From 120fb3772ec854ff057de9d95852c2ee16a3e48d Mon Sep 17 00:00:00 2001 From: Anonymous Contributor Date: Sun, 27 Aug 2023 05:31:32 +0200 Subject: [PATCH] Fix formatting according to PSR-12 --- api/onlineDisplay.php | 24 ++- api/viewerWelcomeSite.php | 20 +-- app/FormValidator.php | 21 +-- app/OpenSim.php | 347 ++++++++++++++++++------------------ app/discord.php | 11 +- app/utils.php | 42 ++--- cron/IARMonitor.php | 36 ++-- cron/assetChecker.php | 16 +- cron/checkInventar.php | 10 +- cron/offlineIM.php | 82 ++++----- pages/dashboard.php | 19 +- pages/error.php | 3 +- pages/forgot.php | 36 ++-- pages/friends.php | 25 ++- pages/groups.php | 15 +- pages/identities.php | 88 +++++---- pages/invite.php | 10 +- pages/login.php | 98 +++++----- pages/profile.php | 123 +++++++------ pages/regions.php | 34 ++-- pages/register.php | 261 +++++++++++++-------------- pages/reset-password.php | 29 +-- pages/user-online-state.php | 15 +- pages/users.php | 28 ++- plugins/default-html.php | 6 +- 25 files changed, 659 insertions(+), 740 deletions(-) diff --git a/api/onlineDisplay.php b/api/onlineDisplay.php index 8ab67f1..c457356 100644 --- a/api/onlineDisplay.php +++ b/api/onlineDisplay.php @@ -4,26 +4,22 @@ prepare("SELECT UserID,RegionID FROM Presence WHERE RegionID != '00000000-0000-0000-0000-000000000000' ORDER BY RegionID ASC"); - $statement->execute(); + $statement->execute(); - if($statement->rowCount() == 0) - { + if ($statement->rowCount() == 0) { echo "

Es ist niemand online!

"; - }else{ - + } else { echo ''; - $entryColor = TRUE; - include 'app/OpenSim.php'; + $entryColor = true; + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); - while($row = $statement->fetch()) - { - if($entryColor == TRUE) - $entry = ''; - - if($entryColor == FALSE) + while ($row = $statement->fetch()) { + if ($entryColor) { + $entry = ''; + } else { $entry = ''; + } echo $entry; $entryColor = !$entryColor; diff --git a/api/viewerWelcomeSite.php b/api/viewerWelcomeSite.php index a8bf0fa..fbc5a09 100644 --- a/api/viewerWelcomeSite.php +++ b/api/viewerWelcomeSite.php @@ -1,5 +1,5 @@ importHTML("viewerWelcomeImages.html"); $IMAGES = array(); - if ($handle = opendir('./data/viewerWelcomeImages')) - { - while (false !== ($entry = readdir($handle))) - { - if ($entry != "." && $entry != "..") - { + if ($handle = opendir('./data/viewerWelcomeImages')) { + while (false !== ($entry = readdir($handle))) { + if ($entry != "." && $entry != "..") { $IMAGES = array_merge($IMAGES, array("./data/viewerWelcomeImages/".$entry)); } } @@ -22,14 +19,13 @@ shuffle($IMAGES); - $HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES)); - $HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']); - $HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']); + $HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES)); + $HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']); + $HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']); - $HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."
Regionen: ".$opensim->getRegionCount()."
Aktuell Online: ".($opensim->getOnlineCount()-1)); + $HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."
Regionen: ".$opensim->getRegionCount()."
Aktuell Online: ".($opensim->getOnlineCount()-1)); $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/app/FormValidator.php b/app/FormValidator.php index 9f563f0..00745ee 100644 --- a/app/FormValidator.php +++ b/app/FormValidator.php @@ -3,27 +3,29 @@ class FormValidator { private array $fieldValidation; - public function __construct(array $fieldValidation) { + public function __construct(array $fieldValidation) + { $this->fieldValidation = $fieldValidation; } - public function isValid(array $req) { - if(!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) { + public function isValid(array $req): bool + { + if (!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) { return false; } - foreach($this->fieldValidation as $field => $params) { - if(isset($req[$field]) && strlen(trim($req[$field])) > 0) { - if(isset($params['regex'])) { - if(!preg_match($params['regex'], $req[$field])) { + foreach ($this->fieldValidation as $field => $params) { + if (isset($req[$field]) && strlen(trim($req[$field])) > 0) { + if (isset($params['regex'])) { + if (!preg_match($params['regex'], $req[$field])) { return false; } } - else if(isset($params['equals']) && $params['equals'] !== $req[$field]) { + elseif (isset($params['equals']) && $params['equals'] !== $req[$field]) { return false; } } - else if(isset($params['required']) && $params['required']) { + elseif (isset($params['required']) && $params['required']) { return false; } } @@ -32,4 +34,3 @@ class FormValidator { } } -?> \ No newline at end of file diff --git a/app/OpenSim.php b/app/OpenSim.php index 4efca2b..0eed2d4 100644 --- a/app/OpenSim.php +++ b/app/OpenSim.php @@ -1,221 +1,212 @@ prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1"); - $statementUser->execute($nameParts); + $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1"); + $statementUser->execute($nameParts); - while($rowUser = $statementUser->fetch()) - { - $statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1"); - $statementAuth->execute(array($rowUser['PrincipalID'])); + while($rowUser = $statementUser->fetch()) { + $statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1"); + $statementAuth->execute(array($rowUser['PrincipalID'])); - while($rowAuth = $statementAuth->fetch()) - { - return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash']; - } - } + if ($rowAuth = $statementAuth->fetch()) { + return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash']; + } + } - return false; - } + return false; + } - public function getUserName($userID) - { - global $RUNTIME; - - if($userID == "00000000-0000-0000-0000-000000000000") - return "Unknown User"; + public function getUserName($userID) + { + global $RUNTIME; + + if ($userID == "00000000-0000-0000-0000-000000000000") { + return "Unknown User"; + } - if(isset($RUNTIME['CACHE']['USERNAME'][$userID])) - return $RUNTIME['CACHE']['USERNAME'][$userID]; + if (isset($RUNTIME['CACHE']['USERNAME'][$userID])) { + return $RUNTIME['CACHE']['USERNAME'][$userID]; + } - $statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?"); - $statementUser->execute(array($userID)); + $statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?"); + $statementUser->execute(array($userID)); - while($rowUser = $statementUser->fetch()) - { - $RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName']; - return $rowUser['FirstName']." ".$rowUser['LastName']; - } + if ($rowUser = $statementUser->fetch()) { + $RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName']; + return $rowUser['FirstName']." ".$rowUser['LastName']; + } - $statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser"); - $statementGridUser->execute(); + $statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser"); + $statementGridUser->execute(); - while($rowGridUser = $statementGridUser->fetch()) - { - $UserData = explode(";", $rowGridUser['UserID']); + while ($rowGridUser = $statementGridUser->fetch()) { + $userData = explode(";", $rowGridUser['UserID']); - if(count($UserData) >= 3) - { - $DBUserID = $UserData[0]; - $DBUserName = $UserData[2]; + if (count($userData) >= 3) { + $dbUserID = $userData[0]; + $dbUserName = $userData[2]; - $RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName; + $RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName; - if($DBUserID == $userID) - return $DBUserName; - } - } + if ($dbUserID == $userID) { + return $dbUserName; + } + } + } - $statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends"); - $statementFriends->execute(); + $statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends"); + $statementFriends->execute(); - while($rowFriends = $statementFriends->fetch()) - { - $UserData = explode(";", $rowFriends['PrincipalID']); + while ($rowFriends = $statementFriends->fetch()) { + $userData = explode(";", $rowFriends['PrincipalID']); - if(count($UserData) == 4) - { - $DBUserID = $UserData[0]; - $DBUserName = $UserData[2]; + if (count($userData) == 4) { + $dbUserID = $userData[0]; + $dbUserName = $userData[2]; - $RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName; + $RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName; - if($DBUserID == $userID) - return $DBUserName; - } - } + if ($dbUserID == $userID) { + return $dbUserName; + } + } + } - return "Unknown User"; - } + return "Unknown User"; + } - public function getUserUUID($UserName) - { - global $RUNTIME; - - $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts"); - $statementUser->execute(); + public function getUserUUID($userName) + { + global $RUNTIME; + + $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts"); + $statementUser->execute(); - while($rowUser = $statementUser->fetch()) - { - $SQLUserName = $rowUser['FirstName']." ".