moved php from old mysql to myslqi to make things more future proof

[e-DoKo.git] / include / preferences.php
diff --git a/include/preferences.php b/include/preferences.php

index f1c45bdaee39be85bb79759ac16c4c5106f7af37..5aafcd35235d8b61fcc97217a825f008cc6ea27b 100644 (file)
--- a/include/preferences.php
+++ b/include/preferences.php
@@ -1,5 +1,5 @@
  <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
   *
   *   This file is part of e-DoKo.
   *
@@ -49,6 +49,9 @@ display_user_menu($myid);
  
  /* get old infos */
  $PREF = DB_get_PREF($myid);
+/* set language chosen in preferences, will become active on the next reload (see index.php)*/
+$_SESSION['language'] = $PREF['language'];
+set_language($PREF['language']);
  $timezone =  DB_get_user_timezone($myid);
  
  DB_update_user_timestamp($myid);
@@ -271,9 +274,9 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
      $changed_password = 1;
  
      /* check if old password matches */
-    $oldpasswd = md5($_REQUEST["password0"]);
-    $password  = DB_get_passwd_by_userid($myid);
-    if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+    $result = verify_password($email, $_REQUEST["password0"]);
+
+    if( $result!=0 )
        $changed_password = -1;
  
      /* check if new password has been typed in correctly */
@@ -286,8 +289,19 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
  
      if($changed_password==1)
        {
-       DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+       // create a password hash using the crypt function, need php 5.3 for this
+       // create and random salt
+       $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+       // hash incoming password using 12 rounds of blowfish
+       $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
+
+       DB_query("UPDATE User SET password='".$hash.
                  "' WHERE id=".DB_quote_smart($myid));
+
+       /* in case this was done using a recovery password delete that password */
+       $tmppasswd = md5($_REQUEST["password0"]);
+       if(DB_check_recovery_passwords($tmppasswd,$email))
+         DB_delete_recovery_passwords($myid);
        }
      /* error output below */
    }
@@ -327,7 +341,7 @@ $timezone = DB_get_user_timezone($myid);
  
  echo "<div class=\"user\">\n";
  echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
-echo '  <h2>'._('Your settings are')."</h2>\n";
+echo '  <h2>'._('Your settings')."</h2>\n";
  echo "    <fieldset>\n";
  echo '    <legend>'._('Game-related')."</legend>\n";
  echo "      <table>\n";
@@ -424,18 +438,18 @@ if($PREF['autosetup']=="yes")
  echo "         </select>";
  if($changed_autosetup) echo _('changed');
  echo " </td></tr>\n";
-echo "    <tr><td>Sorting:          </td><td>\n";
+echo '    <tr><td>'._('Sorting').":          </td><td>\n";
  
  echo "         <select id=\"sorting\" name=\"sorting\" size=\"1\">\n";
  if($PREF['sorting']=="high-low")
    {
-    echo "           <option value=\"high-low\" selected=\"selected\">high to low</option>\n";
-    echo "           <option value=\"low-high\">low to high</option>\n";
+    echo "           <option value=\"high-low\" selected=\"selected\">"._('high to low')."</option>\n";
+    echo "           <option value=\"low-high\">"._('low to high')."</option>\n";
    }
   else
     {
-     echo "           <option value=\"high-low\">high to low</option>\n";
-     echo "           <option value=\"low-high\" selected=\"selected\">low to high</option>\n";
+     echo "           <option value=\"high-low\">"._('high to low')."</option>\n";
+     echo "           <option value=\"low-high\" selected=\"selected\">"._('low to high')."</option>\n";
     }
  echo "         </select>";
  if($changed_sorting) echo _('changed');
@@ -444,13 +458,13 @@ echo '        <tr><td>'._('Open for new games').":          </td><td>\n";
  echo "         <select id=\"open_for_games\" name=\"open_for_games\" size=\"1\">\n";
  if($PREF['open_for_games']=="no")
    {
-    echo "           <option value=\"yes\">"._('yes')."</option>\n";
-    echo "           <option value=\"no\" selected=\"selected\">no</option>\n";
+    echo '           <option value="yes">'._('yes')."</option>\n";
+    echo '           <option value="no" selected="selected">'._('no')."</option>\n";
    }
   else /* default */
     {
-     echo "           <option value=\"yes\" selected=\"selected\">yes</option>\n";
-     echo "           <option value=\"no\">"._('no')."</option>\n";
+     echo '           <option value="yes" selected="selected">'._('yes')."</option>\n";
+     echo '           <option value="no">'._('no')."</option>\n";
     }
  echo "         </select>";
  if($changed_openforgames) echo _('changed');
@@ -458,16 +472,7 @@ echo " </td></tr>\n";
  
  echo '    <tr><td>'.('Card set').":              </td><td>\n";
  echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
-if($PREF['cardset']=="altenburg")
-  {
-    echo "           <option value=\"altenburg\" selected=\"selected\">"._('German cards')."</option>\n";
-    echo "           <option value=\"english\">"._('English cards')."</option>\n";
-  }
- else
-   {
-     echo "           <option value=\"altenburg\">"._('German cards')."</option>\n";
-     echo "           <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
-   }
+echo "           <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
  echo "         </select>";
  if($changed_cards) echo _('changed');
  echo " </td></tr>\n";
@@ -520,7 +525,7 @@ $openids = DB_GetOpenIDsByUser($myid);
  if(sizeof($openids))
    {
      echo "     <table class=\"openid\">\n";
-    echo "     <thead><tr><th>Delete?</th><th>OpenId</th></tr></thead>\n";
+    echo '     <thead><tr><th>'._('Delete')."?</th><th>OpenId</th></tr></thead>\n";
      echo "     <tbody>\n";
      foreach ($openids as $ids)
        {
@@ -544,14 +549,7 @@ echo "</div>\n";
  // add jquery date picker if html5 is not available
  ?>
  <script>
-  var i = document.createElement("input");
-  i.setAttribute("type", "date");
-  if (i.type == "text") {
-    $(":date").dateinput({
-
-        format: 'yyyy-mm-dd',
-      });
-  }
+  $(".date").dateinput({  format: 'yyyy-mm-dd'  });
  </script>
  <?php