// Copyright: Matthias Steffens and the file's // original author(s). // // This code is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY. Please see the GNU General Public // License for more details. // // File: ./user_options.php // Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/user_options.php $ // Author(s): Matthias Steffens // // Created: 24-Oct-04, 19:31 // Modified: $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $ // $Author: karnesky $ // $Revision: 1416 $ // This script provides options which are individual for each user. // // TODO: - I18n, more encodeHTML fixes? // Incorporate some include files: include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password include 'includes/header.inc.php'; // include header include 'includes/footer.inc.php'; // include footer include 'includes/include.inc.php'; // include common functions include 'initialize/ini.inc.php'; // include common variables // -------------------------------------------------------------------- // START A SESSION: // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables: start_session(true); // -------------------------------------------------------------------- // Initialize preferred display language: // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function) include 'includes/locales.inc.php'; // include the locales // -------------------------------------------------------------------- // Extract session variables (only necessary if register globals is OFF!): if (isset($_SESSION['errors'])) $errors = $_SESSION['errors']; else $errors = array(); // initialize variable (in order to prevent 'Undefined index/variable...' messages) if (isset($_SESSION['formVars'])) $formVars = $_SESSION['formVars']; else $formVars = array(); // initialize variable (in order to prevent 'Undefined index/variable...' messages) // The current values of the session variables 'errors' and 'formVars' get stored in '$errors' or '$formVars', respectively. (either automatically if // register globals is ON, or explicitly if register globals is OFF). // We need to clear these session variables here, since they would otherwise be there even if 'user_options.php' gets called with a different userID! // Note: though we clear the session variables, the current error message (or form variables) is still available to this script via '$errors' (or '$formVars', respectively). deleteSessionVariable("errors"); // function 'deleteSessionVariable()' is defined in 'include.inc.php' deleteSessionVariable("formVars"); // -------------------------------------------------------------------- // (1) OPEN CONNECTION, (2) SELECT DATABASE connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php' // -------------------------------------------------------------------- // A user must be logged in in order to call 'user_options.php': if (!isset($_SESSION['loginEmail'])) { // save an error message: $HeaderString = "You must login to view your user account options!"; // save the URL of the currently displayed page: $referer = $_SERVER['HTTP_REFERER']; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("referer", $referer); header("Location: user_login.php"); exit; } // -------------------------------------------------------------------- // Set the '$userID' variable: if (isset($_REQUEST['userID']) AND preg_match("/^[0-9]+$/", $_REQUEST['userID'])) // for normal users NOT being logged in -OR- for the admin: $userID = $_REQUEST['userID']; else $userID = NULL; // '$userID = ""' wouldn't be correct here, since then any later 'isset($userID)' statement would resolve to true! if (isset($_SESSION['loginEmail']) && ($loginEmail != $adminLoginEmail)) // a normal user IS logged in ('$adminLoginEmail' is specified in 'ini.inc.php') // Check this user matches the userID (viewing and modifying other user's account options is only allowed to the admin) if ($userID != getUserID($loginEmail)) // (function 'getUserID()' is defined in 'include.inc.php') { // save an error message: $HeaderString = "You can only edit your own user data!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' $userID = getUserID($loginEmail); // re-establish the user's correct user_id } // -------------------------------------------------------------------- // Check the correct parameters have been passed if ($userID == "") // note that we can't use 'empty($userID)' here, since 'userID=0' must be allowed so that the admin can edit options for the default user (= no user logged in) { // save an error message: $HeaderString = "Missing parameters for script 'user_options.php'!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php' exit; } // -------------------------------------------------------------------- // Check if the logged-in user is allowed to modify his account options: if (isset($_SESSION['loginEmail']) AND preg_match("/^\d+$/", $userID) AND isset($_SESSION['user_permissions']) AND !preg_match("/allow_modify_options/", $_SESSION['user_permissions'])) // if a user is logged in but the 'user_permissions' session variable does NOT contain 'allow_modify_options'... { // save an error message: $HeaderString = "You have no permission to modify your user account options!