcrumbs(['Admin Panel' => 'admin', 'Report Queue' => 'admin/reports/pending', 'Report (#' . $report->id . ')' => $report->viewUrl]) !!}
 
 @if($report->status !== 'Closed')
-    @if($report->status == 'Assigned' && auth::user()->id !== $report->staff_id)
+    @if($report->status == 'Assigned' && Auth::user()->id !== $report->staff_id)
     <div class="alert alert-danger">This report is not assigned to you</div>
     @elseif($report->status == 'Pending')
     <div class="alert alert-warning">This report needs assigning</div>
@@ -58,7 +58,7 @@
     @endif
     
     {!! Form::open(['url' => url()->current(), 'id' => 'reportForm']) !!}
-    @if($report->status == 'Assigned' && auth::user()->id == $report->staff_id)
+    @if($report->status == 'Assigned' && Auth::user()->id == $report->staff_id)
     @if(Auth::user()->hasPower('manage_reports'))<div class="alert alert-warning">Please include a small paragraph on the solution and as many important details as you deem necessary, as the user will no longer be able to view the comments after the report is closed</div>@endif
 		<div class="form-group">
             {!! Form::label('staff_comments', 'Staff Comments (Optional)') !!}
@@ -69,7 +69,7 @@
     @if($report->staff_id == NULL)
             <a href="#" class="btn btn-danger mr-2" id="assignButton">Assign</a>
     @endif
-    @if($report->status == 'Assigned' && auth::user()->id == $report->staff_id)
+    @if($report->status == 'Assigned' && Auth::user()->id == $report->staff_id)
             <a href="#" class="btn btn-success" id="closalButton">Close</a>
         </div>
     @endif
@@ -156,4 +156,4 @@
 
     </script>
 @endif
-@endsection
\ No newline at end of file
+@endsection

From 678b9a0c7b5aead130e65cd9a95302753d6c7af2 Mon Sep 17 00:00:00 2001
From: itinerare <63693594+itinerare@users.noreply.github.com>
Date: Sun, 28 May 2023 08:58:50 -0400
Subject: [PATCH 04/24] chore(update): 2.1.2

---
 config/lorekeeper/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index da04ee4780..aca647222d 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.0',
+    'version' => '2.1.2',
 
     /*
     |--------------------------------------------------------------------------

From 9ad83b865b53e8c90a38c44128d65d62001e312c Mon Sep 17 00:00:00 2001
From: SpeedyD <speedydvv@gmail.com>
Date: Sun, 15 Oct 2023 23:20:31 +0200
Subject: [PATCH 05/24] Fix(MYOs): Allows character images to work locally

---
 app/Services/CharacterManager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Services/CharacterManager.php b/app/Services/CharacterManager.php
index e052081461..881425a81a 100644
--- a/app/Services/CharacterManager.php
+++ b/app/Services/CharacterManager.php
@@ -237,8 +237,8 @@ private function handleCharacterImage($data, $character, $isMyo = false)
                 // Use default images for MYO slots without an image provided
                 if(!isset($data['image']))
                 {
-                    $data['image'] = asset('images/myo.png');
-                    $data['thumbnail'] = asset('images/myo-th.png');
+                    $data['image'] = public_path('images/myo.png');
+                    $data['thumbnail'] = public_path('images/myo-th.png');
                     $data['extension'] = 'png';
                     $data['default_image'] = true;
                     unset($data['use_cropper']);

From 5142ee3655f9e18ba5aa53bb16e2c389c4425f91 Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Mon, 16 Oct 2023 08:38:16 -0400
Subject: [PATCH 06/24] fix(comments): more robust handling for non user-user
 comments

---
 app/Console/Commands/UpdateCommentTypes.php   | 52 +++++++++++++++++++
 app/Http/Controllers/PermalinkController.php  | 39 ++++++++++----
 .../views/admin/reports/report.blade.php      | 14 ++---
 .../views/home/_report_content.blade.php      |  4 +-
 4 files changed, 90 insertions(+), 19 deletions(-)
 create mode 100644 app/Console/Commands/UpdateCommentTypes.php

diff --git a/app/Console/Commands/UpdateCommentTypes.php b/app/Console/Commands/UpdateCommentTypes.php
new file mode 100644
index 0000000000..56bd30db70
--- /dev/null
+++ b/app/Console/Commands/UpdateCommentTypes.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Comment;
+use Illuminate\Console\Command;
+
+class UpdateCommentTypes extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'update-comment-types';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Updates comment types.';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+        $comments = Comment::where('commentable_type', 'App\Models\Report\Report')->where('type', 'User-User');
+
+        if($comments->count()) {
+            $this->line('Updating comment types...');
+            $comments->update(['type' => 'Staff-User']);
+        } else {
+            $this->info('No comments to update!');
+        }
+
+        return 0;
+    }
+}
diff --git a/app/Http/Controllers/PermalinkController.php b/app/Http/Controllers/PermalinkController.php
index 6d1a2f2100..28999bdc35 100644
--- a/app/Http/Controllers/PermalinkController.php
+++ b/app/Http/Controllers/PermalinkController.php
@@ -12,6 +12,7 @@
 use App\Models\Model;
 
 use App\Models\Comment;
+use App\Models\Report\Report;
 
 class PermalinkController extends Controller
 {
@@ -25,7 +26,7 @@ public function getComment($id) {
         $comments = Comment::all();
         //$comments = $comments->sortByDesc('created_at');
         $comment = $comments->find($id);
-         
+
         if(!$comment) abort(404);
         if(!$comment->commentable) abort(404);
 
