<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012
, 2013, 2014 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
$PREF = DB_get_PREF($myid);
/* set language chosen in preferences, will become active on the next reload (see index.php)*/
$_SESSION['language'] = $PREF['language'];
+set_language($PREF['language']);
$timezone = DB_get_user_timezone($myid);
DB_update_user_timestamp($myid);
if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop'])
{
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
$changed_vacation = 1;
}
/* change in database if format is ok */
if($vacation_start!=$PREF['vacation_start'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',".
DB_quote_smart($vacation_start).")");
$changed_vacation = 1;
if($vacation_stop!=$PREF['vacation_stop'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',".
DB_quote_smart($vacation_stop).")");
$changed_vacation = 1;
if($vacation_comment!=$PREF['vacation_comment'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',".
DB_quote_smart($vacation_comment).")");
$changed_vacation = 1;
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',".
DB_quote_smart($cards).")");
$changed_cards = 1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',".
DB_quote_smart($notify).")");
$changed_notify=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest).
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',".
DB_quote_smart($digest).")");
$changed_digest=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',".
DB_quote_smart($autosetup).")");
$changed_autosetup=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',".
DB_quote_smart($sorting).")");
$changed_sorting=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',".
DB_quote_smart($openforgames).")");
$changed_openforgames=1;
}
$changed_password = 1;
/* check if old password matches */
- $oldpasswd = md5($_REQUEST["password0"]);
- $password = DB_get_passwd_by_userid($myid);
- if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+ $result = verify_password($email, $_REQUEST["password0"]);
+
+ if( $result!=0 )
$changed_password = -1;
/* check if new password has been typed in correctly */
if($changed_password==1)
{
- DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create and random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
+
+ DB_query("UPDATE User SET password='".$hash.
"' WHERE id=".DB_quote_smart($myid));
+
+ /* in case this was done using a recovery password delete that password */
+ $tmppasswd = md5($_REQUEST["password0"]);
+ if(DB_check_recovery_passwords($tmppasswd,$email))
+ DB_delete_recovery_passwords($myid);
}
/* error output below */
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='language'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language).
- " WHERE user_id='$myid' AND pref_key='language'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','language',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',".
DB_quote_smart($language).")");
$changed_language = 1;
}
echo "<div class=\"user\">\n";
echo " <form action=\"index.php?action=prefs\" method=\"post\">\n";
-echo ' <h2>'._('Your settings are')."</h2>\n";
+echo ' <h2>'._('Your settings')."</h2>\n";
echo " <fieldset>\n";
echo ' <legend>'._('Game-related')."</legend>\n";
echo " <table>\n";
echo ' <tr><td>'.('Card set').": </td><td>\n";
echo " <select id=\"cards\" name=\"cards\" size=\"1\">\n";
-if($PREF['cardset']=="altenburg")
+if($PREF['cardset']=="english2")
{
- echo " <option value=\"altenburg\" selected=\"selected\">"._('German cards')."</option>\n";
- echo " <option value=\"english\">"._('English cards')."</option>\n";
+ echo " <option value=\"english\" >"._('English cards')."</option>\n";
+ echo " <option value=\"english2\" selected=\"selected\">"._('English cards 2')."</option>\n";
}
- else
+ else /* default */
{
- echo " <option value=\"altenburg\">"._('German cards')."</option>\n";
echo " <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
- }
+ echo " <option value=\"english2\" >"._('English cards 2')."</option>\n";
+ };
echo " </select>";
if($changed_cards) echo _('changed');
echo " </td></tr>\n";
// add jquery date picker if html5 is not available
?>
<script>
- var i = document.createElement("input");
- i.setAttribute("type", "date");
- if (i.type == "text") {
- $(":date").dateinput({
-
- format: 'yyyy-mm-dd',
- });
- }
+ $(".date").dateinput({ format: 'yyyy-mm-dd' });
</script>
<?php
projects / e-DoKo.git / blobdiff