Revision 1872
Added by Dietmar over 11 years ago
- bugfix preferences timezone, date_format, time_format settings, backend and frontend
save.php | ||
---|---|---|
38 | 38 |
$language = strtoupper($admin->get_post('language')); |
39 | 39 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); |
40 | 40 |
// timezone must be between -12 and +13 or -20 as system_default |
41 |
$timezone = $admin->get_post('timezone');
|
|
42 |
$timezone = (is_numeric($timezone) ? $timezone : -20);
|
|
43 |
$timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
|
|
41 |
$timezone = ($admin->get_post('timezone'));
|
|
42 |
$timezone = ( (is_numeric($timezone) && ($timezone!=0)) ? $timezone : -20);
|
|
43 |
$timezone = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
|
|
44 | 44 |
// date_format must be a key from /interface/date_formats |
45 |
$date_format = $admin->get_post('date_format'); |
|
46 |
$date_format_key = str_replace(' ', '|', $date_format); |
|
47 |
$user_time = true; |
|
48 |
include( ADMIN_PATH.'/interface/date_formats.php' ); |
|
49 |
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); |
|
50 |
$date_format = ($date_format == 'system_default' ? '' : $date_format); |
|
51 |
unset($DATE_FORMATS); |
|
45 |
$date_format = $admin->get_post('date_format'); |
|
46 |
$date_format = (($date_format==DEFAULT_DATE_FORMAT) ? '' : $date_format); |
|
47 |
$date_format_key = str_replace(' ', '|', $date_format); |
|
48 |
$user_time = true; |
|
49 |
include( ADMIN_PATH.'/interface/date_formats.php' ); |
|
50 |
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default'); |
|
51 |
$date_format = ($date_format == 'system_default' ? '' : $date_format); |
|
52 |
unset($DATE_FORMATS); |
|
52 | 53 |
// time_format must be a key from /interface/time_formats |
53 |
$time_format = $admin->get_post('time_format'); |
|
54 |
$time_format_key = str_replace(' ', '|', $time_format); |
|
55 |
$user_time = true; |
|
56 |
include( ADMIN_PATH.'/interface/time_formats.php' ); |
|
57 |
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); |
|
58 |
$time_format = ($time_format == 'system_default' ? '' : $time_format); |
|
59 |
unset($TIME_FORMATS); |
|
54 |
$time_format = $admin->get_post('time_format'); |
|
55 |
$time_format = (($time_format==DEFAULT_TIME_FORMAT) ? '' : $time_format); |
|
56 |
$time_format_key = str_replace(' ', '|', $time_format); |
|
57 |
$user_time = true; |
|
58 |
include( ADMIN_PATH.'/interface/time_formats.php' ); |
|
59 |
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default'); |
|
60 |
$time_format = ($time_format == 'system_default' ? '' : $time_format); |
|
61 |
unset($TIME_FORMATS); |
|
60 | 62 |
// email should be validatet by core |
61 | 63 |
|
62 | 64 |
// $email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') ); |
... | ... | |
83 | 85 |
} |
84 | 86 |
|
85 | 87 |
// receive password vars and calculate needed action |
86 |
$sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
|
|
87 |
$sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
|
|
88 |
$sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
|
|
88 |
$sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
|
|
89 |
$sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
|
|
90 |
$sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
|
|
89 | 91 |
|
90 |
if($bMailHasChanged == true)
|
|
91 |
{
|
|
92 |
$bPassRequest = $bMailHasChanged;
|
|
93 |
} else {
|
|
94 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
|
|
95 |
}
|
|
96 |
// Check existing password
|
|
97 |
$sql = 'SELECT `password` ';
|
|
98 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
99 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
100 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
101 |
// access denied
|
|
102 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
103 |
} else {
|
|
104 |
// validate new password
|
|
105 |
$sPwHashNew = false;
|
|
106 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
|
|
107 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
|
108 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
109 |
} else {
|
|
110 |
if($sNewPassword != $sNewPasswordRetyped) {
|
|
111 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
112 |
} else {
|
|
113 |
$pattern = '/[^'.$admin->password_chars.']/';
|
|
114 |
if (preg_match($pattern, $sNewPassword)) {
|
|
115 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
116 |
} else {
|
|
117 |
$sPwHashNew = md5($sNewPassword);
|
|
118 |
}
|
|
119 |
}
|
|
120 |
}
|
|
121 |
}
|
|
92 |
if($bMailHasChanged == true)
|
|
93 |
{
|
|
94 |
$bPassRequest = $bMailHasChanged;
|
|
95 |
} else {
|
|
96 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
|
|
97 |
}
|
|
98 |
// Check existing password
|
|
99 |
$sql = 'SELECT `password` ';
|
|
100 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
101 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