$rowUser['LastName']; + while ($rowUser = $statementUser->fetch()) { + $sqlUserName = $rowUser['FirstName']." ".$rowUser['LastName']; - if($SQLUserName == $UserName) - { - return $rowUser['PrincipalID']; - } - } + if ($sqlUserName == $userName) { + return $rowUser['PrincipalID']; + } + } - return null; - } + return null; + } - public function getRegionName($regionID) - { - global $RUNTIME; - - $statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?"); - $statementRegion->execute(array($regionID)); + public function getRegionName($regionID) + { + global $RUNTIME; + + $statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?"); + $statementRegion->execute(array($regionID)); - while($rowRegion = $statementRegion->fetch()) - { - return $rowRegion['regionName']; - } + if ($rowRegion = $statementRegion->fetch()) { + return $rowRegion['regionName']; + } - return "Unknown Region"; - } + return "Unknown Region"; + } - public function getPartner($userID) - { - global $RUNTIME; - - $statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?"); - $statement->execute(array($userID)); + public function getPartner($userID) + { + global $RUNTIME; + + $statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?"); + $statement->execute(array($userID)); - while($row = $statement->fetch()) - { - if($row['profilePartner'] != "00000000-0000-0000-0000-000000000000") - return $row['profilePartner']; - } + while ($row = $statement->fetch()) { + if ($row['profilePartner'] != "00000000-0000-0000-0000-000000000000") { + return $row['profilePartner']; + } + } - return null; - } + return null; + } - public function allowOfflineIM($userID) - { - global $RUNTIME; - - $statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?"); - $statement->execute(array($userID)); + public function allowOfflineIM($userID) + { + global $RUNTIME; + + $statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?"); + $statement->execute(array($userID)); - while($row = $statement->fetch()) - { - return strtoupper($row['imviaemail']); - } + if ($row = $statement->fetch()) { + return strtoupper($row['imviaemail']); + } - return "FALSE"; - } + return "FALSE"; + } - public function getUserMail($userID) - { - global $RUNTIME; - - $statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?"); - $statement->execute(array($userID)); + public function getUserMail($userID) + { + global $RUNTIME; + + $statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?"); + $statement->execute(array($userID)); - while($row = $statement->fetch()) - { - return $row['Email']; - } + if ($row = $statement->fetch()) { + return $row['Email']; + } - return ""; - } + return ""; + } - public function getUserCount() - { - global $RUNTIME; - - $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts"); - $statementUser->execute(); - return $statementUser->fetchColumn(); - } + public function getUserCount() + { + global $RUNTIME; + + $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts"); + $statementUser->execute(); + return $statementUser->fetchColumn(); + } - public function getRegionCount() - { - global $RUNTIME; - - $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions"); - $statementUser->execute(); - return $statementUser->fetchColumn(); - } + public function getRegionCount() + { + global $RUNTIME; + + $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions"); + $statementUser->execute(); + return $statementUser->fetchColumn(); + } - public function getOnlineCount() - { - global $RUNTIME; + public function getOnlineCount() + { + global $RUNTIME; - $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence"); - $statementUser->execute(); - return $statementUser->fetchColumn(); - } + $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence"); + $statementUser->execute(); + return $statementUser->fetchColumn(); + } - public function gen_uuid() - { - return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', - // 32 bits for "time_low" - mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), - - // 16 bits for "time_mid" - mt_rand( 0, 0xffff ), - - // 16 bits for "time_hi_and_version", - // four most significant bits holds version number 4 - mt_rand( 0, 0x0fff ) | 0x4000, - - // 16 bits, 8 bits for "clk_seq_hi_res", - // 8 bits for "clk_seq_low", - // two most significant bits holds zero and one for variant DCE1.1 - mt_rand( 0, 0x3fff ) | 0x8000, - - // 48 bits for "node" - mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) - ); - } + public function gen_uuid() + { + return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', + // 32 bits for "time_low" + mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), + + // 16 bits for "time_mid" + mt_rand( 0, 0xffff ), + + // 16 bits for "time_hi_and_version", + // four most significant bits holds version number 4 + mt_rand( 0, 0x0fff ) | 0x4000, + + // 16 bits, 8 bits for "clk_seq_hi_res", + // 8 bits for "clk_seq_low", + // two most significant bits holds zero and one for variant DCE1.1 + mt_rand( 0, 0x3fff ) | 0x8000, + + // 48 bits for "node" + mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) + ); + } } -?> \ No newline at end of file diff --git a/app/discord.php b/app/discord.php index 9a8db41..9c60af9 100644 --- a/app/discord.php +++ b/app/discord.php @@ -1,19 +1,18 @@ [ 'method' => 'POST', 'header' => 'Content-Type: application/json', 'timeout' => 3, - 'content' => $RAWmessage + 'content' => $rawMessage ] ]; - $result = file_get_contents($webhook, false, stream_context_create($options)); + file_get_contents($webhook, false, stream_context_create($options)); } -?> \ No newline at end of file diff --git a/app/utils.php b/app/utils.php index a087f66..c0bf3dd 100644 --- a/app/utils.php +++ b/app/utils.php @@ -12,17 +12,18 @@ function fillString($string, $targetlength) return $string; } -function left($str, $length) +function left($str, $length) { return substr($str, 0, $length); } -function right($str, $length) +function right($str, $length) { return substr($str, -$length); } -function generateToken($length): string { +function generateToken($length): string +{ $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $res = ""; for($i = 0; $i < $length; $i++) { @@ -32,17 +33,19 @@ function generateToken($length): string { return $res; } -function htmlToPlain($message): string { +function htmlToPlain($message): string +{ $messageNew = str_replace('
', "\n", $message); $messageNew = preg_replace('/(.*)<\\/a>/', "$2: $1", $messageNew); return $messageNew; } -function sendMail($email, $message, $subject, $title, $preheader): bool { - include_once('lib/phpmailer/Exception.php'); - include_once('lib/phpmailer/PHPMailer.php'); - include_once('lib/phpmailer/SMTP.php'); - include_once('app/HTML.php'); +function sendMail($email, $message, $subject, $title, $preheader): bool +{ + include_once 'lib/phpmailer/Exception.php'; + include_once 'lib/phpmailer/PHPMailer.php'; + include_once 'lib/phpmailer/SMTP.php'; + include_once 'app/HTML.php'; global $RUNTIME; $mailer = new PHPMailer(true); @@ -78,24 +81,21 @@ function sendMail($email, $message, $subject, $title, $preheader): bool { } } -function getDataFromHTTP($URL, $contend = "", $requestTyp = "application/text") +function getDataFromHTTP($url, $content = "", $requestTyp = "application/text") { - try - { - if($contend != "") - { - return file_get_contents($URL, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $contend)))); - }else{ - return file_get_contents($URL); + try { + if ($content != "") { + return file_get_contents($url, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $content)))); + } else { + return file_get_contents($url); } } catch (Exception $e) { - echo "(HTTP REQUEST) error while conntect to remote server. : ".$URL; + echo "(HTTP REQUEST) error while conntect to remote server. : ".$url; } } -function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text) +function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text) { - $rawXML = "grid_instant_messageposition_x0position_y0position_z0to_agent_id".$toUUID."from_agent_session00000000-0000-0000-0000-000000000000im_session_id".$fromUUID."from_agent_name".$fromName."from_agent_id".$fromUUID."binary_bucketAA==region_handle0region_id00000000-0000-0000-0000-000000000000parent_estate_id1timestamp".time()."dialogAA==offlineAA==from_groupFALSEmessage".$text.""; + $rawXML = "grid_instant_messageposition_x0position_y0position_z0to_agent_id".$toUUID."from_agent_session00000000-0000-0000-0000-000000000000im_session_id".