From d381f57951463a366b5264986a147ef5798ba205 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 20:18:01 +0200
Subject: user settings

---
 includes/pages/user_settings.php | 252 +++++++++++++++++++++++++++++++++++++++
 includes/sys_menu.php            |   3 +-
 includes/sys_template.php        |  11 ++
 3 files changed, 265 insertions(+), 1 deletion(-)
 create mode 100644 includes/pages/user_settings.php

(limited to 'includes')

diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
new file mode 100644
index 00000000..97c8626f
--- /dev/null
+++ b/includes/pages/user_settings.php
@@ -0,0 +1,252 @@
+<?php
+function user_settings() {
+	global $user;
+
+	if (!isset ($_REQUEST['action'])) {
+		$tshirt_html = template_render('../templates/user_settings_tshirt.html', array (
+			'label_size' => Get_Text("makeuser_T-Shirt"),
+			'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array (
+				'S' => "S",
+				'M' => "M",
+				'L' => "L",
+				'XL' => "XL",
+				'2XL' => "2XL",
+				'3XL' => "3XL",
+				'4XL' => "4XL",
+				'5XL' => "5XL",
+				'S-G' => "S Girl",
+				'M-G' => "M Girl",
+				'L-G' => "L Girl",
+				'XL-G' => "XL Girl"
+			), $user['Size']) : $user['Size']
+		));
+
+		return template_render('../templates/user_settings.html', array (
+			'link' => page_link_to("user_settings"),
+			'greeting' => Get_Text("Hallo") . $user['Nick'] . ",<br />" . Get_Text(13),
+			'text_user_data' => Get_Text("pub_einstellungen_Text_UserData"),
+			'label_nick' => Get_Text("pub_einstellungen_Nick"),
+			'label_name' => Get_Text("pub_einstellungen_Name"),
+			'label_prename' => Get_Text("pub_einstellungen_Vorname"),
+			'label_age' => Get_Text("pub_einstellungen_Alter"),
+			'label_tel' => Get_Text("pub_einstellungen_Telefon"),
+			'label_mobile' => Get_Text("pub_einstellungen_Handy"),
+			'label_dect' => Get_Text("pub_einstellungen_DECT"),
+			'label_mail' => Get_Text("pub_einstellungen_Email"),
+			'label_hometown' => Get_Text("pub_einstellungen_Hometown"),
+			'nick' => $user['Nick'],
+			'name' => $user['Name'],
+			'prename' => $user['Vorname'],
+			'age' => $user['Alter'],
+			'tel' => $user['Telefon'],
+			'mobile' => $user['Handy'],
+			'dect' => $user['DECT'],
+			'mail' => $user['email'],
+			'icq' => $user['ICQ'],
+			'jabber' => $user['jabber'],
+			'hometown' => $user['Hometown'],
+			'label_save' => Get_Text("save"),
+			'tshirts' => $tshirt_html,
+			'text_password' => Get_Text(14),
+			'current_pw_label' => Get_Text(15),
+			'new_pw_label' => Get_Text(16),
+			'new_pw2_label' => Get_Text(17),
+			'text_theme' => Get_Text(18),
+			'theme_label' => Get_Text(19),
+			'theme_select' => html_select_key('theme', array (
+				"1" => "Standard-Style",
+				"2" => "ot/Gelber Style",
+				"3" => "Club-Mate Style",
+				"5" => "Debian Style",
+				"6" => "c-base Style",
+				"7" => "Blau/Gelber Style",
+				"8" => "Pastel Style",
+				"4" => "Test Style",
+				"9" => "Test Style 21c3",
+				"10" => "msquare (cccamp2011)"
+			), $user['color']),
+			'text_language' => Get_Text(20),
+			'language_label' => Get_Text(21),
+			'language_select' => html_select_key('language', array (
+				'DE' => "Deutsch",
+				'EN' => "English"
+			), $user['Sprache'])
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case 'sprache' :
+				if (isset ($_REQUEST['language']) && preg_match("/^DE|EN$/", $_REQUEST['language']))
+					$language = $_REQUEST['language'];
+				else
+					$language = "EN";
+				sql_query("UPDATE `User` SET " . "`Sprache`='" . sql_escape($language) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+				$_SESSION['Sprache'] = $language;
+				header("Location: " . page_link_to("user_settings"));
+				break;
+
+			case 'colour' :
+				$theme = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['theme']));
+				sql_query("UPDATE `User` SET " . "`color`='" . sql_escape($theme) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+				header("Location: " . page_link_to("user_settings"));
+				break;
+
+			case 'set' :
+				$html = "";
+				if ($_REQUEST["new_pw"] == $_REQUEST["new_pw2"]) {
+					if (PassCrypt($_REQUEST["current_pw"]) == $user['Passwort']) {
+						sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+						header("Location: " . page_link_to("user_settings"));
+					} else {
+						$html .= error(Get_Text(30));
+					}
+				} else {
+					$html .= error(Get_Text(31));
+				}
+				return $html;
+				break;
+
+			case "setUserData" :
+				$nick = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['nick']));
+				$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name']));
+				$prename = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['prename']));
+				$age = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['age']));
+				$tel = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['tel']));
+				$mobile = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mobile']));
+				$dect = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['dect']));
+				$mail = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mail']));
+				$icq = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['icq']));
+				$jabber = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['jabber']));
+				$hometown = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['hometown']));
+				$size = ($user['TShirt'] == 0) ? preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['size'])) : $user['Size'];
+
+				sql_query("UPDATE `User` SET " .
