diff --git a/pages/identities.php b/pages/identities.php index b592fa3..6f1b31f 100644 --- a/pages/identities.php +++ b/pages/identities.php @@ -64,7 +64,7 @@ } } - if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] == "" && $_REQUEST['newName'] == "") + if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] == "" && $_REQUEST['newName'] != "") { $avatarNameParts = explode(" ", trim($_REQUEST['newName'])); @@ -105,7 +105,7 @@ { $entry = ''.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).' Aktiv-'; }else{ - $entry = ''.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).'
%%CSRF%%
'; + $entry = ''.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).'
%%CSRF%%
'; } $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); diff --git a/pages/login.php b/pages/login.php index 02eb40c..60c43ba 100644 --- a/pages/login.php +++ b/pages/login.php @@ -1,12 +1,11 @@ setHTMLTitle("Login"); $HTML->importHTML("style/login/login.html"); if(isset($_POST['login'])) { + include_once 'classen/FormValidator.php'; $validator = new FormValidator(array( 'username' => array('required' => true, 'regex' => '/[^\\\/<>\s]{1,64} [^\\\/<>\s]{1,64}/'), 'password' => array('required' => true, 'regex' => '/.{1,1000}/') diff --git a/pages/profile.php b/pages/profile.php index 178d9bf..b47114c 100644 --- a/pages/profile.php +++ b/pages/profile.php @@ -31,7 +31,7 @@ } } - if(isset($_REQUEST['formInputFeldVorname']) || @$_REQUEST['formInputFeldVorname'] != "") + if(isset($_REQUEST['formInputFeldVorname']) && $_REQUEST['formInputFeldVorname'] != "") { $NewFirstName = trim($_REQUEST['formInputFeldVorname']); @@ -48,7 +48,7 @@ } } - if(isset($_REQUEST['formInputFeldNachname']) || @$_REQUEST['formInputFeldNachname'] != "") + if(isset($_REQUEST['formInputFeldNachname']) && $_REQUEST['formInputFeldNachname'] != "") { $NewLastName = trim($_REQUEST['formInputFeldNachname']); @@ -65,7 +65,7 @@ } } - if(isset($_REQUEST['formInputFeldEMail']) || @$_REQUEST['formInputFeldEMail'] != "") + if(isset($_REQUEST['formInputFeldEMail']) && $_REQUEST['formInputFeldEMail'] != "") { $NewEMail = trim($_REQUEST['formInputFeldEMail']); @@ -84,7 +84,7 @@ } } - if(isset($_REQUEST['formInputFeldOfflineIM']) || @$_REQUEST['formInputFeldOfflineIM'] != "") + if(isset($_REQUEST['formInputFeldOfflineIM']) && $_REQUEST['formInputFeldOfflineIM'] != "") { $NewOfflineIM = trim($_REQUEST['formInputFeldOfflineIM']); @@ -101,7 +101,7 @@ $statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]); } - if(isset($_REQUEST['formInputFeldPartnerName']) || @$_REQUEST['formInputFeldPartnerName'] != "") + if(isset($_REQUEST['formInputFeldPartnerName']) && $_REQUEST['formInputFeldPartnerName'] != "") { $NewPartner = trim($_REQUEST['formInputFeldPartnerName']); $CurrentPartner = $RUNTIME['OPENSIM']->getPartner($_SESSION['UUID']); diff --git a/pages/register.php b/pages/register.php index a52dc5b..88ebba0 100644 --- a/pages/register.php +++ b/pages/register.php @@ -1,6 +1,7 @@ setHTMLTitle("Registrieren"); $HTML->importHTML("style/login/register.html"); @@ -21,8 +22,15 @@ die("INVALID INVITE CODE!"); } + $statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1"); + $statementInviteCode->execute([$_REQUEST['code']]); + + if($statementInviteCode->rowCount() == 0) { + die("INVALID INVITE CODE!"); + } + if(!isset($_REQUEST['doRegister'])) - { + { displayPage(""); } @@ -47,13 +55,6 @@ die(); } - $statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1"); - $statementInviteCode->execute([$_REQUEST['code']]); - - if($statementInviteCode->rowCount() == 0) { - die("INVALID INVITE CODE!"); - } - $RUNTIME['REGISTER']['Name'] = null; $RUNTIME['REGISTER']['PASS'] = null; $RUNTIME['REGISTER']['EMAIL'] = null;