$fromUUID."from_agent_name".$fromName."from_agent_id".$fromUUID."binary_bucketAA==region_handle0region_id00000000-0000-0000-0000-000000000000parent_estate_id1timestamp".time()."dialogAA==offlineAA==from_groupFALSEmessage".$text.""; getDataFromHTTP($targetURL, $rawXML, "text/xml"); } -?> \ No newline at end of file diff --git a/cron/IARMonitor.php b/cron/IARMonitor.php index 8c3da73..63935fe 100644 --- a/cron/IARMonitor.php +++ b/cron/IARMonitor.php @@ -1,41 +1,38 @@ prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;"); - $statement->execute(); + $statement->execute(); $statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename,filesize FROM iarstates WHERE running = 1 LIMIT 1"); - $statement->execute(); + $statement->execute(); - if($row = $statement->fetch()) - { - $email = $opensim->getUserMail($row['userID']); + if ($row = $statement->fetch()) { + $email = $opensim->getUserMail($row['userID']); - $fullFilePath = "/var/www/html/data/".$row['iarfilename']; + $fullFilePath = "/var/www/html/data/".$row['iarfilename']; echo "Aktive IAR für ".$opensim->getUserName($row['userID'])." gefunden. File: ".$fullFilePath."\n"; - if(file_exists($fullFilePath)) - { - $filesize = filesize($fullFilePath); + if (file_exists($fullFilePath)) { + $filesize = filesize($fullFilePath); - if($filesize != $row['filesize']) - { + if ($filesize != $row['filesize']) { $statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET filesize = :filesize WHERE userID = :userID'); $statementUpdate->execute(['filesize' => $filesize, 'userID' => $row['userID']]); echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Speichert...\n"; - }else{ + } else { $APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=RESTART"; $APIResult = file_get_contents($APIURL); echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Sende Mail...\n"; $statementUpdate = $RUNTIME['PDO']->prepare('DELETE FROM iarstates WHERE userID = :userID'); $statementUpdate->execute(['userID' => $row['userID']]); - sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']); + sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']); } - }else{ + } else { $name = explode(" ", $opensim->getUserName($row['userID'])); $APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=COMMAND&COMMAND=".urlencode("save iar ".$name[0]." ".$name[1]." /* PASSWORD /downloads/".$row['iarfilename']); @@ -43,12 +40,11 @@ echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n"; } - }else{ + } else { $statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename FROM iarstates WHERE running = 0 LIMIT 1"); - $statement->execute(); + $statement->execute(); - while($row = $statement->fetch()) - { + while ($row = $statement->fetch()) { $statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET running = :running WHERE userID = :userID'); $statementUpdate->execute(['running' => 1, 'userID' => $row['userID']]); @@ -60,5 +56,3 @@ echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n"; } } - -?> \ No newline at end of file diff --git a/cron/assetChecker.php b/cron/assetChecker.php index 68deaa5..5513211 100644 --- a/cron/assetChecker.php +++ b/cron/assetChecker.php @@ -1,11 +1,10 @@ prepare("SELECT id,hash FROM fsassets ORDER BY create_time DESC"); -$statement->execute(); +$statement->execute(); $count = 0; -while($row = $statement->fetch()) -{ +while ($row = $statement->fetch()) { $fileNameParts = array(); $fileNameParts[0] = substr($row['hash'], 0, 2); $fileNameParts[1] = substr($row['hash'], 2, 2); @@ -17,9 +16,9 @@ while($row = $statement->fetch()) $fileNameParts['UUID'] = $row['id']; $fileNameParts['FilePath'] = "/data/assets/base/".$fileNameParts[0]."/".$fileNameParts[1]."/".$fileNameParts[2]."/".$fileNameParts[3]."/".$fileNameParts[4]; - if(file_exists($fileNameParts['FilePath'])) { + if (file_exists($fileNameParts['FilePath'])) { $filesize = filesize($fileNameParts['FilePath']); - if($filesize === false) { + if ($filesize === false) { continue; } } @@ -30,11 +29,8 @@ while($row = $statement->fetch()) $fileNameParts['FileSize'] = $filesize; $fileNameParts['Count'] = $count++; - if($fileNameParts['FileSize'] == 0) - { - $add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash'); + if ($fileNameParts['FileSize'] == 0) { + $add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash'); $add->execute(['fileHash' => $row['hash']]); } } - -?> diff --git a/cron/checkInventar.php b/cron/checkInventar.php index a539f45..05c59d6 100644 --- a/cron/checkInventar.php +++ b/cron/checkInventar.php @@ -1,9 +1,9 @@ prepare("UPDATE inventoryitems i SET +$InventarCheckStatement = $RUNTIME['PDO']->prepare("UPDATE inventoryitems i SET i.inventoryName = concat('[DEFEKT] ', i.inventoryName) WHERE -i.assetID IN ( - SELECT +i.assetID IN ( + SELECT i.assetID FROM inventoryitems i WHERE @@ -16,6 +16,4 @@ i.assetID IN ( AND i.assetType <> 24 )"); -$InventarCheckStatement->execute(); - -?> \ No newline at end of file +$InventarCheckStatement->execute(); diff --git a/cron/offlineIM.php b/cron/offlineIM.php index e8f0db4..01498df 100644 --- a/cron/offlineIM.php +++ b/cron/offlineIM.php @@ -2,57 +2,55 @@ use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\SMTP; - include_once('lib/phpmailer/Exception.php'); - include_once('lib/phpmailer/PHPMailer.php'); - include_once('lib/phpmailer/SMTP.php'); + include_once 'lib/phpmailer/Exception.php'; + include_once 'lib/phpmailer/PHPMailer.php'; + include_once 'lib/phpmailer/SMTP.php'; $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS im_offline_send (`id` int(6) NOT NULL DEFAULT 0) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci"); - $statement->execute(); + $statement->execute(); - function isMailAllreadySend($id) + function isMailAlreadySent($id) { - GLOBAL $RUNTIME; + global $RUNTIME; $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM im_offline_send WHERE id = ? LIMIT 1"); - $statement->execute(array($id)); + $statement->execute(array($id)); - if($statement->rowCount() != 0) - return TRUE; + if ($statement->rowCount() != 0) { + return true; + } - return FALSE; + return false; } $IMTYP = array( - "0" => "eine Nachricht", - "3" => "eine Gruppeneinladung", - "4" => "ein Inventaritem", - "5" => "eine Bestätigung zur Annahme von Inventar", - "6" => "eine Information zur Ablehnung von Inventar", - "7" => "eine Aufforderung zur Gruppenwahl", - "9" => "ein Inventaritem von einem Script", - "19" => "eine Nachricht von einem Script", - "32" => "eine Gruppennachricht", - "38" => "eine Freundschaftsanfrage", - "39" => "eine Bestätigung über die Annahme der Freundschaft", - "40" => "eine Information über das Ablehnen der Freundschaft" + "0" => "eine Nachricht", + "3" => "eine Gruppeneinladung", + "4" => "ein Inventaritem", + "5" => "eine Bestätigung zur Annahme von Inventar", + "6" => "eine Information zur Ablehnung von Inventar", + "7" => "eine Aufforderung zur Gruppenwahl", + "9" => "ein Inventaritem von einem Script", + "19" => "eine Nachricht von einem Script", + "32" => "eine Gruppennachricht", + "38" => "eine Freundschaftsanfrage", + "39" => "eine Bestätigung über die Annahme der Freundschaft", + "40" => "eine Information über das Ablehnen der Freundschaft" ); //$statement = $RUNTIME['PDO']->prepare("SELECT * FROM im_offline WHERE PrincipalID = '1148b04d-7a93-49e9-b3c9-ea0cdeec38f7'"); $statement = $RUNTIME['PDO']->prepare("SELECT ID,PrincipalID,Message FROM im_offline"); - $statement->execute(); + $statement->execute(); - while($row = $statement->fetch()) - { - include 'app/OpenSim.php'; + while ($row = $statement->fetch()) { + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); - $email = $opensim->getUserMail($row['PrincipalID']); + $email = $opensim->getUserMail($row['PrincipalID']); $allowOfflineIM = $opensim->allowOfflineIM($row['PrincipalID']); - if($email != "" && $allowOfflineIM == "TRUE") - { - if(isMailAllreadySend($row['ID']) == FALSE) - { + if ($email != "" && $allowOfflineIM == "TRUE") { + if (!isMailAlreadySent($row['ID'])) { $statementSend = $RUNTIME['PDO']->prepare('INSERT INTO im_offline_send (id) VALUES (:idnummer)'); $statementSend->execute(['idnummer' => $row['ID']]); @@ -60,9 +58,9 @@ $mail->SMTPDebug = SMTP::DEBUG_SERVER; $mail->isSMTP(); - $mail->Host = $RUNTIME['SMTP']['SERVER']; - $mail->Port = $RUNTIME['SMTP']['PORT']; - $mail->SMTPAuth = false; + $mail->Host = $RUNTIME['SMTP']['SERVER']; + $mail->Port = $RUNTIME['SMTP']['PORT']; + $mail->SMTPAuth = false; $mail->setFrom($RUNTIME['SMTP']['ADRESS'], $RUNTIME['GRID']['NAME']); $mail->addAddress($email, $opensim->getUserName($row['PrincipalID'])); @@ -71,24 +69,21 @@ $HTMLMESSAGE = "Du hast ".$IMTYP["".$XMLMESSAGE->dialog.""]." in ".$RUNTIME['GRID']['NAME']." bekommen.

