Project

General

Profile

1 1425 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         preferences
6
 * @author          WebsiteBaker Project
7 1569 darkviper
 * @copyright       2009-2012, Website Baker Org. e.V.
8 1425 Luisehahne
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
19
// Print admin header
20
require('../../config.php');
21
require_once(WB_PATH.'/framework/class.admin.php');
22 1457 Luisehahne
// suppress to print the header, so no new FTAN will be set
23
$admin = new admin('Preferences','start', false);
24 1425 Luisehahne
25
function save_preferences( &$admin, &$database)
26
{
27
	global $MESSAGE;
28
	$err_msg = array();
29 1569 darkviper
	$iMinPassLength = 6;
30 1425 Luisehahne
// first check form-tan
31
	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
32
// Get entered values and validate all
33
	// remove any dangerouse chars from display_name
34
	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
35
	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
36
	// check that display_name is unique in whoole system (prevents from User-faking)
37
	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
38
	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
39 1569 darkviper
	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN']; }
40 1425 Luisehahne
// language must be 2 upercase letters only
41
	$language         = strtoupper($admin->get_post('language'));
42
	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
43
// timezone must be between -12 and +13  or -20 as system_default
44
	$timezone         = $admin->get_post('timezone');
45
	$timezone         = (is_numeric($timezone) ? $timezone : -20);
46
	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
47
// date_format must be a key from /interface/date_formats
48
	$date_format      = $admin->get_post('date_format');
49
	$date_format_key  = str_replace(' ', '|', $date_format);
50
	$user_time = true;
51
	include( ADMIN_PATH.'/interface/date_formats.php' );
52
	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
53
	$date_format = ($date_format == 'system_default' ? '' : $date_format);
54
	unset($DATE_FORMATS);
55 1782 Luisehahne
// time_format must be a key from /interface/time_formats
56 1425 Luisehahne
	$time_format      = $admin->get_post('time_format');
57
	$time_format_key  = str_replace(' ', '|', $time_format);
58
	$user_time = true;
59
	include( ADMIN_PATH.'/interface/time_formats.php' );
60
	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
61
	$time_format = ($time_format == 'system_default' ? '' : $time_format);
62
	unset($TIME_FORMATS);
63
// email should be validatet by core
64 1463 Luisehahne
	$email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
65 1425 Luisehahne
	if( !$admin->validate_email($email) )
66
	{
67
		$email = '';
68 1569 darkviper
		$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
69 1425 Luisehahne
	}else {
70 1463 Luisehahne
		if($email != '') {
71
		// check that email is unique in whoole system
72
			$email = $admin->add_slashes($email);
73
			$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
74
			$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
75 1569 darkviper
			if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
76 1463 Luisehahne
		}
77 1425 Luisehahne
	}
78
// receive password vars and calculate needed action
79 1569 darkviper
	$sCurrentPassword = $admin->get_post('current_password');
80
	$sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword);
81
	$sNewPassword = $admin->get_post('new_password_1');
82
	$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
83
	$sNewPasswordRetyped = $admin->get_post('new_password_2');
84
	$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
85
// Check existing password
86
	$sql  = 'SELECT `password` ';
87
	$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
88
	$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
89
	if (md5($sCurrentPassword) != $database->get_one($sql)) {
90
// access denied
91
		$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
92 1425 Luisehahne
	}else {
93 1569 darkviper
// validate new password
94
		$sPwHashNew = false;
95
		if($sNewPassword != '') {
96
			if(strlen($sNewPassword) < $iMinPassLength) {
97
				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
98
			}else {
99
				if($sNewPassword != $sNewPasswordRetyped) {
100
					$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
101
				}else {
102
					$pattern = '/[^'.$admin->password_chars.']/';
103
					if (preg_match($pattern, $sNewPassword)) {
104
						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
105
					}else {
106
						$sPwHashNew = md5($sNewPassword);
107
					}
108
				}
109
			}
110 1425 Luisehahne
		}
111 1569 darkviper
// if no validation errors, try to update the database, otherwise return errormessages
112
		if(sizeof($err_msg) == 0)
113 1425 Luisehahne
		{
114 1569 darkviper
			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
115
			$sql .= 'SET `display_name`=\''.$display_name.'\', ';
116
			if($sPwHashNew) {
117
				$sql .=     '`password`=\''.$sPwHashNew.'\', ';
118 1425 Luisehahne
			}
119 1569 darkviper
			if($email != '') {
120
				$sql .=     '`email`=\''.$email.'\', ';
121
			}
122
			$sql .=     '`language`=\''.$language.'\', ';
123
			$sql .=     '`timezone`=\''.$timezone.'\', ';
124
			$sql .=     '`date_format`=\''.$date_format.'\', ';
125
			$sql .=     '`time_format`=\''.$time_format.'\' ';
126
			$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
127
			if( $database->query($sql) )
128 1425 Luisehahne
			{
129
				// update successfull, takeover values into the session
130
				$_SESSION['DISPLAY_NAME'] = $display_name;
131
				$_SESSION['LANGUAGE'] = $language;
132
				$_SESSION['TIMEZONE'] = $timezone;
133
				$_SESSION['EMAIL'] = $email;
134
				// Update date format
135
				if($date_format != '') {
136
					$_SESSION['DATE_FORMAT'] = $date_format;
137
					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
138
				} else {
139
					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
140
					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
141
				}
142
				// Update time format
143
				if($time_format != '') {
144
					$_SESSION['TIME_FORMAT'] = $time_format;
145
					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
146
				} else {
147
					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
148
					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
149
				}
150 1569 darkviper
			}else {
151
				$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
152 1425 Luisehahne
			}
153
		}
154
	}
155
	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
156
}
157
$retval = save_preferences($admin, $database);
158
if( $retval == '')
159
{
160 1467 Luisehahne
	// print the header
161
	$admin->print_header();
162 1569 darkviper
	$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);
163 1425 Luisehahne
	$admin->print_footer();
164
}else {
165 1467 Luisehahne
	// print the header
166
	$admin->print_header();
167 1425 Luisehahne
	$admin->print_error($retval);
168
}