/ - Diff - WB 2.08.x - Tracking

 Nov-2012 Build 1804 Dietmar Woellbrink (Luisehahne)
     # fixed Illegal string offset 'time' in \framework\SecureForm.mtab.php
     ! add delete Outdated Confirmations in backend
     ! show waiting Activations if exists in user management
     # fixed html validaton errors in user management
     ! security fixes in admin/preferences/
     ! update form modul, change text "unknown#" to "Guest"
       in view_submission and emailheader email_fromname
 Nov-2012 Build 1803 Dietmar Woellbrink (Luisehahne)
     ! update submission form with designer friendly css classes
 Oct-2012 Build 1802 Dietmar Woellbrink (Luisehahne)

+     *
      * @category        admin
      * @package         start
      * @author          Ryan Djurovich, WebsiteBaker Project
      * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
      * @copyright       2009-2012, WebsiteBaker Org. e.V.
      * @link			http://www.websitebaker2.org/
      * @license         http://www.gnu.org/licenses/gpl.html
-...
     //$regex = "/(pages)+[a-z]*[_]([a-z_0-9]+)[^,]/im";
     //preg_match_all ($regex, $string, $output);
     //
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $config_file = realpath('../../config.php');
     if(file_exists($config_file) && !defined('WB_URL'))
+    {
     	require_once($config_file);
+    }
     if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
     $admin = new admin('Start','start');
     // ---------------------------------------
     //	$database = WbDatabase::getInstance();
-...
+    	}
+    }
     /**
      * delete Outdated Confirmations
      */
     $sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
     WbDatabase::getInstance()->query($sql);
     // ---------------------------------------
     // Setup template object, parse vars to it, then parse it
     // Create new template object

     {FTAN}
     <button type="button" name="status" title="{TEXT_USERS}" style="width: 30px; background: {STATUS_ICON} no-repeat center" value="{USER_STATUS}" onclick="javascript: window.location = 'index.php?status={USER_STATUS}';" class="status {DISPLAY_MODIFY}" >&nbsp;</button>
     <select name="user_id" style="width: 500px;">
     <select name="user_id" class="user-list" style="width: 500px;">
     <!-- BEGIN list_block -->
     	<option value="{VALUE}" {STATUS}>{NAME}</option>
     <!-- END list_block -->
-...
     <input type="submit" name="modify" style="width: 100px;" value="{TEXT_MODIFY}" class="{DISPLAY_MODIFY}" />
     <input type="submit" name="delete" style="width: 100px;" value="{TEXT_DELETE}" onclick="return confirm('{CONFIRM_DELETE}');" class="{DISPLAY_DELETE}" />
     <!-- BEGIN show_confirmed_activation_block -->
     <h3 class="bold">{DISPLAY_WAITING_ACTIVATION}</h3>
          <select name="user_id_activation_id" class="user-activation" style="width: 500px; margin-left: 34px;">
         <!-- BEGIN list_confirmed_activation_block -->
         	<option value="{VALUE}" {STATUS}>{NAME}</option>
         <!-- END list_confirmed_activation_block -->
         </select>
         <input type="submit" name="delete_outdated" style="width: 100px;" value="{TEXT_DELETE}" onclick="return confirm('{CONFIRM_DELETE}');" class="{DISPLAY_DELETE}" />
     <!-- END show_confirmed_activation_block -->
     </form>
     <br />
     <h2 style="margin-top: 20px;" class="{DISPLAY_ADD} left">{HEADING_ADD_USER}</h2>
     <h3 class="bold {DISPLAY_ADD}" style="margin-top: 20px;">{HEADING_ADD_USER}</h3>
     </div>
     <!-- END main_block -->

     	</td>
     </tr>
     <tr style="{DISPLAY_EXTRA}">
     	<td class="right">&nbsp;</td>
     	<td style="font-size: 10px;">
     		{CHANGING_PASSWORD}
     	<td colspan="2" style="">
     		<div class="warning value_input" style="max-width:700px; margin-right: 20%; float: right;">{CHANGING_PASSWORD}</div>
     	</td>
     </tr>
     <tr>

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.3');
54		if(!defined('REVISION')) define('REVISION', '1803');
	54	if(!defined('REVISION')) define('REVISION', '1804');
55	55	if(!defined('SP')) define('SP', '');

