From 48882cbb1bdb74bc45cebb0bf0e0e53ce2b60ad4 Mon Sep 17 00:00:00 2001 From: Anonymous Contributor Date: Sun, 27 Aug 2023 08:32:40 +0200 Subject: [PATCH] Add feature for deleting own identities --- pages/identities.php | 46 +++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/pages/identities.php b/pages/identities.php index fa88423..9cd809d 100644 --- a/pages/identities.php +++ b/pages/identities.php @@ -1,17 +1,19 @@ prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` VARCHAR(38) NOT NULL, `IdentityID` VARCHAR(38) NOT NULL, PRIMARY KEY (`IdentityID`))"); + $statementCreateTable = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `UserIdentitys` (`PrincipalID` CHAR(36) NOT NULL, `IdentityID` CHAR(36) NOT NULL, PRIMARY KEY (`PrincipalID`, `IdentityID`)) ENGINE=MyISAM CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci"); $statementCreateTable->execute(); + $statementCreateTrigger = $RUNTIME['PDO']->prepare("CREATE TRIGGER IF NOT EXISTS del_id_trig AFTER DELETE ON UserAccounts FOR EACH ROW DELETE FROM UserIdentitys WHERE UserIdentitys.PrincipalID = OLD.PrincipalID OR UserIdentitys.IdentityID = OLD.PrincipalID"); + $statementCreateTrigger->execute(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { include_once 'app/FormValidator.php'; if (isset($_POST['enableIdent'])) { $validator = new FormValidator(array( - 'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') + 'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if ($validator->isValid($_POST)) { $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1"); - $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]); + $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_POST['uuid']]); $statementPresence = $RUNTIME['PDO']->prepare("SELECT 1 FROM Presence WHERE UserID = :PrincipalID LIMIT 1"); $statementPresence->execute(['PrincipalID' => $_SESSION['UUID']]); @@ -19,28 +21,28 @@ if ($statementPresence->rowCount() == 0) { if ($statement->rowCount() == 1) { $statementAuth = $RUNTIME['PDO']->prepare('UPDATE auth SET UUID = :IdentityID WHERE UUID = :PrincipalID'); - $statementAuth->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementAuth->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementUserIdentitys = $RUNTIME['PDO']->prepare('UPDATE UserIdentitys SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); - $statementUserIdentitys->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementUserIdentitys->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); - $statementFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementFriends->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); //$statementReFriends = $RUNTIME['PDO']->prepare('UPDATE Friends SET Friend = :IdentityID WHERE Friend = :PrincipalID'); - //$statementReFriends->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + //$statementReFriends->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementInventoryFolders = $RUNTIME['PDO']->prepare('UPDATE inventoryfolders SET agentID = :IdentityID WHERE agentID = :PrincipalID AND type != :InventarTyp'); - $statementInventoryFolders->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]); + $statementInventoryFolders->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID'], 'InventarTyp' => 46]); $statementInventoryItems = $RUNTIME['PDO']->prepare('UPDATE inventoryitems SET avatarID = :IdentityID WHERE avatarID = :PrincipalID'); - $statementInventoryItems->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementInventoryItems->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementGroupMembership = $RUNTIME['PDO']->prepare('UPDATE os_groups_membership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); - $statementGroupMembership->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementGroupMembership->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementGroupRoles = $RUNTIME['PDO']->prepare('UPDATE os_groups_rolemembership SET PrincipalID = :IdentityID WHERE PrincipalID = :PrincipalID'); - $statementGroupRoles->execute(['IdentityID' => $_REQUEST['newuuid'], 'PrincipalID' => $_SESSION['UUID']]); + $statementGroupRoles->execute(['IdentityID' => $_POST['uuid'], 'PrincipalID' => $_SESSION['UUID']]); $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = :PrincipalID'); $statementGroupRoles->execute(['PrincipalID' => $_SESSION['UUID']]); @@ -52,14 +54,13 @@ $_SESSION['identities_err'] = 'Du kannst die Identität nicht ändern, während du angemeldet bist. Bitte schließe den Viewer.'; } } - } - elseif (isset($_POST['createIdent'])) { + } elseif (isset($_POST['createIdent'])) { $validator = new FormValidator(array( 'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/') )); if ($validator->isValid($_POST)) { - $avatarNameParts = explode(" ", trim($_REQUEST['newName'])); + $avatarNameParts = explode(" ", trim($_POST['newName'])); if (count($avatarNameParts) == 2) { $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); @@ -82,6 +83,21 @@ } } } + elseif (isset($_POST['deleteIdent'])) { + $validator = new FormValidator(array( + 'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') + )); + + if ($validator->isValid($_POST)) { + $statementValidate = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserIdentitys WHERE PrincipalID = ? AND IdentityID = ?'); + $statementValidate->execute([$_SESSION['UUID'], $_POST['uuid']]); + + if($statementValidate->fetch()) { + $statementDelete = $RUNTIME['PDO']->prepare('DELETE FROM UserAccounts WHERE PrincipalID = ?'); + $statementDelete->execute([$_POST['uuid']]); + } + } + } header('Location: index.php?page=identities'); die(); @@ -109,7 +125,7 @@ if ($row['IdentityID'] == $_SESSION['UUID']) { $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).' Aktiv-'; } else { - $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'
%%CSRF%%
'; + $entry = ''.htmlspecialchars(trim($opensim->getUserName($row['IdentityID']))).'
%%CSRF%%
'; } $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);