Project

General

Profile

« Previous | Next » 

Revision 1313

Added by Dietmar over 14 years ago

show_menu2 remove unneeded code for WB < 2.7
class.wb.php, recoding backend preference
add a language variable $MESSAGE['PREFERENCES']['INVALID_CHARS']
update theme.css & preference.htt in argos_theme & wb_theme
remove classic_theme

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12

  
13 13
------------------------------------- 2.8.1 -------------------------------------
14
11-Apr-2010 Dietmar Woellbrink (Luisehahne)
15
!	show_menu2 remove unneeded code for WB < 2.7
16
!	class.wb.php, recoding backend preference
17
+	add a language variable $MESSAGE['PREFERENCES']['INVALID_CHARS']
18
!	update theme.css for preference.htt in argos_theme & wb_theme
19
!	remove classic_theme
14 20
07-Apr-2010 Dietmar Woellbrink (Luisehahne)
15 21
#	Ticket #971 Using $_POST in Admin - account - login.php (tks to Aldus)
16 22
!	update class.wb.php added tokens function
branches/2.8.x/wb/admin/interface/version.php
52 52

  
53 53
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54 54
if(!defined('VERSION')) define('VERSION', '2.8.x');
55
if(!defined('REVISION')) define('REVISION', '1312');
55
if(!defined('REVISION')) define('REVISION', '1313');
56 56

  
57 57
?>
branches/2.8.x/wb/admin/preferences/details.php
1
<?php
2

  
3
/****************************************************************************
4
* SVN Version information:
5
*
6
* $Id$
7
*
8
*****************************************************************************
9
*
10
*****************************************************************************
11
*                          WebsiteBaker
12
*
13
* WebsiteBaker Project <http://www.websitebaker2.org/>
14
* Copyright (C) 2009, Website Baker Org. e.V.
15
*         http://start.websitebaker2.org/impressum-datenschutz.php
16
* Copyright (C) 2004-2009, Ryan Djurovich
17
*
18
*                        About WebsiteBaker
19
*
20
* Website Baker is a PHP-based Content Management System (CMS)
21
* designed with one goal in mind: to enable its users to produce websites
22
* with ease.
23
*
24
*****************************************************************************
25
*
26
*****************************************************************************
27
*                   WebsiteBaker Extra Information (where needed)
28
*
29
* @author       : Ryan Djurovich, stefan, Matthias Gallas, Manuel Lang
30
* @platform     : WebsiteBaker 2.8
31
*
32
*****************************************************************************
33
*
34
*****************************************************************************
35
*                        LICENSE INFORMATION
36
*
37
* WebsiteBaker is free software; you can redistribute it and/or
38
* modify it under the terms of the GNU General Public License
39
* as published by the Free Software Foundation; either version 2
40
* of the License, or (at your option) any later version.
41
*
42
* WebsiteBaker is distributed in the hope that it will be useful,
43
* but WITHOUT ANY WARRANTY; without even the implied warranty of
44
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
45
* See the GNU General Public License for more details.
46
*
47
* You should have received a copy of the GNU General Public License
48
* along with this program; if not, write to the Free Software
49
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
50
*****************************************************************************/
51

  
52
// Print admin header
53
require('../../config.php');
54
require_once(WB_PATH.'/framework/class.admin.php');
55
$admin = new admin('Preferences');
56

  
57
// Get entered values
58
$display_name = $admin->add_slashes(strip_tags($admin->get_post('display_name')));
59
$language = $admin->get_post('language');
60
$timezone = $admin->get_post('timezone')*60*60;
61
$date_format = $admin->get_post('date_format');
62
$time_format = $admin->get_post('time_format');
63