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); exit; } // -------------------------------------------------------------------- // Set header message: if (!isset($_SESSION['HeaderString'])) // if there's no stored message available { if (empty($errors)) // provide the default messages: $HeaderString = "Modify your account options:"; else // -> there were errors validating the user's options $HeaderString = "There were validation errors regarding the options you selected. Please check the comments above the respective fields:"; } else { $HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!) // Note: though we clear the session variable, the current message is still available to this script via '$HeaderString': deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php' } // Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''): // ('' will produce the default 'Web' output style) if (isset($_REQUEST['viewType'])) $viewType = $_REQUEST['viewType']; else $viewType = ""; // CONSTRUCT SQL QUERY: $query = "SELECT first_name, last_name, email, language FROM $tableUsers WHERE user_id = " . quote_smart($userID); // (3a) RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' // (3b) EXTRACT results: $row = mysqli_fetch_array($result); // fetch the current row into the array $row // If the admin is logged in AND the displayed user data are NOT his own, we overwrite the default header message: // (Since the admin is allowed to view and edit account data from other users, we have to provide a dynamic header message in that case) if (($loginEmail == $adminLoginEmail) && (!empty($userID)) && ($userID != getUserID($loginEmail))) // ('$adminLoginEmail' is specified in 'ini.inc.php') $HeaderString = "Edit account options for " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . "):"; elseif (empty($userID)) $HeaderString = "Edit account options for anyone who isn't logged in:"; // Show the login status: showLogin(); // (function 'showLogin()' is defined in 'include.inc.php') // (4) DISPLAY header: // call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'): displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Options", "noindex,nofollow", "User options offered by the " . encodeHTML($officialDatabaseName), "\n\t", true, "", $viewType, array()); showPageHeader($HeaderString); // -------------------------------------------------------------------- if (empty($errors)) { // Reset the '$formVars' variable (since we're loading from the user tables): $formVars = array(); // Reset the '$errors' variable: $errors = array(); // Load all the form variables with user data & options: $formVars["language"] = $row["language"]; } // Initialize variables which will set form elements according to the current user's options: // Get all user options for the current user: $userOptionsArray = getUserOptions($userID); // function 'getUserOptions()' is defined in 'include.inc.php' // Display Options: if (!empty($userID)) { // Get all languages that were setup and enabled by the admin: $languagesArray = getLanguages(""); // function 'getLanguages()' is defined in 'include.inc.php' $fieldDisabled = ""; } else // if '$userID == 0' which indicates a user not being logged in { $languagesArray = array($defaultLanguage); // for a user who's not logged in, we fall back to the default language (defined in 'ini.inc.php') $fieldDisabled = " disabled"; // disable some fields if the user isn't logged in (in which case the display language, no. of records per page, show auto-completions & the "main fields" search option will be taken from global variables in 'ini.inc.php') } $languageOptionTags = buildSelectMenuOptions($languagesArray, "/ *; */", "\t\t\t", false); // build properly formatted tag elements from language items returned by function 'getLanguages()' $userLanguage = getLanguages($userID); // get the preferred language for the current user $languageOptionTags = preg_replace("/$userLanguage[0]/i", "$userLanguage[0]", $languageOptionTags); // select the user's preferred language // Get the default number of records per page preferred by the current user: // 'records_per_page' option: $recordsPerPage = getDefaultNumberOfRecords($userID); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php' // Get the user's preference for displaying auto-completions: // 'show_auto_completions' option: $showAutoCompletions = getPrefAutoCompletions($userID); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php' if ($showAutoCompletions == "yes") { $showAutoCompletionsChecked = " checked"; $dontShowAutoCompletionsChecked = ""; } else { $showAutoCompletionsChecked = ""; $dontShowAutoCompletionsChecked = " checked"; } // Get all reference types that are available (admin logged in) or which were enabled for the current user (normal user logged in): $typeOptionTags = returnFormatsStylesTypesAsOptionTags($userID, "type", ""); // function 'returnFormatsStylesTypesAsOptionTags()' is defined in 'include.inc.php' // Get all citation styles that are available (admin logged in) or which were enabled for the current user (normal user logged in): $styleOptionTags = returnFormatsStylesTypesAsOptionTags($userID, "style", ""); // Get all citation formats that are available (admin logged in) or which were enabled for the current user (normal user logged in): $citeFormatOptionTags = returnFormatsStylesTypesAsOptionTags($userID, "format", "cite"); // Get all export formats that are available (admin logged in) or which were enabled for the current user (normal user logged in): $exportFormatOptionTags = returnFormatsStylesTypesAsOptionTags($userID, "format", "export"); if ($loginEmail == $adminLoginEmail) // if the admin is logged in $selectListIdentifier = "Enabled"; else // if ($loginEmail != $adminLoginEmail) // if a normal user is logged in $selectListIdentifier = "Show"; // Map MySQL field names to localized column names: $fieldNamesArray = mapFieldNames(true); // function 'mapFieldNames()' is defined in 'include.inc.php' $mainFieldsArray = array(); // Define fields that can be designated as "main fields": foreach ($availableMainFields as $field) // variable '$availableMainFields' is defined in 'ini.inc.php' if (isset($fieldNamesArray[$field])) $mainFieldsArray[$field] = $fieldNamesArray[$field]; // Build properly formatted tag elements from array items given in '$mainFieldsArray': $mainFieldsOptionTags = buildSelectMenuOptions($mainFieldsArray, "//", "\t\t\t", true); // function 'buildSelectMenuOptions()' is defined in 'include.inc.php' // Get the list of "main fields" preferred by the current user: // 'main_fields' option: $userMainFieldsArray = getMainFields($userID); // select all fields that shall be searched when the "main fields" search option is chosen: // (these fields will also be included as separate entries in the "Quick Search drop-down menu) foreach($userMainFieldsArray as $userMainField) $mainFieldsOptionTags = preg_replace("/]*)>" . $mainFieldsArray[$userMainField] . "<\\/option>/", "" . $mainFieldsArray[$userMainField] . "", $mainFieldsOptionTags); // Cite Options: // 'use_custom_text_citation_format' option: if (!empty($userOptionsArray) AND ($userOptionsArray['use_custom_text_citation_format'] == "yes")) $useCustomTextCitationFormatChecked = " checked"; else $useCustomTextCitationFormatChecked = ""; // 'text_citation_format' option: if (!empty($userOptionsArray['text_citation_format'])) $textCitationFormat = $userOptionsArray['text_citation_format']; else $textCitationFormat = ""; // Export Options: // 'export_cite_keys' option: if (!empty($userOptionsArray) AND ($userOptionsArray['export_cite_keys'] == "yes")) $exportCiteKeysChecked = " checked"; else $exportCiteKeysChecked = ""; // 'autogenerate_cite_keys' option: if (!empty($userOptionsArray) AND ($userOptionsArray['autogenerate_cite_keys'] == "yes")) $autogenerateCiteKeysChecked = " checked"; else $autogenerateCiteKeysChecked = ""; // 'prefer_autogenerated_cite_keys' option: if (!empty($userOptionsArray) AND ($userOptionsArray['prefer_autogenerated_cite_keys'] == "yes")) { $preferAutogeneratedCiteKeysChecked = " checked"; $dontPreferAutogeneratedCiteKeysChecked = ""; } else { $preferAutogeneratedCiteKeysChecked = ""; $dontPreferAutogeneratedCiteKeysChecked = " checked"; } // 'use_custom_cite_key_format' option: if (!empty($userOptionsArray) AND ($userOptionsArray['use_custom_cite_key_format'] == "yes")) $useCustomCiteKeyFormatChecked = " checked"; else $useCustomCiteKeyFormatChecked = ""; // 'cite_key_format' option: if (!empty($userOptionsArray['cite_key_format'])) $citeKeyFormat = $userOptionsArray['cite_key_format']; else $citeKeyFormat = ""; // 'uniquify_duplicate_cite_keys' option: if (!empty($userOptionsArray) AND ($userOptionsArray['uniquify_duplicate_cite_keys'] == "yes")) $uniquifyDuplicateCiteKeysChecked = " checked"; else $uniquifyDuplicateCiteKeysChecked = ""; // define variable holding drop-down elements: $dropDownItemArray = array("transliterate" => "transliterate", "strip" => "strip", "keep" => "keep"); // build properly formatted tag elements from array items given in '$dropDownItemArray': $nonASCIICharsInCiteKeysOptionTags = buildSelectMenuOptions($dropDownItemArray, "//", "\t\t\t", true); // function 'buildSelectMenuOptions()' is defined in 'include.inc.php' // 'nonascii_chars_in_cite_keys' option: if (!empty($userOptionsArray['nonascii_chars_in_cite_keys'])) { $useCustomHandlingOfNonASCIICharsInCiteKeysChecked = " checked"; // select the drop down option chosen by the current user: $nonASCIICharsInCiteKeysOptionTags = preg_replace("/]*)>" . $userOptionsArray['nonascii_chars_in_cite_keys'] . "/", "" . $userOptionsArray['nonascii_chars_in_cite_keys'], $nonASCIICharsInCiteKeysOptionTags); } else $useCustomHandlingOfNonASCIICharsInCiteKeysChecked = ""; // Start

and holding all the form elements: ?>

Display Options:	Use language:	>
	Show records per page:	>
	Show auto-completions:	>  yes     >  no
	reference types:
	citation styles:
	citation formats:
	export formats:
	"Main fields" searches:	>
Cite Options:	>  Use custom text citation format:
Import/Export Options:	>  Include or generate cite keys
	>  Auto-generate cite keys for:
	>  all records
	>  records with empty 'Cite Key' (ID) field
	>  Use custom format for auto-generated cite keys:
	>  Use custom handling of non-ASCII characters in cite keys:
	>  Append incrementing numbers to duplicate cite keys
User Permissions:	>	>
	>	>
	>
	>	>
	>
	>
	>	>
	>
	>	>
	>	>
	>
	>

" . $errors[$fieldName] . "\n\t\t
"; } // -------------------------------------------------------------------- // DISPLAY THE HTML FOOTER: // call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php') showPageFooter($HeaderString); displayHTMLfoot(); // -------------------------------------------------------------------- ?>