NEW FEATURE: added OpenID support
[e-DoKo.git] / include / preferences.php
1 <?php
2 /* make sure that we are not called from outside the scripts,
3  * use a variable defined in config.php to check this
4  */
5 if(!isset($HOST))
6   exit;
7
8 include_once('openid.php');
9
10 $name  = $_SESSION["name"];
11 $email = DB_get_email('name',$name);
12 $myid  = DB_get_userid('email',$email);
13 if(!$myid)
14   return;
15
16 /* track what got changed */
17 $changed_notify       = 0;
18 $changed_password     = 0;
19 $changed_cards        = 0;
20 $changed_timezone     = 0;
21 $changed_autosetup    = 0;
22 $changed_sorting      = 0;
23 $changed_openforgames = 0;
24 $changed_vacation     = 0;
25 $changed_openid       = 0;
26
27 display_user_menu($myid);
28
29 /* get old infos */
30 $PREF = DB_get_PREF($myid);
31 $timezone =  DB_get_user_timezone($myid);
32
33 DB_update_user_timestamp($myid);
34
35 /* does the user want to change some preferences?
36  * update the database and track changes with a variable, so that
37  * we can later highlight the changed value
38  */
39
40 /* check for deleted openids */
41 foreach($_REQUEST as $key=>$value)
42 {
43   if(strstr($key,"delete-openid-"))
44     {
45       /* found and openid to delete */
46       $DelOpenID = substr(str_replace("_",".",$key),14);
47       DB_DetachOpenID($DelOpenID, $myid);
48       $changed_openid = 1;
49     }
50 }
51
52
53 if(myisset('vacation_start','vacation_stop','vacation_comment') &&
54    ($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='')
55    )
56   {
57     $vacation_start   = $_REQUEST['vacation_start'].' 00:00:00';
58     $vacation_stop    = $_REQUEST['vacation_stop'].' 23:59:59';
59     $vacation_comment = $_REQUEST['vacation_comment'];
60
61     /* check if everything is valid */
62     if(!strtotime($vacation_start))
63       $changed_vacation = -1;
64     if(!strtotime($vacation_stop))
65       $changed_vacation = -1;
66
67     /* test if we should delete the entry */
68     if($vacation_start == '- 00:00:00')
69       {
70         $result = DB_query("DELETE FROM User_Prefs".
71                            " WHERE user_id='$myid' AND pref_key='vacation start'" );
72         $result = DB_query("DELETE FROM User_Prefs".
73                            " WHERE user_id='$myid' AND pref_key='vacation stop'" );
74         $result = DB_query("DELETE FROM User_Prefs".
75                            " WHERE user_id='$myid' AND pref_key='vacation comment'" );
76         $changed_vacation = 1;
77       }
78     /* change in database if format is ok */
79     else if($changed_vacation>=0)
80       {
81         /* only change if different from current value */
82         if($vacation_start!=$PREF['vacation_start'])
83           {
84             $result = DB_query("SELECT * from User_Prefs".
85                                " WHERE user_id='$myid' AND pref_key='vacation start'" );
86             if( DB_fetch_array($result))
87               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
88                                  " WHERE user_id='$myid' AND pref_key='vacation start'" );
89             else
90               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
91                                  DB_quote_smart($vacation_start).")");
92
93             $changed_vacation = 1;
94           }
95
96         /* same for the stop date */
97         if($vacation_stop!=$PREF['vacation_stop'])
98           {
99             $result = DB_query("SELECT * from User_Prefs".
100                                " WHERE user_id='$myid' AND pref_key='vacation stop'" );
101             if( DB_fetch_array($result))
102               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
103                                  " WHERE user_id='$myid' AND pref_key='vacation stop'" );
104             else
105               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
106                                  DB_quote_smart($vacation_stop).")");
107
108             $changed_vacation = 1;
109           }
110
111         /* does the user want to add a comment? */
112         if($vacation_comment!=$PREF['vacation_comment'])
113           {
114             $result = DB_query("SELECT * from User_Prefs".
115                                " WHERE user_id='$myid' AND pref_key='vacation comment'" );
116             if( DB_fetch_array($result))
117               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
118                                  " WHERE user_id='$myid' AND pref_key='vacation comment'" );
119             else
120               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
121                                  DB_quote_smart($vacation_comment).")");
122
123             $changed_vacation = 1;
124           }
125       }
126   }
127
128 if(myisset("timezone"))
129   {
130     $newtimezone = $_REQUEST['timezone'];
131     if($newtimezone != $timezone)
132       {
133         DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone).
134                  " WHERE id=".DB_quote_smart($myid));
135         $changed_timezone = 1;
136       }
137   }
138
139 if(myisset("cards"))
140   {
141     $cards=$_REQUEST['cards'];
142     if($cards != $PREF['cardset'])
143       {
144         /* check if we already have an entry for the user, if so change it, if not create new one */
145         $result = DB_query("SELECT * from User_Prefs".
146                            " WHERE user_id='$myid' AND pref_key='cardset'" );
147         if( DB_fetch_array($result))
148           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
149                              " WHERE user_id='$myid' AND pref_key='cardset'" );
150         else
151           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
152                              DB_quote_smart($cards).")");
153         $changed_cards = 1;
154       }
155   }
156
157 if(myisset("notify"))
158   {
159     $notify=$_REQUEST['notify'];
160     if($notify != $PREF['email'])
161       {
162         /* check if we already have an entry for the user, if so change it, if not create new one */
163         $result = DB_query("SELECT * from User_Prefs".
164                            " WHERE user_id='$myid' AND pref_key='email'" );
165         if( DB_fetch_array($result))
166           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
167                              " WHERE user_id='$myid' AND pref_key='email'" );
168         else
169           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
170                              DB_quote_smart($notify).")");
171         $changed_notify=1;
172       }
173   }
174
175 if(myisset("autosetup"))
176   {
177     $autosetup = $_REQUEST['autosetup'];
178     if($autosetup != $PREF['autosetup'])
179       {
180         /* check if we already have an entry for the user, if so change it, if not create new one */
181         $result = DB_query("SELECT * from User_Prefs".
182                            " WHERE user_id='$myid' AND pref_key='autosetup'" );
183         if( DB_fetch_array($result))
184           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
185                              " WHERE user_id='$myid' AND pref_key='autosetup'" );
186         else
187           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
188                              DB_quote_smart($autosetup).")");
189         $changed_autosetup=1;
190       }
191   }
192
193 if(myisset("sorting"))
194   {
195     $sorting = $_REQUEST['sorting'];
196     if($sorting != $PREF['sorting'])
197       {
198         /* check if we already have an entry for the user, if so change it, if not create new one */
199         $result = DB_query("SELECT * from User_Prefs".
200                            " WHERE user_id='$myid' AND pref_key='sorting'" );
201         if( DB_fetch_array($result))
202           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
203                              " WHERE user_id='$myid' AND pref_key='sorting'" );
204         else
205           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
206                              DB_quote_smart($sorting).")");
207         $changed_sorting=1;
208       }
209   }
210
211 if(myisset("open_for_games"))
212   {
213     $openforgames = $_REQUEST['open_for_games'];
214     if($openforgames != $PREF['open_for_games'])
215       {
216         /* check if we already have an entry for the user, if so change it, if not create new one */
217         $result = DB_query("SELECT * from User_Prefs".
218                            " WHERE user_id='$myid' AND pref_key='open for games'" );
219         if( DB_fetch_array($result))
220           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
221                              " WHERE user_id='$myid' AND pref_key='open for games'" );
222         else
223           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
224                              DB_quote_smart($openforgames).")");
225         $changed_openforgames=1;
226       }
227   }
228
229
230 if(myisset("password0") &&  $_REQUEST["password0"]!="" )
231   {
232     $changed_password = 1;
233
234     /* check if old password matches */
235     $oldpasswd = md5($_REQUEST["password0"]);
236     $password  = DB_get_passwd_by_userid($myid);
237     if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
238       $changed_password = -1;
239
240     /* check if new password has been typed in correctly */
241     if($_REQUEST["password1"] != $_REQUEST["password2"] )
242       $changed_password = -2;
243
244     /* check if new password is long enough */
245     if(strlen($_REQUEST["password1"])<4)
246       $changed_password = -3;
247
248     if($changed_password==1)
249       {
250         DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
251                  "' WHERE id=".DB_quote_smart($myid));
252       }
253     /* error output below */
254   }
255
256 if(myisset("openid_url") && $_REQUEST['openid_url']!='')
257   {
258     $openid_url = OpenIDUrlEncode($_REQUEST['openid_url']);
259     DB_AttachOpenID($openid_url, $myid);
260   }
261
262 /* get infos again in case they have changed */
263 $PREF     = DB_get_PREF($myid);
264 $timezone = DB_get_user_timezone($myid);
265
266 /*
267  * output settings
268  */
269
270 echo "<div class=\"user\">\n";
271 echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
272 echo "  <h2>Your settings are</h2>\n";
273 echo "    <fieldset>\n";
274 echo "    <legend>Game-related</legend>\n";
275 echo "      <table>\n";
276
277 echo "        <tr><td>Vacation:             </td>\n";
278 if($PREF['vacation_start'])
279   $value = substr($PREF['vacation_start'],0,10);
280  else
281    $value = '';
282 echo "            <td>start:<input type=\"text\" id=\"vacation_start\" name=\"vacation_start\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
283 if($PREF['vacation_stop'])
284   $value = substr($PREF['vacation_stop'],0,10);
285  else
286    $value = '';
287 echo "            <td>stop:<input type=\"text\" id=\"vacation_stop\" name=\"vacation_stop\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
288 if($PREF['vacation_comment'])
289   $value = $PREF['vacation_comment'];
290 else
291   $value = '';
292 echo "            <td>comment:<input type=\"text\" id=\"vacation_comment\" name=\"vacation_comment\" size=\"10\" maxlength=\"50\" value=\"$value\" />";
293 if($changed_vacation == 1) echo "changed";
294 if($changed_vacation == -1) echo "wrong date format";
295 echo "</td></tr>\n";
296 echo "<tr><td></td><td>use YYYY-MM-DD</td><td>use '-'  in start field to unset vacation</td></tr>\n";
297 echo "        <tr><td>Notification:          </td><td>\n";
298 echo "          <select id=\"notify\" name=\"notify\" size=\"1\">\n";
299 if($PREF['email']=="emailaddict")
300   {
301     echo "            <option value=\"emailaddict\" selected=\"selected\">less emails</option>\n";
302     echo "            <option value=\"emailnonaddict\">lots of emails</option>\n";
303   }
304  else
305    {
306      echo "            <option value=\"emailaddict\">less email</option>\n";
307      echo "            <option value=\"emailnonaddict\" selected=\"selected\">lots of email</option>\n";
308    }
309 echo "          </select>";
310 if($changed_notify) echo "changed";
311 echo " </td></tr>\n";
312
313 echo "        <tr><td>Autosetup:          </td><td>\n";
314 echo "          <select id=\"autosetup\" name=\"autosetup\" size=\"1\">\n";
315 if($PREF['autosetup']=="yes")
316   {
317     echo "           <option value=\"yes\" selected=\"selected\">accept every game</option>\n";
318     echo "           <option value=\"no\">ask for games</option>\n";
319   }
320  else
321    {
322      echo "           <option value=\"yes\">accept every game</option>\n";
323      echo "           <option value=\"no\" selected=\"selected\">ask for games</option>\n";
324    }
325 echo "         </select>";
326 if($changed_autosetup) echo "changed";
327 echo " </td></tr>\n";
