Resolve #2751 "GET-Requests für Profileinstellungen in POST ändern"

Closes #2751

Merge request studip/studip!1905

lib/phplib/Seminar_Auth.class.php

@@ -417,7 +417,7 @@ class Seminar_Auth
         $_language_path = init_i18n($_SESSION['_language']);
         include 'config.inc.php';
 
-        if (isset($_SESSION['contrast'])) {
+        if (!empty($_SESSION['contrast'])) {
             PageLayout::addStylesheet('accessibility.css');
         }
     }

lib/seminar_open.php

@@ -101,8 +101,8 @@ if ($auth->is_authenticated() && is_object($user) && $user->id != "nobody") {
         if (UserConfig::get($user->id)->PERSONAL_STARTPAGE > 0 && $i_page == "index.php" && !$perm->have_perm("root")) {
             $seminar_open_redirected = TRUE;
         }
-        if (!empty($_SESSION['contrast'])) {
-            UserConfig::get($GLOBALS['user']->id)->store('USER_HIGH_CONTRAST', 1);
+        if (isset($_SESSION['contrast'])) {
+            UserConfig::get($GLOBALS['user']->id)->store('USER_HIGH_CONTRAST', $_SESSION['contrast']);
             unset($_SESSION['contrast']);
         }
         $user_did_login = true;
@@ -111,7 +111,7 @@ if ($auth->is_authenticated() && is_object($user) && $user->id != "nobody") {
     TwoFactorAuth::get()->secureSession();
 }
 
-if (isset($_SESSION['contrast']) || UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST) {
+if (!empty($_SESSION['contrast']) || UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST) {
     PageLayout::addStylesheet('accessibility.css');
 }
 

public/index.php

@@ -24,22 +24,24 @@ page_open(['sess' => 'Seminar_Session', 'auth' => 'Seminar_Default_Auth', 'perm'
 $auth->login_if(Request::get('again') && ($auth->auth['uid'] == 'nobody'));
 
 // if desired, switch to high contrast stylesheet and store when user logs in
-if (Request::get('unset_contrast')) {
-    unset($_SESSION['contrast']);
-}
-if (Request::get('set_contrast') ) {
-    $_SESSION['contrast'] = true;
-}
+if (Request::submitted('user_config_submitted')) {
+    CSRFProtection::verifyUnsafeRequest();
+    if (Request::submitted('unset_contrast')) {
+        $_SESSION['contrast'] = 0;
+    }
+    if (Request::submitted('set_contrast')) {
+        $_SESSION['contrast'] = 1;
+    }
 
 // evaluate language clicks
 // has to be done before seminar_open to get switching back to german (no init of i18n at all))
-if (Request::get('set_language')) {
-    if(array_key_exists(Request::get('set_language'), $GLOBALS['INSTALLED_LANGUAGES'])) {
-        $_SESSION['forced_language'] = Request::get('set_language');
-        $_SESSION['_language'] = Request::get('set_language');
+    foreach (array_keys($GLOBALS['INSTALLED_LANGUAGES']) as $language_key) {
+        if (Request::submitted('set_language_' . $language_key)) {
+            $_SESSION['forced_language'] = $language_key;
+            $_SESSION['_language'] = $language_key;
+        }
     }
 }
-
 // store user-specific language preference
 if ($auth->is_authenticated() && $user->id != 'nobody') {
     // store last language click

public/logout.php

@@ -62,9 +62,14 @@ if ($auth->auth["uid"]!="nobody") {
     if (!empty($docaslogout)) {
         $casauth->logout();
     }
+    $sess->start();
+    $_SESSION['_language'] = $_language;
+    if ($contrast) {
+        $_SESSION['contrast'] = $contrast;
+    }
 } else {
     $sess->delete();
     page_close();
 }
 
-header("Location:" . URLHelper::getURL("index.php?logout=true&set_language=$_language&set_contrast=$contrast"));
+header("Location:" . URLHelper::getURL("index.php?logout=true"));

resources/assets/stylesheets/highcontrast.scss

@@ -1548,5 +1548,8 @@ button.skiplink {
             }
         }
     }
-
+}
+button.as-link {
+    text-decoration: underline;
+    color: $contrast-blue;
 }

resources/assets/stylesheets/scss/buttons.scss

@@ -141,14 +141,20 @@ button.styleless {
     background-color: unset;
     border: 0;
 }
+
 button.as-link {
+    border: 0;
     background-color: transparent;
-    border: none;
     color: var(--base-color);
     cursor: pointer;
-    margin: 0px;
-    padding: 0px;
-    &:hover {
+    line-height: 1em;
+    padding: 0;
+    &:hover,
+    &:active {
         color: var(--active-color);
     }
+
+    @media not prefers-reduced-motion {
+        transition: color $transition-duration;
+    }
 }

resources/assets/stylesheets/scss/index.scss

@@ -88,7 +88,7 @@ $gap-between-boxes: calc($login-page-margin / 2);
             font-size: 0.9em;
             padding: 10px;
 
