Revision 2098
Added by darkviper over 10 years ago
save.php | ||
---|---|---|
15 | 15 |
* |
16 | 16 |
*/ |
17 | 17 |
|
18 |
function save_preferences( &$admin, &$database)
|
|
18 |
function save_preferences( admin $admin)
|
|
19 | 19 |
{ |
20 |
global $MESSAGE,$TEXT; |
|
20 |
|
|
21 |
$oDb = WbDatabase::getInstance(); |
|
22 |
$oTrans = Translate::getInstance(); |
|
23 |
$oTrans->enableAddon('admin\\preferences'); |
|
24 |
// $template->set_var($oTrans->getLangArray()); |
|
21 | 25 |
$err_msg = array(); |
22 | 26 |
$iMinPassLength = 6; |
23 | 27 |
$bPassRequest = false; |
24 | 28 |
$bMailHasChanged = false; |
25 | 29 |
// first check form-tan |
26 | 30 |
if(!$admin->checkFTAN()){ |
27 |
$err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS'];
|
|
31 |
$err_msg[] = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;
|
|
28 | 32 |
} else { |
29 | 33 |
// Get entered values and validate all |
30 | 34 |
// remove any dangerouse chars from display_name |
... | ... | |
33 | 37 |
// check that display_name is unique in whoole system (prevents from User-faking) |
34 | 38 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; |
35 | 39 |
$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; |
36 |
if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'; }
|
|
40 |
if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
|
|
37 | 41 |
// language must be 2 upercase letters only |
38 | 42 |
$language = strtoupper($admin->get_post('language')); |
39 | 43 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); |
... | ... | |
66 | 70 |
if( !$admin->validate_email($email) ) |
67 | 71 |
{ |
68 | 72 |
$email = ''; |
69 |
$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
|
|
73 |
$err_msg[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;
|
|
70 | 74 |
} else { |
71 | 75 |
if($email != '') { |
72 | 76 |
// check that email is unique in whoole system |
73 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
74 |
$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
|
|
75 |
$IsOldMail = $database->get_one($sql);
|
|
77 |
$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
|
|
78 |
. 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
|
|
79 |
$IsOldMail = $oDb->getOne($sql);
|
|
76 | 80 |
// check that email is unique in whoole system |
77 | 81 |
$email = $admin->add_slashes($email); |
78 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
79 |
$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
|
|
80 |
$checkMail = $database->get_one($sql);
|
|
82 |
$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
|
|
83 |
. 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
|
|
84 |
$checkMail = $oDb->getOne($sql);
|
|
81 | 85 |
|
82 |
if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
|
|
86 |
if( $checkMail == $email ){ $err_msg[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN; }
|
|
83 | 87 |
$bMailHasChanged = ($email != $IsOldMail); |
84 | 88 |
} |
85 | 89 |
} |
... | ... | |
96 | 100 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false; |
97 | 101 |
} |
98 | 102 |
// Check existing password |
99 |
$sql = 'SELECT `password` ';
|
|
100 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
101 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
102 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
103 |
$sql = 'SELECT `password` '
|
|
104 |
. 'FROM `'.$oDb->TablePrefix.'users` '
|
|
105 |
. 'WHERE `user_id` = '.$admin->get_user_id();
|
|
106 |
if ( $bPassRequest && md5($sCurrentPassword) != $oDb->getOne($sql) ) {
|
|
103 | 107 |
// access denied |
104 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
108 |
$err_msg[] = $oTrans->MESSAGE_PREFERENCES_CURRENT_PASSWORD_INCORRECT;
|
|
105 | 109 |
} else { |
106 | 110 |
// validate new password |
107 | 111 |
$sPwHashNew = false; |
108 | 112 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) { |
109 | 113 |
if(strlen($sNewPassword) < $iMinPassLength) { |
110 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
114 |
$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;
|
|
111 | 115 |
} else { |
112 | 116 |
if($sNewPassword != $sNewPasswordRetyped) { |
113 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
117 |
$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;
|
|
114 | 118 |
} else { |
115 | 119 |
$pattern = '/[^'.$admin->password_chars.']/'; |
116 | 120 |
if (preg_match($pattern, $sNewPassword)) { |
117 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
121 |
$err_msg[] = $oTrans->MESSAGE_PREFERENCES_INVALID_CHARS;
|
|
118 | 122 |
} else { |
119 | 123 |
$sPwHashNew = md5($sNewPassword); |
120 | 124 |
} |
... | ... | |
125 | 129 |
// if no validation errors, try to update the database, otherwise return errormessages |
126 | 130 |
if(sizeof($err_msg) == 0) |
127 | 131 |
{ |
128 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
129 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
132 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'users` ' |
|
133 |
. 'SET `display_name`=\''.$display_name.'\', ' |
|
134 |
. '`language`=\''.$language.'\', ' |
|
135 |
. '`timezone`=\''.$timezone.'\', ' |
|
136 |
. '`date_format`=\''.$date_format.'\', ' |
|
137 |
. '`time_format`=\''.$time_format.'\' '; |
|
130 | 138 |
if($sPwHashNew) { |
131 | 139 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
132 | 140 |
} |
133 | 141 |
if($email != '') { |
134 | 142 |
$sql .= '`email`=\''.$email.'\', '; |
135 | 143 |
} |
136 |
$sql .= '`language`=\''.$language.'\', '; |
|
137 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
138 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
139 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
140 | 144 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
141 |
if( $database->query($sql) )
|
|
145 |
if( $oDb->doQuery($sql) )
|
|
142 | 146 |
{ |
143 | 147 |
// update successfull, takeover values into the session |
144 | 148 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
... | ... | |
179 | 183 |
require_once($config_file); |
180 | 184 |
} |
181 | 185 |
|
182 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
183 |
|
|
184 | 186 |
// suppress to print the header, so no new FTAN will be set |
185 | 187 |
$admin = new admin('Preferences','start', false); |
186 | 188 |
|
187 |
$retval = save_preferences($admin, $database); |
|
188 |
if( $retval == '') |
|
189 |
{ |
|
189 |
$retval = save_preferences($admin); |
|
190 |
if ($retval == '') { |
|
190 | 191 |
// print the header |
191 | 192 |
$admin->print_header(); |
192 |
$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);
|
|
193 |
$admin->print_success(Translate::getInstance()->MESSAGE_PREFERENCES_DETAILS_SAVED);
|
|
193 | 194 |
$admin->print_footer(); |
194 | 195 |
} else { |
195 | 196 |
// print the header |
Also available in: Unified diff
! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate