projects / e-DoKo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
BUGFIX: for loop over a possible undefined variable
[e-DoKo.git] / include / preferences.php
1 <?php
2 /* make sure that we are not called from outside the scripts,
3  * use a variable defined in config.php to check this
4  */
5 if(!isset($HOST))
6   exit;
7
8 $name  = $_SESSION["name"];
9 $email = DB_get_email('name',$name);
10 $myid  = DB_get_userid('email',$email);
11 if(!$myid)
12   return;
13
14 /* track what got changed */
15 $changed_notify       = 0;
16 $changed_password     = 0;
17 $changed_cards        = 0;
18 $changed_timezone     = 0;
19 $changed_autosetup    = 0;
20 $changed_sorting      = 0;
21 $changed_openforgames = 0;
22 $changed_vacation     = 0;
23
24 display_user_menu($myid);
25
26 /* get old infos */
27 $PREF = DB_get_PREF($myid);
28 $timezone =  DB_get_user_timezone($myid);
29
30 DB_update_user_timestamp($myid);
31
32 /* does the user want to change some preferences?
33  * update the database and track changes with a variable, so that
34  * we can later highlight the changed value
35  */
36 if(myisset('vacation_start','vacation_stop','vacation_comment'))
37   {
38     $vacation_start   = $_REQUEST['vacation_start'].' 00:00:00';
39     $vacation_stop    = $_REQUEST['vacation_stop'].' 23:59:59';
40     $vacation_comment = $_REQUEST['vacation_comment'];
41
42     /* check if everything is valid */
43     if(!strtotime($vacation_start))
44       $changed_vacation = -1;
45     if(!strtotime($vacation_stop))
46       $changed_vacation = -1;
47
48     /* test if we should delete the entry */
49     if($vacation_start == '- 00:00:00')
50       {
51         $result = DB_query("DELETE FROM User_Prefs".
52                            " WHERE user_id='$myid' AND pref_key='vacation start'" );
53         $result = DB_query("DELETE FROM User_Prefs".
54                            " WHERE user_id='$myid' AND pref_key='vacation stop'" );
55         $result = DB_query("DELETE FROM User_Prefs".
56                            " WHERE user_id='$myid' AND pref_key='vacation comment'" );
57         $changed_vacation = 1;
58       }
59     /* change in database if format is ok */
60     else if($changed_vacation>=0)
61       {
62         /* only change if different from current value */
63         if($vacation_start!=$PREF['vacation_start'])
64           {
65             $result = DB_query("SELECT * from User_Prefs".
66                                " WHERE user_id='$myid' AND pref_key='vacation start'" );
67             if( DB_fetch_array($result))
68               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
69                                  " WHERE user_id='$myid' AND pref_key='vacation start'" );
70             else
71               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
72                                  DB_quote_smart($vacation_start).")");
73
74             $changed_vacation = 1;
75           }
76
77         /* same for the stop date */
78         if($vacation_stop!=$PREF['vacation_stop'])
79           {
80             $result = DB_query("SELECT * from User_Prefs".
81                                " WHERE user_id='$myid' AND pref_key='vacation stop'" );
82             if( DB_fetch_array($result))
83               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
84                                  " WHERE user_id='$myid' AND pref_key='vacation stop'" );
85             else
86               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
87                                  DB_quote_smart($vacation_stop).")");
88
89             $changed_vacation = 1;
90           }
91
92         /* does the user want to add a comment? */
93         if($vacation_comment!=$PREF['vacation_comment'])
94           {
95             $result = DB_query("SELECT * from User_Prefs".
96                                " WHERE user_id='$myid' AND pref_key='vacation comment'" );
97             if( DB_fetch_array($result))
98               $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
99                                  " WHERE user_id='$myid' AND pref_key='vacation comment'" );
100             else
101               $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
102                                  DB_quote_smart($vacation_comment).")");
103
104             $changed_vacation = 1;
105           }
106       }
107   }
108
109 if(myisset("timezone"))
110   {
111     $newtimezone = $_REQUEST['timezone'];
112     if($newtimezone != $timezone)
113       {
114         DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone).
115                  " WHERE id=".DB_quote_smart($myid));
116         $changed_timezone = 1;
117       }
118   }
119
120 if(myisset("cards"))
121   {
122     $cards=$_REQUEST['cards'];
123     if($cards != $PREF['cardset'])
124       {
125         /* check if we already have an entry for the user, if so change it, if not create new one */
126         $result = DB_query("SELECT * from User_Prefs".
127                            " WHERE user_id='$myid' AND pref_key='cardset'" );
128         if( DB_fetch_array($result))
129           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
130                              " WHERE user_id='$myid' AND pref_key='cardset'" );
131         else
132           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
133                              DB_quote_smart($cards).")");
134         $changed_cards = 1;
135       }
136   }
137
138 if(myisset("notify"))
139   {
140     $notify=$_REQUEST['notify'];
141     if($notify != $PREF['email'])
142       {
143         /* check if we already have an entry for the user, if so change it, if not create new one */
144         $result = DB_query("SELECT * from User_Prefs".
145                            " WHERE user_id='$myid' AND pref_key='email'" );
146         if( DB_fetch_array($result))
147           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
148                              " WHERE user_id='$myid' AND pref_key='email'" );
149         else
150           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
151                              DB_quote_smart($notify).")");
152         $changed_notify=1;
153       }
154   }
155
156 if(myisset("autosetup"))
157   {
158     $autosetup = $_REQUEST['autosetup'];
159     if($autosetup != $PREF['autosetup'])
160       {
161         /* check if we already have an entry for the user, if so change it, if not create new one */
162         $result = DB_query("SELECT * from User_Prefs".
163                            " WHERE user_id='$myid' AND pref_key='autosetup'" );
164         if( DB_fetch_array($result))
165           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
166                              " WHERE user_id='$myid' AND pref_key='autosetup'" );
167         else
168           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
169                              DB_quote_smart($autosetup).")");
170         $changed_autosetup=1;
171       }
172   }
173
174 if(myisset("sorting"))
175   {
176     $sorting = $_REQUEST['sorting'];
177     if($sorting != $PREF['sorting'])
178       {
179         /* check if we already have an entry for the user, if so change it, if not create new one */
180         $result = DB_query("SELECT * from User_Prefs".
181                            " WHERE user_id='$myid' AND pref_key='sorting'" );
182         if( DB_fetch_array($result))
183           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
184                              " WHERE user_id='$myid' AND pref_key='sorting'" );
185         else
186           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
187                              DB_quote_smart($sorting).")");
188         $changed_sorting=1;
189       }
190   }
191
192 if(myisset("open_for_games"))
193   {
194     $openforgames = $_REQUEST['open_for_games'];
195     if($openforgames != $PREF['open_for_games'])
196       {
197         /* check if we already have an entry for the user, if so change it, if not create new one */
198         $result = DB_query("SELECT * from User_Prefs".
199                            " WHERE user_id='$myid' AND pref_key='open for games'" );
200         if( DB_fetch_array($result))
201           $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
202                              " WHERE user_id='$myid' AND pref_key='open for games'" );
203         else
204           $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
205                              DB_quote_smart($openforgames).")");
206         $changed_openforgames=1;
207       }
208   }
209
210
211 if(myisset("password0") &&  $_REQUEST["password0"]!="" )
212   {
213     $changed_password = 1;
214
215     /* check if old password matches */
216     $oldpasswd = md5($_REQUEST["password0"]);
217     $password  = DB_get_passwd_by_userid($myid);
218     if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
219       $changed_password = -1;
220
221     /* check if new password has been typed in correctly */
222     if($_REQUEST["password1"] != $_REQUEST["password2"] )
223       $changed_password = -2;
224
225     /* check if new password is long enough */
226     if(strlen($_REQUEST["password1"])<4)
227       $changed_password = -3;
228
229     if($changed_password==1)
230       {
231         DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
232                  "' WHERE id=".DB_quote_smart($myid));
233       }
234     /* error output below */
235   }
236
237 /* get infos again in case they have changed */
238 $PREF     = DB_get_PREF($myid);
239 $timezone = DB_get_user_timezone($myid);
240
241 /*
242  * output settings
243  */
244
245 echo "<div class=\"user\">\n";
246 echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
247 echo "  <h2>Your settings are</h2>\n";
248 echo "    <fieldset>\n";
249 echo "    <legend>Game-related</legend>\n";
250 echo "      <table>\n";
251
252 echo "        <tr><td>Vacation:             </td>\n";
253 if($PREF['vacation_start'])
254   $value = substr($PREF['vacation_start'],0,10);
255  else
256    $value = '';
257 echo "            <td>start:<input type=\"text\" id=\"vacation_start\" name=\"vacation_start\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
258 if($PREF['vacation_stop'])
259   $value = substr($PREF['vacation_stop'],0,10);
260  else
261    $value = '';
262 echo "            <td>stop:<input type=\"text\" id=\"vacation_stop\" name=\"vacation_stop\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
263 if($PREF['vacation_comment'])
264   $value = $PREF['vacation_comment'];
265 else
266   $value = '';
267 echo "            <td>comment:<input type=\"text\" id=\"vacation_comment\" name=\"vacation_comment\" size=\"10\" maxlength=\"50\" value=\"$value\" />";
268 if($changed_vacation == 1) echo "changed";
269 if($changed_vacation == -1) echo "wrong date format";
