include/preferences.php

   1 <?php
   2 /* make sure that we are not called from outside the scripts,
   3  * use a variable defined in config.php to check this
   4  */
   5 if(!isset($HOST))
   6   exit;
   7
   8 include_once('openid.php');
   9
  10 $name  = $_SESSION["name"];
  11 $email = DB_get_email('name',$name);
  12 $myid  = DB_get_userid('email',$email);
  13 if(!$myid)
  14   return;
  15
  16 /* track what got changed */
  17 $changed_notify       = 0;
  18 $changed_password     = 0;
  19 $changed_cards        = 0;
  20 $changed_timezone     = 0;
  21 $changed_autosetup    = 0;
  22 $changed_sorting      = 0;
  23 $changed_openforgames = 0;
  24 $changed_vacation     = 0;
  25 $changed_openid       = 0;
  26
  27 display_user_menu($myid);
  28
  29 /* get old infos */
  30 $PREF = DB_get_PREF($myid);
  31 $timezone =  DB_get_user_timezone($myid);
  32
  33 DB_update_user_timestamp($myid);
  34
  35 /* does the user want to change some preferences?
  36  * update the database and track changes with a variable, so that
  37  * we can later highlight the changed value
  38  */
  39
  40 /* check for deleted openids */
  41 foreach($_REQUEST as $key=>$value)
  42 {
  43   if(strstr($key,"delete-openid-"))
  44     {
  45       /* found and openid to delete */
  46       $DelOpenID = substr(str_replace("_",".",$key),14);
  47       DB_DetachOpenID($DelOpenID, $myid);
  48       $changed_openid = 1;
  49     }
  50 }
  51
  52
  53 if(myisset('vacation_start','vacation_stop','vacation_comment') &&
  54    ($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='')
  55    )
  56   {
  57     $vacation_start   = $_REQUEST['vacation_start'].' 00:00:00';
  58     $vacation_stop    = $_REQUEST['vacation_stop'].' 23:59:59';
  59     $vacation_comment = $_REQUEST['vacation_comment'];
  60
  61     /* check if everything is valid */
  62     if(!strtotime($vacation_start))
  63       $changed_vacation = -1;
  64     if(!strtotime($vacation_stop))
  65       $changed_vacation = -1;
  66
  67     /* test if we should delete the entry */
  68     if($vacation_start == '- 00:00:00')
  69       {
  70         $result = DB_query("DELETE FROM User_Prefs".
  71                            " WHERE user_id='$myid' AND pref_key='vacation start'" );
  72         $result = DB_query("DELETE FROM User_Prefs".
  73                            " WHERE user_id='$myid' AND pref_key='vacation stop'" );
  74         $result = DB_query("DELETE FROM User_Prefs".
  75                            " WHERE user_id='$myid' AND pref_key='vacation comment'" );
  76         $changed_vacation = 1;
  77       }
  78     /* change in database if format is ok */
  79     else if($changed_vacation>=0)
  80       {
  81         /* only change if different from current value */
  82         if($vacation_start!=$PREF['vacation_start'])
  83           {
  84             $result = DB_query("SELECT * from User_Prefs".
  85                                " WHERE user_id='$myid' AND pref_key='vacation start'" );
  86             if( DB_fetch_array($result))
  87               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
  88                                  " WHERE user_id='$myid' AND pref_key='vacation start'" );
  89             else
  90               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
  91                                  DB_quote_smart($vacation_start).")");
  92
  93             $changed_vacation = 1;
  94           }
  95
  96         /* same for the stop date */
  97         if($vacation_stop!=$PREF['vacation_stop'])
  98           {
  99             $result = DB_query("SELECT * from User_Prefs".
 100                                " WHERE user_id='$myid' AND pref_key='vacation stop'" );
 101             if( DB_fetch_array($result))
 102               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
 103                                  " WHERE user_id='$myid' AND pref_key='vacation stop'" );
 104             else
 105               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
 106                                  DB_quote_smart($vacation_stop).")");
 107
 108             $changed_vacation = 1;
 109           }
 110
 111         /* does the user want to add a comment? */
 112         if($vacation_comment!=$PREF['vacation_comment'])
 113           {
 114             $result = DB_query("SELECT * from User_Prefs".
