Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Fix formatting according to PSR-12

master
Anonymous Contributor 2023-08-27 05:31:32 +02:00
parent 9a5182816f
commit 120fb3772e
25 changed files with 659 additions and 740 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
api/onlineDisplay.php
View File

@ -4,26 +4,22 @@
</head>
<body style="background-image: url('./style/images/fabric-pattern.png')">
<?php
$statement = $RUNTIME['PDO']->prepare("SELECT UserID,RegionID FROM Presence WHERE RegionID != '00000000-0000-0000-0000-000000000000' ORDER BY RegionID ASC");
$statement->execute();
$statement->execute();
if($statement->rowCount() == 0)
{
if ($statement->rowCount() == 0) {
echo "<h1>Es ist niemand online!</h1>";
}else{
} else {
echo '<table style="width:350px;margin-left:auto;margin-right:auto;margin-top:25px"><tr><th align="left" style="background-color: #FF8000;">Name</th><th align="left" style="background-color: #FF8000;">Region</th></tr>';
$entryColor = TRUE;
include 'app/OpenSim.php';
$entryColor = true;
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
while($row = $statement->fetch())
{
if($entryColor == TRUE)
$entry = '<tr style="background-color: #F2F2F2;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>';
if($entryColor == FALSE)
while ($row = $statement->fetch()) {
if ($entryColor) {
$entry = '<tr style="background-color: #F2F2F2;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>';
} else {
$entry = '<tr style="background-color: #E6E6E6;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>';
}
echo $entry;
$entryColor = !$entryColor;

20
api/viewerWelcomeSite.php
View File

@ -1,5 +1,5 @@
<?php
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$HTML = new HTML();
@ -7,12 +7,9 @@
$HTML->importHTML("viewerWelcomeImages.html");
$IMAGES = array();
if ($handle = opendir('./data/viewerWelcomeImages'))
{
while (false !== ($entry = readdir($handle)))
{
if ($entry != "." && $entry != "..")
{
if ($handle = opendir('./data/viewerWelcomeImages')) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
$IMAGES = array_merge($IMAGES, array("./data/viewerWelcomeImages/".$entry));
}
}
@ -22,14 +19,13 @@
shuffle($IMAGES);
$HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES));
$HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']);
$HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']);
$HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES));
$HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']);
$HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']);
$HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."<br>Regionen: ".$opensim->getRegionCount()."<br>Aktuell Online: ".($opensim->getOnlineCount()-1));
$HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."<br>Regionen: ".$opensim->getRegionCount()."<br>Aktuell Online: ".($opensim->getOnlineCount()-1));
$HTML->build();
echo $HTML->ausgabe();
?>

21
app/FormValidator.php
View File

@ -3,27 +3,29 @@ class FormValidator {
private array $fieldValidation;
public function __construct(array $fieldValidation) {
public function __construct(array $fieldValidation)
{
$this->fieldValidation = $fieldValidation;
}
public function isValid(array $req) {
if(!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) {
public function isValid(array $req): bool
{
if (!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) {
return false;
}
foreach($this->fieldValidation as $field => $params) {
if(isset($req[$field]) && strlen(trim($req[$field])) > 0) {
if(isset($params['regex'])) {
if(!preg_match($params['regex'], $req[$field])) {
foreach ($this->fieldValidation as $field => $params) {
if (isset($req[$field]) && strlen(trim($req[$field])) > 0) {
if (isset($params['regex'])) {
if (!preg_match($params['regex'], $req[$field])) {
return false;
}
}
else if(isset($params['equals']) && $params['equals'] !== $req[$field]) {
elseif (isset($params['equals']) && $params['equals'] !== $req[$field]) {
return false;
}
}
else if(isset($params['required']) && $params['required']) {
elseif (isset($params['required']) && $params['required']) {
return false;
}
}
@ -32,4 +34,3 @@ class FormValidator {
}
}
?>

