1
0
Fork 0
Manager/pages/register.php

129 lines
5.9 KiB
PHP

<?php
function displayPage(string $message)
{
global $RUNTIME;
$HTML = new HTML();
$HTML->setHTMLTitle("Registrieren");
$HTML->importHTML("register.html");
$HTML->ReplaceLayoutInhalt("%%MESSAGE%%", $message);
$HTML->ReplaceLayoutInhalt("%%tosURL%%", $RUNTIME['TOOLS']['TOS'] );
$HTML->ReplaceLayoutInhalt("%%INVCODE%%", htmlspecialchars($_REQUEST['code']));
$HTML->build();
echo $HTML->ausgabe();
die();
}
if(!isset($_REQUEST['code']))
die("MISSING INVITE CODE!");
if(strlen($_REQUEST['code']) != 32 || !preg_match('/[a-f0-9]+/', $_REQUEST['code'])) {
die("INVALID INVITE CODE!");
}
$statementInviteCode = $RUNTIME['PDO']->prepare("SELECT 1 FROM InviteCodes WHERE InviteCode = ? LIMIT 1");
$statementInviteCode->execute([$_REQUEST['code']]);
if($statementInviteCode->rowCount() == 0) {
die("INVALID INVITE CODE!");
}
if($_SERVER['REQUEST_METHOD'] != 'POST') {
displayPage("");
}
include_once('app/FormValidator.php');
$validator = new FormValidator(array(
'tos' => array('required' => true, 'equals' => 'on'),
'username' => array('required' => true, 'regex' => '/[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?/'),
'password' => array('required' => true, 'regex' => '/.{1,1000}/'),
'email' => array('required' => true, 'regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),
'avatar' => array('required' => true)
));
if(!$validator->isValid($_POST)) {
if(!isset($_POST['tos']) || $_POST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
}
else {
displayPage("Ups da stimmt was nicht. Versuche es bitte noch mal.");
}
die();
}
$name = trim($_POST['username']);
$nameParts;
if($name != "") {
$nameParts = explode(" ", $name);
if(count($nameParts) == 1) {
$name .= " Resident";
$nameParts = explode(" ", $name);
}
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if($statementAvatarName->rowCount() > 0) {
displayPage("Der gewählte Name ist bereits vergeben.");
}
}
$pass = trim($_POST['password']);
if(strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
}
$email = trim($_POST['email']);
$avatar;
if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) {
$avatar = trim($_POST['avatar']);
}
else {
displayPage("Der gewählte Standardavatar existiert nicht.");
}
include 'app/OpenSim.php';
$opensim = new OpenSim();
$avatarUUID = $opensim->gen_uuid();
$passwordHash = password_hash($pass, PASSWORD_ARGON2ID);
$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :WEBKEY, :ACCTYPE)');
$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileFirstImage`) VALUES (:useruuid, :profilePartner, :profileImage, :profileFirstImage)');
$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileFirstImage' => "00000000-0000-0000-0000-000000000000"]);
$Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20);
$InventoryRootFolder = $opensim->gen_uuid();
foreach ($Inventory as $FolderName => $InventoryType)
{
$FolderUUID = $opensim->gen_uuid();
if ($InventoryType == 8)
{
$FolderUUID = $InventoryRootFolder;
$FolderParent = "00000000-0000-0000-0000-000000000000";
}else{
$FolderParent = $InventoryRootFolder;
}
$statementInventoryFolder = $RUNTIME['PDO']->prepare('INSERT INTO `inventoryfolders` (`folderName`, `type`, `version`, `folderID`, `agentID`, `parentFolderID`) VALUES (:folderName, :folderTyp, :folderVersion, :folderID, :agentID, :parentFolderID)');
$statementInventoryFolder->execute(['agentID' => $avatarUUID, 'folderName' => $FolderName, 'folderTyp' => $InventoryType, 'folderVersion' => 1, 'folderID' => $FolderUUID, 'parentFolderID' => $FolderParent]);
}
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($name);
$_SESSION['FIRSTNAME'] = trim($nameParts[0]);
$_SESSION['LASTNAME'] = trim($nameParts[1]);
$_SESSION['EMAIL'] = $email;
$_SESSION['PASSWORD'] = $passwordHash;
$_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true';
header('Location: index.php?page=dashboard');
die();
?>