X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=a69fd5659177b0780b34c6682ff31076204ac7bb;hp=0485d9ec0f9b6a611c8d254664893cfdd0d9ef71;hb=993e166c1634e0329547ea240e948e3feadef5ad;hpb=615fb7c0fec9ec6f187a3c568cf1e2e6c1572b1e

diff --git a/include/preferences.php b/include/preferences.php
index 0485d9e..a69fd56 100644
--- a/include/preferences.php
+++ b/include/preferences.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -49,6 +49,9 @@ display_user_menu($myid);
 
 /* get old infos */
 $PREF = DB_get_PREF($myid);
+/* set language chosen in preferences, will become active on the next reload (see index.php)*/
+$_SESSION['language'] = $PREF['language'];
+set_language($PREF['language']);
 $timezone =  DB_get_user_timezone($myid);
 
 DB_update_user_timestamp($myid);
@@ -86,14 +89,14 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
       $changed_vacation = -1;
 
     /* test if we should delete the entry */
-    if($vacation_start == '- 00:00:00')
+    if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop'])
       {
 	$result = DB_query("DELETE FROM User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='vacation start'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
 	$result = DB_query("DELETE FROM User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
 	$result = DB_query("DELETE FROM User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
 	$changed_vacation = 1;
       }
     /* change in database if format is ok */
@@ -103,12 +106,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
 	if($vacation_start!=$PREF['vacation_start'])
 	  {
 	    $result = DB_query("SELECT * from User_Prefs".
-			       " WHERE user_id='$myid' AND pref_key='vacation start'" );
+			       " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
 	    if( DB_fetch_array($result))
 	      $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
-				 " WHERE user_id='$myid' AND pref_key='vacation start'" );
+				 " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
 	    else
-	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
+	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',".
 				 DB_quote_smart($vacation_start).")");
 
 	    $changed_vacation = 1;
@@ -118,12 +121,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
 	if($vacation_stop!=$PREF['vacation_stop'])
 	  {
 	    $result = DB_query("SELECT * from User_Prefs".
-			       " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+			       " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
 	    if( DB_fetch_array($result))
 	      $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
-				 " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+				 " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
 	    else
-	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
+	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',".
 				 DB_quote_smart($vacation_stop).")");
 
 	    $changed_vacation = 1;
@@ -133,12 +136,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
 	if($vacation_comment!=$PREF['vacation_comment'])
 	  {
 	    $result = DB_query("SELECT * from User_Prefs".
-			       " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+			       " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
 	    if( DB_fetch_array($result))
 	      $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
-				 " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+				 " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
 	    else
-	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
+	      $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',".
 				 DB_quote_smart($vacation_comment).")");
 
 	    $changed_vacation = 1;
@@ -164,12 +167,12 @@ if(myisset("cards"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='cardset'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
-			     " WHERE user_id='$myid' AND pref_key='cardset'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',".
 			     DB_quote_smart($cards).")");
 	$changed_cards = 1;
       }
@@ -182,12 +185,12 @@ if(myisset("notify"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='email'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
-			     " WHERE user_id='$myid' AND pref_key='email'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',".
 			     DB_quote_smart($notify).")");
 	$changed_notify=1;
       }
@@ -200,12 +203,12 @@ if(myisset("digest"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='digest'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest).
-			     " WHERE user_id='$myid' AND pref_key='digest'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',".
 			     DB_quote_smart($digest).")");
 	$changed_digest=1;
       }
@@ -218,12 +221,12 @@ if(myisset("autosetup"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='autosetup'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
-			     " WHERE user_id='$myid' AND pref_key='autosetup'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',".
 			     DB_quote_smart($autosetup).")");
 	$changed_autosetup=1;
       }
@@ -236,12 +239,12 @@ if(myisset("sorting"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='sorting'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
-			     " WHERE user_id='$myid' AND pref_key='sorting'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',".
 			     DB_quote_smart($sorting).")");
 	$changed_sorting=1;
       }
@@ -254,12 +257,12 @@ if(myisset("open_for_games"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='open for games'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
-			     " WHERE user_id='$myid' AND pref_key='open for games'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',".
 			     DB_quote_smart($openforgames).")");
 	$changed_openforgames=1;
       }
@@ -271,9 +274,9 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
     $changed_password = 1;
 
