2020-06-03 15:31:18 +00:00
< ? php
2023-08-27 03:31:32 +00:00
function setNamePart ( string $part , string $value , string $otherPart , string $otherValue ) : bool
{
2023-08-23 16:16:36 +00:00
global $RUNTIME ;
2023-08-23 16:16:35 +00:00
$query = $RUNTIME [ 'PDO' ] -> prepare ( 'SELECT 1 FROM UserAccounts WHERE ' . $part . ' = ? AND ' . $otherPart . ' = ?' );
$query -> execute ( array ( $value , $otherValue ));
2023-08-27 03:31:32 +00:00
if ( $query -> rowCount () == 0 ) {
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE UserAccounts SET ' . $part . ' = ? WHERE PrincipalID = ?' );
2023-08-23 16:16:35 +00:00
$statement -> execute ( array ( $value , $_SESSION [ 'UUID' ]));
return true ;
}
return false ;
}
2021-01-08 02:53:41 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB; " );
2023-08-23 16:16:35 +00:00
$statement -> execute ();
2020-06-03 15:31:18 +00:00
2021-01-08 01:00:03 +00:00
//Prüfe ob IAR grade erstellt wird.
2023-08-23 16:16:34 +00:00
$statementIARCheck = $RUNTIME [ 'PDO' ] -> prepare ( 'SELECT 1 FROM iarstates WHERE userID =:userID' );
2021-01-08 01:00:03 +00:00
$statementIARCheck -> execute ([ 'userID' => $_SESSION [ 'UUID' ]]);
2023-08-23 16:16:35 +00:00
$IARRUNNING = $statementIARCheck -> rowCount () != 0 ;
$statementIARCheck -> closeCursor ();
2021-01-08 01:29:46 +00:00
2023-08-27 03:31:32 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
include_once 'app/FormValidator.php' ;
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( isset ( $_POST [ 'createIAR' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array ()); // CSRF validation only
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST ) && ! $IARRUNNING ) {
2023-08-23 16:16:35 +00:00
$iarname = md5 ( time () . $_SESSION [ 'UUID' ] . rand ()) . " .iar " ;
$statementIARSTART = $RUNTIME [ 'PDO' ] -> prepare ( 'INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)' );
$statementIARSTART -> execute ([ 'userID' => $_SESSION [ 'UUID' ], 'filesize' => 0 , 'iarfilename' => $iarname ]);
2023-08-23 16:16:35 +00:00
$_SESSION [ 'iar_created' ] = true ;
2020-06-03 15:31:18 +00:00
}
}
2023-08-27 03:31:32 +00:00
elseif ( isset ( $_POST [ 'saveProfileData' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array (
2023-08-23 16:16:36 +00:00
'formInputFeldVorname' => array ( 'regex' => '/^[^\\/<>\s]{1,64}$/' ),
'formInputFeldNachname' => array ( 'regex' => '/^[^\\/<>\s]{1,64}$/' ),
'formInputFeldEMail' => array ( 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/' ),
'formInputFeldOfflineIM' => array ( 'regex' => '/^(|on)$/' ),
'formInputFeldPartnerName' => array ( 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/' )
2023-08-23 16:16:35 +00:00
));
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST )) {
2023-08-23 16:16:35 +00:00
if ( isset ( $_POST [ 'formInputFeldVorname' ])) {
2023-08-23 16:16:35 +00:00
$NewFirstName = trim ( $_POST [ 'formInputFeldVorname' ]);
2023-08-23 16:16:35 +00:00
2023-08-23 16:16:35 +00:00
if ( $NewFirstName != " " && $_SESSION [ 'FIRSTNAME' ] != $NewFirstName ) {
2023-08-23 16:16:36 +00:00
