account.php 25.9 KB
Newer Older
Dries's avatar
 
Dries committed
1
<?php
Dries's avatar
 
Dries committed
2

3
include_once "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10
function account_email() {
Dries's avatar
 
Dries committed
11
  $output .= "<P>". t("Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.") ."</P>\n";
Dries's avatar
Dries committed
12
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
13 14 15 16 17
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><P>\n";
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("E-mail new password") ."\">\n";
Dries's avatar
Dries committed
18 19 20 21 22
  $output .= "</FORM>\n";

  return $output;
}

Dries's avatar
 
Dries committed
23
function account_create($error = "") {
Dries's avatar
Dries committed
24 25
  global $theme;

Dries's avatar
 
Dries committed
26 27 28 29 30
  if ($error) {
    $output .= "<P><FONT COLOR=\"red\">". t("Failed to create account: $error.") ."</FONT></P>\n";
    watchdog("message", "failed to create account: $error.");
  }
  else {
Dries's avatar
 
Dries committed
31
    $output .= "<P>". t("Registering allows you to comment, to moderate comments and pending submissions, to customize the look and feel of the site and generally helps you interact with the site more efficiently.") ."</P><P>". t("To create an account, simply fill out this form an click the 'Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.") ."</P>\n";
Dries's avatar
 
Dries committed
32
  }
Dries's avatar
Dries committed
33 34

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
35 36 37 38 39
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><BR>\n";
  $output .= "<SMALL><I>". t("Enter your desired username: only letters, numbers and common special characters are allowed.") ."</I></SMALL><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
40
  $output .= "<SMALL><I>". t("You will be sent instructions on how to validate your account via this e-mail address: make sure it is accurate.") ."</I></SMALL><P>\n";
Dries's avatar
 
Dries committed
41
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("Create account") ."\">\n";
Dries's avatar
Dries committed
42
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
43

Dries's avatar
 
Dries committed
44
  return $output;
45
}
Dries's avatar
 
Dries committed
46

Dries's avatar
Dries committed
47 48
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
49 50
  if ($userid && $passwd) $user = new User($userid, $passwd);
  if ($user->id) session_register("user");
Dries's avatar
 
Dries committed
51
  watchdog("message", ($user->id ? "session opened for user '$user->userid'" : "failed login for user '$userid'"));
Dries's avatar
Dries committed
52 53 54
}

function account_session_close() {
Dries's avatar
 
Dries committed
55
  global $user;
Dries's avatar
 
Dries committed
56
  watchdog("message", "session closed for user '$user->userid'");
Dries's avatar
Dries committed
57 58 59 60 61 62
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
 
Dries committed
63
  global $allowed_html, $theme, $user;
Dries's avatar
Dries committed
64

Dries's avatar
 
Dries committed
65
  if ($user->id) {
Dries's avatar
 
Dries committed
66
    // Generate output/content:
Dries's avatar
Dries committed
67
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
68

Dries's avatar
 
Dries committed
69
    $output .= "<B>". t("Username") .":</B><BR>\n";
Dries's avatar
 
Dries committed
70
    $output .= "$user->userid<P>\n";
Dries's avatar
 
Dries committed
71
    $output .= "<I><SMALL>". t("Required, unique, and can not be changed.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
72

Dries's avatar
 
Dries committed
73
    $output .= "<B>". t("Real name") .":</B><BR>\n";
Dries's avatar
Dries committed
74
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
Dries's avatar
 
Dries committed
75
    $output .= "<I><SMALL>". t("Optional") .".</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
76

Dries's avatar
 
Dries committed
77
    $output .= "<B>". t("Real e-mail address") .":</B><BR>\n";
Dries's avatar
 
Dries committed
78
    $output .= "$user->real_email<P>\n";
Dries's avatar
 
Dries committed
79
    $output .= "<I><SMALL>". t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
80

Dries's avatar
 
Dries committed
81
    $output .= "<B>". t("Fake e-mail address") .":</B><BR>\n";
Dries's avatar
 
Dries committed
82
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
Dries's avatar
 
Dries committed
83
    $output .= "<I><SMALL>". t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
84