+				"`Nick`='" . sql_escape($nick) . "', " .
+				"`Name`='" . sql_escape($name) . "', " .
+				"`Vorname`='" . sql_escape($prename) . "', " .
+				"`Alter`='" . sql_escape($age) . "', " .
+				"`Telefon`='" . sql_escape($tel) . "', " .
+				"`Handy`='" . sql_escape($mobile) . "', " .
+				"`DECT`='" . sql_escape($dect) . "', " .
+				"`email`='" . sql_escape($mail) . "', " .
+				"`ICQ`='" . sql_escape($icq) . "', " .
+				"`jabber`='" . sql_escape($jabber) . "', " .
+				"`Hometown`='" . sql_escape($hometown) . "', " .
+				"`Size`='" . sql_escape($size) . "' " .
+				"WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+				header("Location: " . page_link_to("user_settings"));
+				break;
+		}
+	}
+
+	// AVATARE
+	/*
+		if (get_cfg_var("file_uploads")) {
+			echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+			echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
+			echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+			echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
+			echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
+			echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
+			echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
+			echo "</form>\n";
+		}
+	
+		switch (GetPicturShow($_SESSION['UID'])) {
+			case 'Y' :
+				echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
+				echo displayPictur($_SESSION['UID'], 0);
+				echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
+				echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
+				echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
+				echo "</form>\n";
+				break;
+			case 'N' :
+				echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
+				echo displayPictur($_SESSION['UID'], 0);
+				echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
+				echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
+				echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
+				echo "</form>\n";
+				echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+			case '' :
+				echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+				echo Get_Text(22) . "<br />";
+				echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
+				echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
+				echo "<table>\n";
+				echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
+				echo "<tr>\n";
+				echo "<td>\n";
+				echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\">\n";
+	
+				for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
+					echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
+	
+				echo "</select>&nbsp;&nbsp;\n";
+				echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
+				echo "</td>\n</tr>\n";
+				echo "</table>\n";
+				echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
+				echo "</form>\n";
+				break;
+		} //CASE
+	
+	} else {
+		switch ($_POST["action"]) {
+	
+			case 'avatar' :
+				$chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
+				$Erg = mysql_query($chsql, $con);
+				$_SESSION['Avatar'] = $_POST["eAvatar"];
+				if ($Erg == 1)
+					Print_Text(34);
+				else
+					Print_Text(29);
+				break;
+	
+			case 'setUserData' :
+	
+				break;
+	
+			case 'sendPicture' :
+				if ($_FILES["file"]["size"] > 0) {
+					if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
+						$data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
+	
+						if (GetPicturShow($_SESSION['UID']) == "")
+							$SQL = "INSERT INTO `UserPicture` " .
+							"( `UID`,`Bild`, `ContentType`, `show`) " .
+							"VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
+						else
+							$SQL = "UPDATE `UserPicture` SET " .
+							"`Bild`='$data', " .
+							"`ContentType`='" . $_FILES["file"]["type"] . "', " .
+							"`show`='N' " .
+							"WHERE `UID`='" . $_SESSION['UID'] . "'";
+	
+						$res = mysql_query($SQL, $con);
+						if ($res)
+							Print_Text("pub_einstellungen_send_OK");
+						else
+							Print_Text("pub_einstellungen_send_KO");
+	
+						echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
+					} else
+						Print_Text("pub_einstellungen_send_KO");
+				} else
+					Print_Text("pub_einstellungen_send_KO");
+				break;
+	
+			case 'delPicture' :
+				$chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
+				$Erg = mysql_query($chsql, $con);
+				if ($Erg == 1)
+					Print_Text("pub_einstellungen_del_OK");
+				else
+					Print_Text("pub_einstellungen_del_KO");
+				Break;
+		}
+	}
+	*/
+}
+?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 3b8847de..da9d5666 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -21,7 +21,8 @@ function make_navigation() {
 
 	// Engel Navigation
 	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
-		"news"
+		"news",
+		"user_settings"
 	));
 
 	// Admin Navigation
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 2c7f4f22..893d2d7e 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -22,4 +22,15 @@ function html_options($name, $options, $selected = "") {
 
 	return $html;
 }
+
+function html_select_key($name, $rows, $selected) {
+	$html = '<select name="' . $name . '">';
+	foreach ($rows as $key => $row)
+		if (($key == $selected) || ($row == $selected))
+			$html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>';
+		else
+			$html .= '<option value="' . $key . '">' . $row . '</option>';
+	$html .= '</select>';
+	return $html;
+}
 ?>
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf