Project

General

Profile

« Previous | Next » 

Revision 1872

Added by Dietmar over 11 years ago

  1. bugfix preferences timezone, date_format, time_format settings, backend and frontend

View differences:

save.php
38 38
    	$language         = strtoupper($admin->get_post('language'));
39 39
    	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
40 40
// timezone must be between -12 and +13  or -20 as system_default
41
    	$timezone         = $admin->get_post('timezone');
42
    	$timezone         = (is_numeric($timezone) ? $timezone : -20);
43
    	$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
41
		$timezone         = ($admin->get_post('timezone'));
42
		$timezone         = ( (is_numeric($timezone) && ($timezone!=0)) ? $timezone : -20);
43
		$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
44 44
// date_format must be a key from /interface/date_formats
45
    	$date_format      = $admin->get_post('date_format');
46
    	$date_format_key  = str_replace(' ', '|', $date_format);
47
    	$user_time = true;
48
    	include( ADMIN_PATH.'/interface/date_formats.php' );
49
    	$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
50
    	$date_format = ($date_format == 'system_default' ? '' : $date_format);
51
    	unset($DATE_FORMATS);
45
		$date_format      = $admin->get_post('date_format');
46
		$date_format = (($date_format==DEFAULT_DATE_FORMAT) ? '' : $date_format);
47
		$date_format_key  = str_replace(' ', '|', $date_format);
48
		$user_time = true;
49
		include( ADMIN_PATH.'/interface/date_formats.php' );
50
		$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
51
		$date_format = ($date_format == 'system_default' ? '' : $date_format);
52
		unset($DATE_FORMATS);
52 53
// time_format must be a key from /interface/time_formats
53
    	$time_format      = $admin->get_post('time_format');
54
    	$time_format_key  = str_replace(' ', '|', $time_format);
55
    	$user_time = true;
56
    	include( ADMIN_PATH.'/interface/time_formats.php' );
57
    	$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
58
    	$time_format = ($time_format == 'system_default' ? '' : $time_format);
59
    	unset($TIME_FORMATS);
54
		$time_format = $admin->get_post('time_format');
55
		$time_format = (($time_format==DEFAULT_TIME_FORMAT) ? '' : $time_format);
56
		$time_format_key  = str_replace(' ', '|', $time_format);
57
		$user_time = true;
58
		include( ADMIN_PATH.'/interface/time_formats.php' );
59
		$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
60
		$time_format = ($time_format == 'system_default' ? '' : $time_format);
61
		unset($TIME_FORMATS);
60 62
// email should be validatet by core
61 63

  
62 64
//    	$email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
......
83 85
    	}
84 86

  
85 87
// receive password vars and calculate needed action
86
        $sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
87
        $sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
88
        $sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
88
	    $sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
89
	    $sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
90
	    $sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
89 91

  
90
        if($bMailHasChanged == true)
91
        {
92
            $bPassRequest = $bMailHasChanged;
93
        } else {
94
            $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
95
        }
96
        // Check existing password
97
    	$sql  = 'SELECT `password` ';
98
    	$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
99
    	$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
100
    	if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
101
    // access denied
102
    		$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
103
    	} else {
104
    // validate new password
105
    		$sPwHashNew = false;
106
    		if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
107
    			if(strlen($sNewPassword) < $iMinPassLength) {
108
    				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
109
    			} else {
110
    				if($sNewPassword != $sNewPasswordRetyped) {
111
    					$err_msg[] =  $MESSAGE['USERS_PASSWORD_MISMATCH'];
112
    				} else {
113
    					$pattern = '/[^'.$admin->password_chars.']/';
114
    					if (preg_match($pattern, $sNewPassword)) {
115
    						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
116
    					} else {
117
    						$sPwHashNew = md5($sNewPassword);
118
    					}
119
    				}
120
    			}
121
    		}
92
	    if($bMailHasChanged == true)
93
	    {
94
	        $bPassRequest = $bMailHasChanged;
95
	    } else {
96
	        $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
97
	    }
98
	    // Check existing password
99
		$sql  = 'SELECT `password` ';
100
		$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
101
		$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
102
		if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
103
	// access denied
104
			$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
105
	} else {
106
	// validate new password
107
			$sPwHashNew = false;
108
			if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
109
				if(strlen($sNewPassword) < $iMinPassLength) {
110
					$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
111
				} else {
112
					if($sNewPassword != $sNewPasswordRetyped) {
113
						$err_msg[] =  $MESSAGE['USERS_PASSWORD_MISMATCH'];
114
					} else {
115
						$pattern = '/[^'.$admin->password_chars.']/';
116
						if (preg_match($pattern, $sNewPassword)) {
117
							$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
118
						} else {
119
							$sPwHashNew = md5($sNewPassword);
120
						}
121
					}
122
				}
123
			}
122 124