@@ -33,15 +34,33 @@ public function getComment($id) {
         switch($comment->type) {
             case "Staff-User":
                 if(!Auth::check()) abort(404);
-                $submission = GallerySubmission::find($comment->commentable_id);
-                $isMod = Auth::user()->hasPower('manage_submissions');
-                $isOwner = ($submission->user_id == Auth::user()->id);
-                $isCollaborator = $submission->collaborators->where('user_id', Auth::user()->id)->first() != null ? true : false;
-                if(!$isMod && !$isOwner && !$isCollaborator) abort(404);
-                break;
+                switch($comment->commentable_type) {
+                    case 'App\Models\Gallery\GallerySubmission':
+                        $submission = GallerySubmission::where('id', $comment->commentable_id)->first();
+                        $isMod = Auth::user()->hasPower('manage_submissions');
+                        $isOwner = ($submission->user_id == Auth::user()->id);
+                        $isCollaborator = $submission->collaborators->where('user_id', Auth::user()->id)->first() != null ? true : false;
+                        if(!$isMod && !$isOwner && !$isCollaborator) abort(404);
+                        break;
+                    case 'App\Models\Report\Report':
+                        $report = Report::where('id', $comment->commentable_id)->first();
+                        $isMod = Auth::user()->hasPower('manage_reports');
+                        $isOwner = ($report->user_id == Auth::user()->id);
+                        if(!$isMod && !$isOwner) abort(404);
+                        break;
+                    default:
+                        abort(404);
+                        break;
+                }
             case "Staff-Staff":
                 if(!Auth::check()) abort(404);
-                if(!Auth::user()->hasPower('manage_submissions')) abort(404);
+                if(!Auth::user()->isStaff) abort(404);
+                // More specific filtering depending on circumstance
+                switch($comment->commentable_type) {
+                    case 'App\Models\Gallery\GallerySubmission':
+                        if(!Auth::user()->hasPower('manage_submissions')) abort(404);
+                        break;
+                }
                 break;
             default:
                 break;
@@ -49,9 +68,9 @@ public function getComment($id) {
 
         if($comment->commentable_type == 'App\Models\User\UserProfile') $comment->location = $comment->commentable->user->url;
         else $comment->location = $comment->commentable->url;
-        
+
         return view('comments._perma_layout',[
-            'comment' => $comment,            
+            'comment' => $comment,
         ]);
     }
 }
diff --git a/resources/views/admin/reports/report.blade.php b/resources/views/admin/reports/report.blade.php
index fea7737a46..d2523d0653 100644
--- a/resources/views/admin/reports/report.blade.php
+++ b/resources/views/admin/reports/report.blade.php
@@ -52,11 +52,11 @@
             @endif
 		</div></div>
     @endif
-    
+
     @if($report->status == 'Assigned' && $report->user_id == Auth::user()->id || Auth::user()->hasPower('manage_reports'))
-    @comments([ 'model' => $report, 'perPage' => 5 ])
+    @comments([ 'type' => 'Staff-User', 'model' => $report, 'perPage' => 5 ])
     @endif
-    
+
     {!! Form::open(['url' => url()->current(), 'id' => 'reportForm']) !!}
     @if($report->status == 'Assigned' && Auth::user()->id == $report->staff_id)
     @if(Auth::user()->hasPower('manage_reports'))<div class="alert alert-warning">Please include a small paragraph on the solution and as many important details as you deem necessary, as the user will no longer be able to view the comments after the report is closed</div>@endif
@@ -111,10 +111,10 @@
 @endsection
 
 @section('scripts')
-@parent 
+@parent
 @if($report->status !== 'Closed')
     <script>
-        
+
         $(document).ready(function() {
             var $confirmationModal = $('#confirmationModal');
             var $reportForm = $('#reportForm');
@@ -126,14 +126,14 @@
             var $assignButton = $('#assignButton');
             var $assignContent = $('#assignContent');
             var $assignSubmit = $('#assignSubmit');
-            
+
             $closalButton.on('click', function(e) {
                 e.preventDefault();
                 $closalContent.removeClass('hide');
                 $assignContent.addClass('hide');
                 $confirmationModal.modal('show');
             });
-            
+
             $assignButton.on('click', function(e) {
                 e.preventDefault();
                 $assignContent.removeClass('hide');
diff --git a/resources/views/home/_report_content.blade.php b/resources/views/home/_report_content.blade.php
index bed6740018..e82cffd005 100644
--- a/resources/views/home/_report_content.blade.php
+++ b/resources/views/home/_report_content.blade.php
@@ -33,7 +33,7 @@
 
 @if(Auth::check() && $report->status == 'Assigned' && $report->user == Auth::user() || Auth::user()->hasPower('manage_reports'))
 <div class="alert alert-danger">Admins will be alerted by new comments, however to keep the conversation organised we ask that you please reply to the admin comment.</div>
-    @comments([ 'model' => $report, 'perPage' => 5 ])
+    @comments([ 'type' => 'Staff-User', 'model' => $report, 'perPage' => 5 ])
 @elseif($report->status == 'Closed')
 <div class="alert alert-danger"> You cannot comment on a closed ticket. </div>
 @else
@@ -48,4 +48,4 @@
             {!! $report->staff_comments !!}
         @endif
 		</div></div>
-@endif
\ No newline at end of file
+@endif

From 46e38f80028110ae4422c0e62de6ccc34fb1c202 Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Mon, 16 Oct 2023 09:32:01 -0400
Subject: [PATCH 07/24] fix(comments): adjust staff-user default handling

---
 app/Http/Controllers/PermalinkController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/PermalinkController.php b/app/Http/Controllers/PermalinkController.php
index 28999bdc35..ac10e06eb7 100644
--- a/app/Http/Controllers/PermalinkController.php
+++ b/app/Http/Controllers/PermalinkController.php
@@ -49,7 +49,7 @@ public function getComment($id) {
                         if(!$isMod && !$isOwner) abort(404);
                         break;
                     default:
-                        abort(404);
+                        if(!Auth::user()->isStaff) abort(404);
                         break;
                 }
             case "Staff-Staff":

From 8582dc955ceb5bd414d3edc074c019a85cf5300c Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Mon, 16 Oct 2023 09:35:02 -0400
Subject: [PATCH 08/24] fix(comments): remove empty staff-staff default

---
 app/Http/Controllers/PermalinkController.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/Http/Controllers/PermalinkController.php b/app/Http/Controllers/PermalinkController.php
index ac10e06eb7..377cd2c950 100644
--- a/app/Http/Controllers/PermalinkController.php
+++ b/app/Http/Controllers/PermalinkController.php
@@ -62,8 +62,6 @@ public function getComment($id) {
                         break;
                 }
                 break;
-            default:
-                break;
         }
 
         if($comment->commentable_type == 'App\Models\User\UserProfile') $comment->location = $comment->commentable->user->url;

From 761f1b92436ee8d6c41083f948b9a237fce44a23 Mon Sep 17 00:00:00 2001
From: Newt <dragonminer101@gmail.com>
Date: Sun, 22 Oct 2023 13:47:41 +0100
Subject: [PATCH 09/24] fix(items): disable box button on submit (#710)

---
 resources/views/inventory/_box.blade.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/resources/views/inventory/_box.blade.php b/resources/views/inventory/_box.blade.php
index df9adcf7a9..c609110794 100644
--- a/resources/views/inventory/_box.blade.php
+++ b/resources/views/inventory/_box.blade.php
@@ -7,4 +7,14 @@
             {!! Form::button('Open', ['class' => 'btn btn-primary', 'name' => 'action', 'value' => 'act', 'type' => 'submit']) !!}
         </div>
     </div>
-</li>
\ No newline at end of file
+</li>
+
+<script>
+    $('.btn').click(function() {
+        if ($(this).hasClass('disabled')) {
+            return false;
+        }
+        $(this).addClass('disabled');
+        $(this).html('<i class="fas fa-spinner fa-spin"></i>');
+    });
+</script>

From ea2ff9ea2008ce4a7dc10b0dd786ccee4c75f69c Mon Sep 17 00:00:00 2001
From: Speedy <speedydvv@gmail.com>
Date: Sun, 22 Oct 2023 14:48:33 +0200
Subject: [PATCH 10/24] fix(sales): allow setting minimum for ota and xta
 (#702)

- Fixes missing minimum options for ota and xta
- Also adds consistent stylization for ota and xta alongside pwyw
---
 app/Models/Sales/SalesCharacter.php | 8 +++++---
 app/Services/SalesService.php       | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/Models/Sales/SalesCharacter.php b/app/Models/Sales/SalesCharacter.php
index 94b3f6bd15..1682e9950e 100644
--- a/app/Models/Sales/SalesCharacter.php
+++ b/app/Models/Sales/SalesCharacter.php
@@ -168,16 +168,18 @@ public function getPriceAttribute()
                 ;
                 break;
             case 'ota':
-                return (isset($this->data['autobuy']) ? '<br/>Autobuy: '.$symbol.$this->data['autobuy'] : '');
+                return (isset($this->data['autobuy']) ? 'Autobuy: '.$symbol.$this->data['autobuy'].'<br/>' : '').
+				(isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
             case 'xta':
-                return (isset($this->data['autobuy']) ? '<br/>Autobuy: '.$symbol.$this->data['autobuy'] : '');
+                return (isset($this->data['autobuy']) ? 'Autobuy: '.$symbol.$this->data['autobuy'].'<br/>' : '').
+				(isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
             case 'flaffle':
                 return 'Price: '.$symbol.$this->data['price'];
                 break;
             case 'pwyw':
-                return 'Minimum: '.$symbol.$this->data['minimum'];
+                return (isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
         }
     }
diff --git a/app/Services/SalesService.php b/app/Services/SalesService.php
index c747f01dfc..4356c9122e 100644
--- a/app/Services/SalesService.php
+++ b/app/Services/SalesService.php
@@ -130,10 +130,12 @@ private function processCharacters($sales, $data)
                 case 'ota':
                     if(isset($data['autobuy'][$key])) $charData[$key]['autobuy'] = $data['autobuy'][$key];
                     if(isset($data['end_point'][$key])) $charData[$key]['end_point'] = $data['end_point'][$key];
+					if(isset($data['minimum'][$key])) $charData[$key]['minimum'] = $data['minimum'][$key];
                     break;
                 case 'xta':
                     if(isset($data['autobuy'][$key])) $charData[$key]['autobuy'] = $data['autobuy'][$key];
                     if(isset($data['end_point'][$key])) $charData[$key]['end_point'] = $data['end_point'][$key];
+					if(isset($data['minimum'][$key])) $charData[$key]['minimum'] = $data['minimum'][$key];
                     break;
                 case 'flaffle':
                     $charData[$key]['price'] = $data['price'][$key];

From b9aac64a36660df0d25252b9c24c324589d29ab4 Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Sun, 22 Oct 2023 08:49:20 -0400
Subject: [PATCH 11/24] chore(update): 2.1.3

---
 config/lorekeeper/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index aca647222d..ef3d138b2b 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.2',
+    'version' => '2.1.3',
 
     /*
     |--------------------------------------------------------------------------

From 75bc208651a01c0a33372f5ac44a12ac40f33fb4 Mon Sep 17 00:00:00 2001
From: moif <104588768+AW0005@users.noreply.github.com>
Date: Sun, 11 Feb 2024 09:08:19 -0500
Subject: [PATCH 12/24] hotfix(shops): round up shop purchase quantity (#829)

---
 app/Services/ShopManager.php   | 2 +-
 config/lorekeeper/settings.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Services/ShopManager.php b/app/Services/ShopManager.php
index 794342dd00..15b23814d7 100644
--- a/app/Services/ShopManager.php
+++ b/app/Services/ShopManager.php
@@ -33,7 +33,7 @@ public function buyStock($data, $user)
         DB::beginTransaction();
 
         try {
-            $quantity = $data['quantity'];
+            $quantity = ceil($data['quantity']);
             if(!$quantity || $quantity == 0) throw new \Exception("Invalid quantity selected.");
 
             // Check that the shop exists and is open
diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index ef3d138b2b..c50c51c149 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.3',
+    'version' => '2.1.4',
 
     /*
     |--------------------------------------------------------------------------

