account.php 16.3 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2 3

include "function.inc";
Dries's avatar
 
Dries committed
4
include "config.inc";
Dries's avatar
 
Dries committed
5
include "theme.inc";
Dries's avatar
Dries committed
6

Dries's avatar
 
Dries committed
7 8 9 10 11
function account_getUser($uname) {
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

12
function showLogin($userid = "") {
Dries's avatar
 
Dries committed
13 14 15 16 17 18 19 20 21 22
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= " <TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  $output .= "  <TR><TH>User ID:</TH><TD><INPUT NAME=userid VALUE=\"$userid\"></TD></TR>\n";
  $output .= "  <TR><TH>Password:</TH><TD><INPUT NAME=passwd TYPE=password></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><INPUT NAME=op TYPE=submit VALUE=\"Login\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><A HREF=\"account.php?op=new\">Register</A> as new user.</A></TD></TR>\n";
  $output .= "  <TR><TD COLSPAN=2>$user->ublock</TD></TR>\n";
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";
  return $output;
23
}
Dries's avatar
 
Dries committed
24

25 26 27 28 29
function showAccess() {
  global $user, $access;
  foreach ($access as $key=>$value) if ($user->access & $value) $result .= "$key<BR>";
  return $result;
}
Dries's avatar
 
Dries committed
30 31

function showUser($uname) {
Dries's avatar
 
Dries committed
32
  global $user, $theme;
Dries's avatar
 
Dries committed
33 34 35 36 37 38 39 40 41 42 43 44
  
  if ($user && $uname && $user->userid == $uname) {
    $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD><B>Name:</B></TD><TD>$user->name</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$user->femail\">$user->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$user->url\">$user->url</A></TD></TR>\n";
    if ($user->access > 0) $output .= "<TR><TD VALIGN=top><B>Access:</B></TD><TD>". showAccess() ."</TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$user->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$user->signature</TD></TR>\n";
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
45 46

    ### Display account information:
Dries's avatar
 
Dries committed
47 48 49 50 51 52 53 54 55 56 57 58 59
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  elseif ($uname && $account = account_getUser($uname)) {
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$account->userid</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$account->femail\">$account->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$account->url\">$account->url</A></TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$account->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$account->signature</TD></TR>\n";
    $output .= "</TABLE>\n";

Dries's avatar
 
Dries committed
60
    ### Display account information:
Dries's avatar
 
Dries committed
61 62 63 64 65
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
66
    ### Display login form:
Dries's avatar
 
Dries committed
67 68 69
    $theme->header();
    $theme->box("Login", showLogin($userid)); 
    $theme->footer();
Dries's avatar
Dries committed
70 71
  }
}
Dries's avatar
 
Dries committed
72

73
function newUser($user = "", $error="") {
Dries's avatar
 
Dries committed
74 75 76 77 78 79 80 81 82 83
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n";
  $output .= "<TR><TH>Name:</TH><TD><INPUT NAME=\"new[name]\" VALUE=\"$new[name]\"></TD></TR>\n";
  $output .= "<TR><TH>User ID:</TR><TD><INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"></TD></TR>\n";
  $output .= "<TR><TH>E-mail:</TH><TD><INPUT NAME=\"new[email]\" VALUE=\"$new[email]\"></TD></TR>\n";
  $output .= "<TR><TD ALIGN=right COLSPAN=2><INPUT NAME=op TYPE=submit VALUE=\"Register\"></TD></TR>\n";
  $output .= "</TABLE>\n";
  $output .= "</FORM>\n";

Dries's avatar
Dries committed
84
  $theme->header();
Dries's avatar
 
Dries committed
85
  $theme->box("Register as new user", $output);
Dries's avatar
Dries committed
86 87
  $theme->footer();
}
Dries's avatar
 
Dries committed
88

89
function validateUser($user) {
Dries's avatar
 
Dries committed
90
  include "ban.inc";
Dries's avatar
 
Dries committed
91

92 93 94
  ### Verify username and e-mail address:
  $user[userid] = trim($user[userid]);
  if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
Dries's avatar
 
Dries committed
95
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
96
  if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
Dries's avatar
 
Dries committed
97 98

  ### Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
99 100
  if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
  if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
Dries's avatar
Dries committed
101

Dries's avatar
 
Dries committed
102
  ### Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
103 104
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
  if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
Dries's avatar
 
Dries committed
105

106
  return($rval);
Dries's avatar
Dries committed
107
}
Dries's avatar
 
Dries committed
108 109

function account_makePassword($min_length=6) {
110
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
111
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
112
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
113
  return $password;
Dries's avatar
Dries committed
114 115
}

Dries's avatar
 
Dries committed
116 117 118
function account_track_comments() {
  global $user;

Dries's avatar
 
Dries committed
119
  $output .= "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions.  You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
120 121 122 123 124

  ### Perform query:
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
125
    $output .= "<LI>". format_plural($story->count, comment, comments) ." in story `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
Dries's avatar
 
