Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1803) +++ branches/2.8.x/CHANGELOG (revision 1804) @@ -13,6 +13,14 @@ +02 Nov-2012 Build 1804 Dietmar Woellbrink (Luisehahne) +# fixed Illegal string offset 'time' in \framework\SecureForm.mtab.php +! add delete Outdated Confirmations in backend +! show waiting Activations if exists in user management +# fixed html validaton errors in user management +! security fixes in admin/preferences/ +! update form modul, change text "unknown#" to "Guest" + in view_submission and emailheader email_fromname 01 Nov-2012 Build 1803 Dietmar Woellbrink (Luisehahne) ! update submission form with designer friendly css classes 31 Oct-2012 Build 1802 Dietmar Woellbrink (Luisehahne) Index: branches/2.8.x/wb/admin/start/index.php =================================================================== --- branches/2.8.x/wb/admin/start/index.php (revision 1803) +++ branches/2.8.x/wb/admin/start/index.php (revision 1804) @@ -3,7 +3,7 @@ * * @category admin * @package start - * @author Ryan Djurovich, WebsiteBaker Project + * @author Ryan Djurovich (2004-2009), WebsiteBaker Project * @copyright 2009-2012, WebsiteBaker Org. e.V. * @link http://www.websitebaker2.org/ * @license http://www.gnu.org/licenses/gpl.html @@ -19,8 +19,15 @@ //$regex = "/(pages)+[a-z]*[_]([a-z_0-9]+)[^,]/im"; //preg_match_all ($regex, $string, $output); // -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); + +$config_file = realpath('../../config.php'); +if(file_exists($config_file) && !defined('WB_URL')) +{ + require_once($config_file); +} + +if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } + $admin = new admin('Start','start'); // --------------------------------------- // $database = WbDatabase::getInstance(); @@ -118,6 +125,12 @@ } } +/** + * delete Outdated Confirmations + */ +$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time(); +WbDatabase::getInstance()->query($sql); + // --------------------------------------- // Setup template object, parse vars to it, then parse it // Create new template object Index: branches/2.8.x/wb/admin/skel/themes/htt/users.htt =================================================================== --- branches/2.8.x/wb/admin/skel/themes/htt/users.htt (revision 1803) +++ branches/2.8.x/wb/admin/skel/themes/htt/users.htt (revision 1804) @@ -18,7 +18,7 @@ {FTAN} - @@ -27,9 +27,18 @@ + +

{DISPLAY_WAITING_ACTIVATION}

+ + + + -
-

{HEADING_ADD_USER}

+

{HEADING_ADD_USER}

\ No newline at end of file Index: branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt =================================================================== --- branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt (revision 1803) +++ branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt (revision 1804) @@ -45,9 +45,8 @@ -   - - {CHANGING_PASSWORD} + +
{CHANGING_PASSWORD}
Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1803) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1804) @@ -51,5 +51,5 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.3'); -if(!defined('REVISION')) define('REVISION', '1803'); +if(!defined('REVISION')) define('REVISION', '1804'); if(!defined('SP')) define('SP', ''); Index: branches/2.8.x/wb/admin/users/save.php =================================================================== --- branches/2.8.x/wb/admin/users/save.php (revision 1803) +++ branches/2.8.x/wb/admin/users/save.php (revision 1804) @@ -15,9 +15,14 @@ * */ -// Print admin header -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); +$config_file = realpath('../../config.php'); +if(file_exists($config_file) && !defined('WB_URL')) +{ + require_once($config_file); +} + +if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } + // suppress to print the header, so no new FTAN will be set $admin = new admin('Access', 'users_modify', false); @@ -64,7 +69,7 @@ $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); } if($password != "") { - if(strlen($password) < 2) { + if(strlen($password) < 6 ) { $admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back); } if($password != $password2) { Index: branches/2.8.x/wb/admin/users/users.php =================================================================== --- branches/2.8.x/wb/admin/users/users.php (revision 1803) +++ branches/2.8.x/wb/admin/users/users.php (revision 1804) @@ -13,16 +13,23 @@ * @filesource $HeadURL$ * @lastmodified $Date$ * -*/ + */ // Include config file and admin class file -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); +$config_file = realpath('../../config.php'); +if(file_exists($config_file) && !defined('WB_URL')) +{ + require_once($config_file); +} + +if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } + $action = 'cancel'; // Set parameter 'action' as alternative to javascript mechanism $action = (isset($_POST['modify']) ? 