Gesendet von: "; - if(isset($XMLMESSAGE->fromAgentName)) + if (isset($XMLMESSAGE->fromAgentName)) { $HTMLMESSAGE .= $XMLMESSAGE->fromAgentName; + } - if(isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position)) - { - if($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0) - { + if (isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position)) { + if ($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0) { //TODO $HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID)."/".$XMLMESSAGE->Position->X."/".$XMLMESSAGE->Position->Y."/".$XMLMESSAGE->Position->Z; - }else{ + } else { $HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID); } } - //die($HTMLMESSAGE); - $HTML = new HTML(); $HTML->importHTML("mail.html"); - $HTML->setSeitenInhalt($HTMLMESSAGE); + $HTML->setSeitenInhalt($HTMLMESSAGE); $HTML->build(); $mail->isHTML(true); @@ -105,4 +100,3 @@ //echo $row['PrincipalID']." möchte keine offline IM oder hat keine E-MAIL Adresse hinterlegt."; } } -?> \ No newline at end of file diff --git a/pages/dashboard.php b/pages/dashboard.php index d2b132e..2585503 100644 --- a/pages/dashboard.php +++ b/pages/dashboard.php @@ -1,15 +1,14 @@ setHTMLTitle("Dashboard"); - $HTML->importSeitenInhalt("dashboard-home.html"); + $HTML->setHTMLTitle("Dashboard"); + $HTML->importSeitenInhalt("dashboard-home.html"); - $HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount()); - $HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount()); + $HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount()); + $HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount()); - $HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME'])); + $HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME'])); - $HTML->build(); - echo $HTML->ausgabe(); -?> \ No newline at end of file + $HTML->build(); + echo $HTML->ausgabe(); diff --git a/pages/error.php b/pages/error.php index fb858e7..18c1acd 100644 --- a/pages/error.php +++ b/pages/error.php @@ -1,7 +1,6 @@ setHTMLTitle("Seite nicht gefunden"); + $HTML->setHTMLTitle("Seite nicht gefunden"); $HTML->build(); http_response_code(404); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/forgot.php b/pages/forgot.php index 3ce4c7a..f923676 100644 --- a/pages/forgot.php +++ b/pages/forgot.php @@ -1,24 +1,23 @@
wir haben soeben eine Anfrage zur Zurücksetzung des Passworts für deinen 4Creative-Account erhalten.

Klicke hier, um ein neues Passwort festzulegen. Dieser Link läuft in 24 Stunden ab.

Falls du diese Anfrage nicht gesendet hast, ignoriere sie einfach. Bei weiteren Fragen kannst du uns unter info@4creative.net oder per Discord über @ikeytan erreichen.'; - $HTML = new HTML(); - $HTML->setHTMLTitle("Passwort vergessen"); - $HTML->importHTML("forgot.html"); + $HTML = new HTML(); + $HTML->setHTMLTitle("Passwort vergessen"); + $HTML->importHTML("forgot.html"); - if($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { include_once 'app/FormValidator.php'; - $validator = new FormValidator(array( - 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), + $validator = new FormValidator(array( + 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), 'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/') - )); - - if(!$validator->isValid($_POST)) { + )); + + if (!$validator->isValid($_POST)) { $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', 'Bitte gebe deinen Benutzernamen (Vor- und Nachname) und die dazugehörige E-Mail-Adresse ein'); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red'); $HTML->build(); echo $HTML->ausgabe(); - } - else { + } else { $nameParts = explode(" ", $_POST['username']); $email = strtolower(trim($_POST['email'])); @@ -27,14 +26,14 @@ $validRequest = $getAccount->rowCount() == 1; $uuid; $name; - if($res = $getAccount->fetch()) { + if ($res = $getAccount->fetch()) { $email = $res['Email']; $uuid = $res['PrincipalID']; $name = $res['FirstName'].' '.$res['LastName']; } - foreach($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) { - if(str_ends_with($email, $domain)) { + foreach ($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) { + if (str_ends_with($email, $domain)) { $validRequest = false; } } @@ -45,10 +44,10 @@ echo $HTML->ausgabe(); fastcgi_finish_request(); - if($validRequest) { + if ($validRequest) { $getReqTime = $RUNTIME['PDO']->prepare('SELECT RequestTime FROM PasswordResetTokens WHERE PrincipalID=?'); $getReqTime->execute([$uuid]); - if(($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) { + if (($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) { return; } @@ -60,12 +59,9 @@ sendMail($email, str_replace('%%NAME%%', $name, str_replace('%%RESET_LINK%%', 'https://'.$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token, MESSAGE)), "Zurücksetzung des Passworts für ".$name, 'Dein Passwort zurücksetzen', 'Folge diesen Anweisungen, um ein neues Passwort für deinen 4Creative-Account festzulegen'); } } - } - else { + } else { $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', ''); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red'); $HTML->build(); echo $HTML->ausgabe(); } - -?> \ No newline at end of file diff --git a/pages/friends.php b/pages/friends.php index d1286ed..16002f3 100644 --- a/pages/friends.php +++ b/pages/friends.php @@ -1,13 +1,12 @@ array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM Friends WHERE Friend = ? AND PrincipalID = ?"); $statementMembership->execute(array($_REQUEST['uuid'], $_SESSION['UUID'])); @@ -21,24 +20,23 @@ } $HTML->setHTMLTitle("Deine Freunde"); - $HTML->importSeitenInhalt("online-anzeige.html"); + $HTML->importSeitenInhalt("online-anzeige.html"); $table = '
NameRegion
'.trim($opensim->getUserName($row['UserID'])).''.$opensim->getRegionName($row['RegionID']).'
'.trim($opensim->getUserName($row['UserID'])).''.$opensim->getRegionName($row['RegionID']).'
'.trim($opensim->getUserName($row['UserID'])).''.$opensim->getRegionName($row['RegionID']).'
