NEW FEATURE: new settings page, user can now change timezone

rewrote the settings page, timezone can now be changed, the user menu
shows up on the left on the pref page. Added a link to the pref-page in the left menu.

Signed-off-by: Arun Persaud <arun@nubati.net>

1 files changed, 177 insertions, 0 deletions

diff --git a/include/preferences.php b/include/preferences.php
new file mode 100644
index 0000000..fdb6a19
--- /dev/null
+++ b/include/preferences.php
@@ -0,0 +1,177 @@
+<?php
+/* make sure that we are not called from outside the scripts, 
+ * use a variable defined in config.php to check this
+ */
+if(!isset($HOST))
+  exit;
+
+$name  = $_SESSION["name"];
+$email = DB_get_email('name',$name);
+$myid = DB_get_userid('email',$email);
+if(!$myid)
+  return;
+
+/* track what got changed */
+$changed_notify	  = 0;
+$changed_password = 0;
+$changed_cards	  = 0;
+$changed_timezone = 0;
+
+output_status();
+display_user_menu();
+
+/* get old infos */
+$PREF = DB_get_PREF($myid);
+$timezone =  DB_get_user_timezone($myid);
+
+DB_update_user_timestamp($myid);
+
+/* does the user want to change some preferences? */
+if(myisset("timezone"))
+  {
+    $newtimezone=$_REQUEST['timezone'];
+    if($newtimezone != $timezone)
+      {
+	DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone).
+		 " WHERE id=".DB_quote_smart($myid));
+	$changed_timezone = 1;
+      }
+  }
+
+if(myisset("cards"))
+  {
+    $cards=$_REQUEST['cards'];
+    if($cards != $PREF['cardset'])
+      {
+	/* check if we already have an entry for the user, if so change it, if not create new one */
+	$result = DB_query("SELECT * from User_Prefs".
+			   " WHERE user_id='$myid' AND pref_key='cardset'" );
+	if( DB_fetch_array($result))
+	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
+			     " WHERE user_id='$myid' AND pref_key='cardset'" );
+	else
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
+			     DB_quote_smart($cards).")");
+	$changed_cards = 1;
+      }
+  }
+
+if(myisset("notify"))
+  {
+    $notify=$_REQUEST['notify'];
+    if($notify != $PREF['email'])
+      {
+	/* check if we already have an entry for the user, if so change it, if not create new one */
+	$result = DB_query("SELECT * from User_Prefs".
+			   " WHERE user_id='$myid' AND pref_key='email'" );
+	if( DB_fetch_array($result))
+	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
+			     " WHERE user_id='$myid' AND pref_key='email'" );
+	else
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
+			     DB_quote_smart($notify).")");
+	$changed_notify=1;
+      }
+  }
+
+if(myisset("password0") &&  $_REQUEST["password0"]!="" )
+  {
+    $changed_password = 1;
+
+    /* check if old password matches */
+    $oldpasswd = md5($_REQUEST["password0"]);
+    $password  = DB_get_passwd_by_userid($myid);
+    if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+      $changed_password = -1;
+
+    /* check if new passwords are types the same twice */
+    if($_REQUEST["password1"] != $_REQUEST["password2"] )
+      $changed_password = -2;
+    
+    if($changed_password==1)
+      {
+	DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+		 "' WHERE id=".DB_quote_smart($myid));
+      }
+    /* error output below */
+  }
+
+/* get infos again in case they have changed */
+$PREF     = DB_get_PREF($myid);
+$timezone = DB_get_user_timezone($myid);
+
+/* output settings */
+
+echo "<div class=\"user\">\n";
+echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
+echo "  <h2>Your settings are</h2>\n";
+echo "    <table>\n";
+echo "    <tr><td>Email:                 </td><td> $email    </td></tr>\n";
+echo "    <tr><td>Timezone:              </td><td>";
+output_select_timezone("timezone",$timezone);
+if($changed_timezone) echo "changed";
+echo "</td></tr>\n";
+echo "    <tr><td>Notification:          </td><td>";
+
+echo "  <select id=\"notify\" name=\"notify\" size=\"1\">\n";
+      if($PREF['email']=="emailaddict")
+	{
+	  echo "   <option value=\"emailaddict\" selected=\"selected\">lots of emails</option>\n";
+	  echo "   <option value=\"emailnonaddict\">less emails</option>\n";
+	}
+      else
+	{
+	  echo "   <option value=\"emailaddict\">lots of email</option>\n";
+	  echo "   <option value=\"emailnonaddict\" selected=\"selected\">less email</option>\n";
+	}
+  echo "  </select>\n";
+if($changed_notify) echo "changed";
+echo " </td></tr>\n";    
+echo "    <tr><td>Card set:              </td><td>";
+
+echo "  <select id=\"cards\" name=\"cards\" size=\"1\">\n";
+      if($PREF['cardset']=="altenburg")
+	{
+	  echo "   <option value=\"altenburg\" selected=\"selected\">German cards</option>\n";
+	  echo "   <option value=\"english\">English cards</option>\n";
+	}
+      else
+	{
+	  echo "   <option value=\"altenburg\">German cards</option>\n";
+	  echo "   <option value=\"english\" selected=\"selected\">English cards</option>\n";
+	}
+  echo "  </select>\n";
+if($changed_cards) echo "changed";
+echo " </td></tr>\n";    
+echo "    <tr><td>Password(old):         </td><td>",
+  "<input type=\"password\" id=\"password0\" name=\"password0\" size=\"20\" maxlength=\"30\" />";
+switch($changed_password)
+  {
+  case '-2':
+    echo "The new passwords don't match.";
+    break;
+  case '-1':
+    echo "The old password is not correct.";
+    break;
+  case '1':
+    echo "changed";
+    break;
+  }
+echo  " </td></tr>\n";
+echo "    <tr><td>Password(new):         </td><td>",
+  "<input type=\"password\" id=\"password1\" name=\"password1\" size=\"20\" maxlength=\"30\" />",
+  " </td></tr>\n";
+echo "    <tr><td>Password(new, retype): </td><td>",
+  "<input type=\"password\" id=\"password2\" name=\"password2\" size=\"20\" maxlength=\"30\" />",
+  " </td></tr>\n";
+echo "    <tr><td><input type=\"submit\" class=\"submitbutton\" name=\"passwd\" value=\"set\" /></td>",
+  "<td></td></tr>\n";
+echo "    </table>\n";
+echo "  </form>\n";
+echo "</div>\n";    
+
+output_footer();
+DB_close();
+exit();
+
+?>
\ No newline at end of file