347
app/OpenSim.php
View File

@ -1,221 +1,212 @@
<?php
class OpenSim
{
public function isLoginValid($name, $password)
{
global $RUNTIME;
class OpenSim
{
public function isLoginValid($name, $password)
{
global $RUNTIME;
$nameParts = explode(" ", trim($name));
if(count($nameParts) != 2) {
return false;
}
$nameParts = explode(" ", trim($name));
if(count($nameParts) != 2) {
return false;
}
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute($nameParts);
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute($nameParts);
while($rowUser = $statementUser->fetch())
{
$statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1");
$statementAuth->execute(array($rowUser['PrincipalID']));
while($rowUser = $statementUser->fetch()) {
$statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1");
$statementAuth->execute(array($rowUser['PrincipalID']));
while($rowAuth = $statementAuth->fetch())
{
return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'];
}
}
if ($rowAuth = $statementAuth->fetch()) {
return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'];
}
}
return false;
}
return false;
}
public function getUserName($userID)
{
global $RUNTIME;
if($userID == "00000000-0000-0000-0000-000000000000")
return "Unknown User";
public function getUserName($userID)
{
global $RUNTIME;
if ($userID == "00000000-0000-0000-0000-000000000000") {
return "Unknown User";
}
if(isset($RUNTIME['CACHE']['USERNAME'][$userID]))
return $RUNTIME['CACHE']['USERNAME'][$userID];
if (isset($RUNTIME['CACHE']['USERNAME'][$userID])) {
return $RUNTIME['CACHE']['USERNAME'][$userID];
}
$statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?");
$statementUser->execute(array($userID));
$statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?");
$statementUser->execute(array($userID));
while($rowUser = $statementUser->fetch())
{
$RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName'];
return $rowUser['FirstName']." ".$rowUser['LastName'];
}
if ($rowUser = $statementUser->fetch()) {
$RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName'];
return $rowUser['FirstName']." ".$rowUser['LastName'];
}
$statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser");
$statementGridUser->execute();
$statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser");
$statementGridUser->execute();
while($rowGridUser = $statementGridUser->fetch())
{
$UserData = explode(";", $rowGridUser['UserID']);
while ($rowGridUser = $statementGridUser->fetch()) {
$userData = explode(";", $rowGridUser['UserID']);
if(count($UserData) >= 3)
{
$DBUserID = $UserData[0];
$DBUserName = $UserData[2];
if (count($userData) >= 3) {
$dbUserID = $userData[0];
$dbUserName = $userData[2];
$RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName;
$RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName;
if($DBUserID == $userID)
return $DBUserName;
}
}
if ($dbUserID == $userID) {
return $dbUserName;
}
}
}
$statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends");
$statementFriends->execute();
$statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends");
$statementFriends->execute();
while($rowFriends = $statementFriends->fetch())
{
$UserData = explode(";", $rowFriends['PrincipalID']);
while ($rowFriends = $statementFriends->fetch()) {
$userData = explode(";", $rowFriends['PrincipalID']);
if(count($UserData) == 4)
{
$DBUserID = $UserData[0];
$DBUserName = $UserData[2];
if (count($userData) == 4) {
$dbUserID = $userData[0];
$dbUserName = $userData[2];
$RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName;
$RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName;
if($DBUserID == $userID)
return $DBUserName;
}
}
if ($dbUserID == $userID) {
return $dbUserName;
}
}
}
return "Unknown User";
}
return "Unknown User";
}
public function getUserUUID($UserName)
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts");
$statementUser->execute();
public function getUserUUID($userName)
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts");
$statementUser->execute();
while($rowUser = $statementUser->fetch())
{
$SQLUserName = $rowUser['FirstName']." ".$rowUser['LastName'];
while ($rowUser = $statementUser->fetch()) {
$sqlUserName = $rowUser['FirstName']." ".$rowUser['LastName'];
if($SQLUserName == $UserName)
{
return $rowUser['PrincipalID'];
}
}
if ($sqlUserName == $userName) {
return $rowUser['PrincipalID'];
}
}
return null;
}
return null;
}
public function getRegionName($regionID)
{
global $RUNTIME;
$statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?");
$statementRegion->execute(array($regionID));
public function getRegionName($regionID)
{
global $RUNTIME;
$statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?");
$statementRegion->execute(array($regionID));
while($rowRegion = $statementRegion->fetch())
{
return $rowRegion['regionName'];
}
if ($rowRegion = $statementRegion->fetch()) {
return $rowRegion['regionName'];
}
return "Unknown Region";
}
return "Unknown Region";
}
public function getPartner($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?");
$statement->execute(array($userID));
public function getPartner($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?");
$statement->execute(array($userID));
while($row = $statement->fetch())
{
if($row['profilePartner'] != "00000000-0000-0000-0000-000000000000")
return $row['profilePartner'];
}
while ($row = $statement->fetch()) {
if ($row['profilePartner'] != "00000000-0000-0000-0000-000000000000") {
return $row['profilePartner'];
}
}
return null;
}
return null;
}
public function allowOfflineIM($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?");
$statement->execute(array($userID));
public function allowOfflineIM($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?");
$statement->execute(array($userID));
while($row = $statement->fetch())
{
return strtoupper($row['imviaemail']);
}
if ($row = $statement->fetch()) {
return strtoupper($row['imviaemail']);
}
return "FALSE";
}
return "FALSE";
}
public function getUserMail($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?");
$statement->execute(array($userID));
public function getUserMail($userID)
{
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?");
$statement->execute(array($userID));
while($row = $statement->fetch())
{
return $row['Email'];
}
if ($row = $statement->fetch()) {
return $row['Email'];
}
return "";
}
return "";
}
public function getUserCount()
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts");
$statementUser->execute();
return $statementUser->fetchColumn();
}
public function getUserCount()
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts");
$statementUser->execute();
return $statementUser->fetchColumn();
}
public function getRegionCount()
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions");
$statementUser->execute();
return $statementUser->fetchColumn();
}
public function getRegionCount()
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions");
$statementUser->execute();
return $statementUser->fetchColumn();
}
public function getOnlineCount()
{
global $RUNTIME;
public function getOnlineCount()
{
global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence");
$statementUser->execute();
return $statementUser->fetchColumn();
}
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence");
$statementUser->execute();
return $statementUser->fetchColumn();
}
public function gen_uuid()
{
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
// 16 bits for "time_mid"
mt_rand( 0, 0xffff ),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand( 0, 0x0fff ) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand( 0, 0x3fff ) | 0x8000,
// 48 bits for "node"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
);
}
public function gen_uuid()
{
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
// 16 bits for "time_mid"
mt_rand( 0, 0xffff ),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand( 0, 0x0fff ) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand( 0, 0x3fff ) | 0x8000,
// 48 bits for "node"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
);
}
}
?>

11
app/discord.php
View File

@ -1,19 +1,18 @@
<?php
function sendMessageToWebhook($webhook, $title, $message)
{
$RAWmessage = file_get_contents("style/discordMessage.json");
$RAWmessage = str_replace("%%message%%", $message, $RAWmessage);
$RAWmessage = str_replace("%%title%%", $title, $RAWmessage);
$rawMessage = file_get_contents("style/discordMessage.json");
$rawMessage = str_replace("%%message%%", $message, $rawMessage);
$rawMessage = str_replace("%%title%%", $title, $rawMessage);
$options = [
'http' => [
'method' => 'POST',
'header' => 'Content-Type: application/json',
'timeout' => 3,
'content' => $RAWmessage
'content' => $rawMessage
]
];
$result = file_get_contents($webhook, false, stream_context_create($options));
file_get_contents($webhook, false, stream_context_create($options));
}
?>

42
app/utils.php
View File

@ -12,17 +12,18 @@ function fillString($string, $targetlength)
return $string;
}
function left($str, $length)
function left($str, $length)
{
return substr($str, 0, $length);
}
function right($str, $length)
function right($str, $length)
{
return substr($str, -$length);
}
function generateToken($length): string {
function generateToken($length): string
{
$chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$res = "";
for($i = 0; $i < $length; $i++) {
@ -32,17 +33,19 @@ function generateToken($length): string {
return $res;
}
function htmlToPlain($message): string {
function htmlToPlain($message): string
{
$messageNew = str_replace('<br/>', "\n", $message);
$messageNew = preg_replace('/<a href="(.*)">(.*)<\\/a>/', "$2: $1", $messageNew);
return $messageNew;
}
function sendMail($email, $message, $subject, $title, $preheader): bool {
include_once('lib/phpmailer/Exception.php');
include_once('lib/phpmailer/PHPMailer.php');
include_once('lib/phpmailer/SMTP.php');
include_once('app/HTML.php');
function sendMail($email, $message, $subject, $title, $preheader): bool
{
include_once 'lib/phpmailer/Exception.php';
include_once 'lib/phpmailer/PHPMailer.php';
include_once 'lib/phpmailer/SMTP.php';
include_once 'app/HTML.php';
global $RUNTIME;
$mailer = new PHPMailer(true);
@ -78,24 +81,21 @@ function sendMail($email, $message, $subject, $title, $preheader): bool {
}
}
function getDataFromHTTP($URL, $contend = "", $requestTyp = "application/text")
function getDataFromHTTP($url, $content = "", $requestTyp = "application/text")
{
try
{
if($contend != "")
{
return file_get_contents($URL, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $contend))));
}else{
return file_get_contents($URL);
try {
if ($content != "") {
return file_get_contents($url, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $content))));
} else {
return file_get_contents($url);
}
} catch (Exception $e) {
echo "(HTTP REQUEST) error while conntect to remote server. : ".$URL;
echo "(HTTP REQUEST) error while conntect to remote server. : ".$url;
}
}
function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text)
function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text)
{
$rawXML = "<?xml version=\"1.0\" encoding=\"utf-8\"?><methodCall><methodName>grid_instant_message</methodName><params><param><value><struct><member><name>position_x</name><value><string>0</string></value></member><member><name>position_y</name><value><string>0</string></value></member><member><name>position_z</name><value><string>0</string></value></member><member><name>to_agent_id</name><value><string>".$toUUID."</string></value></member><member><name>from_agent_session</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>im_session_id</name><value><string>".$fromUUID."</string></value></member><member><name>from_agent_name</name><value><string>".$fromName."</string></value></member><member><name>from_agent_id</name><value><string>".$fromUUID."</string></value></member><member><name>binary_bucket</name><value><string>AA==</string></value></member><member><name>region_handle</name><value><i4>0</i4></value></member><member><name>region_id</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>parent_estate_id</name><value><string>1</string></value></member><member><name>timestamp</name><value><string>".time()."</string></value></member><member><name>dialog</name><value><string>AA==</string></value></member><member><name>offline</name><value><string>AA==</string></value></member><member><name>from_group</name><value><string>FALSE</string></value></member><member><name>message</name><value><string>".$text."</string></value></member></struct></value></param></params></methodCall>";
$rawXML = "<?xml version=\"1.0\" encoding=\"utf-8\"?><methodCall><methodName>grid_instant_message</methodName><params><param><value><struct><member><name>position_x</name><value><string>0</string></value></member><member><name>position_y</name><value><string>0</string></value></member><member><name>position_z</name><value><string>0</string></value></member><member><name>to_agent_id</name><value><string>".$toUUID."</string></value></member><member><name>from_agent_session</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>im_session_id</name><value><string>".$fromUUID."</string></value></member><member><name>from_agent_name</name><value><string>".$fromName."</string></value></member><member><name>from_agent_id</name><value><string>".$fromUUID."</string></value></member><member><name>binary_bucket</name><value><string>AA==</string></value></member><member><name>region_handle</name><value><i4>0</i4></value></member><member><name>region_id</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>parent_estate_id</name><value><string>1</string></value></member><member><name>timestamp</name><value><string>".time()."</string></value></member><member><name>dialog</name><value><string>AA==</string></value></member><member><name>offline</name><value><string>AA==</string></value></member><member><name>from_group</name><value><string>FALSE</string></value></member><member><name>message</name><value><string>".$text."</string></value></member></struct></value></param></params></methodCall>";
getDataFromHTTP($targetURL, $rawXML, "text/xml");
}
?>