102 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
103 |
// access denied
|
|
104 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
105 |
} else { |
|
106 |
// validate new password
|
|
107 |
$sPwHashNew = false;
|
|
108 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
|
|
109 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
|
110 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
111 |
} else {
|
|
112 |
if($sNewPassword != $sNewPasswordRetyped) {
|
|
113 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
114 |
} else {
|
|
115 |
$pattern = '/[^'.$admin->password_chars.']/';
|
|
116 |
if (preg_match($pattern, $sNewPassword)) {
|
|
117 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
118 |
} else {
|
|
119 |
$sPwHashNew = md5($sNewPassword);
|
|
120 |
}
|
|
121 |
}
|
|
122 |
}
|
|
123 |
}
|
|
122 | 124 |
|
123 |
// if no validation errors, try to update the database, otherwise return errormessages |
|
124 |
if(sizeof($err_msg) == 0) |
|
125 |
{ |
|
126 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
127 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
128 |
if($sPwHashNew) { |
|
129 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
|
130 |
} |
|
131 |
if($email != '') { |
|
132 |
$sql .= '`email`=\''.$email.'\', '; |
|
133 |
} |
|
134 |
$sql .= '`language`=\''.$language.'\', '; |
|
135 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
136 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
137 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
138 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
|
139 |
if( $database->query($sql) ) |
|
140 |
{ |
|
141 |
// update successfull, takeover values into the session |
|
142 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
|
143 |
$_SESSION['LANGUAGE'] = $language; |
|
144 |
$_SESSION['TIMEZONE'] = $timezone; |
|
145 |
$_SESSION['EMAIL'] = $email; |
|
146 |
// Update date format |
|
147 |
if($date_format != '') { |
|
148 |
$_SESSION['DATE_FORMAT'] = $date_format; |
|
149 |
if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } |
|
150 |
} else { |
|
151 |
$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; |
|
152 |
if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } |
|
153 |
} |
|
154 |
// Update time format |
|
155 |
if($time_format != '') { |
|
156 |
$_SESSION['TIME_FORMAT'] = $time_format; |
|
157 |
if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } |
|
158 |
} else { |
|
159 |
$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; |
|
160 |
if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } |
|
161 |
} |
|
162 |
} else { |
|
163 |
$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; |
|
164 |
} |
|
165 |
} |
|
166 |
} |
|
125 |
// if no validation errors, try to update the database, otherwise return errormessages |
|
126 |
if(sizeof($err_msg) == 0) |
|
127 |
{ |
|
128 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
129 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
130 |
if($sPwHashNew) { |
|
131 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
|
132 |
} |
|
133 |
if($email != '') { |
|
134 |
$sql .= '`email`=\''.$email.'\', '; |
|
135 |
} |
|
136 |
$sql .= '`language`=\''.$language.'\', '; |
|
137 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
138 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
139 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
140 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
|
141 |
if( $database->query($sql) ) |
|
142 |
{ |
|
143 |
// update successfull, takeover values into the session |
|
144 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
|
145 |
$_SESSION['LANGUAGE'] = $language; |
|
146 |
$_SESSION['EMAIL'] = $email; |
|
147 |
$_SESSION['TIMEZONE'] = $timezone; |
|
148 |
if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); } |
|
149 |
// Update date format |
|
150 |
if($date_format != '') { |
|
151 |
$_SESSION['DATE_FORMAT'] = $date_format; |
|
152 |
if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); } |
|
153 |
} else { |
|
154 |
$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true; |
|
155 |
if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); } |
|
156 |
} |
|
157 |
// Update time format |
|
158 |
if($time_format != '') { |
|
159 |
$_SESSION['TIME_FORMAT'] = $time_format; |
|
160 |
if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); } |
|
161 |
} else { |
|
162 |
$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true; |
|
163 |
if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); } |
|
164 |
} |
|
165 |
} else { |
|
166 |
$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__; |
|
167 |
} |
|
168 |
} |
|
169 |
} |
|
167 | 170 |
|
168 |
}
|
|
171 |
}
|
|
169 | 172 |
|
170 | 173 |
return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' ); |
171 | 174 |
} |
Also available in: Unified diff