 115                                " WHERE user_id='$myid' AND pref_key='vacation comment'" );
 116             if( DB_fetch_array($result))
 117               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
 118                                  " WHERE user_id='$myid' AND pref_key='vacation comment'" );
 119             else
 120               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
 121                                  DB_quote_smart($vacation_comment).")");
 122
 123             $changed_vacation = 1;
 124           }
 125       }
 126   }
 127
 128 if(myisset("timezone"))
 129   {
 130     $newtimezone = $_REQUEST['timezone'];
 131     if($newtimezone != $timezone)
 132       {
 133         DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone).
 134                  " WHERE id=".DB_quote_smart($myid));
 135         $changed_timezone = 1;
 136       }
 137   }
 138
 139 if(myisset("cards"))
 140   {
 141     $cards=$_REQUEST['cards'];
 142     if($cards != $PREF['cardset'])
 143       {
 144         /* check if we already have an entry for the user, if so change it, if not create new one */
 145         $result = DB_query("SELECT * from User_Prefs".
 146                            " WHERE user_id='$myid' AND pref_key='cardset'" );
 147         if( DB_fetch_array($result))
 148           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
 149                              " WHERE user_id='$myid' AND pref_key='cardset'" );
 150         else
 151           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
 152                              DB_quote_smart($cards).")");
 153         $changed_cards = 1;
 154       }
 155   }
 156
 157 if(myisset("notify"))
 158   {
 159     $notify=$_REQUEST['notify'];
 160     if($notify != $PREF['email'])
 161       {
 162         /* check if we already have an entry for the user, if so change it, if not create new one */
 163         $result = DB_query("SELECT * from User_Prefs".
 164                            " WHERE user_id='$myid' AND pref_key='email'" );
 165         if( DB_fetch_array($result))
 166           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
 167                              " WHERE user_id='$myid' AND pref_key='email'" );
 168         else
 169           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
 170                              DB_quote_smart($notify).")");
 171         $changed_notify=1;
 172       }
 173   }
 174
 175 if(myisset("autosetup"))
 176   {
 177     $autosetup = $_REQUEST['autosetup'];
 178     if($autosetup != $PREF['autosetup'])
 179       {
 180         /* check if we already have an entry for the user, if so change it, if not create new one */
 181         $result = DB_query("SELECT * from User_Prefs".
 182                            " WHERE user_id='$myid' AND pref_key='autosetup'" );
 183         if( DB_fetch_array($result))
 184           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
 185                              " WHERE user_id='$myid' AND pref_key='autosetup'" );
 186         else
 187           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
 188                              DB_quote_smart($autosetup).")");
 189         $changed_autosetup=1;
 190       }
 191   }
 192
 193 if(myisset("sorting"))
 194   {
 195     $sorting = $_REQUEST['sorting'];
 196     if($sorting != $PREF['sorting'])
 197       {
 198         /* check if we already have an entry for the user, if so change it, if not create new one */
 199         $result = DB_query("SELECT * from User_Prefs".
 200                            " WHERE user_id='$myid' AND pref_key='sorting'" );
 201         if( DB_fetch_array($result))
 202           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
 203                              " WHERE user_id='$myid' AND pref_key='sorting'" );
 204         else
 205           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
 206                              DB_quote_smart($sorting).")");
 207         $changed_sorting=1;
 208       }
 209   }
 210
 211 if(myisset("open_for_games"))
 212   {
 213     $openforgames = $_REQUEST['open_for_games'];
 214     if($openforgames != $PREF['open_for_games'])
 215       {
 216         /* check if we already have an entry for the user, if so change it, if not create new one */
 217         $result = DB_query("SELECT * from User_Prefs".
