482 lines
15 KiB
PHP
482 lines
15 KiB
PHP
|
<?php
|
||
|
|
||
|
|
||
|
/*
|
||
|
|
||
|
Copyright 2018 Murray Hayes
|
||
|
|
||
|
Redistribution and use in source and binary forms, with or without
|
||
|
modification, are permitted provided that the following conditions
|
||
|
are met:
|
||
|
|
||
|
1. Redistributions of source code must retain the above copyright
|
||
|
notice, this list of conditions and the following disclaimer.
|
||
|
|
||
|
2. Redistributions in binary form must reproduce the above copyright
|
||
|
notice, this list of conditions and the following disclaimer in the
|
||
|
documentation and/or other materials provided with the distribution.
|
||
|
|
||
|
3. Neither the name of the copyright holder nor the names of its
|
||
|
contributors may be used to endorse or promote products derived from
|
||
|
this software without specific prior written permission.
|
||
|
|
||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||
|
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||
|
COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||
|
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||
|
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
POSSIBILITY OF SUCH DAMAGE.
|
||
|
|
||
|
*/
|
||
|
|
||
|
|
||
|
session_start();
|
||
|
|
||
|
include_once "utils.php";
|
||
|
include_once "DOMUtils.php";
|
||
|
include_once "consts.php";
|
||
|
include_once "database.php";
|
||
|
include_once "text.php";
|
||
|
include_once "adminUtils.php";
|
||
|
|
||
|
$doc = returnDoc();
|
||
|
$root = returnRoot($doc);
|
||
|
|
||
|
//if (!isset($_SESSION['login']) || !isset($_SESSION['MemberID']))
|
||
|
if (!validateSession())
|
||
|
if (!isset($_SESSION['cookieMonster']))
|
||
|
generateCookieMonster();
|
||
|
else
|
||
|
generateLoginRedirect();
|
||
|
else
|
||
|
if (($_SESSION['login'] === TRUE))
|
||
|
{
|
||
|
$changed = FALSE;
|
||
|
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||
|
{
|
||
|
/*
|
||
|
* Process form here
|
||
|
*/
|
||
|
|
||
|
if (isset($_POST[$text0007]) && $_POST[$text0007] === $text0007)
|
||
|
{
|
||
|
if ($_FILES['cssfile']['error'] === UPLOAD_ERR_OK)
|
||
|
{
|
||
|
$finfo = finfo_open(FILEINFO_MIME);
|
||
|
$destination = tempnam("usercss", "user");
|
||
|
$destination .= ".css";
|
||
|
if (move_uploaded_file($_FILES['cssfile']['tmp_name'], $destination));
|
||
|
{
|
||
|
$fileInfo = finfo_file($finfo, $destination);
|
||
|
//print($destination);
|
||
|
|
||
|
if (registerNewUserCSSFile($_SESSION['MemberID'], basename($destination), $_FILES['cssfile']['name'], $fileInfo) === FALSE)
|
||
|
{
|
||
|
print("User CSS file not added to database.");
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
print($_FILES['cssfile']['error']);
|
||
|
}
|
||
|
}
|
||
|
//print_r ($_POST);
|
||
|
else
|
||
|
if (isset($_POST[$text0005]) && $_POST[$text0005] === $text0005)
|
||
|
{
|
||
|
if ((int) $_POST['style'] !== (int) $_SESSION['prefCSS'])
|
||
|
{
|
||
|
switch ((int) $_POST['style'])
|
||
|
{
|
||
|
case 0:
|
||
|
$_SESSION['prefCSS'] = 0;
|
||
|
$changed = TRUE;
|
||
|
break;
|
||
|
case 1:
|
||
|
$_SESSION['prefCSS'] = 1;
|
||
|
$changed = TRUE;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
if ($_POST['language'] !== $_SESSION['language'])
|
||
|
{
|
||
|
switch (cleanInput($_POST['language']))
|