+     *
      */
     // Print admin header
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $config_file = realpath('../../config.php');
     if(file_exists($config_file) && !defined('WB_URL'))
+    {
     	require_once($config_file);
+    }
     if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
     // suppress to print the header, so no new FTAN will be set
     $admin = new admin('Access', 'users_modify', false);
-...
     	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
+    }
     if($password != "") {
     	if(strlen($password) < 2) {
     	if(strlen($password) < 6 ) {
     		$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back);
+    	}
     	if($password != $password2) {

      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
     */
      */
      // Include config file and admin class file
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $config_file = realpath('../../config.php');
     if(file_exists($config_file) && !defined('WB_URL'))
+    {
     	require_once($config_file);
+    }
     if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
     $action = 'cancel';
     // Set parameter 'action' as alternative to javascript mechanism
     $action = (isset($_POST['modify']) ? 'modify' : $action );
     $action = (isset($_POST['delete']) ? 'delete' : $action );
     $action = (isset($_POST['delete_outdated']) ? 'delete_outdated' : $action );
     switch ($action):
     	case 'modify' :
-...
     			$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
     			$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
     			$template->set_var(	array(
     								'ACTION_URL' => ADMIN_URL.'/users/save.php',
     								'SUBMIT_TITLE' => $TEXT['SAVE'],
     								'USER_ID' => $user['user_id'],
     								'USERNAME' => $user['username'],
     								'DISPLAY_NAME' => $user['display_name'],
     								'EMAIL' => $user['email'],
     								'ADMIN_URL' => ADMIN_URL,
     								'WB_URL' => WB_URL,
     								'THEME_URL' => THEME_URL
+    								)
     						);
     						'ACTION_URL' => ADMIN_URL.'/users/save.php',
     						'SUBMIT_TITLE' => $TEXT['SAVE'],
     						'USER_ID' => $user['user_id'],
     						'DISPLAY_EXTRA' => '',
     						'DISPLAY_HOME_FOLDERS' => '',
     						'USERNAME' => $user['username'],
     						'DISPLAY_NAME' => $user['display_name'],
     						'EMAIL' => $user['email'],
     						'ADMIN_URL' => ADMIN_URL,
     						'WB_URL' => WB_URL,
     						'THEME_URL' => THEME_URL
+    						)
     				);
     			$template->set_var('FTAN', $admin->getFTAN());
     			if($user['active'] == 1) {
                     $template->set_var('DISABLED_CHECKED', '');
     				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
     			} else {
                     $template->set_var('ACTIVE_CHECKED', '');
     				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
+    			}
     			// Add groups to list
-...
     		case 'delete' :
     			// Print header
     			$admin = new admin('Access', 'users_delete');
     			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
     			// Check if user id is a valid number and doesnt equal 1
     			if($user_id == 0){
     			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
+                }
-...
     			// Print admin footer
     			$admin->print_footer();
     			break;
     		case 'delete_outdated' :
     			$admin = new admin('Access', 'users_delete');
     			$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD']));
     			// Check if user id is a valid number and doesnt equal 1
     			if($user_id == 0){
         			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
+                }
     			if( ($user_id < 2 ) )
+    			{
     				// if($admin_header) { $admin->print_header(); }
     				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
+    			}
     			$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
     			if($database->is_error()) {
     				$admin->print_error($database->get_error());
     			} else {
     				$admin->print_success($MESSAGE['USERS_DELETED']);
+    			}
     			// Print admin footer
     			$admin->print_footer();
     			break;
     	default:
     			break;
     endswitch;