 218                            " WHERE user_id='$myid' AND pref_key='open for games'" );
 219         if( DB_fetch_array($result))
 220           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
 221                              " WHERE user_id='$myid' AND pref_key='open for games'" );
 222         else
 223           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
 224                              DB_quote_smart($openforgames).")");
 225         $changed_openforgames=1;
 226       }
 227   }
 228
 229
 230 if(myisset("password0") &&  $_REQUEST["password0"]!="" )
 231   {
 232     $changed_password = 1;
 233
 234     /* check if old password matches */
 235     $oldpasswd = md5($_REQUEST["password0"]);
 236     $password  = DB_get_passwd_by_userid($myid);
 237     if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
 238       $changed_password = -1;
 239
 240     /* check if new password has been typed in correctly */
 241     if($_REQUEST["password1"] != $_REQUEST["password2"] )
 242       $changed_password = -2;
 243
 244     /* check if new password is long enough */
 245     if(strlen($_REQUEST["password1"])<4)
 246       $changed_password = -3;
 247
 248     if($changed_password==1)
 249       {
 250         DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
 251                  "' WHERE id=".DB_quote_smart($myid));
 252       }
 253     /* error output below */
 254   }
 255
 256 if(myisset("openid_url") && $_REQUEST['openid_url']!='')
 257   {
 258     $openid_url = OpenIDUrlEncode($_REQUEST['openid_url']);
 259     DB_AttachOpenID($openid_url, $myid);
 260   }
 261
 262 /* get infos again in case they have changed */
 263 $PREF     = DB_get_PREF($myid);
 264 $timezone = DB_get_user_timezone($myid);
 265
 266 /*
 267  * output settings
 268  */
 269
 270 echo "<div class=\"user\">\n";
 271 echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
 272 echo "  <h2>Your settings are</h2>\n";
 273 echo "    <fieldset>\n";
 274 echo "    <legend>Game-related</legend>\n";
 275 echo "      <table>\n";
 276
 277 echo "        <tr><td>Vacation:             </td>\n";
 278 if($PREF['vacation_start'])
 279   $value = substr($PREF['vacation_start'],0,10);
 280  else
 281    $value = '';
 282 echo "            <td>start:<input type=\"text\" id=\"vacation_start\" name=\"vacation_start\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
 283 if($PREF['vacation_stop'])
 284   $value = substr($PREF['vacation_stop'],0,10);
 285  else
 286    $value = '';
 287 echo "            <td>stop:<input type=\"text\" id=\"vacation_stop\" name=\"vacation_stop\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
 288 if($PREF['vacation_comment'])
 289   $value = $PREF['vacation_comment'];
 290 else
 291   $value = '';
 292 echo "            <td>comment:<input type=\"text\" id=\"vacation_comment\" name=\"vacation_comment\" size=\"10\" maxlength=\"50\" value=\"$value\" />";
 293 if($changed_vacation == 1) echo "changed";
 294 if($changed_vacation == -1) echo "wrong date format";
 295 echo "</td></tr>\n";
 296 echo "<tr><td></td><td>use YYYY-MM-DD</td><td>use '-'  in start field to unset vacation</td></tr>\n";
 297 echo "        <tr><td>Notification:          </td><td>\n";
 298 echo "          <select id=\"notify\" name=\"notify\" size=\"1\">\n";
 299 if($PREF['email']=="emailaddict")
 300   {
 301     echo "            <option value=\"emailaddict\" selected=\"selected\">less emails</option>\n";
 302     echo "            <option value=\"emailnonaddict\">lots of emails</option>\n";
 303   }
 304  else
 305    {
 306      echo "            <option value=\"emailaddict\">less email</option>\n";
 307      echo "            <option value=\"emailnonaddict\" selected=\"selected\">lots of email</option>\n";
 308    }
 309 echo "          </select>";
 310 if($changed_notify) echo "changed";
 311 echo " </td></tr>\n";
 312
 313 echo "        <tr><td>Autosetup:          </td><td>\n";
 314 echo "          <select id=\"autosetup\" name=\"autosetup\" size=\"1\">\n";
 315 if($PREF['autosetup']=="yes")
 316   {
 317     echo "           <option value=\"yes\" selected=\"selected\">accept every game</option>\n";
 318     echo "           <option value=\"no\">ask for games</option>\n";
 319   }
 320  else
 321    {
 322      echo "           <option value=\"yes\">accept every game</option>\n";
 323      echo "           <option value=\"no\" selected=\"selected\">ask for games</option>\n";
 324    }
 325 echo "         </select>";
 326 if($changed_autosetup) echo "changed";
 327 echo " </td></tr>\n";
