Project

General

Profile

« Previous | Next » 

Revision 2098

Added by darkviper over 10 years ago

! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate

View differences:

save.php
15 15
 *
16 16
 */
17 17

  
18
function save_preferences( &$admin, &$database)
18
function save_preferences( admin $admin)
19 19
{
20
	global $MESSAGE,$TEXT;
20

  
21
    $oDb = WbDatabase::getInstance();
22
    $oTrans = Translate::getInstance();
23
    $oTrans->enableAddon('admin\\preferences');
24
//    $template->set_var($oTrans->getLangArray());
21 25
	$err_msg = array();
22 26
	$iMinPassLength = 6;
23 27
	$bPassRequest = false;
24 28
	$bMailHasChanged = false;
25 29
// first check form-tan
26 30
	if(!$admin->checkFTAN()){
27
	   $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS'];
31
	   $err_msg[] = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;
28 32
    } else {
29 33
// Get entered values and validate all
30 34
	// remove any dangerouse chars from display_name
......
33 37
// check that display_name is unique in whoole system (prevents from User-faking)
34 38
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
35 39
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
36
    	if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'; }
40
    	if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
37 41
// language must be 2 upercase letters only
38 42
    	$language         = strtoupper($admin->get_post('language'));
39 43
    	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
......
66 70
    	if( !$admin->validate_email($email) )
67 71
    	{
68 72
    		$email = '';
69
    		$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
73
    		$err_msg[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;
70 74
    	} else {
71 75
    		if($email != '') {
72 76
    		// check that email is unique in whoole system
73
    			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
74
    			$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
75
                $IsOldMail = $database->get_one($sql);
77
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
78
    			     . 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
79
                $IsOldMail = $oDb->getOne($sql);
76 80
    		// check that email is unique in whoole system
77 81
    			$email = $admin->add_slashes($email);
78
    			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
79
    			$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
80
                $checkMail = $database->get_one($sql);
82
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
83
    			     . 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
84
                $checkMail = $oDb->getOne($sql);
81 85

  
82
    			if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
86
    			if( $checkMail == $email ){ $err_msg[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN; }
83 87
                $bMailHasChanged = ($email != $IsOldMail);
84 88
    		}
85 89
    	}
......
96 100
	        $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
97 101
	    }
98 102
	    // Check existing password
99
		$sql  = 'SELECT `password` ';
100
		$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
101
		$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
102
		if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
103
		$sql = 'SELECT `password` '
104
		     . 'FROM `'.$oDb->TablePrefix.'users` '
105
		     . 'WHERE `user_id` = '.$admin->get_user_id();
106
		if ( $bPassRequest && md5($sCurrentPassword) != $oDb->getOne($sql) ) {
103 107
	// access denied
104
			$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
108
			$err_msg[] = $oTrans->MESSAGE_PREFERENCES_CURRENT_PASSWORD_INCORRECT;
105 109
	} else {
106 110
	// validate new password
107 111
			$sPwHashNew = false;
108 112
			if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
109 113
				if(strlen($sNewPassword) < $iMinPassLength) {
110
					$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
114
					$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;
111 115
				} else {
112 116
					if($sNewPassword != $sNewPasswordRetyped) {
113
						$err_msg[] =  $MESSAGE['USERS_PASSWORD_MISMATCH'];
117
						$err_msg[] =  $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;
114 118
					} else {
115 119
						$pattern = '/[^'.$admin->password_chars.']/';
116 120
						if (preg_match($pattern, $sNewPassword)) {
117
							$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
121
							$err_msg[] = $oTrans->MESSAGE_PREFERENCES_INVALID_CHARS;
118 122
						} else {
119 123
							$sPwHashNew = md5($sNewPassword);
120 124
						}
......
125 129
	// if no validation errors, try to update the database, otherwise return errormessages
126 130
			if(sizeof($err_msg) == 0)
127 131
			{
128
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
129
				$sql .= 'SET `display_name`=\''.$display_name.'\', ';
132
				$sql = 'UPDATE `'.$oDb->TablePrefix.'users` '
133
				     . 'SET `display_name`=\''.$display_name.'\', '
134
				     .     '`language`=\''.$language.'\', '
135
				     .     '`timezone`=\''.$timezone.'\', '
136
				     .     '`date_format`=\''.$date_format.'\', '
137
				     .     '`time_format`=\''.$time_format.'\' ';
130 138
				if($sPwHashNew) {
131 139
					$sql .=     '`password`=\''.$sPwHashNew.'\', ';
132 140
				}
133 141
				if($email != '') {
134 142
					$sql .=     '`email`=\''.$email.'\', ';
135 143
				}
136
				$sql .=     '`language`=\''.$language.'\', ';
137
				$sql .=     '`timezone`=\''.$timezone.'\', ';
138
				$sql .=     '`date_format`=\''.$date_format.'\', ';
139
				$sql .=     '`time_format`=\''.$time_format.'\' ';
140 144
				$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id();
141
				if( $database->query($sql) )
145
				if( $oDb->doQuery($sql) )
142 146
				{
143 147
					// update successfull, takeover values into the session
144 148
					$_SESSION['DISPLAY_NAME'] = $display_name;
......
179 183
	require_once($config_file);
180 184
}
181 185

  
182
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
183

  
184 186
// suppress to print the header, so no new FTAN will be set
185 187
$admin = new admin('Preferences','start', false);
186 188

  
187
$retval = save_preferences($admin, $database);
188
if( $retval == '')
189
{
189
$retval = save_preferences($admin);
190
if ($retval == '') {
190 191
	// print the header
191 192
	$admin->print_header();
192
	$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);
193
	$admin->print_success(Translate::getInstance()->MESSAGE_PREFERENCES_DETAILS_SAVED);
193 194
	$admin->print_footer();
194 195
} else {
195 196
	// print the header

Also available in: Unified diff