From 8bd438f99cb2a647f6283f5685a715a17f0409b0 Mon Sep 17 00:00:00 2001
From: itinerare <ad@itinerare.net>
Date: Wed, 14 Feb 2024 11:37:08 -0500
Subject: [PATCH 13/24] fix(shops): validate quantity against purchase limit -
 bump version

---
 app/Services/ShopManager.php   | 24 +++++++++++++-----------
 config/lorekeeper/settings.php |  2 +-
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/app/Services/ShopManager.php b/app/Services/ShopManager.php
index 15b23814d7..b0a749e12a 100644
--- a/app/Services/ShopManager.php
+++ b/app/Services/ShopManager.php
@@ -50,6 +50,8 @@ public function buyStock($data, $user)
             // Check if the user can only buy a limited number of this item, and if it does, check that the user hasn't hit the limit
             if($shopStock->purchase_limit && $this->checkPurchaseLimitReached($shopStock, $user)) throw new \Exception("You have already purchased the maximum amount of this item you can buy.");
 
+            if($shopStock->purchase_limit && $quantity > $shopStock->purchase_limit) throw new \Exception("The quantity specified exceeds the amount of this item you can buy.");
+
             $total_cost = $shopStock->cost * $quantity;
 
             $character = null;
@@ -76,7 +78,7 @@ public function buyStock($data, $user)
             }
 
             // If the item has a limited quantity, decrease the quantity
-            if($shopStock->is_limited_stock) 
+            if($shopStock->is_limited_stock)
             {
                 $shopStock->quantity -= $quantity;
                 $shopStock->save();
@@ -84,23 +86,23 @@ public function buyStock($data, $user)
 
             // Add a purchase log
             $shopLog = ShopLog::create([
-                'shop_id' => $shop->id, 
-                'character_id' => $character ? $character->id : null, 
-                'user_id' => $user->id, 
-                'currency_id' => $shopStock->currency->id, 
-                'cost' => $total_cost, 
-                'item_id' => $shopStock->item_id, 
+                'shop_id' => $shop->id,
+                'character_id' => $character ? $character->id : null,
+                'user_id' => $user->id,
+                'currency_id' => $shopStock->currency->id,
+                'cost' => $total_cost,
+                'item_id' => $shopStock->item_id,
                 'quantity' => $quantity
             ]);
-            
+
             // Give the user the item, noting down 1. whose currency was used (user or character) 2. who purchased it 3. which shop it was purchased from
             if(!(new InventoryManager)->creditItem(null, $user, 'Shop Purchase', [
-                'data' => $shopLog->itemData, 
+                'data' => $shopLog->itemData,
                 'notes' => 'Purchased ' . format_date($shopLog->created_at)
             ], $shopStock->item, $quantity)) throw new \Exception("Failed to purchase item.");
 
             return $this->commitReturn($shop);
-        } catch(\Exception $e) { 
+        } catch(\Exception $e) {
             $this->setError('error', $e->getMessage());
         }
         return $this->rollbackReturn(false);
@@ -144,4 +146,4 @@ public function getStockPurchaseLimit($shopStock, $user)
         }
         return $limit;
     }
-}
\ No newline at end of file
+}
diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index c50c51c149..4495e02044 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.4',
+    'version' => '2.1.5',
 
     /*
     |--------------------------------------------------------------------------

From f28beb4d8b79cb280718810f3987431bf7d10ec3 Mon Sep 17 00:00:00 2001
From: Newt <dragonminer101@gmail.com>
Date: Sun, 16 Jun 2024 14:37:30 +0100
Subject: [PATCH 14/24] hotfix(security|requests): add middleware that parses
 post fields (#974)

* hotfix(security|requests): add middleware that parses post fields

* fix: handle arrays

* fix: add "$this->" prefix to function calls
---
 app/Helpers/Helpers.php                       |  1 -
 app/Http/Kernel.php                           |  1 +
 .../Middleware/ParsePostRequestFields.php     | 63 +++++++++++++++++++
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 app/Http/Middleware/ParsePostRequestFields.php

diff --git a/app/Helpers/Helpers.php b/app/Helpers/Helpers.php
index 302c9bbd38..4299ed72ec 100644
--- a/app/Helpers/Helpers.php
+++ b/app/Helpers/Helpers.php
@@ -101,7 +101,6 @@ function parse($text, &$pings = null) {
     $config->set('Attr.EnableID', true);
     $config->set('HTML.DefinitionID', 'include');
     $config->set('HTML.DefinitionRev', 2);
-	$config->set('Cache.DefinitionImpl', null); // TODO: remove this later!
     if ($def = $config->maybeGetRawHTMLDefinition()) {
         $def->addElement('include', 'Block', 'Empty', 'Common', array('file*' => 'URI', 'height' => 'Text', 'width' => 'Text'));
 		$def->addAttribute('a', 'data-toggle', 'Enum#collapse,tab');
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 42e0582a34..f7dd61d8d2 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -19,6 +19,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\TrustProxies::class,
+        \App\Http\Middleware\ParsePostRequestFields::class,
     ];
 
     /**
diff --git a/app/Http/Middleware/ParsePostRequestFields.php b/app/Http/Middleware/ParsePostRequestFields.php
new file mode 100644
index 0000000000..519109a00a
--- /dev/null
+++ b/app/Http/Middleware/ParsePostRequestFields.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class ParsePostRequestFields
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next) {
+        if ($request->isMethod('post')) {
+            $excludedFields = ['_token', 'password', 'email', 'description', 'text'];
+            $strippedFields = ['name', 'title'];
+
+            $parsedFields = [];
+            foreach ($request->except($excludedFields) as $key => $value) {
+                if (is_array($value)) {
+                    $parsedFields[$key] = $this->parseArray($value, $strippedFields);
+                } else {
+                    if (in_array($key, $strippedFields)) { // we strip these since parse() doesn't remove HTML tags
+                        $parsedFields[$key] = parse(strip_tags($value));
+                    } else {
+                        $parsedFields[$key] = parse($value);
+                    }
+                }
+            }
+
+            $request->merge($parsedFields);
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Recursively parse array values.
+     *
+     * @param  array  $array
+     * @param  array  $strippedFields
+     * @return array
+     */
+    private function parseArray(array $array, array $strippedFields) : array {
+        foreach ($array as $key => $value) {
+            if (is_array($value)) {
+                $array[$key] = $this->parseArray($value, $strippedFields);
+            } else {
+                if (in_array($key, $strippedFields)) {
+                    $array[$key] = parse(strip_tags($value));
+                } else {
+                    $array[$key] = parse($value);
+                }
+            }
+        }
+
+        return $array;
+    }
+}