 328 echo "    <tr><td>Sorting:          </td><td>\n";
 329
 330 echo "         <select id=\"sorting\" name=\"sorting\" size=\"1\">\n";
 331 if($PREF['sorting']=="high-low")
 332   {
 333     echo "           <option value=\"high-low\" selected=\"selected\">high to low</option>\n";
 334     echo "           <option value=\"low-high\">low to high</option>\n";
 335   }
 336  else
 337    {
 338      echo "           <option value=\"high-low\">high to low</option>\n";
 339      echo "           <option value=\"low-high\" selected=\"selected\">low to high</option>\n";
 340    }
 341 echo "         </select>";
 342 if($changed_sorting) echo "changed";
 343 echo " </td></tr>\n";
 344 echo "        <tr><td>Open for new games:          </td><td>\n";
 345 echo "         <select id=\"open_for_games\" name=\"open_for_games\" size=\"1\">\n";
 346 if($PREF['open_for_games']=="no")
 347   {
 348     echo "           <option value=\"yes\">yes</option>\n";
 349     echo "           <option value=\"no\" selected=\"selected\">no</option>\n";
 350   }
 351  else /* default */
 352    {
 353      echo "           <option value=\"yes\" selected=\"selected\">yes</option>\n";
 354      echo "           <option value=\"no\">no</option>\n";
 355    }
 356 echo "         </select>";
 357 if($changed_openforgames) echo "changed";
 358 echo " </td></tr>\n";
 359
 360 echo "    <tr><td>Card set:              </td><td>\n";
 361 echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
 362 if($PREF['cardset']=="altenburg")
 363   {
 364     echo "           <option value=\"altenburg\" selected=\"selected\">German cards</option>\n";
 365     echo "           <option value=\"english\">English cards</option>\n";
 366   }
 367  else
 368    {
 369      echo "           <option value=\"altenburg\">German cards</option>\n";
 370      echo "           <option value=\"english\" selected=\"selected\">English cards</option>\n";
 371    }
 372 echo "         </select>";
 373 if($changed_cards) echo "changed";
 374 echo " </td></tr>\n";
 375 echo "      </table>\n";
 376 echo "    </fieldset>\n";
 377 echo "    <fieldset>\n";
 378 echo "      <legend>Personal</legend>\n";
 379 echo "      <table>\n";
 380 echo "        <tr><td>Email:                 </td><td> $email    </td></tr>\n";
 381 echo "        <tr><td>Timezone:              </td><td>\n";
 382 output_select_timezone("timezone",$timezone);
 383 if($changed_timezone) echo "changed";
 384 echo "</td></tr>\n";
 385
 386 echo "        <tr><td>Password(old):         </td><td>",
 387   "<input type=\"password\" id=\"password0\" name=\"password0\" size=\"20\" maxlength=\"30\" />";
 388 switch($changed_password)
 389   {
 390   case '-3':
 391     echo "The new passwords is not long enough (you need at least 4 characters).";
 392     break;
 393   case '-2':
 394     echo "The new passwords don't match.";
 395     break;
 396   case '-1':
 397     echo "The old password is not correct.";
 398     break;
 399   case '1':
 400     echo "changed";
 401     break;
 402   }
 403 echo " </td></tr>\n";
 404 echo "        <tr><td>Password(new):         </td><td>",
 405   "<input type=\"password\" id=\"password1\" name=\"password1\" size=\"20\" maxlength=\"30\" />",
 406   " </td></tr>\n";
 407 echo "        <tr><td>Password(new, retype): </td><td>",
 408   "<input type=\"password\" id=\"password2\" name=\"password2\" size=\"20\" maxlength=\"30\" />",
 409   " </td></tr>\n";
 410 echo "      </table>\n";
 411 echo "    </fieldset>\n";
 412 echo "    <fieldset>\n";
 413 echo "      <legend>OpenID</legend>\n";
 414
 415 $openids = array();
 416 $openids = DB_GetOpenIDsByUser($myid);
 417
 418 if(sizeof($openids))
 419   {
 420     echo "     <table class=\"openid\">\n";
 421     echo "     <thead><tr><th>Delete?</th><th>OpenId</th></tr></thead>\n";
 422     echo "     <tbody>\n";
 423     foreach ($openids as $ids)
 424       {
 425         $id=($ids[0]);
 426         echo "        <tr><td><input type=\"checkbox\" name=\"delete-openid-$id\" /></td><td>",$id, "</td></tr>\n";
 427       }
 428     echo "     </tbody>\n";
 429     echo "     </table>\n";
 430   }
 431
 432 echo "        add OpenID: ",
 433   "<input type=\"text\" id=\"openid_url\" name=\"openid_url\" size=\"20\" maxlength=\"50\" />";
 434 if($changed_openid)
 435   echo "   Deleted some OpenIDs! <br />\n";
 436 echo "    </fieldset>\n";
 437 echo "    <fieldset><legend>Submit</legend><input type=\"submit\"  name=\"passwd\" value=\"set\" /></fieldset>\n";
 438 echo "  </form>\n";
 439 echo "</div>\n";
 440
 441 return;
 442 ?>