Dries's avatar
 
Dries committed
85
    $output .= "<B>". t("Homepage") .":</B><BR>\n";
Dries's avatar
Dries committed
86
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
Dries's avatar
 
Dries committed
87
    $output .= "<I><SMALL>". t("Optional") .". ". t("Make sure you enter fully qualified URLs only.  That is, remember to include \"http://\".") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
88

Dries's avatar
 
Dries committed
89
    $output .= "<B>". t("Bio") .":</B> (". t("maximal 255 characters") .")<BR>\n";
Dries's avatar
Dries committed
90
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
91
    $output .= "<I><SMALL>". t("Optional") .". ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
92

Dries's avatar
 
Dries committed
93
    $output .= "<B>". t("Signature") .":</B> (". t("maximal 255 characters") .")<BR>\n";
Dries's avatar
Dries committed
94
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
95
    $output .= "<I><SMALL>". t("Optional") .". ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
96

Dries's avatar
 
Dries committed
97
    $output .= "<B>". t("Password") .":</B><BR>\n";
Dries's avatar
 
Dries committed
98
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
 
Dries committed
99
    $output .= "<I><SMALL>". t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
100 101

    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save user information") ."\"><BR>\n";
Dries's avatar
Dries committed
102 103
    $output .= "</FORM>\n";

Dries's avatar
 
Dries committed
104
    // Display output/content:
Dries's avatar
Dries committed
105
    $theme->header();
Dries's avatar
 
Dries committed
106
    $theme->box(t("Edit user information"), $output);
Dries's avatar
Dries committed
107 108 109 110
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
111 112
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
113 114 115 116 117 118
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
119
  if ($user->id) {
Dries's avatar
 
Dries committed
120 121
    $user = user_save($user, array("name" => $edit[name], "fake_email" => $edit[fake_email], "url" => $edit[url], "bio" => $edit[bio], "signature" => $edit[signature]));
    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $user = user_save($user, array("passwd" => $edit[pass1]));
Dries's avatar
Dries committed
122 123 124
  }
}

Dries's avatar
 
Dries committed
125
function account_site_edit() {
Dries's avatar
 
Dries committed
126
  global $cmodes, $corder, $theme, $themes, $languages, $user;
Dries's avatar
Dries committed
127

Dries's avatar
 
Dries committed
128
  if ($user->id) {
Dries's avatar
Dries committed
129
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
130

Dries's avatar
 
Dries committed
131
    $output .= "<B>". t("Theme") .":</B><BR>\n";
Dries's avatar
 
Dries committed
132
    foreach ($themes as $key=>$value) $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
 
Dries committed
133
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
 
Dries committed
134
    $output .= "<I><SMALL>". t("Selecting a different theme will change the look and feel of the site.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
135

Dries's avatar
 
Dries committed
136
    $output .= "<B>". t("Timezone") .":</B><BR>\n";
Dries's avatar
 
Dries committed
137
    $date = time() - date("Z");
Dries's avatar
 
Dries committed
138
    for ($zone = -43200; $zone <= 46800; $zone += 3600) $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
Dries's avatar
 
Dries committed
139
    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
Dries's avatar
 
Dries committed
140
    $output .= "<I><SMALL>". t("Select what time you currently have and your timezone settings will be set appropriate.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
141

Dries's avatar
 
Dries committed
142 143 144 145
    $output .= "<B>". t("Language" ) .":</B><BR>\n";
    foreach ($languages as $key=>$value) $options3 .= " <OPTION VALUE=\"$key\"". (($user->language == $key) ? " SELECTED" : "") .">$value - $key</OPTION>\n";
    $output .= "<SELECT NAME=\"edit[language]\">\n$options3</SELECT><BR>\n";
    $output .= "<I><SMALL>". t("Selecting a different language will change the language the site.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
146

Dries's avatar
 
Dries committed
147 148 149
    $output .= "<B>". t("Maximum number of items to display") .":</B><BR>\n";
    for ($nodes = 10; $nodes <= 30; $nodes += 5) $options4 .= "<OPTION VALUE=\"$nodes\"". (($user->nodes == $nodes) ? " SELECTED" : "") .">$nodes</OPTION>\n";
    $output .= "<SELECT NAME=\"edit[nodes]\">\n$options4</SELECT><BR>\n";
Dries's avatar
 
Dries committed
150
    $output .= "<I><SMALL>". t("The maximum number of nodes that will be displayed on the main page.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
151

Dries's avatar
 
Dries committed
152
    foreach ($cmodes as $key=>$value) $options5 .= "<OPTION VALUE=\"$key\"". ($user->mode == $key ? " SELECTED" : "") .">$value</OPTION>\n";
Dries's avatar
 
Dries committed
153
    $output .= "<B>". t("Comment display mode") .":</B><BR>\n";
Dries's avatar
 
Dries committed
154 155
    $output .= "<SELECT NAME=\"edit[mode]\">$options5</SELECT><P>\n";

Dries's avatar
 
Dries committed
156
    foreach ($corder as $key=>$value) $options6 .= "<OPTION VALUE=\"$key\"". ($user->sort == $key ? " SELECTED" : "") .">$value</OPTION>\n";
Dries's avatar
 
Dries committed
157
    $output .= "<B>". t("Comment sort order") .":</B><BR>\n";
Dries's avatar
 
Dries committed
158 159
    $output .= "<SELECT NAME=\"edit[sort]\">$options6</SELECT><P>\n";

Dries's avatar
 
Dries committed
160
    for ($i = -1; $i < 6; $i++) $options7 .= " <OPTION VALUE=\"$i\"". ($user->threshold == $i ? " SELECTED" : "") .">Filter - $i</OPTION>";
Dries's avatar
 
Dries committed
161
    $output .= "<B>". t("Comment filter") .":</B><BR>\n";
Dries's avatar
 
Dries committed
162
    $output .= "<SELECT NAME=\"edit[threshold]\">$options7</SELECT><BR>\n";
Dries's avatar
 
Dries committed
163
    $output .= "<I><SMALL>". t("Comments that scored less than this threshold setting will be ignored.  Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.") ."</SMALL></I><P>\n";
Dries's avatar
 
Dries committed
164 165

    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save site settings") ."\"><BR>\n";
Dries's avatar
Dries committed
166 167 168
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
169
    $theme->box(t("Edit your preferences"), $output);
Dries's avatar
Dries committed
170 171 172 173
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
174 175
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
176 177 178 179
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
180
function account_site_save($edit) {
Dries's avatar
Dries committed
181
  global $user;
Dries's avatar
 
Dries committed
182
  if ($user->id) {
Dries's avatar
 
Dries committed
183
    $user = user_save($user, array("theme" => $edit[theme], "timezone" => $edit[timezone], "language" => $edit[language], "nodes" => $edit[nodes], "mode" => $edit[mode], "sort" => $edit[sort], "threshold" => $edit[threshold]));
Dries's avatar
Dries committed
184
  }
185
}
Dries's avatar
 
Dries committed
186

Dries's avatar
 
Dries committed
187
function account_content_edit() {
Dries's avatar
 
Dries committed
188 189 190 191
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
192
    $output .= "<B>". t("Blocks in side bars") .":</B><BR>\n";
Dries's avatar
 
Dries committed
193
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
 
Dries committed
194 195
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
 
Dries committed
196
      $output .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> ". t($block->name) ."<BR>\n";
Dries's avatar
 
Dries committed
197
    }
Dries's avatar
 
Dries committed
198
    $output .= "<P><I><SMALL>". t("Enable the blocks you would like to see displayed in the side bars.") ."</SMALL></I></P>\n";
Dries's avatar
 
Dries committed
199
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save content settings") ."\">\n";
Dries's avatar
 
Dries committed
200 201 202
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
203
    $theme->box(t("Edit your content"), $output);
Dries's avatar
 
Dries committed
204 205 206 207
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
208 209
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
 
Dries committed
210 211 212 213
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
214
function account_content_save($edit) {
Dries's avatar
 
Dries committed
215 216
  global $user;
  if ($user->id) {
Dries's avatar
 
Dries committed
217
    db_query("DELETE FROM layout WHERE user = '$user->id'");
Dries's avatar
 