%%ENTRY%%
NameOptionen
'; $statement = $RUNTIME['PDO']->prepare("SELECT PrincipalID,Friend FROM Friends WHERE PrincipalID = ? ORDER BY Friend ASC"); - $statement->execute([$_SESSION['UUID']]); + $statement->execute([$_SESSION['UUID']]); - while($row = $statement->fetch()) - { + include_once 'app/OpenSim.php'; + $opensim = new OpenSim(); + + while ($row = $statement->fetch()) { $PrincipalID = explode(";", $row['PrincipalID'])[0]; $FriendData = explode(";", $row['Friend']); $Friend = $FriendData[0]; - include 'app/OpenSim.php'; - $opensim = new OpenSim(); - $name = trim($opensim->getUserName($Friend)); - if(count($FriendData) > 1) { + if (count($FriendData) > 1) { $FriendData[1] = str_replace("http://", "", $FriendData[1]); $FriendData[1] = str_replace("https://", "", $FriendData[1]); $FriendData[1] = str_replace("/", "", $FriendData[1]); @@ -55,4 +53,3 @@ $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/groups.php b/pages/groups.php index 23a6518..92c9b68 100644 --- a/pages/groups.php +++ b/pages/groups.php @@ -1,13 +1,12 @@ array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?"); $statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID'])); } @@ -17,7 +16,7 @@ die(); } - include 'app/OpenSim.php'; + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); $HTML->setHTMLTitle("Gruppen"); @@ -28,8 +27,7 @@ $statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?"); $statementGroups->execute(array($_SESSION['UUID'])); - while($rowGroups = $statementGroups->fetch()) - { + while ($rowGroups = $statementGroups->fetch()) { $entry = ''.htmlspecialchars($rowGroups['Name']).''.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'
%%CSRF%%
'; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } @@ -39,4 +37,3 @@ $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/identities.php b/pages/identities.php index 979c592..fa88423 100644 --- a/pages/identities.php +++ b/pages/identities.php @@ -1,50 +1,48 @@ prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))"); - $statementCreateTable->execute(); + $statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))"); + $statementCreateTable->execute(); - if($_SERVER['REQUEST_METHOD'] == 'POST') { - include 'app/FormValidator.php'; - if(isset($_POST['enableIdent'])) { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + include_once 'app/FormValidator.php'; + if (isset($_POST['enableIdent'])) { $validator = new FormValidator(array( 'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1"); - $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]); + $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]); $statementPresence = $RUNTIME['PDO']->prepare("SELECT 1 FROM Presence WHERE UserID = :PrincipalID LIMIT 1"); - $statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]); + $statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]); - if($statementPresence->rowCount() == 0) - { - if($statement->rowCount() == 1) - { - $statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID'); + if ($statementPresence->rowCount() == 0) { + if ($statement->rowCount() == 1) { + $statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID'); $statementAuth->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); + $statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementUserIdentitys->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); + $statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - //$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID'); + //$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID'); //$statementReFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp'); + $statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp'); $statementInventoryFolders->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]); - $statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID'); + $statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID'); $statementInventoryItems->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); + $statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementGroupMembership->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); + $statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementGroupRoles->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); - $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID'); + $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID'); $statementGroupRoles->execute(['PrincipalID' => $_SESSION['UUID']]); $_SESSION['LOGIN'] = 'false'; @@ -55,33 +53,31 @@ } } } - else if(isset($_POST['createIdent'])) { + elseif (isset($_POST['createIdent'])) { $validator = new FormValidator(array( 'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { $avatarNameParts = explode(" ", trim($_REQUEST['newName'])); - if(count($avatarNameParts) == 2) - { + if (count($avatarNameParts) == 2) { $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); - $statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]); + $statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]); - if($statement->rowCount() == 0) - { - include 'app/OpenSim.php'; + if ($statement->rowCount() == 0) { + include_once 'app/OpenSim.php'; $avatarUUID = (new OpenSim())->gen_uuid(); - $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); + $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $_SESSION['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); - $statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)'); + $statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)'); $statementUserIdentitys->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $avatarUUID]); - }else{ + } else { $_SESSION['identities_err'] = 'Dieser Name ist schon in Benutzung.'; } - }else{ + } else { $_SESSION['identities_err'] = 'Der Name muss aus einem Vor und einem Nachnamen bestehen.'; } } @@ -91,31 +87,28 @@ die(); } - $HTML->setHTMLTitle("Identitäten"); - $HTML->importSeitenInhalt("identities.html"); + $HTML->setHTMLTitle("Identitäten"); + $HTML->importSeitenInhalt("identities.html"); $statementCheckForEntry = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = ? LIMIT 1"); - $statementCheckForEntry->execute(array($_SESSION['UUID'])); + $statementCheckForEntry->execute(array($_SESSION['UUID'])); - if($statementCheckForEntry->rowCount() == 0) - { - $statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)'); + if ($statementCheckForEntry->rowCount() == 0) { + $statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)'); $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]); } $table = '%%ENTRY%%
NameAktionen
'; $statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC"); - $statement->execute(array($_SESSION['UUID'])); + $statement->execute(array($_SESSION['UUID'])); - include 'app/OpenSim.php'; + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); - while($row = $statement->fetch()) - { - if($row['IdentityID'] == $_SESSION['UUID']) - { + while ($row = $statement->fetch()) { + if ($row['IdentityID'] == $_SESSION['UUID']) { $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).' Aktiv-'; - }else{ + } else { $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'
%%CSRF%%
'; } @@ -127,7 +120,7 @@ $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $message = ''; - if(isset($_SESSION['identities_err'])) { + if (isset($_SESSION['identities_err'])) { $message = ''; unset($_SESSION['identities_err']); } @@ -135,4 +128,3 @@ $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/invite.php b/pages/invite.php index e1b3ec7..d0c8cd7 100644 --- a/pages/invite.php +++ b/pages/invite.php @@ -1,6 +1,5 @@ setHTMLTitle("Kein Zugriff"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->build(); @@ -8,12 +7,11 @@ die(); } - $HTML->setHTMLTitle("Benutzer"); - $HTML->importSeitenInhalt("users.html"); + $HTML->setHTMLTitle("Benutzer"); + $HTML->importSeitenInhalt("users.html"); - $HTML->ReplaceSeitenInhalt("%%link%%", ' '); + $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/login.php b/pages/login.php index 3d6024e..70d8a34 100644 --- a/pages/login.php +++ b/pages/login.php @@ -1,59 +1,55 @@ setHTMLTitle("Login"); - $HTML->importHTML("login.html"); + $HTML = new HTML(); + $HTML->setHTMLTitle("Login"); + $HTML->importHTML("login.html"); - if($_SERVER['REQUEST_METHOD'] == 'POST') - { - include_once 'app/FormValidator.php'; - $validator = new FormValidator(array( - 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), - 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/') - )); - - if(!$validator->isValid($_POST)) { - $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein."); - } - else { - $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1"); - $statementUser->execute(explode(" ", trim($_POST['username']))); - $res = ['passwordHash' => '', 'passwordSalt' => '']; + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + include_once 'app/FormValidator.php'; + $validator = new FormValidator(array( + 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), + 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/') + )); + + if (!$validator->isValid($_POST)) { + $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein."); + } else { + $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1"); + $statementUser->execute(explode(" ", trim($_POST['username']))); + $res = ['passwordHash' => '', 'passwordSalt' => '']; - if($rowUser = $statementUser->fetch()) { - $res = $rowUser; - } + if ($rowUser = $statementUser->fetch()) { + $res = $rowUser; + } - if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) { - session_unset(); // Unset pre-session variables, next request will generate a new CSRF token - $_SESSION['FIRSTNAME'] = $rowUser['FirstName']; - $_SESSION['LASTNAME'] = $rowUser['LastName']; - $_SESSION['EMAIL'] = $rowUser['Email']; - $_SESSION['PASSWORD'] = $rowUser['passwordHash']; - $_SESSION['SALT'] = $rowUser['passwordSalt']; - $_SESSION['UUID'] = $rowUser['PrincipalID']; - $_SESSION['LEVEL'] = $rowUser['UserLevel']; - $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']); - $_SESSION['LOGIN'] = 'true'; + if (hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) { + session_unset(); // Unset pre-session variables, next request will generate a new CSRF token + $_SESSION['FIRSTNAME'] = $rowUser['FirstName']; + $_SESSION['LASTNAME'] = $rowUser['LastName']; + $_SESSION['EMAIL'] = $rowUser['Email']; + $_SESSION['PASSWORD'] = $rowUser['passwordHash']; + $_SESSION['SALT'] = $rowUser['passwordSalt']; + $_SESSION['UUID'] = $rowUser['PrincipalID']; + $_SESSION['LEVEL'] = $rowUser['UserLevel']; + $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']); + $_SESSION['LOGIN'] = 'true'; - header("Location: index.php?page=dashboard"); - die(); - } + header("Location: index.php?page=dashboard"); + die(); + } - $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch."); - $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username'])); - } - } - else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) { - $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']); - $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']); - unset($_SESSION['loginMessage']); - unset($_SESSION['loginMessageColor']); - } + $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch."); + $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username'])); + } + } elseif (isset($_SESSION) && isset($_SESSION['loginMessage'])) { + $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']); + $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']); + unset($_SESSION['loginMessage']); + unset($_SESSION['loginMessageColor']); + } - $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); - $HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red"); - $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", ""); + $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); + $HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red"); + $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", ""); - $HTML->build(); - echo $HTML->ausgabe(); -?