36
cron/IARMonitor.php
View File

@ -1,41 +1,38 @@
<?php
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
$statement->execute();
$statement->execute();
$statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename,filesize FROM iarstates WHERE running = 1 LIMIT 1");
$statement->execute();
$statement->execute();
if($row = $statement->fetch())
{
$email = $opensim->getUserMail($row['userID']);
if ($row = $statement->fetch()) {
$email = $opensim->getUserMail($row['userID']);
$fullFilePath = "/var/www/html/data/".$row['iarfilename'];
$fullFilePath = "/var/www/html/data/".$row['iarfilename'];
echo "Aktive IAR für ".$opensim->getUserName($row['userID'])." gefunden. File: ".$fullFilePath."\n";
if(file_exists($fullFilePath))
{
$filesize = filesize($fullFilePath);
if (file_exists($fullFilePath)) {
$filesize = filesize($fullFilePath);
if($filesize != $row['filesize'])
{
if ($filesize != $row['filesize']) {
$statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET filesize = :filesize WHERE userID = :userID');
$statementUpdate->execute(['filesize' => $filesize, 'userID' => $row['userID']]);
echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Speichert...\n";
}else{
} else {
$APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=RESTART";
$APIResult = file_get_contents($APIURL);
echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Sende Mail...\n";
$statementUpdate = $RUNTIME['PDO']->prepare('DELETE FROM iarstates WHERE userID = :userID');
$statementUpdate->execute(['userID' => $row['userID']]);
sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']);
sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']);
}
}else{
} else {
$name = explode(" ", $opensim->getUserName($row['userID']));
$APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=COMMAND&COMMAND=".urlencode("save iar ".$name[0]." ".$name[1]." /* PASSWORD /downloads/".$row['iarfilename']);
@ -43,12 +40,11 @@
echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n";
}
}else{
} else {
$statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename FROM iarstates WHERE running = 0 LIMIT 1");
$statement->execute();
$statement->execute();
while($row = $statement->fetch())
{
while ($row = $statement->fetch()) {
$statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET running = :running WHERE userID = :userID');
$statementUpdate->execute(['running' => 1, 'userID' => $row['userID']]);
@ -60,5 +56,3 @@
echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n";
}
}
?>

16
cron/assetChecker.php
View File

@ -1,11 +1,10 @@
<?php
$statement = $RUNTIME['PDO']->prepare("SELECT id,hash FROM fsassets ORDER BY create_time DESC");
$statement->execute();
$statement->execute();
$count = 0;
while($row = $statement->fetch())
{
while ($row = $statement->fetch()) {
$fileNameParts = array();
$fileNameParts[0] = substr($row['hash'], 0, 2);
$fileNameParts[1] = substr($row['hash'], 2, 2);
@ -17,9 +16,9 @@ while($row = $statement->fetch())
$fileNameParts['UUID'] = $row['id'];
$fileNameParts['FilePath'] = "/data/assets/base/".$fileNameParts[0]."/".$fileNameParts[1]."/".$fileNameParts[2]."/".$fileNameParts[3]."/".$fileNameParts[4];
if(file_exists($fileNameParts['FilePath'])) {
if (file_exists($fileNameParts['FilePath'])) {
$filesize = filesize($fileNameParts['FilePath']);
if($filesize === false) {
if ($filesize === false) {
continue;
}
}
@ -30,11 +29,8 @@ while($row = $statement->fetch())
$fileNameParts['FileSize'] = $filesize;
$fileNameParts['Count'] = $count++;
if($fileNameParts['FileSize'] == 0)
{
$add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash');
if ($fileNameParts['FileSize'] == 0) {
$add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash');
$add->execute(['fileHash' => $row['hash']]);
}
}
?>

10
cron/checkInventar.php
View File

@ -1,9 +1,9 @@
<?php
$InventarCheckStatement = $RUNTIME['PDO']->prepare("UPDATE inventoryitems i SET
$InventarCheckStatement = $RUNTIME['PDO']->prepare("UPDATE inventoryitems i SET
i.inventoryName = concat('[DEFEKT] ', i.inventoryName)
WHERE
i.assetID IN (
SELECT
i.assetID IN (
SELECT
i.assetID
FROM inventoryitems i
WHERE
@ -16,6 +16,4 @@ i.assetID IN (
AND i.assetType <> 24
)");
$InventarCheckStatement->execute();
?>
$InventarCheckStatement->execute();