Dries committed
126 127 128 129
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
130
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". format_plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
Dries's avatar
 
Dries committed
131 132 133 134 135 136 137
    }
    $output .= " </UL>\n";
  }
   
  return $output;
}

138
switch ($op) {
Dries's avatar
Dries committed
139
  case "Login":
140
    session_start();
Dries's avatar
 
Dries committed
141
    $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
142
    if ($user && user_valid()) {
Dries's avatar
 
Dries committed
143 144 145 146 147 148
      session_register("user");
      watchdog(1, "session opened for user `$user->userid'.");
    }
    else {
      watchdog(2, "failed login for user `$userid'.");
    }
Dries's avatar
 
Dries committed
149
    showUser($user->userid);
Dries's avatar
Dries committed
150
    break;
151 152
  case "new":
    newUser();
Dries's avatar
Dries committed
153
    break;
Dries's avatar
 
Dries committed
154 155
  case "view":
    showUser($name);
Dries's avatar
 
Dries committed
156
    break;
Dries's avatar
 
Dries committed
157 158 159 160 161
  case "discussion":
    $theme->header();
    $theme->box("Track your comments", account_track_comments());
    $theme->footer();
    break;
natrak's avatar
natrak committed
162
  case "logout":
Dries's avatar
 
Dries committed
163
    watchdog(1, "session closed for user `$user->userid'.");
Dries's avatar
 
Dries committed
164
    session_unset();
natrak's avatar
natrak committed
165
    session_destroy();
natrak's avatar
natrak committed
166
    unset($user);
167
    showUser();
Dries's avatar
Dries committed
168
    break;
169 170 171
  case "Register":
    if ($rval = validateUser($new)) { newUser($new, "<B>Error: $rval</B>"); }
    else {
Dries's avatar
 
Dries committed
172 173
      ### Generate new password:
      $new[passwd] = account_makePassword();
Dries's avatar
 
Dries committed
174
      dbsave("users", $new);
Dries's avatar
 
Dries committed
175

176
      if ($system == 1) {
Dries's avatar
 
Dries committed
177 178 179 180
        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your password is: <B>$new[passwd]</B><BR><A HREF=\"account.php?op=Login&userid=$new[userid]&passwd=$new[passwd]\">Login</A> to change your personal settings.");
        $theme->footer();
181
      } else {
Dries's avatar
 
Dries committed
182 183 184 185 186 187 188
        ### Send e-mail with account details:
        mail($new[email], "Account details for $sitename", "$user->name,\n\nyour $sitename member account has been created succesfully.  To be able to use it, you must login using the information below.  Please save this mail for further reference.\n\n   username: $new[userid]\n     e-mail: $new[email]\n   password: $new[passwd]\n\nThis password is generated by a randomizer.  It is recommended that you change this password immediately.\n\n$contact_signature", "From: $contact_email\nX-Mailer: PHP/" . phpversion());

        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>.  Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login.");
        $theme->footer();
189
      }
Dries's avatar
 
Dries committed
190 191

      watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'");
192
    }
Dries's avatar
Dries committed
193
    break;
Dries's avatar
 
Dries committed
194
  case "user":
Dries's avatar
 
Dries committed
195
    if ($user->id && user_valid()) {
Dries's avatar
 
Dries committed
196 197 198 199 200 201 202 203 204 205 206 207 208 209
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Real name:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->name\"><BR>\n";
      $output .= "<I>Optional.</I><P>\n";
      $output .= "<B>Real e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[email]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->email\"><BR>\n";
      $output .= "<I>Required, but never displayed publicly: needed in case you lose your password.</I><P>\n";
      $output .= "<B>Fake e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[femail]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->femail\"><BR>\n";
      $output .= "<I>Optional, and displayed publicly by your comments. You may spam proof it if you want.</I><P>\n";
      $output .= "<B>URL of homepage:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->url\"><BR>\n";
      $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
Dries's avatar
 
Dries committed
210
      $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
Dries's avatar
 
Dries committed
211 212
      $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=35 ROWS=5 WRAP=virtual>$user->bio</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
Dries's avatar
 
Dries committed
213
      $output .= "<B>User block:</B> (255 char. limit)<BR>\n";
Dries's avatar
 
Dries committed
214
      $output .= "<TEXTAREA NAME=\"edit[ublock]\" COLS=35 ROWS=5 WRAP=virtual>$user->ublock</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
215
      $output .= "<INPUT NAME=\"edit[ublockon]\" TYPE=checkbox". ($user->ublockon == 1 ? " CHECKED" : "") ."> Enable user block<BR>\n";
Dries's avatar
 
Dries committed
216 217 218 219 220 221 222 223 224
      $output .= "<I>Enable the checkbox and whatever you enter below will appear on your costum main page.</I><P>\n";
      $output .= "<B>Password:</B><BR>\n";
      $output .= "<INPUT TYPE=password NAME=\"edit[pass1]\" SIZE=10 MAXLENGTH=20> <INPUT TYPE=password NAME=edit[pass2] SIZE=10 MAXLENGTH=20><BR>\n";
      $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save user information\"><BR>\n";
      $output .= "</FORM>\n";

      ### Display output/content:
      $theme->header();
Dries's avatar
 
Dries committed
225
      $theme->box("Edit your information", $output);
Dries's avatar
 
Dries committed
226 227 228 229 230 231 232
      $theme->footer();
    }
    else {
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
233
    break;
Dries's avatar
 
Dries committed
234
  case "page":
Dries's avatar
 
Dries committed
235
    if ($user && user_valid()) {
Dries's avatar
 
Dries committed
236 237 238
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Theme:</B><BR>\n";
Dries's avatar
 
Dries committed
239

Dries's avatar
 
Dries committed
240 241 242 243
      ### Loop (dynamically) through all available themes:
      $handle = opendir("themes");
      while ($file = readdir($handle)) if(!ereg("^\.",$file) && file_exists("themes/$file/theme.class.php")) $options .= "<OPTION VALUE=\"$file\"". (((!empty($userinfo[theme])) && ($file == $cfg_theme)) || ($user->theme == $file) ? " SELECTED" : "") .">$file</OPTION>";
      closedir($handle);
Dries's avatar
 
Dries committed
244

Dries's avatar
 
Dries committed
245 246
      if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme;
      $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
Dries's avatar
 
Dries committed
247
      $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
248 249
      $output .= "<B>Maximum number of stories:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=3 SIZE=3 VALUE=\"$user->storynum\"><P>\n";
Dries's avatar
 
Dries committed
250
      $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
251 252 253
      $options  = "<OPTION VALUE=\"nested\"". ($user->umode == 'nested' ? " SELECTED" : "") .">Nested</OPTION>";
      $options .= "<OPTION VALUE=\"flat\"". ($user->umode == 'flat' ? " SELECTED" : "") .">Flat</OPTION>";
      $options .= "<OPTION VALUE=\"threaded\"". ($user->umode == 'threaded' ? " SELECTED" : "") .">Threaded</OPTION>";
Dries's avatar
 
Dries committed
254
      $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
255 256 257 258
      $output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=0". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
Dries's avatar
 
Dries committed
259
      $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
260 261 262 263 264 265 266 267
      $output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
      $options .= "<OPTION VALUE=0". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->thold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->thold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
      $options .= "<OPTION VALUE=3". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
      $options .= "<OPTION VALUE=4". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
      $options .= "<OPTION VALUE=5". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
 
Dries committed
268
      $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
269 270
      $output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n";
      $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
Dries's avatar
 
Dries committed
271
      $output .= "<B>Singature:</B> (255 char. limit)<BR>\n";
Dries's avatar
 
Dries committed
272 273 274 275
      $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=35 ROWS=5 WRAP=virtual>$user->signature</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save page settings\"><BR>\n";
      $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
276

Dries's avatar
 
Dries committed
277 278
      ### Display output/content:
      $theme->header();
Dries's avatar
 
Dries committed
279
      $theme->box("Customize your page", $output);
Dries's avatar
 
Dries committed
280 281 282 283 284 285 286
      $theme->footer();
    }
    else {
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
287
    break;
288
  case "Save user information":
Dries's avatar
 
Dries committed
289
    if ($user && user_valid()) {
290 291 292 293 294 295 296 297
      $data[name] = $edit[name];
      $data[email] = $edit[email];
      $data[femail] = $edit[femail];
      $data[url] = $edit[url];
      $data[bio] = $edit[bio];
      $data[ublock] = $edit[ublock];
      $data[ublockon] = $edit[ublockon];
      if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; }
Dries's avatar
 
Dries committed
298
      dbsave("users", $data, $user->id);
Dries's avatar
 
Dries committed
299
      user_rehash();
300
    }
Dries's avatar
 
Dries committed
301
    showUser($user->userid);
Dries's avatar
Dries committed
302
    break;
303
  case "Save page settings":
Dries's avatar
 
Dries committed
304
    if ($user && user_valid()) {
305 306 307 308 309 310
      $data[theme] = $edit[theme];
      $data[storynum] = $edit[storynum];
      $data[umode] = $edit[umode];
      $data[uorder] = $edit[uorder];
      $data[thold] = $edit[thold];
      $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
311
      dbsave("users", $data, $user->id);
Dries's avatar
 
Dries committed
312
      user_rehash();
313
    }
Dries's avatar
 
Dries committed
314
    showUser($user->userid);
Dries's avatar
Dries committed
315
    break;
Dries's avatar
 
Dries committed
316 317
  default: 
    showUser($user->userid);
Dries's avatar
Dries committed
318
}
Dries's avatar
 
Dries committed
319

Dries's avatar
Dries committed
320
?>