> \ No newline at end of file + $HTML->build(); + echo $HTML->ausgabe(); diff --git a/pages/profile.php b/pages/profile.php index ce4f570..4391bb6 100644 --- a/pages/profile.php +++ b/pages/profile.php @@ -1,12 +1,13 @@ prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?'); $query->execute(array($value, $otherValue)); - if($query->rowCount() == 0) { - $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?'); + if ($query->rowCount() == 0) { + $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?'); $statement->execute(array($value, $_SESSION['UUID'])); return true; } @@ -23,12 +24,12 @@ $IARRUNNING = $statementIARCheck->rowCount() != 0; $statementIARCheck->closeCursor(); - if($_SERVER['REQUEST_METHOD'] == 'POST') { - include 'app/FormValidator.php'; + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + include_once 'app/FormValidator.php'; - if(isset($_POST['createIAR'])) { + if (isset($_POST['createIAR'])) { $validator = new FormValidator(array()); // CSRF validation only - if($validator->isValid($_POST) && $IARRUNNING == FALSE) { + if($validator->isValid($_POST) && !$IARRUNNING) { $iarname = md5(time().$_SESSION['UUID'] . rand()).".iar"; $statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)'); @@ -37,7 +38,7 @@ $_SESSION['iar_created'] = true; } } - else if(isset($_POST['saveProfileData'])) { + elseif (isset($_POST['saveProfileData'])) { $validator = new FormValidator(array( 'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'), 'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'), @@ -46,7 +47,7 @@ 'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { if(isset($_POST['formInputFeldVorname'])) { $NewFirstName = trim($_POST['formInputFeldVorname']); @@ -62,98 +63,94 @@ } } - if(isset($_POST['formInputFeldNachname'])) { + if (isset($_POST['formInputFeldNachname'])) { $NewLastName = trim($_POST['formInputFeldNachname']); - if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) { - if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) { + if ($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) { + if (setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) { $_SESSION['LASTNAME'] = $NewLastName; $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME']; $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']); - } - else { + } else { $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.'; } } } - if(isset($_POST['formInputFeldEMail'])) { + if (isset($_POST['formInputFeldEMail'])) { $NewEMail = trim($_POST['formInputFeldEMail']); - if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) { - $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID'); + if ($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) { + $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID'); $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]); - $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID'); + $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID'); $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]); $_SESSION['EMAIL'] = $NewEMail; } } - if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") { - $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); + if (isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") { + $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); $statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]); } else { - $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); + $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); $statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]); } - if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") { + if (isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") { include_once 'app/OpenSim.php'; $opensim = new OpenSim(); $NewPartner = trim($_POST['formInputFeldPartnerName']); $CurrentPartner = $opensim->getPartner($_SESSION['UUID']); - if($CurrentPartner != "")$CurrentPartner = $opensim->getUserName($CurrentPartner); + if ($CurrentPartner != "") { + $CurrentPartner = $opensim->getUserName($CurrentPartner); + } - if($NewPartner != "" && $CurrentPartner != $NewPartner) { + if ($NewPartner != "" && $CurrentPartner != $NewPartner) { $newPartnerUUID = $opensim->getUserUUID($NewPartner); - if($newPartnerUUID != null) { - $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); + if ($newPartnerUUID != null) { + $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); $statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]); } - }else{ - $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); + } else { + $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); $statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]); } } } - } - else if(isset($_POST['savePassword'])) { + } elseif (isset($_POST['savePassword'])) { $validator = new FormValidator(array( 'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/') )); - if($validator->isValid($_POST)) { - if($_POST['newPasswordRepeat'] == $_POST['newPassword']) { - if(strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) { - if(md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) { + if ($validator->isValid($_POST)) { + if ($_POST['newPasswordRepeat'] == $_POST['newPassword']) { + if (strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) { + if (md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) { $salt = bin2hex(random_bytes(16)); $hash = md5(md5(trim($_POST['newPassword'])).':'.$salt); - $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); + $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]); $_SESSION['PASSWORD'] = $hash; $_SESSION['SALT'] = $salt; $_SESSION['profile_info'] = 'Neues Passwort gespeichert.'; - } - else { + } else { $_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!'; } - } - else { + } else { $_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'; } - } - else { + } else { $_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!'; } - } - else { + } else { $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.'; } } @@ -165,15 +162,14 @@ $HTML->setHTMLTitle("Dein Profile"); $HTML->importSeitenInhalt("profile.html"); - if($IARRUNNING) { - if(isset($_SESSION['iar_created'])) { - $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ''); + if ($IARRUNNING) { + if (isset($_SESSION['iar_created'])) { + $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ''); unset($_SESSION['iar_created']); + } else { + $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ''); } - else { - $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ''); - } - $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled'); + $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled'); } include_once 'app/OpenSim.php'; @@ -182,27 +178,30 @@ $PartnerUUID = $opensim->getPartner($_SESSION['UUID']); $PartnerName = ""; - if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID); + if ($PartnerUUID != null) { + $PartnerName = $opensim->getUserName($PartnerUUID); + } - if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked'); + if ($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE") { + $HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked'); + } - $HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' '); - $HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME'])); - $HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME'])); - $HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName)); - $HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID']))); - $HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", ""); + $HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' '); + $HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME'])); + $HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME'])); + $HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName)); + $HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID']))); + $HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", ""); $profileInfo = ''; - if(isset($_SESSION['profile_info'])) { + if (isset($_SESSION['profile_info'])) { $profileInfo = $_SESSION['profile_info']; unset($_SESSION['profile_info']); } $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo); - $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' '); - $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", ''); + $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' '); + $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", ''); $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/regions.php b/pages/regions.php index 953659a..4b85a9e 100644 --- a/pages/regions.php +++ b/pages/regions.php @@ -1,16 +1,14 @@ setHTMLTitle("Deine Regionen"); - $HTML->importSeitenInhalt("deine-regionen.html"); + $HTML->setHTMLTitle("Deine Regionen"); + $HTML->importSeitenInhalt("deine-regionen.html"); function cleanSize($bytes) { - if ($bytes > 0) - { + if ($bytes > 0) { $unit = intval(log($bytes, 1024)); $units = array('B', 'KB', 'MB', 'GB'); - if (array_key_exists($unit, $units) === true) - { + if (array_key_exists($unit, $units) === true) { return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]); } } @@ -23,10 +21,9 @@ global $RUNTIME; $statement = $RUNTIME['PDO']->prepare("SELECT Prims,SimFPS,PhyFPS,ProcMem,RegionVersion FROM regions_info WHERE regionID = ?"); - $statement->execute([$regionID]); + $statement->execute([$regionID]); - if($row = $statement->fetch()) - { + if ($row = $statement->fetch()) { $return = array(); $return['Prims'] = $row['Prims']; $return['SimFPS'] = $row['SimFPS']; @@ -40,15 +37,14 @@ return array(); } - if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove'])) - { - include 'app/FormValidator.php'; + if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove'])) { + include_once 'app/FormValidator.php'; $validator = new FormValidator(array( 'region' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); - if($validator->isValid($_POST)) { - if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) { + if ($validator->isValid($_POST)) { + if (isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) { $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?"); $statementMembership->execute(array($_POST['region'])); } else { @@ -65,16 +61,15 @@ $showAll = isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100 && isset($_REQUEST['SHOWALL']) && $_REQUEST['SHOWALL'] == "1"; $statement = $RUNTIME['PDO']->prepare("SELECT uuid,regionName,owner_uuid,locX,locY FROM regions ".($showAll ? "ORDER BY owner_uuid ASC" : "WHERE owner_uuid = ? ORDER BY uuid ASC")); - $statement->execute($showAll ? array() : array($_SESSION['UUID'])); + $statement->execute($showAll ? array() : array($_SESSION['UUID'])); - include 'app/OpenSim.php'; + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); - while($row = $statement->fetch()) - { + while ($row = $statement->fetch()) { $stats = getRegionStatsData($row['uuid']); - $entry = ''.htmlspecialchars($row['regionName']).'