||
|
{
|
||
|
case 'en':
|
||
|
$_SESSION['language'] = 'en';
|
||
|
$changed = TRUE;
|
||
|
break;
|
||
|
case 'fr':
|
||
|
$_SESSION['language'] = 'fr';
|
||
|
$changed = TRUE;
|
||
|
break;
|
||
|
case 'es':
|
||
|
$_SESSION['language'] = 'es';
|
||
|
$changed = TRUE;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
if (isset($_POST['xml']) && $_POST['xml'] === 'xml')
|
||
|
{
|
||
|
if ($_SESSION['prefXML'] === FALSE)
|
||
|
{
|
||
|
$_SESSION['prefXML'] = TRUE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if ($_SESSION['prefXML'] === TRUE)
|
||
|
{
|
||
|
$_SESSION['prefXML'] = FALSE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
if (isset($_POST['mobile']) && $_POST['mobile'] === 'mobile')
|
||
|
{
|
||
|
if ($_SESSION['despizeMobile'] === FALSE)
|
||
|
{
|
||
|
$_SESSION['despizeMobile'] = TRUE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if ($_SESSION['despizeMobile'] === TRUE)
|
||
|
{
|
||
|
$_SESSION['despizeMobile'] = FALSE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
if (isset($_POST['customCSS']) && $_POST['customCSS'] === 'customCSS')
|
||
|
{
|
||
|
print ("bonk");
|
||
|
if ((boolean) $_SESSION['useCustomCSS'] === FALSE)
|
||
|
{
|
||
|
$_SESSION['useCustomCSS'] = TRUE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if ((boolean) $_SESSION['useCustomCSS'] === TRUE)
|
||
|
{
|
||
|
$_SESSION['useCustomCSS'] = FALSE;
|
||
|
$changed = TRUE;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
}
|
||
|
else
|
||
|
if (isset($_POST[$text0006]) && $_POST[$text0006] === $text0006)
|
||
|
{
|
||
|
$set_lang = 'en';
|
||
|
$set_xml = FALSE;
|
||
|
$set_mobi = FALSE;
|
||
|
$set_style = 0;
|
||
|
if (isset($_POST['xml']) && $_POST['xml'] === 'xml')
|
||
|
$set_xml = TRUE;
|
||
|
if (isset($_POST['mobile']) && $_POST['mobile'] === 'mobile')
|
||
|
$set_mobi = TRUE;
|
||
|
if (isset($_POST['language']))
|
||
|
{
|
||
|
switch (cleanInput($_POST['language']))
|
||
|
{
|
||
|
case 'en':
|
||
|
$set_lang = 'en';
|
||
|
break;
|
||
|
case 'fr':
|
||
|
$set_lang = 'fr';
|
||
|
break;
|
||
|
case 'es':
|
||
|
$set_lang = 'es';
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
if (isset($_POST['style']) && is_numeric($_POST['style']))
|
||
|
{
|
||
|
$cleaned =(int) cleanInput($_POST['style']);
|
||
|
if ($cleaned >= 0 && $cleaned <= 1)
|
||
|
$set_style = $cleaned;
|
||
|
}
|
||
|
|
||
|
try
|
||
|
{
|
||
|
$dbh = returnDatabaseHandel();
|
||
|
$dbh->beginTransaction();
|
||
|
$sth = $dbh->prepare($statement255);
|
||
|
$sth->execute(array($set_lang, $set_xml, $set_mobi, $set_style, $_SESSION['MemberID']));
|
||
|
$dbh->commit();
|
||
|
|
||
|
}
|
||
|
catch (Exception $e)
|
||
|
{
|
||
|
print("Failed ut update user_options " . $e->getMessage());
|
||
|
$dbh->rollBack();
|
||
|
}
|
||
|
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
$root = $doc->appendChild($root);
|
||
|
$root->appendChild(generateHead($doc));
|
||
|
|
||
|
$body = $doc->createElement('body');
|
||
|
$root->appendChild($body);
|
||
|
|
||
|
$body->appendChild(generateMastHead($doc, $baseDir));
|
||
|
|
||
|
//$body->appendChild($doc->createElement('hr'));
|
||
|
|
||
|
$_SESSION['subNav'] = NULL;
|
||
|
|
||
|
$body->appendChild(generateSelectedMenuBar($doc));
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Insert content here.
