Revision 2098
Added by darkviper over 10 years ago
| save.php | ||
|---|---|---|
| 15 | 15 |
* |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
function save_preferences( &$admin, &$database)
|
|
| 18 |
function save_preferences( admin $admin)
|
|
| 19 | 19 |
{
|
| 20 |
global $MESSAGE,$TEXT; |
|
| 20 |
|
|
| 21 |
$oDb = WbDatabase::getInstance(); |
|
| 22 |
$oTrans = Translate::getInstance(); |
|
| 23 |
$oTrans->enableAddon('admin\\preferences');
|
|
| 24 |
// $template->set_var($oTrans->getLangArray()); |
|
| 21 | 25 |
$err_msg = array(); |
| 22 | 26 |
$iMinPassLength = 6; |
| 23 | 27 |
$bPassRequest = false; |
| 24 | 28 |
$bMailHasChanged = false; |
| 25 | 29 |
// first check form-tan |
| 26 | 30 |
if(!$admin->checkFTAN()){
|
| 27 |
$err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS'];
|
|
| 31 |
$err_msg[] = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;
|
|
| 28 | 32 |
} else {
|
| 29 | 33 |
// Get entered values and validate all |
| 30 | 34 |
// remove any dangerouse chars from display_name |
| ... | ... | |
| 33 | 37 |
// check that display_name is unique in whoole system (prevents from User-faking) |
| 34 | 38 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; |
| 35 | 39 |
$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; |
| 36 |
if( $database->get_one($sql) > 0 ){ $err_msg[] = $MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'; }
|
|
| 40 |
if( $oDb->get_one($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
|
|
| 37 | 41 |
// language must be 2 upercase letters only |
| 38 | 42 |
$language = strtoupper($admin->get_post('language'));
|
| 39 | 43 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
|
| ... | ... | |
| 66 | 70 |
if( !$admin->validate_email($email) ) |
| 67 | 71 |
{
|
| 68 | 72 |
$email = ''; |
| 69 |
$err_msg[] = $MESSAGE['USERS_INVALID_EMAIL'];
|
|
| 73 |
$err_msg[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;
|
|
| 70 | 74 |
} else {
|
| 71 | 75 |
if($email != '') {
|
| 72 | 76 |
// check that email is unique in whoole system |
| 73 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
| 74 |
$sql .= 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
|
|
| 75 |
$IsOldMail = $database->get_one($sql);
|
|
| 77 |
$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
|
|
| 78 |
. 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
|
|
| 79 |
$IsOldMail = $oDb->getOne($sql);
|
|
| 76 | 80 |
// check that email is unique in whoole system |
| 77 | 81 |
$email = $admin->add_slashes($email); |
| 78 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
| 79 |
$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE "'.$email.'"';
|
|
| 80 |
$checkMail = $database->get_one($sql);
|
|
| 82 |
$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
|
|
| 83 |
. 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
|
|
| 84 |
$checkMail = $oDb->getOne($sql);
|
|
| 81 | 85 |
|
| 82 |
if( $checkMail == $email ){ $err_msg[] = $MESSAGE['USERS_EMAIL_TAKEN']; }
|
|
| 86 |
if( $checkMail == $email ){ $err_msg[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN; }
|
|
| 83 | 87 |
$bMailHasChanged = ($email != $IsOldMail); |
| 84 | 88 |
} |
| 85 | 89 |
} |
| ... | ... | |
| 96 | 100 |
$bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false; |
| 97 | 101 |
} |
| 98 | 102 |
// Check existing password |
| 99 |
$sql = 'SELECT `password` ';
|
|
| 100 |
$sql .= 'FROM `'.TABLE_PREFIX.'users` ';
|
|
| 101 |
$sql .= 'WHERE `user_id` = '.$admin->get_user_id();
|
|
| 102 |
if ( $bPassRequest && md5($sCurrentPassword) != $database->get_one($sql) ) {
|
|
| 103 |
$sql = 'SELECT `password` '
|
|
| 104 |
. 'FROM `'.$oDb->TablePrefix.'users` '