From 426bbd188f9f4d167b5efe2d2de896bc83e533ce Mon Sep 17 00:00:00 2001
From: Mercury <63693594+itinerare@users.noreply.github.com>
Date: Sun, 16 Jun 2024 09:57:33 -0400
Subject: [PATCH 15/24] chore(update): update version

---
 config/lorekeeper/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index 4495e02044..20743ab317 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.5',
+    'version' => '2.1.6',
 
     /*
     |--------------------------------------------------------------------------

From f0aa1f88702d6a9ed67747767595597335179ea0 Mon Sep 17 00:00:00 2001
From: Newt <dragonminer101@gmail.com>
Date: Sun, 16 Jun 2024 22:53:49 +0100
Subject: [PATCH 16/24] fix: add numeric check to parse to prevent dropdowns
 from being parsed (#976)

* hotfix(security|requests): add middleware that parses post fields

* fix: handle arrays

* fix: add "$this->" prefix to function calls

* fix(requests): prevent numeric value from being parsed

* chore(update): update version

---------

Co-authored-by: Mercury <63693594+itinerare@users.noreply.github.com>
---
 app/Http/Middleware/ParsePostRequestFields.php | 8 ++++++++
 config/lorekeeper/settings.php                 | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/Http/Middleware/ParsePostRequestFields.php b/app/Http/Middleware/ParsePostRequestFields.php
index 519109a00a..d97998609e 100644
--- a/app/Http/Middleware/ParsePostRequestFields.php
+++ b/app/Http/Middleware/ParsePostRequestFields.php
@@ -24,6 +24,10 @@ public function handle(Request $request, Closure $next) {
                 if (is_array($value)) {
                     $parsedFields[$key] = $this->parseArray($value, $strippedFields);
                 } else {
+                    if (is_numeric($value)) {
+                        continue;
+                    }
+
                     if (in_array($key, $strippedFields)) { // we strip these since parse() doesn't remove HTML tags
                         $parsedFields[$key] = parse(strip_tags($value));
                     } else {
@@ -47,6 +51,10 @@ public function handle(Request $request, Closure $next) {
      */
     private function parseArray(array $array, array $strippedFields) : array {
         foreach ($array as $key => $value) {
+            if (is_numeric($value)) {
+                continue;
+            }
+
             if (is_array($value)) {
                 $array[$key] = $this->parseArray($value, $strippedFields);
             } else {
diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php
index 20743ab317..e30c84898e 100644
--- a/config/lorekeeper/settings.php
+++ b/config/lorekeeper/settings.php
@@ -24,7 +24,7 @@
     | Do not change this value!
     |
     */
-    'version' => '2.1.6',
+    'version' => '2.1.7',
 
     /*
     |--------------------------------------------------------------------------

From 1274c9f9915ceba58934cc9a4a14063454ff2b34 Mon Sep 17 00:00:00 2001
From: Uri <45401276+preimpression@users.noreply.github.com>
Date: Sun, 27 Oct 2024 09:05:36 -0400
Subject: [PATCH 17/24] fix(galleries): fix gallery submission visibility scope
 handling (#1082)

* hotfix: Fix visibility issues for gallery submissions

* Update User.php

* Requested changes re: scopes

* Clearing up a lil bit more redundancy and keeping in line with previous commit

* no visibility for you
---
 .../Controllers/Characters/CharacterController.php     |  2 +-
 app/Http/Controllers/Users/UserController.php          | 10 +++++-----
 app/Models/User/User.php                               |  8 ++++----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/Http/Controllers/Characters/CharacterController.php b/app/Http/Controllers/Characters/CharacterController.php
index 1a77d7cc61..e085255668 100644
--- a/app/Http/Controllers/Characters/CharacterController.php
+++ b/app/Http/Controllers/Characters/CharacterController.php
@@ -147,7 +147,7 @@ public function getCharacterGallery($slug)
     {
         return view('character.gallery', [
             'character' => $this->character,
-            'submissions' => GallerySubmission::whereIn('id', $this->character->gallerySubmissions->pluck('gallery_submission_id')->toArray())->visible()->accepted()->orderBy('created_at', 'DESC')->paginate(20),
+            'submissions' => GallerySubmission::whereIn('id', $this->character->gallerySubmissions->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20),
         ]);
     }
 
diff --git a/app/Http/Controllers/Users/UserController.php b/app/Http/Controllers/Users/UserController.php
index 2293b96382..395867ea6c 100644
--- a/app/Http/Controllers/Users/UserController.php
+++ b/app/Http/Controllers/Users/UserController.php
@@ -65,7 +65,7 @@ public function getUser($name)
     {
         $characters = $this->user->characters();
         if(!Auth::check() || !(Auth::check() && Auth::user()->hasPower('manage_characters'))) $characters->visible();
-        
+
         return view('user.profile', [
             'user' => $this->user,
             'items' => $this->user->items()->where('count', '>', 0)->orderBy('user_items.updated_at', 'DESC')->take(4)->get(),
@@ -84,7 +84,7 @@ public function getUserAliases($name)
     {
         $aliases = $this->user->aliases();
         if(!Auth::check() || !(Auth::check() && Auth::user()->hasPower('edit_user_info'))) $aliases->visible();
-        
+
         return view('user.aliases', [
             'user' => $this->user,
             'aliases' => $aliases->orderBy('is_primary_alias', 'DESC')->orderBy('site')->get(),
@@ -299,7 +299,7 @@ public function getUserGallery($name)
     {
         return view('user.gallery', [
             'user' => $this->user,
-            'submissions' => $this->user->gallerySubmissions()->paginate(20),
+            'submissions' => $this->user->gallerySubmissions()->visible(Auth::user() ?? null)->paginate(20),
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }
@@ -315,7 +315,7 @@ public function getUserFavorites($name)
         return view('user.favorites', [
             'user' => $this->user,
             'characters' => false,
-            'favorites' => GallerySubmission::whereIn('id', $this->user->galleryFavorites()->pluck('gallery_submission_id')->toArray())->visible(Auth::check() ? Auth::user() : null)->accepted()->orderBy('created_at', 'DESC')->paginate(20),
+            'favorites' => GallerySubmission::whereIn('id', $this->user->galleryFavorites()->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20),
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }
@@ -335,7 +335,7 @@ public function getUserOwnCharacterFavorites($name)
         return view('user.favorites', [
             'user' => $this->user,
             'characters' => true,
-            'favorites' => $this->user->characters->count() ? GallerySubmission::whereIn('id', $userFavorites)->whereIn('id', GalleryCharacter::whereIn('character_id', $userCharacters)->pluck('gallery_submission_id')->toArray())->visible(Auth::check() ? Auth::user() : null)->accepted()->orderBy('created_at', 'DESC')->paginate(20) : null,
+            'favorites' => $this->user->characters->count() ? GallerySubmission::whereIn('id', $userFavorites)->whereIn('id', GalleryCharacter::whereIn('character_id', $userCharacters)->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20) : null,
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }
diff --git a/app/Models/User/User.php b/app/Models/User/User.php
index 43d7bd63db..6cc69bfcf4 100644
--- a/app/Models/User/User.php
+++ b/app/Models/User/User.php
@@ -170,7 +170,7 @@ public function items()
      */
     public function gallerySubmissions()
     {
-        return $this->hasMany('App\Models\Gallery\GallerySubmission')->where('user_id', $this->id)->orWhereIn('id', GalleryCollaborator::where('user_id', $this->id)->where('type', 'Collab')->pluck('gallery_submission_id')->toArray())->visible($this)->accepted()->orderBy('created_at', 'DESC');
+        return $this->hasMany('App\Models\Gallery\GallerySubmission')->where('user_id', $this->id)->orWhereIn('id', GalleryCollaborator::where('user_id', $this->id)->where('type', 'Collab')->pluck('gallery_submission_id')->toArray())->orderBy('created_at', 'DESC');
     }
 
     /**
@@ -180,11 +180,11 @@ public function galleryFavorites()
     {
         return $this->hasMany('App\Models\Gallery\GalleryFavorite')->where('user_id', $this->id);
     }
-    
+
     /**
      * Get all of the user's character bookmarks.
      */
-    public function bookmarks() 
+    public function bookmarks()
     {
         return $this->hasMany('App\Models\Character\CharacterBookmark')->where('user_id', $this->id);
     }
@@ -376,7 +376,7 @@ public function getBirthdayDisplayAttribute()
      */
     public function getcheckBirthdayAttribute()
     {
-        $bday = $this->birthday; 
+        $bday = $this->birthday;
         if(!$bday || $bday->diffInYears(carbon::now()) < 13) return false;
         else return true;
     }

From 0af7834bea436015d59d6c6d00c540670c480b67 Mon Sep 17 00:00:00 2001
From: "DESKTOP-01VSOB5\\Safira Island" <animatedcritter@gmail.com>
Date: Sun, 11 Sep 2022 23:31:08 -0500
Subject: [PATCH 18/24] Feat: create last-online visibility toggle

---
 .../Controllers/Users/AccountController.php   | 18 +++++++++++
 app/Models/User/User.php                      | 11 +++++--
 app/Models/User/UserSettings.php              |  2 +-
 app/Services/UserService.php                  | 11 +++++++
 ...add_last_online_to_user_settings_table.php | 32 +++++++++++++++++++
 resources/views/account/settings.blade.php    | 15 +++++++++
 routes/lorekeeper/members.php                 |  2 ++
 7 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 database/migrations/2022_09_11_223815_add_last_online_to_user_settings_table.php

diff --git a/app/Http/Controllers/Users/AccountController.php b/app/Http/Controllers/Users/AccountController.php
index 8a3175e816..6311f0f999 100644
--- a/app/Http/Controllers/Users/AccountController.php
+++ b/app/Http/Controllers/Users/AccountController.php
@@ -146,6 +146,24 @@ public function postBirthday(Request $request, UserService $service)
         return redirect()->back();
     }
 
+    /**
+     * Changes user last-online setting
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  App\Services\UserService  $service
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function postLastOnline(Request $request, UserService $service)
+    {
+        if($service->updateLastOnline($request->input('last_online_setting'), Auth::user())) {
+            flash('Setting updated successfully.')->success();
+        }
+        else {
+            foreach($service->errors()->getMessages()['error'] as $error) flash($error)->error();
+        }
+        return redirect()->back();
+    }
+
     /**
      * Shows the notifications page.
      *
diff --git a/app/Models/User/User.php b/app/Models/User/User.php
index c155622ee8..833cae44e6 100644
--- a/app/Models/User/User.php
+++ b/app/Models/User/User.php
@@ -353,8 +353,15 @@ public function isOnline()
       $online = Carbon::createFromTimeStamp(strtotime(Cache::get('user-is-online-time-' . $this->id)));
       $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'A long time ago.';
 
-      if($onlineStatus) $result = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
-      else  $result = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+    switch($this->settings->last_online_setting) {
+        case 0:
+            return '<i class="far fa-circle text-faded mr-2" data-toggle="tooltip" title="This user\'s online status is hidden"></i>';
+        break;
+        case 1:
+            if($onlineStatus) $result = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
+            else  $result = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+        break;
+    }
 
       return $result;
     }
diff --git a/app/Models/User/UserSettings.php b/app/Models/User/UserSettings.php
index 5c29a7cabe..615db7887d 100644
--- a/app/Models/User/UserSettings.php
+++ b/app/Models/User/UserSettings.php
@@ -13,7 +13,7 @@ class UserSettings extends Model
      * @var array
      */
     protected $fillable = [
-        'is_fto', 'submission_count', 'banned_at', 'ban_reason', 'birthday_setting'
+        'is_fto', 'submission_count', 'banned_at', 'ban_reason', 'birthday_setting', 'last_online_setting'
     ];
 