'modify' : $action ); $action = (isset($_POST['delete']) ? 'delete' : $action ); +$action = (isset($_POST['delete_outdated']) ? 'delete_outdated' : $action ); switch ($action): case 'modify' : @@ -51,22 +58,26 @@ $template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname'); $template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname'); $template->set_var( array( - 'ACTION_URL' => ADMIN_URL.'/users/save.php', - 'SUBMIT_TITLE' => $TEXT['SAVE'], - 'USER_ID' => $user['user_id'], - 'USERNAME' => $user['username'], - 'DISPLAY_NAME' => $user['display_name'], - 'EMAIL' => $user['email'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL - ) - ); + 'ACTION_URL' => ADMIN_URL.'/users/save.php', + 'SUBMIT_TITLE' => $TEXT['SAVE'], + 'USER_ID' => $user['user_id'], + 'DISPLAY_EXTRA' => '', + 'DISPLAY_HOME_FOLDERS' => '', + 'USERNAME' => $user['username'], + 'DISPLAY_NAME' => $user['display_name'], + 'EMAIL' => $user['email'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) + ); $template->set_var('FTAN', $admin->getFTAN()); if($user['active'] == 1) { + $template->set_var('DISABLED_CHECKED', ''); $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); } else { + $template->set_var('ACTIVE_CHECKED', ''); $template->set_var('DISABLED_CHECKED', ' checked="checked"'); } // Add groups to list @@ -184,8 +195,10 @@ case 'delete' : // Print header $admin = new admin('Access', 'users_delete'); + $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); // Check if user id is a valid number and doesnt equal 1 + if($user_id == 0){ $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); } @@ -211,6 +224,30 @@ // Print admin footer $admin->print_footer(); break; + case 'delete_outdated' : + $admin = new admin('Access', 'users_delete'); + + $user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD'])); + // Check if user id is a valid number and doesnt equal 1 + if($user_id == 0){ + $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); + } + if( ($user_id < 2 ) ) + { + // if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + } + $database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id); + if($database->is_error()) { + $admin->print_error($database->get_error()); + } else { + $admin->print_success($MESSAGE['USERS_DELETED']); + } + // Print admin footer + $admin->print_footer(); + + + break; default: break; endswitch; Index: branches/2.8.x/wb/admin/users/index.php =================================================================== --- branches/2.8.x/wb/admin/users/index.php (revision 1803) +++ branches/2.8.x/wb/admin/users/index.php (revision 1804) @@ -13,10 +13,16 @@ * @filesource $HeadURL$ * @lastmodified $Date$ * -*/ + */ -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); +$config_file = realpath('../../config.php'); +if(file_exists($config_file) && !defined('WB_URL')) +{ + require_once($config_file); +} + +if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } + $admin = new admin('Access', 'users'); $iUserStatus = 1; @@ -34,6 +40,11 @@ $template->set_var('ADMIN_URL', ADMIN_URL); $template->set_var('FTAN', $admin->getFTAN()); $template->set_var('USER_STATUS', $iUserStatus ); +$template->set_var('DISPLAY_ADD', ''); +$template->set_var('DISPLAY_MODIFY', ''); +$template->set_var('DISABLED_CHECKED', ''); +$template->set_var('HEADING_MODIFY_USER', ''); +$template->set_var('DISPLAY_HOME_FOLDERS', ''); $UserStatusActive = 'url('.THEME_URL.'/images/user.png)'; $UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)'; @@ -105,6 +116,7 @@ ); // Insert language text and messages $template->set_var(array( + 'DISPLAY_WAITING_ACTIVATION' => '', 'TEXT_MODIFY' => $TEXT['MODIFY'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**", @@ -111,6 +123,37 @@ 'CONFIRM_DELETE' => (($iUserStatus == 1) ? $TEXT['ARE_YOU_SURE'] : $MESSAGE['USERS_CONFIRM_DELETE']) ) ); + +$template->set_block('main_block', 'show_confirmed_activation_block', 'show_confirmed_activation'); +if($admin->ami_group_member('1')) { + $template->set_block('show_confirmed_activation_block', 'list_confirmed_activation_block', 'list_confirmed_activation'); + $template->set_var('DISPLAY_WAITING_ACTIVATION', 'Users waiting for activation'); + $sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `confirm_timeout` != 0 '; + $sql .= 'AND `active` = 0 '; + $sql .