X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=5aafcd35235d8b61fcc97217a825f008cc6ea27b;hp=57c025fe78fd6635adc85dcbf56d9da2ac365897;hb=14827e2adeee23e03a1223e237faf363b5ce0a3c;hpb=de8089a2e706b0d83b8bff90d11559500f1a6711

diff --git a/include/preferences.php b/include/preferences.php
index 57c025f..5aafcd3 100644
--- a/include/preferences.php
+++ b/include/preferences.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -51,6 +51,7 @@ display_user_menu($myid);
 $PREF = DB_get_PREF($myid);
 /* set language chosen in preferences, will become active on the next reload (see index.php)*/
 $_SESSION['language'] = $PREF['language'];
+set_language($PREF['language']);
 $timezone =  DB_get_user_timezone($myid);
 
 DB_update_user_timestamp($myid);
@@ -273,9 +274,9 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
     $changed_password = 1;
 
     /* check if old password matches */
-    $oldpasswd = md5($_REQUEST["password0"]);
-    $password  = DB_get_passwd_by_userid($myid);
-    if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+    $result = verify_password($email, $_REQUEST["password0"]);
+
+    if( $result!=0 )
       $changed_password = -1;
 
     /* check if new password has been typed in correctly */
@@ -288,8 +289,19 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
 
     if($changed_password==1)
       {
-	DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+	// create a password hash using the crypt function, need php 5.3 for this
+	// create and random salt
+	$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+	// hash incoming password using 12 rounds of blowfish
+	$hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
+
+	DB_query("UPDATE User SET password='".$hash.
 		 "' WHERE id=".DB_quote_smart($myid));
+
+	/* in case this was done using a recovery password delete that password */
+	$tmppasswd = md5($_REQUEST["password0"]);
+	if(DB_check_recovery_passwords($tmppasswd,$email))
+	  DB_delete_recovery_passwords($myid);
       }
     /* error output below */
   }
@@ -329,7 +341,7 @@ $timezone = DB_get_user_timezone($myid);
 
 echo "<div class=\"user\">\n";
 echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
-echo '  <h2>'._('Your settings are')."</h2>\n";
+echo '  <h2>'._('Your settings')."</h2>\n";
 echo "    <fieldset>\n";
 echo '    <legend>'._('Game-related')."</legend>\n";
 echo "      <table>\n";
@@ -460,16 +472,7 @@ echo " </td></tr>\n";
 
 echo '    <tr><td>'.('Card set').":              </td><td>\n";
 echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
-if($PREF['cardset']=="altenburg")
-  {
-    echo "           <option value=\"altenburg\" selected=\"selected\">"._('German cards')."</option>\n";
-    echo "           <option value=\"english\">"._('English cards')."</option>\n";
-  }
- else
-   {
-     echo "           <option value=\"altenburg\">"._('German cards')."</option>\n";
-     echo "           <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
-   }
+echo "           <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
 echo "         </select>";
 if($changed_cards) echo _('changed');
 echo " </td></tr>\n";