X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=a69fd5659177b0780b34c6682ff31076204ac7bb;hp=b30e7cb365fe5782a513cff7fc704f1a6e55ef9b;hb=993e166c1634e0329547ea240e948e3feadef5ad;hpb=36702d88963e5646c3e715f72c31ec75f7cb0fcb diff --git a/include/preferences.php b/include/preferences.php index b30e7cb..a69fd56 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -1,5 +1,5 @@ +/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud * * This file is part of e-DoKo. * @@ -49,6 +49,9 @@ display_user_menu($myid); /* get old infos */ $PREF = DB_get_PREF($myid); +/* set language chosen in preferences, will become active on the next reload (see index.php)*/ +$_SESSION['language'] = $PREF['language']; +set_language($PREF['language']); $timezone = DB_get_user_timezone($myid); DB_update_user_timestamp($myid); @@ -86,14 +89,14 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && $changed_vacation = -1; /* test if we should delete the entry */ - if($vacation_start == '- 00:00:00') + if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop']) { $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); $result = DB_query("DELETE FROM User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); $changed_vacation = 1; } /* change in database if format is ok */ @@ -103,12 +106,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_start!=$PREF['vacation_start']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start). - " WHERE user_id='$myid' AND pref_key='vacation start'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',". DB_quote_smart($vacation_start).")"); $changed_vacation = 1; @@ -118,12 +121,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_stop!=$PREF['vacation_stop']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop). - " WHERE user_id='$myid' AND pref_key='vacation stop'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',". DB_quote_smart($vacation_stop).")"); $changed_vacation = 1; @@ -133,12 +136,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') && if($vacation_comment!=$PREF['vacation_comment']) { $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment). - " WHERE user_id='$myid' AND pref_key='vacation comment'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',". DB_quote_smart($vacation_comment).")"); $changed_vacation = 1; @@ -164,12 +167,12 @@ if(myisset("cards")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards). - " WHERE user_id='$myid' AND pref_key='cardset'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',". DB_quote_smart($cards).")"); $changed_cards = 1; } @@ -182,12 +185,12 @@ if(myisset("notify")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify). - " WHERE user_id='$myid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',". DB_quote_smart($notify).")"); $changed_notify=1; } @@ -200,12 +203,12 @@ if(myisset("digest")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='digest'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest). - " WHERE user_id='$myid' AND pref_key='digest'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',". DB_quote_smart($digest).")"); $changed_digest=1; } @@ -218,12 +221,12 @@ if(myisset("autosetup")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup). - " WHERE user_id='$myid' AND pref_key='autosetup'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',". DB_quote_smart($autosetup).")"); $changed_autosetup=1; } @@ -236,12 +239,12 @@ if(myisset("sorting")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting). - " WHERE user_id='$myid' AND pref_key='sorting'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',". DB_quote_smart($sorting).")"); $changed_sorting=1; } @@ -254,12 +257,12 @@ if(myisset("open_for_games")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='open for games'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames). - " WHERE user_id='$myid' AND pref_key='open for games'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',". DB_quote_smart($openforgames).")"); $changed_openforgames=1; } @@ -271,9 +274,9 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & $changed_password = 1; /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - $password = DB_get_passwd_by_userid($myid); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) + $result = verify_password($email, $_REQUEST["password0"]); + + if( $result!=0 ) $changed_password = -1; /* check if new password has been typed in correctly */ @@ -286,8 +289,19 @@ if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" & if($changed_password==1) { - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). + // create a password hash using the crypt function, need php 5.3 for this + // create and random salt + $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); + // hash incoming password using 12 rounds of blowfish + $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt); + + DB_query("UPDATE User SET password='".$hash. "' WHERE id=".DB_quote_smart($myid)); + + /* in case this was done using a recovery password delete that password */ + $tmppasswd = md5($_REQUEST["password0"]); + if(DB_check_recovery_passwords($tmppasswd,$email)) + DB_delete_recovery_passwords($myid); } /* error output below */ } @@ -305,12 +319,12 @@ if(myisset("language")) { /* check if we already have an entry for the user, if so change it, if not create new one */ $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='language'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); if( DB_fetch_array($result)) $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language). - " WHERE user_id='$myid' AND pref_key='language'" ); + " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" ); else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','language',". + $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',". DB_quote_smart($language).")"); $changed_language = 1; } @@ -327,22 +341,22 @@ $timezone = DB_get_user_timezone($myid); echo "
\n"; echo "
\n"; -echo '

'._('Your settings are')."

\n"; +echo '

'._('Your settings')."

\n"; echo "
\n"; echo ' '._('Game-related')."\n"; echo " \n"; -echo ' \n"; +echo ' \n"; if($PREF['vacation_start']) $value = substr($PREF['vacation_start'],0,10); else $value = ''; -echo " \n"; +echo " \n"; if($PREF['vacation_stop']) $value = substr($PREF['vacation_stop'],0,10); else $value = ''; -echo " \n"; +echo " \n"; if($PREF['vacation_comment']) $value = $PREF['vacation_comment']; else @@ -351,8 +365,8 @@ echo ' \n"; -echo "\n"; -echo " \n"; +echo ' \n"; -echo " \n"; -echo " \n"; -echo " \n"; -echo " \n"; -echo " \n"; echo "
'._('Vacation:')."
'._('Vacation').": start:"._('start').":stop:"._('stop').":'._('comment:')."
use YYYY-MM-DDuse '-' in start field to unset vacation
Notification: \n"; +echo '
'._("set both dates to the same day to end vacation")."
'._('Notification').": \n"; echo " "; if($changed_notify) echo _('changed'); echo "
Digest: \n"; +echo '
'._('Digest').": \n"; echo "
Autosetup: \n"; +echo '
'._('Autosetup').": \n"; echo " "; if($changed_autosetup) echo _('changed'); echo "
Sorting: \n"; +echo '
'._('Sorting').": \n"; echo " "; if($changed_sorting) echo _('changed'); echo "
Open for new games: \n"; +echo '
'._('Open for new games').": \n"; echo " "; if($changed_openforgames) echo _('changed'); echo "
Card set: \n"; +echo '
'.('Card set').": \n"; echo " "; if($changed_cards) echo _('changed'); echo "
\n"; echo "
\n"; echo "
\n"; -echo " Personal\n"; +echo ' '._('Personal')."\n"; echo " \n"; -echo " \n"; -echo " \n"; +echo ' \n"; -echo " \n"; -echo " \n"; -echo " \n"; -echo " \n"; echo "
Email: $email
Timezone: \n"; +echo '
'._('Email').": $email
'._('Timezone').": \n"; output_select_timezone("timezone",$timezone); if($changed_timezone) echo _('changed'); echo "
Language: \n"; +echo '
'._('Language').": \n"; output_select_language("language",$PREF['language']); if($changed_language == 1) echo _('changed'); echo "
Password(old): ", +echo '
'._('Password(old)').": ", ""; switch($changed_password) { case '-3': - echo "The new passwords is not long enough (you need at least 4 characters)."; + echo _('The new passwords is not long enough (you need at least 4 characters).'); break; case '-2': - echo "The new passwords don't match."; + echo _('The new passwords don\'t match.'); break; case '-1': - echo "The old password is not correct."; + echo _('The old password is not correct.'); break; case '1': echo _('changed'); break; } echo "
Password(new): ", +echo '
'._('Password(new)').": ", "", "
Password(new, retype): ", +echo '
'._('Password(new, retype)').": ", "", "
\n"; echo "
\n"; echo "
\n"; -echo " OpenID\n"; +echo ' '._('OpenID')."\n"; $openids = array(); $openids = DB_GetOpenIDsByUser($myid); @@ -520,7 +534,7 @@ $openids = DB_GetOpenIDsByUser($myid); if(sizeof($openids)) { echo " \n"; - echo " \n"; + echo ' \n"; echo " \n"; foreach ($openids as $ids) { @@ -531,15 +545,23 @@ if(sizeof($openids)) echo "
Delete?OpenId
'._('Delete')."?OpenId
\n"; } -echo " add OpenID: ", +echo ' '._('add OpenID').': ', ""; if($changed_openid) - echo " Deleted some OpenIDs!
\n"; + echo ' '._('Deleted some OpenIDs!')."
\n"; echo "
\n"; -echo "
Submit
\n"; +echo '
'._('Submit')."
\n"; echo "
\n"; -echo "

E-DoKo uses gravatars as icons.

"; +echo '

'._('E-DoKo uses gravatars as icons.').'

'; echo "
\n"; +// add jquery date picker if html5 is not available +?> + + \ No newline at end of file