Revision 1872
Added by Dietmar over 11 years ago
- bugfix preferences timezone, date_format, time_format settings, backend and frontend
| save.php | ||
|---|---|---|
| 38 | 38 |
$language = strtoupper($admin->get_post('language'));
|
| 39 | 39 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
|
| 40 | 40 |
// timezone must be between -12 and +13 or -20 as system_default |
| 41 |
$timezone = $admin->get_post('timezone');
|
|
| 42 |
$timezone = (is_numeric($timezone) ? $timezone : -20);
|
|
| 43 |
$timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
|
|
| 41 |
$timezone = ($admin->get_post('timezone'));
|
|
| 42 |
$timezone = ( (is_numeric($timezone) && ($timezone!=0)) ? $timezone : -20);
|
|
| 43 |
$timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
|
|
| 44 | 44 |
// date_format must be a key from /interface/date_formats |
| 45 |
$date_format = $admin->get_post('date_format');
|
|
| 46 |
$date_format_key = str_replace(' ', '|', $date_format);
|
|
| 47 |
$user_time = true; |
|
| 48 |
include( ADMIN_PATH.'/interface/date_formats.php' ); |
|
| 49 |
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); |
|
| 50 |
$date_format = ($date_format == 'system_default' ? '' : $date_format); |
|
| 51 |
unset($DATE_FORMATS); |
|
| 45 |
$date_format = $admin->get_post('date_format');
|
|
| 46 |
$date_format = (($date_format==DEFAULT_DATE_FORMAT) ? '' : $date_format); |
|
| 47 |
$date_format_key = str_replace(' ', '|', $date_format);
|
|
| 48 |
$user_time = true; |
|
| 49 |
include( ADMIN_PATH.'/interface/date_formats.php' ); |
|
| 50 |
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); |
|
| 51 |
$date_format = ($date_format == 'system_default' ? '' : $date_format); |
|
| 52 |
unset($DATE_FORMATS); |
|
| 52 | 53 |
// time_format must be a key from /interface/time_formats |
| 53 |
$time_format = $admin->get_post('time_format');
|
|
| 54 |
$time_format_key = str_replace(' ', '|', $time_format);
|
|
| 55 |
$user_time = true; |
|
| 56 |
include( ADMIN_PATH.'/interface/time_formats.php' ); |
|
| 57 |
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); |
|
| 58 |
$time_format = ($time_format == 'system_default' ? '' : $time_format); |
|
| 59 |
unset($TIME_FORMATS); |
|
| 54 |
$time_format = $admin->get_post('time_format');
|
|
| 55 |
$time_format = (($time_format==DEFAULT_TIME_FORMAT) ? '' : $time_format); |
|
| 56 |
$time_format_key = str_replace(' ', '|', $time_format);
|
|
| 57 |
$user_time = true; |
|
| 58 |
include( ADMIN_PATH.'/interface/time_formats.php' ); |
|
| 59 |
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); |
|
| 60 |
$time_format = ($time_format == 'system_default' ? '' : $time_format); |
|
| 61 |
unset($TIME_FORMATS); |
|
| 60 | 62 |
// email should be validatet by core |
| 61 | 63 |
|
| 62 | 64 |
// $email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
|
| ... | ... | |
| 83 | 85 |
} |
| 84 | 86 |
|
| 85 | 87 |
// receive password vars and calculate needed action |
| 86 |
$sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
|
|
| 87 |
$sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
|
|
| 88 |
$sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
|
|
| 88 |
$sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
|
|
| 89 |
$sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
|
|
| 90 |
$sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
|
|
| 89 | 91 |
|
| 90 |
if($bMailHasChanged == true)
|
|
| 91 |
{
|
|
| 92 |
$bPassRequest = $bMailHasChanged;
|
|
| 93 |
} else {
|
|
| 94 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
|
|
| 95 |
}
|
|
| 96 |
// Check existing password
|
|
| 97 |
$sql = 'SELECT `password` ';
|
|
| 98 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
| 99 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
| 100 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
| 101 |
// access denied
|
|
| 102 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
| 103 |
} else {
|
|
| 104 |
// validate new password
|
|
| 105 |
$sPwHashNew = false;
|
|
| 106 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
|
|
| 107 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
|
| 108 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
| 109 |
} else {
|
|
| 110 |
if($sNewPassword != $sNewPasswordRetyped) {
|
|
| 111 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
| 112 |
} else {
|
|
| 113 |
$pattern = '/[^'.$admin->password_chars.']/';
|
|
| 114 |
if (preg_match($pattern, $sNewPassword)) {
|
|
| 115 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
| 116 |
} else {
|
|
| 117 |
$sPwHashNew = md5($sNewPassword);
|
|
| 118 |
}
|
|
| 119 |
}
|
|
| 120 |
}
|
|
| 121 |
}
|
|
| 92 |
if($bMailHasChanged == true)
|
|
| 93 |
{
|
|
| 94 |
$bPassRequest = $bMailHasChanged;
|
|
| 95 |
} else {
|
|
| 96 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
|
|
| 97 |
}
|
|
| 98 |
// Check existing password
|
|
| 99 |
$sql = 'SELECT `password` ';
|
|
| 100 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
| 101 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