Dries committed
218
    foreach (($edit ? $edit : array()) as $block=>$weight) {
Dries's avatar
 
Dries committed
219
      db_query("INSERT INTO layout (user, block) VALUES ('$user->id', '". check_input($block) ."')");
Dries's avatar
 
Dries committed
220 221 222 223
    }
  }
}

Dries's avatar
Dries committed
224
function account_user($uname) {
Dries's avatar
 
Dries committed
225
  global $user, $status, $theme;
Dries's avatar
 
Dries committed
226

Dries's avatar
 
Dries committed
227 228
  function module($name, $module, $username) {
    global $theme;
Dries's avatar
 
Dries committed
229 230
    if ($module[account] && $block = $module[account]($username, "account", "view")) {
      if ($block[content]) $theme->box($block[subject], $block[content]);
Dries's avatar
 
Dries committed
231 232 233
    }
  }

Dries's avatar
 
Dries committed
234
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
235
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
 
Dries committed
236 237 238 239 240
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Bio") .":</B></TD><TD>". check_output($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Signature") .":</B></TD><TD>". check_output($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
241
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
242

Dries's avatar
 
Dries committed
243
    // Display account information:
Dries's avatar
 
Dries committed
244
    $theme->header();
Dries's avatar
 
Dries committed
245
    $theme->box(t("Personal information"), $output);
Dries's avatar
 
Dries committed
246 247
    $theme->footer();
  }
Dries's avatar
Dries committed
248
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
249
    $block1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
250 251 252 253
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$account->userid</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Bio") .":</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
254
    $block1 .= "</TABLE>\n";
255

Dries's avatar
 
Dries committed
256
/*
Dries's avatar
 
Dries committed
257
    $result = db_query("SELECT c.cid, c.pid, c.lid, c.subject, c.timestamp, n.title AS node FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN node ON n.id = c.lid WHERE u.userid = '$uname' AND n.status = '$status[posted]' AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
258
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
259
      $block2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
260
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Comment") .":</B></TD><TD><A HREF=\"node.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
261
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Date") .":</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
262
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Story") .":</B></TD><TD><A HREF=\"node.php?id=$comment->lid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
263 264
      $block2 .= "</TABLE>\n";
      $block2 .= "<P>\n";
265 266
      $comments++;
    }
Dries's avatar
 
Dries committed
267
*/
Dries's avatar
 
Dries committed
268

Dries's avatar
 
Dries committed
269
    // Display account information:
Dries's avatar
 
Dries committed
270
    $theme->header();
Dries's avatar
Dries committed
271
    if ($block1) $theme->box(strtr(t("%a's user information"), array("%a" => $uname)), $block1);
Dries's avatar
 
Dries committed
272
//    if ($block2) $theme->box(strtr(t("%a has posted %b recently"), array("%a" => $uname, "%b" => format_plural($comments, "comment", "comments"))), $block2);
Dries's avatar
 
Dries committed
273
    module_iterate("module", $uname);
Dries's avatar
 
Dries committed
274 275
    $theme->footer();
  }
Dries's avatar
 
Dries committed
276
  else {
Dries's avatar
 
Dries committed
277
    // Display login form:
Dries's avatar
 
Dries committed
278
    $theme->header();
Dries's avatar
 
Dries committed
279 280
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
 
Dries committed
281
    $theme->footer();
Dries's avatar
Dries committed
282 283
  }
}
Dries's avatar
 
Dries committed
284

Dries's avatar
 
Dries committed
285
function account_validate($user) {
Dries's avatar
 
Dries committed
286 287
  global $type2index;

Dries's avatar
 
Dries committed
288
  // Verify username and e-mail address:
Dries's avatar
 
Dries committed
289 290 291
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error = t("the specified e-mail address is not valid");
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error = t("the specified username is not valid");
  if (strlen($user[userid]) > 15) $error = t("the specified username is too long: it must be less than 15 characters");
Dries's avatar
 
Dries committed
292

Dries's avatar
 
Dries committed
293
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
294
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error = t("the specified username is banned") .": <I>$ban->reason</I>";
Dries's avatar
Dries committed
295
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error = t("the specified e-mail address is banned") .": <I>$ban->reason</I>";
Dries's avatar
 
Dries committed
296

Dries's avatar
 
Dries committed
297
  // Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
298
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the specified username is already taken");
Dries's avatar
 
Dries committed
299
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) $error = t("the specified e-mail address is already in use by another account");
Dries's avatar
 
Dries committed
300 301

  return $error;
Dries's avatar
Dries committed
302 303
}

Dries's avatar
Dries committed
304
function account_email_submit($userid, $email) {
Dries's avatar
 
Dries committed
305
  global $theme, $site_name, $site_url;
306

Dries's avatar
 
Dries committed
307
  $result = db_query("SELECT id FROM users WHERE userid = '$userid' AND real_email = '$email'");
Dries's avatar
 
Dries committed
308

Dries's avatar
Dries committed
309
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
310 311
    $passwd = account_password();
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
312
    $status = 1;
Dries's avatar
 
Dries committed
313

Dries's avatar
 
Dries committed
314
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
315

Dries's avatar
 
Dries committed
316
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
Dries's avatar
Dries committed
317 318 319
    $subject = strtr(t("Account details for %a"), array("%a" => $site_name));
    $message = strtr(t("%a,\n\n\nyou requested us to e-mail you a new password for your account at %b.  You will need to re-confirm your account or you will not be able to login.  To confirm your account updates visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team"), array("%a" => $userid, "%b" => $site_name, "%c" => $link, "%d" => $passwd));

Dries's avatar
Dries committed
320 321
    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
Dries committed
322
    mail($email, $subject, $message, "From: noreply");
Dries's avatar
Dries committed
323

Dries's avatar
 
Dries committed
324
    $output = t("Your password and further instructions have been sent to your e-mail address.");
Dries's avatar
Dries committed
325 326 327
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
Dries's avatar
 
Dries committed
328
    $output = t("Could not sent password: no match for the specified username and e-mail address.");
Dries's avatar
Dries committed
329
  }
Dries's avatar
 
Dries committed
330

Dries's avatar
Dries committed
331
  $theme->header();
Dries's avatar
 
Dries committed
332
  $theme->box(t("E-mail new password"), $output);
Dries's avatar
Dries committed
333 334
  $theme->footer();
}
Dries's avatar
 
Dries committed
335

Dries's avatar
Dries committed
336 337
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
Dries's avatar
 
Dries committed
338

Dries's avatar
 
Dries committed
339 340
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
 
Dries committed
341 342

  if ($error = account_validate($new)) {
Dries's avatar
Dries committed
343
    $theme->header();
Dries's avatar
 
Dries committed
344
    $theme->box(t("Create user account"), account_create($error));
Dries's avatar
Dries committed
345
    $theme->footer();
Dries's avatar
 
Dries committed
346 347 348
  }
  else {
    $new[passwd] = account_password();
Dries's avatar
 
Dries committed
349
    $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
Dries's avatar
 
Dries committed
350

Dries's avatar
 
Dries committed
351
    $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
Dries's avatar
Dries committed
352

Dries's avatar
 
Dries committed
353
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
Dries's avatar
Dries committed
354 355
    $subject = strtr(t("Account details for %a"), array("%a" => $site_name));
    $message = strtr(t("%a,\n\n\nsomeone signed up for a user account on %b and supplied this e-mail address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.  If this was you, you will have to confirm your account first or you will not be able to login.  To confirm your account visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team\n"), array("%a" => $new[userid], "%b" => $site_name, "%c" => $link, "%d" => $new[passwd]));
Dries's avatar
 
Dries committed
356

Dries's avatar
Dries committed
357
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
358

Dries's avatar
Dries committed
359
    mail($new[real_email], $subject, $message, "From: noreply");
Dries's avatar
 
Dries committed
360

Dries's avatar
 
Dries committed
361
    $theme->header();
Dries's avatar
Dries committed
362
    $theme->box(t("Create user account"), t("Congratulations!  Your member account has been successfully created and further instructions on how to confirm your account have been sent to your e-mail address.  You have to confirm your account first or you will not be able to login."));
Dries's avatar
 
Dries committed
363 364 365 366
    $theme->footer();
  }
}

Dries's avatar
Dries committed
367
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
368 369 370 371 372 373 374
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
Dries's avatar
 
Dries committed
375
        db_query("UPDATE users SET status = '2', hash = '' WHERE userid = '$name'");
Dries's avatar
 
Dries committed
376
        $output = t("Your account has been successfully confirmed.");
Dries's avatar
 
Dries committed
377
        watchdog("message", "$name: account confirmation successful");
Dries's avatar
 
Dries committed
378 379
      }
      else {
Dries's avatar
 
Dries committed
380
        $output = t("Confirmation failed: invalid confirmation hash.");
Dries's avatar
Dries committed
381
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
382 383 384
      }
    }
    else {
Dries's avatar
 
Dries committed
385
      $output = t("Confirmation failed: your account has already been confirmed.");
Dries's avatar
Dries committed
386
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
387 388 389
    }
  }
  else {
Dries's avatar
 
Dries committed
390
    $output = t("Confirmation failed: non-existing account.");
Dries's avatar
Dries committed
391
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
392 393 394
  }

  $theme->header();
Dries's avatar
 
Dries committed
395
  $theme->box(t("Create user account"), $output);
Dries's avatar
 
Dries committed
396
  $theme->footer();
Dries's avatar
Dries committed
397
}
Dries's avatar
 
Dries committed
398

Dries's avatar
Dries committed
399
function account_password($min_length=6) {
400
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
401
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
402
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
403
  return $password;
Dries's avatar
Dries committed
404 405
}

Dries's avatar
 
Dries committed
406
function account_track_comments() {
Dries's avatar
Dries committed
407
  global $theme, $user;
Dries's avatar
 
Dries committed
408

Dries's avatar
 
Dries committed
409
  $sresult = db_query("SELECT n.nid, n.title, COUNT(n.nid) AS count FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.author = '$user->id' GROUP BY n.nid DESC LIMIT 5");
Dries's avatar
 
Dries committed
410

Dries's avatar
 
Dries committed
411 412
  while ($node = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to node") ." `<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
413
    $output .= " <UL>\n";
Dries's avatar
 
Dries committed
414

Dries's avatar
 
Dries committed
415
    $cresult = db_query("SELECT * FROM comments WHERE author = '$user->id' AND lid = '$node->nid'");
Dries's avatar
 
Dries committed
416
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
Dries committed
417
      $output .= "  <LI><A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> (". t("replies") .": ". comment_num_replies($comment->cid) .", ". t("votes") .": $comment->votes, ". t("score") .": ". comment_score($comment) .")</LI>\n";
Dries's avatar
 
Dries committed
418 419 420
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
421

Dries's avatar
Dries committed
422
  $theme->header();
Dries's avatar
 
Dries committed
423
  $theme->box(t("Track your comments"), ($output ? $output : t("You have not posted any comments recently.")));
Dries's avatar
Dries committed
424
  $theme->footer();
Dries's avatar
 
Dries committed
425 426
}

Dries's avatar
 
Dries committed
427
function account_track_nodes() {
Dries's avatar
 
Dries committed
428
  global $status, $theme, $user;
Dries's avatar
 
Dries committed
429

Dries's avatar
 
Dries committed
430
  $result = db_query("SELECT n.nid, n.type, n.title, n.timestamp, COUNT(c.cid) AS count FROM node n LEFT JOIN comments c ON c.lid = n.nid WHERE n.status = '$status[posted]' AND n.author = '$user->id' GROUP BY n.nid DESC LIMIT 25");
Dries's avatar
 
Dries committed
431

Dries's avatar
 
Dries committed
432
  while ($node = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
433
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
434 435 436
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Subject") .":</B></TD><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A> (". format_plural($node->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Type") .":</B></TD><TD>". check_output($node->type) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Date") .":</B></TD><TD>". format_date($node->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
437 438 439 440 441
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
 
Dries committed
442
  $theme->box(t("Track your nodes"), ($output ? $output : t("You have not posted any nodes.")));
Dries's avatar
 