'.(count($stats) > 0 ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'
'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).''.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'
%%CSRF%%
'; + $entry = ''.htmlspecialchars($row['regionName']).'
'.(!empty($stats) ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'
'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).''.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'
%%CSRF%%
'; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } @@ -83,4 +78,3 @@ $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/register.php b/pages/register.php index 8748dbd..2951246 100644 --- a/pages/register.php +++ b/pages/register.php @@ -1,159 +1,154 @@ setHTMLTitle("Registrieren"); - $HTML->importHTML("register.html"); + function displayPage(string $message) + { + global $RUNTIME; + $HTML = new HTML(); + $HTML->setHTMLTitle("Registrieren"); + $HTML->importHTML("register.html"); - $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); - $HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] ); - $HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code'])); - - $HTML->build(); - echo $HTML->ausgabe(); - die(); - } + $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); + $HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] ); + $HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code'])); + + $HTML->build(); + echo $HTML->ausgabe(); + die(); + } - function displayError(string $message) { - $HTML = new HTML(); - $HTML->importHTML("error.html"); - $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); - $HTML->build(); - echo $HTML->ausgabe(); - die(); - } + function displayError(string $message) + { + $HTML = new HTML(); + $HTML->importHTML("error.html"); + $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); + $HTML->build(); + echo $HTML->ausgabe(); + die(); + } - if(!isset($_REQUEST['code'])) { - displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren."); - } + if (!isset($_REQUEST['code'])) { + displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren."); + } - if(strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) { - displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); - } + if (strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) { + displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); + } - $statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1"); - $statementInviteCode->execute([$_REQUEST['code']]); + $statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1"); + $statementInviteCode->execute([$_REQUEST['code']]); - if($statementInviteCode->rowCount() == 0) { - displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); - } + if ($statementInviteCode->rowCount() == 0) { + displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); + } - if($_SERVER['REQUEST_METHOD'] != 'POST') { - displayPage(""); - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + displayPage(""); + } - include_once('app/FormValidator.php'); + include_once 'app/FormValidator.php'; + $validator = new FormValidator(array( + 'tos' => array('required' => true, 'equals' => 'on'), + 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'), + 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), + 'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'), + 'avatar' => array('required' => true) + )); - $validator = new FormValidator(array( - 'tos' => array('required' => true, 'equals' => 'on'), - 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'), - 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), - 'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'), - 'avatar' => array('required' => true) - )); + if (!$validator->isValid($_POST)) { + if (!isset($_POST['tos']) || $_POST['tos'] !== true) { + displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren."); + } else { + displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal."); + } - if(!$validator->isValid($_POST)) { - if(!isset($_POST['tos']) || $_POST['tos'] !== true) { - displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren."); - } - else { - displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal."); - } + die(); + } - die(); - } + $name = trim($_POST['username']); + $nameParts; + if ($name != "") { + $nameParts = explode(" ", $name); + if (count($nameParts) == 1) { + $name .= " Resident"; + $nameParts = explode(" ", $name); + } + + $statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); + $statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]); + if ($statementAvatarName->rowCount() > 0) { + displayPage("Der gewählte Name ist bereits vergeben."); + } + } - $name = trim($_POST['username']); - $nameParts; - if($name != "") { - $nameParts = explode(" ", $name); - if(count($nameParts) == 1) { - $name .= " Resident"; - $nameParts = explode(" ", $name); - } - - $statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); - $statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]); - if($statementAvatarName->rowCount() > 0) { - displayPage("Der gewählte Name ist bereits vergeben."); - } - } + $pass = trim($_POST['password']); + if (strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) { + displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'); + } - $pass = trim($_POST['password']); - if(strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) { - displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'); - } + $email = trim($_POST['email']); - $email = trim($_POST['email']); + $avatar; + if (isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) { + $avatar = trim($_POST['avatar']); + } else { + displayPage("Der gewählte Standardavatar existiert nicht."); + } - $avatar; - if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) { - $avatar = trim($_POST['avatar']); - } - else { - displayPage("Der gewählte Standardavatar existiert nicht."); - } + include_once 'app/OpenSim.php'; + $opensim = new OpenSim(); - include 'app/OpenSim.php'; - $opensim = new OpenSim(); + $avatarUUID = $opensim->gen_uuid(); + $salt = bin2hex(random_bytes(16)); + $passwordHash = md5(md5($pass).':'.$salt); - $avatarUUID = $opensim->gen_uuid(); - $salt = bin2hex(random_bytes(16)); - $passwordHash = md5(md5($pass).':'.$salt); + $statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); + $statementInviteDeleter->execute(['code' => $_REQUEST['code']]); + if ($statementInviteDeleter->rowCount() == 0) { + displayError("Der angegebene Einladungscode ist nicht mehr gültig."); + } - $statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); - $statementInviteDeleter->execute(['code' => $_REQUEST['code']]); - if($statementInviteDeleter->rowCount() == 0) { - displayError("Der angegebene Einladungscode ist nicht mehr gültig."); - } + try { + $RUNTIME['PDO']->beginTransaction(); - try { - $RUNTIME['PDO']->beginTransaction(); + $statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)'); + $statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]); - $statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)'); - $statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]); + $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); + $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); - $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); - $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); + $statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)'); + $statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]); - $statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)'); - $statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]); + $statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)'); + $Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20); + $InventoryRootFolder = $opensim->gen_uuid(); + foreach ($Inventory as $FolderName => $InventoryType) { + $FolderUUID = $opensim->gen_uuid(); + if ($InventoryType == 8) { + $FolderUUID = $InventoryRootFolder; + $FolderParent = "00000000-0000-0000-0000-000000000000"; + } else { + $FolderParent = $InventoryRootFolder; + } + $statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]); + } - $statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)'); - $Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20); - $InventoryRootFolder = $opensim->gen_uuid(); - foreach ($Inventory as $FolderName => $InventoryType) - { - $FolderUUID = $opensim->gen_uuid(); - if ($InventoryType == 8) - { - $FolderUUID = $InventoryRootFolder; - $FolderParent = "00000000-0000-0000-0000-000000000000"; - }else{ - $FolderParent = $InventoryRootFolder; - } - $statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]); - } + $RUNTIME['PDO']->commit(); + } catch (Exception $pdoException) { + $RUNTIME['PDO']->rollBack(); + error_log('Could not create Account: '.