Project

General

Profile

« Previous | Next » 

Revision 2098

Added by darkviper almost 11 years ago

! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate

View differences:

save.php
15 15 
 *
16 16 
 */
17 17 

  		




  18
  
  
    
function save_preferences( &$admin, &$database)


  		




  
  18
  
    
function save_preferences( admin $admin)


  		




  19
  19
  
    
{


  		




  20
  
  
    
	global $MESSAGE,$TEXT;


  		




  
  20
  
    

  		




  
  21
  
    
    $oDb = WbDatabase::getInstance();


  		




  
  22
  
    
    $oTrans = Translate::getInstance();


  		




  
  23
  
    
    $oTrans->enableAddon('admin\\preferences');


  		




  
  24
  
    
//    $template->set_var($oTrans->getLangArray());


  		




  21
  25
  
    
	$err_msg = array();


  		




  22
  26
  
    
	$iMinPassLength = 6;


  		




  23
  27
  
    
	$bPassRequest = false;


  		




  24
  28
  
    
	$bMailHasChanged = false;


  		




  25
  29
  
    
// first check form-tan


  		




  26
  30
  
    
	if(!$admin->checkFTAN()){


  		




  27
  
  
    
	   $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS'];


  		




  
  31
  
    
	   $err_msg[] = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;


  		




  28
  32
  
    
    } else {


  		




  29
  33
  
    
// Get entered values and validate all


  		




  30
  34
  
    
	// remove any dangerouse chars from display_name


  		




  ......




  33
  37
  
    
// check that display_name is unique in whoole system (prevents from User-faking)


  		




  34
  38
  
    
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';


  		




  35
  39
  
    
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';


  		




  36
  
  
    
    	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'; }


  		




  
  40
  
    
    	if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }


  		




  37
  41
  
    
// language must be 2 upercase letters only


  		




  38
  42
  
    
    	$language         = strtoupper($admin->get_post('language'));


  		




  39
  43
  
    
    	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);


  		




  ......




  66
  70
  
    
    	if( !$admin->validate_email($email) )


  		




  67
  71
  
    
    	{


  		




  68
  72
  
    
    		$email = '';


  		




  69
  
  
    
    		$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];


  		




  
  73
  
    
    		$err_msg[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;


  		




  70
  74
  
    
    	} else {


  		




  71
  75
  
    
    		if($email != '') {


  		




  72
  76
  
    
    		// check that email is unique in whoole system


  		




  73
  
  
    
    			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';


  		




  74
  
  
    
    			$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';


  		




  75
  
  
    
                $IsOldMail = $database->get_one($sql);


  		




  
  77
  
    
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '


  		




  
  78
  
    
    			     . 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';


  		




  
  79
  
    
                $IsOldMail = $oDb->getOne($sql);


  		




  76
  80
  
    
    		// check that email is unique in whoole system


  		




  77
  81
  
    
    			$email = $admin->add_slashes($email);


  		




  78
  
  
    
    			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';


  		




  79
  
  
    
    			$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';


  		




  80
  
  
    
                $checkMail = $database->get_one($sql);


  		




  
  82
  
    
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '


  		




  
  83
  
    
    			     . 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';


  		




  
  84
  
    
                $checkMail = $oDb->getOne($sql);


  		




  81
  85
  
    

  		




  82
  
  
    
    			if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }


  		




  
  86
  
    
    			if( $checkMail == $email ){ $err_msg[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN; }


  		




  83
  87
  
    
                $bMailHasChanged = ($email != $IsOldMail);


  		




  84
  88
  
    
    		}


  		




  85
  89
  
    
    	}


  		




  ......




  96
  100
  
    
	        $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;


  		




  97
  101
  
    
	    }


  		




  98
  102
  
    
	    // Check existing password


  		




  99
  
  
    
		$sql  = 'SELECT `password` ';


  		




  100
  
  
    
		$sql .= 'FROM `'.TABLE_PREFIX.'users` ';


  		




  101
  
  
    
		$sql .= 'WHERE `user_id` = '.$admin->get_user_id();


  		




  102
  
  
    
		if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {


  		




  
  103
  
    
		$sql = 'SELECT `password` '


  		




  
  104
  
    
		     . 'FROM `'.$oDb->TablePrefix.'users` '


  		




  
  105
  
    
		     . 'WHERE `user_id` = '.$admin->get_user_id();


  		




  
  106
  
    
		if ( $bPassRequest && md5($sCurrentPassword) != $oDb->getOne($sql) ) {


  		




  103
  107
  
    
	// access denied


  		




  104
  
  
    
			$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];


  		