      * @filesource		$HeadURL$
      * @lastmodified    $Date$
+     *
     */
      */
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $config_file = realpath('../../config.php');
     if(file_exists($config_file) && !defined('WB_URL'))
+    {
     	require_once($config_file);
+    }
     if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
     $admin = new admin('Access', 'users');
     $iUserStatus = 1;
-...
     $template->set_var('ADMIN_URL', ADMIN_URL);
     $template->set_var('FTAN', $admin->getFTAN());
     $template->set_var('USER_STATUS', $iUserStatus );
     $template->set_var('DISPLAY_ADD', '');
     $template->set_var('DISPLAY_MODIFY', '');
     $template->set_var('DISABLED_CHECKED', '');
     $template->set_var('HEADING_MODIFY_USER', '');
     $template->set_var('DISPLAY_HOME_FOLDERS', '');
     $UserStatusActive = 'url('.THEME_URL.'/images/user.png)';
     $UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)';
-...
     );
     // Insert language text and messages
     $template->set_var(array(
     		'DISPLAY_WAITING_ACTIVATION' => '',
     		'TEXT_MODIFY' => $TEXT['MODIFY'],
     		'TEXT_DELETE' => $TEXT['DELETE'],
     		'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**",
     		'CONFIRM_DELETE' => (($iUserStatus == 1) ? $TEXT['ARE_YOU_SURE'] : $MESSAGE['USERS_CONFIRM_DELETE'])
+    		)
     );
     $template->set_block('main_block', 'show_confirmed_activation_block', 'show_confirmed_activation');
     if($admin->ami_group_member('1')) {
             $template->set_block('show_confirmed_activation_block', 'list_confirmed_activation_block', 'list_confirmed_activation');
         	$template->set_var('DISPLAY_WAITING_ACTIVATION', 'Users waiting for activation');
     		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ';
     		$sql .= 'WHERE `confirm_timeout` != 0 ';
             $sql .=   'AND `active` = 0 ';
             $sql .=   'AND `user_id` != 1 ';
             if( ($oRes = $database->query($sql)) ) {
             	$template->set_var('DISPLAY_DELETE', '');
     //        	$template->set_var('NAME', 'User waiting for activation');
     //        	$template->set_var('STATUS', '' );
             	// Loop through users
                 if($nNumRows = $oRes->numRows()) {
                 	while($aUser = $oRes->fetchRow(MYSQL_ASSOC)) {
                 		$template->set_var('VALUE',$admin->getIDKEY($aUser['user_id']));
                    		$template->set_var('STATUS', '') ;
                 		$template->set_var('NAME', $aUser['display_name'].' ('.$aUser['username'].')');
                 		$template->parse('list_confirmed_activation', 'list_confirmed_activation_block', true);
+                	}
                 	$template->parse('show_confirmed_activation', 'show_confirmed_activation_block',true);
+                }
             } else { $nNumRows = 0; }
+    }
     if ( $nNumRows == 0){
     	$template->parse('show_confirmed_activation', '');
+    }
     if ( $admin->get_permission('groups') == true ) $template->parse("groups", "manage_groups_block", true);
     // Parse template object
     $template->parse('main', 'main_block', false);
-...
     $template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
     $template->set_var('DISPLAY_EXTRA', 'display:none;');
     $template->set_var('ACTIVE_CHECKED', ' checked="checked"');
     $template->set_var('DISPLAY_ADD', '');
     $template->set_var('DISPLAY_MODIFY', '');
     $template->set_var('DISABLED_CHECKED', '');
     $template->set_var('HEADING_MODIFY_USER', '');
     $template->set_var('DISPLAY_HOME_FOLDERS', '');
     $template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php');
     $template->set_var('SUBMIT_TITLE', $TEXT['ADD']);
     $template->set_var('FTAN', $admin->getFTAN());

