Manager/app/page/Profile.php

<?php
declare(strict_types=1);

namespace Mcp\Page;

use Mcp\FormValidator;
use Mcp\OpenSim;
use Mcp\Middleware\LoginRequiredMiddleware;

class Profile extends \Mcp\RequestHandler
{
    public function __construct(\Mcp\Mcp $app)
    {
        parent::__construct($app, new LoginRequiredMiddleware($app, $app->config('domain')));
    }

    public function get(): void
    {
        $tpl = $this->app->template('profile.php')->parent('__dashboard.php');

        $statement = $this->app->db()->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
        $statement->execute();
    
        //Prüfe ob IAR grade erstellt wird.
        $statementIARCheck = $this->app->db()->prepare('SELECT 1 FROM iarstates WHERE userID =:userID');
        $statementIARCheck->execute(['userID' => $_SESSION['UUID']]);
        $iarRunning = $statementIARCheck->rowCount() != 0;
        $statementIARCheck->closeCursor();
    
        if ($iarRunning) {
            if (isset($_SESSION['iar_created'])) {
                $tpl->unsafeVar('iar-message', '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.</div>');
            } else {
                $tpl->unsafeVar('iar-message', '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
            }
            $tpl->var('iar-button-state', 'disabled');
        }
        else {
            $tpl->vars([
                'iar-message' => ' ',
                'iar-state' => ''
            ]);
        }
    
        $opensim = new OpenSim($this->app->db());
    
        $partnerUUID = $opensim->getPartner($_SESSION['UUID']);
        $partnerName = "";
    
        if ($partnerUUID != null) {
            $partnerName = $opensim->getUserName($partnerUUID);
        }
    
        $profileInfo = '';
        if (isset($_SESSION['profile_info'])) {
            $profileInfo = $_SESSION['profile_info'];
            unset($_SESSION['profile_info']);
        }

        $tpl->vars([
            'title' => 'Dein Profil',
            'offline-im-state' => $opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE" ? ' checked' : ' ',
            'firstname' => $_SESSION['FIRSTNAME'],
            'lastname' => $_SESSION['LASTNAME'],
            'username' => $_SESSION['DISPLAYNAME'],
            'partner' => $partnerName,
            'email' => $opensim->getUserMail($_SESSION['UUID']),
            'residents-js-array' => '',
            'message' => $profileInfo
        ])->render();
    }

    public function post(): void
    {
        if (isset($_POST['createIAR'])) {
            $validator = new FormValidator(array()); // CSRF validation only
            if($validator->isValid($_POST)) {
                $iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";
                
                $statementIARSTART = $this->app->db()->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');
                $statementIARSTART->execute(['userID' => $_SESSION['UUID'], 'filesize' => 0, 'iarfilename' => $iarname]);

                $_SESSION['iar_created'] = true;
            }
        }
        elseif (isset($_POST['saveProfileData'])) {
            $validator = new FormValidator(array(
                'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
                'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
                'formInputFeldEMail' => array('regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),
                'formInputFeldOfflineIM' => array('regex' => '/^(|on)$/'),
                'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
            ));
            
            if ($validator->isValid($_POST)) {
                if(isset($_POST['formInputFeldVorname'])) {
                    $newFirstName = trim($_POST['formInputFeldVorname']);
                    
                    if($newFirstName != "" && $_SESSION['FIRSTNAME'] != $newFirstName) {
                        if($this->setNamePart('FirstName', $newFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && strlen(trim($_POST['formInputFeldNachname'])) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) {
                            $_SESSION['FIRSTNAME'] = $newFirstName;
                            $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
                            $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
                        }
                        else {
                            $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
                        }
                    }
                }
            
                if (isset($_POST['formInputFeldNachname'])) {
                    $newLastName = trim($_POST['formInputFeldNachname']);
                    
                    if ($newLastName != "" && $_SESSION['LASTNAME'] != $newLastName) {
                        if ($this->setNamePart('LastName', $newLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
                            $_SESSION['LASTNAME'] = $newLastName;
                            $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
                            $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
                        } else {
                            $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
                        }
                    }
                }
            
                if (isset($_POST['formInputFeldEMail'])) {
                    $newEmail = trim($_POST['formInputFeldEMail']);
            
                    if ($newEmail != "" && $_SESSION['EMAIL'] != $newEmail) {
                        $statement = $this->app->db()->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');
                        $statement->execute(['Email' => $newEmail, 'PrincipalID' => $_SESSION['UUID']]);
        
