[freeside-commits] freeside/httemplate/pref pref.html, 1.1, 1.2 pref-process.html, 1.1, 1.2

[Ivan,,,]

Update of /home/cvs/cvsroot/freeside/httemplate/pref
In directory wavetail:/tmp/cvs-serv23827/httemplate/pref

Modified Files:
	pref.html pref-process.html 
Log Message:
top bar option!

Index: pref-process.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/pref/pref-process.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- pref-process.html	13 Nov 2006 01:09:17 -0000	1.1
+++ pref-process.html	26 Jan 2007 08:04:36 -0000	1.2
@@ -1,26 +1,41 @@
 % my $error = '';
 %
-% my $access_user = qsearchs( 'access_user', {
-%   'username'  => getotaker,
-%   '_password' => $cgi->param('_password'),
-% } );
+% my $access_user;
+% if ( grep { $cgi->param($_) !~ /^\s*$/ }
+%           qw(_password new_password new_password2)
+%    ) {
 %
-% $error = 'Current password incorrect; password not changed'
-%   unless $access_user;
+%   my $access_user = qsearchs( 'access_user', {
+%     'username'  => getotaker,
+%     '_password' => $cgi->param('_password'),
+%   } );
 %
-% $error ||= "New passwords don't match"
-%   unless $cgi->param('new_password') eq $cgi->param('new_password2');
+%   $error = 'Current password incorrect; password not changed'
+%     unless $access_user;
 %
-% $error ||= "No new password entered"
-%   unless length($cgi->param('new_password'));
+%   $error ||= "New passwords don't match"
+%     unless $cgi->param('new_password') eq $cgi->param('new_password2');
 %
-% $access_user->_password($cgi->param('new_password')) unless $error;
-% $error ||= $access_user->replace;
+%   $error ||= "No new password entered"
+%    unless length($cgi->param('new_password'));
+% 
+%   $access_user->_password($cgi->param('new_password')) unless $error;
+%
+% } else {
+%
+%   $access_user = $FS::CurrentUser::CurrentUser;
+%
+% }
+%
+% $error ||= $access_user->replace( { map { $_ => scalar($cgi->param($_)) }
+%                                         qw( menu_position ) #XXX autogen
+%                                   }
+%                                 );
 %
 % if ( $error ) {
 %   $cgi->param('error', $error);
 %   print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string );
 % } else {
-<% include('/elements/header.html', 'Password changed') %>
+<% include('/elements/header.html', 'Preferences updated') %>
 <% include('/elements/footer.html') %>
 % }

Index: pref.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/pref/pref.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- pref.html	13 Nov 2006 01:09:17 -0000	1.1
+++ pref.html	26 Jan 2007 08:04:36 -0000	1.2
@@ -4,6 +4,8 @@
 
 <% include('/elements/error.html') %>
 
+
+Change password (leave blank for no change)
 <% ntable("#cccccc",2) %>
 
 <TR>
@@ -22,7 +24,31 @@
 </TR>
 
 </TABLE>
+<BR>
 
-<INPUT TYPE="submit" VALUE="Change password">
+Interface
+<% ntable("#cccccc",2) %>
+
+<TR>
+  <TD>Menu location: </TD>
+  <TD>
+    <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
+    <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
+  </TD>
+  <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
+</TR>
+
+</TABLE>
+<BR>
+
+<INPUT TYPE="submit" VALUE="Update preferences">
 
 <% include('/elements/footer.html') %>
+<%init>
+
+# XSS via your own preferences?  seems unlikely, but nice try anyway...
+( $FS::CurrentUser::CurrentUser->option('menu_position') || 'left' )
+  =~ /^(\w+)$/ or die "illegal menu_position";
+my $menu_position = $1;
+
+</%init>