if ( setNamePart ( 'FirstName' , $NewFirstName , 'LastName' , isset ( $_POST [ 'formInputFeldNachname' ]) && strlen ( trim ( $_POST [ 'formInputFeldNachname' ])) > 0 ? $_POST [ 'formInputFeldNachname' ] : $_SESSION [ 'LASTNAME' ])) {
2023-08-23 16:16:35 +00:00
$_SESSION [ 'FIRSTNAME' ] = $NewFirstName ;
$_SESSION [ 'USERNAME' ] = $_SESSION [ 'FIRSTNAME' ] . " " . $_SESSION [ 'LASTNAME' ];
$_SESSION [ 'DISPLAYNAME' ] = strtoupper ( $_SESSION [ 'USERNAME' ]);
}
else {
$_SESSION [ 'profile_info' ] = 'Der gewählte Name ist bereits vergeben.' ;
}
2023-08-23 16:16:35 +00:00
}
}
2023-08-27 03:31:32 +00:00
if ( isset ( $_POST [ 'formInputFeldNachname' ])) {
2023-08-23 16:16:35 +00:00
$NewLastName = trim ( $_POST [ 'formInputFeldNachname' ]);
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( $NewLastName != " " && $_SESSION [ 'LASTNAME' ] != $NewLastName ) {
if ( setNamePart ( 'LastName' , $NewLastName , 'FirstName' , isset ( $_POST [ 'formInputFeldVorname' ]) && strlen ( trim ( $_POST [ 'formInputFeldVorname' ])) > 0 ? $_POST [ 'formInputFeldVorname' ] : $_SESSION [ 'FIRSTNAME' ])) {
2023-08-23 16:16:35 +00:00
$_SESSION [ 'LASTNAME' ] = $NewLastName ;
$_SESSION [ 'USERNAME' ] = $_SESSION [ 'FIRSTNAME' ] . " " . $_SESSION [ 'LASTNAME' ];
$_SESSION [ 'DISPLAYNAME' ] = strtoupper ( $_SESSION [ 'USERNAME' ]);
2023-08-27 03:31:32 +00:00
} else {
2023-08-23 16:16:35 +00:00
$_SESSION [ 'profile_info' ] = 'Der gewählte Name ist bereits vergeben.' ;
}
2023-08-23 16:16:35 +00:00
}
}
2023-08-27 03:31:32 +00:00
if ( isset ( $_POST [ 'formInputFeldEMail' ])) {
2023-08-23 16:16:35 +00:00
$NewEMail = trim ( $_POST [ 'formInputFeldEMail' ]);
2023-08-27 03:31:32 +00:00
if ( $NewEMail != " " && $_SESSION [ 'EMAIL' ] != $NewEMail ) {
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'Email' => $NewEMail , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'Email' => $NewEMail , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
$_SESSION [ 'EMAIL' ] = $NewEMail ;
}
}
2023-08-27 03:31:32 +00:00
if ( isset ( $_POST [ 'formInputFeldOfflineIM' ]) && $_POST [ 'formInputFeldOfflineIM' ] == " on " ) {
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'IMState' => 'true' , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
} else {
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'IMState' => 'false' , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
}
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( isset ( $_POST [ 'formInputFeldPartnerName' ]) && $_POST [ 'formInputFeldPartnerName' ] != " " ) {
2023-08-23 16:16:36 +00:00
include_once 'app/OpenSim.php' ;
$opensim = new OpenSim ();
2023-08-23 16:16:35 +00:00
$NewPartner = trim ( $_POST [ 'formInputFeldPartnerName' ]);
$CurrentPartner = $opensim -> getPartner ( $_SESSION [ 'UUID' ]);
2023-08-27 03:31:32 +00:00
if ( $CurrentPartner != " " ) {
$CurrentPartner = $opensim -> getUserName ( $CurrentPartner );
}
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( $NewPartner != " " && $CurrentPartner != $NewPartner ) {
2023-08-23 16:16:35 +00:00