  
64
// Update the database
65
$database = new database();
66
$query = "UPDATE ".TABLE_PREFIX."users SET display_name = '$display_name', language = '$language', timezone = '$timezone', date_format = '$date_format', time_format = '$time_format' WHERE user_id = '".$admin->get_user_id()."'";
67
$database->query($query);
68
if($database->is_error()) {
69
	$admin->print_error($database->get_error());
70
} else {
71
	$admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
72
	$_SESSION['DISPLAY_NAME'] = $display_name;
73
	$_SESSION['LANGUAGE'] = $language;
74
	// Update date format
75
	if($date_format != '') {
76
		$_SESSION['DATE_FORMAT'] = $date_format;
77
		if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
78
	} else {
79
		$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
80
		if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
81
	}
82
	// Update time format
83
	if($time_format != '') {
84
		$_SESSION['TIME_FORMAT'] = $time_format;
85
		if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
86
	} else {
87
		$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
88
		if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
89
	}
90
	// Update timezone
91
	if($timezone != '-72000') {
92
		$_SESSION['TIMEZONE'] = $timezone;
93
		if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); }
94
	} else {
95
		$_SESSION['USE_DEFAULT_TIMEZONE'] = true;
96
		if(isset($_SESSION['TIMEZONE'])) { unset($_SESSION['TIMEZONE']); }
97
	}
98
}
99

  
100
// Print admin footer
101
$admin->print_footer();
102

  
103
?>
104 0

  
branches/2.8.x/wb/admin/preferences/email.php
1
<?php
2

  
3
// $Id$
4

  
5
/*
6

  
7
 Website Baker Project <http://www.websitebaker.org/>
8
 Copyright (C) 2004-2009, Ryan Djurovich
9

  
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14

  
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19

  
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23

  
24
*/
25

  
26
// Print admin header
27
require('../../config.php');
28
require_once(WB_PATH.'/framework/class.admin.php');
29
$admin = new admin('Preferences');
30

  
31
// Get entered values
32
$password = $admin->get_post('current_password');
33
$email = $admin->get_post('email');
34

  
35
// Create a javascript back link
36
$js_back = "javascript: history.go(-1);";
37

  
38
// Get password
39
$database = new database();
40
$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$admin->get_user_id()."' AND password = '".md5($password)."'";
41
$results = $database->query($query);
42

  
43
// Validate values
44
if($results->numRows() == 0) {
45
	$admin->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT']);
46
}
47
if(!$admin->validate_email($email)) {
48
	$admin->print_error($MESSAGE['USERS']['INVALID_EMAIL']);
49
}
50

  
51
$email = $admin->add_slashes($email);
52

  
53
// Update the database
54
$database = new database();
55
$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$admin->get_user_id()."'";
56
$database->query($query);
57
if($database->is_error()) {
58
	$admin->print_error($database->get_error);
59
} else {
60
	$admin->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED']);
61
	$_SESSION['EMAIL'] = $email;
62
}
63

  
64
// Print admin footer
65
$admin->print_footer();
66

  
67
?>
68 0

  
branches/2.8.x/wb/admin/preferences/password.php
1
<?php
2

  
3
// $Id$
4

  
5
/*
6

  
7
 Website Baker Project <http://www.websitebaker.org/>
8
 Copyright (C) 2004-2009, Ryan Djurovich
9

  
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14

  
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19

  
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23

  
24
*/
25

  
26
// Print admin header
27
require('../../config.php');
28
require_once(WB_PATH.'/framework/class.admin.php');
29
$admin = new admin('Preferences');
30

  
31
// Get entered values
32
$current_password = $admin->get_post('current_password');
33
$new_password = $admin->get_post('new_password');
34
$new_password2 = $admin->get_post('new_password2');
35

  
36
// Create a javascript back link
37
$js_back = "javascript: history.go(-1);";
38

  
39
// Get existing password
40
$database = new database();
41
$query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$admin->get_user_id()."' AND password = '".md5($current_password)."'";
42
$results = $database->query($query);
43

  
44
// Validate values
45
if($results->numRows() == 0) {
46
	$admin->print_error($MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT']);
47
}
48
if(strlen($new_password) < 3) {
49
	$admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back);
50
}
51
if($new_password != $new_password2) {
52
	$admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back);
53
}
54

  
55
// MD5 the password
56
$md5_password = md5($new_password);
57

  
58
// Update the database
59
$database = new database();
60
$query = "UPDATE ".TABLE_PREFIX."users SET password = '$md5_password' WHERE user_id = '".$admin->get_user_id()."'";
61
$database->query($query);
62
if($database->is_error()) {
63
	$admin->print_error($database->get_error);
64
} else {
65
	$admin->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED']);
66
}
67

  
68
// Print admin footer
69
$admin->print_footer();
70

  
71
?>
72 0

  
branches/2.8.x/wb/admin/preferences/save.php
1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         preferences
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.4.9 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19

  
20
// Print admin header
21
require('../../config.php');
22
require_once(WB_PATH.'/framework/class.admin.php');
23
$admin = new admin('Preferences');
24
$js_back = "javascript: history.go(-1);"; // Create a javascript back link
25

  
26
function save_preferences( &$admin, &$database)
27
{
28
	global $MESSAGE;
29
	$err_msg = array();
30
	$min_pass_length = 6;
31
// first check form-tan
32
	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['PAGES']['NOT_SAVED']; }
33
// Get entered values and validate all
34
	// remove any dangerouse chars from display_name
35
	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
36
	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
37
	// check that display_name is unique in whoole system (prevents from User-faking)
38
	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
39
	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
40
	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['USERNAME_TAKEN']; }
41
// language must be 2 upercase letters only
42
	$language         = strtoupper($admin->get_post('language'));
43
	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
44
// timezone must be between -12 and +13  or -20 as system_default
45
	$timezone         = $admin->get_post('timezone');
46
	$timezone         = (is_numeric($timezone) ? $timezone : -20);
47
	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
48
// date_format must be a key from /interface/date_formats
49
	$date_format      = $admin->get_post('date_format');
50
	$user_time = true;
51
	include( ADMIN_PATH.'/interface/date_formats.php' );
52
	$date_format = (array_key_exists($date_format, $DATE_FORMATS) ? $date_format :	$DATE_FORMATS['system_default']);
53
	$date_format = ($DATE_FORMATS['system_default'] == $date_format ? '' : $date_format);
54
	unset($DATE_FORMATS);
55
// time_format must be a key from /interface/time_formats	
56
	$time_format      = $admin->get_post('time_format');
57
	$user_time = true;
58
	include( ADMIN_PATH.'/interface/time_formats.php' );
59
	$time_format = (array_key_exists($time_format, $TIME_FORMATS) ? $time_format :	$TIME_FORMATS['system_default']);
60
	$time_format = ($TIME_FORMATS['system_default'] == $time_format ? '' : $time_format);
61
	unset($TIME_FORMATS);
62
// email should be validatet by core
63
	$email            = ( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
64
	if( !$admin->validate_email($email) )
65
	{
66
		$email = '';
67
		$err_msg[] = $MESSAGE['USERS']['INVALID_EMAIL'];
68
	}else {
69
	// check that email is unique in whoole system
70
		$email = $admin->add_slashes($email);
71
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
72
		$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
73
		if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS']['EMAIL_TAKEN']; }
74
	}
75
// receive password vars and calculate needed action
76
	$current_password = $admin->get_post('current_password');
77
	$current_password = ($current_password == null ? '' : $current_password);
78
	$new_password_1   = $admin->get_post('new_password_1');
79
	$new_password_1   = (($new_password_1 == null || $new_password_1 == '') ? '' : $new_password_1);
80
	$new_password_2   = $admin->get_post('new_password_2');
81
	$new_password_2   = (($new_password_2 == null || $new_password_2 == '') ? '' : $new_password_2);
82
	if($current_password == '')
83
	{
84
		$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
85
	}else {
86
	// if new_password is empty, still let current one
87
		if( $new_password_1 == '' )
88
		{
89
			$new_password_1 = $current_password;
90
			$new_password_2 = $current_password;
91
		}
92

