X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fpreferences.php;h=f0b33daeb7e2b98e3e1ff191e380ee264636aee4;hp=8b3937dba84c7d2d2ddbae553ec0279b0154bd83;hb=d0d40e3329fdb97e082636b49b459c4301d35f15;hpb=c757506a0a598593115c377a6e4acf399f4d2b83
diff --git a/include/preferences.php b/include/preferences.php
index 8b3937d..f0b33da 100644
--- a/include/preferences.php
+++ b/include/preferences.php
@@ -1,4 +1,23 @@
+ *
+ * This file is part of e-DoKo.
+ *
+ * e-DoKo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * e-DoKo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with e-DoKo. If not, see .
+ *
+ */
+
/* make sure that we are not called from outside the scripts,
* use a variable defined in config.php to check this
*/
@@ -24,11 +43,15 @@ $changed_openforgames = 0;
$changed_vacation = 0;
$changed_openid = 0;
$changed_digest = 0;
+$changed_language = 0;
display_user_menu($myid);
/* get old infos */
$PREF = DB_get_PREF($myid);
+/* set language chosen in preferences, will become active on the next reload (see index.php)*/
+$_SESSION['language'] = $PREF['language'];
+set_language($PREF['language']);
$timezone = DB_get_user_timezone($myid);
DB_update_user_timestamp($myid);
@@ -66,14 +89,14 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
$changed_vacation = -1;
/* test if we should delete the entry */
- if($vacation_start == '- 00:00:00')
+ if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop'])
{
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
$changed_vacation = 1;
}
/* change in database if format is ok */
@@ -83,12 +106,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
if($vacation_start!=$PREF['vacation_start'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',".
DB_quote_smart($vacation_start).")");
$changed_vacation = 1;
@@ -98,12 +121,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
if($vacation_stop!=$PREF['vacation_stop'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',".
DB_quote_smart($vacation_stop).")");
$changed_vacation = 1;
@@ -113,12 +136,12 @@ if(myisset('vacation_start','vacation_stop','vacation_comment') &&
if($vacation_comment!=$PREF['vacation_comment'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',".
DB_quote_smart($vacation_comment).")");
$changed_vacation = 1;
@@ -144,12 +167,12 @@ if(myisset("cards"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',".
DB_quote_smart($cards).")");
$changed_cards = 1;
}
@@ -162,12 +185,12 @@ if(myisset("notify"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',".
DB_quote_smart($notify).")");
$changed_notify=1;
}
@@ -180,12 +203,12 @@ if(myisset("digest"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest).
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',".
DB_quote_smart($digest).")");
$changed_digest=1;
}
@@ -198,12 +221,12 @@ if(myisset("autosetup"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',".
DB_quote_smart($autosetup).")");
$changed_autosetup=1;
}
@@ -216,12 +239,12 @@ if(myisset("sorting"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',".
DB_quote_smart($sorting).")");
$changed_sorting=1;
}
@@ -234,26 +257,26 @@ if(myisset("open_for_games"))
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',".
DB_quote_smart($openforgames).")");
$changed_openforgames=1;
}
}
-if(myisset("password0") && $_REQUEST["password0"]!="" )
+if(myisset("password0","password1","password2") && $_REQUEST["password0"]!="" && $_REQUEST["password0"]!= $_REQUEST["password1"])
{
$changed_password = 1;
/* check if old password matches */
- $oldpasswd = md5($_REQUEST["password0"]);
- $password = DB_get_passwd_by_userid($myid);
- if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+ $result = verify_password($email, $_REQUEST["password0"]);
+
+ if( $result!=0 )
$changed_password = -1;
/* check if new password has been typed in correctly */
@@ -266,8 +289,19 @@ if(myisset("password0") && $_REQUEST["password0"]!="" )
if($changed_password==1)
{
- DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create and random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST["password1"], '$2y$12$' . $salt);
+
+ DB_query("UPDATE User SET password='".$hash.
"' WHERE id=".DB_quote_smart($myid));
+
+ /* in case this was done using a recovery password delete that password */
+ $tmppasswd = md5($_REQUEST["password0"]);
+ if(DB_check_recovery_passwords($tmppasswd,$email))
+ DB_delete_recovery_passwords($myid);
}
/* error output below */
}
@@ -278,6 +312,25 @@ if(myisset("openid_url") && $_REQUEST['openid_url']!='')
DB_AttachOpenID($openid_url, $myid);
}
+if(myisset("language"))
+ {
+ $language = $_REQUEST['language'];
+ if($language != $PREF['language'])
+ {
+ /* check if we already have an entry for the user, if so change it, if not create new one */
+ $result = DB_query("SELECT * from User_Prefs".
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
+ if( DB_fetch_array($result))
+ $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language).
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
+ else
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',".
+ DB_quote_smart($language).")");
+ $changed_language = 1;
+ }
+ }
+
+
/* get infos again in case they have changed */
$PREF = DB_get_PREF($myid);
$timezone = DB_get_user_timezone($myid);
@@ -288,189 +341,183 @@ $timezone = DB_get_user_timezone($myid);
echo "
\n";
echo "
\n";
+echo '
'._('E-DoKo uses gravatars as icons.').'
';
echo "
\n";
+// add jquery date picker if html5 is not available
+?>
+
+
\ No newline at end of file