Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bootstrap and jQuery upgrade for vulnerabilities

Browse Source
This commit is contained in:
Josh North
2021-05-28 11:33:45 -04:00
parent ef97a2d265
commit 65dcef930e
18 changed files with 2010 additions and 1027 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
profile.php
View File

@@ -76,69 +76,106 @@
if ($StaticFunctions->getUserSessionStatus() == false) { // CHECK STATUS
echo $StaticFunctions->killSession(); // ELSE DIE
} else { ?>
<!-- CONTENT START -->
<?php
$minpasslength = $StaticFunctions->getMinPass();
if (isset($_POST['saveprofile'])):
if (empty($_POST['password']) && empty($_POST['newpassword2'])):
$Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]);
header('Location: ' . $_SERVER['PHP_SELF']);
elseif (strlen($_POST['password']) < $minpasslength):
echo "Password must be at least $minpasslength characters.";
elseif (!empty($_POST['password']) && empty($_POST['newpassword2'])):
echo "Please confirm password if you wish to change it";
elseif ($_POST['password'] != $_POST['newpassword2']):
echo "New passwords do not match";
elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
// change pass
require_once("src/Misc/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
$Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $password);
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
endif;
?>
<div class="container">
<div class="row">
<div class="col-sm">
<h2><i class="fas fa-user-circle"></i> <?php echo $transLang['EDIT_PROFILE']; ?></h2>
</div>
<!-- START CONTENT -->
<?php
$minpasslength = $StaticFunctions->getMinPass();
if (isset($_POST['saveprofile'])):
if (empty($_POST['password']) && empty($_POST['newpassword2'])):
$Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]);
header('Location: ' . $_SERVER['PHP_SELF']);
elseif (strlen($_POST['password']) < $minpasslength):
echo "Password must be at least $minpasslength characters.";
elseif (!empty($_POST['password']) && empty($_POST['newpassword2'])):
echo "Please confirm password if you wish to change it";
elseif ($_POST['password'] != $_POST['newpassword2']):
echo "New passwords do not match";
elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
// change pass
require_once("src/Misc/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
$Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $password);
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
endif;
?>
<div class="container">
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<h2><i class="fas fa-user-circle"></i> <?php echo $transLang['EDIT_PROFILE']; ?></h2>
</div>
</div>
<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
<p class="lead"><?php echo $transLang['ACCOUNT_INFO_DESC'] . $minpasslength; ?></p>
<?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<div class="row row-cols-3">
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['USERNAME']; ?></span>
<input class="form-control form-control-sm" type="text" name="username" id="username" maxlength="50" value="<?php echo $session_user["0"]["users_username"]; ?>" readonly />
</div>
<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
<p class="lead"><?php echo $transLang['ACCOUNT_INFO_DESC'] . $minpasslength; ?></p>
<?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<div class="form-group row">
<label for="username" class="col-sm-2 col-form-label"><?php echo $transLang['USERNAME']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="username" id="username" maxlength="50" value="<?php echo $session_user["0"]["users_username"]; ?>" readonly /></div>
<label for="created" class="col-sm-2 col-form-label"><?php echo $transLang['CREATED']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="created" id="created" value="<?php echo $session_user["0"]["users_created"]; ?>" readonly /></div>
<label for="usertype" class="col-sm-2 col-form-label"><?php echo $transLang['USERTYPE']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="usertype" id="usertype" maxlength="50" value="<?php echo $transLang[$session_user["0"]["users_usertype"]]; ?>" readonly /></div>
</div>
<div class="form-group row">
<label for="firstname" class="col-sm-2 col-form-label"><?php echo $transLang['FIRSTNAME']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="firstname" id="firstname" maxlength="50" value="<?php echo $session_user["0"]["users_firstname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/></div>
<label for="lastname" class="col-sm-2 col-form-label"><?php echo $transLang['LASTNAME']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="lastname" id="lastname" maxlength="50" value="<?php echo $session_user["0"]["users_lastname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/></div>
<label for="email" class="col-sm-2 col-form-label"><?php echo $transLang['EMAIL']; ?></label>
<div class="col-sm-2"><input class="form-control" type="text" name="email" id="email" maxlength="100" value="<?php echo $session_user["0"]["users_email"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/></div>
</div>
<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
<div class="form-group row">
<label for="password" class="col-sm-2 col-form-label"><?php echo $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></label>
<div class="col-sm-2"><input class="form-control" type="password" name="password" id="password" /></div>
<label for="newpassword2" class="col-sm-2 col-form-label"><?php echo $transLang['CONFIRM'] . " " . $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></label>
<div class="col-sm-2"><input class="form-control" type="password" name="newpassword2" id="newpassword2" /></div>
<div class="col-sm-4"><button type="submit" name="saveprofile" id="saveprofile" class="form-control btn btn-block btn-primary"><?php echo $transLang['SAVE']; ?></button></div>
</div>
<?php } ?>
</fieldset>
</form>
</div>
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['CREATED']; ?></span>
<input class="form-control form-control-sm" type="text" name="created" id="created" value="<?php echo $session_user["0"]["users_created"]; ?>" readonly />
</div>
</div>
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['USERTYPE']; ?></span>
<input class="form-control form-control-sm" type="text" name="usertype" id="usertype" maxlength="50" value="<?php echo $transLang[$session_user["0"]["users_usertype"]]; ?>" readonly />
</div>
</div>
</div>
<div class="row row-cols-3">
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['FIRSTNAME']; ?></span>
<input class="form-control" type="text" name="firstname" id="firstname" maxlength="50" value="<?php echo $session_user["0"]["users_firstname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
</div>
</div>
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['LASTNAME']; ?></span>
<input class="form-control" type="text" name="lastname" id="lastname" maxlength="50" value="<?php echo $session_user["0"]["users_lastname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
</div>
</div>
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['EMAIL']; ?></span>
<input class="form-control" type="text" name="email" id="email" maxlength="100" value="<?php echo $session_user["0"]["users_email"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
</div>
</div>
</div>
<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
<div class="row row-cols-3">
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
<input class="form-control" type="password" name="password" id="password" />
</div>
</div>
<div class="col">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text bg-info text-dark"><?php echo $transLang['CONFIRM'] . " " . $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
<input class="form-control" type="password" name="newpassword2" id="newpassword2" />
</div>
</div>
<div class="col d-grid gap-2">
<div class="input-group input-group-sm mb-0">
<button type="submit" name="saveprofile" id="saveprofile" class="form-control btn btn-primary"><?php echo $transLang['SAVE']; ?></button>
</div>
</div>
</div>
<?php } ?>
</fieldset>
</form>
</div>
<!-- END CONTENT -->
<!-- CONTENT END -->
<?php }; require_once("inc/footer.inc.php");
<?php }; require_once("inc/footer.inc.php"); ?>