  
123
    // if no validation errors, try to update the database, otherwise return errormessages
124
    		if(sizeof($err_msg) == 0)
125
    		{
126
    			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
127
    			$sql .= 'SET `display_name`=\''.$display_name.'\', ';
128
    			if($sPwHashNew) {
129
    				$sql .=     '`password`=\''.$sPwHashNew.'\', ';
130
    			}
131
    			if($email != '') {
132
    				$sql .=     '`email`=\''.$email.'\', ';
133
    			}
134
    			$sql .=     '`language`=\''.$language.'\', ';
135
    			$sql .=     '`timezone`=\''.$timezone.'\', ';
136
    			$sql .=     '`date_format`=\''.$date_format.'\', ';
137
    			$sql .=     '`time_format`=\''.$time_format.'\' ';
138
    			$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
139
    			if( $database->query($sql) )
140
    			{
141
    				// update successfull, takeover values into the session
142
    				$_SESSION['DISPLAY_NAME'] = $display_name;
143
    				$_SESSION['LANGUAGE'] = $language;
144
    				$_SESSION['TIMEZONE'] = $timezone;
145
    				$_SESSION['EMAIL'] = $email;
146
    				// Update date format
147
    				if($date_format != '') {
148
    					$_SESSION['DATE_FORMAT'] = $date_format;
149
    					if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
150
    				} else {
151
    					$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
152
    					if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
153
    				}
154
    				// Update time format
155
    				if($time_format != '') {
156
    					$_SESSION['TIME_FORMAT'] = $time_format;
157
    					if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
158
    				} else {
159
    					$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
160
    					if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
161
    				}
162
    			} else {
163
    				$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
164
    			}
165
    		}
166
    	}
125
	// if no validation errors, try to update the database, otherwise return errormessages
126
			if(sizeof($err_msg) == 0)
127
			{
128
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
129
				$sql .= 'SET `display_name`=\''.$display_name.'\', ';
130
				if($sPwHashNew) {
131
					$sql .=     '`password`=\''.$sPwHashNew.'\', ';
132
				}
133
				if($email != '') {
134
					$sql .=     '`email`=\''.$email.'\', ';
135
				}
136
				$sql .=     '`language`=\''.$language.'\', ';
137
				$sql .=     '`timezone`=\''.$timezone.'\', ';
138
				$sql .=     '`date_format`=\''.$date_format.'\', ';
139
				$sql .=     '`time_format`=\''.$time_format.'\' ';
140
				$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
141
				if( $database->query($sql) )
142
				{
143
					// update successfull, takeover values into the session
144
					$_SESSION['DISPLAY_NAME'] = $display_name;
145
					$_SESSION['LANGUAGE'] = $language;
146
					$_SESSION['EMAIL'] = $email;
147
					$_SESSION['TIMEZONE'] = $timezone;
148
					if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); }
149
					// Update date format
150
					if($date_format != '') {
151
						$_SESSION['DATE_FORMAT'] = $date_format;
152
						if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
153
					} else {
154
						$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
155
						if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
156
					}
157
					// Update time format
158
					if($time_format != '') {
159
						$_SESSION['TIME_FORMAT'] = $time_format;
160
						if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
161
					} else {
162
						$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
163
						if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
164
					}
165
				} else {
166
					$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
167
				}
168
			}
169
		}
167 170

  
168
    }
171
	}
169 172

  
170 173
	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
171 174
}

Also available in: Unified diff