                        $statement = $this->app->db()->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');
                        $statement->execute(['Email' => $newEmail, 'PrincipalID' => $_SESSION['UUID']]);
        
                        $_SESSION['EMAIL'] = $newEmail;
                    }
                }
            
                if (isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
                    $statement = $this->app->db()->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
                    $statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);
                } else {
                    $statement = $this->app->db()->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
                    $statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);
                }

                if (isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
                    $opensim = new OpenSim($this->app->db());

                    $newPartner = trim($_POST['formInputFeldPartnerName']);
                    $currentPartner = $opensim->getPartner($_SESSION['UUID']);
            
                    if ($currentPartner != "") {
                        $currentPartner = $opensim->getUserName($currentPartner);
                    }
            
                    if ($newPartner != "" && $currentPartner != $newPartner) {
                        $newPartnerUUID = $opensim->getUserUUID($newPartner);
            
                        if ($newPartnerUUID != null) {
                            $statement = $this->app->db()->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
                            $statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);
                        }
                    } else {
                        $statement = $this->app->db()->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
                        $statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);
                    }
                }
            }
        } elseif (isset($_POST['savePassword'])) {
            $validator = new FormValidator(array(
                'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
                'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
                'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/')
            ));

            if ($validator->isValid($_POST)) {
                if ($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
                    if (strlen(trim($_POST['newPassword']))  >= $this->app->config('password-min-length')) {
                        if (md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) {
                            $salt = bin2hex(random_bytes(16));
                            $hash = md5(md5(trim($_POST['newPassword'])).':'.$salt);
                            $statement = $this->app->db()->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
                            $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]);
                            $_SESSION['PASSWORD'] = $hash;
                            $_SESSION['SALT'] = $salt;
                            $_SESSION['profile_info'] = 'Neues Passwort gespeichert.';
                        } else {
                            $_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
                        }
                    } else {
                        $_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$this->app->config('password-min-length').' Zeichen lang sein.';
                    }
                } else {
                    $_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
                }
            } else {
                $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
            }
        } elseif (isset($_POST['deleteAccount'])) {
            $validator = new FormValidator(array(
                'delete-confirm-password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
                'delete-confirm' => array('required' => true, 'regex' => '/^(|on)$/')
            ));

            if ($validator->isValid($_POST)) {
                if (hash_equals(md5(md5($_POST['delete-confirm-password']).':'.$_SESSION['SALT']), $_SESSION['PASSWORD'])) {
                    $os = new OpenSim($this->app->db());
                    if ($os->deleteUser($_SESSION['UUID'])) {
                        $_SESSION['LOGIN'] = false;
                        session_destroy();
                        header('Location: index.php');
                        die();
                    } else {
                        $_SESSION['profile_info'] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.';
                    }
                }
                else {
                    $_SESSION['profile_info'] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.';
                }
            }
            else {
                $_SESSION['profile_info'] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.';
            }
        }

        header('Location: index.php?page=profile');
    }

    private function setNamePart(string $part, string $value, string $otherPart, string $otherValue): bool
    {
        $query = $this->app->db()->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');
        $query->execute(array($value, $otherValue));

        if ($query->rowCount() == 0) {
            $statement = $this->app->db()->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');
            $statement->execute(array($value, $_SESSION['UUID']));
            return true;
        }

        return false;
    }
}
add files 2020-06-03 15:31:18 +00:00			`<?php`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`declare(strict_types=1);`
Add minimum password length requirement 2023-08-23 16:16:36 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`namespace Mcp\Page;`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`use Mcp\FormValidator;`
			`use Mcp\OpenSim;`
			`use Mcp\Middleware\LoginRequiredMiddleware;`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`class Profile extends \Mcp\RequestHandler`
			`{`
			`public function __construct(\Mcp\Mcp $app)`
			`{`
			`parent::__construct($app, new LoginRequiredMiddleware($app, $app->config('domain')));`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`}`

Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`public function get(): void`
			`{`
			`$tpl = $this->app->template('profile.php')->parent('__dashboard.php');`
add files 2020-06-03 15:31:18 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			$statement = $this->app->db()->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
			`$statement->execute();`
add email info 2021-01-08 01:29:46 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`//Prüfe ob IAR grade erstellt wird.`
			`$statementIARCheck = $this->app->db()->prepare('SELECT 1 FROM iarstates WHERE userID =:userID');`
			`$statementIARCheck->execute(['userID' => $_SESSION['UUID']]);`
			`$iarRunning = $statementIARCheck->rowCount() != 0;`
			`$statementIARCheck->closeCursor();`

			`if ($iarRunning) {`
			`if (isset($_SESSION['iar_created'])) {`
			`$tpl->unsafeVar('iar-message', '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.</div>');`
			`} else {`
			`$tpl->unsafeVar('iar-message', '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');`
			`}`
			`$tpl->var('iar-button-state', 'disabled');`
			`}`
			`else {`
			`$tpl->vars([`
			`'iar-message' => ' ',`
			`'iar-state' => ''`
			`]);`
			`}`

			`$opensim = new OpenSim($this->app->db());`

			`$partnerUUID = $opensim->getPartner($_SESSION['UUID']);`
			`$partnerName = "";`

			`if ($partnerUUID != null) {`
			`$partnerName = $opensim->getUserName($partnerUUID);`
			`}`

			`$profileInfo = '';`
			`if (isset($_SESSION['profile_info'])) {`
			`$profileInfo = $_SESSION['profile_info'];`
			`unset($_SESSION['profile_info']);`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$tpl->vars([`
			`'title' => 'Dein Profil',`
			`'offline-im-state' => $opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE" ? ' checked' : ' ',`
			`'firstname' => $_SESSION['FIRSTNAME'],`
			`'lastname' => $_SESSION['LASTNAME'],`
Fix username not being included in profile page 2023-09-05 19:59:49 +00:00			`'username' => $_SESSION['DISPLAYNAME'],`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`'partner' => $partnerName,`
			`'email' => $opensim->getUserMail($_SESSION['UUID']),`
			`'residents-js-array' => '',`
			`'message' => $profileInfo`
			`])->render();`
			`}`

			`public function post(): void`
			`{`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (isset($_POST['createIAR'])) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$validator = new FormValidator(array()); // CSRF validation only`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if($validator->isValid($_POST)) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";`

Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statementIARSTART = $this->app->db()->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statementIARSTART->execute(['userID' => $_SESSION['UUID'], 'filesize' => 0, 'iarfilename' => $iarname]);`
Save IAR message state across requests 2023-08-23 16:16:35 +00:00
			`$_SESSION['iar_created'] = true;`
add files 2020-06-03 15:31:18 +00:00			`}`
			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`elseif (isset($_POST['saveProfileData'])) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$validator = new FormValidator(array(`
Fix profile form validation 2023-08-23 16:16:36 +00:00			`'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),`
			`'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),`
			`'formInputFeldEMail' => array('regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),`
			`'formInputFeldOfflineIM' => array('regex' => '/^(\|on)$/'),`
			`'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`));`

Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if ($validator->isValid($_POST)) {`
Remove useless double check of input lengths 2023-08-23 16:16:35 +00:00			`if(isset($_POST['formInputFeldVorname'])) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$newFirstName = trim($_POST['formInputFeldVorname']);`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if($newFirstName != "" && $_SESSION['FIRSTNAME'] != $newFirstName) {`
			`if($this->setNamePart('FirstName', $newFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && strlen(trim($_POST['formInputFeldNachname'])) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) {`
			`$_SESSION['FIRSTNAME'] = $newFirstName;`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];`
			`$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`}`
			`}`

Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (isset($_POST['formInputFeldNachname'])) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$newLastName = trim($_POST['formInputFeldNachname']);`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if ($newLastName != "" && $_SESSION['LASTNAME'] != $newLastName) {`
			`if ($this->setNamePart('LastName', $newLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {`
			`$_SESSION['LASTNAME'] = $newLastName;`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];`
			`$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`}`
			`}`

Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (isset($_POST['formInputFeldEMail'])) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$newEmail = trim($_POST['formInputFeldEMail']);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if ($newEmail != "" && $_SESSION['EMAIL'] != $newEmail) {`
			`$statement = $this->app->db()->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');`
			`$statement->execute(['Email' => $newEmail, 'PrincipalID' => $_SESSION['UUID']]);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');`
			`$statement->execute(['Email' => $newEmail, 'PrincipalID' => $_SESSION['UUID']]);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$_SESSION['EMAIL'] = $newEmail;`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`}`
			`}`

Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);`
			`} else {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$opensim = new OpenSim($this->app->db());`
Add minimum password length requirement 2023-08-23 16:16:36 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$newPartner = trim($_POST['formInputFeldPartnerName']);`
			`$currentPartner = $opensim->getPartner($_SESSION['UUID']);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if ($currentPartner != "") {`
			`$currentPartner = $opensim->getUserName($currentPartner);`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if ($newPartner != "" && $currentPartner != $newPartner) {`
			`$newPartnerUUID = $opensim->getUserUUID($newPartner);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if ($newPartnerUUID != null) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
			`}`
add files 2020-06-03 15:31:18 +00:00			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} elseif (isset($_POST['savePassword'])) {`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`$validator = new FormValidator(array(`
Change validation regexes to be more strict 2023-08-23 16:16:36 +00:00			`'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),`
			`'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),`
			`'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/')`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`));`
Change validation regexes to be more strict 2023-08-23 16:16:36 +00:00
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if ($validator->isValid($_POST)) {`
			`if ($_POST['newPasswordRepeat'] == $_POST['newPassword']) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if (strlen(trim($_POST['newPassword'])) >= $this->app->config('password-min-length')) {`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`if (md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) {`
Revert password hashing for OpenSim compatibility 2023-08-23 16:16:36 +00:00			`$salt = bin2hex(random_bytes(16));`
			`$hash = md5(md5(trim($_POST['newPassword'])).':'.$salt);`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement = $this->app->db()->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');`
Revert password hashing for OpenSim compatibility 2023-08-23 16:16:36 +00:00			`$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]);`
Add minimum password length requirement 2023-08-23 16:16:36 +00:00			`$_SESSION['PASSWORD'] = $hash;`
Revert password hashing for OpenSim compatibility 2023-08-23 16:16:36 +00:00			`$_SESSION['SALT'] = $salt;`
Add minimum password length requirement 2023-08-23 16:16:36 +00:00			`$_SESSION['profile_info'] = 'Neues Passwort gespeichert.';`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Add minimum password length requirement 2023-08-23 16:16:36 +00:00			`$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';`
			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$this->app->config('password-min-length').' Zeichen lang sein.';`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';`
			`}`
Fix formatting according to PSR-12 2023-08-27 03:31:32 +00:00			`} else {`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';`
			`}`
Add self-service user account deletion 2023-08-27 09:20:50 +00:00			`} elseif (isset($_POST['deleteAccount'])) {`
			`$validator = new FormValidator(array(`
			`'delete-confirm-password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),`
			`'delete-confirm' => array('required' => true, 'regex' => '/^(\|on)$/')`
			`));`

			`if ($validator->isValid($_POST)) {`
			`if (hash_equals(md5(md5($_POST['delete-confirm-password']).':'.$_SESSION['SALT']), $_SESSION['PASSWORD'])) {`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$os = new OpenSim($this->app->db());`
Add self-service user account deletion 2023-08-27 09:20:50 +00:00			`if ($os->deleteUser($_SESSION['UUID'])) {`
			`$_SESSION['LOGIN'] = false;`
			`session_destroy();`
			`header('Location: index.php');`
			`die();`
			`} else {`
			`$_SESSION['profile_info'] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.';`
			`}`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.';`
			`}`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.';`
			`}`
add files 2020-06-03 15:31:18 +00:00			`}`

Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`header('Location: index.php?page=profile');`
add files 2020-06-03 15:31:18 +00:00			`}`

Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`private function setNamePart(string $part, string $value, string $otherPart, string $otherValue): bool`
			`{`
Fix leftover reference to RUNTIME in Profile.php 2023-09-09 04:31:23 +00:00			`$query = $this->app->db()->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$query->execute(array($value, $otherValue));`
add files 2020-06-03 15:31:18 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`if ($query->rowCount() == 0) {`
Fix leftover reference to RUNTIME in Profile.php 2023-09-09 04:31:23 +00:00			`$statement = $this->app->db()->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`$statement->execute(array($value, $_SESSION['UUID']));`
			`return true;`
			`}`
add files 2020-06-03 15:31:18 +00:00
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`return false;`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`}`
Implement all existing pages as RequestHandlers 2023-09-04 23:12:48 +00:00			`}`