$newPartnerUUID = $opensim -> getUserUUID ( $NewPartner );
2023-08-27 03:31:32 +00:00
if ( $newPartnerUUID != null ) {
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'profilePartner' => $newPartnerUUID , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
}
2023-08-27 03:31:32 +00:00
} else {
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID' );
2023-08-23 16:16:35 +00:00
$statement -> execute ([ 'profilePartner' => '00000000-0000-0000-0000-000000000000' , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
}
}
2020-06-03 15:31:18 +00:00
}
2023-08-27 03:31:32 +00:00
} elseif ( isset ( $_POST [ 'savePassword' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array (
2023-08-23 16:16:36 +00:00
'oldPassword' => array ( 'required' => true , 'regex' => '/^.{1,1000}$/' ),
'newPassword' => array ( 'required' => true , 'regex' => '/^.{1,1000}$/' ),
'newPasswordRepeat' => array ( 'required' => true , 'regex' => '/^.{1,1000}$/' )
2023-08-23 16:16:35 +00:00
));
2023-08-23 16:16:36 +00:00
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST )) {
if ( $_POST [ 'newPasswordRepeat' ] == $_POST [ 'newPassword' ]) {
if ( strlen ( trim ( $_POST [ 'newPassword' ])) >= $RUNTIME [ 'PASSWORD_MIN_LENGTH' ]) {
if ( md5 ( md5 ( $_POST [ 'oldPassword' ]) . ':' . $_SESSION [ 'SALT' ]) == $_SESSION [ 'PASSWORD' ]) {
2023-08-23 16:16:36 +00:00
$salt = bin2hex ( random_bytes ( 16 ));
$hash = md5 ( md5 ( trim ( $_POST [ 'newPassword' ])) . ':' . $salt );
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID' );
2023-08-23 16:16:36 +00:00
$statement -> execute ([ 'PasswordHash' => $hash , 'PasswordSalt' => $salt , 'PrincipalID' => $_SESSION [ 'UUID' ]]);
2023-08-23 16:16:36 +00:00
$_SESSION [ 'PASSWORD' ] = $hash ;
2023-08-23 16:16:36 +00:00
$_SESSION [ 'SALT' ] = $salt ;
2023-08-23 16:16:36 +00:00
$_SESSION [ 'profile_info' ] = 'Neues Passwort gespeichert.' ;
2023-08-27 03:31:32 +00:00
} else {
2023-08-23 16:16:36 +00:00
$_SESSION [ 'profile_info' ] = 'Das alte Passwort ist nicht richtig!' ;
}
2023-08-27 03:31:32 +00:00
} else {
2023-08-23 16:16:36 +00:00
$_SESSION [ 'profile_info' ] = 'Das neue Passwort muss mindestens ' . $RUNTIME [ 'PASSWORD_MIN_LENGTH' ] . ' Zeichen lang sein.' ;
2023-08-23 16:16:35 +00:00
}
2023-08-27 03:31:32 +00:00
} else {
2023-08-23 16:16:35 +00:00
$_SESSION [ 'profile_info' ] = 'Die neuen Passwörter stimmen nicht überein!' ;
}
2023-08-27 03:31:32 +00:00
} else {
2023-08-23 16:16:35 +00:00
$_SESSION [ 'profile_info' ] = 'Bitte fülle das Formular vollständig aus.' ;
}
2023-08-27 09:20:50 +00:00
} elseif ( isset ( $_POST [ 'deleteAccount' ])) {
$validator = new FormValidator ( array (
'delete-confirm-password' => array ( 'required' => true , 'regex' => '/^.{1,1000}$/' ),
'delete-confirm' => array ( 'required' => true , 'regex' => '/^(|on)$/' )
));
if ( $validator -> isValid ( $_POST )) {
if ( hash_equals ( md5 ( md5 ( $_POST [ 'delete-confirm-password' ]) . ':' . $_SESSION [ 'SALT' ]), $_SESSION [ 'PASSWORD' ])) {
$uuid = $_SESSION [ 'UUID' ];
include_once 'app/OpenSim.php' ;
