X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=990626a264172873c7720a57aa92e45c263585e5;hp=0485d9ec0f9b6a611c8d254664893cfdd0d9ef71;hb=46140faa11b97252647178a811da22509256d6c4;hpb=615fb7c0fec9ec6f187a3c568cf1e2e6c1572b1e diff --git a/include/preferences.php b/include/preferences.php index 0485d9e..990626a 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -1,5 +1,5 @@ +/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud * * This file is part of e-DoKo. * @@ -49,6 +49,9 @@ display_user_menu($myid); /* get old infos */ $PREF = DB_get_PREF($myid); +/* set language chosen in preferences, will become active on the next reload (see index.php)*/ +$_SESSION['language'] = $PREF['language']; +set_language($PREF['language']); $timezone = DB_get_user_timezone($myid); DB_update_user_timestamp($myid); @@ -86,7 +89,7 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && $changed_vacation = -1; /* test if we should delete the entry */ - if($vacation_start == '- 00:00:00') + if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop']) { $result = DB_query("DELETE FROM User_Prefs". " WHERE user_id='$myid' AND pref_key='vacation start'" ); @@ -271,9 +274,9 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & $changed_password = 1; /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - $password = DB_get_passwd_by_userid($myid); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) + $result = verify_password($email, $_REQUEST["password0"]); + + if( $result!=0 ) $changed_password = -1; /* check if new password has been typed in correctly */ @@ -286,8 +289,19 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & if($changed_password==1) { - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). + // create a password hash using the crypt function, need php 5.3 for this + // create and random salt + $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); + // hash incoming password using 12 rounds of blowfish + $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt); + + DB_query("UPDATE User SET password='".$hash. "' WHERE id=".DB_quote_smart($myid)); + + /* in case this was done using a recovery password delete that password */ + $tmppasswd = md5($_REQUEST["password0"]); + if(DB_check_recovery_passwords($tmppasswd,$email)) + DB_delete_recovery_passwords($myid); } /* error output below */ } @@ -337,12 +351,12 @@ if($PREF['vacation_start']) $value = substr($PREF['vacation_start'],0,10); else $value = ''; -echo " "._('start').":\n"; +echo " "._('start').":\n"; if($PREF['vacation_stop']) $value = substr($PREF['vacation_stop'],0,10); else $value = ''; -echo " "._('stop').":\n"; +echo " "._('stop').":\n"; if($PREF['vacation_comment']) $value = $PREF['vacation_comment']; else @@ -351,7 +365,7 @@ echo ' '._('comment:')."\n"; -echo ''._('use YYYY-MM-DD').''._("use '-' in start field to unset vacation")."\n"; +echo ''._("set both dates to the same day to end vacation")."\n"; echo ' '._('Notification').": \n"; echo " "; if($changed_autosetup) echo _('changed'); echo " \n"; -echo " Sorting: \n"; +echo ' '._('Sorting').": \n"; echo " "; if($changed_sorting) echo _('changed'); @@ -444,13 +458,13 @@ echo ' '._('Open for new games').": \n"; echo " "; if($changed_openforgames) echo _('changed'); @@ -520,7 +534,7 @@ $openids = DB_GetOpenIDsByUser($myid); if(sizeof($openids)) { echo " \n"; - echo " \n"; + echo ' \n"; echo " \n"; foreach ($openids as $ids) { @@ -538,8 +552,16 @@ if($changed_openid) echo " \n"; echo '
'._('Submit')."
\n"; echo " \n"; -echo '

'._('E-DoKo uses gravatars as icons.').'

'; +echo '

'._('E-DoKo uses gravatars as icons.').'

'; echo "\n"; +// add jquery date picker if html5 is not available +?> + + \ No newline at end of file
Delete?OpenId
'._('Delete')."?OpenId