+     *
      */
     // Print admin header
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     // suppress to print the header, so no new FTAN will be set
     $admin = new admin('Preferences','start', false);
     function save_preferences( &$admin, &$database)
+    {
     	global $MESSAGE;
     	$err_msg = array();
     	$iMinPassLength = 6;
     	$bPassRequest = false;
     	$bMailHasChanged = false;
     // first check form-tan
     	if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
     	if(!$admin->checkFTAN()){
     	   $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS'];
         } else {
     // Get entered values and validate all
     	// remove any dangerouse chars from display_name
     	$display_name     = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
     	$display_name     = ( $display_name == '' ? $admin->get_display_name() : $display_name );
     	// check that display_name is unique in whoole system (prevents from User-faking)
     	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
     	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN']; }
             $display_name = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('display_name'),true)));
         	$display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name );
     // check that display_name is unique in whoole system (prevents from User-faking)
         	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
         	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
         	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN']; }
     // language must be 2 upercase letters only
     	$language         = strtoupper($admin->get_post('language'));
     	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
         	$language         = strtoupper($admin->get_post('language'));
         	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
     // timezone must be between -12 and +13  or -20 as system_default
     	$timezone         = $admin->get_post('timezone');
     	$timezone         = (is_numeric($timezone) ? $timezone : -20);
     	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
         	$timezone         = $admin->get_post('timezone');
         	$timezone         = (is_numeric($timezone) ? $timezone : -20);
         	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
     // date_format must be a key from /interface/date_formats
     	$date_format      = $admin->get_post('date_format');
     	$date_format_key  = str_replace(' ', '|', $date_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/date_formats.php' );
     	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
     	$date_format = ($date_format == 'system_default' ? '' : $date_format);
     	unset($DATE_FORMATS);
         	$date_format      = $admin->get_post('date_format');
         	$date_format_key  = str_replace(' ', '|', $date_format);
         	$user_time = true;
         	include( ADMIN_PATH.'/interface/date_formats.php' );
         	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
         	$date_format = ($date_format == 'system_default' ? '' : $date_format);
         	unset($DATE_FORMATS);
     // time_format must be a key from /interface/time_formats
     	$time_format      = $admin->get_post('time_format');
     	$time_format_key  = str_replace(' ', '|', $time_format);
     	$user_time = true;
     	include( ADMIN_PATH.'/interface/time_formats.php' );
     	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
     	$time_format = ($time_format == 'system_default' ? '' : $time_format);
     	unset($TIME_FORMATS);
         	$time_format      = $admin->get_post('time_format');
         	$time_format_key  = str_replace(' ', '|', $time_format);
         	$user_time = true;
         	include( ADMIN_PATH.'/interface/time_formats.php' );
         	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
         	$time_format = ($time_format == 'system_default' ? '' : $time_format);
         	unset($TIME_FORMATS);
     // email should be validatet by core
     	$email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
     	if( !$admin->validate_email($email) )
+    	{
     		$email = '';
     		$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
     	}else {
     		if($email != '') {
     		// check that email is unique in whoole system
     			$email = $admin->add_slashes($email);
     			$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
     			$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
     			if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
+    		}
+    	}
     //    	$email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
             $email = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('email'),true)));
         	if( !$admin->validate_email($email) )
+        	{
         		$email = '';
         		$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
         	} else {
         		if($email != '') {
         		// check that email is unique in whoole system
         			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
         			$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
                     $IsOldMail = $database->get_one($sql);
         		// check that email is unique in whoole system
         			$email = $admin->add_slashes($email);
         			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
         			$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
                     $checkMail = $database->get_one($sql);
         			if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
                     $bMailHasChanged = ($email != $IsOldMail);
+        		}
+        	}
     // receive password vars and calculate needed action
     	$sCurrentPassword = $admin->get_post('current_password');
     	$sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword);
     	$sNewPassword = $admin->get_post('new_password_1');
     	$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
     	$sNewPasswordRetyped = $admin->get_post('new_password_2');
     	$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
     // Check existing password
     	$sql  = 'SELECT `password` ';
     	$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
     	$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
     	if (md5($sCurrentPassword) != $database->get_one($sql)) {
     // access denied
     		$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
     	}else {
     // validate new password
     		$sPwHashNew = false;
     		if($sNewPassword != '') {
     			if(strlen($sNewPassword) < $iMinPassLength) {
     				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
     			}else {
     				if($sNewPassword != $sNewPasswordRetyped) {
     					$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
     				}else {
     					$pattern = '/[^'.$admin->password_chars.']/';
     					if (preg_match($pattern, $sNewPassword)) {
     						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
     					}else {
     						$sPwHashNew = md5($sNewPassword);
+    					}
+    				}
+    			}
+    		}
     // if no validation errors, try to update the database, otherwise return errormessages
     		if(sizeof($err_msg) == 0)
+    		{
     			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
     			$sql .= 'SET `display_name`=\''.$display_name.'\', ';
     			if($sPwHashNew) {
     				$sql .=     '`password`=\''.$sPwHashNew.'\', ';
+    			}
     			if($email != '') {
     				$sql .=     '`email`=\''.$email.'\', ';
+    			}
     			$sql .=     '`language`=\''.$language.'\', ';
     			$sql .=     '`timezone`=\''.$timezone.'\', ';
     			$sql .=     '`date_format`=\''.$date_format.'\', ';
     			$sql .=     '`time_format`=\''.$time_format.'\' ';
     			$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
     			if( $database->query($sql) )
+    			{
     				// update successfull, takeover values into the session
     				$_SESSION['DISPLAY_NAME'] = $display_name;
     				$_SESSION['LANGUAGE'] = $language;
     				$_SESSION['TIMEZONE'] = $timezone;
     				$_SESSION['EMAIL'] = $email;
     				// Update date format
     				if($date_format != '') {
     					$_SESSION['DATE_FORMAT'] = $date_format;
     					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
     					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
+    				}
     				// Update time format
     				if($time_format != '') {
     					$_SESSION['TIME_FORMAT'] = $time_format;
     					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
     				} else {
     					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
     					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
+    				}
     			}else {
     				$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
+    			}
+    		}
+    	}
             $sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
             $sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
             $sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
             if($bMailHasChanged == true)
+            {
                 $bPassRequest = $bMailHasChanged;
             } else {
                 $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
+            }
             // Check existing password
         	$sql  = 'SELECT `password` ';
         	$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
         	$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
         	if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
         // access denied
         		$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
         	} else {
         // validate new password
         		$sPwHashNew = false;
         		if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
         			if(strlen($sNewPassword) < $iMinPassLength) {
         				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
         			} else {
         				if($sNewPassword != $sNewPasswordRetyped) {
         					$err_msg[] =  $MESSAGE['USERS_PASSWORD_MISMATCH'];
         				} else {
         					$pattern = '/[^'.$admin->password_chars.']/';
         					if (preg_match($pattern, $sNewPassword)) {
         						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
         					} else {
         						$sPwHashNew = md5($sNewPassword);
+        					}
+        				}
+        			}
+        		}
         // if no validation errors, try to update the database, otherwise return errormessages
         		if(sizeof($err_msg) == 0)
+        		{
         			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
         			$sql .= 'SET `display_name`=\''.$display_name.'\', ';
         			if($sPwHashNew) {
         				$sql .=     '`password`=\''.$sPwHashNew.'\', ';
+        			}
         			if($email != '') {
         				$sql .=     '`email`=\''.$email.'\', ';
+        			}
         			$sql .=     '`language`=\''.$language.'\', ';
         			$sql .=     '`timezone`=\''.$timezone.'\', ';
         			$sql .=     '`date_format`=\''.$date_format.'\', ';
         			$sql .=     '`time_format`=\''.$time_format.'\' ';
         			$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
         			if( $database->query($sql) )
+        			{
         				// update successfull, takeover values into the session
         				$_SESSION['DISPLAY_NAME'] = $display_name;
         				$_SESSION['LANGUAGE'] = $language;
         				$_SESSION['TIMEZONE'] = $timezone;
         				$_SESSION['EMAIL'] = $email;
         				// Update date format
         				if($date_format != '') {
         					$_SESSION['DATE_FORMAT'] = $date_format;
         					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
         				} else {
         					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
         					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
+        				}
         				// Update time format
         				if($time_format != '') {
         					$_SESSION['TIME_FORMAT'] = $time_format;
         					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
         				} else {
         					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
         					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
+        				}
         			} else {
         				$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
+        			}
+        		}
+        	}
+        }
     	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
+    }
     $config_file = realpath('../../config.php');
     if(file_exists($config_file) && !defined('WB_URL'))
+    {
     	require_once($config_file);
+    }
     if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
     // suppress to print the header, so no new FTAN will be set
     $admin = new admin('Preferences','start', false);
     $retval = save_preferences($admin, $database);
     if( $retval == '')
+    {
-...
     	$admin->print_header();
     	$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);
     	$admin->print_footer();
     }else {
     } else {
     	// print the header
     	$admin->print_header();
     	$admin->print_error($retval);