$os = new OpenSim ();
if ( $os -> deleteUser ( $_SESSION [ 'UUID' ])) {
$_SESSION [ 'LOGIN' ] = false ;
session_destroy ();
header ( 'Location: index.php' );
die ();
} else {
$_SESSION [ 'profile_info' ] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.' ;
}
}
else {
$_SESSION [ 'profile_info' ] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.' ;
}
}
else {
$_SESSION [ 'profile_info' ] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.' ;
}
2020-06-03 15:31:18 +00:00
}
2023-08-23 16:16:35 +00:00
header ( 'Location: index.php?page=profile' );
die ();
2020-06-03 15:31:18 +00:00
}
2023-08-23 16:16:35 +00:00
$HTML -> setHTMLTitle ( " Dein Profile " );
$HTML -> importSeitenInhalt ( " profile.html " );
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( $IARRUNNING ) {
if ( isset ( $_SESSION [ 'iar_created' ])) {
$HTML -> ReplaceSeitenInhalt ( " %%IARINFOMESSAGE%% " , '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.' . $APIResult . '</div>' );
2023-08-23 16:16:35 +00:00
unset ( $_SESSION [ 'iar_created' ]);
2023-08-27 03:31:32 +00:00
} else {
$HTML -> ReplaceSeitenInhalt ( " %%IARINFOMESSAGE%% " , '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>' );
2023-08-23 16:16:35 +00:00
}
2023-08-27 03:31:32 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%IARBUTTONSTATE%% " , 'disabled' );
2020-06-03 15:31:18 +00:00
}
2023-08-23 16:16:35 +00:00
include_once 'app/OpenSim.php' ;
$opensim = new OpenSim ();
2023-08-23 16:16:35 +00:00
$PartnerUUID = $opensim -> getPartner ( $_SESSION [ 'UUID' ]);
2020-06-03 15:31:18 +00:00
$PartnerName = " " ;
2023-08-27 03:31:32 +00:00
if ( $PartnerUUID != null ) {
$PartnerName = $opensim -> getUserName ( $PartnerUUID );
}
2020-06-03 15:31:18 +00:00
2023-08-27 03:31:32 +00:00
if ( $opensim -> allowOfflineIM ( $_SESSION [ 'UUID' ]) == " TRUE " ) {
$HTML -> ReplaceSeitenInhalt ( " %%offlineIMSTATE%% " , ' checked' );
}
2020-06-03 15:31:18 +00:00
2023-08-27 03:31:32 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%offlineIMSTATE%% " , ' ' );
$HTML -> ReplaceSeitenInhalt ( " %%firstname%% " , htmlspecialchars ( $_SESSION [ 'FIRSTNAME' ]));
$HTML -> ReplaceSeitenInhalt ( " %%lastname%% " , htmlspecialchars ( $_SESSION [ 'LASTNAME' ]));
$HTML -> ReplaceSeitenInhalt ( " %%partner%% " , htmlspecialchars ( $PartnerName ));
$HTML -> ReplaceSeitenInhalt ( " %%email%% " , htmlspecialchars ( $opensim -> getUserMail ( $_SESSION [ 'UUID' ])));
$HTML -> ReplaceSeitenInhalt ( " %%listAllResidentsAsJSArray%% " , " " );
2023-08-23 16:16:35 +00:00
$profileInfo = '' ;
2023-08-27 03:31:32 +00:00
if ( isset ( $_SESSION [ 'profile_info' ])) {
2023-08-23 16:16:35 +00:00
$profileInfo = $_SESSION [ 'profile_info' ];
unset ( $_SESSION [ 'profile_info' ]);
}
$HTML -> ReplaceSeitenInhalt ( " %%INFOMESSAGE%% " , $profileInfo );
2023-08-27 03:31:32 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%IARINFOMESSAGE%% " , ' ' );
$HTML -> ReplaceSeitenInhalt ( " %%IARBUTTONSTATE%% " , '' );
2020-08-04 10:00:38 +00:00
2020-06-03 15:31:18 +00:00
$HTML -> build ();
echo $HTML -> ausgabe ();