diff options
| author | ivan <ivan> | 2007-01-26 08:04:37 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2007-01-26 08:04:37 +0000 |
| commit | f01e2ce0aa6c1925e6266d78797025ec68bfac07 (patch) | |
| tree | 4b2efa16a130989e97eee59bfc72621d4d7a53fe /httemplate/pref | |
| parent | 4d68624491e3500a0bdb737a421c3711e5defebf (diff) | |
top bar option!
Diffstat (limited to 'httemplate/pref')
| -rw-r--r-- | httemplate/pref/pref-process.html | 41 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 28 |
2 files changed, 55 insertions, 14 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index a342a51ec..221edc682 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -1,26 +1,41 @@ % my $error = ''; % -% my $access_user = qsearchs( 'access_user', { -% 'username' => getotaker, -% '_password' => $cgi->param('_password'), -% } ); +% my $access_user; +% if ( grep { $cgi->param($_) !~ /^\s*$/ } +% qw(_password new_password new_password2) +% ) { % -% $error = 'Current password incorrect; password not changed' -% unless $access_user; +% my $access_user = qsearchs( 'access_user', { +% 'username' => getotaker, +% '_password' => $cgi->param('_password'), +% } ); % -% $error ||= "New passwords don't match" -% unless $cgi->param('new_password') eq $cgi->param('new_password2'); +% $error = 'Current password incorrect; password not changed' +% unless $access_user; % -% $error ||= "No new password entered" -% unless length($cgi->param('new_password')); +% $error ||= "New passwords don't match" +% unless $cgi->param('new_password') eq $cgi->param('new_password2'); % -% $access_user->_password($cgi->param('new_password')) unless $error; -% $error ||= $access_user->replace; +% $error ||= "No new password entered" +% unless length($cgi->param('new_password')); +% +% $access_user->_password($cgi->param('new_password')) unless $error; +% +% } else { +% +% $access_user = $FS::CurrentUser::CurrentUser; +% +% } +% +% $error ||= $access_user->replace( { map { $_ => scalar($cgi->param($_)) } +% qw( menu_position ) #XXX autogen +% } +% ); % % if ( $error ) { % $cgi->param('error', $error); % print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ); % } else { -<% include('/elements/header.html', 'Password changed') %> +<% include('/elements/header.html', 'Preferences updated') %> <% include('/elements/footer.html') %> % } diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 259523941..2dca3b84d 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -4,6 +4,8 @@ <% include('/elements/error.html') %> + +Change password (leave blank for no change) <% ntable("#cccccc",2) %> <TR> @@ -22,7 +24,31 @@ </TR> </TABLE> +<BR> + +Interface +<% ntable("#cccccc",2) %> + +<TR> + <TD>Menu location: </TD> + <TD> + <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR> + <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR> + </TD> + <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD> +</TR> + +</TABLE> +<BR> -<INPUT TYPE="submit" VALUE="Change password"> +<INPUT TYPE="submit" VALUE="Update preferences"> <% include('/elements/footer.html') %> +<%init> + +# XSS via your own preferences? seems unlikely, but nice try anyway... +( $FS::CurrentUser::CurrentUser->option('menu_position') || 'left' ) + =~ /^(\w+)$/ or die "illegal menu_position"; +my $menu_position = $1; + +</%init> |