X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=5aafcd35235d8b61fcc97217a825f008cc6ea27b;hp=bd58eac300374f4aa618829b9f31e8de875dc938;hb=73ebd30fdbe4038137c700eb53dc812c17550056;hpb=cc143e38299d3dd3981efd81972c0e0df4df1462 diff --git a/include/preferences.php b/include/preferences.php index bd58eac..5aafcd3 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -1,5 +1,5 @@ +/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud * * This file is part of e-DoKo. * @@ -49,6 +49,9 @@ display_user_menu($myid); /* get old infos */ $PREF = DB_get_PREF($myid); +/* set language chosen in preferences, will become active on the next reload (see index.php)*/ +$_SESSION['language'] = $PREF['language']; +set_language($PREF['language']); $timezone = DB_get_user_timezone($myid); DB_update_user_timestamp($myid); @@ -271,9 +274,9 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & $changed_password = 1; /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - $password = DB_get_passwd_by_userid($myid); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) + $result = verify_password($email, $_REQUEST["password0"]); + + if( $result!=0 ) $changed_password = -1; /* check if new password has been typed in correctly */ @@ -286,8 +289,19 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & if($changed_password==1) { - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). + // create a password hash using the crypt function, need php 5.3 for this + // create and random salt + $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); + // hash incoming password using 12 rounds of blowfish + $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt); + + DB_query("UPDATE User SET password='".$hash. "' WHERE id=".DB_quote_smart($myid)); + + /* in case this was done using a recovery password delete that password */ + $tmppasswd = md5($_REQUEST["password0"]); + if(DB_check_recovery_passwords($tmppasswd,$email)) + DB_delete_recovery_passwords($myid); } /* error output below */ } @@ -327,7 +341,7 @@ $timezone = DB_get_user_timezone($myid); echo "
\n"; echo "
\n"; -echo '

'._('Your settings are')."

\n"; +echo '

'._('Your settings')."

\n"; echo "
\n"; echo ' '._('Game-related')."\n"; echo " \n"; @@ -424,18 +438,18 @@ if($PREF['autosetup']=="yes") echo " "; if($changed_autosetup) echo _('changed'); echo " \n"; -echo " \n"; echo ' \n"; @@ -520,7 +525,7 @@ $openids = DB_GetOpenIDsByUser($myid); if(sizeof($openids)) { echo "
Sorting: \n"; +echo '
'._('Sorting').": \n"; echo " "; if($changed_sorting) echo _('changed'); @@ -444,13 +458,13 @@ echo '
'._('Open for new games').": \n"; echo " "; if($changed_openforgames) echo _('changed'); @@ -458,16 +472,7 @@ echo "
'.('Card set').": \n"; echo " "; if($changed_cards) echo _('changed'); echo "
\n"; - echo " \n"; + echo ' \n"; echo " \n"; foreach ($openids as $ids) { @@ -544,14 +549,7 @@ echo "\n"; // add jquery date picker if html5 is not available ?>
Delete?OpenId
'._('Delete')."?OpenId