Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Fix formatting according to PSR-12

master
Anonymous Contributor 2023-08-27 05:31:32 +02:00
parent 9a5182816f
commit 120fb3772e
25 changed files with 659 additions and 740 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
api/onlineDisplay.php
View File

@ -4,26 +4,22 @@
</head> </head>
<body style="background-image: url('./style/images/fabric-pattern.png')"> <body style="background-image: url('./style/images/fabric-pattern.png')">
<?php <?php
$statement = $RUNTIME['PDO']->prepare("SELECT UserID,RegionID FROM Presence WHERE RegionID != '00000000-0000-0000-0000-000000000000' ORDER BY RegionID ASC"); $statement = $RUNTIME['PDO']->prepare("SELECT UserID,RegionID FROM Presence WHERE RegionID != '00000000-0000-0000-0000-000000000000' ORDER BY RegionID ASC");
$statement->execute(); $statement->execute();
if($statement->rowCount() == 0) if ($statement->rowCount() == 0) {
{
echo "<h1>Es ist niemand online!</h1>"; echo "<h1>Es ist niemand online!</h1>";
}else{ } else {
echo '<table style="width:350px;margin-left:auto;margin-right:auto;margin-top:25px"><tr><th align="left" style="background-color: #FF8000;">Name</th><th align="left" style="background-color: #FF8000;">Region</th></tr>'; echo '<table style="width:350px;margin-left:auto;margin-right:auto;margin-top:25px"><tr><th align="left" style="background-color: #FF8000;">Name</th><th align="left" style="background-color: #FF8000;">Region</th></tr>';
$entryColor = TRUE; $entryColor = true;
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{ if ($entryColor) {
if($entryColor == TRUE) $entry = '<tr style="background-color: #F2F2F2;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>';
$entry = '<tr style="background-color: #F2F2F2;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>'; } else {
if($entryColor == FALSE)
$entry = '<tr style="background-color: #E6E6E6;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>'; $entry = '<tr style="background-color: #E6E6E6;"><td>'.trim($opensim->getUserName($row['UserID'])).'</td><td>'.$opensim->getRegionName($row['RegionID']).'</td></tr>';
}
echo $entry; echo $entry;
$entryColor = !$entryColor; $entryColor = !$entryColor;

20
api/viewerWelcomeSite.php
View File

@ -1,5 +1,5 @@
<?php <?php
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$HTML = new HTML(); $HTML = new HTML();
@ -7,12 +7,9 @@
$HTML->importHTML("viewerWelcomeImages.html"); $HTML->importHTML("viewerWelcomeImages.html");
$IMAGES = array(); $IMAGES = array();
if ($handle = opendir('./data/viewerWelcomeImages')) if ($handle = opendir('./data/viewerWelcomeImages')) {
{ while (false !== ($entry = readdir($handle))) {
while (false !== ($entry = readdir($handle))) if ($entry != "." && $entry != "..") {
{
if ($entry != "." && $entry != "..")
{
$IMAGES = array_merge($IMAGES, array("./data/viewerWelcomeImages/".$entry)); $IMAGES = array_merge($IMAGES, array("./data/viewerWelcomeImages/".$entry));
} }
} }
@ -22,14 +19,13 @@
shuffle($IMAGES); shuffle($IMAGES);
$HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES)); $HTML->ReplaceLayoutInhalt("%%JSONIMAGEARRAY%%", json_encode($IMAGES));
$HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']); $HTML->ReplaceLayoutInhalt("%%GRIDNAME%%", $RUNTIME['GRID']['NAME']);
$HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']); $HTML->ReplaceLayoutInhalt("%%SHOWNEWS%%", $RUNTIME['GRID']['MAIN_NEWS']);
$HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."<br>Regionen: ".$opensim->getRegionCount()."<br>Aktuell Online: ".($opensim->getOnlineCount()-1)); $HTML->ReplaceLayoutInhalt("%%SHOWSTATS%%", "Registrierte User: ".$opensim->getUserCount()."<br>Regionen: ".$opensim->getRegionCount()."<br>Aktuell Online: ".($opensim->getOnlineCount()-1));
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

21
app/FormValidator.php
View File

@ -3,27 +3,29 @@ class FormValidator {
private array $fieldValidation; private array $fieldValidation;
public function __construct(array $fieldValidation) { public function __construct(array $fieldValidation)
{
$this->fieldValidation = $fieldValidation; $this->fieldValidation = $fieldValidation;
} }
public function isValid(array $req) { public function isValid(array $req): bool
if(!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) { {
if (!isset($req['csrf']) || $req['csrf'] !== $_SESSION['csrf']) {
return false; return false;
} }
foreach($this->fieldValidation as $field => $params) { foreach ($this->fieldValidation as $field => $params) {
if(isset($req[$field]) && strlen(trim($req[$field])) > 0) { if (isset($req[$field]) && strlen(trim($req[$field])) > 0) {
if(isset($params['regex'])) { if (isset($params['regex'])) {
if(!preg_match($params['regex'], $req[$field])) { if (!preg_match($params['regex'], $req[$field])) {
return false; return false;
} }
} }
else if(isset($params['equals']) && $params['equals'] !== $req[$field]) { elseif (isset($params['equals']) && $params['equals'] !== $req[$field]) {
return false; return false;
} }
} }
else if(isset($params['required']) && $params['required']) { elseif (isset($params['required']) && $params['required']) {
return false; return false;
} }
} }
@ -32,4 +34,3 @@ class FormValidator {
} }
} }
?>

347
app/OpenSim.php
View File

@ -1,221 +1,212 @@
<?php <?php
class OpenSim class OpenSim
{ {
public function isLoginValid($name, $password) public function isLoginValid($name, $password)
{ {
global $RUNTIME; global $RUNTIME;
$nameParts = explode(" ", trim($name)); $nameParts = explode(" ", trim($name));
if(count($nameParts) != 2) { if(count($nameParts) != 2) {
return false; return false;
} }
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1"); $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute($nameParts); $statementUser->execute($nameParts);
while($rowUser = $statementUser->fetch()) while($rowUser = $statementUser->fetch()) {
{ $statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1");
$statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1"); $statementAuth->execute(array($rowUser['PrincipalID']));
$statementAuth->execute(array($rowUser['PrincipalID']));
while($rowAuth = $statementAuth->fetch()) if ($rowAuth = $statementAuth->fetch()) {
{ return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'];
return md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash']; }
} }
}
return false; return false;
} }
public function getUserName($userID) public function getUserName($userID)
{ {
global $RUNTIME; global $RUNTIME;
if($userID == "00000000-0000-0000-0000-000000000000") if ($userID == "00000000-0000-0000-0000-000000000000") {
return "Unknown User"; return "Unknown User";
}
if(isset($RUNTIME['CACHE']['USERNAME'][$userID])) if (isset($RUNTIME['CACHE']['USERNAME'][$userID])) {
return $RUNTIME['CACHE']['USERNAME'][$userID]; return $RUNTIME['CACHE']['USERNAME'][$userID];
}
$statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?"); $statementUser = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts WHERE PrincipalID = ?");
$statementUser->execute(array($userID)); $statementUser->execute(array($userID));
while($rowUser = $statementUser->fetch()) if ($rowUser = $statementUser->fetch()) {
{ $RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName'];
$RUNTIME['CACHE']['USERNAME'][$userID] = $rowUser['FirstName']." ".$rowUser['LastName']; return $rowUser['FirstName']." ".$rowUser['LastName'];
return $rowUser['FirstName']." ".$rowUser['LastName']; }
}
$statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser"); $statementGridUser = $RUNTIME['PDO']->prepare("SELECT UserID FROM GridUser");
$statementGridUser->execute(); $statementGridUser->execute();
while($rowGridUser = $statementGridUser->fetch()) while ($rowGridUser = $statementGridUser->fetch()) {
{ $userData = explode(";", $rowGridUser['UserID']);
$UserData = explode(";", $rowGridUser['UserID']);
if(count($UserData) >= 3) if (count($userData) >= 3) {
{ $dbUserID = $userData[0];
$DBUserID = $UserData[0]; $dbUserName = $userData[2];
$DBUserName = $UserData[2];
$RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName; $RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName;
if($DBUserID == $userID) if ($dbUserID == $userID) {
return $DBUserName; return $dbUserName;
} }
} }
}
$statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends"); $statementFriends = $RUNTIME['PDO']->prepare("SELECT PrincipalID FROM Friends");
$statementFriends->execute(); $statementFriends->execute();
while($rowFriends = $statementFriends->fetch()) while ($rowFriends = $statementFriends->fetch()) {
{ $userData = explode(";", $rowFriends['PrincipalID']);
$UserData = explode(";", $rowFriends['PrincipalID']);
if(count($UserData) == 4) if (count($userData) == 4) {
{ $dbUserID = $userData[0];
$DBUserID = $UserData[0]; $dbUserName = $userData[2];
$DBUserName = $UserData[2];
$RUNTIME['CACHE']['USERNAME'][$userID] = $DBUserName; $RUNTIME['CACHE']['USERNAME'][$userID] = $dbUserName;
if($DBUserID == $userID) if ($dbUserID == $userID) {
return $DBUserName; return $dbUserName;
} }
} }
}
return "Unknown User"; return "Unknown User";
} }
public function getUserUUID($UserName) public function getUserUUID($userName)
{ {
global $RUNTIME; global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts"); $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName FROM UserAccounts");
$statementUser->execute(); $statementUser->execute();
while($rowUser = $statementUser->fetch()) while ($rowUser = $statementUser->fetch()) {
{ $sqlUserName = $rowUser['FirstName']." ".$rowUser['LastName'];
$SQLUserName = $rowUser['FirstName']." ".$rowUser['LastName'];
if($SQLUserName == $UserName) if ($sqlUserName == $userName) {
{ return $rowUser['PrincipalID'];
return $rowUser['PrincipalID']; }
} }
}
return null; return null;
} }
public function getRegionName($regionID) public function getRegionName($regionID)
{ {
global $RUNTIME; global $RUNTIME;
$statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?"); $statementRegion = $RUNTIME['PDO']->prepare("SELECT regionName FROM regions WHERE uuid = ?");
$statementRegion->execute(array($regionID)); $statementRegion->execute(array($regionID));
while($rowRegion = $statementRegion->fetch()) if ($rowRegion = $statementRegion->fetch()) {
{ return $rowRegion['regionName'];
return $rowRegion['regionName']; }
}
return "Unknown Region"; return "Unknown Region";
} }
public function getPartner($userID) public function getPartner($userID)
{ {
global $RUNTIME; global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?"); $statement = $RUNTIME['PDO']->prepare("SELECT profilePartner FROM userprofile WHERE useruuid = ?");
$statement->execute(array($userID)); $statement->execute(array($userID));
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{ if ($row['profilePartner'] != "00000000-0000-0000-0000-000000000000") {
if($row['profilePartner'] != "00000000-0000-0000-0000-000000000000") return $row['profilePartner'];
return $row['profilePartner']; }
} }
return null; return null;
} }
public function allowOfflineIM($userID) public function allowOfflineIM($userID)
{ {
global $RUNTIME; global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?"); $statement = $RUNTIME['PDO']->prepare("SELECT imviaemail FROM usersettings WHERE useruuid = ?");
$statement->execute(array($userID)); $statement->execute(array($userID));
while($row = $statement->fetch()) if ($row = $statement->fetch()) {
{ return strtoupper($row['imviaemail']);
return strtoupper($row['imviaemail']); }
}
return "FALSE"; return "FALSE";
} }
public function getUserMail($userID) public function getUserMail($userID)
{ {
global $RUNTIME; global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?"); $statement = $RUNTIME['PDO']->prepare("SELECT Email FROM UserAccounts WHERE PrincipalID = ?");
$statement->execute(array($userID)); $statement->execute(array($userID));
while($row = $statement->fetch()) if ($row = $statement->fetch()) {
{ return $row['Email'];
return $row['Email']; }
}
return ""; return "";
} }
public function getUserCount() public function getUserCount()
{ {
global $RUNTIME; global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts"); $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM UserAccounts");
$statementUser->execute(); $statementUser->execute();
return $statementUser->fetchColumn(); return $statementUser->fetchColumn();
} }
public function getRegionCount() public function getRegionCount()
{ {
global $RUNTIME; global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions"); $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM regions");
$statementUser->execute(); $statementUser->execute();
return $statementUser->fetchColumn(); return $statementUser->fetchColumn();
} }
public function getOnlineCount() public function getOnlineCount()
{ {
global $RUNTIME; global $RUNTIME;
$statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence"); $statementUser = $RUNTIME['PDO']->prepare("SELECT COUNT(*) FROM Presence");
$statementUser->execute(); $statementUser->execute();
return $statementUser->fetchColumn(); return $statementUser->fetchColumn();
} }
public function gen_uuid() public function gen_uuid()
{ {
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low" // 32 bits for "time_low"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
// 16 bits for "time_mid" // 16 bits for "time_mid"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
// 16 bits for "time_hi_and_version", // 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4 // four most significant bits holds version number 4
mt_rand( 0, 0x0fff ) | 0x4000, mt_rand( 0, 0x0fff ) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res", // 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low", // 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1 // two most significant bits holds zero and one for variant DCE1.1
mt_rand( 0, 0x3fff ) | 0x8000, mt_rand( 0, 0x3fff ) | 0x8000,
// 48 bits for "node" // 48 bits for "node"
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
); );
} }
} }
?>