$pdoException->getMessage()); + displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.'); + } - $RUNTIME['PDO']->commit(); - } catch (Exception $pdoException) { - $RUNTIME['PDO']->rollBack(); - error_log('Could not create Account: '.$pdoException->getMessage()); - displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.'); - } + session_unset(); // Unset pre-session variables, next request will generate a new CSRF token + $_SESSION['FIRSTNAME'] = trim($nameParts[0]); + $_SESSION['LASTNAME'] = trim($nameParts[1]); + $_SESSION['EMAIL'] = $email; + $_SESSION['PASSWORD'] = $passwordHash; + $_SESSION['SALT'] = $salt; + $_SESSION['UUID'] = $avatarUUID; + $_SESSION['LEVEL'] = 0; + $_SESSION['DISPLAYNAME'] = strtoupper($name); + $_SESSION['LOGIN'] = 'true'; - session_unset(); // Unset pre-session variables, next request will generate a new CSRF token - $_SESSION['FIRSTNAME'] = trim($nameParts[0]); - $_SESSION['LASTNAME'] = trim($nameParts[1]); - $_SESSION['EMAIL'] = $email; - $_SESSION['PASSWORD'] = $passwordHash; - $_SESSION['SALT'] = $salt; - $_SESSION['UUID'] = $avatarUUID; - $_SESSION['LEVEL'] = 0; - $_SESSION['DISPLAYNAME'] = strtoupper($name); - $_SESSION['LOGIN'] = 'true'; - - header('Location: index.php?page=dashboard'); - die(); -?> \ No newline at end of file + header('Location: index.php?page=dashboard'); + die(); diff --git a/pages/reset-password.php b/pages/reset-password.php index 6603b00..c36f29e 100644 --- a/pages/reset-password.php +++ b/pages/reset-password.php @@ -3,7 +3,8 @@ const TOKEN_INVALID = 'Dieser Link zur Passwortzurücksetzung ist nicht gültig. Bitte klicke oder kopiere den Link aus der E-Mail, die du erhalten hast.'; const TOKEN_EXPIRED = 'Dein Link zur Passwortzurücksetzung ist abgelaufen. Klicke hier, um eine neue Anfrage zu senden.'; - function displayTokenError($message) { + function displayTokenError($message) + { $HTML = new HTML(); $HTML->importHTML("error.html"); $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', $message); @@ -12,8 +13,9 @@ exit(); } - function displayPage($err) { - if(!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) { + function displayPage($err) + { + if (!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) { displayTokenError(TOKEN_INVALID); } @@ -27,32 +29,32 @@ exit(); } - if($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { include_once 'app/FormValidator.php'; - $validator = new FormValidator(array( + $validator = new FormValidator(array( 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'passwordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'resetToken' => array('required' => true, 'regex' => '/^[a-zA-Z0-9]{32}$/') )); - if($validator->isValid($_POST)) { - if($_POST['password'] !== $_POST['passwordRepeat']) { + if ($validator->isValid($_POST)) { + if ($_POST['password'] !== $_POST['passwordRepeat']) { displayPage('Du musst in beiden Feldern das gleiche Passwort eingeben'); } - if(strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) { + if (strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) { displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'); } $getReq = $RUNTIME['PDO']->prepare('SELECT UserAccounts.PrincipalID AS UUID,FirstName,LastName,Email,Token,RequestTime FROM PasswordResetTokens JOIN UserAccounts ON UserAccounts.PrincipalID = PasswordResetTokens.PrincipalID WHERE Token = ?'); $getReq->execute([$_POST['resetToken']]); - if($getReq->rowCount() == 0) { + if ($getReq->rowCount() == 0) { displayTokenError(TOKEN_INVALID); } $res = $getReq->fetch(); - if(!hash_equals($res['Token'], $_POST['resetToken'])) { + if (!hash_equals($res['Token'], $_POST['resetToken'])) { displayTokenError(TOKEN_INVALID); } @@ -60,17 +62,17 @@ $name = $res['FirstName'].' '.$res['LastName']; $getToken = $RUNTIME['PDO']->prepare('DELETE FROM PasswordResetTokens WHERE PrincipalID = ? AND Token = ?'); $getToken->execute([$uuid, $_POST['resetToken']]); - if($getToken->rowCount() == 0) { + if ($getToken->rowCount() == 0) { displayTokenError(TOKEN_INVALID); } - if(time() - $res['RequestTime'] > 86400) { + if (time() - $res['RequestTime'] > 86400) { displayTokenError(TOKEN_EXPIRED); } $salt = bin2hex(random_bytes(16)); $hash = md5(md5(trim($_POST['password'])).':'.$salt); - $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); + $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]); session_unset(); @@ -86,4 +88,3 @@ } displayPage(''); -?> \ No newline at end of file diff --git a/pages/user-online-state.php b/pages/user-online-state.php index 5256a9e..b65fc77 100644 --- a/pages/user-online-state.php +++ b/pages/user-online-state.php @@ -1,19 +1,17 @@ setHTMLTitle("Online Anzeige"); - $HTML->importSeitenInhalt("online-anzeige.html"); + $HTML->setHTMLTitle("Online Anzeige"); + $HTML->importSeitenInhalt("online-anzeige.html"); $table = '%%ENTRY%%
BenutzernameRegion
'; $statement = $RUNTIME['PDO']->prepare("SELECT RegionID,UserID FROM Presence ORDER BY RegionID ASC"); - $statement->execute(); + $statement->execute(); - while($row = $statement->fetch()) - { - if($row['RegionID'] != "00000000-0000-0000-0000-000000000000") - { + while ($row = $statement->fetch()) { + if ($row['RegionID'] != "00000000-0000-0000-0000-000000000000") { $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['UserID']))).''.htmlspecialchars($opensim->getRegionName($row['RegionID'])).''; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } @@ -24,4 +22,3 @@ $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/pages/users.php b/pages/users.php index 4b8603f..2dc4649 100644 --- a/pages/users.php +++ b/pages/users.php @@ -2,8 +2,7 @@ $HTML->setHTMLTitle("Benutzer"); $HTML->importSeitenInhalt("users.html"); - if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) - { + if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) { $HTML->setHTMLTitle("Kein Zugriff"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->build(); @@ -11,17 +10,17 @@ die(); } - include 'app/OpenSim.php'; + include_once 'app/OpenSim.php'; $opensim = new OpenSim(); - if($_SERVER['REQUEST_METHOD'] == 'POST') { - include 'app/FormValidator.php'; - if(isset($_POST['genpw'])) { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + include_once 'app/FormValidator.php'; + if (isset($_POST['genpw'])) { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { require_once 'app/utils.php'; $token = generateToken(32); $setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)'); @@ -30,11 +29,10 @@ $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } - } - else if(isset($_POST['generateLink'])) { + } elseif (isset($_POST['generateLink'])) { $validator = new FormValidator(array()); // Needed only for CSRF token validation - if($validator->isValid($_POST)) { + if ($validator->isValid($_POST)) { $inviteID = bin2hex(random_bytes(16)); $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID; @@ -46,25 +44,23 @@ } } - $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); + $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement->execute(); $table = '%%ENTRY%%
VornameNachnameStatusAktionen
'; $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC"); - $statement->execute(); + $statement->execute(); - while($row = $statement->fetch()) - { + while ($row = $statement->fetch()) { $entry = ''.htmlspecialchars($row['FirstName']).''.htmlspecialchars($row['LastName']).''.htmlspecialchars($row['UserLevel']).'
%%CSRF%%
'; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } $table = str_replace("%%ENTRY%%", "", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table); - $HTML->ReplaceSeitenInhalt("%%link%%", ' '); + $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); $HTML->build(); echo $HTML->ausgabe(); -?> \ No newline at end of file diff --git a/plugins/default-html.php b/plugins/default-html.php index 8c2a33b..f9873ae 100644 --- a/plugins/default-html.php +++ b/plugins/default-html.php @@ -1,13 +1,11 @@ importHTML("dashboard.html"); if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] > 100) { $HTML->importHTML("dashboard-admin.html"); } - $HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : ''); + $HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : ''); } -?> \ No newline at end of file