From bd3df894547a085820827088a871ae0f9478c486 Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:34 +0200
Subject: [PATCH] Fix various small errors

---
 classen/HTML.php           |  2 +-
 pages/HTML/identities.html |  2 +-
 pages/identities.php       |  4 ++--
 pages/login.php            |  6 +++---
 pages/register.php         | 12 ++++++------
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/classen/HTML.php b/classen/HTML.php
index 0d12132..2564ba4 100644
--- a/classen/HTML.php
+++ b/classen/HTML.php
@@ -226,7 +226,7 @@
 			$this->FertigesHTML = str_replace("%%GET_IP%%", @$_SERVER["REMOTE_ADDR"], $this->FertigesHTML);
 
 			// Add CSRF token
-			$this->FertigesHTML = str_replace("%%CSRF%%", '<input type="hidden" name="csrf" value="'.$_SESSION['csrf'].'">');
+			$this->FertigesHTML = str_replace("%%CSRF%%", '<input type="hidden" name="csrf" value="'.$_SESSION['csrf'].'">', $this->FertigesHTML);
 			
 			$this->isBuild = true;
 		}	
diff --git a/pages/HTML/identities.html b/pages/HTML/identities.html
index aca5d10..5b2c18f 100644
--- a/pages/HTML/identities.html
+++ b/pages/HTML/identities.html
@@ -30,7 +30,7 @@
             
                     <div class="row" style="margin-top: 15px;">
                         <div class="col">
-                            %&CSRF%&
+                            %%CSRF%%
                             <button type="submit" name="createIdent" class="btn btn-primary btn-lg">Erstelle Identität</button>
                         </div>
                     </div>
diff --git a/pages/identities.php b/pages/identities.php
index 61703f5..b592fa3 100644
--- a/pages/identities.php
+++ b/pages/identities.php
@@ -14,7 +14,7 @@
         $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]);
     }
 
-    if(isset($_REQUEST['enableIdent']) && isset($_REQUEST['newuuid']) && $_REQUEST['enableIdent'] != "" && $_REQUEST['newuuid'] != "")
+    if(isset($_REQUEST['enableIdent']) && isset($_REQUEST['newuuid']) && $_REQUEST['enableIdent'] == "" && $_REQUEST['newuuid'] != "")
     {
         $statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1");
         $statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]); 
@@ -64,7 +64,7 @@
         }
     }
 
-    if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] != "" && $_REQUEST['newName'] != "")
+    if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] == "" && $_REQUEST['newName'] == "")
     {
         $avatarNameParts = explode(" ", trim($_REQUEST['newName']));
 
diff --git a/pages/login.php b/pages/login.php
index 3c63d80..ddffa77 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -8,8 +8,8 @@
 	if(isset($_POST['login']))
 	{
 		$validator = new FormValidator(array(
-			'username' => array('required' => true, 'regex' => '[^\\\/<>\s]{1,64} [^\\\/<>\s]{1,64}'),
-			'password' => array('required' => true, 'regex' => '.{1,1000}')
+			'username' => array('required' => true, 'regex' => '/[^\\\/<>\s]{1,64} [^\\\/<>\s]{1,64}/'),
+			'password' => array('required' => true, 'regex' => '/.{1,1000}/')
 		));
 		
 		if(!$validator->isValid($_POST)) {
@@ -57,7 +57,7 @@
 		}
 	}
 
-	if(isset($_REQUEST['page']) && preg_match('[0-9a-zA-Z]{1-100}') && file_exists("./pages/".$_REQUEST['page'].".php"))
+	if(isset($_REQUEST['page']) && preg_match('/[0-9a-zA-Z]{1-100}/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))
 		$HTML->ReplaceLayoutInhalt("%%PAGENAME%%", urlencode($_REQUEST['page']));
 
 	$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); 
diff --git a/pages/register.php b/pages/register.php
index a2bd86e..84356e4 100644
--- a/pages/register.php
+++ b/pages/register.php
@@ -17,7 +17,7 @@
 	if(!isset($_REQUEST['code']))
 		die("MISSING INVITE CODE!");
 
-	if(strlen($_REQUEST['code']) != 32 || !preg_match('[a-f0-9]+', $_REQUEST['code'])) {
+	if(strlen($_REQUEST['code']) != 32 || !preg_match('/[a-f0-9]+/', $_REQUEST['code'])) {
 		die("INVALID INVITE CODE!");
 	}
 
@@ -29,10 +29,10 @@
 	include_once('classen/FormValidator.php');
 
 	$validator = new FormValidator(array(
-		'tos' => array('required' => true, 'equals' => true),
-		'username' => array('required' => true, 'regex' => '[^\\\/<>\s]{1,64}( [^\\\/<>\s]{1,64})?'),
-		'password' => array('required' => true, 'regex' => '.{1,1000}'),
-		'email' => array('required' => true, 'regex' => '\S{1,64}@\S{1,250}.\S{2,64}'),
+		'tos' => array('required' => true, 'equals' => 'on'),
+		'username' => array('required' => true, 'regex' => '/[^\\\/<>\s]{1,64}( [^\\\/<>\s]{1,64})?/'),
+		'password' => array('required' => true, 'regex' => '/.{1,1000}/'),
+		'email' => array('required' => true, 'regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),
 		'avatar' => array('required' => true)
 	));
 
@@ -82,7 +82,7 @@
 	}
 	$RUNTIME['REGISTER']['PASS'] = trim($_REQUEST['password']);
 	$RUNTIME['REGISTER']['EMAIL']	=	trim($_REQUEST['email']);	
-	if(isset($RUNTIME['DEFAULTAVATAR'][$avatar]['UUID']))
+	if(isset($RUNTIME['DEFAULTAVATAR'][$_REQUEST['avatar']]['UUID']))
 	{
 		$RUNTIME['REGISTER']['AVATAR']	=	trim($_REQUEST['avatar']);
 	}