Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         preferences
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, Website Baker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save.php 2118 2014-12-28 21:05:49Z darkviper $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/preferences/save.php $
14
 * @lastmodified    $Date: 2014-12-28 22:05:49 +0100 (Sun, 28 Dec 2014) $
15
 *
16
 */
17

    
18
function save_preferences( admin $admin)
19
{
20

    
21
    $oDb = WbDatabase::getInstance();
22
    $oTrans = Translate::getInstance();
23
    $oTrans->enableAddon('admin\\preferences');
24
//    $template->set_var($oTrans->getLangArray());
25
	$err_msg = array();
26
	$iMinPassLength = 6;
27
	$bPassRequest = false;
28
	$bMailHasChanged = false;
29
// first check form-tan
30
	if(!$admin->checkFTAN()){
31
	   $err_msg[] = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;
32
    } else {
33
// Get entered values and validate all
34
	// remove any dangerouse chars from display_name
35
        $display_name = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('display_name'),true)));
36
    	$display_name = ( $display_name == '' ? $admin->get_display_name() : $display_name );
37
// check that display_name is unique in whoole system (prevents from User-faking)
38
    	$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
39
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"';
40
    	if( $oDb->getOne($sql) > 0 ){ $err_msg[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')'; }
41
// language must be 2 upercase letters only
42
    	$language         = strtoupper($admin->get_post('language'));
43
    	$language         = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
44
// timezone must be between -12 and +13  or -20 as system_default
45
		$timezone         = ($admin->get_post('timezone'));
46
		$timezone         = ( (is_numeric($timezone) && ($timezone!=0)) ? $timezone : -20);
47
		$timezone         = ( ($timezone >= -12 && $timezone <= 13) ? $timezone : -20 ) * 3600;
48
// date_format must be a key from /interface/date_formats
49
		$date_format      = $admin->get_post('date_format');
50
		$date_format = (($date_format==DEFAULT_DATE_FORMAT) ? '' : $date_format);
51
		$date_format_key  = str_replace(' ', '|', $date_format);
52
		$user_time = true;
53
		include( ADMIN_PATH.'/interface/date_formats.php' );
54
		$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');
55
		$date_format = ($date_format == 'system_default' ? '' : $date_format);
56
		unset($DATE_FORMATS);
57
// time_format must be a key from /interface/time_formats
58
		$time_format = $admin->get_post('time_format');
59
		$time_format = (($time_format==DEFAULT_TIME_FORMAT) ? '' : $time_format);
60
		$time_format_key  = str_replace(' ', '|', $time_format);
61
		$user_time = true;
62
		include( ADMIN_PATH.'/interface/time_formats.php' );
63
		$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');
64
		$time_format = ($time_format == 'system_default' ? '' : $time_format);
65
		unset($TIME_FORMATS);
66
// email should be validatet by core
67

    
68
//    	$email = trim( $admin->get_post('email') == null ? '' : $admin->get_post('email') );
69
        $email = $admin->add_slashes(strip_tags($admin->StripCodeFromText($admin->get_post('email'),true)));
70
    	if( !$admin->validate_email($email) )
71
    	{
72
    		$email = '';
73
    		$err_msg[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;
74
    	} else {
75
    		if($email != '') {
76
    		// check that email is unique in whoole system
77
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
78
    			     . 'WHERE `user_id` = '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
79
                $IsOldMail = $oDb->getOne($sql);
80
    		// check that email is unique in whoole system
81
    			$email = $admin->add_slashes($email);
82
    			$sql = 'SELECT `email` FROM `'.$oDb->TablePrefix.'users` '
83
    			     . 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `email` LIKE \''.$email.'\'';
84
                $checkMail = $oDb->getOne($sql);
85

    
86
    			if( $checkMail == $email ){ $err_msg[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN; }
87
                $bMailHasChanged = ($email != $IsOldMail);
88
    		}
89
    	}
90

    
91
// receive password vars and calculate needed action
92
	    $sCurrentPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('current_password'),true));
93
	    $sNewPassword = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_1'),true));
94
	    $sNewPasswordRetyped = $admin->add_slashes($admin->StripCodeFromText($admin->get_post('new_password_2'),true));
95