     /* check if old password matches */
-    $oldpasswd = md5($_REQUEST["password0"]);
-    $password  = DB_get_passwd_by_userid($myid);
-    if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+    $result = verify_password($email, $_REQUEST["password0"]);
+
+    if( $result!=0 )
       $changed_password = -1;
 
     /* check if new password has been typed in correctly */
@@ -286,8 +289,19 @@ if(myisset("password0","password1","password2") &&  $_REQUEST["password0"]!="" &
 
     if($changed_password==1)
       {
-	DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+	// create a password hash using the crypt function, need php 5.3 for this
+	// create and random salt
+	$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+	// hash incoming password using 12 rounds of blowfish
+	$hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
+
+	DB_query("UPDATE User SET password='".$hash.
 		 "' WHERE id=".DB_quote_smart($myid));
+
+	/* in case this was done using a recovery password delete that password */
+	$tmppasswd = md5($_REQUEST["password0"]);
+	if(DB_check_recovery_passwords($tmppasswd,$email))
+	  DB_delete_recovery_passwords($myid);
       }
     /* error output below */
   }
@@ -305,12 +319,12 @@ if(myisset("language"))
       {
 	/* check if we already have an entry for the user, if so change it, if not create new one */
 	$result = DB_query("SELECT * from User_Prefs".
-			   " WHERE user_id='$myid' AND pref_key='language'" );
+			   " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
 	if( DB_fetch_array($result))
 	  $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language).
-			     " WHERE user_id='$myid' AND pref_key='language'" );
+			     " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
 	else
-	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','language',".
+	  $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',".
 			     DB_quote_smart($language).")");
 	$changed_language = 1;
       }
@@ -327,7 +341,7 @@ $timezone = DB_get_user_timezone($myid);
 
 echo "<div class=\"user\">\n";
 echo "  <form action=\"index.php?action=prefs\" method=\"post\">\n";
-echo '  <h2>'._('Your settings are')."</h2>\n";
+echo '  <h2>'._('Your settings')."</h2>\n";
 echo "    <fieldset>\n";
 echo '    <legend>'._('Game-related')."</legend>\n";
 echo "      <table>\n";
@@ -337,12 +351,12 @@ if($PREF['vacation_start'])
   $value = substr($PREF['vacation_start'],0,10);
  else
    $value = '';
-echo "            <td>"._('start').":<input type=\"text\" id=\"vacation_start\" name=\"vacation_start\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
+echo "            <td>"._('start').":<input type=\"date\" class=\"date\" name=\"vacation_start\" value=\"$value\" /></td>\n";
 if($PREF['vacation_stop'])
   $value = substr($PREF['vacation_stop'],0,10);
  else
    $value = '';
-echo "            <td>"._('stop').":<input type=\"text\" id=\"vacation_stop\" name=\"vacation_stop\" size=\"10\" maxlength=\"10\" value=\"$value\" /></td>\n";
+echo "            <td>"._('stop').":<input type=\"date\" class=\"date\" name=\"vacation_stop\" value=\"$value\" /></td>\n";
 if($PREF['vacation_comment'])
   $value = $PREF['vacation_comment'];
 else
@@ -351,7 +365,7 @@ echo '            <td>'._('comment:')."<input type=\"text\" id=\"vacation_commen
 if($changed_vacation == 1) echo _('changed');
 if($changed_vacation == -1) echo _('wrong date format');
 echo "</td></tr>\n";
-echo '<tr><td></td><td>'._('use YYYY-MM-DD').'</td><td>'._("use '-'  in start field to unset vacation")."</td></tr>\n";
+echo '<tr><td></td><td colspan="2">'._("set both dates to the same day to end vacation")."</td></tr>\n";
 echo '        <tr><td>'._('Notification').":          </td><td>\n";
 echo "          <select id=\"notify\" name=\"notify\" size=\"1\">\n";
 if($PREF['email']=="emailaddict")
@@ -424,18 +438,18 @@ if($PREF['autosetup']=="yes")
 echo "         </select>";
 if($changed_autosetup) echo _('changed');
 echo " </td></tr>\n";
-echo "    <tr><td>Sorting:          </td><td>\n";
+echo '    <tr><td>'._('Sorting').":          </td><td>\n";
 
 echo "         <select id=\"sorting\" name=\"sorting\" size=\"1\">\n";
 if($PREF['sorting']=="high-low")
   {
-    echo "           <option value=\"high-low\" selected=\"selected\">high to low</option>\n";
-    echo "           <option value=\"low-high\">low to high</option>\n";
+    echo "           <option value=\"high-low\" selected=\"selected\">"._('high to low')."</option>\n";
+    echo "           <option value=\"low-high\">"._('low to high')."</option>\n";
   }
  else
    {
-     echo "           <option value=\"high-low\">high to low</option>\n";
-     echo "           <option value=\"low-high\" selected=\"selected\">low to high</option>\n";
+     echo "           <option value=\"high-low\">"._('high to low')."</option>\n";
+     echo "           <option value=\"low-high\" selected=\"selected\">"._('low to high')."</option>\n";
    }
 echo "         </select>";
 if($changed_sorting) echo _('changed');
@@ -444,13 +458,13 @@ echo '        <tr><td>'._('Open for new games').":          </td><td>\n";
 echo "         <select id=\"open_for_games\" name=\"open_for_games\" size=\"1\">\n";
 if($PREF['open_for_games']=="no")
   {
-    echo "           <option value=\"yes\">"._('yes')."</option>\n";
-    echo "           <option value=\"no\" selected=\"selected\">no</option>\n";
+    echo '           <option value="yes">'._('yes')."</option>\n";
+    echo '           <option value="no" selected="selected">'._('no')."</option>\n";
   }
  else /* default */
    {
-     echo "           <option value=\"yes\" selected=\"selected\">yes</option>\n";
-     echo "           <option value=\"no\">"._('no')."</option>\n";
+     echo '           <option value="yes" selected="selected">'._('yes')."</option>\n";
+     echo '           <option value="no">'._('no')."</option>\n";
    }
 echo "         </select>";
 if($changed_openforgames) echo _('changed');
@@ -458,16 +472,16 @@ echo " </td></tr>\n";
 
 echo '    <tr><td>'.('Card set').":              </td><td>\n";
 echo "         <select id=\"cards\" name=\"cards\" size=\"1\">\n";
-if($PREF['cardset']=="altenburg")
+if($PREF['cardset']=="english2")
   {
-    echo "           <option value=\"altenburg\" selected=\"selected\">"._('German cards')."</option>\n";
-    echo "           <option value=\"english\">"._('English cards')."</option>\n";
+    echo "           <option value=\"english\" >"._('English cards')."</option>\n";
+    echo "           <option value=\"english2\" selected=\"selected\">"._('English cards 2')."</option>\n";
   }
- else
+ else /* default */
    {
-     echo "           <option value=\"altenburg\">"._('German cards')."</option>\n";
      echo "           <option value=\"english\" selected=\"selected\">"._('English cards')."</option>\n";
-   }
+     echo "           <option value=\"english2\" >"._('English cards 2')."</option>\n";
+   };
 echo "         </select>";
 if($changed_cards) echo _('changed');
 echo " </td></tr>\n";
@@ -520,7 +534,7 @@ $openids = DB_GetOpenIDsByUser($myid);
 if(sizeof($openids))
   {
     echo "     <table class=\"openid\">\n";
-    echo "     <thead><tr><th>Delete?</th><th>OpenId</th></tr></thead>\n";
+    echo '     <thead><tr><th>'._('Delete')."?</th><th>OpenId</th></tr></thead>\n";
     echo "     <tbody>\n";
     foreach ($openids as $ids)
       {
@@ -538,8 +552,16 @@ if($changed_openid)
 echo "    </fieldset>\n";
 echo '    <fieldset><legend>'._('Submit')."</legend><input type=\"submit\"  name=\"passwd\" value=\"set\" /></fieldset>\n";
 echo "  </form>\n";
-echo ' <p>'._('E-DoKo uses <a href=\"http://www.gravatar.org\">gravatars</a> as icons.').'</p>';
+echo ' <p>'._('E-DoKo uses <a href="http://www.gravatar.org">gravatars</a> as icons.').'</p>';
 echo "</div>\n";
 
+// add jquery date picker if html5 is not available
+?>
+<script>
+  $(".date").dateinput({  format: 'yyyy-mm-dd'  });
+</script>
+<?php
+
+
 return;
 ?>
\ No newline at end of file