= 'AND `user_id` != 1 '; + if( ($oRes = $database->query($sql)) ) { + $template->set_var('DISPLAY_DELETE', ''); +// $template->set_var('NAME', 'User waiting for activation'); +// $template->set_var('STATUS', '' ); + // Loop through users + if($nNumRows = $oRes->numRows()) { + while($aUser = $oRes->fetchRow(MYSQL_ASSOC)) { + $template->set_var('VALUE',$admin->getIDKEY($aUser['user_id'])); + $template->set_var('STATUS', '') ; + $template->set_var('NAME', $aUser['display_name'].' ('.$aUser['username'].')'); + $template->parse('list_confirmed_activation', 'list_confirmed_activation_block', true); + } + $template->parse('show_confirmed_activation', 'show_confirmed_activation_block',true); + } + } else { $nNumRows = 0; } + +} + +if ( $nNumRows == 0){ + $template->parse('show_confirmed_activation', ''); +} + if ( $admin->get_permission('groups') == true ) $template->parse("groups", "manage_groups_block", true); // Parse template object $template->parse('main', 'main_block', false); @@ -126,6 +169,12 @@ $template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname'); $template->set_var('DISPLAY_EXTRA', 'display:none;'); $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); + +$template->set_var('DISPLAY_ADD', ''); +$template->set_var('DISPLAY_MODIFY', ''); +$template->set_var('DISABLED_CHECKED', ''); +$template->set_var('HEADING_MODIFY_USER', ''); +$template->set_var('DISPLAY_HOME_FOLDERS', ''); $template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php'); $template->set_var('SUBMIT_TITLE', $TEXT['ADD']); $template->set_var('FTAN', $admin->getFTAN()); Index: branches/2.8.x/wb/admin/preferences/save.php =================================================================== --- branches/2.8.x/wb/admin/preferences/save.php (revision 1803) +++ branches/2.8.x/wb/admin/preferences/save.php (revision 1804) @@ -15,145 +15,172 @@ * */ - -// Print admin header -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -// suppress to print the header, so no new FTAN will be set -$admin = new admin('Preferences','start', false); - function save_preferences( &$admin, &$database) { global $MESSAGE; $err_msg = array(); $iMinPassLength = 6; + $bPassRequest = false; + $bMailHasChanged = false; // first check form-tan - if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; } + if(!$admin->checkFTAN()){ + $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; + } else { // Get entered values and validate all // remove any dangerouse chars from display_name - $display_name = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name')))); - $display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name ); - // check that display_name is unique in whoole system (prevents from User-faking) - $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; - $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; - if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN']; } + $display_name = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('display_name'),true))); + $display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name ); +// check that display_name is unique in whoole system (prevents from User-faking) + $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; + if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN']; } // language must be 2 upercase letters only - $language = strtoupper($admin->get_post('language')); - $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); + $language = strtoupper($admin->get_post('language')); + $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); // timezone must be between -12 and +13 or -20 as system_default - $timezone = $admin->get_post('timezone'); - $timezone = (is_numeric($timezone) ? $timezone : -20); - $timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600; + $timezone = $admin->get_post('timezone'); + $timezone = (is_numeric($timezone) ? $timezone : -20); + $timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600; // date_format must be a key from /interface/date_formats - $date_format = $admin->get_post('date_format'); - $date_format_key = str_replace(' ', '|', $date_format); - $user_time = true; - include( ADMIN_PATH.'/interface/date_formats.php' ); - $date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); - $date_format = ($date_format == 'system_default' ? '' : $date_format); - unset($DATE_FORMATS); + $date_format = $admin->get_post('date_format'); + $date_format_key = str_replace(' ', '|', $date_format); + $user_time = true; + include( ADMIN_PATH.'/interface/date_formats.php' ); + $date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); + $date_format = ($date_format == 'system_default' ? '' : $date_format); + unset($DATE_FORMATS); // time_format must be a key from /interface/time_formats - $time_format = $admin->get_post('time_format'); - $time_format_key = str_replace(' ', '|', $time_format); - $user_time = true; - include( ADMIN_PATH.'