branches/2.8.x/wb/framework/SecureForm.mtab.php
369	369	}
370	370
371	371	private function _timedout( $var ) {
	372	if(!isset($var['time'])) { return false; }
372	373	if ($var['time'] < time()-$this->_timeout) return false;
373	374	return true;
374	375	}

             </tr>
         </thead>
         <tbody class="frm-tbody">
             <tr class="frm-warning">
             	<td colspan="2"><p class="{NIX_HIER}">{SUCCESS_PRINT}</p></td>
             <tr class="frm-warning {NIX_HIER}">
             	<td colspan="2"><p>{SUCCESS_PRINT}</p></td>
             </tr>
             <tr class="frm-submission_submission_id">
-...
             	<td>{submission_submitted_when}</td>
             </tr>
             <tr class="frm-user_display_name">
             	<td>{TEXT_USER}:</td>
             	<td>{TEXT_USER} ({TEXT_USERNAME}):</td>
             	<td>{user_display_name} ({user_username})</td>
             </tr>
             <tr class="frm-hr">

     						 $mail_replyto = $success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to]));
+    					}
     					$success_email_to = '';
     					$email_fromname = $TEXT['UNKNOWN'];
     					$email_fromname = $TEXT['GUEST'];
     //					$success_email_fromname = $TEXT['UNKNOWN'];
     //					$email_from = $TEXT['UNKNOWN'];
+    				}
-...
     					'submission_submitted_when' => gmdate( DATE_FORMAT .', '.TIME_FORMAT, $submission['submitted_when']+TIMEZONE ),
     					'NIX_HIER' => $NixHier,
     					'TEXT_USER' => $TEXT['USER'],
     					'TEXT_USERNAME' => $TEXT['USERNAME'],
     					'TEXT_PRINT_PAGE' => $TEXT['PRINT_PAGE'],
     					'TEXT_REQUIRED_JS' => $TEXT['REQUIRED_JS'],
     					'user_display_name' => $user['display_name'],

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

     $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! ';
     $TEXT['GUEST'] = 'Guest';
     $TEXT['UNKNOWN'] = 'unkown';
     $TEXT['PRINT_PAGE'] = 'Print page';
     $TEXT['REQUIRED_JS'] = 'Required Javascript';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page';
     $TEXT['UNKNOWN'] = 'Unknown';

      * @description
      */
     // Must include code to stop this file being accessed directly
     // Must include code to stop this file being access directly
     if(!defined('WB_URL')) {
     	require_once(dirname(dirname(dirname(dirname(__FILE__)))).'/framework/globalExceptionHandler.php');
     	// Stop this file being access directly
     	throw new IllegalFileException();
+    }
     /* -------------------------------------------------------- */
-...
     $MOD_FORM['SPAM'] = 'ACHTUNG! Beantworten einer ungeprüften E-Mail kann als Spam abgemahnt werden! ';
     $TEXT['GUEST'] = 'Gast';
     $TEXT['UNKNOWN'] = 'unbekannt';
     $TEXT['PRINT_PAGE'] = 'Seite drucken';
     $TEXT['REQUIRED_JS'] = 'Javascript erforderlich';
     $TEXT['SUBMISSIONS_PERPAGE'] = 'Anzeige gespeicherte Einträge pro Seite';
     $TEXT['UNKNOWN'] = 'Unbekannt';

     // Include WB admin wrapper script
     require(WB_PATH.'/modules/admin.php');
     // load module language file
     $lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php';
     require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang );
     /* */
     include_once (WB_PATH.'/framework/functions.php');
     // Get page
     $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
     $page = intval(isset(${$requestMethod}['page'])) ? ${$requestMethod}['page'] : 1;
-...
     	if($get_user->numRows() != 0) {
     		$user = $get_user->fetchRow(MYSQL_ASSOC);
     	} else {
     		$user['display_name'] = 'Unknown';
     		$user['username'] = 'unknown';
     		$user['display_name'] = $TEXT['GUEST'];
     		$user['username'] = $TEXT['UNKNOWN'];
+    	}
+    }
     //$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' )  ? '#'.SEC_ANCHOR.$section['section_id'] : '' );
-...
     	<td><?php echo gmdate(DATE_FORMAT .', '.TIME_FORMAT, $submission['submitted_when']+TIMEZONE); ?></td>
     </tr>
     <tr>
     	<td><?php echo $TEXT['USER']; ?>:</td>
     	<td><?php echo $TEXT['USER'].' ('.$TEXT['USERNAME'].')'; ?>:</td>
     	<td><?php echo $user['display_name'].' ('.$user['username'].')'; ?></td>
     </tr>
     <tr>

Project

General

Profile

WB 2.08.x

Revision 1804

Added by Dietmar about 12 years ago