account.php 16.3 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2 3
include "config.inc";
include "functions.inc";
Dries's avatar
Dries committed
4

Dries's avatar
 
Dries committed
5 6 7 8 9
function account_getUser($uname) {
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

10
function showLogin($userid = "") {
Dries's avatar
 
Dries committed
11 12 13 14 15 16 17 18 19 20
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= " <TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  $output .= "  <TR><TH>User ID:</TH><TD><INPUT NAME=userid VALUE=\"$userid\"></TD></TR>\n";
  $output .= "  <TR><TH>Password:</TH><TD><INPUT NAME=passwd TYPE=password></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><INPUT NAME=op TYPE=submit VALUE=\"Login\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><A HREF=\"account.php?op=new\">Register</A> as new user.</A></TD></TR>\n";
  $output .= "  <TR><TD COLSPAN=2>$user->ublock</TD></TR>\n";
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";
  return $output;
21
}
Dries's avatar
 
Dries committed
22

23 24 25 26 27
function showAccess() {
  global $user, $access;
  foreach ($access as $key=>$value) if ($user->access & $value) $result .= "$key<BR>";
  return $result;
}
Dries's avatar
 
Dries committed
28 29

function showUser($uname) {
Dries's avatar
 
Dries committed
30 31
  global $user;

Dries's avatar
 
Dries committed
32 33 34 35 36 37 38 39 40 41 42 43 44
  include "theme.inc";
  
  if ($user && $uname && $user->userid == $uname) {
    $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD><B>Name:</B></TD><TD>$user->name</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$user->femail\">$user->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$user->url\">$user->url</A></TD></TR>\n";
    if ($user->access > 0) $output .= "<TR><TD VALIGN=top><B>Access:</B></TD><TD>". showAccess() ."</TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$user->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$user->signature</TD></TR>\n";
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
45 46

    ### Display account information:
Dries's avatar
 
Dries committed
47 48 49 50 51 52 53 54 55 56 57 58 59
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  elseif ($uname && $account = account_getUser($uname)) {
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$account->userid</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$account->femail\">$account->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$account->url\">$account->url</A></TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$account->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$account->signature</TD></TR>\n";
    $output .= "</TABLE>\n";

Dries's avatar
 
Dries committed
60
    ### Display account information:
Dries's avatar
 
Dries committed
61 62 63 64 65
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
66
    ### Display login form:
Dries's avatar
 
Dries committed
67 68 69
    $theme->header();
    $theme->box("Login", showLogin($userid)); 
    $theme->footer();
Dries's avatar
Dries committed
70 71
  }
}
Dries's avatar
 
Dries committed
72

73
function newUser($user = "", $error="") {
Dries's avatar
 
Dries committed
74 75 76 77 78 79 80 81 82 83 84
  include "theme.inc";
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n";
  $output .= "<TR><TH>Name:</TH><TD><INPUT NAME=\"new[name]\" VALUE=\"$new[name]\"></TD></TR>\n";
  $output .= "<TR><TH>User ID:</TR><TD><INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"></TD></TR>\n";
  $output .= "<TR><TH>E-mail:</TH><TD><INPUT NAME=\"new[email]\" VALUE=\"$new[email]\"></TD></TR>\n";
  $output .= "<TR><TD ALIGN=right COLSPAN=2><INPUT NAME=op TYPE=submit VALUE=\"Register\"></TD></TR>\n";
  $output .= "</TABLE>\n";
  $output .= "</FORM>\n";

Dries's avatar
Dries committed
85
  $theme->header();
Dries's avatar
 
Dries committed
86
  $theme->box("Register as new user", $output);
Dries's avatar
Dries committed
87 88
  $theme->footer();
}
Dries's avatar
 
Dries committed
89

90
function validateUser($user) {
Dries's avatar
 
Dries committed
91
  include "ban.inc";
Dries's avatar
 
Dries committed
92

93 94 95
  ### Verify username and e-mail address:
  $user[userid] = trim($user[userid]);
  if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
Dries's avatar
 
Dries committed
96
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
97
  if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
Dries's avatar
 
Dries committed
98 99

  ### Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
100 101
  if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
  if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
Dries's avatar
Dries committed
102

Dries's avatar
 
Dries committed
103
  ### Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
104 105
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
  if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
Dries's avatar
 
Dries committed
106

107
  return($rval);
Dries's avatar
Dries committed
108
}
Dries's avatar
 
Dries committed
109 110

function account_makePassword($min_length=6) {
111
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
112
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
113
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
114
  return $password;
Dries's avatar
Dries committed
115 116
}

Dries's avatar
 
Dries committed
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
function account_track_comments() {
  global $user;

  include "function.inc";

  $output .= "<P>This page is helpful in case you want to keep track of your most recent comments in any of the discussions.  It helps you to review the replies your comments got.\n<P>\n"; 

  ### Perform query:
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
    $output .= "<LI>". plural($story->count, comment, comments) ." in article `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
    }
    $output .= " </UL>\n";
  }
   
  return $output;
}

141
switch ($op) {
Dries's avatar
Dries committed
142
  case "Login":
143
    session_start();
Dries's avatar
 
Dries committed
144
    $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
145 146 147 148 149 150 151
    if ($user && $user->valid()) {
      session_register("user");
      watchdog(1, "session opened for user `$user->userid'.");
    }
    else {
      watchdog(2, "failed login for user `$userid'.");
    }
Dries's avatar
 
Dries committed
152
    showUser($user->userid);
Dries's avatar
Dries committed
153
    break;
154 155
  case "new":
    newUser();
Dries's avatar
Dries committed
156
    break;
Dries's avatar
 
Dries committed
157
  case "info":
Dries's avatar
 
Dries committed
158 159
    showUser($uname);
    break;
Dries's avatar
 
Dries committed
160 161 162 163 164 165
  case "discussion":
    include "theme.inc";
    $theme->header();
    $theme->box("Track your comments", account_track_comments());
    $theme->footer();
    break;
natrak's avatar
natrak committed
166
  case "logout":
Dries's avatar
 
Dries committed
167
    watchdog(1, "session closed for user `$user->userid'.");
Dries's avatar
 
Dries committed
168
    session_unset();
natrak's avatar
natrak committed
169
    session_destroy();
natrak's avatar
natrak committed
170
    unset($user);
171
    showUser();
Dries's avatar
Dries committed
172
    break;
173 174 175
  case "Register":
    if ($rval = validateUser($new)) { newUser($new, "<B>Error: $rval</B>"); }
    else {
Dries's avatar
 
Dries committed
176 177 178 179
      include"theme.inc";

      ### Generate new password:
      $new[passwd] = account_makePassword();
Dries's avatar
 
Dries committed
180
      dbsave("users", $new);
Dries's avatar
 
Dries committed
181

182
      if ($system == 1) {
Dries's avatar
 
Dries committed
183 184 185 186
        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your password is: <B>$new[passwd]</B><BR><A HREF=\"account.php?op=Login&userid=$new[userid]&passwd=$new[passwd]\">Login</A> to change your personal settings.");
        $theme->footer();
187
      } else {
Dries's avatar
 
Dries committed
188 189 190 191 192 193 194
        ### Send e-mail with account details:
        mail($new[email], "Account details for $sitename", "$user->name,\n\nyour $sitename member account has been created succesfully.  To be able to use it, you must login using the information below.  Please save this mail for further reference.\n\n   username: $new[userid]\n     e-mail: $new[email]\n   password: $new[passwd]\n\nThis password is generated by a randomizer.  It is recommended that you change this password immediately.\n\n$contact_signature", "From: $contact_email\nX-Mailer: PHP/" . phpversion());

        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>.  Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login.");
        $theme->footer();
195
      }
Dries's avatar
 
Dries committed
196 197

      watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'");
198
    }
Dries's avatar
Dries committed
199
    break;
Dries's avatar
 
Dries committed
200
  case "user":
Dries's avatar
 
Dries committed
201
    if ($user && $user->valid()) {
Dries's avatar
 
Dries committed
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Real name:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->name\"><BR>\n";
      $output .= "<I>Optional.</I><P>\n";
      $output .= "<B>Real e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[email]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->email\"><BR>\n";
      $output .= "<I>Required, but never displayed publicly: needed in case you lose your password.</I><P>\n";
      $output .= "<B>Fake e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[femail]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->femail\"><BR>\n";
      $output .= "<I>Optional, and displayed publicly by your comments. You may spam proof it if you want.</I><P>\n";
      $output .= "<B>URL of homepage:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->url\"><BR>\n";
      $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
      $output .= "<B>Bio:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=35 ROWS=5 WRAP=virtual>$user->bio</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
      $output .= "<B>User block:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[ublock]\" COLS=35 ROWS=5 WRAP=virtual>$user->ublock</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
221
      $output .= "<INPUT NAME=\"edit[ublockon]\" TYPE=checkbox". ($user->ublockon == 1 ? " CHECKED" : "") ."> Enable user block<BR>\n";
Dries's avatar
 
Dries committed
222 223 224 225 226 227 228 229 230 231
      $output .= "<I>Enable the checkbox and whatever you enter below will appear on your costum main page.</I><P>\n";
      $output .= "<B>Password:</B><BR>\n";
      $output .= "<INPUT TYPE=password NAME=\"edit[pass1]\" SIZE=10 MAXLENGTH=20> <INPUT TYPE=password NAME=edit[pass2] SIZE=10 MAXLENGTH=20><BR>\n";
      $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save user information\"><BR>\n";
      $output .= "</FORM>\n";

