From fc0edb2f00bcdc6baaaa29f9041e82f3003b9b44 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Sun, 07 Jun 2015 12:16:19 -0400
Subject: [PATCH] Merge branch 'master' into 'master'

---
 interface/web/tools/user_settings.php |   24 +++++++++++++++++++++---
 1 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 42e5559..5754245 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -44,6 +44,10 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('tools');
 
+if($_SESSION['s']['user']['typ'] == 'admin') {
+	$app->auth->check_security_permissions('admin_allow_new_admin');
+}
+
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
 $app->load('tform_actions');
@@ -63,7 +67,7 @@
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
-		$this->id = $_SESSION['s']['user']['userid'];
+		$this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
 		$_POST['id'] = $_SESSION['s']['user']['userid'];
 
 		if(count($_POST) > 1) {
@@ -86,8 +90,22 @@
 		if($_POST['passwort'] != $_POST['repeat_password']) {
 			$app->tform->errorMessage = $app->tform->lng('password_mismatch');
 		}
-		$_SESSION['s']['user']['language'] = $_POST['language'];
-		$_SESSION['s']['language'] = $_POST['language'];
+		if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+			$_SESSION['s']['user']['language'] = $_POST['language'];
+			$_SESSION['s']['language'] = $_POST['language'];
+		} else {
+			$app->error('Invalid language.');
+		}
+	}
+	
+	function onAfterUpdate() {
+		global $app;
+		
+		if($_POST['passwort'] != '') {
+			$tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
+			$_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
+			unset($tmp_user);
+		}
 	}
 
 

--
Gitblit v1.9.1