Manager/pages/groups.php

<?php
    if($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if(isset($_POST['leave'])) {
            include 'app/FormValidator.php';
            $validator = new FormValidator(array(
                'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
            ));

            if($validator->isValid($_POST)) {
                $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
                $statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
            }
        }

        header('Location: index.php?page=groups');
        die();
    }

    include 'app/OpenSim.php';
    $opensim = new OpenSim();

    $HTML->setHTMLTitle("Gruppen");
    $HTML->importSeitenInhalt("deine-regionen.html");

    $table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Gründer</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
    
    $statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?");
    $statementGroups->execute(array($_SESSION['UUID']));

    while($rowGroups = $statementGroups->fetch()) 
    {
        $entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
        $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
    }

    $table = str_replace("%%ENTRY%%", "", $table);
    $HTML->ReplaceSeitenInhalt("%%REGION-LIST%%", $table);

    $HTML->build();
    echo $HTML->ausgabe();
?>
add files 2020-06-03 15:31:18 +00:00			`<?php`
Fix POST request handling in dashboard forms 2023-08-23 16:16:35 +00:00			`if($_SERVER['REQUEST_METHOD'] == 'POST')`
add leave group 2021-01-06 14:28:13 +00:00			`{`
Use POST for leaving groups, validate input 2023-08-23 16:16:35 +00:00			`if(isset($_POST['leave'])) {`
Fix POST request handling in dashboard forms 2023-08-23 16:16:35 +00:00			`include 'app/FormValidator.php';`
Use POST for leaving groups, validate input 2023-08-23 16:16:35 +00:00			`$validator = new FormValidator(array(`
Change validation regexes to be more strict 2023-08-23 16:16:36 +00:00			`'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')`
Use POST for leaving groups, validate input 2023-08-23 16:16:35 +00:00			`));`

			`if($validator->isValid($_POST)) {`
			`$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");`
			`$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));`
			`}`
			`}`
Always redirect after making changes 2023-08-23 16:16:34 +00:00
			`header('Location: index.php?page=groups');`
			`die();`
add leave group 2021-01-06 14:28:13 +00:00			`}`

Fix include/template paths 2023-08-23 16:16:35 +00:00			`include 'app/OpenSim.php';`
Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00			`$opensim = new OpenSim();`

Always redirect after making changes 2023-08-23 16:16:34 +00:00			`$HTML->setHTMLTitle("Gruppen");`
Fix include/template paths 2023-08-23 16:16:35 +00:00			`$HTML->importSeitenInhalt("deine-regionen.html");`
Always redirect after making changes 2023-08-23 16:16:34 +00:00
add files 2020-06-03 15:31:18 +00:00			`$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Gründer</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';`

Optimize user group query 2023-08-23 16:16:36 +00:00			`$statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?");`
			`$statementGroups->execute(array($_SESSION['UUID']));`
add files 2020-06-03 15:31:18 +00:00
Optimize user group query 2023-08-23 16:16:36 +00:00			`while($rowGroups = $statementGroups->fetch())`
add files 2020-06-03 15:31:18 +00:00			`{`
Optimize user group query 2023-08-23 16:16:36 +00:00			`$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';`
			`$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);`
add files 2020-06-03 15:31:18 +00:00			`}`

			`$table = str_replace("%%ENTRY%%", "", $table);`
			`$HTML->ReplaceSeitenInhalt("%%REGION-LIST%%", $table);`

			`$HTML->build();`
			`echo $HTML->ausgabe();`
			`?>`