|
|
| 105 |
. 'WHERE `user_id` = '.$admin->get_user_id();
|
|
| 106 |
if ( $bPassRequest && md5($sCurrentPassword) != $oDb->getOne($sql) ) {
|
|
| 103 | 107 |
// access denied |
| 104 |
$err_msg[] = $MESSAGE['PREFERENCES_CURRENT_PASSWORD_INCORRECT'];
|
|
| 108 |
$err_msg[] = $oTrans->MESSAGE_PREFERENCES_CURRENT_PASSWORD_INCORRECT;
|
|
| 105 | 109 |
} else {
|
| 106 | 110 |
// validate new password |
| 107 | 111 |
$sPwHashNew = false; |
| 108 | 112 |
if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
|
| 109 | 113 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
| 110 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
|
|
| 114 |
$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;
|
|
| 111 | 115 |
} else {
|
| 112 | 116 |
if($sNewPassword != $sNewPasswordRetyped) {
|
| 113 |
$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
|
|
| 117 |
$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;
|
|
| 114 | 118 |
} else {
|
| 115 | 119 |
$pattern = '/[^'.$admin->password_chars.']/'; |
| 116 | 120 |
if (preg_match($pattern, $sNewPassword)) {
|
| 117 |
$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
|
|
| 121 |
$err_msg[] = $oTrans->MESSAGE_PREFERENCES_INVALID_CHARS;
|
|
| 118 | 122 |
} else {
|
| 119 | 123 |
$sPwHashNew = md5($sNewPassword); |
| 120 | 124 |
} |
| ... | ... | |
| 125 | 129 |
// if no validation errors, try to update the database, otherwise return errormessages |
| 126 | 130 |
if(sizeof($err_msg) == 0) |
| 127 | 131 |
{
|
| 128 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
|
| 129 |
$sql .= 'SET `display_name`=\''.$display_name.'\', '; |
|
| 132 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'users` ' |
|
| 133 |
. 'SET `display_name`=\''.$display_name.'\', ' |
|
| 134 |
. '`language`=\''.$language.'\', ' |
|
| 135 |
. '`timezone`=\''.$timezone.'\', ' |
|
| 136 |
. '`date_format`=\''.$date_format.'\', ' |
|
| 137 |
. '`time_format`=\''.$time_format.'\' '; |
|
| 130 | 138 |
if($sPwHashNew) {
|
| 131 | 139 |
$sql .= '`password`=\''.$sPwHashNew.'\', '; |
| 132 | 140 |
} |
| 133 | 141 |
if($email != '') {
|
| 134 | 142 |
$sql .= '`email`=\''.$email.'\', '; |
| 135 | 143 |
} |
| 136 |
$sql .= '`language`=\''.$language.'\', '; |
|
| 137 |
$sql .= '`timezone`=\''.$timezone.'\', '; |
|
| 138 |
$sql .= '`date_format`=\''.$date_format.'\', '; |
|
| 139 |
$sql .= '`time_format`=\''.$time_format.'\' '; |
|
| 140 | 144 |
$sql .= 'WHERE `user_id`='.(int)$admin->get_user_id(); |
| 141 |
if( $database->query($sql) )
|
|
| 145 |
if( $oDb->doQuery($sql) )
|
|
| 142 | 146 |
{
|
| 143 | 147 |
// update successfull, takeover values into the session |
| 144 | 148 |
$_SESSION['DISPLAY_NAME'] = $display_name; |
| ... | ... | |
| 179 | 183 |
require_once($config_file); |
| 180 | 184 |
} |
| 181 | 185 |
|
| 182 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
|
| 183 |
|
|
| 184 | 186 |
// suppress to print the header, so no new FTAN will be set |
| 185 | 187 |
$admin = new admin('Preferences','start', false);
|
| 186 | 188 |
|
| 187 |
$retval = save_preferences($admin, $database); |
|
| 188 |
if( $retval == '') |
|
| 189 |
{
|
|
| 189 |
$retval = save_preferences($admin); |
|
| 190 |
if ($retval == '') {
|
|
| 190 | 191 |
// print the header |
| 191 | 192 |
$admin->print_header(); |
| 192 |
$admin->print_success($MESSAGE['PREFERENCES_DETAILS_SAVED']);
|
|
| 193 |
$admin->print_success(Translate::getInstance()->MESSAGE_PREFERENCES_DETAILS_SAVED);
|
|
| 193 | 194 |
$admin->print_footer(); |
| 194 | 195 |
} else {
|
| 195 | 196 |
// print the header |
Also available in: Unified diff
! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate