/trunk/admin/preferences/save.php - Annotate - WB 2.11.0 - Tracking

2

Manuela

<?php

2

/**

3

4

 * @category        admin

5

 * @package         preferences

6

 * @author          WebsiteBaker Project

7

 * @copyright       Ryan Djurovich

8

 * @copyright       WebsiteBaker Org. e.V.

9

 * @link            http://websitebaker.org/

10

 * @license         http://www.gnu.org/licenses/gpl.html

11

 * @platform        WebsiteBaker 2.8.3

12

 * @requirements    PHP 5.3.6 and higher

13

 * @version         $Id$

14

 * @filesource      $HeadURL$

15

 * @lastmodified    $Date$

16

17

*/

18

19

20

// Print admin header

21

22

if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }

23

if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }

24

// suppress to print the header, so no new FTAN will be set

25

$admin = new admin('Preferences','start', false);

26

27

function save_preferences( $admin, $database)

28

29

    global $MESSAGE;

30

    $err_msg = array();

31

    $iMinPassLength = 6;

32

    $bPassRequest = false;

33

    $bMailHasChanged = false;

34

// first check form-tan

35

    if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }

36

    $sLanguagesAddonDefaultFile = WB_PATH.'/account/languages/EN.php';

37

    if (is_readable($sLanguagesAddonDefaultFile)){include $sLanguagesAddonDefaultFile;}

38

    $sLanguagesAddonFile = WB_PATH.'/account/languages/'.LANGUAGE.'.php';

39

    if (is_readable($sLanguagesAddonFile)){include $sLanguagesAddonFile;}

40

// Get entered values and validate all

41

    // remove any dangerouse chars from display_name

42

//    $display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));

43

    $display_name = strip_tags( $admin->StripCodeFromText($admin->get_post('display_name')));

44

    $display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );

45

    // check that display_name is unique in whoole system (prevents from User-faking)

46

    $sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';

47

    $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';

48

    if( $database->get_one($sql) > 0 ){ $err_msg[] = ( @$MESSAGE['USERS_DISPLAYNAME_TAKEN']?:$MESSAGE['MEDIA_BLANK_NAME'].' ('.$TEXT['DISPLAY_NAME'].')'); }

49

// language must be 2 upercase letters only

50

    $language         = strtoupper($admin->get_post('language'));

51

    $language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);

52

    $user_time = true;

53

// timezone must be between -12 and +13  or -20 as system_default

54

    $timezone         = $admin->get_post('timezone');

55

    $timezone         = (is_numeric($timezone) ? $timezone : DEFAULT_TIMEZONE/3600);

56

    $timezone         = (($timezone >= -12 && $timezone <= 13) ? $timezone : DEFAULT_TIMEZONE/3600) * 3600;

57

58

// date_format must be a key from /interface/date_formats

59

    $date_format      = $admin->get_post('date_format');

60

    $date_format_key  = str_replace(' ', '|', $date_format);

61

    include( ADMIN_PATH.'/interface/date_formats.php' );

62

    $date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');

63

    $date_format = ($date_format == 'system_default' ? '' : $date_format);

64

    unset($DATE_FORMATS);

65

// time_format must be a key from /interface/time_formats

66

    $time_format      = $admin->get_post('time_format');

67

    $time_format_key  = str_replace(' ', '|', $time_format);

68

    $user_time = true;

69

    include( ADMIN_PATH.'/interface/time_formats.php' );

70

    $time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');

71

    $time_format = ($time_format == 'system_default' ? '' : $time_format);

72

    unset($TIME_FORMATS);

73

74

// email should be validatet by core

75

    $email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );

76

    if( (!$admin->validate_email($email)) )

77

78

        $email = '';

79

        $err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];

80

    }else {

81

        if($email != '') {

82

            $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '

83

                 . 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';

84

            $IsOldMail = $database->get_one($sql);

85

        // check that email is unique in whoole system

86

            $email = $admin->add_slashes($email);

87

            $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '

88

                 . 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';

89

            $checkMail = $database->get_one($sql);

90

91

            if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }

92

            $bMailHasChanged = ($email != $IsOldMail);

93

94

95

// receive password vars and calculate needed action

96

    $sCurrentPassword = $admin->get_post('current_password');

97

    $sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword);

98

    $sNewPassword = $admin->get_post('new_password_1');

99

    $sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);

100

    $sNewPasswordRetyped = $admin->get_post('new_password_2');

101

    $sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);

102

103

    if($bMailHasChanged == true)

104

105

        $bPassRequest = $bMailHasChanged;

106

    } else {

107

        $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;

108

109

110

// Check existing password

111

    $sql  = 'SELECT `password` ';

112

    $sql .= 'FROM `'.TABLE_PREFIX.'users` ';

113

    $sql .= 'WHERE `user_id` = '.$admin->get_user_id();

114

    if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql)) {

115

// access denied

116

        $err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];

117

    }else {

118

// validate new password

119

        $sPwHashNew = false;

120

        if($sNewPassword != '') {

121

            if(strlen($sNewPassword) < $iMinPassLength) {

122

                $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];

123

            }else {

124

                if($sNewPassword != $sNewPasswordRetyped) {

125

                    $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];

126

                }else {

127

                    $pattern = '/[^'.$admin->password_chars.']/';

128

                    if (preg_match($pattern, $sNewPassword)) {

129

                        $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];

130

                    }else {

131

                        $sPwHashNew = md5($sNewPassword);

// if no validation errors, try to update the database, otherwise return errormessages

137

        if(sizeof($err_msg) == 0)

138

139

            $sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';

140

            $sql .= 'SET `display_name`=\''.$database->escapeString($display_name).'\', ';

141

            if($sPwHashNew) {

142

                $sql .=     '`password`=\''.$database->escapeString($sPwHashNew).'\', ';

143

144

            if($email != '') {

145

                $sql .=     '`email`=\''.$database->escapeString($email).'\', ';

146

147

            $sql .= '`language`=\''.$database->escapeString($language).'\', '

148

                  . '`timezone`=\''.$database->escapeString($timezone).'\', '

149

                  . '`date_format`=\''.$database->escapeString($date_format).'\', '

150

                  . '`time_format`=\''.$database->escapeString($time_format).'\' '

151

                  . 'WHERE `user_id`='.(int)$admin->get_user_id();

152

            if( $database->query($sql) )

153

154

                // update successfull, takeover values into the session

155

                $_SESSION['DISPLAY_NAME'] = $display_name;

156

                $_SESSION['LANGUAGE'] = $language;

157

                $_SESSION['TIMEZONE'] = $timezone;

158

                $_SESSION['EMAIL'] = $email;

159

                // Update date format

160

                if($date_format != '') {

161

                    $_SESSION['DATE_FORMAT'] = $date_format;

162

                    if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }

163

                } else {

164

                    $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;

165

                    if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }

166

167

                // Update time format

168

                if($time_format != '') {

169

                    $_SESSION['TIME_FORMAT'] = $time_format;

170

                    if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }

171

                } else {

172

                    $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;

173

                    if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }

174

175

            }else {

176

                $err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;

    return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );

181

182

$retval = save_preferences($admin, $database);

183

if( $retval == '')

184

185

    // print the header

186

    $admin->print_header();

187

    $admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);

188

    $admin->print_footer();

189

}else {

190

    // print the header

191

    $admin->print_header();

192

    $admin->print_error($retval);

193

Project

General

Profile

WB 2.11.0

Project

General

Profile

WB 2.11.0

wb-2_10_x/trunk/admin/preferences/save.php @ 26