|
||
|
*/
|
||
|
|
||
|
$db_lang = 'en';
|
||
|
$db_xml = TRUE;
|
||
|
$db_mobi = TRUE;
|
||
|
$db_set = 0;
|
||
|
|
||
|
try
|
||
|
{
|
||
|
$dbh = returnDatabaseHandel();
|
||
|
$sth = $dbh->prepare($statement254);
|
||
|
$count = 0;
|
||
|
if ($sth->execute(array($_SESSION['MemberID'])))
|
||
|
{
|
||
|
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) // && ($row['start_datetime'] > date('')))
|
||
|
{
|
||
|
$count++;
|
||
|
$db_lang = $row['language'];
|
||
|
$db_xml = $row['prefer_xml'];
|
||
|
$db_mobi = $row['despize_mobile'];
|
||
|
$db_set = $row['prefered_css'];
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
catch (Exception $e)
|
||
|
{
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
$h3 = $doc->createElement('h3');
|
||
|
$h3->appendChild($doc->createTextNode($text0100));
|
||
|
$body->appendChild($h3);
|
||
|
|
||
|
$form = createForm($doc, "preferences.php");
|
||
|
$fieldSet = $doc->createElement('fieldset');
|
||
|
|
||
|
$label = $doc->createElement('label', $text0101);
|
||
|
$label->setAttribute('for', 'xml');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input = $doc->createElement('select');
|
||
|
$input->setAttribute('name', 'language');
|
||
|
|
||
|
$option = $doc->createElement('option');
|
||
|
$option->setAttribute('value', 'zz');
|
||
|
if (isset($_SESSION['language']) && $_SESSION['language'] === 'zz')
|
||
|
$option->setAttribute('selected', 'selected');
|
||
|
$option->appendChild($doc->createTextNode('Browser'));
|
||
|
$input->appendChild($option);
|
||
|
|
||
|
|
||
|
$option = $doc->createElement('option');
|
||
|
$option->setAttribute('value', 'en');
|
||
|
if (isset($_SESSION['language']) && $_SESSION['language'] === 'en')
|
||
|
$option->setAttribute('selected', 'selected');
|
||
|
$option->appendChild($doc->createTextNode('English'));
|
||
|
$input->appendChild($option);
|
||
|
|
||
|
$option = $doc->createElement('option');
|
||
|
$option->setAttribute('value', 'fr');
|
||
|
if (isset($_SESSION['language']) && $_SESSION['language'] === 'fr')
|
||
|
$option->setAttribute('selected', 'selected');
|
||
|
$option->appendChild($doc->createTextNode('French'));
|
||
|
$input->appendChild($option);
|
||
|
|
||
|
$option = $doc->createElement('option');
|
||
|
$option->setAttribute('value', 'es');
|
||
|
if (isset($_SESSION['language']) && $_SESSION['language'] === 'es')
|
||
|
$option->setAttribute('selected', 'selected');
|
||
|
$option->appendChild($doc->createTextNode('Spanish'));
|
||
|
$input->appendChild($option);
|
||
|
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
|
||
|
$label = $doc->createElement('label', $text0102);
|
||
|
$label->setAttribute('for', 'xml');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input = createCheckboxInput($doc, 'xml', 'xml', NULL, NULL, FALSE);
|
||
|
/* $input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'checkbox');
|
||
|
$input->setAttribute('name', 'xml');
|
||
|
$input->setAttribute('value', 'xml');
|
||
|
$input->setAttribute('autocomplete', 'off'); */
|
||
|
|
||
|
if ($_SESSION['prefXML'] === TRUE)
|
||
|
$input->setAttribute('checked', 'checked');
|
||
|
// else
|
||
|
// $input->setAttribute('checked', '');
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
$label = $doc->createElement('label', $text0103);
|
||
|
$label->setAttribute('for', 'mobile');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input = createCheckboxInput($doc, 'mobile', 'mobile', NULL, NULL, FALSE);
|
||
|
/* $input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'checkbox');
|
||
|
$input->setAttribute('name', 'mobile');
|
||
|
$input->setAttribute('value', 'mobile');
|
||
|
$input->setAttribute('autocomplete', 'off'); */
|
||
|
if ($_SESSION['despizeMobile'] === TRUE)
|
||
|
$input->setAttribute('checked', 'checked');
|
||
|
// else
|
||
|
// $input->setAttribute('checked', '');
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
$label = $doc->createElement('label', $text0104);
|
||
|
$label->setAttribute('for', 'style');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input = $doc->createElement('select');
|
||
|
$input->setAttribute('name', 'style');
|
||
|
$input->setAttribute('autocomplete', 'off');
|
||
|
for ($i = 0; $i < 2; $i++)
|
||
|
{
|
||
|
$option = $doc->createElement('option');
|
||
|
$option->setAttribute('value', $i);
|
||
|
if ($i === $_SESSION['prefCSS'])
|
||
|
$option->setAttribute('selected', 'selected');
|
||
|
$option->appendChild($doc->createTextNode($i));
|
||
|
$input->appendChild($option);
|
||
|
}
|
||
|
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
/*
|
||
|
* The order of this is unusual to provide for special labeling.
|
||
|
*/
|
||
|
|
||
|
$extendedText = $text0105;
|
||
|
$input = createCheckboxInput($doc,'customCSS', 'customCSS', NULL, NULL, FALSE);
|
||
|
if (userHasRegisteredCustomCSS($_SESSION['MemberID']))
|
||
|
{
|
||
|
/*
|
||
|
* SECURITE - if the original file name was not properly sterilized, this
|
||
|
* is where the injection attack can occur.
|
||
|
*/
|
||
|
$extendedText .= "(" . returnUserCSSOriginalFileName($_SESSION['MemberID']) . ")";
|
||
|
if ($_SESSION['useCustomCSS'] === TRUE)
|
||
|
$input->setAttribute('checked', 'checked');
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$input->setAttribute('disabled', 'disabled');
|
||
|
$extendedText .= "($text0107)";
|
||
|
}
|
||
|
$label = $doc->createElement('label', $extendedText);
|
||
|
$label->setAttribute('for', 'customCSS');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
$label = $doc->createElement('label', $text0106);
|
||
|
$label->setAttribute('for', 'cssfile');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input =$doc->createElement('input');
|
||
|
$input->setAttribute('type', 'file');
|
||
|
$input->setAttribute('name', 'cssfile');
|
||
|
$fieldSet->appendChild($input);
|
||
|
|
||
|
$input = createSubmitInput($doc, $text0007, $text0007);
|
||
|
/* $input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'submit');
|
||
|
$input->setAttribute('name', $text0007);
|
||
|
$input->setAttribute('value', $text0007); */
|
||
|
$fieldSet->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
if (returnMemberUseEncryptions($_SESSION['MemberID']))
|
||
|
$label = createLabel($doc, $text0130, 'encryptEmail', 'MemberEditorInputLabel', 'Checked');
|
||
|
else
|
||
|
$label = createLabel($doc, $text0130, 'encryptEmail', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$label = createCheckboxInput($doc, 'encryptEmail');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$label = createBr($doc);
|
||
|
$fieldSet->appendChild($label);
|
||
|
|
||
|
|
||
|
$label = $doc->createElement('label', $text0131);
|
||
|
$label->setAttribute('for', 'pgpkeyfile');
|
||
|
$label->setAttribute('class', 'MemberEditorInputLabel');
|
||
|
$fieldSet->appendChild($label);
|
||
|
$input =$doc->createElement('input');
|
||
|
$input->setAttribute('type', 'file');
|
||
|
$input->setAttribute('name', 'pgpkeyfile');
|
||
|
$fieldSet->appendChild($input);
|
||
|
|
||
|
$input = createSubmitInput($doc, $text0007, $text0007);
|
||
|
|
||
|
$form->appendChild($fieldSet);
|
||
|
|
||
|
$input = createSubmitInput($doc, $text0005, $text0005);
|
||
|
/* $input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'submit');
|
||
|
$input->setAttribute('name', $text0005);
|
||
|
$input->setAttribute('value', $text0005);*/
|
||
|
$form->appendChild($input);
|
||
|
|
||
|
if ($changed)
|
||
|
{
|
||
|
$input = createSubmitInput($doc, $text0006, $text0006);
|
||
|
/* $input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'submit');
|
||
|
$input->setAttribute('name', $text0006);
|
||
|
$input->setAttribute('value', $text0006); */
|
||
|
$form->appendChild($input);
|
||
|
}
|
||
|
|
||
|
$body->appendChild($form);
|
||
|
|
||
|
$body->appendChild(generateFooter($doc));
|
||
|
|
||
|
if ($prettyPretty)
|
||
|
$doc->formatOutput = true;
|
||
|
outputDoc($doc);
|
||
|
}
|
||
|
else
|
||
|
generateIndexRedirect();
|
||
|
|
||
|
?>
|