    
96
	    if($bMailHasChanged == true)
97
	    {
98
	        $bPassRequest = $bMailHasChanged;
99
	    } else {
100
	        $bPassRequest = ( ( $sCurrentPassword != '') || ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) ? true : false;
101
	    }
102
	    // Check existing password
103
		$sql = 'SELECT `password` '
104
		     . 'FROM `'.$oDb->TablePrefix.'users` '
105
		     . 'WHERE `user_id` = '.$admin->get_user_id();
106
		if ( $bPassRequest && md5($sCurrentPassword) != $oDb->getOne($sql) ) {
107
	// access denied
108
			$err_msg[] = $oTrans->MESSAGE_PREFERENCES_CURRENT_PASSWORD_INCORRECT;
109
	} else {
110
	// validate new password
111
			$sPwHashNew = false;
112
			if( ($sNewPassword != '') || ($sNewPasswordRetyped != '') ) {
113
				if(strlen($sNewPassword) < $iMinPassLength) {
114
					$err_msg[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;
115
				} else {
116
					if($sNewPassword != $sNewPasswordRetyped) {
117
						$err_msg[] =  $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;
118
					} else {
119
						$pattern = '/[^'.$admin->password_chars.']/';
120
						if (preg_match($pattern, $sNewPassword)) {
121
							$err_msg[] = $oTrans->MESSAGE_PREFERENCES_INVALID_CHARS;
122
						} else {
123
							$sPwHashNew = md5($sNewPassword);
124
						}
125
					}
126
				}
127
			}
128

    
129
	// if no validation errors, try to update the database, otherwise return errormessages
130
			if(sizeof($err_msg) == 0)
131
			{
132
				$sql = 'UPDATE `'.$oDb->TablePrefix.'users` '
133
				     . 'SET `display_name`=\''.$display_name.'\', '
134
				     .     '`language`=\''.$language.'\', '
135
				     .     '`timezone`=\''.$timezone.'\', '
136
				     .     '`date_format`=\''.$date_format.'\', '
137
				     .     '`time_format`=\''.$time_format.'\'';
138
				if ($sPwHashNew) {
139
					$sql .=     ', `password`=\''.$sPwHashNew.'\'';
140
				}
141
				if ($email != '') {
142
					$sql .=     ', `email`=\''.$email.'\'';
143
				}
144
				$sql .= ' WHERE `user_id`='.(int)$admin->get_user_id();
145
				if ($oDb->doQuery($sql)) {
146
					// update successfull, takeover values into the session
147
					$_SESSION['DISPLAY_NAME'] = $display_name;
148
					$_SESSION['LANGUAGE'] = $language;
149
					$_SESSION['EMAIL'] = $email;
150
					$_SESSION['TIMEZONE'] = $timezone;
151
					if(isset($_SESSION['USE_DEFAULT_TIMEZONE'])) { unset($_SESSION['USE_DEFAULT_TIMEZONE']); }
152
					// Update date format
153
					if($date_format != '') {
154
						$_SESSION['DATE_FORMAT'] = $date_format;
155
						if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
156
					} else {
157
						$_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
158
						if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
159
					}
160
					// Update time format
161
					if($time_format != '') {
162
						$_SESSION['TIME_FORMAT'] = $time_format;
163
						if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
164
					} else {
165
						$_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
166
						if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
167
					}
168
				} else {
169
					$err_msg[] = 'invalid database UPDATE call in '.__FILE__.'::'.__FUNCTION__.'before line '.__LINE__;
170
				}
171
			}
172
		}
173

    
174
	}
175

    
176
	return ( (sizeof($err_msg) > 0) ? implode('<br />', $err_msg) : '' );
177
}
178

    
179
$config_file = realpath('../../config.php');
180
if(file_exists($config_file) && !defined('WB_URL'))
181
{
182
	require_once($config_file);
183
}
184

    
185
// suppress to print the header, so no new FTAN will be set
186
$admin = new admin('Preferences','start', false);
187

    
188
$retval = save_preferences($admin);
189
if ($retval == '') {
190
	// print the header
191
	$admin->print_header();
192
	$admin->print_success(Translate::getInstance()->MESSAGE_PREFERENCES_DETAILS_SAVED);
193
	$admin->print_footer();
194
} else {
195
	// print the header
196
	$admin->print_header();
197
	$admin->print_error($retval);
198
}
(2-2/2)