Diff -- /var/www/vhosts/3dshawn.com/shop.3dshawn.com/_set_timezone.cgi
Diff

/var/www/vhosts/3dshawn.com/shop.3dshawn.com/_set_timezone.cgi

added on local at 2026-07-01 22:10:09

Added
+80
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 380119c79d5b
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1#!/usr/bin/perl
2#======================================================================
3# ShopCart -- _set_timezone.cgi
4#
5# Background pingback fired once per session by the JS at the bottom
6# of shopcart_wrapper.html. Reads the browser's IANA timezone (via
7# Intl.DateTimeFormat().resolvedOptions().timeZone) and updates the
8# logged-in user's `users.timezone` so every subsequent page load
9# applies SET time_zone = '<tz>' via MODS::DBConnect, making every
10# reporting graph/KPI render in the viewer's local time.
11#
12# POST tz=America/Denver -> updates users.timezone if different.
13# No-op if not authenticated, no tz provided, or tz unchanged.
14#======================================================================
15use strict;
16use warnings;
17
18use lib '/var/www/vhosts/3dshawn.com/shop.3dshawn.com';
19use CGI;
20use MODS::Login;
21use MODS::DBConnect;
22use MODS::ShopCart::Config;
23
24my $q = CGI->new;
25my $auth = MODS::Login->new;
26my $db = MODS::DBConnect->new;
27my $cfg = MODS::ShopCart::Config->new;
28my $DB = $cfg->settings('database_name');
29
30print "Content-Type: text/plain; charset=utf-8\nCache-Control: no-store\n\n";
31
32my $userinfo = $auth->login_verify();
33unless ($userinfo && $userinfo->{user_id}) {
34 print "noauth";
35 exit;
36}
37
38# Refuse to overwrite the target user's stored timezone while an admin
39# is impersonating them. The admin's browser zone would otherwise leak
40# into the seller's row and stick around after the admin exits.
41if ($userinfo->{_impersonating}) {
42 print "impersonating-skip";
43 exit;
44}
45
46my $tz = $q->param('tz') || '';
47# IANA names: letters/digits, underscore, hyphen, plus, colon, slash.
48# Also accept +HH:MM offset form.
49$tz =~ s/[^A-Za-z0-9_+\-:\/]//g;
50$tz = substr($tz, 0, 63);
51unless (length $tz) {
52 print "no-tz";
53 exit;
54}
55
56# Skip the write if the stored value already matches.
57if (($userinfo->{timezone} || '') eq $tz) {
58 print "ok-nochange";
59 exit;
60}
61
62my $dbh = $db->db_connect();
63unless ($dbh) {
64 print "no-db";
65 exit;
66}
67
68my $uid = $userinfo->{user_id};
69$uid =~ s/[^0-9]//g;
70
71my $safe_tz = $tz;
72$safe_tz =~ s/'/\\'/g;
73
74$db->db_readwrite($dbh, qq~
75 UPDATE `${DB}`.users SET timezone='$safe_tz' WHERE id='$uid'
76~, $ENV{SCRIPT_NAME}, __LINE__);
77
78$db->db_disconnect($dbh);
79print "ok-updated";
80exit;
Keyboard: j next diff k previous diff g top G bottom r restore c compile-check ? help