*
* This file is part of e-DoKo.
*
* e-DoKo is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* e-DoKo is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with e-DoKo. If not, see .
*
*/
/* make sure that we are not called from outside the scripts,
* use a variable defined in config.php to check this
*/
if(!isset($HOST))
exit;
include_once('openid.php');
$name = $_SESSION["name"];
$email = DB_get_email('name',$name);
$myid = DB_get_userid('email',$email);
if(!$myid)
return;
/* track what got changed */
$changed_notify = 0;
$changed_password = 0;
$changed_cards = 0;
$changed_timezone = 0;
$changed_autosetup = 0;
$changed_sorting = 0;
$changed_openforgames = 0;
$changed_vacation = 0;
$changed_openid = 0;
$changed_digest = 0;
$changed_language = 0;
display_user_menu($myid);
/* get old infos */
$PREF = DB_get_PREF($myid);
/* set language chosen in preferences, will become active on the next reload (see index.php)*/
$_SESSION['language'] = $PREF['language'];
$timezone = DB_get_user_timezone($myid);
DB_update_user_timestamp($myid);
/* does the user want to change some preferences?
* update the database and track changes with a variable, so that
* we can later highlight the changed value
*/
/* check for deleted openids */
foreach($_REQUEST as $key=>$value)
{
if(strstr($key,"delete-openid-"))
{
/* found and openid to delete */
$DelOpenID = substr(str_replace("_",".",$key),14);
DB_DetachOpenID($DelOpenID, $myid);
$changed_openid = 1;
}
}
if(myisset('vacation_start','vacation_stop','vacation_comment') &&
($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='')
)
{
$vacation_start = $_REQUEST['vacation_start'].' 00:00:00';
$vacation_stop = $_REQUEST['vacation_stop'].' 23:59:59';
$vacation_comment = $_REQUEST['vacation_comment'];
/* check if everything is valid */
if(!strtotime($vacation_start))
$changed_vacation = -1;
if(!strtotime($vacation_stop))
$changed_vacation = -1;
/* test if we should delete the entry */
if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop'])
{
$result = DB_query("DELETE FROM User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation start'" );
$result = DB_query("DELETE FROM User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation stop'" );
$result = DB_query("DELETE FROM User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation comment'" );
$changed_vacation = 1;
}
/* change in database if format is ok */
else if($changed_vacation>=0)
{
/* only change if different from current value */
if($vacation_start!=$PREF['vacation_start'])
{
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation start'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
" WHERE user_id='$myid' AND pref_key='vacation start'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
DB_quote_smart($vacation_start).")");
$changed_vacation = 1;
}
/* same for the stop date */
if($vacation_stop!=$PREF['vacation_stop'])
{
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation stop'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
" WHERE user_id='$myid' AND pref_key='vacation stop'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
DB_quote_smart($vacation_stop).")");
$changed_vacation = 1;
}
/* does the user want to add a comment? */
if($vacation_comment!=$PREF['vacation_comment'])
{
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='vacation comment'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
" WHERE user_id='$myid' AND pref_key='vacation comment'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
DB_quote_smart($vacation_comment).")");
$changed_vacation = 1;
}
}
}
if(myisset("timezone"))
{
$newtimezone = $_REQUEST['timezone'];
if($newtimezone != $timezone)
{
DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone).
" WHERE id=".DB_quote_smart($myid));
$changed_timezone = 1;
}
}
if(myisset("cards"))
{
$cards=$_REQUEST['cards'];
if($cards != $PREF['cardset'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='cardset'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
" WHERE user_id='$myid' AND pref_key='cardset'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
DB_quote_smart($cards).")");
$changed_cards = 1;
}
}
if(myisset("notify"))
{
$notify=$_REQUEST['notify'];
if($notify != $PREF['email'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='email'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
" WHERE user_id='$myid' AND pref_key='email'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
DB_quote_smart($notify).")");
$changed_notify=1;
}
}
if(myisset("digest"))
{
$digest=$_REQUEST['digest'];
if($digest != $PREF['digest'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='digest'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest).
" WHERE user_id='$myid' AND pref_key='digest'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',".
DB_quote_smart($digest).")");
$changed_digest=1;
}
}
if(myisset("autosetup"))
{
$autosetup = $_REQUEST['autosetup'];
if($autosetup != $PREF['autosetup'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='autosetup'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
" WHERE user_id='$myid' AND pref_key='autosetup'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
DB_quote_smart($autosetup).")");
$changed_autosetup=1;
}
}
if(myisset("sorting"))
{
$sorting = $_REQUEST['sorting'];
if($sorting != $PREF['sorting'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='sorting'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
" WHERE user_id='$myid' AND pref_key='sorting'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
DB_quote_smart($sorting).")");
$changed_sorting=1;
}
}
if(myisset("open_for_games"))
{
$openforgames = $_REQUEST['open_for_games'];
if($openforgames != $PREF['open_for_games'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='open for games'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
" WHERE user_id='$myid' AND pref_key='open for games'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
DB_quote_smart($openforgames).")");
$changed_openforgames=1;
}
}
if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" && $_REQUEST["password0"]!= $_REQUEST["password1"])
{
$changed_password = 1;
/* check if old password matches */
$result = verify_password($email, $_REQUEST["password0"]);
if( $result!=0 )
$changed_password = -1;
/* check if new password has been typed in correctly */
if($_REQUEST["password1"] != $_REQUEST["password2"] )
$changed_password = -2;
/* check if new password is long enough */
if(strlen($_REQUEST["password1"])<4)
$changed_password = -3;
if($changed_password==1)
{
// create a password hash using the crypt function, need php 5.3 for this
// create and random salt
$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
// hash incoming password using 12 rounds of blowfish
$hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
DB_query("UPDATE User SET password='".$hash.
"' WHERE id=".DB_quote_smart($myid));
/* in case this was done using a recovery password delete that password */
$tmppasswd = md5($_REQUEST["password0"]);
if(DB_check_recovery_passwords($tmppasswd,$email))
DB_delete_recovery_passwords($myid);
}
/* error output below */
}
if(myisset("openid_url") && $_REQUEST['openid_url']!='')
{
$openid_url = OpenIDUrlEncode($_REQUEST['openid_url']);
DB_AttachOpenID($openid_url, $myid);
}
if(myisset("language"))
{
$language = $_REQUEST['language'];
if($language != $PREF['language'])
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='language'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language).
" WHERE user_id='$myid' AND pref_key='language'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','language',".
DB_quote_smart($language).")");
$changed_language = 1;
}
}
/* get infos again in case they have changed */
$PREF = DB_get_PREF($myid);
$timezone = DB_get_user_timezone($myid);
/*
* output settings
*/
echo "
\n";
echo "
\n";
echo '
'._('E-DoKo uses gravatars as icons.').'
';
echo "
\n";
// add jquery date picker if html5 is not available
?>