  
93
	// is password lenght matching min_pass_lenght ?
94
		if( $new_password_1 != $current_password )
95
		{
96
			if( strlen($new_password_1) < $min_pass_length )
97
			{
98
				$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
99
			}
100
			$pattern = '/[^'.$admin->password_chars.']/';
101
			if( preg_match($pattern, $new_password_1) )
102
			{
103
				$err_msg[] = $MESSAGE['PREFERENCES']['INVALID_CHARS'];
104
			}
105
		}
106
	// is password lenght matching min_pass_lenght ?
107
		if( $new_password_1 != $current_password && strlen($new_password_1) < $min_pass_length )
108
		{
109
			$err_msg[] = $MESSAGE['USERS']['PASSWORD_TOO_SHORT'];
110
		}
111
	// password_1 matching password_2 ?
112
		if( $new_password_1 != $new_password_2 )
113
		{
114
			$err_msg[] = $MESSAGE['USERS']['PASSWORD_MISMATCH'];
115
		}
116
	}
117
	$current_password = md5($current_password);
118
	$new_password_1   = md5($new_password_1);
119
	$new_password_2   = md5($new_password_2);
120
// if no validation errors, try to update the database, otherwise return errormessages
121
	if(sizeof($err_msg) == 0)
122
	{
123
		$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
124
		$sql .= 'SET `display_name` = "'.$display_name.'", ';
125
		$sql .=     '`password` = "'.$new_password_1.'", ';
126
		$sql .=     '`email` = "'.$email.'", ';
127
		$sql .=     '`language` = "'.$language.'", ';
128
		$sql .=     '`timezone` = "'.$timezone.'", ';
129
		$sql .=     '`date_format` = "'.$date_format.'", ';
130
		$sql .=     '`time_format` = "'.$time_format.'" ';
131
		$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `password` = "'.$current_password.'"';
132
		if( $database->query($sql) )
133
		{
134
			$sql_info = mysql_info($database->db_handle);
135
			if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
136
			{  // if the user_id and password dosn't match
137
				$err_msg[] = $MESSAGE['PREFERENCES']['CURRENT_PASSWORD_INCORRECT'];
138
			}else {
139
				// update successfull, takeover values into the session
140
				$_SESSION['DISPLAY_NAME'] = $display_name;
141
				$_SESSION['LANGUAGE'] = $language;
142
				$_SESSION['TIMEZONE'] = $timezone;
143
				$_SESSION['EMAIL'] = $email;
144
				// Update date format
145
				if($date_format != '') {
146
					$_SESSION['DATE_FORMAT'] = $date_format;
147
					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
148
				} else {
149
					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
150
					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
151
				}
152
				// Update time format
153
				if($time_format != '') {
154
					$_SESSION['TIME_FORMAT'] = $time_format;
155
					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
156
				} else {
157
					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
158
					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
159
				}
160
			}
161
		}else {
162
			$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
163
		}
164
	}
165
	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
166
}
167
$retval = save_preferences($admin, $database);
168
if( $retval == '')
169
{
170
	$admin->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED']);
171
	$admin->print_footer();
172
}else {
173
	$admin->print_error($retval, $js_back);
174
}
175

  
176
?>
0 177

  
branches/2.8.x/wb/admin/preferences/index.php
1
<?php
2

  
3
/****************************************************************************
4
* SVN Version information:
5
*
6
* $Id$
7
*
8
*****************************************************************************
9
*
10
*****************************************************************************
11
*                          WebsiteBaker
12
*
13
* WebsiteBaker Project <http://www.websitebaker2.org/>
14
* Copyright (C) 2009, Website Baker Org. e.V.
15
*         http://start.websitebaker2.org/impressum-datenschutz.php
16
* Copyright (C) 2004-2009, Ryan Djurovich
17
*
18
*                        About WebsiteBaker
19
*
20
* Website Baker is a PHP-based Content Management System (CMS)
21
* designed with one goal in mind: to enable its users to produce websites
22
* with ease.
23
*
24
*****************************************************************************
25
*
26
*****************************************************************************
27
*                   WebsiteBaker Extra Information
28
*
29
* @author       : Ryan Djurovich, stefan, Matthias Gallas, thorn, Manuel Lang
30
* @platform     : WebsiteBaker 2.8
31
*
32
*****************************************************************************
33
*
34
*****************************************************************************
35
*                        LICENSE INFORMATION
36
*
37
* WebsiteBaker is free software; you can redistribute it and/or
38
* modify it under the terms of the GNU General Public License
39
* as published by the Free Software Foundation; either version 2
40
* of the License, or (at your option) any later version.
41
*
42
* WebsiteBaker is distributed in the hope that it will be useful,
43
* but WITHOUT ANY WARRANTY; without even the implied warranty of
44
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
45
* See the GNU General Public License for more details.
46
*
47
* You should have received a copy of the GNU General Public License
48
* along with this program; if not, write to the Free Software
49
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
50
*****************************************************************************/
51

  
52
require('../../config.php');
53
require_once(WB_PATH.'/framework/class.admin.php');
54
$admin = new admin('Preferences');
55

  
56
require_once(WB_PATH.'/framework/functions-utf8.php');
57

  
58
// Create new template object for the preferences form
59
$template = new Template(THEME_PATH.'/templates');
60
$template->set_file('page', 'preferences.htt');
61
$template->set_block('page', 'main_block', 'main');
62

  
63
// Get existing value from database
64
$database = new database();
65
$query = "SELECT display_name,email FROM ".TABLE_PREFIX."users WHERE user_id = '".$admin->get_user_id()."'";
66
$results = $database->query($query);
67
if($database->is_error()) {
68
	$admin->print_error($database->get_error(), 'index.php');
69
}
70
$details = $results->fetchRow();
71

  
72
// Insert values into form
73
$template->set_var('DISPLAY_NAME', $details['display_name']);
74
$template->set_var('EMAIL', $details['email']);
75

  
76
// Insert language values
77
$template->set_block('main_block', 'language_list_block', 'language_list');
78
$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'language' order by name");
79
if($result->numRows() > 0) {
80
	while($addon = $result->fetchRow()) {
81
		$l_codes[$addon['name']] = $addon['directory'];
82
		$l_names[$addon['name']] = entities_to_7bit($addon['name']); // sorting-problem workaround
83
	}
84
	asort($l_names);
85
	foreach($l_names as $l_name=>$v) {
86
		// Insert code and name
87
		$template->set_var(array(
88
								'CODE' => $l_codes[$l_name],
89
								'NAME' => $l_name,
90
								'FLAG' => THEME_URL.'/images/flags/'.strtolower($l_codes[$l_name]),
91
								));
92
		// Check if it is selected
93
		if(LANGUAGE == $l_codes[$l_name]) {
94
			$template->set_var('SELECTED', ' selected="selected"');
95
		} else {
96
			$template->set_var('SELECTED', '');
97
		}
98
		$template->parse('language_list', 'language_list_block', true);
99
	}
100
}
101

  
102
// Insert default timezone values
103
require(ADMIN_PATH.'/interface/timezones.php');
104
$template->set_block('main_block', 'timezone_list_block', 'timezone_list');
105
foreach($TIMEZONES AS $hour_offset => $title) {
106
	$template->set_var('VALUE', $hour_offset);
107
	$template->set_var('NAME', $title);
108
	if($admin->get_timezone() == $hour_offset*60*60) {
109
		$template->set_var('SELECTED', ' selected="selected"');
110
	} else {
111
		$template->set_var('SELECTED', '');
112
	}
113
	$template->parse('timezone_list', 'timezone_list_block', true);
114
}
115

  
116
// Insert date format list
117
$user_time = true;
118
require(ADMIN_PATH.'/interface/date_formats.php');
119
$template->set_block('main_block', 'date_format_list_block', 'date_format_list');
120
foreach($DATE_FORMATS AS $format => $title) {
121
	$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
122
	if($format != 'system_default') {
123
		$template->set_var('VALUE', $format);
124
	} else {
125
		$template->set_var('VALUE', '');
126
	}
127
	$template->set_var('NAME', $title);
128
	if(DATE_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
129
		$template->set_var('SELECTED', ' selected="selected"');
130
	} elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
131
		$template->set_var('SELECTED', ' selected="selected"');
132
	} else {
133
		$template->set_var('SELECTED', '');
134
	}
135
	$template->parse('date_format_list', 'date_format_list_block', true);
136
}
137

  
138
// Insert time format list
139
require(ADMIN_PATH.'/interface/time_formats.php');
140
$template->set_block('main_block', 'time_format_list_block', 'time_format_list');
141
foreach($TIME_FORMATS AS $format => $title) {
142
	$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
143
	if($format != 'system_default') {
144
		$template->set_var('VALUE', $format);
145
	} else {
146
		$template->set_var('VALUE', '');
147
	}
148
	$template->set_var('NAME', $title);
149
	if(TIME_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
150
		$template->set_var('SELECTED', ' selected="selected"');
151
	} elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
152
		$template->set_var('SELECTED', ' selected="selected"');
153
	} else {
154
		$template->set_var('SELECTED', '');
155
	}
156
	$template->parse('time_format_list', 'time_format_list_block', true);
157
}
158

  
159
// Insert language headings
160
$template->set_var(array(
161
								'HEADING_MY_SETTINGS' => $HEADING['MY_SETTINGS'],
162
								'HEADING_MY_EMAIL' => $HEADING['MY_EMAIL'],
163
								'HEADING_MY_PASSWORD' => $HEADING['MY_PASSWORD']
164
								)
165
						);
166
// insert urls
167
$template->set_var(array(
168
								'ADMIN_URL' => ADMIN_URL,
169
								'WB_URL' => WB_URL,
170
								'WB_PATH' => WB_PATH,
171
								'THEME_URL' => THEME_URL
172
								)
173
						);
174
// Insert language text and messages
175
$template->set_var(array(
176
								'TEXT_SAVE' => $TEXT['SAVE'],
177
								'TEXT_RESET' => $TEXT['RESET'],
178
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
179
								'TEXT_EMAIL' => $TEXT['EMAIL'],
180
								'TEXT_LANGUAGE' => $TEXT['LANGUAGE'],
181
								'TEXT_TIMEZONE' => $TEXT['TIMEZONE'],
182
								'TEXT_DATE_FORMAT' => $TEXT['DATE_FORMAT'],
183
								'TEXT_TIME_FORMAT' => $TEXT['TIME_FORMAT'],
184
								'TEXT_CURRENT_PASSWORD' => $TEXT['CURRENT_PASSWORD'],
185
								'TEXT_NEW_PASSWORD' => $TEXT['NEW_PASSWORD'],
186
								'TEXT_RETYPE_NEW_PASSWORD' => $TEXT['RETYPE_NEW_PASSWORD'],
187
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT']
188
								)
189
						);
190

  
191
// Parse template for preferences form
192
$template->parse('main', 'main_block', false);
193
$template->pparse('output', 'page');
194

  
195
$admin->print_footer();
196

  
1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         preferences
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.4.9 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
// prevent this file from being accessed directly
20
//if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
21
//Workaround if this is first page (WBAdmin in use)
22

  
23
// put all inside a function to prevent global vars
24
function build_page( &$admin, &$database )
25
{
26
	include_once(WB_PATH.'/framework/functions-utf8.php');
27
// Create new template object, assign template file, start main-block
28
	$template = new Template( THEME_PATH.'/templates' );
29
	$template->set_file( 'page', 'preferences.htt' );
30
	$template->set_block( 'page', 'main_block', 'main' );
31
// read user-info from table users and assign it to template
32
	$sql  = 'SELECT `display_name`, `username`, `email` FROM `'.TABLE_PREFIX.'users` ';
33
	$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id();
34
	if( $res_user = $database->query($sql) )
35
	{
36
		if( $rec_user = $res_user->fetchRow() )
37
		{
38
			$template->set_var('DISPLAY_NAME', $rec_user['display_name']);
39
			$template->set_var('USERNAME',     $rec_user['username']);
40
			$template->set_var('EMAIL',        $rec_user['email']);
41
			$template->set_var('ADMIN_URL',    ADMIN_URL);
42
		}
43
	}
44
// read available languages from table addons and assign it to the template
45
	$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';
46
	$sql .= 'WHERE `type` = "language" ORDER BY `directory`';
47
	if( $res_lang = $database->query($sql) )
48
	{
49
		$template->set_block('main_block', 'language_list_block', 'language_list');
50
		while( $rec_lang = $res_lang->fetchRow() )
51
		{
52
			$template->set_var('CODE',        $rec_lang['directory']);
53
			$template->set_var('NAME',        $rec_lang['name']);
54
			$template->set_var('FLAG',        THEME_URL.'/images/flags/'.strtolower($rec_lang['directory']));
55
			$template->set_var('SELECTED',    (LANGUAGE == $rec_lang['directory'] ? ' selected="selected"' : '') );
56
			$template->parse('language_list', 'language_list_block', true);
57
		}
58
	}
59
// Insert default timezone values
60
	include_once( ADMIN_PATH.'/interface/timezones.php' );
61
	$template->set_block('main_block', 'timezone_list_block', 'timezone_list');
62
	foreach( $TIMEZONES AS $hour_offset => $title )
63
	{
64
		$template->set_var('VALUE',    $hour_offset);
65
		$template->set_var('NAME',     $title);
66
		$template->set_var('SELECTED', ($admin->get_timezone() == ($hour_offset * 3600) ? ' selected="selected"' : '') );
67
		$template->parse('timezone_list', 'timezone_list_block', true);
68
	}
69
// Insert date format list
70
	$user_time = true;
71
	include_once( ADMIN_PATH.'/interface/date_formats.php' );
72
	$template->set_block('main_block', 'date_format_list_block', 'date_format_list');
73
	foreach( $DATE_FORMATS AS $format => $title )
74
	{
75
		$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
76
		$template->set_var( 'VALUE', ($format != 'system_default' ? $format : 'system_default') );
77
		$template->set_var( 'NAME',  $title );
78
		if( (DATE_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) OR
79
			('system_default' == $format AND isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) )
80
		{
81
			$template->set_var('SELECTED', ' selected="selected"');
82
		}else {
83
			$template->set_var('SELECTED', '');
84
		}
85
		$template->parse('date_format_list', 'date_format_list_block', true);
86
	}
87
// Insert time format list
88
	include_once( ADMIN_PATH.'/interface/time_formats.php' );
89
	$template->set_block('main_block', 'time_format_list_block', 'time_format_list');
90
	foreach( $TIME_FORMATS AS $format => $title )
91
	{
92
		$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
93
		$template->set_var('VALUE', $format != 'system_default' ? $format : '' );
94
		$template->set_var('NAME',  $title);
95
		if( (TIME_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) OR
96
		    ('system_default' == $format AND isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) )
97
		{
98
			$template->set_var('SELECTED', ' selected="selected"');
99
		} else {
100
			$template->set_var('SELECTED', '');
101
		}
102
		$template->parse('time_format_list', 'time_format_list_block', true);
103
	}
104

  
105
// assign systemvars to template
106
	$template->set_var(array( 'ADMIN_URL'  => ADMIN_URL,
107
	                          'WB_URL'     => WB_URL,
108
                              'WB_PATH'    => WB_PATH,
109
                              'THEME_URL'  => THEME_URL,
110
		                      'ACTION_URL' => ADMIN_URL.'/preferences/save.php'
111
                            )
112
                      );
113
	$template->set_var('FTAN', $admin->getFTAN());
114
	$template->set_var('FORM_NAME', 'preferences_save');
115
// assign language vars
116
	global $HEADING, $TEXT;
117
	$template->set_var(array( 'HEADING_MY_SETTINGS'      => $HEADING['MY_SETTINGS'],
118
                              'HEADING_MY_EMAIL'         => $HEADING['MY_EMAIL'],
119
                              'HEADING_MY_PASSWORD'      => $HEADING['MY_PASSWORD'],
120
                              'TEXT_SAVE'                => $TEXT['SAVE'],
121
                              'TEXT_RESET'               => $TEXT['RESET'],
122
                              'TEXT_DISPLAY_NAME'        => $TEXT['DISPLAY_NAME'],
123
                              'TEXT_USERNAME'            => $TEXT['USERNAME'],
124
                              'TEXT_EMAIL'               => $TEXT['EMAIL'],
125
                              'TEXT_LANGUAGE'            => $TEXT['LANGUAGE'],
126
                              'TEXT_TIMEZONE'            => $TEXT['TIMEZONE'],
127
                              'TEXT_DATE_FORMAT'         => $TEXT['DATE_FORMAT'],
128
                              'TEXT_TIME_FORMAT'         => $TEXT['TIME_FORMAT'],
129
                              'TEXT_CURRENT_PASSWORD'    => $TEXT['CURRENT_PASSWORD'],
130
                              'TEXT_NEW_PASSWORD'        => $TEXT['NEW_PASSWORD'],
131
                              'TEXT_RETYPE_NEW_PASSWORD' => $TEXT['RETYPE_NEW_PASSWORD'],
132
	                          'EMPTY_STRING'             => ''
133
                            )
134
                      );
135
// Parse template for preferences form
136
	$template->parse('main', 'main_block', false);
137
	$output = $template->finish($template->parse('output', 'page'));
138
	return $output;
139
}
140
// test if valid $admin-object already exists (bit complicated about PHP4 Compatibility)
141
if( !(isset($admin) && is_object($admin) && (get_class($admin) == 'admin')) )
142
{
143
    require( '../../config.php' );
144
	require_once( WB_PATH.'/framework/class.admin.php' );
145
	$admin = new admin('Preferences');
146
}
147
echo build_page($admin, $database);
148
$admin->print_footer();
149

  
197 150
?>
198 151

  
branches/2.8.x/wb/framework/class.wb.php
26 26

  
27 27
class wb
28 28
{
29

  
30
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
29 31
	// General initialization function 
30 32
	// performed when frontend or backend is loaded.
31 33
	function wb() {
32 34
	}
33 35

  
36

  
34 37
	// Check whether a page is visible or not.
35 38
	// This will check page-visibility and user- and group-rights.
36 39
	/* page_is_visible() returns
......
278 281
 *
279 282
 * requirements: an active session must be available
280 283
 */
281
	public function getFTAN( $asTAG = true)
284
	public function getFTAN( $as_tag = true)
282 285
	{
283 286
		if(function_exists('microtime'))
284 287
		{
285 288
			list($usec, $sec) = explode(" ", microtime());
286
			$time = ((float)$usec + (float)$sec);
289
			$time = (string)((float)$usec + (float)$sec);
287 290
		}else{
288
			$time = time();
291
			$time = (string)time();
289 292
		}
290
		$ftan = md5(((string)$time).$_SERVER['SERVER_ADDR']);
293
		$salt  = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '');
294
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '');
295
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '');
296
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');
297
		$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : '');
298
		$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
299
		$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '');
300
		$salt  = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice';
301
		$ftan = md5($time.$salt);
291 302
		$_SESSION['FTAN'] = $ftan;
292 303
		$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
293 304
		$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
294
		if($asTAG == true)
305
		if($as_tag == true)
295 306
		{
296 307
			return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />';
297 308
		}else{
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff