/branches/2.8.x/wb/account/preferences_form.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1777

Added by Dietmar over 11 years ago

+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates

     <?php
     /**
+     *
      * @category        frontend
      * @package         account
      * @author          WebsiteBaker Project
      * @copyright       2009-2012, WebsiteBaker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
      * @platform        WebsiteBaker 2.8.x
      * @requirements    PHP 5.2.2 and higher
      * @version         $Id$
      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
      */
+    *
     * @category        frontend
     * @package         account
     * @author          WebsiteBaker Project
     * @copyright       2009-2012, WebsiteBaker Org. e.V.
     * @link			http://www.websitebaker2.org/
     * @license         http://www.gnu.org/licenses/gpl.html
     * @platform        WebsiteBaker 2.8.x
     * @requirements    PHP 5.2.2 and higher
     * @version         $Id$
     * @filesource		$HeadURL$
     * @lastmodified    $Date$
+    *
     */
     /* -------------------------------------------------------- */
     // Must include code to stop this file being accessed directly
     if(defined('WB_PATH') == false)
+    {
     	// Stop this file being access directly
     		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
     if(!defined('WB_PATH')) {
     require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
     throw new IllegalFileException();
+    }
     /* -------------------------------------------------------- */
     	if($wb->is_authenticated() === false) {
     if($wb->is_authenticated() === false) {
     // User needs to login first
     		header("Location: ".WB_URL."/account/login.php?redirect=".$wb->link);
     		exit(0);
+    	}
     header("Location: ".WB_URL."/account/login.php?redirect=".$wb->link);
     exit(0);
+    }
     // load module default language file (EN)
     	require_once(WB_PATH .'/account/languages/EN.php');
     require_once(WB_PATH .'/account/languages/EN.php');
     // check for user defined language file, load it and override EN-Settings with
     	if(file_exists(WB_PATH .'/account/languages/' .LANGUAGE .'.php')) {
     		require_once(WB_PATH .'/account/languages/' .LANGUAGE .'.php');
+    	}
     	require_once(WB_PATH.'/framework/functions-utf8.php');
     if(file_exists(WB_PATH .'/account/languages/' .LANGUAGE .'.php')) {
     require_once(WB_PATH .'/account/languages/' .LANGUAGE .'.php');
+    }
     require_once(WB_PATH.'/framework/functions-utf8.php');
     //	echo '<style type="text/css">';
     //	include(WB_PATH .'/account/frontend.css');
     //	echo "\n</style>\n";
     	$user_time = true;
     	require(ADMIN_PATH.'/interface/timezones.php');
     	require(ADMIN_PATH.'/interface/date_formats.php');
     	require(ADMIN_PATH.'/interface/time_formats.php');
     	$error = array();
     	$success = array();
     	$template = new Template(WB_PATH .'/account/htt','keep');
     $user_time = true;
     require(ADMIN_PATH.'/interface/timezones.php');
     require(ADMIN_PATH.'/interface/date_formats.php');
     require(ADMIN_PATH.'/interface/time_formats.php');
     $error = array();
     $success = array();
     $template = new Template(WB_PATH .'/account/htt','keep');
     	switch($wb->get_post('action')):
     		case 'details':
     			require_once(WB_PATH .'/account/details.php');
     			break;
     		case 'email':
     			require_once(WB_PATH .'/account/email.php');
     switch($wb->get_post('action')):
     case 'details':
     require_once(WB_PATH .'/account/details.php');
     break;
     case 'email':
     require_once(WB_PATH .'/account/email.php');
     			break;
     		case 'password':
     			require_once(WB_PATH .'/account/password.php');
     			break;
     		default:
     			// do nothing
     	endswitch; // switch
     break;
     case 'password':
     require_once(WB_PATH .'/account/password.php');
     break;
     default:
     // do nothing
     endswitch; // switch
     // show template
     	$template->set_file('page', 'preferences.htt');
     	$template->set_block('page', 'main_block', 'main');
     $template->set_file('page', 'preferences.htt');
     $template->set_block('page', 'main_block', 'main');
     // get existing values from database
     	$sql = "SELECT `display_name`,`email` FROM ".TABLE_PREFIX."users WHERE `user_id` = '".$wb->get_user_id()."'";
     	$rowset = $database->query($sql);
     	if($database->is_error()) $error[] = $database->get_error();
     	$row = $rowset->fetchRow();
     $sql = "SELECT `display_name`,`email` FROM ".TABLE_PREFIX."users WHERE `user_id` = '".$wb->get_user_id()."'";
     $rowset = $database->query($sql);
     if($database->is_error()) $error[] = $database->get_error();
     $row = $rowset->fetchRow();
     // insert values into form
     	$template->set_var('DISPLAY_NAME', $row['display_name']);
     	$template->set_var('EMAIL', $row['email']);
     $template->set_var('DISPLAY_NAME', $row['display_name']);
     $template->set_var('EMAIL', $row['email']);
     $template->set_var('ACTION_URL', WB_URL.'/account/preferences.php');
     // read available languages from table addons and assign it to the template
     	$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';
     	$sql .= 'WHERE `type` = \'language\' ORDER BY `directory`';
     	if( $res_lang = $database->query($sql) )
+    	{
     		$template->set_block('main_block', 'language_list_block', 'language_list');
     		while( $rec_lang = $res_lang->fetchRow() )
+    		{
     	        $langIcons = (empty($rec_lang['directory'])) ? 'none' : strtolower($rec_lang['directory']);
     			$template->set_var('CODE',        $rec_lang['directory']);
     			$template->set_var('NAME',        $rec_lang['name']);
     			$template->set_var('FLAG',        THEME_URL.'/images/flags/'.$langIcons);
     			$template->set_var('SELECTED',    (LANGUAGE == $rec_lang['directory'] ? ' selected="selected"' : '') );
     			$template->parse('language_list', 'language_list_block', true);
+    		}
+    	}
     $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';
     $sql .= 'WHERE `type` = \'language\' ORDER BY `directory`';
     if( $res_lang = $database->query($sql) )
+    {
         $template->set_block('main_block', 'language_list_block', 'language_list');
         while( $rec_lang = $res_lang->fetchRow() )
+        {
             $langIcons = (empty($rec_lang['directory'])) ? 'none' : strtolower($rec_lang['directory']);
             $template->set_var('CODE',        $rec_lang['directory']);
             $template->set_var('NAME',        $rec_lang['name']);
             $template->set_var('FLAG',        THEME_URL.'/images/flags/'.$langIcons);
             $template->set_var('SELECTED',    ($wb->get_session('LANGUAGE') == $rec_lang['directory'] ? ' selected="selected"' : '') );
             $template->parse('language_list', 'language_list_block', true);
+        }
+    }
     // Insert default timezone values
     	$template->set_block('main_block', 'timezone_list_block', 'timezone_list');
     	foreach($TIMEZONES AS $hour_offset => $title) {
     		$template->set_var('VALUE', $hour_offset);
     		$template->set_var('NAME', $title);
     		if($wb->get_timezone() == $hour_offset*3600) {
     			$template->set_var('SELECTED', 'selected="selected"');
     		} else {
     			$template->set_var('SELECTED', '');
+    		}
     		$template->parse('timezone_list', 'timezone_list_block', true);
+    	}
     $template->set_block('main_block', 'timezone_list_block', 'timezone_list');
     foreach($TIMEZONES AS $hour_offset => $title) {
         $template->set_var('VALUE', $hour_offset);
         $template->set_var('NAME', $title);
         if($wb->get_timezone() == $hour_offset*3600) {
             $template->set_var('SELECTED', 'selected="selected"');
         } else {
             $template->set_var('SELECTED', '');
+        }
         $template->parse('timezone_list', 'timezone_list_block', true);
+    }
     // Insert date format list
     	$template->set_block('main_block', 'date_format_list_block', 'date_format_list');
     	foreach($DATE_FORMATS AS $format => $title) {
     		$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
     		if($format != 'system_default') {
     			$template->set_var('VALUE', $format);
     		} else {
     			$template->set_var('VALUE', '');
+    		}
     		$template->set_var('NAME', $title);
     		if(DATE_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
     			$template->set_var('SELECTED', 'selected="selected"');
     		} elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
     			$template->set_var('SELECTED', 'selected="selected"');
     		} else {
     			$template->set_var('SELECTED', '');
+    		}
     		$template->parse('date_format_list', 'date_format_list_block', true);
+    	}
     $template->set_block('main_block', 'date_format_list_block', 'date_format_list');
     foreach($DATE_FORMATS AS $format => $title)
+    {
         $format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
         if($format != 'system_default') {
             $template->set_var('VALUE', $format);
         } else {
             $template->set_var('VALUE', '');
+        }
         $template->set_var('NAME', $title);
         if($wb->get_session('DATE_FORMAT') == $format AND !isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
             $template->set_var('SELECTED', 'selected="selected"');
         } elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
             $template->set_var('SELECTED', 'selected="selected"');
         } else {
             $template->set_var('SELECTED', '');
+        }
         $template->parse('date_format_list', 'date_format_list_block', true);
+    }
     // Insert time format list
     	$template->set_block('main_block', 'time_format_list_block', 'time_format_list');
     	foreach($TIME_FORMATS AS $format => $title) {
     		$format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
     		if($format != 'system_default') {
     			$template->set_var('VALUE', $format);
     		} else {
     			$template->set_var('VALUE', '');
+    		}
     		$template->set_var('NAME', $title);
     		if(TIME_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
     			$template->set_var('SELECTED', 'selected="selected"');
     		} elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
     			$template->set_var('SELECTED', 'selected="selected"');
     		} else {
     			$template->set_var('SELECTED', '');
+    		}
     		$template->parse('time_format_list', 'time_format_list_block', true);
+    	}
     $template->set_block('main_block', 'time_format_list_block', 'time_format_list');
     foreach($TIME_FORMATS AS $format => $title)
+    {
         $format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
         if($format != 'system_default') {
             $template->set_var('VALUE', $format);
         } else {
             $template->set_var('VALUE', '');
+        }
         $template->set_var('NAME', $title);
         if($wb->get_session('TIME_FORMAT') == $format AND !isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
             $template->set_var('SELECTED', 'selected="selected"');
         } elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
             $template->set_var('SELECTED', 'selected="selected"');
         } else {
         $template->set_var('SELECTED', '');
+        }
         $template->parse('time_format_list', 'time_format_list_block', true);
+    }
     // Insert language headings
     	$template->set_var(array(
     			'HEADING_MY_SETTINGS' => $HEADING['MY_SETTINGS'],
     			'HEADING_MY_EMAIL'    => $HEADING['MY_EMAIL'],
     			'HEADING_MY_PASSWORD' => $HEADING['MY_PASSWORD']
+    			)
     	);
     $template->set_var(array(
     'HEADING_MY_SETTINGS' => $HEADING['MY_SETTINGS'],
     'HEADING_MY_EMAIL'    => $HEADING['MY_EMAIL'],
     'HEADING_MY_PASSWORD' => $HEADING['MY_PASSWORD']
+    )
     );
     // Insert language text and messages
     	$template->set_var(array(