82
cron/offlineIM.php
View File

@ -2,57 +2,55 @@
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
include_once('lib/phpmailer/Exception.php');
include_once('lib/phpmailer/PHPMailer.php');
include_once('lib/phpmailer/SMTP.php');
include_once 'lib/phpmailer/Exception.php';
include_once 'lib/phpmailer/PHPMailer.php';
include_once 'lib/phpmailer/SMTP.php';
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS im_offline_send (`id` int(6) NOT NULL DEFAULT 0) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
$statement->execute();
$statement->execute();
function isMailAllreadySend($id)
function isMailAlreadySent($id)
{
GLOBAL $RUNTIME;
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM im_offline_send WHERE id = ? LIMIT 1");
$statement->execute(array($id));
$statement->execute(array($id));
if($statement->rowCount() != 0)
return TRUE;
if ($statement->rowCount() != 0) {
return true;
}
return FALSE;
return false;
}
$IMTYP = array(
"0" => "eine Nachricht",
"3" => "eine Gruppeneinladung",
"4" => "ein Inventaritem",
"5" => "eine Bestätigung zur Annahme von Inventar",
"6" => "eine Information zur Ablehnung von Inventar",
"7" => "eine Aufforderung zur Gruppenwahl",
"9" => "ein Inventaritem von einem Script",
"19" => "eine Nachricht von einem Script",
"32" => "eine Gruppennachricht",
"38" => "eine Freundschaftsanfrage",
"39" => "eine Bestätigung über die Annahme der Freundschaft",
"40" => "eine Information über das Ablehnen der Freundschaft"
"0" => "eine Nachricht",
"3" => "eine Gruppeneinladung",
"4" => "ein Inventaritem",
"5" => "eine Bestätigung zur Annahme von Inventar",
"6" => "eine Information zur Ablehnung von Inventar",
"7" => "eine Aufforderung zur Gruppenwahl",
"9" => "ein Inventaritem von einem Script",
"19" => "eine Nachricht von einem Script",
"32" => "eine Gruppennachricht",
"38" => "eine Freundschaftsanfrage",
"39" => "eine Bestätigung über die Annahme der Freundschaft",
"40" => "eine Information über das Ablehnen der Freundschaft"
);
//$statement = $RUNTIME['PDO']->prepare("SELECT * FROM im_offline WHERE PrincipalID = '1148b04d-7a93-49e9-b3c9-ea0cdeec38f7'");
$statement = $RUNTIME['PDO']->prepare("SELECT ID,PrincipalID,Message FROM im_offline");
$statement->execute();
$statement->execute();
while($row = $statement->fetch())
{
include 'app/OpenSim.php';
while ($row = $statement->fetch()) {
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$email = $opensim->getUserMail($row['PrincipalID']);
$email = $opensim->getUserMail($row['PrincipalID']);
$allowOfflineIM = $opensim->allowOfflineIM($row['PrincipalID']);
if($email != "" && $allowOfflineIM == "TRUE")
{
if(isMailAllreadySend($row['ID']) == FALSE)
{
if ($email != "" && $allowOfflineIM == "TRUE") {
if (!isMailAlreadySent($row['ID'])) {
$statementSend = $RUNTIME['PDO']->prepare('INSERT INTO im_offline_send (id) VALUES (:idnummer)');
$statementSend->execute(['idnummer' => $row['ID']]);
@ -60,9 +58,9 @@
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->isSMTP();
$mail->Host = $RUNTIME['SMTP']['SERVER'];
$mail->Port = $RUNTIME['SMTP']['PORT'];
$mail->SMTPAuth = false;
$mail->Host = $RUNTIME['SMTP']['SERVER'];
$mail->Port = $RUNTIME['SMTP']['PORT'];
$mail->SMTPAuth = false;
$mail->setFrom($RUNTIME['SMTP']['ADRESS'], $RUNTIME['GRID']['NAME']);
$mail->addAddress($email, $opensim->getUserName($row['PrincipalID']));
@ -71,24 +69,21 @@
$HTMLMESSAGE = "Du hast ".$IMTYP["".$XMLMESSAGE->dialog.""]." in ".$RUNTIME['GRID']['NAME']." bekommen. <br><p><ul><li>".htmlspecialchars($XMLMESSAGE->message)."</li></ul></p>Gesendet von: ";
if(isset($XMLMESSAGE->fromAgentName))
if (isset($XMLMESSAGE->fromAgentName)) {
$HTMLMESSAGE .= $XMLMESSAGE->fromAgentName;
}
if(isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position))
{
if($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0)
{
if (isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position)) {
if ($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0) { //TODO
$HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID)."/".$XMLMESSAGE->Position->X."/".$XMLMESSAGE->Position->Y."/".$XMLMESSAGE->Position->Z;
}else{
} else {
$HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID);
}
}
//die($HTMLMESSAGE);
$HTML = new HTML();
$HTML->importHTML("mail.html");
$HTML->setSeitenInhalt($HTMLMESSAGE);
$HTML->setSeitenInhalt($HTMLMESSAGE);
$HTML->build();
$mail->isHTML(true);
@ -105,4 +100,3 @@
//echo $row['PrincipalID']." möchte keine offline IM oder hat keine E-MAIL Adresse hinterlegt.";
}
}
?>

19
pages/dashboard.php
View File

@ -1,15 +1,14 @@
<?php
include 'app/OpenSim.php';
$opensim = new OpenSim();
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$HTML->setHTMLTitle("Dashboard");
$HTML->importSeitenInhalt("dashboard-home.html");
$HTML->setHTMLTitle("Dashboard");
$HTML->importSeitenInhalt("dashboard-home.html");
$HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount());
$HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount());
$HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount());
$HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount());
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME']));
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME']));
$HTML->build();
echo $HTML->ausgabe();
?>
$HTML->build();
echo $HTML->ausgabe();

3
pages/error.php
View File

@ -1,7 +1,6 @@
<?php
$HTML->setHTMLTitle("Seite nicht gefunden");
$HTML->setHTMLTitle("Seite nicht gefunden");
$HTML->build();
http_response_code(404);
echo $HTML->ausgabe();
?>

36
pages/forgot.php
View File

@ -1,24 +1,23 @@
<?php
const MESSAGE = 'Hallo %%NAME%%,<br/><br/>wir haben soeben eine Anfrage zur Zurücksetzung des Passworts für deinen 4Creative-Account erhalten.<br/><br/>Klicke <a href="%%RESET_LINK%%">hier</a>, um ein neues Passwort festzulegen. Dieser Link läuft in 24 Stunden ab.<br/><br/>Falls du diese Anfrage nicht gesendet hast, ignoriere sie einfach. Bei weiteren Fragen kannst du uns unter info@4creative.net oder per Discord über @ikeytan erreichen.';
$HTML = new HTML();
$HTML->setHTMLTitle("Passwort vergessen");
$HTML->importHTML("forgot.html");
$HTML = new HTML();
$HTML->setHTMLTitle("Passwort vergessen");
$HTML->importHTML("forgot.html");
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
$validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/')
));
if(!$validator->isValid($_POST)) {
));
if (!$validator->isValid($_POST)) {
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', 'Bitte gebe deinen Benutzernamen (Vor- und Nachname) und die dazugehörige E-Mail-Adresse ein');
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red');
$HTML->build();
echo $HTML->ausgabe();
}
else {
} else {
$nameParts = explode(" ", $_POST['username']);
$email = strtolower(trim($_POST['email']));
@ -27,14 +26,14 @@
$validRequest = $getAccount->rowCount() == 1;
$uuid;
$name;
if($res = $getAccount->fetch()) {
if ($res = $getAccount->fetch()) {
$email = $res['Email'];
$uuid = $res['PrincipalID'];
$name = $res['FirstName'].' '.$res['LastName'];
}
foreach($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) {
if(str_ends_with($email, $domain)) {
foreach ($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) {
if (str_ends_with($email, $domain)) {
$validRequest = false;
}
}
@ -45,10 +44,10 @@
echo $HTML->ausgabe();
fastcgi_finish_request();
if($validRequest) {
if ($validRequest) {
$getReqTime = $RUNTIME['PDO']->prepare('SELECT RequestTime FROM PasswordResetTokens WHERE PrincipalID=?');
$getReqTime->execute([$uuid]);
if(($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) {
if (($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) {
return;
}
@ -60,12 +59,9 @@
sendMail($email, str_replace('%%NAME%%', $name, str_replace('%%RESET_LINK%%', 'https://'.$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token, MESSAGE)), "Zurücksetzung des Passworts für ".$name, 'Dein Passwort zurücksetzen', 'Folge diesen Anweisungen, um ein neues Passwort für deinen 4Creative-Account festzulegen');
}
}
}
else {
} else {
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', '');
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red');
$HTML->build();
echo $HTML->ausgabe();
}
?>

25
pages/friends.php
View File

@ -1,13 +1,12 @@
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['remove'])) {
include 'app/FormValidator.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['remove'])) {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM Friends WHERE Friend = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['uuid'], $_SESSION['UUID']));
@ -21,24 +20,23 @@
}
$HTML->setHTMLTitle("Deine Freunde");
$HTML->importSeitenInhalt("online-anzeige.html");
$HTML->importSeitenInhalt("online-anzeige.html");
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Optionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT PrincipalID,Friend FROM Friends WHERE PrincipalID = ? ORDER BY Friend ASC");
$statement->execute([$_SESSION['UUID']]);
$statement->execute([$_SESSION['UUID']]);
while($row = $statement->fetch())
{
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
while ($row = $statement->fetch()) {
$PrincipalID = explode(";", $row['PrincipalID'])[0];
$FriendData = explode(";", $row['Friend']);
$Friend = $FriendData[0];
include 'app/OpenSim.php';
$opensim = new OpenSim();
$name = trim($opensim->getUserName($Friend));
if(count($FriendData) > 1) {
if (count($FriendData) > 1) {
$FriendData[1] = str_replace("http://", "", $FriendData[1]);
$FriendData[1] = str_replace("https://", "", $FriendData[1]);
$FriendData[1] = str_replace("/", "", $FriendData[1]);
@ -55,4 +53,3 @@
$HTML->build();
echo $HTML->ausgabe();
?>

15
pages/groups.php
View File

@ -1,13 +1,12 @@
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['leave'])) {
include 'app/FormValidator.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['leave'])) {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
}
@ -17,7 +16,7 @@
die();
}
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$HTML->setHTMLTitle("Gruppen");
@ -28,8 +27,7 @@
$statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?");
$statementGroups->execute(array($_SESSION['UUID']));
while($rowGroups = $statementGroups->fetch())
{
while ($rowGroups = $statementGroups->fetch()) {
$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
@ -39,4 +37,3 @@
$HTML->build();
echo $HTML->ausgabe();
?>

88
pages/identities.php
View File

@ -1,50 +1,48 @@
<?php
$statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))");
$statementCreateTable->execute();
$statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))");
$statementCreateTable->execute();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php';
if(isset($_POST['enableIdent'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
if (isset($_POST['enableIdent'])) {
$validator = new FormValidator(array(
'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1");
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]);
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]);
$statementPresence = $RUNTIME['PDO']->prepare("SELECT 1 FROM Presence WHERE UserID = :PrincipalID LIMIT 1");
$statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]);
$statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]);
if($statementPresence->rowCount() == 0)
{
if($statement->rowCount() == 1)
{
$statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID');
if ($statementPresence->rowCount() == 0) {
if ($statement->rowCount() == 1) {
$statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID');
$statementAuth->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementUserIdentitys->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
//$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID');
//$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID');
//$statementReFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp');
$statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp');
$statementInventoryFolders->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]);
$statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID');
$statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID');
$statementInventoryItems->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupMembership->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupRoles->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID');
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID');
$statementGroupRoles->execute(['PrincipalID' => $_SESSION['UUID']]);
$_SESSION['LOGIN'] = 'false';
@ -55,33 +53,31 @@
}
}
}
else if(isset($_POST['createIdent'])) {
elseif (isset($_POST['createIdent'])) {
$validator = new FormValidator(array(
'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
$avatarNameParts = explode(" ", trim($_REQUEST['newName']));
if(count($avatarNameParts) == 2)
{
if (count($avatarNameParts) == 2) {
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]);
$statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]);
if($statement->rowCount() == 0)
{
include 'app/OpenSim.php';
if ($statement->rowCount() == 0) {
include_once 'app/OpenSim.php';
$avatarUUID = (new OpenSim())->gen_uuid();
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $_SESSION['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statementUserIdentitys->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $avatarUUID]);
}else{
} else {
$_SESSION['identities_err'] = 'Dieser Name ist schon in Benutzung.';
}
}else{
} else {
$_SESSION['identities_err'] = 'Der Name muss aus einem Vor und einem Nachnamen bestehen.';
}
}
@ -91,31 +87,28 @@
die();
}
$HTML->setHTMLTitle("Identitäten");
$HTML->importSeitenInhalt("identities.html");
$HTML->setHTMLTitle("Identitäten");
$HTML->importSeitenInhalt("identities.html");
$statementCheckForEntry = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = ? LIMIT 1");
$statementCheckForEntry->execute(array($_SESSION['UUID']));
$statementCheckForEntry->execute(array($_SESSION['UUID']));
if($statementCheckForEntry->rowCount() == 0)
{
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
if ($statementCheckForEntry->rowCount() == 0) {
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]);
}
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC");
$statement->execute(array($_SESSION['UUID']));
$statement->execute(array($_SESSION['UUID']));
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
while($row = $statement->fetch())
{
if($row['IdentityID'] == $_SESSION['UUID'])
{
while ($row = $statement->fetch()) {
if ($row['IdentityID'] == $_SESSION['UUID']) {
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).' <span class="badge badge-info">Aktiv</span></td><td>-</td></tr>';
}else{
} else {
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'</td><td><form action="index.php?page=identities" method="post">%%CSRF%%<input type="hidden" name="newuuid" value="'.htmlspecialchars($row['IdentityID']).'"><button type="submit" name="enableIdent" class="btn btn-success btn-sm">Aktivieren</button></form></td></tr>';
}
@ -127,7 +120,7 @@
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$message = '';
if(isset($_SESSION['identities_err'])) {
if (isset($_SESSION['identities_err'])) {
$message = '<div class="alert alert-danger" role="alert">'.$_SESSION['identities_err'].'</div>';
unset($_SESSION['identities_err']);
}
@ -135,4 +128,3 @@
$HTML->build();
echo $HTML->ausgabe();
?>

10
pages/invite.php
View File

@ -1,6 +1,5 @@
<?php
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100)
{
if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
$HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build();
@ -8,12 +7,11 @@
die();
}
$HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html");
$HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html");
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->build();
echo $HTML->ausgabe();
?>

98
pages/login.php
View File

@ -1,59 +1,55 @@
<?php
$HTML = new HTML();
$HTML->setHTMLTitle("Login");
$HTML->importHTML("login.html");
$HTML = new HTML();
$HTML->setHTMLTitle("Login");
$HTML->importHTML("login.html");
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
));
if(!$validator->isValid($_POST)) {
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
}
else {
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute(explode(" ", trim($_POST['username'])));
$res = ['passwordHash' => '', 'passwordSalt' => ''];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
));
if (!$validator->isValid($_POST)) {
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
} else {
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute(explode(" ", trim($_POST['username'])));
$res = ['passwordHash' => '', 'passwordSalt' => ''];
if($rowUser = $statementUser->fetch()) {
$res = $rowUser;
}
if ($rowUser = $statementUser->fetch()) {
$res = $rowUser;
}
if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = $rowUser['FirstName'];
$_SESSION['LASTNAME'] = $rowUser['LastName'];
$_SESSION['EMAIL'] = $rowUser['Email'];
$_SESSION['PASSWORD'] = $rowUser['passwordHash'];
$_SESSION['SALT'] = $rowUser['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true';
if (hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = $rowUser['FirstName'];
$_SESSION['LASTNAME'] = $rowUser['LastName'];
$_SESSION['EMAIL'] = $rowUser['Email'];
$_SESSION['PASSWORD'] = $rowUser['passwordHash'];
$_SESSION['SALT'] = $rowUser['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=dashboard");
die();
}
header("Location: index.php?page=dashboard");
die();
}
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
}
}
else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) {
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
unset($_SESSION['loginMessage']);
unset($_SESSION['loginMessageColor']);
}
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
}
} elseif (isset($_SESSION) && isset($_SESSION['loginMessage'])) {
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
unset($_SESSION['loginMessage']);
unset($_SESSION['loginMessageColor']);
}
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");
$HTML->build();
echo $HTML->ausgabe();
?>
$HTML->build();
echo $HTML->ausgabe();

123
pages/profile.php
View File

@ -1,12 +1,13 @@
<?php
function setNamePart(string $part, string $value, string $otherPart, string $otherValue) {
function setNamePart(string $part, string $value, string $otherPart, string $otherValue): bool
{
global $RUNTIME;
$query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');
$query->execute(array($value, $otherValue));
if($query->rowCount() == 0) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');
if ($query->rowCount() == 0) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');
$statement->execute(array($value, $_SESSION['UUID']));
return true;
}
@ -23,12 +24,12 @@
$IARRUNNING = $statementIARCheck->rowCount() != 0;
$statementIARCheck->closeCursor();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
if(isset($_POST['createIAR'])) {
if (isset($_POST['createIAR'])) {
$validator = new FormValidator(array()); // CSRF validation only
if($validator->isValid($_POST) && $IARRUNNING == FALSE) {
if($validator->isValid($_POST) && !$IARRUNNING) {
$iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";
$statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');
@ -37,7 +38,7 @@
$_SESSION['iar_created'] = true;
}
}
else if(isset($_POST['saveProfileData'])) {
elseif (isset($_POST['saveProfileData'])) {
$validator = new FormValidator(array(
'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
@ -46,7 +47,7 @@
'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
if(isset($_POST['formInputFeldVorname'])) {
$NewFirstName = trim($_POST['formInputFeldVorname']);
@ -62,98 +63,94 @@
}
}
if(isset($_POST['formInputFeldNachname'])) {
if (isset($_POST['formInputFeldNachname'])) {
$NewLastName = trim($_POST['formInputFeldNachname']);
if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
if ($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
if (setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
$_SESSION['LASTNAME'] = $NewLastName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
}
else {
} else {
$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
}
}
}
if(isset($_POST['formInputFeldEMail'])) {
if (isset($_POST['formInputFeldEMail'])) {
$NewEMail = trim($_POST['formInputFeldEMail']);
if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');
if ($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['EMAIL'] = $NewEMail;
}
}
if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
if (isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);
} else {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);
}
if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
if (isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$NewPartner = trim($_POST['formInputFeldPartnerName']);
$CurrentPartner = $opensim->getPartner($_SESSION['UUID']);
if($CurrentPartner != "")$CurrentPartner = $opensim->getUserName($CurrentPartner);
if ($CurrentPartner != "") {
$CurrentPartner = $opensim->getUserName($CurrentPartner);
}
if($NewPartner != "" && $CurrentPartner != $NewPartner) {
if ($NewPartner != "" && $CurrentPartner != $NewPartner) {
$newPartnerUUID = $opensim->getUserUUID($NewPartner);
if($newPartnerUUID != null) {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
if ($newPartnerUUID != null) {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);
}
}else{
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
} else {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);
}
}
}
}
else if(isset($_POST['savePassword'])) {
} elseif (isset($_POST['savePassword'])) {
$validator = new FormValidator(array(
'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/')
));
if($validator->isValid($_POST)) {
if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
if(strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) {
if(md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) {
if ($validator->isValid($_POST)) {
if ($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
if (strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) {
if (md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) {
$salt = bin2hex(random_bytes(16));
$hash = md5(md5(trim($_POST['newPassword'])).':'.$salt);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['PASSWORD'] = $hash;
$_SESSION['SALT'] = $salt;
$_SESSION['profile_info'] = 'Neues Passwort gespeichert.';
}
else {
} else {
$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
}
}
else {
} else {
$_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.';
}
}
else {
} else {
$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
}
}
else {
} else {
$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
}
}
@ -165,15 +162,14 @@
$HTML->setHTMLTitle("Dein Profile");
$HTML->importSeitenInhalt("profile.html");
if($IARRUNNING) {
if(isset($_SESSION['iar_created'])) {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>');
if ($IARRUNNING) {
if (isset($_SESSION['iar_created'])) {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>');
unset($_SESSION['iar_created']);
} else {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
}
else {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
}
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
}
include_once 'app/OpenSim.php';
@ -182,27 +178,30 @@
$PartnerUUID = $opensim->getPartner($_SESSION['UUID']);
$PartnerName = "";
if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID);
if ($PartnerUUID != null) {
$PartnerName = $opensim->getUserName($PartnerUUID);
}
if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked');
if ($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE") {
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked');
}
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME']));
$HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME']));
$HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName));
$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));
$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME']));
$HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME']));
$HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName));
$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));
$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");
$profileInfo = '';
if(isset($_SESSION['profile_info'])) {
if (isset($_SESSION['profile_info'])) {
$profileInfo = $_SESSION['profile_info'];
unset($_SESSION['profile_info']);
}
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo);
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", '');
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", '');
$HTML->build();
echo $HTML->ausgabe();
?>

