core/preferencesProcess.php at master · BereGabor/core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
/*
Gibbon, Flexible & Open School System
Copyright (C) 2010, Ross Parker

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

include './gibbon.php';

//Check to see if academic year id variables are set, if not set them
if (isset($_SESSION[$guid]['gibbonAcademicYearID']) == false or isset($_SESSION[$guid]['gibbonSchoolYearName']) == false) {
    setCurrentSchoolYear($guid, $connection2);
}

// Sanitize the whole $_POST array
$validator = new \Gibbon\Data\Validator();
$_POST = $validator->sanitize($_POST);

$calendarFeedPersonal = isset($_POST['calendarFeedPersonal'])? $_POST['calendarFeedPersonal'] : '';
$personalBackground = isset($_POST['personalBackground'])? $_POST['personalBackground'] : '';
$gibbonThemeIDPersonal = !empty($_POST['gibbonThemeIDPersonal'])? $_POST['gibbonThemeIDPersonal'] : null;
$gibboni18nIDPersonal = !empty($_POST['gibboni18nIDPersonal'])? $_POST['gibboni18nIDPersonal'] : null;
$receiveNotificationEmails = isset($_POST['receiveNotificationEmails'])? $_POST['receiveNotificationEmails'] : 'N';

$URL = $_SESSION[$guid]['absoluteURL'].'/index.php?q=preferences.php';

$validated = true;

// Validate the personal background URL
if (!empty($personalBackground) && filter_var($personalBackground, FILTER_VALIDATE_URL) === false) {
    $validated = false;
}

// Validate the personal calendar feed
if (!empty($calendarFeedPersonal) && filter_var($calendarFeedPersonal, FILTER_VALIDATE_EMAIL) === false) {
    $validated = false;
}

if (!$validated) {
    $URL .= '&return=error1';
    header("Location: {$URL}");
    exit();
}

try {
    $data = array('calendarFeedPersonal' => $calendarFeedPersonal, 'personalBackground' => $personalBackground, 'gibbonThemeIDPersonal' => $gibbonThemeIDPersonal, 'gibboni18nIDPersonal' => $gibboni18nIDPersonal, 'receiveNotificationEmails' => $receiveNotificationEmails, 'username' => $_SESSION[$guid]['username']);
    $sql = 'UPDATE gibbonPerson SET calendarFeedPersonal=:calendarFeedPersonal, personalBackground=:personalBackground, gibbonThemeIDPersonal=:gibbonThemeIDPersonal, gibboni18nIDPersonal=:gibboni18nIDPersonal, receiveNotificationEmails=:receiveNotificationEmails WHERE (username=:username)';
    $result = $connection2->prepare($sql);
    $result->execute($data);
} catch (PDOException $e) {
    $URL .= '&return=error2';
    header("Location: {$URL}");
    exit();
}

$smartWorkflowHelp = isset($_POST['smartWorkflowHelp'])? $_POST['smartWorkflowHelp'] : null;
if (!empty($smartWorkflowHelp)) {
    try {
        $data = array('gibbonPersonID' => $_SESSION[$guid]['gibbonPersonID'], 'smartWorkflowHelp' => $smartWorkflowHelp);
        $sql = "UPDATE gibbonStaff SET smartWorkflowHelp=:smartWorkflowHelp WHERE gibbonPersonID=:gibbonPersonID";
        $result = $connection2->prepare($sql);
        $result->execute($data);
    } catch (PDOException $e) {
        $URL .= '&return=error2';
        header("Location: {$URL}");
        exit();
    }
}

//Update personal preferences in session
$_SESSION[$guid]['calendarFeedPersonal'] = $calendarFeedPersonal;
$_SESSION[$guid]['personalBackground'] = $personalBackground;
$_SESSION[$guid]['gibbonThemeIDPersonal'] = $gibbonThemeIDPersonal;
$_SESSION[$guid]['gibboni18nIDPersonal'] = $gibboni18nIDPersonal;
$_SESSION[$guid]['receiveNotificationEmails'] = $receiveNotificationEmails;

//Update language settings in session (to personal preference if set, or system default if not)
if (!is_null($gibboni18nIDPersonal)) {
    try {
        $data = array('gibboni18nID' => $gibboni18nIDPersonal);
        $sql = 'SELECT * FROM gibboni18n WHERE gibboni18nID=:gibboni18nID';
        $result = $connection2->prepare($sql);
        $result->execute($data);
    } catch (PDOException $e) {
    }
    if ($result->rowCount() == 1) {
        $row = $result->fetch();
        setLanguageSession($guid, $row);
    }
} else {
    try {
        $data = array();
        $sql = "SELECT * FROM gibboni18n WHERE systemDefault='Y'";
        $result = $connection2->prepare($sql);
        $result->execute($data);
    } catch (PDOException $e) {
    }
    if ($result->rowCount() == 1) {
        $row = $result->fetch();
        setLanguageSession($guid, $row);
    }
}

$_SESSION[$guid]['pageLoads'] = null;
$URL .= '&return=success0';
header("Location: {$URL}");