     			'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
     			'TEXT_SAVE'	=> $TEXT['SAVE'],
     			'TEXT_RESET' => $TEXT['RESET'],
     			'TEXT_CANCEL' => $TEXT['CANCEL'],
     			'TEXT_DISPLAY_NAME'	=> $TEXT['DISPLAY_NAME'],
     			'TEXT_EMAIL' => $TEXT['EMAIL'],
     			'TEXT_LANGUAGE' => $TEXT['LANGUAGE'],
     			'TEXT_TIMEZONE' => $TEXT['TIMEZONE'],
     			'TEXT_DATE_FORMAT' => $TEXT['DATE_FORMAT'],
     			'TEXT_TIME_FORMAT' => $TEXT['TIME_FORMAT'],
     			'TEXT_CURRENT_PASSWORD' => $TEXT['CURRENT_PASSWORD'],
     			'TEXT_NEW_PASSWORD' => $TEXT['NEW_PASSWORD'],
     			'TEXT_RETYPE_NEW_PASSWORD' => $TEXT['RETYPE_NEW_PASSWORD']
+    			)
     	);
     $template->set_var(array(
         'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
         'TEXT_SAVE'	=> $TEXT['SAVE'],
         'TEXT_RESET' => $TEXT['RESET'],
         'TEXT_CANCEL' => $TEXT['CANCEL'],
         'TEXT_DISPLAY_NAME'	=> $TEXT['DISPLAY_NAME'],
         'TEXT_EMAIL' => $TEXT['EMAIL'],
         'TEXT_LANGUAGE' => $TEXT['LANGUAGE'],
         'TEXT_TIMEZONE' => $TEXT['TIMEZONE'],
         'TEXT_DATE_FORMAT' => $TEXT['DATE_FORMAT'],
         'TEXT_TIME_FORMAT' => $TEXT['TIME_FORMAT'],
         'TEXT_CURRENT_PASSWORD' => $TEXT['CURRENT_PASSWORD'],
         'TEXT_NEW_PASSWORD' => $TEXT['NEW_PASSWORD'],
         'TEXT_RETYPE_NEW_PASSWORD' => $TEXT['RETYPE_NEW_PASSWORD']
+        )
     );
     // Insert module releated language text and messages
     	$template->set_var(array(
     			'MOD_PREFERENCE_PLEASE_SELECT'  => $MOD_PREFERENCE['PLEASE_SELECT'],
     			'MOD_PREFERENCE_SAVE_SETTINGS'  => $MOD_PREFERENCE['SAVE_SETTINGS'],
     			'MOD_PREFERENCE_SAVE_EMAIL'     => $MOD_PREFERENCE['SAVE_EMAIL'],
     			'MOD_PREFERENCE_SAVE_PASSWORD'  => $MOD_PREFERENCE['SAVE_PASSWORD'],
+    			)
     	);
     $template->set_var(array(
         'MOD_PREFERENCE_PLEASE_SELECT'  => $MOD_PREFERENCE['PLEASE_SELECT'],
         'MOD_PREFERENCE_SAVE_SETTINGS'  => $MOD_PREFERENCE['SAVE_SETTINGS'],
         'MOD_PREFERENCE_SAVE_EMAIL'     => $MOD_PREFERENCE['SAVE_EMAIL'],
         'MOD_PREFERENCE_SAVE_PASSWORD'  => $MOD_PREFERENCE['SAVE_PASSWORD'],
+        )
     );
     // Insert error and/or success messages
     	$template->set_block('main_block', 'error_block', 'error_list');
     	$template->set_var('ERROR_VALUE', '');
     	if(sizeof($error)>0){
     		$template->set_var('ERROR_VALUE', $wb->format_message(implode('<br />',$error),'error'));
     		$template->parse('error_list', 'error_block', true);
     	} else {
     		$template->parse('error_list', '');
+    	}
     $template->set_block('main_block', 'error_block', 'error_list');
     $template->set_var('ERROR_VALUE', '');
     if(sizeof($error)>0){
         $template->set_var('ERROR_VALUE', $wb->format_message(implode('<br />',$error),'error'));
         $template->parse('error_list', 'error_block', true);
     } else {
         $template->parse('error_list', '');
+    }
     	$template->set_block('main_block', 'success_block', 'success_list');
     	$template->set_var('SUCCESS_VALUE', '');
     	if(sizeof($success)!=0){
     			$template->set_var('SUCCESS_VALUE', $wb->format_message(implode('<br />',$success),'ok'));
     			$template->parse('success_list', 'success_block', true);
     	} else {
     		$template->parse('success_list', '');
+    	}
     $template->set_block('main_block', 'success_block', 'success_list');
     $template->set_var('SUCCESS_VALUE', '');
     if(sizeof($success)!=0){
         $template->set_var('SUCCESS_VALUE', $wb->format_message(implode('<br />',$success),'ok'));
         $template->parse('success_list', 'success_block', true);
     } else {
         $template->parse('success_list', '');
+    }
     // Parse template for preferences form
     	$template->parse('main', 'main_block', false);
     	$template->pparse('output', 'page');
     $template->parse('main', 'main_block', false);
     $template->pparse('output', 'page');

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1777

Added by Dietmar over 11 years ago