1
0
Fork 0
Manager/pages/profile.php

192 lines
10 KiB
PHP

<?php
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `iarstates` (`userID` VARCHAR(36) NOT NULL COLLATE 'utf8_unicode_ci', `filesize` BIGINT(20) NOT NULL DEFAULT '0', `iarfilename` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `running` INT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`userID`) USING BTREE) COLLATE='utf8_unicode_ci' ENGINE=InnoDB;");
$statement->execute();
//Prüfe ob IAR grade erstellt wird.
$statementIARCheck = $RUNTIME['PDO']->prepare('SELECT 1 FROM iarstates WHERE userID =:userID');
$statementIARCheck->execute(['userID' => $_SESSION['UUID']]);
$IARRUNNING = $statementIARCheck->rowCount() != 0;
$statementIARCheck->closeCursor();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php';
if(isset($_POST['createIAR'])) {
$validator = new FormValidator(array()); // CSRF validation only
if($validator->isValid($_POST) && $IARRUNNING == FALSE) {
$iarname = md5(time().$_SESSION['UUID'] . rand()).".iar";
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Deine IAR wird jetzt erstellt und der Download Link wird dir per PM zugesendet. '.$APIResult.'</div>');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
$statementIARSTART = $RUNTIME['PDO']->prepare('INSERT INTO iarstates (userID, filesize, iarfilename) VALUES (:userID, :filesize, :iarfilename)');
$statementIARSTART->execute(['userID' => $_SESSION['UUID'], 'filesize' => 0, 'iarfilename' => $iarname]);
}
}
else if(isset($_POST['saveProfileData'])) {
$validator = new FormValidator(array(
'formInputFeldVorname' => array('regex' => '/[^\\/<>\s]{1,64}/'),
'formInputFeldNachname' => array('regex' => '/[^\\/<>\s]{1,64}/'),
'formInputFeldEMail' => array('regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),
'formInputFeldOfflineIM' => array('regex' => '/(|on)/'),
'formInputFeldPartnerName' => array('regex' => '/[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}/')
));
if($validator->isValid($_POST)) {
if(isset($_POST['formInputFeldVorname']) && $_POST['formInputFeldVorname'] != "") {
$NewFirstName = trim($_POST['formInputFeldVorname']);
if($NewFirstName != "" && $_SESSION['FIRSTNAME'] != $NewFirstName) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET FirstName = :FirstName WHERE PrincipalID = :PrincipalID');
$statement->execute(['FirstName' => $NewFirstName, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['FIRSTNAME'] = $NewFirstName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
}
}
if(isset($_POST['formInputFeldNachname']) && $_POST['formInputFeldNachname'] != "") {
$NewLastName = trim($_POST['formInputFeldNachname']);
if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET LastName = :LastName WHERE PrincipalID = :PrincipalID');
$statement->execute(['LastName' => $NewLastName, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['LASTNAME'] = $NewLastName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
}
}
if(isset($_POST['formInputFeldEMail']) && $_POST['formInputFeldEMail'] != "") {
$NewEMail = trim($_POST['formInputFeldEMail']);
if($NewEMail != "" && $_SESSION['EMAIL'] != $NewEMail) {
$statement = $RUNTIME['PDO']->prepare('UPDATE UserAccounts SET Email = :Email WHERE PrincipalID = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET email = :Email WHERE useruuid = :PrincipalID');
$statement->execute(['Email' => $NewEMail, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['EMAIL'] = $NewEMail;
}
}
if(isset($_POST['formInputFeldOfflineIM']) && $_POST['formInputFeldOfflineIM'] == "on") {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'true', 'PrincipalID' => $_SESSION['UUID']]);
} else {
$statement = $RUNTIME['PDO']->prepare('UPDATE usersettings SET imviaemail = :IMState WHERE useruuid = :PrincipalID');
$statement->execute(['IMState' => 'false', 'PrincipalID' => $_SESSION['UUID']]);
}
if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
$NewPartner = trim($_POST['formInputFeldPartnerName']);
$CurrentPartner = $opensim->getPartner($_SESSION['UUID']);
include_once 'app/OpenSim.php';
if($CurrentPartner != "")$CurrentPartner = (new OpenSim())->getUserName($CurrentPartner);
if($NewPartner != "" && $CurrentPartner != $NewPartner) {
$newPartnerUUID = $opensim->getUserUUID($NewPartner);
if($newPartnerUUID != null) {
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => $newPartnerUUID, 'PrincipalID' => $_SESSION['UUID']]);
}
}else{
$statement = $RUNTIME['PDO']->prepare('UPDATE userprofile SET profilePartner = :profilePartner WHERE useruuid = :PrincipalID');
$statement->execute(['profilePartner' => '00000000-0000-0000-0000-000000000000', 'PrincipalID' => $_SESSION['UUID']]);
}
}
}
}
else if(isset($_POST['savePassword'])) {
$validator = new FormValidator(array(
'oldPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
'newPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
'newPasswordRepeat' => array('required' => true, 'regex' => '/.{1,1000}/')
));
if($validator->isValid($_POST)) {
if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {
$hash = password_hash($NewPassword, PASSWORD_ARGON2ID);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PrincipalID' => $_SESSION['UUID']]);
$_SESSION['PASSWORD'] = $hash;
$_SESSION['profile_info'] = 'Neues Passwort gespeichert.';
}
else {
$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
}
}
else {
$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
}
}
else {
$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
}
}
header('Location: index.php?page=profile');
die();
}
$HTML->setHTMLTitle("Dein Profile");
$HTML->importSeitenInhalt("profile.html");
if(!$IARRUNNING)
{
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", '<div class="alert alert-danger" role="alert">Aktuell wird eine IAR erstellt.<br>Warte bitte bis du eine PM bekommst.</div>');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", 'disabled');
}
$statementLocalUsers = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName FROM UserAccounts ORDER BY PrincipalID ASC");
$statementLocalUsers->execute();
$allUsers = "";
while($row = $statementLocalUsers->fetch())
{
$name = '"'.$row['FirstName']." ".$row['LastName'].'"';
if($allUsers != "")
{
$allUsers .= ",".$name;
}else{
$allUsers .= $name;
}
}
$allUsers .= '," "';
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$PartnerUUID = $opensim->getPartner($_SESSION['UUID']);
$PartnerName = "";
if($PartnerUUID != null)$PartnerName = $opensim->getUserName($PartnerUUID);
if($opensim->allowOfflineIM($_SESSION['UUID']) == "TRUE")$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' checked');
$HTML->ReplaceSeitenInhalt("%%offlineIMSTATE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%firstname%%", htmlspecialchars($_SESSION['FIRSTNAME']));
$HTML->ReplaceSeitenInhalt("%%lastname%%", htmlspecialchars($_SESSION['LASTNAME']));
$HTML->ReplaceSeitenInhalt("%%partner%%", htmlspecialchars($PartnerName));
$HTML->ReplaceSeitenInhalt("%%email%%", htmlspecialchars($opensim->getUserMail($_SESSION['UUID'])));
$HTML->ReplaceSeitenInhalt("%%listAllResidentsAsJSArray%%", "");
$profileInfo = '';
if(isset($_SESSION['profile_info'])) {
$profileInfo = $_SESSION['profile_info'];
unset($_SESSION['profile_info']);
}
$HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", $profileInfo);
$HTML->ReplaceSeitenInhalt("%%IARINFOMESSAGE%%", ' ');
$HTML->ReplaceSeitenInhalt("%%IARBUTTONSTATE%%", '');
$HTML->build();
echo $HTML->ausgabe();
?>