  
  108
  
    
			$err_msg[] = $oTrans->MESSAGE_PREFERENCES_CURRENT_PASSWORD_INCORRECT;


  		




  105
  109
  
    
	} else {


  		




  106
  110
  
    
	// validate new password


  		




  107
  111
  
    
			$sPwHashNew = false;


  		




  108
  112
  
    
			if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {


  		




  109
  113
  
    
				if(strlen($sNewPassword) < $iMinPassLength) {


  		




  110
  
  
    
					$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];


  		




  
  114
  
    
					$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;


  		




  111
  115
  
    
				} else {


  		




  112
  116
  
    
					if($sNewPassword != $sNewPasswordRetyped) {


  		




  113
  
  
    
						$err_msg[] =  $MESSAGE['USERS_PASSWORD_MISMATCH'];


  		




  
  117
  
    
						$err_msg[] =  $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;


  		




  114
  118
  
    
					} else {


  		




  115
  119
  
    
						$pattern = '/[^'.$admin->password_chars.']/';


  		




  116
  120
  
    
						if (preg_match($pattern, $sNewPassword)) {


  		




  117
  
  
    
							$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];


  		




  
  121
  
    
							$err_msg[] = $oTrans->MESSAGE_PREFERENCES_INVALID_CHARS;


  		




  118
  122
  
    
						} else {


  		




  119
  123
  
    
							$sPwHashNew = md5($sNewPassword);


  		




  120
  124
  
    
						}


  		




  ......




  125
  129
  
    
	// if no validation errors, try to update the database, otherwise return errormessages


  		




  126
  130
  
    
			if(sizeof($err_msg) == 0)


  		




  127
  131
  
    
			{


  		




  128
  
  
    
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';


  		




  129
  
  
    
				$sql .= 'SET `display_name`=\''.$display_name.'\', ';


  		




  
  132
  
    
				$sql = 'UPDATE `'.$oDb->TablePrefix.'users` '


  		




  
  133
  
    
				     . 'SET `display_name`=\''.$display_name.'\', '


  		




  
  134
  
    
				     .     '`language`=\''.$language.'\', '


  		




  
  135
  
    
				     .     '`timezone`=\''.$timezone.'\', '


  		




  
  136
  
    
				     .     '`date_format`=\''.$date_format.'\', '


  		




  
  137
  
    
				     .     '`time_format`=\''.$time_format.'\' ';


  		




  130
  138
  
    
				if($sPwHashNew) {


  		




  131
  139
  
    
					$sql .=     '`password`=\''.$sPwHashNew.'\', ';


  		




  132
  140
  
    
				}


  		




  133
  141
  
    
				if($email != '') {


  		




  134
  142
  
    
					$sql .=     '`email`=\''.$email.'\', ';


  		




  135
  143
  
    
				}


  		




  136
  
  
    
				$sql .=     '`language`=\''.$language.'\', ';


  		




  137
  
  
    
				$sql .=     '`timezone`=\''.$timezone.'\', ';


  		




  138
  
  
    
				$sql .=     '`date_format`=\''.$date_format.'\', ';


  		




  139
  
  
    
				$sql .=     '`time_format`=\''.$time_format.'\' ';


  		




  140
  144
  
    
				$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();


  		




  141
  
  
    
				if( $database->query($sql) )


  		




  
  145
  
    
				if( $oDb->doQuery($sql) )


  		




  142
  146
  
    
				{


  		




  143
  147
  
    
					// update successfull, takeover values into the session


  		




  144
  148
  
    
					$_SESSION['DISPLAY_NAME'] = $display_name;


  		




  ......




  179
  183
  
    
	require_once($config_file);


  		




  180
  184
  
    
}


  		




  181
  185
  
    

  		




  182
  
  
    
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }


  		




  183
  
  
    

  		




  184
  186
  
    
// suppress to print the header, so no new FTAN will be set


  		




  185
  187
  
    
$admin = new admin('Preferences','start', false);


  		




  186
  188
  
    

  		




  187
  
  
    
$retval = save_preferences($admin, $database);


  		




  188
  
  
    
if( $retval == '')


  		




  189
  
  
    
{


  		




  
  189
  
    
$retval = save_preferences($admin);


  		




  
  190
  
    
if ($retval == '') {


  		




  190
  191
  
    
	// print the header


  		




  191
  192
  
    
	$admin->print_header();


  		




  192
  
  
    
	$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);


  		




  
  193
  
    
	$admin->print_success(Translate::getInstance()->MESSAGE_PREFERENCES_DETAILS_SAVED);


  		




  193
  194
  
    
	$admin->print_footer();


  		




  194
  195
  
    
} else {


  		




  195
  196
  
    
	// print the header


  		












Also available in:  Unified diff