consolidation, cleanup, security, users and admin page updates and fixes

profile.php

@@ -84,99 +84,126 @@
 
 <!-- START CONTENT -->
 <?php
+// FILTER POSTED DATA
+$form_data = filter_input_array(INPUT_POST, [
+    'form_data_saveprofile' => (string)FILTER_SANITIZE_STRING,
+    'form_data_passwordinitial' => (string)FILTER_SANITIZE_STRING,
+    'form_data_passwordconfirm' => (string)FILTER_SANITIZE_STRING,
+    'form_data_firstname' => (string)FILTER_SANITIZE_STRING,
+    'form_data_lastname' => (string)FILTER_SANITIZE_STRING,
+    'form_data_email' => (string)FILTER_SANITIZE_STRING
+]);
+
   $minpasslength = $StaticFunctions->getMinPass();
-  if (isset($_POST['saveprofile'])):
-    if (empty($_POST['password']) && empty($_POST['newpassword2'])):
-      $Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]);
-      header('Location: ' . $_SERVER['PHP_SELF']);
-    elseif (strlen($_POST['password']) < $minpasslength):
+  if (isset($form_data['form_data_saveprofile'])):
+    if (empty($form_data['form_data_passwordinitial']) && empty($form_data['form_data_passwordconfirm'])):
+      $Users->setUserInfo($session_user["0"]["users_id"], $form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]);
+      header('Location: profile.php');
+    elseif (strlen($form_data['form_data_passwordinitial']) < $minpasslength):
       echo "Password must be at least $minpasslength characters.";
-    elseif (!empty($_POST['password']) && empty($_POST['newpassword2'])):
+    elseif (!empty($form_data['form_data_passwordinitial']) && empty($form_data['form_data_passwordconfirm'])):
       echo "Please confirm password if you wish to change it";
-    elseif ($_POST['password'] != $_POST['newpassword2']):
+    elseif ($form_data['form_data_passwordinitial'] != $form_data['form_data_passwordconfirm']):
       echo "New passwords do not match";
-    elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
+    elseif (!empty($form_data['form_data_passwordinitial']) && ($form_data['form_data_passwordinitial'] = $form_data['form_data_passwordconfirm'])):
     // change pass
     require_once("src/Misc/PasswordHash.php");
     $hasher = new PasswordHash(8, FALSE);
-    $password = $hasher->HashPassword($_POST['password']);
-    $Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $password);
-    header('Location: ' . $_SERVER['PHP_SELF']);
+    $password = $hasher->HashPassword($form_data['form_data_passwordinitial']);
+    $Users->setUserInfo($session_user["0"]["users_id"], $form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_email'], $session_user["0"]["users_usertypeid"], $password);
+    header('Location: profile.php');
     endif;
   endif;
 ?>
-  <div class="container">
-    <div class="row row-cols-1">
+  <div class="container-fluid">
+    <div class="row row-cols-3 mb-2">
       <div class="col d-grid gap-2">
         <h2><i class="fas fa-user-circle"></i> <?php echo $transLang['EDIT_PROFILE']; ?></h2>
       </div>
+      <div class="col d-grid gap-2 text-center">
+      </div>
+      <div class="col text-end">
+        <a href="profile.php" type="button" class="btn btn-primary btn-lg"><i class="fa fa-redo"></i> <?php echo $transLang['REFRESH']; ?></a>
+      </div>
     </div>
-<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
-    <p class="lead"><?php echo $transLang['ACCOUNT_INFO_DESC'] . $minpasslength; ?></p>
-<?php } ?>
-    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
+    <?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
+    <div class="row row-cols-1 mb-2">
+      <div class="col d-grid gap-2">
+        <p class="lead"><?php echo $transLang['ACCOUNT_INFO_DESC'] . $minpasslength; ?></p>
+      </div>
+    </div>
+    <?php } elseif (Registry::AUTHMETHOD == 'SAML') { ?>
+    <div class="row row-cols-1 mb-2">
+      <div class="col d-grid gap-2">
+        <p class="lead"><?php echo $transLang['ACCOUNT_INFO_AUTHLOCKED']; ?></p>
+      </div>
+    </div>
+    <?php } ?>
+    <form method="post">
       <fieldset>
-        <div class="row row-cols-3">
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['USER-USERNAME']; ?></span>
-              <input class="form-control form-control-sm" type="text" name="username" id="username" maxlength="50" value="<?php echo $session_user["0"]["users_username"]; ?>" readonly />
-            </div>
-          </div>
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['CREATED']; ?></span>
-              <input class="form-control form-control-sm" type="text" name="created" id="created" value="<?php echo $session_user["0"]["users_created"]; ?>" readonly />
-            </div>
-          </div>
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['USER-TYPE']; ?></span>
-              <input class="form-control form-control-sm" type="text" name="usertype" id="usertype" maxlength="50" value="<?php echo $transLang[$session_user["0"]["users_usertype"]]; ?>" readonly />
-            </div>
-          </div>
-        </div>
-        <div class="row row-cols-3">
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['FIRSTNAME']; ?></span>
