Project

General

Profile

1 1313 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         preferences
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.4.9 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18
19
20
// Print admin header
21
require('../../config.php');
22
require_once(WB_PATH.'/framework/class.admin.php');
23
$admin = new admin('Preferences');
24
$js_back = "javascript: history.go(-1);"; // Create a javascript back link
25
26
function save_preferences( &$admin, &$database)
27
{
28
	global $MESSAGE;
29
	$err_msg = array();
30
	$min_pass_length = 6;
31
// first check form-tan
32
	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['PAGES']['NOT_SAVED']; }
33
// Get entered values and validate all
34
	// remove any dangerouse chars from display_name
35
	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
36
	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
37
	// check that display_name is unique in whoole system (prevents from User-faking)
38
	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
39
	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
40
	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
41
// language must be 2 upercase letters only
42
	$language         = strtoupper($admin->get_post('language'));
43
	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
44
// timezone must be between -12 and +13  or -20 as system_default
45
	$timezone         = $admin->get_post('timezone');
46
	$timezone         = (is_numeric($timezone) ? $timezone : -20);
47
	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
48
// date_format must be a key from /interface/date_formats
49
	$date_format      = $admin->get_post('date_format');
50
	$user_time = true;
51
	include( ADMIN_PATH.'/interface/date_formats.php' );
52
	$date_format = (array_key_exists($date_format, $DATE_FORMATS) ? $date_format :	$DATE_FORMATS['system_default']);
53
	$date_format = ($DATE_FORMATS['system_default'] == $date_format ? '' : $date_format);
54
	unset($DATE_FORMATS);
55
// time_format must be a key from /interface/time_formats
56
	$time_format      = $admin->get_post('time_format');
57
	$user_time = true;
58
	include( ADMIN_PATH.'/interface/time_formats.php' );
59
	$time_format = (array_key_exists($time_format, $TIME_FORMATS) ? $time_format :	$TIME_FORMATS['system_default']);
60
	$time_format = ($TIME_FORMATS['system_default'] == $time_format ? '' : $time_format);
61
	unset($TIME_FORMATS);
62
// email should be validatet by core
63
	$email            = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
64
	if( !$admin->validate_email($email) )
65
	{
66
		$email = '';
67
		$err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
68
	}else {
69
	// check that email is unique in whoole system
70
		$email = $admin->add_slashes($email);
71
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
72
		$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
73
		if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
74
	}
75
// receive password vars and calculate needed action
76
	$current_password = $admin->get_post('current_password');
77
	$current_password = ($current_password == null ? '' : $current_password);
78
	$new_password_1   = $admin->get_post('new_password_1');
79
	$new_password_1   = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
80
	$new_password_2   = $admin->get_post('new_password_2');
81
	$new_password_2   = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
82
	if($current_password == '')
83
	{
84
		$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
85
	}else {
86
	// if new_password is empty, still let current one
87
		if( $new_password_1 == '' )
88
		{
89
			$new_password_1 = $current_password;
90
			$new_password_2 = $current_password;
91
		}
92
93
	// is password lenght matching min_pass_lenght ?
94
		if( $new_password_1 != $current_password )
95
		{
96
			if( strlen($new_password_1) < $min_pass_length )
97
			{
98
				$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
99
			}
100
			$pattern = '/[^'.$admin->password_chars.']/';
101
			if( preg_match($pattern, $new_password_1) )
102
			{
103
				$err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
104
			}
105
		}
106
	// is password lenght matching min_pass_lenght ?
107
		if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
108
		{
109
			$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
110
		}
111
	// password_1 matching password_2 ?
112
		if( $new_password_1 != $new_password_2 )
113
		{
114
			$err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
115
		}
116
	}
117
	$current_password = md5($current_password);
118
	$new_password_1   = md5($new_password_1);
119
	$new_password_2   = md5($new_password_2);
120
// if no validation errors, try to update the database, otherwise return errormessages
121
	if(sizeof($err_msg) == 0)
122
	{
123
		$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
124
		$sql .= 'SET `display_name` = "'.$display_name.'", ';
125
		$sql .=     '`password` = "'.$new_password_1.'", ';
126
		$sql .=     '`email` = "'.$email.'", ';
127
		$sql .=     '`language` = "'.$language.'", ';
128
		$sql .=     '`timezone` = "'.$timezone.'", ';
129
		$sql .=     '`date_format` = "'.$date_format.'", ';
130
		$sql .=     '`time_format` = "'.$time_format.'" ';
131
		$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
132
		if( $database->query($sql) )
133
		{
134
			$sql_info = mysql_info($database->db_handle);
135
			if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
136
			{  // if the user_id and password dosn't match
137
				$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
138
			}else {
139
				// update successfull, takeover values into the session
140
				$_SESSION['DISPLAY_NAME'] = $display_name;
141
				$_SESSION['LANGUAGE'] = $language;
142
				$_SESSION['TIMEZONE'] = $timezone;
143
				$_SESSION['EMAIL'] = $email;
144
				// Update date format
145
				if($date_format != '') {
146
					$_SESSION['DATE_FORMAT'] = $date_format;
147
					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
148
				} else {
149
					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
150
					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
151
				}
152
				// Update time format
153
				if($time_format != '') {
154
					$_SESSION['TIME_FORMAT'] = $time_format;
155
					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
156
				} else {
157
					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
158
					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
159
				}
160
			}
161
		}else {
162
			$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
163
		}
164
	}
165
	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
166
}
167
$retval = save_preferences($admin, $database);
168
if( $retval == '')
169
{
170
	$admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
171
	$admin->print_footer();
172
}else {
173
	$admin->print_error($retval, $js_back);
174
}
175
176
?>