/interface/time_formats.php' ); - $time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); - $time_format = ($time_format == 'system_default' ? '' : $time_format); - unset($TIME_FORMATS); + $time_format = $admin->get_post('time_format'); + $time_format_key = str_replace(' ', '|', $time_format); + $user_time = true; + include( ADMIN_PATH.'/interface/time_formats.php' ); + $time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); + $time_format = ($time_format == 'system_default' ? '' : $time_format); + unset($TIME_FORMATS); // email should be validatet by core - $email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') ); - if( !$admin->validate_email($email) ) - { - $email = ''; - $err_msg[] = $MESSAGE['USERS_INVALID_EMAIL']; - }else { - if($email != '') { - // check that email is unique in whoole system - $email = $admin->add_slashes($email); - $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; - $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"'; - if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; } - } - } + +// $email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') ); + $email = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('email'),true))); + if( !$admin->validate_email($email) ) + { + $email = ''; + $err_msg[] = $MESSAGE['USERS_INVALID_EMAIL']; + } else { + if($email != '') { + // check that email is unique in whoole system + $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"'; + $IsOldMail = $database->get_one($sql); + // check that email is unique in whoole system + $email = $admin->add_slashes($email); + $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"'; + $checkMail = $database->get_one($sql); + + if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; } + $bMailHasChanged = ($email != $IsOldMail); + } + } + // receive password vars and calculate needed action - $sCurrentPassword = $admin->get_post('current_password'); - $sCurrentPassword = (is_null($sCurrentPassword) ? '' : $sCurrentPassword); - $sNewPassword = $admin->get_post('new_password_1'); - $sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword); - $sNewPasswordRetyped = $admin->get_post('new_password_2'); - $sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped); -// Check existing password - $sql = 'SELECT `password` '; - $sql .= 'FROM `'.TABLE_PREFIX.'users` '; - $sql .= 'WHERE `user_id` = '.$admin->get_user_id(); - if (md5($sCurrentPassword) != $database->get_one($sql)) { -// access denied - $err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT']; - }else { -// validate new password - $sPwHashNew = false; - if($sNewPassword != '') { - if(strlen($sNewPassword) < $iMinPassLength) { - $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT']; - }else { - if($sNewPassword != $sNewPasswordRetyped) { - $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH']; - }else { - $pattern = '/[^'.$admin->password_chars.']/'; - if (preg_match($pattern, $sNewPassword)) { - $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS']; - }else { - $sPwHashNew = md5($sNewPassword); - } - } - } - } -// if no validation errors, try to update the database, otherwise return errormessages - if(sizeof($err_msg) == 0) - { - $sql = 'UPDATE `'.TABLE_PREFIX.'users` '; - $sql .= 'SET `display_name`=\''.$display_name.'\', '; - if($sPwHashNew) { - $sql .= '`password`=\''.$sPwHashNew.'\', '; - } - if($email != '') { - $sql .= '`email`=\''.$email.'\', '; - } - $sql .= '`language`=\''.$language.'\', '; - $sql .= '`timezone`=\''.$timezone.'\', '; - $sql .= '`date_format`=\''.$date_format.'\', '; - $sql .= '`time_format`=\''.$time_format.'\' '; - $sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); - if( $database->query($sql) ) - { - // update successfull, takeover values into the session - $_SESSION['DISPLAY_NAME'] = $display_name; - $_SESSION['LANGUAGE'] = $language; - $_SESSION['TIMEZONE'] = $timezone; - $_SESSION['EMAIL'] = $email; - // Update date format - if($date_format != '') { - $_SESSION['DATE_FORMAT'] = $date_format; - if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } - } else { - $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; - if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } - } - // Update time format - if($time_format != '') { - $_SESSION['TIME_FORMAT'] = $time_format; - if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } - } else { - $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; - if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } - } - }else { - $err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; - } - } - } + $sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true)); + $sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true)); + $sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true)); + + if($bMailHasChanged == true) + { + $bPassRequest = $bMailHasChanged; + } else { + $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false; + } + // Check existing password + $sql = 'SELECT `password` '; + $sql .= 'FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `user_id` = '.$admin->get_user_id(); + if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) { + // access denied + $err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT']; + } else { + // validate new password + $sPwHashNew = false; + if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) { + if(strlen($sNewPassword) < $iMinPassLength) { + $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT']; + } else { + if($sNewPassword != $sNewPasswordRetyped) { + $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH']; + } else { + $pattern = '/[^'.$admin->password_chars.']/'; + if (preg_match($pattern, $sNewPassword)) { + $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS']; + } else { + $sPwHashNew = md5($sNewPassword); + } + } + } + } + + // if no validation errors, try to update the database, otherwise return errormessages + if(sizeof($err_msg) == 0) + { + $sql = 'UPDATE `'.TABLE_PREFIX.'users` '; + $sql .= 'SET `display_name`=\''.$display_name.'\', '; + if($sPwHashNew) { + $sql .= '`password`=\''.$sPwHashNew.'\', '; + } + if($email != '') { + $sql .= '`email`=\''.$email.'\', '; + } + $sql .= '`language`=\''.$language.'\', '; + $sql .= '`timezone`=\''.$timezone.'\', '; + $sql .= '`date_format`=\''.$date_format.'\', '; + $sql .= '`time_format`=\''.$time_format.'\' '; + $sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); + if( $database->query($sql) ) + { + // update successfull, takeover values into the session + $_SESSION['DISPLAY_NAME'] = $display_name; + $_SESSION['LANGUAGE'] = $language; + $_SESSION['TIMEZONE'] = $timezone; + $_SESSION['EMAIL'] = $email; + // Update date format + if($date_format != '') { + $_SESSION['DATE_FORMAT'] = $date_format; + if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } + } else { + $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; + if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } + } + // Update time format + if($time_format != '') { + $_SESSION['TIME_FORMAT'] = $time_format; + if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } + } else { + $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; + if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } + } + } else { + $err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; + } + } + } + + } + return ( (sizeof($err_msg) > 0) ? implode('
', $err_msg) : '' ); } + +$config_file = realpath('../../config.php'); +if(file_exists($config_file) && !defined('WB_URL')) +{ + require_once($config_file); +} + +if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } + +// suppress to print the header, so no new FTAN will be set +$admin = new admin('Preferences','start', false); + $retval = save_preferences($admin, $database); if( $retval == '') { @@ -161,7 +188,7 @@ $admin->print_header(); $admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']); $admin->print_footer(); -}else { +} else { // print the header $admin->print_header(); $admin->print_error($retval); Index: branches/2.8.x/wb/framework/SecureForm.mtab.php =================================================================== --- branches/2.8.x/wb/framework/SecureForm.mtab.php (revision 1803) +++ branches/2.8.x/wb/framework/SecureForm.mtab.php (revision 1804) @@ -369,6 +369,7 @@ } private function _timedout( $var ) { + if(!isset($var['time'])) { return false; } if ($var['time'] < time()-$this->_timeout) return false; return true; } Index: branches/2.8.x/wb/modules/form/htt/submessage.htt =================================================================== --- branches/2.8.x/wb/modules/form/htt/submessage.htt (revision 1803) +++ branches/2.8.x/wb/modules/form/htt/submessage.htt (revision 1804) @@ -13,8 +13,8 @@ - -

{SUCCESS_PRINT}

+ +

{SUCCESS_PRINT}

@@ -26,7 +26,7 @@ {submission_submitted_when} - {TEXT_USER}: + {TEXT_USER} ({TEXT_USERNAME}): {user_display_name} ({user_username}) Index: branches/2.8.x/wb/modules/form/view.php =================================================================== --- branches/2.8.x/wb/modules/form/view.php (revision 1803) +++ branches/2.8.x/wb/modules/form/view.php (revision 1804) @@ -344,7 +344,7 @@ $mail_replyto = $success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to])); } $success_email_to = ''; - $email_fromname = $TEXT['UNKNOWN']; + $email_fromname = $TEXT['GUEST']; // $success_email_fromname = $TEXT['UNKNOWN']; // $email_from = $TEXT['UNKNOWN']; } @@ -649,6 +649,7 @@ 'submission_submitted_when' => gmdate( DATE_FORMAT .', '.TIME_FORMAT, $submission['submitted_when']+TIMEZONE ), 'NIX_HIER' => $NixHier, 'TEXT_USER' => $TEXT['USER'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], 'TEXT_PRINT_PAGE' => $TEXT['PRINT_PAGE'], 'TEXT_REQUIRED_JS' => $TEXT['REQUIRED_JS'], 'user_display_name' => $user['display_name'], Index: branches/2.8.x/wb/modules/form/languages/NL.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/NL.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/NL.php (revision 1804) @@ -58,7 +58,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/NO.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/NO.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/NO.php (revision 1804) @@ -58,7 +58,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/EN.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/EN.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/EN.php (revision 1804) @@ -58,7 +58,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/DA.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/DA.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/DA.php (revision 1804) @@ -58,7 +58,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/RU.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/RU.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/RU.php (revision 1804) @@ -57,7 +57,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/FR.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/FR.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/FR.php (revision 1804) @@ -58,7 +58,7 @@ $MOD_FORM['SPAM'] = 'Caution! Answering an unchecked email can be perceived as spamming and entail the risk of receiving a cease-and-desist letter! '; $TEXT['GUEST'] = 'Guest'; +$TEXT['UNKNOWN'] = 'unkown'; $TEXT['PRINT_PAGE'] = 'Print page'; $TEXT['REQUIRED_JS'] = 'Required Javascript'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Show submissions rows per page'; -$TEXT['UNKNOWN'] = 'Unknown'; Index: branches/2.8.x/wb/modules/form/languages/DE.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/DE.php (revision 1803) +++ branches/2.8.x/wb/modules/form/languages/DE.php (revision 1804) @@ -15,10 +15,10 @@ * @description */ -// Must include code to stop this file being accessed directly +// Must include code to stop this file being access directly if(!defined('WB_URL')) { require_once(dirname(dirname(dirname(dirname(__FILE__)))).'/framework/globalExceptionHandler.php'); - // Stop this file being access directly + throw new IllegalFileException(); } /* -------------------------------------------------------- */ @@ -59,7 +59,7 @@ $MOD_FORM['SPAM'] = 'ACHTUNG! Beantworten einer ungeprüften E-Mail kann als Spam abgemahnt werden! '; $TEXT['GUEST'] = 'Gast'; +$TEXT['UNKNOWN'] = 'unbekannt'; $TEXT['PRINT_PAGE'] = 'Seite drucken'; $TEXT['REQUIRED_JS'] = 'Javascript erforderlich'; $TEXT['SUBMISSIONS_PERPAGE'] = 'Anzeige gespeicherte Einträge pro Seite'; -$TEXT['UNKNOWN'] = 'Unbekannt'; Index: branches/2.8.x/wb/modules/form/view_submission.php =================================================================== --- branches/2.8.x/wb/modules/form/view_submission.php (revision 1803) +++ branches/2.8.x/wb/modules/form/view_submission.php (revision 1804) @@ -19,8 +19,13 @@ // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); +// load module language file +$lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php'; +require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang ); /* */ + include_once (WB_PATH.'/framework/functions.php'); + // Get page $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $page = intval(isset(${$requestMethod}['page'])) ? ${$requestMethod}['page'] : 1; @@ -49,8 +54,8 @@ if($get_user->numRows() != 0) { $user = $get_user->fetchRow(MYSQL_ASSOC); } else { - $user['display_name'] = 'Unknown'; - $user['username'] = 'unknown'; + $user['display_name'] = $TEXT['GUEST']; + $user['username'] = $TEXT['UNKNOWN']; } } //$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); @@ -66,7 +71,7 @@ - : + : Index: branches/2.8.x/wb/modules/news =================================================================== --- branches/2.8.x/wb/modules/news (revision 1803) +++ branches/2.8.x/wb/modules/news (revision 1804) Property changes on: branches/2.8.x/wb/modules/news ___________________________________________________________________ Added: svn:ignore ## -0,0 +1,3 ## +_rss.php +rss.htt +rss.php