Manager/pages/profile.php

<?php
    function setNamePart(string $part, string $value, string $otherPart, string $otherValue) {
        $query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');
        $query->execute(array($value, $otherValue));

        if($query->rowCount() != 0) {
            $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?'); 
            $statement->execute(array($value, $_SESSION['UUID']));
            return true;
        }

        return false;
    }

    $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
    $statement->execute();

    //Prüfe ob IAR grade erstellt wird.
    $statementIARCheck = $RUNTIME['PDO']->prepare('SELECT 1 FROM iarstates WHERE userID =:userID');
    $statementIARCheck->execute(['userID' => $_SESSION['UUID']]);
    $IARRUNNING = $statementIARCheck->rowCount() != 0;
    $statementIARCheck->closeCursor();
    
    if($_SERVER['REQUEST_METHOD'] == 'POST') {
        include 'app/FormValidator.php';

        if(isset($_POST['createIAR'])) {
            $validator = new FormValidator(array()); // CSRF validation only
            if($validator->isValid($_POST) && $IARRUNNING == FALSE) {
                $iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";
                
                $statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');
                $statementIARSTART->execute(['userID' => $_SESSION['UUID'], 'filesize' => 0, 'iarfilename' => $iarname]);

                $_SESSION['iar_created'] = true;
            }
        }
        else if(isset($_POST['saveProfileData'])) {
            $validator = new FormValidator(array(
                'formInputFeldVorname' => array('regex' => '/[^\\/<>\s]{1,64}/'),
                'formInputFeldNachname' => array('regex' => '/[^\\/<>\s]{1,64}/'),
                'formInputFeldEMail' => array('regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),
                'formInputFeldOfflineIM' => array('regex' => '/(|on)/'),
                'formInputFeldPartnerName' => array('regex' => '/[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}/')
            ));
            
            if($validator->isValid($_POST)) {
                if(isset($_POST['formInputFeldVorname'])) {
                    $NewFirstName = trim($_POST['formInputFeldVorname']);
                    
                    if($NewFirstName != "" && $_SESSION['FIRSTNAME'] != $NewFirstName) {
                        if(setNamePart('FirstName', $NewFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && trim($_POST['formInputFeldNachname']) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) {
                            $_SESSION['FIRSTNAME'] = $NewFirstName;
                            $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
                            $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
                        }
                        else {
                            $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
                        }
                    }
                }
            
                if(isset($_POST['formInputFeldNachname'])) {
                    $NewLastName = trim($_POST['formInputFeldNachname']);
                    
                    if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
                        if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && trim($_POST['formInputFeldVorname']) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
                            $_SESSION['LASTNAME'] = $NewLastName;
                            $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
                            $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
                        }
                        else {
                            $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
                        }
                    }
                }
            
                if(isset($_POST['formInputFeldEMail'])) {
                    $NewEMail = trim($_POST['formInputFeldEMail']);
            
                    if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {
                        $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID'); 
                        $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
        
                        $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID'); 
                        $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
        
                        $_SESSION['EMAIL'] = $NewEMail;
                    }
                }
            
                if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
                    $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); 
                    $statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);
                } else {
                    $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); 
                    $statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);
                }

                if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
                    $NewPartner = trim($_POST['formInputFeldPartnerName']);
                    $CurrentPartner = $opensim->getPartner($_SESSION['UUID']);
            
                    include_once 'app/OpenSim.php';
                    if($CurrentPartner != "")$CurrentPartner = (new OpenSim())->getUserName($CurrentPartner);
            
                    if($NewPartner != "" && $CurrentPartner != $NewPartner) {
                        $newPartnerUUID = $opensim->getUserUUID($NewPartner);
            
                        if($newPartnerUUID != null) {
                            $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); 
                            $statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);
                        }
                    }else{
                        $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); 
                        $statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);
                    }
                }
            }
        }
        else if(isset($_POST['savePassword'])) {
            $validator = new FormValidator(array(
                'oldPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
                'newPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
                'newPasswordRepeat' => array('required' => true, 'regex' => '/.{1,1000}/')
            ));
    
            if($validator->isValid($_POST)) {
                if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
                    if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {
                        $hash = password_hash($NewPassword, PASSWORD_ARGON2ID);
                        $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); 
                        $statement->execute(['PasswordHash' => $hash, 'PrincipalID' => $_SESSION['UUID']]);
                        $_SESSION['PASSWORD'] = $hash;
                        $_SESSION['profile_info'] = 'Neues Passwort gespeichert.';
                    }
                    else {
                        $_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
                    }
                }
                else {
                    $_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
                }
            }
            else {
                $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
            }
        }