11
app/discord.php
View File

@ -1,19 +1,18 @@
<?php <?php
function sendMessageToWebhook($webhook, $title, $message) function sendMessageToWebhook($webhook, $title, $message)
{ {
$RAWmessage = file_get_contents("style/discordMessage.json"); $rawMessage = file_get_contents("style/discordMessage.json");
$RAWmessage = str_replace("%%message%%", $message, $RAWmessage); $rawMessage = str_replace("%%message%%", $message, $rawMessage);
$RAWmessage = str_replace("%%title%%", $title, $RAWmessage); $rawMessage = str_replace("%%title%%", $title, $rawMessage);
$options = [ $options = [
'http' => [ 'http' => [
'method' => 'POST', 'method' => 'POST',
'header' => 'Content-Type: application/json', 'header' => 'Content-Type: application/json',
'timeout' => 3, 'timeout' => 3,
'content' => $RAWmessage 'content' => $rawMessage
] ]
]; ];
$result = file_get_contents($webhook, false, stream_context_create($options)); file_get_contents($webhook, false, stream_context_create($options));
} }
?>

42
app/utils.php
View File

@ -12,17 +12,18 @@ function fillString($string, $targetlength)
return $string; return $string;
} }
function left($str, $length) function left($str, $length)
{ {
return substr($str, 0, $length); return substr($str, 0, $length);
} }
function right($str, $length) function right($str, $length)
{ {
return substr($str, -$length); return substr($str, -$length);
} }
function generateToken($length): string { function generateToken($length): string
{
$chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$res = ""; $res = "";
for($i = 0; $i < $length; $i++) { for($i = 0; $i < $length; $i++) {
@ -32,17 +33,19 @@ function generateToken($length): string {
return $res; return $res;
} }
function htmlToPlain($message): string { function htmlToPlain($message): string
{
$messageNew = str_replace('<br/>', "\n", $message); $messageNew = str_replace('<br/>', "\n", $message);
$messageNew = preg_replace('/<a href="(.*)">(.*)<\\/a>/', "$2: $1", $messageNew); $messageNew = preg_replace('/<a href="(.*)">(.*)<\\/a>/', "$2: $1", $messageNew);
return $messageNew; return $messageNew;
} }
function sendMail($email, $message, $subject, $title, $preheader): bool { function sendMail($email, $message, $subject, $title, $preheader): bool
include_once('lib/phpmailer/Exception.php'); {
include_once('lib/phpmailer/PHPMailer.php'); include_once 'lib/phpmailer/Exception.php';
include_once('lib/phpmailer/SMTP.php'); include_once 'lib/phpmailer/PHPMailer.php';
include_once('app/HTML.php'); include_once 'lib/phpmailer/SMTP.php';
include_once 'app/HTML.php';
global $RUNTIME; global $RUNTIME;
$mailer = new PHPMailer(true); $mailer = new PHPMailer(true);
@ -78,24 +81,21 @@ function sendMail($email, $message, $subject, $title, $preheader): bool {
} }
} }
function getDataFromHTTP($URL, $contend = "", $requestTyp = "application/text") function getDataFromHTTP($url, $content = "", $requestTyp = "application/text")
{ {
try try {
{ if ($content != "") {
if($contend != "") return file_get_contents($url, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $content))));
{ } else {
return file_get_contents($URL, true, stream_context_create(array('http' => array('header' => 'Content-type: '.$requestTyp, 'method' => 'POST', 'timeout' => 0.5, 'content' => $contend)))); return file_get_contents($url);
}else{
return file_get_contents($URL);
} }
} catch (Exception $e) { } catch (Exception $e) {
echo "(HTTP REQUEST) error while conntect to remote server. : ".$URL; echo "(HTTP REQUEST) error while conntect to remote server. : ".$url;
} }
} }
function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text) function sendInworldIM($fromUUID, $toUUID, $fromName, $targetURL, $text)
{ {
$rawXML = "<?xml version=\"1.0\" encoding=\"utf-8\"?><methodCall><methodName>grid_instant_message</methodName><params><param><value><struct><member><name>position_x</name><value><string>0</string></value></member><member><name>position_y</name><value><string>0</string></value></member><member><name>position_z</name><value><string>0</string></value></member><member><name>to_agent_id</name><value><string>".$toUUID."</string></value></member><member><name>from_agent_session</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>im_session_id</name><value><string>".$fromUUID."</string></value></member><member><name>from_agent_name</name><value><string>".$fromName."</string></value></member><member><name>from_agent_id</name><value><string>".$fromUUID."</string></value></member><member><name>binary_bucket</name><value><string>AA==</string></value></member><member><name>region_handle</name><value><i4>0</i4></value></member><member><name>region_id</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>parent_estate_id</name><value><string>1</string></value></member><member><name>timestamp</name><value><string>".time()."</string></value></member><member><name>dialog</name><value><string>AA==</string></value></member><member><name>offline</name><value><string>AA==</string></value></member><member><name>from_group</name><value><string>FALSE</string></value></member><member><name>message</name><value><string>".$text."</string></value></member></struct></value></param></params></methodCall>"; $rawXML = "<?xml version=\"1.0\" encoding=\"utf-8\"?><methodCall><methodName>grid_instant_message</methodName><params><param><value><struct><member><name>position_x</name><value><string>0</string></value></member><member><name>position_y</name><value><string>0</string></value></member><member><name>position_z</name><value><string>0</string></value></member><member><name>to_agent_id</name><value><string>".$toUUID."</string></value></member><member><name>from_agent_session</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>im_session_id</name><value><string>".$fromUUID."</string></value></member><member><name>from_agent_name</name><value><string>".$fromName."</string></value></member><member><name>from_agent_id</name><value><string>".$fromUUID."</string></value></member><member><name>binary_bucket</name><value><string>AA==</string></value></member><member><name>region_handle</name><value><i4>0</i4></value></member><member><name>region_id</name><value><string>00000000-0000-0000-0000-000000000000</string></value></member><member><name>parent_estate_id</name><value><string>1</string></value></member><member><name>timestamp</name><value><string>".time()."</string></value></member><member><name>dialog</name><value><string>AA==</string></value></member><member><name>offline</name><value><string>AA==</string></value></member><member><name>from_group</name><value><string>FALSE</string></value></member><member><name>message</name><value><string>".$text."</string></value></member></struct></value></param></params></methodCall>";
getDataFromHTTP($targetURL, $rawXML, "text/xml"); getDataFromHTTP($targetURL, $rawXML, "text/xml");
} }
?>

36
cron/IARMonitor.php
View File

@ -1,41 +1,38 @@
<?php <?php
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;"); $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
$statement->execute(); $statement->execute();
$statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename,filesize FROM iarstates WHERE running = 1 LIMIT 1"); $statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename,filesize FROM iarstates WHERE running = 1 LIMIT 1");
$statement->execute(); $statement->execute();
if($row = $statement->fetch()) if ($row = $statement->fetch()) {
{ $email = $opensim->getUserMail($row['userID']);
$email = $opensim->getUserMail($row['userID']);
$fullFilePath = "/var/www/html/data/".$row['iarfilename']; $fullFilePath = "/var/www/html/data/".$row['iarfilename'];
echo "Aktive IAR für ".$opensim->getUserName($row['userID'])." gefunden. File: ".$fullFilePath."\n"; echo "Aktive IAR für ".$opensim->getUserName($row['userID'])." gefunden. File: ".$fullFilePath."\n";
if(file_exists($fullFilePath)) if (file_exists($fullFilePath)) {
{ $filesize = filesize($fullFilePath);
$filesize = filesize($fullFilePath);
if($filesize != $row['filesize']) if ($filesize != $row['filesize']) {
{
$statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET filesize = :filesize WHERE userID = :userID'); $statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET filesize = :filesize WHERE userID = :userID');
$statementUpdate->execute(['filesize' => $filesize, 'userID' => $row['userID']]); $statementUpdate->execute(['filesize' => $filesize, 'userID' => $row['userID']]);
echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Speichert...\n"; echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Speichert...\n";
}else{ } else {
$APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=RESTART"; $APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=RESTART";
$APIResult = file_get_contents($APIURL); $APIResult = file_get_contents($APIURL);
echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Sende Mail...\n"; echo "Status der IAR für ".$opensim->getUserName($row['userID']).": Sende Mail...\n";
$statementUpdate = $RUNTIME['PDO']->prepare('DELETE FROM iarstates WHERE userID = :userID'); $statementUpdate = $RUNTIME['PDO']->prepare('DELETE FROM iarstates WHERE userID = :userID');
$statementUpdate->execute(['userID' => $row['userID']]); $statementUpdate->execute(['userID' => $row['userID']]);
sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']); sendInworldIM("00000000-0000-0000-0000-000000000000", $row['userID'], "Inventory", $RUNTIME['GRID']['HOMEURL'], "Deine IAR ist fertig zum Download: ".$RUNTIME['IAR']['BASEURL'].$row['iarfilename']);
} }
}else{ } else {
$name = explode(" ", $opensim->getUserName($row['userID'])); $name = explode(" ", $opensim->getUserName($row['userID']));
$APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=COMMAND&COMMAND=".urlencode("save iar ".$name[0]." ".$name[1]." /* PASSWORD /downloads/".$row['iarfilename']); $APIURL = $RUNTIME['SIDOMAN']['URL']."api.php?CONTAINER=".$RUNTIME['SIDOMAN']['CONTAINER']."&KEY=".$RUNTIME['SIDOMAN']['PASSWORD']."&METODE=COMMAND&COMMAND=".urlencode("save iar ".$name[0]." ".$name[1]." /* PASSWORD /downloads/".$row['iarfilename']);
@ -43,12 +40,11 @@
echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n"; echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n";
} }
}else{ } else {
$statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename FROM iarstates WHERE running = 0 LIMIT 1"); $statement = $RUNTIME['PDO']->prepare("SELECT userID,iarfilename FROM iarstates WHERE running = 0 LIMIT 1");
$statement->execute(); $statement->execute();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{
$statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET running = :running WHERE userID = :userID'); $statementUpdate = $RUNTIME['PDO']->prepare('UPDATE iarstates SET running = :running WHERE userID = :userID');
$statementUpdate->execute(['running' => 1, 'userID' => $row['userID']]); $statementUpdate->execute(['running' => 1, 'userID' => $row['userID']]);
@ -60,5 +56,3 @@
echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n"; echo "IAR für ".$name[0]." ".$name[1]." wurde gestartet: Status: ".$APIResult."\n";
} }
} }
?>

16
cron/assetChecker.php
View File

@ -1,11 +1,10 @@
<?php <?php
$statement = $RUNTIME['PDO']->prepare("SELECT id,hash FROM fsassets ORDER BY create_time DESC"); $statement = $RUNTIME['PDO']->prepare("SELECT id,hash FROM fsassets ORDER BY create_time DESC");
$statement->execute(); $statement->execute();
$count = 0; $count = 0;
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{
$fileNameParts = array(); $fileNameParts = array();
$fileNameParts[0] = substr($row['hash'], 0, 2); $fileNameParts[0] = substr($row['hash'], 0, 2);
$fileNameParts[1] = substr($row['hash'], 2, 2); $fileNameParts[1] = substr($row['hash'], 2, 2);
@ -17,9 +16,9 @@ while($row = $statement->fetch())
$fileNameParts['UUID'] = $row['id']; $fileNameParts['UUID'] = $row['id'];
$fileNameParts['FilePath'] = "/data/assets/base/".$fileNameParts[0]."/".$fileNameParts[1]."/".$fileNameParts[2]."/".$fileNameParts[3]."/".$fileNameParts[4]; $fileNameParts['FilePath'] = "/data/assets/base/".$fileNameParts[0]."/".$fileNameParts[1]."/".$fileNameParts[2]."/".$fileNameParts[3]."/".$fileNameParts[4];
if(file_exists($fileNameParts['FilePath'])) { if (file_exists($fileNameParts['FilePath'])) {
$filesize = filesize($fileNameParts['FilePath']); $filesize = filesize($fileNameParts['FilePath']);
if($filesize === false) { if ($filesize === false) {
continue; continue;
} }
} }
@ -30,11 +29,8 @@ while($row = $statement->fetch())
$fileNameParts['FileSize'] = $filesize; $fileNameParts['FileSize'] = $filesize;
$fileNameParts['Count'] = $count++; $fileNameParts['Count'] = $count++;
if($fileNameParts['FileSize'] == 0) if ($fileNameParts['FileSize'] == 0) {
{ $add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash');
$add = $RUNTIME['PDO']->prepare('DELETE FROM fsassets WHERE hash = :fileHash');
$add->execute(['fileHash' => $row['hash']]); $add->execute(['fileHash' => $row['hash']]);
} }
} }
?>

10
cron/checkInventar.php
View File

@ -1,9 +1,9 @@
<?php <?php
$InventarCheckStatement = $RUNTIME['PDO']->prepare("UPDATE inventoryitems i SET $InventarCheckStatement = $RUNTIME['PDO']->prepare("UPDATE inventoryitems i SET
i.inventoryName = concat('[DEFEKT] ', i.inventoryName) i.inventoryName = concat('[DEFEKT] ', i.inventoryName)
WHERE WHERE
i.assetID IN ( i.assetID IN (
SELECT SELECT
i.assetID i.assetID
FROM inventoryitems i FROM inventoryitems i
WHERE WHERE
@ -16,6 +16,4 @@ i.assetID IN (
AND i.assetType <> 24 AND i.assetType <> 24
)"); )");
$InventarCheckStatement->execute(); $InventarCheckStatement->execute();
?>

