From e5dd07305a964855d9a45225ae5b9e98425dd0ee Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:34 +0200
Subject: [PATCH] Add input validation to Register page

---
 pages/register.php | 259 ++++++++++++++++++++-------------------------
 1 file changed, 116 insertions(+), 143 deletions(-)

diff --git a/pages/register.php b/pages/register.php
index fcd6e52..83b9669 100644
--- a/pages/register.php
+++ b/pages/register.php
@@ -1,159 +1,132 @@
 <?php
-	if(!isset($_REQUEST['code']))
-		die("MISSING INVITE CODE!");
-
-	$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT * FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
-	$statementInviteCode->execute([@$_REQUEST['code']]); 
-
-	if($statementInviteCode->rowCount() != 0)
+	function displayPage(string $message)
 	{
-		$RUNTIME['REGISTER']['Name']	=	null;
-		$RUNTIME['REGISTER']['PASS']	=	null;
-		$RUNTIME['REGISTER']['EMAIL']	=	null;
-		$RUNTIME['REGISTER']['AVATAR']	=	null;
-		$RUNTIME['REGISTER']['TOS']		=	false;
-	
-		if(isset($_REQUEST['tos']) || @$_REQUEST['tos'] != "")
-		{
-			$RUNTIME['REGISTER']['TOS'] = true;
-		}
-
-	    if(isset($_REQUEST['username']) || @$_REQUEST['username'] != "")
-		{
-			$name = trim($_REQUEST['username']);
-
-			if($name != "")
-			{
-				$nameParts = explode(" ", $name);
-
-				if(count($nameParts) == 1)
-				{
-					$name .= " Resident";
-					$nameParts = explode(" ", $name);
-				}
-					
-				if(count($nameParts) <= 2)
-				{
-					$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT * FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
-					$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]); 
-
-					if($statementAvatarName->rowCount() == 0)
-					{
-						$RUNTIME['REGISTER']['Name']	=	$name;
-					}
-				}		
-			}
-		}
-
-		if(isset($_REQUEST['password']) || @$_REQUEST['password'] != "")
-		{
-			$pass = trim($_REQUEST['password']);
-
-			if($pass != "")
-			{
-				$RUNTIME['REGISTER']['PASS']	=	$pass;	
-			}
-		}
-
-		if(isset($_REQUEST['email']) || @$_REQUEST['email'] != "")
-		{
-			$email = trim($_REQUEST['email']);
-
-			if($email != "")
-			{
-				$RUNTIME['REGISTER']['EMAIL']	=	$email;	
-			}
-		}
-
-		if(isset($_REQUEST['avatar']) || @$_REQUEST['avatar'] != "")
-		{
-			$avatar = trim($_REQUEST['avatar']);
-
-			if($avatar != "")
-			{
-				if(isset($RUNTIME['DEFAULTAVATAR'][$avatar]['UUID']))
-				{
-					$RUNTIME['REGISTER']['AVATAR']	=	$avatar;
-				}
-			}
-		}
-
 		$HTML = new HTML();
 		$HTML->setHTMLTitle("Registrieren");
 		$HTML->importHTML("style/login/register.html");
 
-		if(isset($_REQUEST['doRegister']) || @$_REQUEST['doRegister'] != "")
-		{
-			if($RUNTIME['REGISTER']['TOS'] == true)
-			{
-				if($RUNTIME['REGISTER']['AVATAR'] != null && $RUNTIME['REGISTER']['EMAIL'] != null && $RUNTIME['REGISTER']['PASS'] != null && $RUNTIME['REGISTER']['Name'] != null && $RUNTIME['REGISTER']['TOS'] == true)
-				{
-					$avatarUUID = $RUNTIME['OPENSIM']->gen_uuid();
-					$passwordSalt = md5($avatarUUID.time());
-					$passwordHash = md5(md5($RUNTIME['REGISTER']['PASS']).":".$passwordSalt);
-					$avatarNameParts = explode(" ", $RUNTIME['REGISTER']['Name']);
-	
-					$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALTVALUE, :WEBKEY, :ACCTYPE)'); 
-					$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALTVALUE' => $passwordSalt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
-	
-					$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); 
-					$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $RUNTIME['REGISTER']['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
-	
-					$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileFirstImage`) VALUES (:useruuid, :profilePartner, :profileImage, :profileFirstImage)'); 
-					$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileFirstImage' => "00000000-0000-0000-0000-000000000000"]);
-	
-					$Inventory 				= array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' =>  0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' =>  7, 'My Inventory' =>  8, 'Sounds' =>  1, 'Animations' => 20);
-					$InventoryRootFolder 	= $RUNTIME['OPENSIM']->gen_uuid();
-	
-					foreach ($Inventory as $FolderName => $InventoryType)
-					{
-						$FolderUUID = $RUNTIME['OPENSIM']->gen_uuid();
-	
-						if ($InventoryType == 8)
-						{
-							$FolderUUID = $InventoryRootFolder;
-							$FolderParent = "00000000-0000-0000-0000-000000000000";
-						}else{
-							$FolderParent = $InventoryRootFolder;
-						}
-	
-						$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)'); 
-						$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
-					}
-	
-					$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); 
-					$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
-	
-					$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']);
-					$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]);
-					$_SESSION['LASTNAME'] = trim($avatarNameParts[1]);
-					$_SESSION['EMAIL'] = trim($RUNTIME['REGISTER']['EMAIL']);
-					$_SESSION['PASSWORD'] = $passwordHash;
-					$_SESSION['SALT'] = $passwordSalt;
-					$_SESSION['UUID'] = $avatarUUID;
-					$_SESSION['LEVEL'] = 0;
-					$_SESSION['DISPLAYNAME'] = strtoupper(trim($RUNTIME['REGISTER']['Name']));
-					$_SESSION['LOGIN'] = 'true';
-					include "./pages/dashboard.php";
-					die();
-				}else{
-					$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", "Ups da stimmt was nicht. Versuche es bitte noch mal."); 
-				}
-			}else{
-				$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", "Du musst die Nutzungsbedingungen lesen und Akzeptieren."); 
-			}
-		}
-		
-
-		$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", ""); 
+		$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
 		$HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] ); 
 		$HTML->ReplaceLayoutInhalt("%%INVCODE%%", $_REQUEST['code']); 
 	
 		$HTML->build();
 		echo $HTML->ausgabe();
 		die();
+	}
 
-	}else{
+	if(!isset($_REQUEST['code']))
+		die("MISSING INVITE CODE!");
+
+	if(strlen($_REQUEST['code']) != 32 || !preg_match('[a-f0-9]+', $_REQUEST['code'])) {
 		die("INVALID INVITE CODE!");
 	}
+
+	if(!isset($_REQUEST['doRegister']))
+	{
+		displayPage("");
+	}
+
+	include_once('classen/FormValidator.php');
+
+	$validator = new FormValidator(array(
+		'tos' => array('required' => true, 'equals' => true),
+		'username' => array('required' => true, 'regex' => '[^\\\/<>\s]{1,64}( [^\\\/<>\s]{1,64})?'),
+		'password' => array('required' => true, 'regex' => '.{1,1000}'),
+		'email' => array('required' => true, 'regex' => '\S{1,64}@\S{1,250}.\S{2,64}'),
+		'avatar' => array('required' => true)
+	));
+
+	if(!$validator->isValid()) {
+		if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) {
+			displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
+		}
+		else {
+			displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
+		}
+
+		die();
+	}
+
+	$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT * FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
+	$statementInviteCode->execute([$_REQUEST['code']]);
+
+	if($statementInviteCode->rowCount() == 0) {
+		die("INVALID INVITE CODE!");
+	}
+
+	$RUNTIME['REGISTER']['Name']	=	null;
+	$RUNTIME['REGISTER']['PASS']	=	null;
+	$RUNTIME['REGISTER']['EMAIL']	=	null;
+	$RUNTIME['REGISTER']['AVATAR']	=	null;
+	$RUNTIME['REGISTER']['TOS']		=	true;
+	$name = trim($_REQUEST['username']);
+	if($name != "")
+	{
+		$nameParts = explode(" ", $name);
+		if(count($nameParts) == 1)
+		{
+			$name .= " Resident";
+			$nameParts = explode(" ", $name);
+		}
+			
+		$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT * FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
+		$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]); 
+		if($statementAvatarName->rowCount() == 0)
+		{
+			$RUNTIME['REGISTER']['Name']	=	$name;
+		}
+		else
+		{
+			displayPage("Der gewählte Name ist bereits vergeben.");
+		}
+	}
+	$RUNTIME['REGISTER']['PASS'] = trim($_REQUEST['password']);
+	$RUNTIME['REGISTER']['EMAIL']	=	trim($_REQUEST['email']);	
+	if(isset($RUNTIME['DEFAULTAVATAR'][$avatar]['UUID']))
+	{
+		$RUNTIME['REGISTER']['AVATAR']	=	trim($_REQUEST['avatar']);
+	}
+	else
+	{
+		displayPage("Der gewählte Standardavatar existiert nicht.");
+	}
+	$avatarUUID = $RUNTIME['OPENSIM']->gen_uuid();
+	$passwordSalt = md5($avatarUUID.time());
+	$passwordHash = md5(md5($RUNTIME['REGISTER']['PASS']).":".$passwordSalt);
+	$avatarNameParts = explode(" ", $RUNTIME['REGISTER']['Name']);
+	$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `passwordSalt`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :SALTVALUE, :WEBKEY, :ACCTYPE)'); 
+	$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'SALTVALUE' => $passwordSalt, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
+	$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); 
+	$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $RUNTIME['REGISTER']['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
+	$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileFirstImage`) VALUES (:useruuid, :profilePartner, :profileImage, :profileFirstImage)'); 
+	$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileFirstImage' => "00000000-0000-0000-0000-000000000000"]);
+	$Inventory 				= array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' =>  0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' =>  7, 'My Inventory' =>  8, 'Sounds' =>  1, 'Animations' => 20);
+	$InventoryRootFolder 	= $RUNTIME['OPENSIM']->gen_uuid();
+	foreach ($Inventory as $FolderName => $InventoryType)
+	{
+		$FolderUUID = $RUNTIME['OPENSIM']->gen_uuid();
+		if ($InventoryType == 8)
+		{
+			$FolderUUID = $InventoryRootFolder;
+			$FolderParent = "00000000-0000-0000-0000-000000000000";
+		}else{
+			$FolderParent = $InventoryRootFolder;
+		}
+		$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)'); 
+		$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
+	}
+	$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); 
+	$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
+	$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']);
+	$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]);
+	$_SESSION['LASTNAME'] = trim($avatarNameParts[1]);
+	$_SESSION['EMAIL'] = trim($RUNTIME['REGISTER']['EMAIL']);
+	$_SESSION['PASSWORD'] = $passwordHash;
+	$_SESSION['SALT'] = $passwordSalt;
+	$_SESSION['UUID'] = $avatarUUID;
+	$_SESSION['LEVEL'] = 0;
+	$_SESSION['DISPLAYNAME'] = strtoupper(trim($RUNTIME['REGISTER']['Name']));
+	$_SESSION['LOGIN'] = 'true';
+	include "./pages/dashboard.php";
+	die();
 ?>
\ No newline at end of file