2 include_once $gfplugins.'webcalendar/www/includes/init.php';
6 $updating_public = false;;
7 if ( $is_admin && ! empty ( $public ) && $public_access == "Y" ) {
8 $updating_public = true;
9 $prefuser = "__public__";
10 } elseif (($user != $login) && ($is_admin || $is_nonuser_admin)) {
16 while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) {
17 $setting = substr ( $key, 5 );
18 $prefix = substr ( $key, 0, 5 );
19 if ( $key == 'user' || $key == 'public' )
21 // validate key name. should start with "pref_" and not include
22 // any unusual characters that might cause SQL injection
23 if ( ! preg_match ( '/pref_[A-Za-z0-9_]+$/', $key ) ) {
24 die_miserable_death ( 'Invalid admin setting name "' .
27 //echo "Setting = $setting, key = $key, prefix = $prefix <br />\n";
28 if ( strlen ( $setting ) > 0 && $prefix == "pref_" ) {
30 "DELETE FROM webcal_user_pref WHERE cal_login = '$prefuser' " .
31 "AND cal_setting = '$setting'";
33 if ( strlen ( $value ) > 0 ) {
34 $sql = "INSERT INTO webcal_user_pref " .
35 "( cal_login, cal_setting, cal_value ) VALUES " .
36 "( '$prefuser', '$setting', '$value' )";
37 if ( ! dbi_query ( $sql ) ) {
38 $error = "Unable to update preference: " . dbi_error () .
39 "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
46 if ( empty ( $error ) ) {
47 if ( $updating_public ) {
48 do_redirect ( "pref.php?public=1" );
49 } elseif (($is_admin || $is_nonuser_admin) && $login != $user ) {
50 do_redirect ( "pref.php?user=$user" );
52 do_redirect ( "pref.php" );
58 <h2><?php etranslate("Error")?></h2>
60 <?php etranslate("The following error occurred")?>:
65 <?php print_trailer(); ?>