270 echo "</td></tr>\n";
271 echo "<tr><td></td><td>use YYYY-MM-DD</td><td>use '-'  in start field to unset vacation</td></tr>\n";
272 echo "        <tr><td>Notification:          </td><td>\n";
273 echo "          <select id=\"notify\" name=\"notify\" size=\"1\">\n";
274 if($PREF['email']=="emailaddict")
275   {
276     echo "            <option value=\"emailaddict\" selected=\"selected\">less emails</option>\n";
277     echo "            <option value=\"emailnonaddict\">lots of emails</option>\n";
278   }
279  else
280    {
281      echo "            <option value=\"emailaddict\">less email</option>\n";
282      echo "            <option value=\"emailnonaddict\" selected=\"selected\">lots of email</option>\n";
283    }
284 echo "          </select>";
285 if($changed_notify) echo "changed";
286 echo " </td></tr>\n";
287
288 echo "        <tr><td>Autosetup:          </td><td>\n";
289 echo "          <select id=\"autosetup\" name=\"autosetup\" size=\"1\">\n";
290 if($PREF['autosetup']=="yes")
291   {
292     echo "           <option value=\"yes\" selected=\"selected\">accept every game</option>\n";
293     echo "           <option value=\"no\">ask for games</option>\n";
294   }
295  else
296    {
297      echo "           <option value=\"yes\">accept every game</option>\n";
298      echo "           <option value=\"no\" selected=\"selected\">ask for games</option>\n";
299    }
300 echo "         </select>";
301 if($changed_autosetup) echo "changed";
302 echo " </td></tr>\n";
303 echo "    <tr><td>Sorting:          </td><td>\n";
304
305 echo "         <select id=\"sorting\" name=\"sorting\" size=\"1\">\n";
306 if($PREF['sorting']=="high-low")
307   {
308     echo "           <option value=\"high-low\" selected=\"selected\">high to low</option>\n";
309     echo "           <option value=\"low-high\">low to high</option>\n";
310   }
311  else
312    {
313      echo "           <option value=\"high-low\">high to low</option>\n";
314      echo "           <option value=\"low-high\" selected=\"selected\">low to high</option>\n";
315    }
316 echo "         </select>";
317 if($changed_sorting) echo "changed";
318 echo " </td></tr>\n";
319 echo "        <tr><td>Open for new games:          </td><td>\n";
320 echo "         <select id=\"open_for_games\" name=\"open_for_games\" size=\"1\">\n";
321 if($PREF['open_for_games']=="no")
322   {
323     echo "           <option value=\"yes\">yes</option>\n";
324     echo "           <option value=\"no\" selected=\"selected\">no</option>\n";
325   }
326  else /* default */
327    {
328      echo "           <option value=\"yes\" selected=\"selected\">yes</option>\n";
329      echo "           <option value=\"no\">no</option>\n";
330    }
331 echo "         </select>";
332 if($changed_openforgames) echo "changed";
333 echo " </td></tr>\n";
334
335 echo "    <tr><td>Card set:              </td><td>\n";
336 echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
337 if($PREF['cardset']=="altenburg")
338   {
339     echo "           <option value=\"altenburg\" selected=\"selected\">German cards</option>\n";
340     echo "           <option value=\"english\">English cards</option>\n";
341   }
342  else
343    {
344      echo "           <option value=\"altenburg\">German cards</option>\n";
345      echo "           <option value=\"english\" selected=\"selected\">English cards</option>\n";
346    }
347 echo "         </select>";
348 if($changed_cards) echo "changed";
349 echo " </td></tr>\n";
350 echo "      </table>\n";
351 echo "    </fieldset>\n";
352 echo "    <fieldset>\n";
353 echo "      <legend>Personal</legend>\n";
354 echo "      <table>\n";
355 echo "        <tr><td>Email:                 </td><td> $email    </td></tr>\n";
356 echo "        <tr><td>Timezone:              </td><td>\n";
357 output_select_timezone("timezone",$timezone);
358 if($changed_timezone) echo "changed";
359 echo "</td></tr>\n";
360
361 echo "        <tr><td>Password(old):         </td><td>",
362   "<input type=\"password\" id=\"password0\" name=\"password0\" size=\"20\" maxlength=\"30\" />";
363 switch($changed_password)
364   {
365   case '-3':
366     echo "The new passwords is not long enough (you need at least 4 characters).";
367     break;
368   case '-2':
369     echo "The new passwords don't match.";
370     break;
371   case '-1':
372     echo "The old password is not correct.";
373     break;
374   case '1':
375     echo "changed";
376     break;
377   }
378 echo " </td></tr>\n";
379 echo "        <tr><td>Password(new):         </td><td>",
380   "<input type=\"password\" id=\"password1\" name=\"password1\" size=\"20\" maxlength=\"30\" />",
381   " </td></tr>\n";
382 echo "        <tr><td>Password(new, retype): </td><td>",
383   "<input type=\"password\" id=\"password2\" name=\"password2\" size=\"20\" maxlength=\"30\" />",
384   " </td></tr>\n";
385 echo "      </table>\n";
386 echo "    </fieldset>\n";
387 echo "    <fieldset><legend>Submit</legend><input type=\"submit\"  name=\"passwd\" value=\"set\" /></fieldset>\n";
388 echo "  </form>\n";
389 echo "</div>\n";
390
391 return;
392 ?>
Email/Web based Dopppelkopf server