     /**
diff --git a/app/Services/UserService.php b/app/Services/UserService.php
index c34babbc68..f56aa66eea 100644
--- a/app/Services/UserService.php
+++ b/app/Services/UserService.php
@@ -147,6 +147,17 @@ public function updateDOB($data, $user)
         return true;
     }
 
+    /**
+     * Updates user's last-online setting
+     */
+    public function updateLastOnline($data, $user)
+    {
+        $user->settings->last_online_setting = $data;
+        $user->settings->save();
+
+        return true;
+    }
+
     /**
      * Updates the user's avatar. 
      *
diff --git a/database/migrations/2022_09_11_223815_add_last_online_to_user_settings_table.php b/database/migrations/2022_09_11_223815_add_last_online_to_user_settings_table.php
new file mode 100644
index 0000000000..d9503b45ec
--- /dev/null
+++ b/database/migrations/2022_09_11_223815_add_last_online_to_user_settings_table.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddLastOnlineToUserSettingsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('user_settings', function (Blueprint $table) {
+            $table->tinyInteger('last_online_setting')->default(1);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('user_settings', function (Blueprint $table) {
+            $table->dropColumn('last_online_setting');
+        });
+    }
+}
diff --git a/resources/views/account/settings.blade.php b/resources/views/account/settings.blade.php
index ffc0ad00ba..e0b18bce28 100644
--- a/resources/views/account/settings.blade.php
+++ b/resources/views/account/settings.blade.php
@@ -52,6 +52,21 @@
     {!! Form::close() !!}
 </div>
 
+<div class="card p-3 mb-2">
+    <h3>Last-Online Publicity</h3>
+    {!! Form::open(['url' => 'account/last-online']) !!}
+        <div class="form-group row">
+            <label class="col-md-2 col-form-label">Setting</label>
+            <div class="col-md-10">
+                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your last online status.'],Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
+            </div>
+        </div>
+        <div class="text-right">
+            {!! Form::submit('Edit', ['class' => 'btn btn-primary']) !!}
+        </div>
+    {!! Form::close() !!}
+</div>
+
 <div class="card p-3 mb-2">
     <h3>Email Address</h3>
     <p>Changing your email address will require you to re-verify your email address.</p>
diff --git a/routes/lorekeeper/members.php b/routes/lorekeeper/members.php
index cbffc43de2..6031f39814 100644
--- a/routes/lorekeeper/members.php
+++ b/routes/lorekeeper/members.php
@@ -34,6 +34,8 @@
     Route::get('remove-alias/{id}', 'AccountController@getRemoveAlias');
     Route::post('remove-alias/{id}', 'AccountController@postRemoveAlias');
     Route::post('dob', 'AccountController@postBirthday');
+    Route::post('last-online', 'AccountController@postLastOnline');
+
 
     Route::get('bookmarks', 'BookmarkController@getBookmarks');
     Route::get('bookmarks/create', 'BookmarkController@getCreateBookmark');

From 01bbb92df46c1ab11b53f038ecf7c2e68557260b Mon Sep 17 00:00:00 2001
From: "DESKTOP-01VSOB5\\Safira Island" <animatedcritter@gmail.com>
Date: Tue, 21 Feb 2023 14:16:57 -0600
Subject: [PATCH 19/24] Feat: add "only site staff" to online visibility in
 user settings

---
 app/Models/User/User.php                   | 35 +++++++++++++---------
 resources/views/account/settings.blade.php |  2 +-
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/app/Models/User/User.php b/app/Models/User/User.php
index 833cae44e6..be466c85a7 100644
--- a/app/Models/User/User.php
+++ b/app/Models/User/User.php
@@ -348,22 +348,29 @@ public function getLogTypeAttribute()
     // Check if user is online and display When they were online
     public function isOnline()
     {
+        $onlineStatus = Cache::has('user-is-online-' . $this->id);
+        $online = Carbon::createFromTimeStamp(strtotime(Cache::get('user-is-online-time-' . $this->id)));
+        $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'a long time ago';
 
-      $onlineStatus = Cache::has('user-is-online-' . $this->id);
-      $online = Carbon::createFromTimeStamp(strtotime(Cache::get('user-is-online-time-' . $this->id)));
-      $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'A long time ago.';
+        $statusHidden = '<i class="fas fa-circle text-faded mr-2" data-toggle="tooltip" title="This user\'s online status is hidden"></i>';
+        if($onlineStatus) $statusShow = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
+        else  $statusShow = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
 
-    switch($this->settings->last_online_setting) {
-        case 0:
-            return '<i class="far fa-circle text-faded mr-2" data-toggle="tooltip" title="This user\'s online status is hidden"></i>';
-        break;
-        case 1:
-            if($onlineStatus) $result = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
-            else  $result = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
-        break;
-    }
-
-      return $result;
+        switch($this->settings->last_online_setting) {
+            case 0:
+                return $statusHidden;
+            break;
+            case 1:
+                return $statusShow;
+            break;
+            case 2:
+                if(Auth::check() && Auth::user()->isStaff){
+                    return $statusShow;
+                } else {
+                    return $statusHidden;
+                }
+            break;
+        }
     }
 
     /**
diff --git a/resources/views/account/settings.blade.php b/resources/views/account/settings.blade.php
index e0b18bce28..5e9bc0447c 100644
--- a/resources/views/account/settings.blade.php
+++ b/resources/views/account/settings.blade.php
@@ -58,7 +58,7 @@
         <div class="form-group row">
             <label class="col-md-2 col-form-label">Setting</label>
             <div class="col-md-10">
-                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your last online status.'],Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
+                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your online status.', '2' => '2: Only site staff can see your online status.'], Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
             </div>
         </div>
         <div class="text-right">