82
cron/offlineIM.php
View File

@ -2,57 +2,55 @@
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP; use PHPMailer\PHPMailer\SMTP;
include_once('lib/phpmailer/Exception.php'); include_once 'lib/phpmailer/Exception.php';
include_once('lib/phpmailer/PHPMailer.php'); include_once 'lib/phpmailer/PHPMailer.php';
include_once('lib/phpmailer/SMTP.php'); include_once 'lib/phpmailer/SMTP.php';
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS im_offline_send (`id` int(6) NOT NULL DEFAULT 0) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci"); $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS im_offline_send (`id` int(6) NOT NULL DEFAULT 0) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
$statement->execute(); $statement->execute();
function isMailAllreadySend($id) function isMailAlreadySent($id)
{ {
GLOBAL $RUNTIME; global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM im_offline_send WHERE id = ? LIMIT 1"); $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM im_offline_send WHERE id = ? LIMIT 1");
$statement->execute(array($id)); $statement->execute(array($id));
if($statement->rowCount() != 0) if ($statement->rowCount() != 0) {
return TRUE; return true;
}
return FALSE; return false;
} }
$IMTYP = array( $IMTYP = array(
"0" => "eine Nachricht", "0" => "eine Nachricht",
"3" => "eine Gruppeneinladung", "3" => "eine Gruppeneinladung",
"4" => "ein Inventaritem", "4" => "ein Inventaritem",
"5" => "eine Bestätigung zur Annahme von Inventar", "5" => "eine Bestätigung zur Annahme von Inventar",
"6" => "eine Information zur Ablehnung von Inventar", "6" => "eine Information zur Ablehnung von Inventar",
"7" => "eine Aufforderung zur Gruppenwahl", "7" => "eine Aufforderung zur Gruppenwahl",
"9" => "ein Inventaritem von einem Script", "9" => "ein Inventaritem von einem Script",
"19" => "eine Nachricht von einem Script", "19" => "eine Nachricht von einem Script",
"32" => "eine Gruppennachricht", "32" => "eine Gruppennachricht",
"38" => "eine Freundschaftsanfrage", "38" => "eine Freundschaftsanfrage",
"39" => "eine Bestätigung über die Annahme der Freundschaft", "39" => "eine Bestätigung über die Annahme der Freundschaft",
"40" => "eine Information über das Ablehnen der Freundschaft" "40" => "eine Information über das Ablehnen der Freundschaft"
); );
//$statement = $RUNTIME['PDO']->prepare("SELECT * FROM im_offline WHERE PrincipalID = '1148b04d-7a93-49e9-b3c9-ea0cdeec38f7'"); //$statement = $RUNTIME['PDO']->prepare("SELECT * FROM im_offline WHERE PrincipalID = '1148b04d-7a93-49e9-b3c9-ea0cdeec38f7'");
$statement = $RUNTIME['PDO']->prepare("SELECT ID,PrincipalID,Message FROM im_offline"); $statement = $RUNTIME['PDO']->prepare("SELECT ID,PrincipalID,Message FROM im_offline");
$statement->execute(); $statement->execute();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{ include_once 'app/OpenSim.php';
include 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$email = $opensim->getUserMail($row['PrincipalID']); $email = $opensim->getUserMail($row['PrincipalID']);
$allowOfflineIM = $opensim->allowOfflineIM($row['PrincipalID']); $allowOfflineIM = $opensim->allowOfflineIM($row['PrincipalID']);
if($email != "" && $allowOfflineIM == "TRUE") if ($email != "" && $allowOfflineIM == "TRUE") {
{ if (!isMailAlreadySent($row['ID'])) {
if(isMailAllreadySend($row['ID']) == FALSE)
{
$statementSend = $RUNTIME['PDO']->prepare('INSERT INTO im_offline_send (id) VALUES (:idnummer)'); $statementSend = $RUNTIME['PDO']->prepare('INSERT INTO im_offline_send (id) VALUES (:idnummer)');
$statementSend->execute(['idnummer' => $row['ID']]); $statementSend->execute(['idnummer' => $row['ID']]);
@ -60,9 +58,9 @@
$mail->SMTPDebug = SMTP::DEBUG_SERVER; $mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->isSMTP(); $mail->isSMTP();
$mail->Host = $RUNTIME['SMTP']['SERVER']; $mail->Host = $RUNTIME['SMTP']['SERVER'];
$mail->Port = $RUNTIME['SMTP']['PORT']; $mail->Port = $RUNTIME['SMTP']['PORT'];
$mail->SMTPAuth = false; $mail->SMTPAuth = false;
$mail->setFrom($RUNTIME['SMTP']['ADRESS'], $RUNTIME['GRID']['NAME']); $mail->setFrom($RUNTIME['SMTP']['ADRESS'], $RUNTIME['GRID']['NAME']);
$mail->addAddress($email, $opensim->getUserName($row['PrincipalID'])); $mail->addAddress($email, $opensim->getUserName($row['PrincipalID']));
@ -71,24 +69,21 @@
$HTMLMESSAGE = "Du hast ".$IMTYP["".$XMLMESSAGE->dialog.""]." in ".$RUNTIME['GRID']['NAME']." bekommen. <br><p><ul><li>".htmlspecialchars($XMLMESSAGE->message)."</li></ul></p>Gesendet von: "; $HTMLMESSAGE = "Du hast ".$IMTYP["".$XMLMESSAGE->dialog.""]." in ".$RUNTIME['GRID']['NAME']." bekommen. <br><p><ul><li>".htmlspecialchars($XMLMESSAGE->message)."</li></ul></p>Gesendet von: ";
if(isset($XMLMESSAGE->fromAgentName)) if (isset($XMLMESSAGE->fromAgentName)) {
$HTMLMESSAGE .= $XMLMESSAGE->fromAgentName; $HTMLMESSAGE .= $XMLMESSAGE->fromAgentName;
}
if(isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position)) if (isset($XMLMESSAGE->RegionID) && isset($XMLMESSAGE->Position)) {
{ if ($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0) { //TODO
if($XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0 || $XMLMESSAGE->Position->X != 0)
{
$HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID)."/".$XMLMESSAGE->Position->X."/".$XMLMESSAGE->Position->Y."/".$XMLMESSAGE->Position->Z; $HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID)."/".$XMLMESSAGE->Position->X."/".$XMLMESSAGE->Position->Y."/".$XMLMESSAGE->Position->Z;
}else{ } else {
$HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID); $HTMLMESSAGE .= " @ ".$opensim->getRegionName($XMLMESSAGE->RegionID);
} }
} }
//die($HTMLMESSAGE);
$HTML = new HTML(); $HTML = new HTML();
$HTML->importHTML("mail.html"); $HTML->importHTML("mail.html");
$HTML->setSeitenInhalt($HTMLMESSAGE); $HTML->setSeitenInhalt($HTMLMESSAGE);
$HTML->build(); $HTML->build();
$mail->isHTML(true); $mail->isHTML(true);
@ -105,4 +100,3 @@
//echo $row['PrincipalID']." möchte keine offline IM oder hat keine E-MAIL Adresse hinterlegt."; //echo $row['PrincipalID']." möchte keine offline IM oder hat keine E-MAIL Adresse hinterlegt.";
} }
} }
?>

19
pages/dashboard.php
View File

@ -1,15 +1,14 @@
<?php <?php
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$HTML->setHTMLTitle("Dashboard"); $HTML->setHTMLTitle("Dashboard");
$HTML->importSeitenInhalt("dashboard-home.html"); $HTML->importSeitenInhalt("dashboard-home.html");
$HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount()); $HTML->ReplaceSeitenInhalt("%%GLOBAL-USER-COUNT%%", $opensim->getUserCount());
$HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount()); $HTML->ReplaceSeitenInhalt("%%GLOBAL-REGION-COUNT%%", $opensim->getRegionCount());
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME'])); $HTML->ReplaceLayoutInhalt("%%USERNAME%%", htmlspecialchars($_SESSION['DISPLAYNAME']));
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

3
pages/error.php
View File

@ -1,7 +1,6 @@
<?php <?php
$HTML->setHTMLTitle("Seite nicht gefunden"); $HTML->setHTMLTitle("Seite nicht gefunden");
$HTML->build(); $HTML->build();
http_response_code(404); http_response_code(404);
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

36
pages/forgot.php
View File

@ -1,24 +1,23 @@
<?php <?php
const MESSAGE = 'Hallo %%NAME%%,<br/><br/>wir haben soeben eine Anfrage zur Zurücksetzung des Passworts für deinen 4Creative-Account erhalten.<br/><br/>Klicke <a href="%%RESET_LINK%%">hier</a>, um ein neues Passwort festzulegen. Dieser Link läuft in 24 Stunden ab.<br/><br/>Falls du diese Anfrage nicht gesendet hast, ignoriere sie einfach. Bei weiteren Fragen kannst du uns unter info@4creative.net oder per Discord über @ikeytan erreichen.'; const MESSAGE = 'Hallo %%NAME%%,<br/><br/>wir haben soeben eine Anfrage zur Zurücksetzung des Passworts für deinen 4Creative-Account erhalten.<br/><br/>Klicke <a href="%%RESET_LINK%%">hier</a>, um ein neues Passwort festzulegen. Dieser Link läuft in 24 Stunden ab.<br/><br/>Falls du diese Anfrage nicht gesendet hast, ignoriere sie einfach. Bei weiteren Fragen kannst du uns unter info@4creative.net oder per Discord über @ikeytan erreichen.';
$HTML = new HTML(); $HTML = new HTML();
$HTML->setHTMLTitle("Passwort vergessen"); $HTML->setHTMLTitle("Passwort vergessen");
$HTML->importHTML("forgot.html"); $HTML->importHTML("forgot.html");
if($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php'; include_once 'app/FormValidator.php';
$validator = new FormValidator(array( $validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/') 'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/')
)); ));
if(!$validator->isValid($_POST)) { if (!$validator->isValid($_POST)) {
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', 'Bitte gebe deinen Benutzernamen (Vor- und Nachname) und die dazugehörige E-Mail-Adresse ein'); $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', 'Bitte gebe deinen Benutzernamen (Vor- und Nachname) und die dazugehörige E-Mail-Adresse ein');
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red'); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
} } else {
else {
$nameParts = explode(" ", $_POST['username']); $nameParts = explode(" ", $_POST['username']);
$email = strtolower(trim($_POST['email'])); $email = strtolower(trim($_POST['email']));
@ -27,14 +26,14 @@
$validRequest = $getAccount->rowCount() == 1; $validRequest = $getAccount->rowCount() == 1;
$uuid; $uuid;
$name; $name;
if($res = $getAccount->fetch()) { if ($res = $getAccount->fetch()) {
$email = $res['Email']; $email = $res['Email'];
$uuid = $res['PrincipalID']; $uuid = $res['PrincipalID'];
$name = $res['FirstName'].' '.$res['LastName']; $name = $res['FirstName'].' '.$res['LastName'];
} }
foreach($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) { foreach ($RUNTIME['RESET_BLOCKED_DOMAINS'] as $domain) {
if(str_ends_with($email, $domain)) { if (str_ends_with($email, $domain)) {
$validRequest = false; $validRequest = false;
} }
} }
@ -45,10 +44,10 @@
echo $HTML->ausgabe(); echo $HTML->ausgabe();
fastcgi_finish_request(); fastcgi_finish_request();
if($validRequest) { if ($validRequest) {
$getReqTime = $RUNTIME['PDO']->prepare('SELECT RequestTime FROM PasswordResetTokens WHERE PrincipalID=?'); $getReqTime = $RUNTIME['PDO']->prepare('SELECT RequestTime FROM PasswordResetTokens WHERE PrincipalID=?');
$getReqTime->execute([$uuid]); $getReqTime->execute([$uuid]);
if(($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) { if (($res = $getReqTime->fetch()) && time() - $res['RequestTime'] < 900) {
return; return;
} }
@ -60,12 +59,9 @@
sendMail($email, str_replace('%%NAME%%', $name, str_replace('%%RESET_LINK%%', 'https://'.$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token, MESSAGE)), "Zurücksetzung des Passworts für ".$name, 'Dein Passwort zurücksetzen', 'Folge diesen Anweisungen, um ein neues Passwort für deinen 4Creative-Account festzulegen'); sendMail($email, str_replace('%%NAME%%', $name, str_replace('%%RESET_LINK%%', 'https://'.$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token, MESSAGE)), "Zurücksetzung des Passworts für ".$name, 'Dein Passwort zurücksetzen', 'Folge diesen Anweisungen, um ein neues Passwort für deinen 4Creative-Account festzulegen');
} }
} }
} } else {
else {
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', ''); $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', '');
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red'); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', 'red');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
} }
?>

25
pages/friends.php
View File

@ -1,13 +1,12 @@
<?php <?php
if($_SERVER['REQUEST_METHOD'] == 'POST') if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{ if (isset($_POST['remove'])) {
if(isset($_POST['remove'])) { include_once 'app/FormValidator.php';
include 'app/FormValidator.php';
$validator = new FormValidator(array( $validator = new FormValidator(array(
'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') 'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM Friends WHERE Friend = ? AND PrincipalID = ?"); $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM Friends WHERE Friend = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['uuid'], $_SESSION['UUID'])); $statementMembership->execute(array($_REQUEST['uuid'], $_SESSION['UUID']));
@ -21,24 +20,23 @@
} }
$HTML->setHTMLTitle("Deine Freunde"); $HTML->setHTMLTitle("Deine Freunde");
$HTML->importSeitenInhalt("online-anzeige.html"); $HTML->importSeitenInhalt("online-anzeige.html");
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Optionen</th></thead><tbody>%%ENTRY%%</tbody></table>'; $table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Optionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT PrincipalID,Friend FROM Friends WHERE PrincipalID = ? ORDER BY Friend ASC"); $statement = $RUNTIME['PDO']->prepare("SELECT PrincipalID,Friend FROM Friends WHERE PrincipalID = ? ORDER BY Friend ASC");
$statement->execute([$_SESSION['UUID']]); $statement->execute([$_SESSION['UUID']]);
while($row = $statement->fetch()) include_once 'app/OpenSim.php';
{ $opensim = new OpenSim();
while ($row = $statement->fetch()) {
$PrincipalID = explode(";", $row['PrincipalID'])[0]; $PrincipalID = explode(";", $row['PrincipalID'])[0];
$FriendData = explode(";", $row['Friend']); $FriendData = explode(";", $row['Friend']);
$Friend = $FriendData[0]; $Friend = $FriendData[0];
include 'app/OpenSim.php';
$opensim = new OpenSim();
$name = trim($opensim->getUserName($Friend)); $name = trim($opensim->getUserName($Friend));
if(count($FriendData) > 1) { if (count($FriendData) > 1) {
$FriendData[1] = str_replace("http://", "", $FriendData[1]); $FriendData[1] = str_replace("http://", "", $FriendData[1]);
$FriendData[1] = str_replace("https://", "", $FriendData[1]); $FriendData[1] = str_replace("https://", "", $FriendData[1]);
$FriendData[1] = str_replace("/", "", $FriendData[1]); $FriendData[1] = str_replace("/", "", $FriendData[1]);
@ -55,4 +53,3 @@
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

15
pages/groups.php
View File

@ -1,13 +1,12 @@
<?php <?php
if($_SERVER['REQUEST_METHOD'] == 'POST') if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{ if (isset($_POST['leave'])) {
if(isset($_POST['leave'])) { include_once 'app/FormValidator.php';
include 'app/FormValidator.php';
$validator = new FormValidator(array( $validator = new FormValidator(array(
'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') 'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?"); $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID'])); $statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
} }
@ -17,7 +16,7 @@
die(); die();
} }
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$HTML->setHTMLTitle("Gruppen"); $HTML->setHTMLTitle("Gruppen");
@ -28,8 +27,7 @@
$statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?"); $statementGroups = $RUNTIME['PDO']->prepare("SELECT Name,FounderID,os_groups_membership.GroupID FROM os_groups_groups JOIN os_groups_membership ON os_groups_groups.GroupID = os_groups_membership.GroupID WHERE PrincipalID = ?");
$statementGroups->execute(array($_SESSION['UUID'])); $statementGroups->execute(array($_SESSION['UUID']));
while($rowGroups = $statementGroups->fetch()) while ($rowGroups = $statementGroups->fetch()) {
{
$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>'; $entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
@ -39,4 +37,3 @@
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

88
pages/identities.php
View File

@ -1,50 +1,48 @@
<?php <?php
$statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))"); $statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))");
$statementCreateTable->execute(); $statementCreateTable->execute();
if($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php'; include_once 'app/FormValidator.php';
if(isset($_POST['enableIdent'])) { if (isset($_POST['enableIdent'])) {
$validator = new FormValidator(array( $validator = new FormValidator(array(
'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') 'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1"); $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1");
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]); $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]);
$statementPresence = $RUNTIME['PDO']->prepare("SELECT 1 FROM Presence WHERE UserID = :PrincipalID LIMIT 1"); $statementPresence = $RUNTIME['PDO']->prepare("SELECT 1 FROM Presence WHERE UserID = :PrincipalID LIMIT 1");
$statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]); $statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]);
if($statementPresence->rowCount() == 0) if ($statementPresence->rowCount() == 0) {
{ if ($statement->rowCount() == 1) {
if($statement->rowCount() == 1) $statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID');
{
$statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID');
$statementAuth->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementAuth->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementUserIdentitys->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementUserIdentitys->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
//$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID'); //$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID');
//$statementReFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); //$statementReFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp'); $statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp');
$statementInventoryFolders->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]); $statementInventoryFolders->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]);
$statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID'); $statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID');
$statementInventoryItems->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementInventoryItems->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupMembership->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementGroupMembership->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); $statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID');
$statementGroupRoles->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementGroupRoles->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID'); $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID');
$statementGroupRoles->execute(['PrincipalID' => $_SESSION['UUID']]); $statementGroupRoles->execute(['PrincipalID' => $_SESSION['UUID']]);
$_SESSION['LOGIN'] = 'false'; $_SESSION['LOGIN'] = 'false';
@ -55,33 +53,31 @@
} }
} }
} }
else if(isset($_POST['createIdent'])) { elseif (isset($_POST['createIdent'])) {
$validator = new FormValidator(array( $validator = new FormValidator(array(
'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/') 'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
$avatarNameParts = explode(" ", trim($_REQUEST['newName'])); $avatarNameParts = explode(" ", trim($_REQUEST['newName']));
if(count($avatarNameParts) == 2) if (count($avatarNameParts) == 2) {
{
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]); $statement->execute(['FirstName' => trim($avatarNameParts[0]), 'LastName' => trim($avatarNameParts[1])]);
if($statement->rowCount() == 0) if ($statement->rowCount() == 0) {
{ include_once 'app/OpenSim.php';
include 'app/OpenSim.php';
$avatarUUID = (new OpenSim())->gen_uuid(); $avatarUUID = (new OpenSim())->gen_uuid();
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO UserAccounts (PrincipalID, ScopeID, FirstName, LastName, Email, ServiceURLs, Created, UserLevel, UserFlags, UserTitle, active) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $_SESSION['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $_SESSION['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)'); $statementUserIdentitys = $RUNTIME['PDO']->prepare('INSERT INTO UserIdentitys (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statementUserIdentitys->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $avatarUUID]); $statementUserIdentitys->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $avatarUUID]);
}else{ } else {
$_SESSION['identities_err'] = 'Dieser Name ist schon in Benutzung.'; $_SESSION['identities_err'] = 'Dieser Name ist schon in Benutzung.';
} }
}else{ } else {
$_SESSION['identities_err'] = 'Der Name muss aus einem Vor und einem Nachnamen bestehen.'; $_SESSION['identities_err'] = 'Der Name muss aus einem Vor und einem Nachnamen bestehen.';
} }
} }
@ -91,31 +87,28 @@
die(); die();
} }
$HTML->setHTMLTitle("Identitäten"); $HTML->setHTMLTitle("Identitäten");
$HTML->importSeitenInhalt("identities.html"); $HTML->importSeitenInhalt("identities.html");
$statementCheckForEntry = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = ? LIMIT 1"); $statementCheckForEntry = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = ? LIMIT 1");
$statementCheckForEntry->execute(array($_SESSION['UUID'])); $statementCheckForEntry->execute(array($_SESSION['UUID']));
if($statementCheckForEntry->rowCount() == 0) if ($statementCheckForEntry->rowCount() == 0) {
{ $statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `UserIdentitys` (PrincipalID, IdentityID) VALUES (:PrincipalID, :IdentityID)');
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]); $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]);
} }
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>'; $table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC"); $statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC");
$statement->execute(array($_SESSION['UUID'])); $statement->execute(array($_SESSION['UUID']));
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{ if ($row['IdentityID'] == $_SESSION['UUID']) {
if($row['IdentityID'] == $_SESSION['UUID'])
{
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).' <span class="badge badge-info">Aktiv</span></td><td>-</td></tr>'; $entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).' <span class="badge badge-info">Aktiv</span></td><td>-</td></tr>';
}else{ } else {
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'</td><td><form action="index.php?page=identities" method="post">%%CSRF%%<input type="hidden" name="newuuid" value="'.htmlspecialchars($row['IdentityID']).'"><button type="submit" name="enableIdent" class="btn btn-success btn-sm">Aktivieren</button></form></td></tr>'; $entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'</td><td><form action="index.php?page=identities" method="post">%%CSRF%%<input type="hidden" name="newuuid" value="'.htmlspecialchars($row['IdentityID']).'"><button type="submit" name="enableIdent" class="btn btn-success btn-sm">Aktivieren</button></form></td></tr>';
} }
@ -127,7 +120,7 @@
$HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$message = ''; $message = '';
if(isset($_SESSION['identities_err'])) { if (isset($_SESSION['identities_err'])) {
$message = '<div class="alert alert-danger" role="alert">'.$_SESSION['identities_err'].'</div>'; $message = '<div class="alert alert-danger" role="alert">'.$_SESSION['identities_err'].'</div>';
unset($_SESSION['identities_err']); unset($_SESSION['identities_err']);
} }
@ -135,4 +128,3 @@
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

