X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=a69fd5659177b0780b34c6682ff31076204ac7bb;hp=775c4b2d6ef359de26afcce6526d08df31a5f3d2;hb=993e166c1634e0329547ea240e948e3feadef5ad;hpb=b568d14fe83e919b41452d8ae5b57a7dedc671cf diff --git a/include/preferences.php b/include/preferences.php index 775c4b2..a69fd56 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -1,35 +1,157 @@ + * + * This file is part of e-DoKo. + * + * e-DoKo is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * e-DoKo is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with e-DoKo. If not, see . + * + */ + /* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ if(!isset($HOST)) exit; +include_once('openid.php'); + $name = $_SESSION["name"]; $email = DB_get_email('name',$name); -$myid = DB_get_userid('email',$email); +$myid = DB_get_userid('email',$email); if(!$myid) return; /* track what got changed */ -$changed_notify = 0; -$changed_password = 0; -$changed_cards = 0; -$changed_timezone = 0; -$changed_autosetup = 0; +$changed_notify = 0; +$changed_password = 0; +$changed_cards = 0; +$changed_timezone = 0; +$changed_autosetup = 0; +$changed_sorting = 0; +$changed_openforgames = 0; +$changed_vacation = 0; +$changed_openid = 0; +$changed_digest = 0; +$changed_language = 0; display_user_menu($myid); /* get old infos */ $PREF = DB_get_PREF($myid); +/* set language chosen in preferences, will become active on the next reload (see index.php)*/ +$_SESSION['language'] = $PREF['language']; +set_language($PREF['language']); $timezone = DB_get_user_timezone($myid); DB_update_user_timestamp($myid); -/* does the user want to change some preferences? */ +/* does the user want to change some preferences? + * update the database and track changes with a variable, so that + * we can later highlight the changed value + */ + +/* check for deleted openids */ +foreach($_REQUEST as $key=>$value) +{ + if(strstr($key,"delete-openid-")) + { + /* found and openid to delete */ + $DelOpenID = substr(str_replace("_",".",$key),14); + DB_DetachOpenID($DelOpenID, $myid); + $changed_openid = 1; + } +} + + +if(myisset('vacation_start','vacation_stop','vacation_comment') && + ($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='') + ) + { + $vacation_start = $_REQUEST['vacation_start'].' 00:00:00'; + $vacation_stop = $_REQUEST['vacation_stop'].' 23:59:59'; + $vacation_comment = $_REQUEST['vacation_comment']; + + /* check if everything is valid */ + if(!strtotime($vacation_start)) + $changed_vacation = -1; + if(!strtotime($vacation_stop)) + $changed_vacation = -1; + + /* test if we should delete the entry */ + if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop']) + { + $result = DB_query("DELETE FROM User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); + $result = DB_query("DELETE FROM User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); + $result = DB_query("DELETE FROM User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); + $changed_vacation = 1; + } + /* change in database if format is ok */ + else if($changed_vacation>=0) + { + /* only change if different from current value */ + if($vacation_start!=$PREF['vacation_start']) + { + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',". + DB_quote_smart($vacation_start).")"); + + $changed_vacation = 1; + } + + /* same for the stop date */ + if($vacation_stop!=$PREF['vacation_stop']) + { + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',". + DB_quote_smart($vacation_stop).")"); + + $changed_vacation = 1; + } + + /* does the user want to add a comment? */ + if($vacation_comment!=$PREF['vacation_comment']) + { + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',". + DB_quote_smart($vacation_comment).")"); + + $changed_vacation = 1; + } + } + } + if(myisset("timezone")) { - $newtimezone=$_REQUEST['timezone']; + $newtimezone = $_REQUEST['timezone']; if($newtimezone != $timezone) { DB_query("UPDATE User SET timezone=".DB_quote_smart($newtimezone). @@ -45,12 +167,12 @@ if(myisset("cards")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards). - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',". DB_quote_smart($cards).")"); $changed_cards = 1; } @@ -63,17 +185,35 @@ if(myisset("notify")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify). - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',". DB_quote_smart($notify).")"); $changed_notify=1; } } +if(myisset("digest")) + { + $digest=$_REQUEST['digest']; + if($digest != $PREF['digest']) + { + /* check if we already have an entry for the user, if so change it, if not create new one */ + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',". + DB_quote_smart($digest).")"); + $changed_digest=1; + } + } + if(myisset("autosetup")) { $autosetup = $_REQUEST['autosetup']; @@ -81,12 +221,12 @@ if(myisset("autosetup")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup). - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',". DB_quote_smart($autosetup).")"); $changed_autosetup=1; } @@ -99,26 +239,44 @@ if(myisset("sorting")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting). - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',". DB_quote_smart($sorting).")"); $changed_sorting=1; } } +if(myisset("open_for_games")) + { + $openforgames = $_REQUEST['open_for_games']; + if($openforgames != $PREF['open_for_games']) + { + /* check if we already have an entry for the user, if so change it, if not create new one */ + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',". + DB_quote_smart($openforgames).")"); + $changed_openforgames=1; + } + } -if(myisset("password0") && $_REQUEST["password0"]!="" ) + +if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" && $_REQUEST["password0"]!= $_REQUEST["password1"]) { $changed_password = 1; /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - $password = DB_get_passwd_by_userid($myid); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) + $result = verify_password($email, $_REQUEST["password0"]); + + if( $result!=0 ) $changed_password = -1; /* check if new password has been typed in correctly */ @@ -131,120 +289,279 @@ if(myisset("password0") && $_REQUEST["password0"]!="" ) if($changed_password==1) { - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). + // create a password hash using the crypt function, need php 5.3 for this + // create and random salt + $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); + // hash incoming password using 12 rounds of blowfish + $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt); + + DB_query("UPDATE User SET password='".$hash. "' WHERE id=".DB_quote_smart($myid)); + + /* in case this was done using a recovery password delete that password */ + $tmppasswd = md5($_REQUEST["password0"]); + if(DB_check_recovery_passwords($tmppasswd,$email)) + DB_delete_recovery_passwords($myid); } /* error output below */ } +if(myisset("openid_url") && $_REQUEST['openid_url']!='') + { + $openid_url = OpenIDUrlEncode($_REQUEST['openid_url']); + DB_AttachOpenID($openid_url, $myid); + } + +if(myisset("language")) + { + $language = $_REQUEST['language']; + if($language != $PREF['language']) + { + /* check if we already have an entry for the user, if so change it, if not create new one */ + $result = DB_query("SELECT * from User_Prefs". + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); + if( DB_fetch_array($result)) + $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language). + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); + else + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',". + DB_quote_smart($language).")"); + $changed_language = 1; + } + } + + /* get infos again in case they have changed */ $PREF = DB_get_PREF($myid); $timezone = DB_get_user_timezone($myid); -/* output settings */ +/* + * output settings + */ echo "
\n"; echo "
\n"; -echo "

Your settings are

\n"; -echo " \n"; -echo " \n"; -echo "
Email: $email
Timezone: "; -output_select_timezone("timezone",$timezone); -if($changed_timezone) echo "changed"; +echo '

'._('Your settings')."

\n"; +echo "
\n"; +echo ' '._('Game-related')."\n"; +echo " \n"; + +echo ' \n"; +if($PREF['vacation_start']) + $value = substr($PREF['vacation_start'],0,10); + else + $value = ''; +echo " \n"; +if($PREF['vacation_stop']) + $value = substr($PREF['vacation_stop'],0,10); + else + $value = ''; +echo " \n"; +if($PREF['vacation_comment']) + $value = $PREF['vacation_comment']; +else + $value = ''; +echo ' \n"; -echo " \n"; +echo ' \n"; + +echo ' \n"; + + +echo ' \n"; -echo " \n"; -echo " \n"; -echo " \n"; -echo "
'._('Vacation').": "._('start').":"._('stop').":'._('comment:').""; +if($changed_vacation == 1) echo _('changed'); +if($changed_vacation == -1) echo _('wrong date format'); echo "
Notification: "; - -echo " \n"; -if($changed_notify) echo "changed"; +echo '
'._("set both dates to the same day to end vacation")."
'._('Notification').": \n"; +echo " "; +if($changed_notify) echo _('changed'); +echo "
'._('Digest').": \n"; +echo " "; +if($changed_digest) echo _('changed'); +echo "
'._('Autosetup').": \n"; +echo " "; +if($changed_autosetup) echo _('changed'); echo "
Autosetup: "; - -echo " \n"; -if($changed_autosetup) echo "changed"; +echo '
'._('Sorting').": \n"; + +echo " "; +if($changed_sorting) echo _('changed'); echo "
Sorting: "; - -echo " \n"; -if($changed_sorting) echo "changed"; +echo '
'._('Open for new games').": \n"; +echo " "; +if($changed_openforgames) echo _('changed'); echo "
Card set: "; - -echo " \n"; -if($changed_cards) echo "changed"; + +echo '
'.('Card set').": \n"; +echo " "; +if($changed_cards) echo _('changed'); echo "
Password(old): ", +echo "
\n"; +echo "
\n"; +echo "
\n"; +echo ' '._('Personal')."\n"; +echo " \n"; +echo ' \n"; +echo ' \n"; +echo ' \n"; +echo ' \n"; -echo " \n"; +echo ' \n"; -echo " \n"; -echo " ", - "\n"; -echo "
'._('Email').": $email
'._('Timezone').": \n"; +output_select_timezone("timezone",$timezone); +if($changed_timezone) echo _('changed'); +echo "
'._('Language').": \n"; +output_select_language("language",$PREF['language']); +if($changed_language == 1) echo _('changed'); +echo "
'._('Password(old)').": ", ""; switch($changed_password) { case '-3': - echo "The new passwords is not long enough (you need at least 4 characters)."; + echo _('The new passwords is not long enough (you need at least 4 characters).'); break; case '-2': - echo "The new passwords don't match."; + echo _('The new passwords don\'t match.'); break; case '-1': - echo "The old password is not correct."; + echo _('The old password is not correct.'); break; case '1': - echo "changed"; + echo _('changed'); break; } -echo "
Password(new): ", +echo "
'._('Password(new)').": ", "", "
Password(new, retype): ", +echo '
'._('Password(new, retype)').": ", "", "
\n"; +echo "
\n"; +echo " \n"; +echo "
\n"; +echo ' '._('OpenID')."\n"; + +$openids = array(); +$openids = DB_GetOpenIDsByUser($myid); + +if(sizeof($openids)) + { + echo " \n"; + echo ' \n"; + echo " \n"; + foreach ($openids as $ids) + { + $id=($ids[0]); + echo " \n"; + } + echo " \n"; + echo "
'._('Delete')."?OpenId
",$id, "
\n"; + } + +echo ' '._('add OpenID').': ', + ""; +if($changed_openid) + echo ' '._('Deleted some OpenIDs!')."
\n"; +echo "
\n"; +echo '
'._('Submit')."
\n"; echo "
\n"; +echo '

'._('E-DoKo uses gravatars as icons.').'

'; echo "
\n"; +// add jquery date picker if html5 is not available +?> + + \ No newline at end of file