summaryrefslogtreecommitdiff
path: root/httemplate/pref
diff options
context:
space:
mode:
Diffstat (limited to 'httemplate/pref')
-rw-r--r--httemplate/pref/pref-process.html44
-rw-r--r--httemplate/pref/pref.html61
2 files changed, 105 insertions, 0 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html
new file mode 100644
index 000000000..ed3350971
--- /dev/null
+++ b/httemplate/pref/pref-process.html
@@ -0,0 +1,44 @@
+% my $error = '';
+%
+% my $access_user;
+% if ( grep { $cgi->param($_) !~ /^\s*$/ }
+% qw(_password new_password new_password2)
+% ) {
+%
+% $access_user = qsearchs( 'access_user', {
+% 'username' => getotaker,
+% '_password' => $cgi->param('_password'),
+% } );
+%
+% $error = 'Current password incorrect; password not changed'
+% unless $access_user;
+%
+% $error ||= "New passwords don't match"
+% unless $cgi->param('new_password') eq $cgi->param('new_password2');
+%
+% $error ||= "No new password entered"
+% unless length($cgi->param('new_password'));
+%
+% $access_user->_password($cgi->param('new_password')) unless $error;
+%
+% } else {
+%
+% $access_user = $FS::CurrentUser::CurrentUser;
+%
+% }
+%
+% $error ||= $access_user->replace( {
+% map { $_ => scalar($cgi->param($_)) }
+% #XXX autogen
+% qw( menu_position
+% height width availHeight availWidth colorDepth
+% )
+% } );
+%
+% if ( $error ) {
+% $cgi->param('error', $error);
+% print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string );
+% } else {
+<% include('/elements/header.html', 'Preferences updated') %>
+<% include('/elements/footer.html') %>
+% }
diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html
new file mode 100644
index 000000000..507a897d7
--- /dev/null
+++ b/httemplate/pref/pref.html
@@ -0,0 +1,61 @@
+<% include('/elements/header.html', 'Preferences for '. getotaker ) %>
+
+<FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">
+
+<% include('/elements/error.html') %>
+
+
+Change password (leave blank for no change)
+<% ntable("#cccccc",2) %>
+
+<TR>
+ <TD ALIGN="right">Current password: </TD>
+ <TD><INPUT TYPE="password" NAME="_password"></TD>
+</TR>
+
+<TR>
+ <TD ALIGN="right">New password: </TD>
+ <TD><INPUT TYPE="password" NAME="new_password"></TD>
+</TR>
+
+<TR>
+ <TD ALIGN="right">Re-enter new password: </TD>
+ <TD><INPUT TYPE="password" NAME="new_password2"></TD>
+</TR>
+
+</TABLE>
+<BR>
+
+Interface
+<% ntable("#cccccc",2) %>
+
+<TR>
+ <TD>Menu location: </TD>
+ <TD>
+ <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
+ <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
+ </TD>
+ <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
+</TR>
+
+</TABLE>
+<BR>
+
+% foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
+ <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
+ <SCRIPT TYPE="text/javascript">
+ document.pref_form.<% $prop %>.value = screen.<% $prop %>;
+ </script>
+% }
+
+<INPUT TYPE="submit" VALUE="Update preferences">
+
+<% include('/elements/footer.html') %>
+<%init>
+
+# XSS via your own preferences? seems unlikely, but nice try anyway...
+( $FS::CurrentUser::CurrentUser->option('menu_position') || 'left' )
+ =~ /^(\w+)$/ or die "illegal menu_position";
+my $menu_position = $1;
+
+</%init>
generated by cgit v1.2.1 (git 2.18.0) at 2025-10-19 12:10:01 +0000