10
pages/invite.php
View File

@ -1,6 +1,5 @@
<?php <?php
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
{
$HTML->setHTMLTitle("Kein Zugriff"); $HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build(); $HTML->build();
@ -8,12 +7,11 @@
die(); die();
} }
$HTML->setHTMLTitle("Benutzer"); $HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html"); $HTML->importSeitenInhalt("users.html");
$HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

98
pages/login.php
View File

@ -1,59 +1,55 @@
<?php <?php
$HTML = new HTML(); $HTML = new HTML();
$HTML->setHTMLTitle("Login"); $HTML->setHTMLTitle("Login");
$HTML->importHTML("login.html"); $HTML->importHTML("login.html");
if($_SERVER['REQUEST_METHOD'] == 'POST') if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{ include_once 'app/FormValidator.php';
include_once 'app/FormValidator.php'; $validator = new FormValidator(array(
$validator = new FormValidator(array( 'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'), 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/') ));
));
if (!$validator->isValid($_POST)) {
if(!$validator->isValid($_POST)) { $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein."); } else {
} $statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1");
else { $statementUser->execute(explode(" ", trim($_POST['username'])));
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1"); $res = ['passwordHash' => '', 'passwordSalt' => ''];
$statementUser->execute(explode(" ", trim($_POST['username'])));
$res = ['passwordHash' => '', 'passwordSalt' => ''];
if($rowUser = $statementUser->fetch()) { if ($rowUser = $statementUser->fetch()) {
$res = $rowUser; $res = $rowUser;
} }
if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) { if (hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = $rowUser['FirstName']; $_SESSION['FIRSTNAME'] = $rowUser['FirstName'];
$_SESSION['LASTNAME'] = $rowUser['LastName']; $_SESSION['LASTNAME'] = $rowUser['LastName'];
$_SESSION['EMAIL'] = $rowUser['Email']; $_SESSION['EMAIL'] = $rowUser['Email'];
$_SESSION['PASSWORD'] = $rowUser['passwordHash']; $_SESSION['PASSWORD'] = $rowUser['passwordHash'];
$_SESSION['SALT'] = $rowUser['passwordSalt']; $_SESSION['SALT'] = $rowUser['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID']; $_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel']; $_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']); $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true'; $_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=dashboard"); header("Location: index.php?page=dashboard");
die(); die();
} }
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch."); $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username'])); $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
} }
} } elseif (isset($_SESSION) && isset($_SESSION['loginMessage'])) {
else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) { $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']); unset($_SESSION['loginMessage']);
unset($_SESSION['loginMessage']); unset($_SESSION['loginMessageColor']);
unset($_SESSION['loginMessageColor']); }
}
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red"); $HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", ""); $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

123
pages/profile.php
View File

@ -1,12 +1,13 @@
<?php <?php
function setNamePart(string $part, string $value, string $otherPart, string $otherValue) { function setNamePart(string $part, string $value, string $otherPart, string $otherValue): bool
{
global $RUNTIME; global $RUNTIME;
$query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?'); $query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');
$query->execute(array($value, $otherValue)); $query->execute(array($value, $otherValue));
if($query->rowCount() == 0) { if ($query->rowCount() == 0) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?'); $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET '.$part.' = ? WHERE PrincipalID = ?');
$statement->execute(array($value, $_SESSION['UUID'])); $statement->execute(array($value, $_SESSION['UUID']));
return true; return true;
} }
@ -23,12 +24,12 @@
$IARRUNNING = $statementIARCheck->rowCount() != 0; $IARRUNNING = $statementIARCheck->rowCount() != 0;
$statementIARCheck->closeCursor(); $statementIARCheck->closeCursor();
if($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php'; include_once 'app/FormValidator.php';
if(isset($_POST['createIAR'])) { if (isset($_POST['createIAR'])) {
$validator = new FormValidator(array()); // CSRF validation only $validator = new FormValidator(array()); // CSRF validation only
if($validator->isValid($_POST) && $IARRUNNING == FALSE) { if($validator->isValid($_POST) && !$IARRUNNING) {
$iarname = md5(time().$_SESSION['UUID'] . rand()).".iar"; $iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";
$statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)'); $statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');
@ -37,7 +38,7 @@
$_SESSION['iar_created'] = true; $_SESSION['iar_created'] = true;
} }
} }
else if(isset($_POST['saveProfileData'])) { elseif (isset($_POST['saveProfileData'])) {
$validator = new FormValidator(array( $validator = new FormValidator(array(
'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'), 'formInputFeldVorname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'), 'formInputFeldNachname' => array('regex' => '/^[^\\/<>\s]{1,64}$/'),
@ -46,7 +47,7 @@
'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/') 'formInputFeldPartnerName' => array('regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
if(isset($_POST['formInputFeldVorname'])) { if(isset($_POST['formInputFeldVorname'])) {
$NewFirstName = trim($_POST['formInputFeldVorname']); $NewFirstName = trim($_POST['formInputFeldVorname']);
@ -62,98 +63,94 @@
} }
} }
if(isset($_POST['formInputFeldNachname'])) { if (isset($_POST['formInputFeldNachname'])) {
$NewLastName = trim($_POST['formInputFeldNachname']); $NewLastName = trim($_POST['formInputFeldNachname']);
if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) { if ($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) { if (setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
$_SESSION['LASTNAME'] = $NewLastName; $_SESSION['LASTNAME'] = $NewLastName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME']; $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']); $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
} } else {
else {
$_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.'; $_SESSION['profile_info'] = 'Der gewählte Name ist bereits vergeben.';
} }
} }
} }
if(isset($_POST['formInputFeldEMail'])) { if (isset($_POST['formInputFeldEMail'])) {
$NewEMail = trim($_POST['formInputFeldEMail']); $NewEMail = trim($_POST['formInputFeldEMail']);
if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) { if ($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['EMAIL'] = $NewEMail; $_SESSION['EMAIL'] = $NewEMail;
} }
} }
if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") { if (isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);
} else { } else {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);
} }
if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") { if (isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
include_once 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$NewPartner = trim($_POST['formInputFeldPartnerName']); $NewPartner = trim($_POST['formInputFeldPartnerName']);
$CurrentPartner = $opensim->getPartner($_SESSION['UUID']); $CurrentPartner = $opensim->getPartner($_SESSION['UUID']);
if($CurrentPartner != "")$CurrentPartner = $opensim->getUserName($CurrentPartner); if ($CurrentPartner != "") {
$CurrentPartner = $opensim->getUserName($CurrentPartner);
}
if($NewPartner != "" && $CurrentPartner != $NewPartner) { if ($NewPartner != "" && $CurrentPartner != $NewPartner) {
$newPartnerUUID = $opensim->getUserUUID($NewPartner); $newPartnerUUID = $opensim->getUserUUID($NewPartner);
if($newPartnerUUID != null) { if ($newPartnerUUID != null) {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);
} }
}else{ } else {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);
} }
} }
} }
} } elseif (isset($_POST['savePassword'])) {
else if(isset($_POST['savePassword'])) {
$validator = new FormValidator(array( $validator = new FormValidator(array(
'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/') 'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
if($_POST['newPasswordRepeat'] == $_POST['newPassword']) { if ($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
if(strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) { if (strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) {
if(md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) { if (md5(md5($_POST['oldPassword']).':'.$_SESSION['SALT']) == $_SESSION['PASSWORD']) {
$salt = bin2hex(random_bytes(16)); $salt = bin2hex(random_bytes(16));
$hash = md5(md5(trim($_POST['newPassword'])).':'.$salt); $hash = md5(md5(trim($_POST['newPassword'])).':'.$salt);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]); $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['PASSWORD'] = $hash; $_SESSION['PASSWORD'] = $hash;
$_SESSION['SALT'] = $salt; $_SESSION['SALT'] = $salt;
$_SESSION['profile_info'] = 'Neues Passwort gespeichert.'; $_SESSION['profile_info'] = 'Neues Passwort gespeichert.';
} } else {
else {
$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!'; $_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
} }
} } else {
else {
$_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'; $_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.';
} }
} } else {
else {
$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!'; $_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
} }
} } else {
else {
$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.'; $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
} }
} }
@ -165,15 +162,14 @@
$HTML->setHTMLTitle("Dein Profile"); $HTML->setHTMLTitle("Dein Profile");
$HTML->importSeitenInhalt("profile.html"); $HTML->importSeitenInhalt("profile.html");
if($IARRUNNING) { if ($IARRUNNING) {
if(isset($_SESSION['iar_created'])) { if (isset($_SESSION['iar_created'])) {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>'); $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-success" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet.'.$APIResult.'</div>');
unset($_SESSION['iar_created']); unset($_SESSION['iar_created']);
} else {
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
} }
else { $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
}
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
} }
include_once 'app/OpenSim.php'; include_once 'app/OpenSim.php';
@ -182,27 +178,30 @@
$PartnerUUID = $opensim->getPartner($_SESSION['UUID']); $PartnerUUID = $opensim->getPartner($_SESSION['UUID']);
$PartnerName = ""; $PartnerName = "";
if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID); if ($PartnerUUID != null) {
$PartnerName = $opensim->getUserName($PartnerUUID);
}
if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked'); if ($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE") {
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked');
}
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' '); $HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME'])); $HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME']));
$HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME'])); $HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME']));
$HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName)); $HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName));
$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID']))); $HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));
$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", ""); $HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");
$profileInfo = ''; $profileInfo = '';
if(isset($_SESSION['profile_info'])) { if (isset($_SESSION['profile_info'])) {
$profileInfo = $_SESSION['profile_info']; $profileInfo = $_SESSION['profile_info'];
unset($_SESSION['profile_info']); unset($_SESSION['profile_info']);
} }
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo); $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo);
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' '); $HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", ''); $HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", '');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

34
pages/regions.php
View File

@ -1,16 +1,14 @@
<?php <?php
$HTML->setHTMLTitle("Deine Regionen"); $HTML->setHTMLTitle("Deine Regionen");
$HTML->importSeitenInhalt("deine-regionen.html"); $HTML->importSeitenInhalt("deine-regionen.html");
function cleanSize($bytes) function cleanSize($bytes)
{ {
if ($bytes > 0) if ($bytes > 0) {
{
$unit = intval(log($bytes, 1024)); $unit = intval(log($bytes, 1024));
$units = array('B', 'KB', 'MB', 'GB'); $units = array('B', 'KB', 'MB', 'GB');
if (array_key_exists($unit, $units) === true) if (array_key_exists($unit, $units) === true) {
{
return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]); return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]);
} }
} }
@ -23,10 +21,9 @@
global $RUNTIME; global $RUNTIME;
$statement = $RUNTIME['PDO']->prepare("SELECT Prims,SimFPS,PhyFPS,ProcMem,RegionVersion FROM regions_info WHERE regionID = ?"); $statement = $RUNTIME['PDO']->prepare("SELECT Prims,SimFPS,PhyFPS,ProcMem,RegionVersion FROM regions_info WHERE regionID = ?");
$statement->execute([$regionID]); $statement->execute([$regionID]);
if($row = $statement->fetch()) if ($row = $statement->fetch()) {
{
$return = array(); $return = array();
$return['Prims'] = $row['Prims']; $return['Prims'] = $row['Prims'];
$return['SimFPS'] = $row['SimFPS']; $return['SimFPS'] = $row['SimFPS'];
@ -40,15 +37,14 @@
return array(); return array();
} }
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove'])) if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove'])) {
{ include_once 'app/FormValidator.php';
include 'app/FormValidator.php';
$validator = new FormValidator(array( $validator = new FormValidator(array(
'region' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') 'region' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) { if (isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?"); $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?");
$statementMembership->execute(array($_POST['region'])); $statementMembership->execute(array($_POST['region']));
} else { } else {
@ -65,16 +61,15 @@
$showAll = isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100 && isset($_REQUEST['SHOWALL']) && $_REQUEST['SHOWALL'] == "1"; $showAll = isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100 && isset($_REQUEST['SHOWALL']) && $_REQUEST['SHOWALL'] == "1";
$statement = $RUNTIME['PDO']->prepare("SELECT uuid,regionName,owner_uuid,locX,locY FROM regions ".($showAll ? "ORDER BY owner_uuid ASC" : "WHERE owner_uuid = ? ORDER BY uuid ASC")); $statement = $RUNTIME['PDO']->prepare("SELECT uuid,regionName,owner_uuid,locX,locY FROM regions ".($showAll ? "ORDER BY owner_uuid ASC" : "WHERE owner_uuid = ? ORDER BY uuid ASC"));
$statement->execute($showAll ? array() : array($_SESSION['UUID'])); $statement->execute($showAll ? array() : array($_SESSION['UUID']));
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{
$stats = getRegionStatsData($row['uuid']); $stats = getRegionStatsData($row['uuid']);
$entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">'.(count($stats) > 0 ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><form action="index.php?page=regions" method="post">%%CSRF%%<input type="hidden" name="region" value="'.$row['uuid'].'"><button type="submit" name="remove" class="btn btn-link btn-sm">LÖSCHEN</button></form></td></tr>'; $entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">'.(!empty($stats) ? 'Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')' : 'Keine Statistik verfügbar').'</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><form action="index.php?page=regions" method="post">%%CSRF%%<input type="hidden" name="region" value="'.$row['uuid'].'"><button type="submit" name="remove" class="btn btn-link btn-sm">LÖSCHEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
@ -83,4 +78,3 @@
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

261
pages/register.php
View File

@ -1,159 +1,154 @@
<?php <?php
function displayPage(string $message) function displayPage(string $message)
{ {
global $RUNTIME; global $RUNTIME;
$HTML = new HTML(); $HTML = new HTML();
$HTML->setHTMLTitle("Registrieren"); $HTML->setHTMLTitle("Registrieren");
$HTML->importHTML("register.html"); $HTML->importHTML("register.html");
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] ); $HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] );
$HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code'])); $HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code']));
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
die(); die();
} }
function displayError(string $message) { function displayError(string $message)
$HTML = new HTML(); {
$HTML->importHTML("error.html"); $HTML = new HTML();
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message); $HTML->importHTML("error.html");
$HTML->build(); $HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
echo $HTML->ausgabe(); $HTML->build();
die(); echo $HTML->ausgabe();
} die();
}
if(!isset($_REQUEST['code'])) { if (!isset($_REQUEST['code'])) {
displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren."); displayError("Du benötigst einen Einladungscode, um dich bei 4Creative zu registrieren.");
} }
if(strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) { if (strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
} }
$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1"); $statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
$statementInviteCode->execute([$_REQUEST['code']]); $statementInviteCode->execute([$_REQUEST['code']]);
if($statementInviteCode->rowCount() == 0) { if ($statementInviteCode->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde."); displayError("Der angegebene Einladungscode ist nicht gültig. Nutze genau den Link, der dir zugeschickt wurde.");
} }
if($_SERVER['REQUEST_METHOD'] != 'POST') { if ($_SERVER['REQUEST_METHOD'] != 'POST') {
displayPage(""); displayPage("");
} }
include_once('app/FormValidator.php'); include_once 'app/FormValidator.php';
$validator = new FormValidator(array(
'tos' => array('required' => true, 'equals' => 'on'),
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),
'avatar' => array('required' => true)
));
$validator = new FormValidator(array( if (!$validator->isValid($_POST)) {
'tos' => array('required' => true, 'equals' => 'on'), if (!isset($_POST['tos']) || $_POST['tos'] !== true) {
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'), displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), } else {
'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'), displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
'avatar' => array('required' => true) }
));
if(!$validator->isValid($_POST)) { die();
if(!isset($_POST['tos']) || $_POST['tos'] !== true) { }
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
}
else {
displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
}
die(); $name = trim($_POST['username']);
} $nameParts;
if ($name != "") {
$nameParts = explode(" ", $name);
if (count($nameParts) == 1) {
$name .= " Resident";
$nameParts = explode(" ", $name);
}
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if ($statementAvatarName->rowCount() > 0) {
displayPage("Der gewählte Name ist bereits vergeben.");
}
}
$name = trim($_POST['username']); $pass = trim($_POST['password']);
$nameParts; if (strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
if($name != "") { displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
$nameParts = explode(" ", $name); }
if(count($nameParts) == 1) {
$name .= " Resident";
$nameParts = explode(" ", $name);
}
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if($statementAvatarName->rowCount() > 0) {
displayPage("Der gewählte Name ist bereits vergeben.");
}
}
$pass = trim($_POST['password']); $email = trim($_POST['email']);
if(strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
}
$email = trim($_POST['email']); $avatar;
if (isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) {
$avatar = trim($_POST['avatar']);
} else {
displayPage("Der gewählte Standardavatar existiert nicht.");
}
$avatar; include_once 'app/OpenSim.php';
if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) { $opensim = new OpenSim();
$avatar = trim($_POST['avatar']);
}
else {
displayPage("Der gewählte Standardavatar existiert nicht.");
}
include 'app/OpenSim.php'; $avatarUUID = $opensim->gen_uuid();
$opensim = new OpenSim(); $salt = bin2hex(random_bytes(16));
$passwordHash = md5(md5($pass).':'.$salt);
$avatarUUID = $opensim->gen_uuid(); $statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$salt = bin2hex(random_bytes(16)); $statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
$passwordHash = md5(md5($pass).':'.$salt); if ($statementInviteDeleter->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht mehr gültig.");
}
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); try {
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]); $RUNTIME['PDO']->beginTransaction();
if($statementInviteDeleter->rowCount() == 0) {
displayError("Der angegebene Einladungscode ist nicht mehr gültig.");
}
try { $statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)');
$RUNTIME['PDO']->beginTransaction(); $statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALT, :WEBKEY, :ACCTYPE)'); $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALT' => $salt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]); $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); $statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); $statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]);
$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileURL`, `profileFirstImage`, `profileAllowPublish`, `profileMaturePublish`, `profileWantToMask`, `profileWantToText`, `profileSkillsMask`, `profileSkillsText`, `profileLanguages`, `profileAboutText`, `profileFirstText`) VALUES (:useruuid, :profilePartner, :profileImage, :profileURL, :profileFirstImage, :profileAllowPublish, :profileMaturePublish, :profileWantToMask, :profileWantToText, :profileSkillsMask, :profileSkillsText, :profileLanguages, :profileAboutText, :profileFirstText)'); $statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)');
$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileURL' => '', 'profileFirstImage' => "00000000-0000-0000-0000-000000000000", "profileAllowPublish" => "0", "profileMaturePublish" => "0", "profileWantToMask" => "0", "profileWantToText" => "", "profileSkillsMask" => "0", "profileSkillsText" => "", "profileLanguages" => "", "profileAboutText" => "", "profileFirstText" => ""]); $Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20);
$InventoryRootFolder = $opensim->gen_uuid();
foreach ($Inventory as $FolderName => $InventoryType) {
$FolderUUID = $opensim->gen_uuid();
if ($InventoryType == 8) {
$FolderUUID = $InventoryRootFolder;
$FolderParent = "00000000-0000-0000-0000-000000000000";
} else {
$FolderParent = $InventoryRootFolder;
}
$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
}
$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)'); $RUNTIME['PDO']->commit();
$Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20); } catch (Exception $pdoException) {
$InventoryRootFolder = $opensim->gen_uuid(); $RUNTIME['PDO']->rollBack();
foreach ($Inventory as $FolderName => $InventoryType) error_log('Could not create Account: '.$pdoException->getMessage());
{ displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.');
$FolderUUID = $opensim->gen_uuid(); }
if ($InventoryType == 8)
{
$FolderUUID = $InventoryRootFolder;
$FolderParent = "00000000-0000-0000-0000-000000000000";
}else{
$FolderParent = $InventoryRootFolder;
}
$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
}
$RUNTIME['PDO']->commit(); session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
} catch (Exception $pdoException) { $_SESSION['FIRSTNAME'] = trim($nameParts[0]);
$RUNTIME['PDO']->rollBack(); $_SESSION['LASTNAME'] = trim($nameParts[1]);
error_log('Could not create Account: '.$pdoException->getMessage()); $_SESSION['EMAIL'] = $email;
displayPage('Fehler bei der Erstellung deines Accounts. Bitte versuche es später erneut.'); $_SESSION['PASSWORD'] = $passwordHash;
} $_SESSION['SALT'] = $salt;
$_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true';
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token header('Location: index.php?page=dashboard');
$_SESSION['FIRSTNAME'] = trim($nameParts[0]); die();
$_SESSION['LASTNAME'] = trim($nameParts[1]);
$_SESSION['EMAIL'] = $email;
$_SESSION['PASSWORD'] = $passwordHash;
$_SESSION['SALT'] = $salt;
$_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true';
header('Location: index.php?page=dashboard');
die();
?>

29
pages/reset-password.php
View File

@ -3,7 +3,8 @@
const TOKEN_INVALID = 'Dieser Link zur Passwortzurücksetzung ist nicht gültig. Bitte klicke oder kopiere den Link aus der E-Mail, die du erhalten hast.'; const TOKEN_INVALID = 'Dieser Link zur Passwortzurücksetzung ist nicht gültig. Bitte klicke oder kopiere den Link aus der E-Mail, die du erhalten hast.';
const TOKEN_EXPIRED = 'Dein Link zur Passwortzurücksetzung ist abgelaufen. Klicke <a href="index.php?page=forgot">hier</a>, um eine neue Anfrage zu senden.'; const TOKEN_EXPIRED = 'Dein Link zur Passwortzurücksetzung ist abgelaufen. Klicke <a href="index.php?page=forgot">hier</a>, um eine neue Anfrage zu senden.';
function displayTokenError($message) { function displayTokenError($message)
{
$HTML = new HTML(); $HTML = new HTML();
$HTML->importHTML("error.html"); $HTML->importHTML("error.html");
$HTML->ReplaceLayoutInhalt('%%MESSAGE%%', $message); $HTML->ReplaceLayoutInhalt('%%MESSAGE%%', $message);
@ -12,8 +13,9 @@
exit(); exit();
} }
function displayPage($err) { function displayPage($err)
if(!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) { {
if (!isset($_GET['token']) || !preg_match('/^[a-z0-9A-Z]{32}$/', $_GET['token'])) {
displayTokenError(TOKEN_INVALID); displayTokenError(TOKEN_INVALID);
} }
@ -27,32 +29,32 @@
exit(); exit();
} }
if($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php'; include_once 'app/FormValidator.php';
$validator = new FormValidator(array( $validator = new FormValidator(array(
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'passwordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/'), 'passwordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'resetToken' => array('required' => true, 'regex' => '/^[a-zA-Z0-9]{32}$/') 'resetToken' => array('required' => true, 'regex' => '/^[a-zA-Z0-9]{32}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
if($_POST['password'] !== $_POST['passwordRepeat']) { if ($_POST['password'] !== $_POST['passwordRepeat']) {
displayPage('Du musst in beiden Feldern das gleiche Passwort eingeben'); displayPage('Du musst in beiden Feldern das gleiche Passwort eingeben');
} }
if(strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) { if (strlen($_POST['password']) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.'); displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
} }
$getReq = $RUNTIME['PDO']->prepare('SELECT UserAccounts.PrincipalID AS UUID,FirstName,LastName,Email,Token,RequestTime FROM PasswordResetTokens JOIN UserAccounts ON UserAccounts.PrincipalID = PasswordResetTokens.PrincipalID WHERE Token = ?'); $getReq = $RUNTIME['PDO']->prepare('SELECT UserAccounts.PrincipalID AS UUID,FirstName,LastName,Email,Token,RequestTime FROM PasswordResetTokens JOIN UserAccounts ON UserAccounts.PrincipalID = PasswordResetTokens.PrincipalID WHERE Token = ?');
$getReq->execute([$_POST['resetToken']]); $getReq->execute([$_POST['resetToken']]);
if($getReq->rowCount() == 0) { if ($getReq->rowCount() == 0) {
displayTokenError(TOKEN_INVALID); displayTokenError(TOKEN_INVALID);
} }
$res = $getReq->fetch(); $res = $getReq->fetch();
if(!hash_equals($res['Token'], $_POST['resetToken'])) { if (!hash_equals($res['Token'], $_POST['resetToken'])) {
displayTokenError(TOKEN_INVALID); displayTokenError(TOKEN_INVALID);
} }
@ -60,17 +62,17 @@
$name = $res['FirstName'].' '.$res['LastName']; $name = $res['FirstName'].' '.$res['LastName'];
$getToken = $RUNTIME['PDO']->prepare('DELETE FROM PasswordResetTokens WHERE PrincipalID = ? AND Token = ?'); $getToken = $RUNTIME['PDO']->prepare('DELETE FROM PasswordResetTokens WHERE PrincipalID = ? AND Token = ?');
$getToken->execute([$uuid, $_POST['resetToken']]); $getToken->execute([$uuid, $_POST['resetToken']]);
if($getToken->rowCount() == 0) { if ($getToken->rowCount() == 0) {
displayTokenError(TOKEN_INVALID); displayTokenError(TOKEN_INVALID);
} }
if(time() - $res['RequestTime'] > 86400) { if (time() - $res['RequestTime'] > 86400) {
displayTokenError(TOKEN_EXPIRED); displayTokenError(TOKEN_EXPIRED);
} }
$salt = bin2hex(random_bytes(16)); $salt = bin2hex(random_bytes(16));
$hash = md5(md5(trim($_POST['password'])).':'.$salt); $hash = md5(md5(trim($_POST['password'])).':'.$salt);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]); $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]);
session_unset(); session_unset();
@ -86,4 +88,3 @@
} }
displayPage(''); displayPage('');
?>

15
pages/user-online-state.php
View File

@ -1,19 +1,17 @@
<?php <?php
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
$HTML->setHTMLTitle("Online Anzeige"); $HTML->setHTMLTitle("Online Anzeige");
$HTML->importSeitenInhalt("online-anzeige.html"); $HTML->importSeitenInhalt("online-anzeige.html");
$table = '<table class="table"><thead><tr><th scope="col">Benutzername</th><th scope="col">Region</th></thead><tbody>%%ENTRY%%</tbody></table>'; $table = '<table class="table"><thead><tr><th scope="col">Benutzername</th><th scope="col">Region</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT RegionID,UserID FROM Presence ORDER BY RegionID ASC"); $statement = $RUNTIME['PDO']->prepare("SELECT RegionID,UserID FROM Presence ORDER BY RegionID ASC");
$statement->execute(); $statement->execute();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{ if ($row['RegionID'] != "00000000-0000-0000-0000-000000000000") {
if($row['RegionID'] != "00000000-0000-0000-0000-000000000000")
{
$entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['UserID']))).'</td><td>'.htmlspecialchars($opensim->getRegionName($row['RegionID'])).'</td></tr>'; $entry = '<tr><td>'.htmlspecialchars(trim($opensim->getUserName($row['UserID']))).'</td><td>'.htmlspecialchars($opensim->getRegionName($row['RegionID'])).'</td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
@ -24,4 +22,3 @@
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

28
pages/users.php
View File

@ -2,8 +2,7 @@
$HTML->setHTMLTitle("Benutzer"); $HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html"); $HTML->importSeitenInhalt("users.html");
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
{
$HTML->setHTMLTitle("Kein Zugriff"); $HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build(); $HTML->build();
@ -11,17 +10,17 @@
die(); die();
} }
include 'app/OpenSim.php'; include_once 'app/OpenSim.php';
$opensim = new OpenSim(); $opensim = new OpenSim();
if($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php'; include_once 'app/FormValidator.php';
if(isset($_POST['genpw'])) { if (isset($_POST['genpw'])) {
$validator = new FormValidator(array( $validator = new FormValidator(array(
'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
)); ));
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
require_once 'app/utils.php'; require_once 'app/utils.php';
$token = generateToken(32); $token = generateToken(32);
$setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)'); $setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)');
@ -30,11 +29,10 @@
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>'.$resetLink.'</b></div>'); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>'.$resetLink.'</b></div>');
} }
} } elseif (isset($_POST['generateLink'])) {
else if(isset($_POST['generateLink'])) {
$validator = new FormValidator(array()); // Needed only for CSRF token validation $validator = new FormValidator(array()); // Needed only for CSRF token validation
if($validator->isValid($_POST)) { if ($validator->isValid($_POST)) {
$inviteID = bin2hex(random_bytes(16)); $inviteID = bin2hex(random_bytes(16));
$link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID; $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
@ -46,25 +44,23 @@
} }
} }
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement->execute(); $statement->execute();
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>'; $table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC"); $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
$statement->execute(); $statement->execute();
while($row = $statement->fetch()) while ($row = $statement->fetch()) {
{
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>'; $entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
$table = str_replace("%%ENTRY%%", "", $table); $table = str_replace("%%ENTRY%%", "", $table);
$HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
$HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();
?>

6
plugins/default-html.php
View File

@ -1,13 +1,11 @@
<?php <?php
$HTML = new HTML(); $HTML = new HTML();
if(isset($_SESSION['LOGIN'])) if (isset($_SESSION['LOGIN'])) {
{
$HTML->importHTML("dashboard.html"); $HTML->importHTML("dashboard.html");
if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] > 100) { if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] > 100) {
$HTML->importHTML("dashboard-admin.html"); $HTML->importHTML("dashboard-admin.html");
} }
$HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : ''); $HTML->ReplaceLayoutInhalt("%%USERNAME%%", isset($_SESSION['DISPLAYNAME']) ? htmlspecialchars($_SESSION['DISPLAYNAME']) : '');
} }
?>