328 echo "    <tr><td>Sorting:          </td><td>\n";
329
330 echo "         <select id=\"sorting\" name=\"sorting\" size=\"1\">\n";
331 if($PREF['sorting']=="high-low")
332   {
333     echo "           <option value=\"high-low\" selected=\"selected\">high to low</option>\n";
334     echo "           <option value=\"low-high\">low to high</option>\n";
335   }
336  else
337    {
338      echo "           <option value=\"high-low\">high to low</option>\n";
339      echo "           <option value=\"low-high\" selected=\"selected\">low to high</option>\n";
340    }
341 echo "         </select>";
342 if($changed_sorting) echo "changed";
343 echo " </td></tr>\n";
344 echo "        <tr><td>Open for new games:          </td><td>\n";
345 echo "         <select id=\"open_for_games\" name=\"open_for_games\" size=\"1\">\n";
346 if($PREF['open_for_games']=="no")
347   {
348     echo "           <option value=\"yes\">yes</option>\n";
349     echo "           <option value=\"no\" selected=\"selected\">no</option>\n";
350   }
351  else /* default */
352    {
353      echo "           <option value=\"yes\" selected=\"selected\">yes</option>\n";
354      echo "           <option value=\"no\">no</option>\n";
355    }
356 echo "         </select>";
357 if($changed_openforgames) echo "changed";
358 echo " </td></tr>\n";
359
360 echo "    <tr><td>Card set:              </td><td>\n";
361 echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
362 if($PREF['cardset']=="altenburg")
363   {
364     echo "           <option value=\"altenburg\" selected=\"selected\">German cards</option>\n";
365     echo "           <option value=\"english\">English cards</option>\n";
366   }
367  else
368    {
369      echo "           <option value=\"altenburg\">German cards</option>\n";
370      echo "           <option value=\"english\" selected=\"selected\">English cards</option>\n";
371    }
372 echo "         </select>";
373 if($changed_cards) echo "changed";
374 echo " </td></tr>\n";
375 echo "      </table>\n";
376 echo "    </fieldset>\n";
377 echo "    <fieldset>\n";
378 echo "      <legend>Personal</legend>\n";
379 echo "      <table>\n";
380 echo "        <tr><td>Email:                 </td><td> $email    </td></tr>\n";
381 echo "        <tr><td>Timezone:              </td><td>\n";
382 output_select_timezone("timezone",$timezone);
383 if($changed_timezone) echo "changed";
384 echo "</td></tr>\n";
385
386 echo "        <tr><td>Password(old):         </td><td>",
387   "<input type=\"password\" id=\"password0\" name=\"password0\" size=\"20\" maxlength=\"30\" />";
388 switch($changed_password)
389   {
390   case '-3':
391     echo "The new passwords is not long enough (you need at least 4 characters).";
392     break;
393   case '-2':
394     echo "The new passwords don't match.";
395     break;
396   case '-1':
397     echo "The old password is not correct.";
398     break;
399   case '1':
400     echo "changed";
401     break;
402   }
403 echo " </td></tr>\n";
404 echo "        <tr><td>Password(new):         </td><td>",
405   "<input type=\"password\" id=\"password1\" name=\"password1\" size=\"20\" maxlength=\"30\" />",
406   " </td></tr>\n";
407 echo "        <tr><td>Password(new, retype): </td><td>",
408   "<input type=\"password\" id=\"password2\" name=\"password2\" size=\"20\" maxlength=\"30\" />",
409   " </td></tr>\n";
410 echo "      </table>\n";
411 echo "    </fieldset>\n";
412 echo "    <fieldset>\n";
413 echo "      <legend>OpenID</legend>\n";
414
415 $openids = array();
416 $openids = DB_GetOpenIDsByUser($myid);
417
418 if(sizeof($openids))
419   {
420     echo "     <table class=\"openid\">\n";
421     echo "     <thead><tr><th>Delete?</th><th>OpenId</th></tr></thead>\n";
422     echo "     <tbody>\n";
423     foreach ($openids as $ids)
424       {
425         $id=($ids[0]);
426         echo "        <tr><td><input type=\"checkbox\" name=\"delete-openid-$id\" /></td><td>",$id, "</td></tr>\n";
427       }
428     echo "     </tbody>\n";
429     echo "     </table>\n";
430   }
431
432 echo "        add OpenID: ",
433   "<input type=\"text\" id=\"openid_url\" name=\"openid_url\" size=\"20\" maxlength=\"50\" />";
434 if($changed_openid)
435   echo "   Deleted some OpenIDs! <br />\n";
436 echo "    </fieldset>\n";
437 echo "    <fieldset><legend>Submit</legend><input type=\"submit\"  name=\"passwd\" value=\"set\" /></fieldset>\n";
438 echo "  </form>\n";
439 echo "</div>\n";
440
441 return;
442 ?>