      ### Display output/content:
      include "theme.inc";
      $theme->header();
Dries's avatar
 
Dries committed
232
      $theme->box("Edit your information", $output);
Dries's avatar
 
Dries committed
233 234 235
      $theme->footer();
    }
    else {
Dries's avatar
 
Dries committed
236
      include "theme.inc";
Dries's avatar
 
Dries committed
237 238 239 240
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
241
    break;
Dries's avatar
 
Dries committed
242
  case "page":
Dries's avatar
 
Dries committed
243 244 245 246
    if ($user && $user->valid()) {
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Theme:</B><BR>\n";
Dries's avatar
 
Dries committed
247

Dries's avatar
 
Dries committed
248 249 250 251
      ### Loop (dynamically) through all available themes:
      $handle = opendir("themes");
      while ($file = readdir($handle)) if(!ereg("^\.",$file) && file_exists("themes/$file/theme.class.php")) $options .= "<OPTION VALUE=\"$file\"". (((!empty($userinfo[theme])) && ($file == $cfg_theme)) || ($user->theme == $file) ? " SELECTED" : "") .">$file</OPTION>";
      closedir($handle);
Dries's avatar
 
Dries committed
252

Dries's avatar
 
Dries committed
253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282
      if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme;
      $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
      $output .= "<I>Changes the look and feel of the site.</I><P>\n";
      $output .= "<B>Maximum number of stories:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=3 SIZE=3 VALUE=\"$user->storynum\"><P>\n";
      $options  = "<OPTION VALUE=\"nested\"". ($user->umode == 'nested' ? " SELECTED" : "") .">Nested</OPTION>";
      $options .= "<OPTION VALUE=\"flat\"". ($user->umode == 'flat' ? " SELECTED" : "") .">Flat</OPTION>";
      $options .= "<OPTION VALUE=\"threaded\"". ($user->umode == 'threaded' ? " SELECTED" : "") .">Threaded</OPTION>";
      $output .= "<B>Display mode:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=0". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
      $output .= "<B>Sort order:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
      $options .= "<OPTION VALUE=0". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->thold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->thold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
      $options .= "<OPTION VALUE=3". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
      $options .= "<OPTION VALUE=4". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
      $options .= "<OPTION VALUE=5". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
      $output .= "<B>Threshold:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n";
      $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
      $output .= "<B>Singature:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=35 ROWS=5 WRAP=virtual>$user->signature</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save page settings\"><BR>\n";
      $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
283

Dries's avatar
 
Dries committed
284 285 286
      ### Display output/content:
      include "theme.inc";
      $theme->header();
Dries's avatar
 
Dries committed
287
      $theme->box("Customize your page", $output);
Dries's avatar
 
Dries committed
288 289 290 291 292 293 294 295
      $theme->footer();
    }
    else {
      include "theme.inc";
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
296
    break;
297
  case "Save user information":
Dries's avatar
 
Dries committed
298
    if ($user && $user->valid()) {
299 300 301 302 303 304 305 306
      $data[name] = $edit[name];
      $data[email] = $edit[email];
      $data[femail] = $edit[femail];
      $data[url] = $edit[url];
      $data[bio] = $edit[bio];
      $data[ublock] = $edit[ublock];
      $data[ublockon] = $edit[ublockon];
      if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; }
Dries's avatar
 
Dries committed
307
      dbsave("users", $data, $user->id);
Dries's avatar
 
Dries committed
308
      $user->rehash();
309
    }
Dries's avatar
 
Dries committed
310
    showUser($user->userid);
Dries's avatar
Dries committed
311
    break;
312
  case "Save page settings":
Dries's avatar
 
Dries committed
313
    if ($user && $user->valid()) {
314 315 316 317 318 319
      $data[theme] = $edit[theme];
      $data[storynum] = $edit[storynum];
      $data[umode] = $edit[umode];
      $data[uorder] = $edit[uorder];
      $data[thold] = $edit[thold];
      $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
320
      dbsave("users", $data, $user->id);
Dries's avatar
 
Dries committed
321
      $user->rehash();
322
    }
Dries's avatar
 
Dries committed
323
    showUser($user->userid);
Dries's avatar
Dries committed
324
    break;
Dries's avatar
 
Dries committed
325 326
  default: 
    showUser($user->userid);
Dries's avatar
Dries committed
327
}
Dries's avatar
 
Dries committed
328

Dries's avatar
Dries committed
329
?>