34
pages/regions.php
View File

@ -1,16 +1,14 @@
<?php
$HTML->setHTMLTitle("Deine Regionen");
$HTML->importSeitenInhalt("deine-regionen.html");
$HTML->setHTMLTitle("Deine Regionen");
$HTML->importSeitenInhalt("deine-regionen.html");
function cleanSize($bytes)
{
if ($bytes > 0)
{
if ($bytes > 0) {
$unit = intval(log($bytes, 1024));
$units = array('B', 'KB', 'MB', 'GB');
if (array_key_exists($unit, $units) === true)
{
if (array_key_exists($unit, $units) === true) {
return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]);
}
}
@ -23,10 +21,9 @@
global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT Prims,SimFPS,PhyFPS,ProcMem,RegionVersion FROM regions_info WHERE regionID = ?");
$statement->execute([$regionID]);
$statement->execute([$regionID]);
if($row = $statement->fetch())
{
if ($row = $statement->fetch()) {
$return = array();
$return['Prims'] = $row['Prims'];
$return['SimFPS'] = $row['SimFPS'];
@ -40,15 +37,14 @@
return array();
}
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove']))
{
include 'app/FormValidator.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove'])) {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'region' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) {
if ($validator->isValid($_POST)) {
if (isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?");
$statementMembership->execute(array($_POST['region']));
} else {
@ -65,16 +61,15 @@
$showAll = isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100 && isset($_REQUEST['SHOWALL']) && $_REQUEST['SHOWALL'] == "1";
$statement = $RUNTIME['PDO']->prepare("SELECT uuid,regionName,owner_uuid,locX,locY FROM regions ".($showAll ? "ORDER BY owner_uuid ASC" : "WHERE owner_uuid = ? ORDER BY uuid ASC"));
$statement->execute($showAll ? array() : array($_SESSION['UUID']));
$statement->execute($showAll ? array() : array($_SESSION['UUID']));
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
while($row = $statement->fetch())
{
while ($row = $statement->fetch()) {
$stats = getRegionStatsData($row['uuid']);
$entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">'.(count($stats) > 0 ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><form action="index.php?page=regions" method="post">%%CSRF%%<input type="hidden" name="region" value="'.$row['uuid'].'"><button type="submit" name="remove" class="btn btn-link btn-sm">LÖSCHEN</button></form></td></tr>';
$entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">'.(!empty($stats) ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><form action="index.php?page=regions" method="post">%%CSRF%%<input type="hidden" name="region" value="'.$row['uuid'].'"><button type="submit" name="remove" class="btn btn-link btn-sm">LÖSCHEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
@ -83,4 +78,3 @@
$HTML->build();
echo $HTML->ausgabe();
?>

261
pages/register.php
View File

@ -1,159 +1,154 @@
<?php
function displayPage(string $message)
{
global $RUNTIME;
$HTML = new HTML();
$HTML->setHTMLTitle("Registrieren");
$HTML->importHTML("register.html");
function displayPage(string $message)
{
global $RUNTIME;
$HTML = new HTML();
$HTML->setHTMLTitle("Registrieren");
$HTML->importHTML("register.html");
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] );
$HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code']));
$HTML->build();
echo $HTML->ausgabe();
die();
}
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] );
$HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code']));
$HTML->build();
echo $HTML->ausgabe();
die();
}
function displayError(string $message) {
$HTML = new HTML();
$HTML->importHTML("error.html");
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->build();
echo $HTML->ausgabe();
die();
}
function displayError(string $message)
{
$HTML = new HTML();
$HTML->importHTML("error.html");
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->build();
echo $HTML->ausgabe();
die();
}
if(!isset($_REQUEST['code'])) {
displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren.");
}
if (!isset($_REQUEST['code'])) {
displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren.");
}
if(strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
}
if (strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
}
$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
$statementInviteCode->execute([$_REQUEST['code']]);
$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
$statementInviteCode->execute([$_REQUEST['code']]);
if($statementInviteCode->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
}
if ($statementInviteCode->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
}
if($_SERVER['REQUEST_METHOD'] != 'POST') {
displayPage("");
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
displayPage("");
}
include_once('app/FormValidator.php');
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'tos' => array('required' => true, 'equals' => 'on'),
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),
'avatar' => array('required' => true)
));
$validator = new FormValidator(array(
'tos' => array('required' => true, 'equals' => 'on'),
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),
'avatar' => array('required' => true)
));
if (!$validator->isValid($_POST)) {
if (!isset($_POST['tos']) || $_POST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
} else {
displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
}
if(!$validator->isValid($_POST)) {
if(!isset($_POST['tos']) || $_POST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
}
else {
displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
}
die();
}
die();
}
$name = trim($_POST['username']);
$nameParts;
if ($name != "") {
$nameParts = explode(" ", $name);
if (count($nameParts) == 1) {
$name .= " Resident";
$nameParts = explode(" ", $name);
}
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if ($statementAvatarName->rowCount() > 0) {
displayPage("Der gewählte Name ist bereits vergeben.");
}
}
$name = trim($_POST['username']);
$nameParts;
if($name != "") {
$nameParts = explode(" ", $name);
if(count($nameParts) == 1) {
$name .= " Resident";
$nameParts = explode(" ", $name);
}
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if($statementAvatarName->rowCount() > 0) {
displayPage("Der gewählte Name ist bereits vergeben.");
}
}
$pass = trim($_POST['password']);
if (strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
}
$pass = trim($_POST['password']);
if(strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
}
$email = trim($_POST['email']);
$email = trim($_POST['email']);
$avatar;
if (isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) {
$avatar = trim($_POST['avatar']);
} else {
displayPage("Der gewählte Standardavatar existiert nicht.");
}
$avatar;
if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) {
$avatar = trim($_POST['avatar']);
}
else {
displayPage("Der gewählte Standardavatar existiert nicht.");
}
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
include 'app/OpenSim.php';
$opensim = new OpenSim();
$avatarUUID = $opensim->gen_uuid();
$salt = bin2hex(random_bytes(16));
$passwordHash = md5(md5($pass).':'.$salt);
$avatarUUID = $opensim->gen_uuid();
$salt = bin2hex(random_bytes(16));
$passwordHash = md5(md5($pass).':'.$salt);
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
if ($statementInviteDeleter->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht mehr gültig.");
}
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
if($statementInviteDeleter->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht mehr gültig.");
}
try {
$RUNTIME['PDO']->beginTransaction();
try {
$RUNTIME['PDO']->beginTransaction();
$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)');
$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)');
$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)');
$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]);
$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)');
$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]);
$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)');
$Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20);
$InventoryRootFolder = $opensim->gen_uuid();
foreach ($Inventory as $FolderName => $InventoryType) {
$FolderUUID = $opensim->gen_uuid();
if ($InventoryType == 8) {
$FolderUUID = $InventoryRootFolder;
$FolderParent = "00000000-0000-0000-0000-000000000000";
} else {
$FolderParent = $InventoryRootFolder;
}
$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
}
$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)');
$Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20);
$InventoryRootFolder = $opensim->gen_uuid();
foreach ($Inventory as $FolderName => $InventoryType)
{
$FolderUUID = $opensim->gen_uuid();
if ($InventoryType == 8)
{
$FolderUUID = $InventoryRootFolder;
$FolderParent = "00000000-0000-0000-0000-000000000000";
}else{
$FolderParent = $InventoryRootFolder;
}
$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
}
$RUNTIME['PDO']->commit();
} catch (Exception $pdoException) {
$RUNTIME['PDO']->rollBack();
error_log('Could not create Account: '.$pdoException->getMessage());
displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.');
}
$RUNTIME['PDO']->commit();
} catch (Exception $pdoException) {
$RUNTIME['PDO']->rollBack();
error_log('Could not create Account: '.$pdoException->getMessage());
displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.');
}
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = trim($nameParts[0]);
$_SESSION['LASTNAME'] = trim($nameParts[1]);
$_SESSION['EMAIL'] = $email;
$_SESSION['PASSWORD'] = $passwordHash;
$_SESSION['SALT'] = $salt;
$_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true';
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = trim($nameParts[0]);
$_SESSION['LASTNAME'] = trim($nameParts[1]);
$_SESSION['EMAIL'] = $email;
$_SESSION['PASSWORD'] = $passwordHash;
$_SESSION['SALT'] = $salt;
$_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true';
header('Location: index.php?page=dashboard');
die();
?>
header('Location: index.php?page=dashboard');
die();

29
pages/reset-password.php
View File

@ -3,7 +3,8 @@
const TOKEN_INVALID = 'Dieser Link zur Passwortzurücksetzung ist nicht gültig. Bitte klicke oder kopiere den Link aus der E-Mail, die du erhalten hast.';
const TOKEN_EXPIRED = 'Dein Link zur Passwortzurücksetzung ist abgelaufen. Klicke <a href="index.php?page=forgot">hier</a>, um eine neue Anfrage zu senden.';
function displayTokenError($message) {
function displayTokenError($message)
{
$HTML = new HTML();
$HTML->importHTML("error.html");
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', $message);
@ -12,8 +13,9 @@
exit();
}
function displayPage($err) {
if(!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) {
function displayPage($err)
{
if (!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) {
displayTokenError(TOKEN_INVALID);
}
@ -27,32 +29,32 @@
exit();
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
$validator = new FormValidator(array(
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'passwordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'resetToken' => array('required' => true, 'regex' => '/^[a-zA-Z0-9]{32}$/')
));
if($validator->isValid($_POST)) {
if($_POST['password'] !== $_POST['passwordRepeat']) {
if ($validator->isValid($_POST)) {
if ($_POST['password'] !== $_POST['passwordRepeat']) {
displayPage('Du musst in beiden Feldern das gleiche Passwort eingeben');
}
if(strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
if (strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
}
$getReq = $RUNTIME['PDO']->prepare('SELECT UserAccounts.PrincipalID AS UUID,FirstName,LastName,Email,Token,RequestTime FROM PasswordResetTokens JOIN UserAccounts ON UserAccounts.PrincipalID = PasswordResetTokens.PrincipalID WHERE Token = ?');
$getReq->execute([$_POST['resetToken']]);
if($getReq->rowCount() == 0) {
if ($getReq->rowCount() == 0) {
displayTokenError(TOKEN_INVALID);
}
$res = $getReq->fetch();
if(!hash_equals($res['Token'], $_POST['resetToken'])) {
if (!hash_equals($res['Token'], $_POST['resetToken'])) {
displayTokenError(TOKEN_INVALID);
}
@ -60,17 +62,17 @@
$name = $res['FirstName'].' '.$res['LastName'];
$getToken = $RUNTIME['PDO']->prepare('DELETE FROM PasswordResetTokens WHERE PrincipalID = ? AND Token = ?');
$getToken->execute([$uuid, $_POST['resetToken']]);
if($getToken->rowCount() == 0) {
if ($getToken->rowCount() == 0) {
displayTokenError(TOKEN_INVALID);
}
if(time() - $res['RequestTime'] > 86400) {
if (time() - $res['RequestTime'] > 86400) {
displayTokenError(TOKEN_EXPIRED);
}
$salt = bin2hex(random_bytes(16));
$hash = md5(md5(trim($_POST['password'])).':'.$salt);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]);
session_unset();
@ -86,4 +88,3 @@
}
displayPage('');
?>

15
pages/user-online-state.php
View File

@ -1,19 +1,17 @@
<?php
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$HTML->setHTMLTitle("Online Anzeige");
$HTML->importSeitenInhalt("online-anzeige.html");
$HTML->setHTMLTitle("Online Anzeige");
$HTML->importSeitenInhalt("online-anzeige.html");
$table = '<table class="table"><thead><tr><th scope="col">Benutzername</th><th scope="col">Region</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT RegionID,UserID FROM Presence ORDER BY RegionID ASC");
$statement->execute();
$statement->execute();
while($row = $statement->fetch())
{
if($row['RegionID'] != "00000000-0000-0000-0000-000000000000")
{
while ($row = $statement->fetch()) {
if ($row['RegionID'] != "00000000-0000-0000-0000-000000000000") {
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['UserID']))).'</td><td>'.htmlspecialchars($opensim->getRegionName($row['RegionID'])).'</td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
@ -24,4 +22,3 @@
$HTML->build();
echo $HTML->ausgabe();
?>

28
pages/users.php
View File

@ -2,8 +2,7 @@
$HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html");
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100)
{
if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
$HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build();
@ -11,17 +10,17 @@
die();
}
include 'app/OpenSim.php';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php';
if(isset($_POST['genpw'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
if (isset($_POST['genpw'])) {
$validator = new FormValidator(array(
'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
require_once 'app/utils.php';
$token = generateToken(32);
$setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)');
@ -30,11 +29,10 @@
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>'.$resetLink.'</b></div>');
}
}
else if(isset($_POST['generateLink'])) {
} elseif (isset($_POST['generateLink'])) {
$validator = new FormValidator(array()); // Needed only for CSRF token validation
if($validator->isValid($_POST)) {
if ($validator->isValid($_POST)) {
$inviteID = bin2hex(random_bytes(16));
$link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
@ -46,25 +44,23 @@
}
}
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement->execute();
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
$statement->execute();
$statement->execute();
while($row = $statement->fetch())
{
while ($row = $statement->fetch()) {
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
$table = str_replace("%%ENTRY%%", "", $table);
$HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
$HTML->build();
echo $HTML->ausgabe();
?>

6
plugins/default-html.php
View File

@ -1,13 +1,11 @@
<?php
$HTML = new HTML();
if(isset($_SESSION['LOGIN']))
{
if (isset($_SESSION['LOGIN'])) {
$HTML->importHTML("dashboard.html");
if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] > 100) {
$HTML->importHTML("dashboard-admin.html");
}
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : '');
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : '');
}
?>