Dries committed
443 444 445 446
  $theme->footer();
}

function account_track_site() {
Dries's avatar
 
Dries committed
447
  global $status, $theme, $user, $site_name;
Dries's avatar
 
Dries committed
448

Dries's avatar
 
Dries committed
449
  $period = 259200; // 3 days
Dries's avatar
 
Dries committed
450

Dries's avatar
 
Dries committed
451
  $sresult = db_query("SELECT n.title, n.nid, COUNT(c.lid) AS count FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE n.status = '$status[posted]' AND ". time() ." - n.timestamp < $period GROUP BY c.lid ORDER BY n.timestamp DESC LIMIT 10");
Dries's avatar
 
Dries committed
452 453
  while ($node = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to node") ." '<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>':</LI>";
Dries's avatar
 
Dries committed
454

Dries's avatar
 
Dries committed
455
    $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = '$node->nid' ORDER BY c.timestamp DESC LIMIT $node->count");
Dries's avatar
 
Dries committed
456 457
    $output .= "<UL>\n";
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
458
      $output .= " <LI>'<A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' ". t("by") ." ". format_username($comment->userid) ."</LI>\n";
Dries's avatar
 
Dries committed
459 460 461
    }
    $output .= "</UL>\n";
  }
Dries's avatar
 
Dries committed
462

Dries's avatar
 
Dries committed
463
  $theme->header();
Dries's avatar
 
Dries committed
464
  $theme->box(strtr(t("Track %a"), array("%a" => $site_name)), ($output ? $output : t("No comments or nodes posted recently.")));
Dries's avatar
 
Dries committed
465 466 467
  $theme->footer();
}

Dries's avatar
 
Dries committed
468
// Security check:
Dries's avatar
 
Dries committed
469 470 471 472 473
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

474
switch ($op) {
Dries's avatar
 
Dries committed
475
  case t("E-mail new password"):
Dries's avatar
 
Dries committed
476
    account_email_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
477
    break;
Dries's avatar
 
Dries committed
478
  case t("Create account"):
Dries's avatar
 
Dries committed
479
    account_create_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
480
    break;
Dries's avatar
 
Dries committed
481
  case t("Save user information"):
Dries's avatar
Dries committed
482 483
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
484
    break;
Dries's avatar
 
Dries committed
485
  case t("Save site settings"):
Dries's avatar
 
Dries committed
486
    account_site_save($edit);
487
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
488
    break;
Dries's avatar
 
Dries committed
489
  case t("Save content settings"):
Dries's avatar
 
Dries committed
490
    account_content_save($edit);
Dries's avatar
 
Dries committed
491 492
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
493
  case "confirm":
Dries's avatar
 
Dries committed
494
    account_create_confirm(check_input($name), check_input($hash));
Dries's avatar
 
Dries committed
495 496
    break;
  case "login":
Dries's avatar
 
Dries committed
497
    account_session_start(check_input($userid), check_input($passwd));
Dries's avatar
 
Dries committed
498 499
    header("Location: account.php?op=info");
    break;
Dries's avatar
 
Dries committed
500 501 502 503 504 505 506 507 508 509
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
Dries's avatar
 
Dries committed
510
        account_user(check_input($name));
Dries's avatar
 
Dries committed
511 512 513 514 515 516 517
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
Dries's avatar
 
Dries committed
518 519
      case "nodes":
        account_track_nodes();
Dries's avatar
 
Dries committed
520 521 522 523 524 525 526
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
 
Dries committed
527 528
      case "content":
        account_content_edit();
Dries's avatar
 
Dries committed
529
        break;
Dries's avatar
 
Dries committed
530 531 532
      case "site":
        account_site_edit();
        break;
Dries's avatar
 
Dries committed
533
      default:
Dries's avatar
 
Dries committed
534
        account_user_edit();
Dries's avatar
 
Dries committed
535 536
    }
    break;
Dries's avatar
 
Dries committed
537
  default:
Dries's avatar
Dries committed
538
    account_user($user->userid);
Dries's avatar
Dries committed
539
}
Dries's avatar
 
Dries committed
540

Dries's avatar
 
Dries committed
541
?>