| 102 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
| 103 |
// access denied
|
|
| 104 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
| 105 |
} else {
|
|
| 106 |
// validate new password
|
|
| 107 |
$sPwHashNew = false;
|
|
| 108 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
|
|
| 109 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
|
| 110 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
| 111 |
} else {
|
|
| 112 |
if($sNewPassword != $sNewPasswordRetyped) {
|
|
| 113 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
| 114 |
} else {
|
|
| 115 |
$pattern = '/[^'.$admin->password_chars.']/';
|
|
| 116 |
if (preg_match($pattern, $sNewPassword)) {
|
|
| 117 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
| 118 |
} else {
|
|
| 119 |
$sPwHashNew = md5($sNewPassword);
|
|
| 120 |
}
|
|
| 121 |
}
|
|
| 122 |
}
|
|
| 123 |
}
|
|
| 122 | 124 |
|
| 123 |
// if no validation errors, try to update the database, otherwise return errormessages |
|
| 124 |
if(sizeof($err_msg) == 0) |
|
| 125 |
{
|
|
| 126 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
| 127 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
| 128 |
if($sPwHashNew) {
|
|
| 129 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
|
| 130 |
} |
|
| 131 |
if($email != '') {
|
|
| 132 |
$sql .= '`email`=\''.$email.'\', '; |
|
| 133 |
} |
|
| 134 |
$sql .= '`language`=\''.$language.'\', '; |
|
| 135 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
| 136 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
| 137 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
| 138 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
|
| 139 |
if( $database->query($sql) ) |
|
| 140 |
{
|
|
| 141 |
// update successfull, takeover values into the session |
|
| 142 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
|
| 143 |
$_SESSION['LANGUAGE'] = $language; |
|
| 144 |
$_SESSION['TIMEZONE'] = $timezone; |
|
| 145 |
$_SESSION['EMAIL'] = $email; |
|
| 146 |
// Update date format |
|
| 147 |
if($date_format != '') {
|
|
| 148 |
$_SESSION['DATE_FORMAT'] = $date_format; |
|
| 149 |
if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
|
|
| 150 |
} else {
|
|
| 151 |
$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; |
|
| 152 |
if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
|
|
| 153 |
} |
|
| 154 |
// Update time format |
|
| 155 |
if($time_format != '') {
|
|
| 156 |
$_SESSION['TIME_FORMAT'] = $time_format; |
|
| 157 |
if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
|
|
| 158 |
} else {
|
|
| 159 |
$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; |
|
| 160 |
if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
|
|
| 161 |
} |
|
| 162 |
} else {
|
|
| 163 |
$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; |
|
| 164 |
} |
|
| 165 |
} |
|
| 166 |
} |
|
| 125 |
// if no validation errors, try to update the database, otherwise return errormessages |
|
| 126 |
if(sizeof($err_msg) == 0) |
|
| 127 |
{
|
|
| 128 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
| 129 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
| 130 |
if($sPwHashNew) {
|
|
| 131 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
|
| 132 |
} |
|
| 133 |
if($email != '') {
|
|
| 134 |
$sql .= '`email`=\''.$email.'\', '; |
|
| 135 |
} |
|
| 136 |
$sql .= '`language`=\''.$language.'\', '; |
|
| 137 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
| 138 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
| 139 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
| 140 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
|
| 141 |
if( $database->query($sql) ) |
|
| 142 |
{
|
|
| 143 |
// update successfull, takeover values into the session |
|
| 144 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
|
| 145 |
$_SESSION['LANGUAGE'] = $language; |
|
| 146 |
$_SESSION['EMAIL'] = $email; |
|
| 147 |
$_SESSION['TIMEZONE'] = $timezone; |
|
| 148 |
if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); }
|
|
| 149 |
// Update date format |
|
| 150 |
if($date_format != '') {
|
|
| 151 |
$_SESSION['DATE_FORMAT'] = $date_format; |
|
| 152 |
if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
|
|
| 153 |
} else {
|
|
| 154 |
$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; |
|
| 155 |
if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
|
|
| 156 |
} |
|
| 157 |
// Update time format |
|
| 158 |
if($time_format != '') {
|
|
| 159 |
$_SESSION['TIME_FORMAT'] = $time_format; |
|
| 160 |
if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
|
|
| 161 |
} else {
|
|
| 162 |
$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; |
|
| 163 |
if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
|
|
| 164 |
} |
|
| 165 |
} else {
|
|
| 166 |
$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; |
|
| 167 |
} |
|
| 168 |
} |
|
| 169 |
} |
|
| 167 | 170 |
|
| 168 |
}
|
|
| 171 |
}
|
|
| 169 | 172 |
|
| 170 | 173 |
return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
|
| 171 | 174 |
} |
Also available in: Unified diff