        header('Location: index.php?page=profile');
        die();
    }

    $HTML->setHTMLTitle("Dein Profile");
    $HTML->importSeitenInhalt("profile.html");

    if($IARRUNNING) {
        if(isset($_SESSION['iar_created'])) {
            $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>'); 
            unset($_SESSION['iar_created']);
        }
        else {
            $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>'); 
        }
        $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled'); 
    }

    include_once 'app/OpenSim.php';
    $opensim = new OpenSim();

    $PartnerUUID = $opensim->getPartner($_SESSION['UUID']);
    $PartnerName = "";

    if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID);

    if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked'); 

    $HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' '); 
    $HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME'])); 
    $HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME'])); 
    $HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName)); 
    $HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID']))); 
    $HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", ""); 

    $profileInfo = '';
    if(isset($_SESSION['profile_info'])) {
        $profileInfo = $_SESSION['profile_info'];
        unset($_SESSION['profile_info']);
    }
    $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo);

    $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' '); 
    $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", ''); 

    $HTML->build();
    echo $HTML->ausgabe();
?>
add files 2020-06-03 15:31:18 +00:00			`<?php`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`function setNamePart(string $part, string $value, string $otherPart, string $otherValue) {`
			`$query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');`
			`$query->execute(array($value, $otherValue));`

			`if($query->rowCount() != 0) {`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');`
			`$statement->execute(array($value, $_SESSION['UUID']));`
			`return true;`
			`}`

			`return false;`
			`}`

fix bug in cron 2021-01-08 02:53:41 +00:00			$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$statement->execute();`
add files 2020-06-03 15:31:18 +00:00
add iar save 2021-01-08 01:00:03 +00:00			`//Prüfe ob IAR grade erstellt wird.`
Only fetch required rows from database 2023-08-23 16:16:34 +00:00			`$statementIARCheck = $RUNTIME['PDO']->prepare('SELECT 1 FROM iarstates WHERE userID =:userID');`
add iar save 2021-01-08 01:00:03 +00:00			`$statementIARCheck->execute(['userID' => $_SESSION['UUID']]);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$IARRUNNING = $statementIARCheck->rowCount() != 0;`
			`$statementIARCheck->closeCursor();`
add email info 2021-01-08 01:29:46 +00:00
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`if($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`include 'app/FormValidator.php';`

			`if(isset($_POST['createIAR'])) {`
			`$validator = new FormValidator(array()); // CSRF validation only`
			`if($validator->isValid($_POST) && $IARRUNNING == FALSE) {`
			`$iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";`

			`$statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');`
			`$statementIARSTART->execute(['userID' => $_SESSION['UUID'], 'filesize' => 0, 'iarfilename' => $iarname]);`
Save IAR message state across requests 2023-08-23 16:16:35 +00:00
			`$_SESSION['iar_created'] = true;`
add files 2020-06-03 15:31:18 +00:00			`}`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`else if(isset($_POST['saveProfileData'])) {`
			`$validator = new FormValidator(array(`
			`'formInputFeldVorname' => array('regex' => '/[^\\/<>\s]{1,64}/'),`
			`'formInputFeldNachname' => array('regex' => '/[^\\/<>\s]{1,64}/'),`
			`'formInputFeldEMail' => array('regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`'formInputFeldOfflineIM' => array('regex' => '/(\|on)/'),`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`'formInputFeldPartnerName' => array('regex' => '/[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}/')`
			`));`

			`if($validator->isValid($_POST)) {`
Remove useless double check of input lengths 2023-08-23 16:16:35 +00:00			`if(isset($_POST['formInputFeldVorname'])) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$NewFirstName = trim($_POST['formInputFeldVorname']);`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`if($NewFirstName != "" && $_SESSION['FIRSTNAME'] != $NewFirstName) {`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`if(setNamePart('FirstName', $NewFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && trim($_POST['formInputFeldNachname']) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) {`
			`$_SESSION['FIRSTNAME'] = $NewFirstName;`
			`$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];`
			`$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`}`
			`}`

Remove useless double check of input lengths 2023-08-23 16:16:35 +00:00			`if(isset($_POST['formInputFeldNachname'])) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$NewLastName = trim($_POST['formInputFeldNachname']);`
Check if new name is already taken 2023-08-23 16:16:35 +00:00
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {`
Check if new name is already taken 2023-08-23 16:16:35 +00:00			`if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && trim($_POST['formInputFeldVorname']) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {`
			`$_SESSION['LASTNAME'] = $NewLastName;`
			`$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];`
			`$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`}`
			`}`

Remove useless double check of input lengths 2023-08-23 16:16:35 +00:00			`if(isset($_POST['formInputFeldEMail'])) {`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$NewEMail = trim($_POST['formInputFeldEMail']);`

			`if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');`
			`$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);`

			`$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');`
			`$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);`

			`$_SESSION['EMAIL'] = $NewEMail;`
			`}`
			`}`

			`if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');`
			`$statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);`
			`} else {`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');`
			`$statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {`
			`$NewPartner = trim($_POST['formInputFeldPartnerName']);`
			`$CurrentPartner = $opensim->getPartner($_SESSION['UUID']);`

Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`include_once 'app/OpenSim.php';`
			`if($CurrentPartner != "")$CurrentPartner = (new OpenSim())->getUserName($CurrentPartner);`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00
			`if($NewPartner != "" && $CurrentPartner != $NewPartner) {`
			`$newPartnerUUID = $opensim->getUserUUID($NewPartner);`

			`if($newPartnerUUID != null) {`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');`
			`$statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
			`}else{`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');`
			`$statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);`
			`}`
			`}`
add files 2020-06-03 15:31:18 +00:00			`}`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`else if(isset($_POST['savePassword'])) {`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`$validator = new FormValidator(array(`
			`'oldPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),`
			`'newPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),`
			`'newPasswordRepeat' => array('required' => true, 'regex' => '/.{1,1000}/')`
			`));`

			`if($validator->isValid($_POST)) {`
			`if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {`
			`if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {`
			`$hash = password_hash($NewPassword, PASSWORD_ARGON2ID);`
			`$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');`
			`$statement->execute(['PasswordHash' => $hash, 'PrincipalID' => $_SESSION['UUID']]);`
			`$_SESSION['PASSWORD'] = $hash;`
			`$_SESSION['profile_info'] = 'Neues Passwort gespeichert.';`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';`
			`}`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';`
			`}`
			`}`
			`else {`
			`$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';`
			`}`
add files 2020-06-03 15:31:18 +00:00			`}`

Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`header('Location: index.php?page=profile');`
			`die();`
add files 2020-06-03 15:31:18 +00:00			`}`

Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$HTML->setHTMLTitle("Dein Profile");`
			`$HTML->importSeitenInhalt("profile.html");`
Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00
Save IAR message state across requests 2023-08-23 16:16:35 +00:00			`if($IARRUNNING) {`
			`if(isset($_SESSION['iar_created'])) {`
			`$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>');`
			`unset($_SESSION['iar_created']);`
			`}`
			`else {`
			`$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');`
			`}`
Enforce POST and validate input for profile forms 2023-08-23 16:16:35 +00:00			`$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');`
add files 2020-06-03 15:31:18 +00:00			`}`

Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00			`include_once 'app/OpenSim.php';`
			`$opensim = new OpenSim();`

Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00			`$PartnerUUID = $opensim->getPartner($_SESSION['UUID']);`
add files 2020-06-03 15:31:18 +00:00			`$PartnerName = "";`

Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00			`if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID);`
add files 2020-06-03 15:31:18 +00:00
Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00			`if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked');`
add files 2020-06-03 15:31:18 +00:00
			`$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' ');`
Always encode user input before including in HTML 2023-08-23 16:16:34 +00:00			`$HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME']));`
			`$HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME']));`
			`$HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName));`
Only include and construct OpenSim when needed 2023-08-23 16:16:35 +00:00			`$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));`
fix pw page 2020-08-04 10:08:41 +00:00			`$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");`
Actually merge profile and password change pages 2023-08-23 16:16:35 +00:00
			`$profileInfo = '';`
			`if(isset($_SESSION['profile_info'])) {`
			`$profileInfo = $_SESSION['profile_info'];`
			`unset($_SESSION['profile_info']);`
			`}`
			`$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo);`

add iar save 2021-01-08 01:00:03 +00:00			`$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' ');`
			`$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", '');`
combine pages 2020-08-04 10:00:38 +00:00
add files 2020-06-03 15:31:18 +00:00			`$HTML->build();`
			`echo $HTML->ausgabe();`
			`?>`