From dc39bf6fa06198f78807069e5cd437e0704adc85 Mon Sep 17 00:00:00 2001
From: AnimatedCritter <animatedcritter@gmail.com>
Date: Sat, 24 May 2025 23:27:23 -0500
Subject: [PATCH 20/24] Feat: add "only logged-in users" to online visibility
 in user settings

---
 app/Models/User/User.php                   | 7 +++++++
 resources/views/account/settings.blade.php | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/Models/User/User.php b/app/Models/User/User.php
index be466c85a7..1fcaacc5a3 100644
--- a/app/Models/User/User.php
+++ b/app/Models/User/User.php
@@ -370,6 +370,13 @@ public function isOnline()
                     return $statusHidden;
                 }
             break;
+            case 3:
+                if(Auth::check()){
+                    return $statusShow;
+                } else {
+                    return $statusHidden;
+                }
+            break;
         }
     }
 
diff --git a/resources/views/account/settings.blade.php b/resources/views/account/settings.blade.php
index 5e9bc0447c..8b000ff5d5 100644
--- a/resources/views/account/settings.blade.php
+++ b/resources/views/account/settings.blade.php
@@ -58,7 +58,7 @@
         <div class="form-group row">
             <label class="col-md-2 col-form-label">Setting</label>
             <div class="col-md-10">
-                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your online status.', '2' => '2: Only site staff can see your online status.'], Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
+                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your online status.', '2' => '2: Only site staff can see your online status.', '3' => '3: Only logged-in users can see your online status.'], Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
             </div>
         </div>
         <div class="text-right">

From 93a35a3a30babb8725ab849477a914e98f39a7dc Mon Sep 17 00:00:00 2001
From: AnimatedCritter <animatedcritter@gmail.com>
Date: Sat, 24 May 2025 23:32:23 -0500
Subject: [PATCH 21/24] Refactor: remove extra whitespace

---
 routes/lorekeeper/members.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/routes/lorekeeper/members.php b/routes/lorekeeper/members.php
index 6031f39814..815eb6f96f 100644
--- a/routes/lorekeeper/members.php
+++ b/routes/lorekeeper/members.php
@@ -36,7 +36,6 @@
     Route::post('dob', 'AccountController@postBirthday');
     Route::post('last-online', 'AccountController@postLastOnline');
 
-
     Route::get('bookmarks', 'BookmarkController@getBookmarks');
     Route::get('bookmarks/create', 'BookmarkController@getCreateBookmark');
     Route::get('bookmarks/edit/{id}', 'BookmarkController@getEditBookmark');

From 3987c86a055f3ba5005062630e885c5fb016107b Mon Sep 17 00:00:00 2001
From: AnimatedCritter <animatedcritter@gmail.com>
Date: Sat, 24 May 2025 23:35:11 -0500
Subject: [PATCH 22/24] Refactor: improve online status if else readibility

---
 app/Models/User/User.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Models/User/User.php b/app/Models/User/User.php
index 1fcaacc5a3..88fa72f392 100644
--- a/app/Models/User/User.php
+++ b/app/Models/User/User.php
@@ -353,8 +353,11 @@ public function isOnline()
         $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'a long time ago';
 
         $statusHidden = '<i class="fas fa-circle text-faded mr-2" data-toggle="tooltip" title="This user\'s online status is hidden"></i>';
-        if($onlineStatus) $statusShow = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
-        else  $statusShow = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+        if ($onlineStatus) {
+            $statusShow = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
+        } else {
+            $statusShow = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+        }
 
         switch($this->settings->last_online_setting) {
             case 0:

From d0355596b5ae57b73394774b2842761271b917b1 Mon Sep 17 00:00:00 2001
From: AnimatedCritter <animatedcritter@gmail.com>
Date: Sun, 25 May 2025 00:11:54 -0500
Subject: [PATCH 23/24] Refactor: update is_online extension tracker

---
 config/lorekeeper/extension_tracker.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/lorekeeper/extension_tracker.php b/config/lorekeeper/extension_tracker.php
index 27ef624a57..b2de992f73 100644
--- a/config/lorekeeper/extension_tracker.php
+++ b/config/lorekeeper/extension_tracker.php
@@ -17,7 +17,8 @@
         'wiki_key' => 'Online_Status',
         'creators' => json_encode([
             'Uri' => 'https://github.com/preimpression/',
+            'AnimatedCritter' => 'https://github.com/AnimatedCritter/',
         ]),
-        'version' => '2.0.0',
+        'version' => '2.1.0',
     ],
 ];

From 33db1ee9c4a974eb20af569d383cca20ea738a9f Mon Sep 17 00:00:00 2001
From: AnimatedCritter <animatedcritter@gmail.com>
Date: Sun, 25 May 2025 00:19:29 -0500
Subject: [PATCH 24/24] Refactor: remove numbers from last_online_settting
 dropdown

---
 resources/views/account/settings.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/account/settings.blade.php b/resources/views/account/settings.blade.php
index 8b000ff5d5..26ffd622a8 100644
--- a/resources/views/account/settings.blade.php
+++ b/resources/views/account/settings.blade.php
@@ -58,7 +58,7 @@
         <div class="form-group row">
             <label class="col-md-2 col-form-label">Setting</label>
             <div class="col-md-10">
-                {!! Form::select('last_online_setting', ['0' => '0: No one can see your online status.', '1' => '1: Anyone can see your online status.', '2' => '2: Only site staff can see your online status.', '3' => '3: Only logged-in users can see your online status.'], Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
+                {!! Form::select('last_online_setting', ['0' => 'No one can see your online status.', '1' => 'Anyone can see your online status.', '2' => 'Only site staff can see your online status.', '3' => 'Only logged-in users can see your online status.'], Auth::user()->settings->last_online_setting, ['class' => 'form-control']) !!}
             </div>
         </div>
         <div class="text-right">