-            a {
+            button {
                 text-decoration: underline;
             }
         }

templates/index_nobody.php

 <?php
 /**
+ * @var int $num_active_courses
+ * @var int $num_registered_users
+ * @var int $num_online_users
  * @var bool $logout
  * @var string[] $plugin_contents
  */
@@ -21,12 +24,9 @@ if ($bg_mobile) {
 ?>
 <!-- Startseite (nicht eingeloggt) -->
 <main id="content">
-<? if ($logout): ?>
-    <?= MessageBox::success(
-        _('Sie sind nun aus dem System abgemeldet.'),
-        array_filter((array) $GLOBALS['UNI_LOGOUT_ADD'])
-    ) ?>
-<? endif; ?>
+    <? if ($logout): ?>
+        <?= MessageBox::success(_('Sie sind nun aus dem System abgemeldet.'), array_filter([$GLOBALS['UNI_LOGOUT_ADD']])) ?>
+    <? endif; ?>
 
     <div id="background-desktop" style="background: url(<?= $bg_desktop ?>) no-repeat top left/cover;"></div>
     <div id="background-mobile" style="background: url(<?= $bg_mobile ?>) no-repeat top left/cover;"></div>
@@ -62,38 +62,62 @@ if ($bg_mobile) {
                     <?= $GLOBALS['UNI_LOGIN_ADD'] ?>
                 </div>
             <? endif; ?>
+            <form method="POST" action="index.php">
+                <?=CSRFProtection::tokenTag()?>
+                <input type="hidden" name="user_config_submitted" value="1">
+                <div id="languages">
+                    <? foreach ($GLOBALS['INSTALLED_LANGUAGES'] as $temp_language_key => $temp_language): ?>
+                        <?= Assets::img('languages/' . $temp_language['picture'], ['alt' => $temp_language['name'], 'size' => '24']) ?>
+                        <button class="as-link" name="set_language_<?=$temp_language_key?>">
+                            <?= htmlReady($temp_language['name']) ?>
+                        </button>
+                    <? endforeach; ?>
+                </div>
+                <div id="contrast">
+                    <?=CSRFProtection::tokenTag()?>
+                    <? if (!empty($_SESSION['contrast'])) : ?>
+                        <?= Icon::create('accessibility')->asImg(24) ?>
+                        <button class="as-link" name="unset_contrast"><?= _('Normalen Kontrast aktivieren') ?></button>
+                        <?= tooltipIcon(_('Aktiviert standardmäßige, nicht barrierefreie Kontraste.')); ?>
+                    <? else : ?>
+                        <?= Icon::create('accessibility')->asImg(24) ?>
+                        <button class="as-link" name="set_contrast"><?= _('Hohen Kontrast aktivieren') ?></button>
+                        <?= tooltipIcon(_('Aktiviert einen hohen Kontrast gemäß WCAG 2.1. Diese Einstellung wird nach dem Login übernommen.
+                        Sie können sie in Ihren persönlichen Einstellungen ändern.')); ?>
+                    <? endif ?>
+                </div>
+            </form>
 
-            <div id="languages">
-                <? foreach ($GLOBALS['INSTALLED_LANGUAGES'] as $temp_language_key => $temp_language): ?>
-                    <?= Assets::img('languages/' . $temp_language['picture'], ['alt' => $temp_language['name'], 'size' => '24']) ?>
-                    <a href="index.php?set_language=<?= $temp_language_key ?>">
-                        <?= htmlReady($temp_language['name']) ?>
-                    </a>
-                <? endforeach; ?>
-            </div>
+            <div class="login_info">
+                <div>
+                    <?= _('Aktive Veranstaltungen') ?>:
+                    <?= number_format($num_active_courses, 0, ',', '.') ?>
+                </div>
 
-            <div id="contrast">
-                <? if (isset($_SESSION['contrast'])) : ?>
-                    <?= Icon::create('accessibility')->asImg(24) ?>
-                    <a href="index.php?unset_contrast=1"><?= _('Normalen Kontrast aktivieren') ?></a>
-                    <?= tooltipIcon(_('Aktiviert standardmäßige, nicht barrierefreie Kontraste.')); ?>
-                <? else : ?>
-                    <?= Icon::create('accessibility')->asImg(24) ?>
-                    <a href="index.php?set_contrast=1" id="highcontrastlink"><?= _('Hohen Kontrast aktivieren')?></a>
-                    <?= tooltipIcon(_('Aktiviert einen hohen Kontrast gemäß WCAG 2.1. Diese Einstellung wird nach dem Login übernommen.
-                    Sie können sie in Ihren persönlichen Einstellungen ändern.')); ?>
-                <? endif ?>
+                <div>
+                    <?= _('Registrierte NutzerInnen') ?>:
+                    <?= number_format($num_registered_users, 0, ',', '.') ?>
+                </div>
+
+                <div>
+                    <?= _('Davon online') ?>:
+                    <?= number_format($num_online_users, 0, ',', '.') ?>
+                </div>
 
+                <div>
+                    <a href="dispatch.php/siteinfo/show">
+                        <?= _('mehr') ?> &hellip;
+                    </a>
+                </div>
             </div>
         </footer>
     </article>
 
-<? if (count($plugin_contents) > 0): ?>
-    <div id="login-plugin-contents">
-    <? foreach ($plugin_contents as $content): ?>
-        <?= $content ?>
-    <? endforeach; ?>
-    </div>
-<? endif; ?>
+    <? if (count($plugin_contents) > 0): ?>
+        <div id="login-plugin-contents">
+            <? foreach ($plugin_contents as $content): ?>
+                <?= $content ?>
+            <? endforeach; ?>
+        </div>
+    <? endif; ?>
 </main>
-