X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=a69fd5659177b0780b34c6682ff31076204ac7bb;hp=4abaf3b9522883bf6a18037def1432190734ff5b;hb=993e166c1634e0329547ea240e948e3feadef5ad;hpb=a57cfa3be6ee0fbce336dc98e2862ac39f2b1add diff --git a/include/preferences.php b/include/preferences.php index 4abaf3b..a69fd56 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -1,4 +1,23 @@ + * + * This file is part of e-DoKo. + * + * e-DoKo is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * e-DoKo is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with e-DoKo. If not, see . + * + */ + /* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ @@ -23,11 +42,16 @@ $changed_sorting = 0; $changed_openforgames = 0; $changed_vacation = 0; $changed_openid = 0; +$changed_digest = 0; +$changed_language = 0; display_user_menu($myid); /* get old infos */ $PREF = DB_get_PREF($myid); +/* set language chosen in preferences, will become active on the next reload (see index.php)*/ +$_SESSION['language'] = $PREF['language']; +set_language($PREF['language']); $timezone = DB_get_user_timezone($myid); DB_update_user_timestamp($myid); @@ -65,14 +89,14 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && $changed_vacation = -1; /* test if we should delete the entry */ - if($vacation_start == '- 00:00:00') + if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop']) { $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); $changed_vacation = 1; } /* change in database if format is ok */ @@ -82,12 +106,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_start!=$PREF['vacation_start']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start). - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',". DB_quote_smart($vacation_start).")"); $changed_vacation = 1; @@ -97,12 +121,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_stop!=$PREF['vacation_stop']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop). - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',". DB_quote_smart($vacation_stop).")"); $changed_vacation = 1; @@ -112,12 +136,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_comment!=$PREF['vacation_comment']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment). - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',". DB_quote_smart($vacation_comment).")"); $changed_vacation = 1; @@ -143,12 +167,12 @@ if(myisset("cards")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards). - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',". DB_quote_smart($cards).")"); $changed_cards = 1; } @@ -161,17 +185,35 @@ if(myisset("notify")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify). - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',". DB_quote_smart($notify).")"); $changed_notify=1; } } +if(myisset("digest")) + { + $digest=$_REQUEST['digest']; + if($digest != $PREF['digest']) + { + /* check if we already have an entry for the user, if so change it, if not create new one */ + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',". + DB_quote_smart($digest).")"); + $changed_digest=1; + } + } + if(myisset("autosetup")) { $autosetup = $_REQUEST['autosetup']; @@ -179,12 +221,12 @@ if(myisset("autosetup")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup). - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',". DB_quote_smart($autosetup).")"); $changed_autosetup=1; } @@ -197,12 +239,12 @@ if(myisset("sorting")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting). - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',". DB_quote_smart($sorting).")"); $changed_sorting=1; } @@ -215,26 +257,26 @@ if(myisset("open_for_games")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='open for games'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames). - " WHERE user_id='$myid' AND pref_key='open for games'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',". DB_quote_smart($openforgames).")"); $changed_openforgames=1; } } -if(myisset("password0") && $_REQUEST["password0"]!="" ) +if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" && $_REQUEST["password0"]!= $_REQUEST["password1"]) { $changed_password = 1; /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - $password = DB_get_passwd_by_userid($myid); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) + $result = verify_password($email, $_REQUEST["password0"]); + + if( $result!=0 ) $changed_password = -1; /* check if new password has been typed in correctly */ @@ -247,8 +289,19 @@ if(myisset("password0") && $_REQUEST["password0"]!="" ) if($changed_password==1) { - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). + // create a password hash using the crypt function, need php 5.3 for this + // create and random salt + $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); + // hash incoming password using 12 rounds of blowfish + $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt); + + DB_query("UPDATE User SET password='".$hash. "' WHERE id=".DB_quote_smart($myid)); + + /* in case this was done using a recovery password delete that password */ + $tmppasswd = md5($_REQUEST["password0"]); + if(DB_check_recovery_passwords($tmppasswd,$email)) + DB_delete_recovery_passwords($myid); } /* error output below */ } @@ -259,6 +312,25 @@ if(myisset("openid_url") && $_REQUEST['openid_url']!='') DB_AttachOpenID($openid_url, $myid); } +if(myisset("language")) + { + $language = $_REQUEST['language']; + if($language != $PREF['language']) + { + /* check if we already have an entry for the user, if so change it, if not create new one */ + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',". + DB_quote_smart($language).")"); + $changed_language = 1; + } + } + + /* get infos again in case they have changed */ $PREF = DB_get_PREF($myid); $timezone = DB_get_user_timezone($myid); @@ -269,148 +341,192 @@ $timezone = DB_get_user_timezone($myid); echo "
\n"; echo "
\n"; -echo "

Your settings are

\n"; +echo '

'._('Your settings')."

\n"; echo "
\n"; -echo " Game-related\n"; +echo ' '._('Game-related')."\n"; echo " \n"; -echo " \n"; +echo ' \n"; if($PREF['vacation_start']) $value = substr($PREF['vacation_start'],0,10); else $value = ''; -echo " \n"; +echo " \n"; if($PREF['vacation_stop']) $value = substr($PREF['vacation_stop'],0,10); else $value = ''; -echo " \n"; +echo " \n"; if($PREF['vacation_comment']) $value = $PREF['vacation_comment']; else $value = ''; -echo " \n"; -echo "\n"; -echo " \n"; +echo ' \n"; -echo " \n"; + + +echo ' \n"; -echo " \n"; -echo " \n"; -echo " \n"; echo "
Vacation:
'._('Vacation').": start:"._('start').":stop:"._('stop').":comment:"; -if($changed_vacation == 1) echo "changed"; -if($changed_vacation == -1) echo "wrong date format"; +echo ' '._('comment:').""; +if($changed_vacation == 1) echo _('changed'); +if($changed_vacation == -1) echo _('wrong date format'); echo "
use YYYY-MM-DDuse '-' in start field to unset vacation
Notification: \n"; +echo '
'._("set both dates to the same day to end vacation")."
'._('Notification').": \n"; echo " "; -if($changed_notify) echo "changed"; +if($changed_notify) echo _('changed'); echo "
Autosetup: \n"; +echo '
'._('Digest').": \n"; +echo " "; +if($changed_digest) echo _('changed'); +echo "
'._('Autosetup').": \n"; echo " "; -if($changed_autosetup) echo "changed"; +if($changed_autosetup) echo _('changed'); echo "
Sorting: \n"; +echo '
'._('Sorting').": \n"; echo " "; -if($changed_sorting) echo "changed"; +if($changed_sorting) echo _('changed'); echo "
Open for new games: \n"; +echo '
'._('Open for new games').": \n"; echo " "; -if($changed_openforgames) echo "changed"; +if($changed_openforgames) echo _('changed'); echo "
Card set: \n"; +echo '
'.('Card set').": \n"; echo " "; -if($changed_cards) echo "changed"; +if($changed_cards) echo _('changed'); echo "
\n"; echo "
\n"; echo "
\n"; -echo " Personal\n"; +echo ' '._('Personal')."\n"; echo " \n"; -echo " \n"; -echo " \n"; +echo ' \n"; - -echo " \n"; +echo ' \n"; -echo " \n"; -echo " \n"; echo "
Email: $email
Timezone: \n"; +echo '
'._('Email').": $email
'._('Timezone').": \n"; output_select_timezone("timezone",$timezone); -if($changed_timezone) echo "changed"; +if($changed_timezone) echo _('changed'); echo "
Password(old): ", +echo '
'._('Language').": \n"; +output_select_language("language",$PREF['language']); +if($changed_language == 1) echo _('changed'); +echo "
'._('Password(old)').": ", ""; switch($changed_password) { case '-3': - echo "The new passwords is not long enough (you need at least 4 characters)."; + echo _('The new passwords is not long enough (you need at least 4 characters).'); break; case '-2': - echo "The new passwords don't match."; + echo _('The new passwords don\'t match.'); break; case '-1': - echo "The old password is not correct."; + echo _('The old password is not correct.'); break; case '1': - echo "changed"; + echo _('changed'); break; } echo "
Password(new): ", +echo '
'._('Password(new)').": ", "", "
Password(new, retype): ", +echo '
'._('Password(new, retype)').": ", "", "
\n"; echo "
\n"; echo "
\n"; -echo " OpenID\n"; +echo ' '._('OpenID')."\n"; $openids = array(); $openids = DB_GetOpenIDsByUser($myid); @@ -418,7 +534,7 @@ $openids = DB_GetOpenIDsByUser($myid); if(sizeof($openids)) { echo " \n"; - echo " \n"; + echo ' \n"; echo " \n"; foreach ($openids as $ids) { @@ -429,14 +545,23 @@ if(sizeof($openids)) echo "
Delete?OpenId
'._('Delete')."?OpenId
\n"; } -echo " add OpenID: ", +echo ' '._('add OpenID').': ', ""; if($changed_openid) - echo " Deleted some OpenIDs!
\n"; + echo ' '._('Deleted some OpenIDs!')."
\n"; echo "
\n"; -echo "
Submit
\n"; +echo '
'._('Submit')."
\n"; echo "
\n"; +echo '

'._('E-DoKo uses gravatars as icons.').'

'; echo "
\n"; +// add jquery date picker if html5 is not available +?> + + \ No newline at end of file