-              <input class="form-control" type="text" name="firstname" id="firstname" maxlength="50" value="<?php echo $session_user["0"]["users_firstname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
-            </div>
-          </div>
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['LASTNAME']; ?></span>
-              <input class="form-control" type="text" name="lastname" id="lastname" maxlength="50" value="<?php echo $session_user["0"]["users_lastname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
-            </div>
-          </div>
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['EMAIL']; ?></span>
-              <input class="form-control" type="text" name="email" id="email" maxlength="100" value="<?php echo $session_user["0"]["users_email"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
-            </div>
-          </div>
-        </div>
-<?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
-        <div class="row row-cols-3">
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
-              <input class="form-control" type="password" name="password" id="password" />
-            </div>
-          </div>
-          <div class="col">
-            <div class="input-group input-group-sm mb-0">
-              <span class="input-group-text bg-info text-dark"><?php echo $transLang['STR_COMMON_CONFIRM'] . " " . $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
-              <input class="form-control" type="password" name="newpassword2" id="newpassword2" />
+        <div class="row row-cols-2 mb-2">
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['USER-USERNAME']; ?></span>
+              <input class="form-control bg-white" type="text" name="username" id="username" maxlength="50" value="<?php echo $session_user["0"]["users_username"]; ?>" readonly />
             </div>
           </div>
           <div class="col d-grid gap-2">
-            <div class="input-group input-group-sm mb-0">
-              <button type="submit" name="saveprofile" id="saveprofile" class="form-control btn btn-primary"><i class="fas fa-save"></i>&nbsp;<?php echo $transLang['STR_COMMON_SAVE']; ?></button>
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['CREATED']; ?></span>
+              <input class="form-control bg-white" type="text" name="created" id="created" value="<?php echo $session_user["0"]["users_created"]; ?>" readonly />
             </div>
           </div>
         </div>
-<?php } ?>
+        <div class="row row-cols-2 mb-2">
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['USER-TYPE']; ?></span>
+              <input class="form-control bg-white" type="text" name="usertype" id="usertype" maxlength="50" value="<?php echo $transLang[$session_user["0"]["users_usertype"]]; ?>" readonly />
+            </div>
+          </div>
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['EMAIL']; ?></span>
+              <input class="form-control bg-white" type="text" name="form_data_email" id="form_data_email" maxlength="100" value="<?php echo $session_user["0"]["users_email"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
+            </div>
+          </div>
+        </div>
+        <div class="row row-cols-2 mb-2">
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['FIRSTNAME']; ?></span>
+              <input class="form-control bg-white" type="text" name="form_data_firstname" id="form_data_firstname" maxlength="50" value="<?php echo $session_user["0"]["users_firstname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
+            </div>
+          </div>
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['LASTNAME']; ?></span>
+              <input class="form-control bg-white" type="text" name="form_data_lastname" id="form_data_lastname" maxlength="50" value="<?php echo $session_user["0"]["users_lastname"]; ?>" <?php if (Registry::AUTHMETHOD == 'SAML') { echo "readonly "; } ?>/>
+            </div>
+          </div>
+        </div>
+        <?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
+        <div class="row row-cols-3 mb-2">
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
+              <input class="form-control bg-white" type="password" name="form_data_passwordinitial" id="form_data_passwordinitial" />
+            </div>
+          </div>
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <span class="input-group-text"><?php echo $transLang['STR_COMMON_CONFIRM'] . " " . $transLang['NEW'] . " " . $transLang['PASSWORD']; ?></span>
+              <input class="form-control bg-white" type="password" name="form_data_passwordconfirm" id="form_data_passwordconfirm" />
+            </div>
+          </div>
+          <div class="col d-grid gap-2">
+            <div class="input-group">
+              <button type="submit" name="form_data_saveprofile" id="form_data_saveprofile" class="form-control btn btn-success"><i class="fas fa-save"></i>&nbsp;<?php echo $transLang['STR_COMMON_SAVE']; ?></button>
+            </div>
+          </div>
+        </div>
+        <?php } ?>
       </fieldset>
     </form>
     <hr />