account.php 24.5 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

3
include_once "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10 11 12
function account_email() {
  $output .= "<P>Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
13 14 15 16 17 18 19 20 21 22 23
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"email\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\">\n";
  $output .= "</P>\n";
Dries's avatar
Dries committed
24 25 26 27 28 29 30 31
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

Dries's avatar
 
Dries committed
32
  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to create account:</FONT>$error</B>\n";
Dries's avatar
 
Dries committed
33
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
Dries's avatar
Dries committed
34 35 36 37

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
Dries's avatar
 
Dries committed
38
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
Dries's avatar
Dries committed
39 40 41 42
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
43
  $output .= " <INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
44 45 46 47 48 49
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
  $output .= "</P>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
50

Dries's avatar
 
Dries committed
51
  return $output;
52
}
Dries's avatar
 
Dries committed
53

Dries's avatar
Dries committed
54 55
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
56

Dries's avatar
Dries committed
57
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
58
  if ($user->id) {
Dries's avatar
Dries committed
59
    session_register("user");
Dries's avatar
 
Dries committed
60
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
61 62
  }
  else {
Dries's avatar
 
Dries committed
63
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
64 65 66 67
  }
}

function account_session_close() {
Dries's avatar
 
Dries committed
68
  global $user;
Dries's avatar
 
Dries committed
69
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
70 71 72 73 74 75
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
 
Dries committed
76
  global $allowed_html, $theme, $user;
Dries's avatar
Dries committed
77

Dries's avatar
 
Dries committed
78
  if ($user->id) {
Dries's avatar
 
Dries committed
79
    // Generate output/content:
Dries's avatar
Dries committed
80
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
81 82 83
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
84 85 86 87
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
88 89
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
90
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
91 92
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
93 94 95 96 97
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
98
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.<BR>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I><P>\n";
Dries's avatar
 
Dries committed
99
    $output .= "<B>Signature:</B> (255 char. limit)<BR>\n";
Dries's avatar
Dries committed
100
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
101
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments.<BR>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I><P>\n";
Dries's avatar
Dries committed
102
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
103
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
104 105 106 107
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

Dries's avatar
 
Dries committed
108
    // Display output/content:
Dries's avatar
Dries committed
109
    $theme->header();
Dries's avatar
 
Dries committed
110
    $theme->box("Edit user information", $output);
Dries's avatar
Dries committed
111 112 113 114
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
115
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
116
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
117 118 119 120 121 122
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
123

Dries's avatar
 
Dries committed
124
  if ($user->id) {
Dries's avatar
Dries committed
125
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
126
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
127 128 129
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
130 131 132 133

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
134 135 136
  }
}

Dries's avatar
 
Dries committed
137
function account_site_edit() {
Dries's avatar
 
Dries committed
138
  global $cmodes, $corder, $theme, $themes, $user;
Dries's avatar
Dries committed
139

Dries's avatar
 
Dries committed
140
  if ($user->id) {
Dries's avatar
Dries committed
141 142
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";
Dries's avatar
 
Dries committed
143
    foreach ($themes as $key=>$value) {
Dries's avatar
 
Dries committed
144
      $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
Dries committed
145
    }
Dries's avatar
 
Dries committed
146
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
Dries committed
147
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
148 149
    $output .= "<B>Timezone:</B><BR>\n";
    $date = time() - date("Z");
Dries's avatar
 
Dries committed
150
    for ($zone = -43200; $zone <= 46800; $zone += 3600) {
Dries's avatar
 
Dries committed
151 152 153 154
      $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
    }
    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
    $output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
Dries's avatar
Dries committed
155
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
156 157 158 159
    for ($stories = 10; $stories <= 30; $stories += 5) {
      $options3 .= "<OPTION VALUE=\"$stories\"". (($user->stories == $stories) ? " SELECTED" : "") .">$stories</OPTION>\n";
    }
    $output .= "<SELECT NAME=\"edit[stories]\">\n$options3</SELECT><BR>\n";
Dries's avatar
Dries committed
160
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
161 162 163
    foreach ($cmodes as $key=>$value) {
      $options4 .= "<OPTION VALUE=\"$key\"". ($user->mode == $key ? " SELECTED" : "") .">$value</OPTION>\n";
    }
Dries's avatar
Dries committed
164
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
165 166 167 168
    $output .= "<SELECT NAME=\"edit[mode]\">$options4</SELECT><P>\n";
    foreach ($corder as $key=>$value) {
      $options5 .= "<OPTION VALUE=\"$key\"". ($user->sort == $key ? " SELECTED" : "") .">$value</OPTION>\n";
    }
Dries's avatar
Dries committed
169
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
170
    $output .= "<SELECT NAME=\"edit[sort]\">$options5</SELECT><P>\n";
Dries's avatar
 
Dries committed
171 172 173 174 175 176
    for ($i = -1; $i < 6; $i++) {
      $options6 .= " <OPTION VALUE=\"$i\"". ($user->threshold == $i ? " SELECTED" : "") .">Filter - $i</OPTION>";
    }
    $output .= "<B>Comment filter:</B><BR>\n";
    $output .= "<SELECT NAME=\"edit[threshold]\">$options6</SELECT><BR>\n";
    $output .= "<I>Comments that scored less than this threshold setting will be ignored.  Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
Dries's avatar
 
Dries committed
177
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save site settings\"><BR>\n";
Dries's avatar
Dries committed
178 179 180
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
181
    $theme->box("Edit your preferences", $output);
Dries's avatar
Dries committed
182 183 184 185
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
186
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
187
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
188 189 190 191
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
192
function account_site_save($edit) {
Dries's avatar
Dries committed
193
  global $user;
Dries's avatar
 
Dries committed
194

Dries's avatar
 
Dries committed
195
  if ($user->id) {
Dries's avatar
Dries committed
196
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
197
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
198 199 200 201 202
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
203
  }
204
}
Dries's avatar
 
Dries committed
205

Dries's avatar
 
Dries committed
206
function account_content_edit() {
Dries's avatar
 
Dries committed
207 208 209 210
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
211

Dries's avatar
 
Dries committed
212
    $output .= "<B>Blocks in side bars:</B><BR>\n";
Dries's avatar
 
Dries committed
213

Dries's avatar
 
Dries committed
214
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
 
Dries committed
215 216
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
 
Dries committed
217
      $output .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> $block->name<BR>\n";
Dries's avatar
 
Dries committed
218 219
    }

Dries's avatar
 
Dries committed
220 221
    $output .= "<P><I>Enable the blocks you would like to see displayed in the side bars.</I></P>\n";
    $output .= "<P><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save content settings\"></P>\n";
Dries's avatar
 
Dries committed
222 223 224
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
225
    $theme->box("Edit your content", $output);
Dries's avatar
 
Dries committed
226 227 228 229 230 231 232 233 234 235
    $theme->footer();
  }
  else {
    $theme->header();
    $theme->box("Create user account", account_create());
    $theme->box("E-mail password", account_email());
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
236
function account_content_save($edit) {
Dries's avatar
 
Dries committed
237 238 239
  global $user;
  if ($user->id) {
    db_query("DELETE FROM layout WHERE user = $user->id");
Dries's avatar
 
Dries committed
240 241
    foreach (($edit ? $edit : array()) as $block=>$weight) {
      db_query("INSERT INTO layout (user, block) VALUES ('". check_input($user->id) ."', '". check_input($block) ."')");
Dries's avatar
 
Dries committed
242 243 244 245
    }
  }
}

Dries's avatar
Dries committed
246
function account_user($uname) {
Dries's avatar
 
Dries committed
247
  global $user, $theme;
Dries's avatar
 
Dries committed
248

Dries's avatar
 
Dries committed
249 250 251 252 253 254 255
  function module($name, $module, $username) {
    global $theme;
    if ($module["user"] && $block = $module["user"]($username, "user", "view")) {
      if ($block["content"]) $theme->box($block["subject"], $block["content"]);
    }
  }

Dries's avatar
 
Dries committed
256
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
257
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
 
Dries committed
258
    $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$user->userid</TD></TR>\n";
Dries's avatar
 
Dries committed
259
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
260
    $output .= " <TR><TD ALIGN=\"right\"><B>Homepage:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
261 262
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
263
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
264

Dries's avatar
 
Dries committed
265
    // Display account information:
Dries's avatar
 
Dries committed
266
    $theme->header();
Dries's avatar
 
Dries committed
267
    $theme->box("Personal information", $output);
Dries's avatar
 
Dries committed
268 269
    $theme->footer();
  }
Dries's avatar
Dries committed
270
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
271 272 273 274 275 276
    $block1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
    $block1 .= "</TABLE>\n";
277

Dries's avatar
 
Dries committed
278
    $result = db_query("SELECT c.cid, c.pid, c.lid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.lid WHERE u.userid = '$uname' AND s.status = 2 AND c.link = 'story' AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
279
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
280
      $block2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
281
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
282
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
283
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"story.php?id=$comment->lid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
284 285
      $block2 .= "</TABLE>\n";
      $block2 .= "<P>\n";
286 287
      $comments++;
    }
Dries's avatar
 
Dries committed
288

Dries's avatar
 
Dries committed
289
    // Display account information:
Dries's avatar
 
Dries committed
290
    $theme->header();
Dries's avatar
 
Dries committed
291 292
    if ($block1) $theme->box("User information for $uname", $block1);
    if ($block2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $block2);
Dries's avatar
 
Dries committed
293
    module_iterate("module", $uname);
Dries's avatar
 
Dries committed
294 295
    $theme->footer();
  }
Dries's avatar
 
Dries committed
296
  else {
Dries's avatar
 
Dries committed
297
    // Display login form:
Dries's avatar
 
Dries committed
298
    $theme->header();
Dries's avatar
 
Dries committed
299
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
300
    $theme->box("E-mail password", account_email());
Dries's avatar
 
Dries committed
301
    $theme->footer();
Dries's avatar
Dries committed
302 303
  }
}
Dries's avatar
 
Dries committed
304

Dries's avatar
 
Dries committed
305
function account_validate($user) {
Dries's avatar
 
Dries committed
306 307
  global $type2index;

Dries's avatar
 
Dries committed
308
  // Verify username and e-mail address:
Dries's avatar
 
Dries committed
309 310 311 312
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

Dries's avatar
 
Dries committed
313
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
314 315 316
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

Dries's avatar
 
Dries committed
317
  // Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
318 319 320 321
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
322 323
}

Dries's avatar
Dries committed
324
function account_email_submit($userid, $email) {
Dries's avatar
 
Dries committed
325
  global $theme, $site_name, $site_url;
326

Dries's avatar
Dries committed
327
  $result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
Dries's avatar
 
Dries committed
328

Dries's avatar
Dries committed
329
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
330 331 332
    $passwd = account_password();
    $status = 1;
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
333

Dries's avatar
 
Dries committed
334
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
335

Dries's avatar
 
Dries committed
336 337
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
    $message = "$userid,\n\n\nyou requested us to e-mail you a new password for your $site_name account.  Note that you will need to re-activate your account before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically re-activate your account.  Once activated you can login using the following information:\n\n    username: $userid\n    password: $passwd\n\n\n-- $site_name crew\n";
Dries's avatar
Dries committed
338 339 340

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
 
Dries committed
341
    mail($email, "Account details for $site_name", $message, "From: noreply");
Dries's avatar
Dries committed
342 343 344 345 346 347 348

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
    $output = "Could not sent password: no match for the specified username and e-mail address.";
  }
Dries's avatar
 
Dries committed
349

Dries's avatar
Dries committed
350
  $theme->header();
Dries's avatar
Dries committed
351
  $theme->box("E-mail password", $output);
Dries's avatar
Dries committed
352 353
  $theme->footer();
}
Dries's avatar
 
Dries committed
354

Dries's avatar
Dries committed
355 356
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
Dries's avatar
 
Dries committed
357

Dries's avatar
 
Dries committed
358 359
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
 
Dries committed
360 361

  if ($error = account_validate($new)) {
Dries's avatar
Dries committed
362
    $theme->header();
Dries's avatar
 
Dries committed
363
    $theme->box("Create user account", account_create($new, $error));
Dries's avatar
Dries committed
364
    $theme->footer();
Dries's avatar
 
Dries committed
365 366 367 368 369
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
370

Dries's avatar
 
Dries committed
371
    user_save($new);
Dries's avatar
Dries committed
372

Dries's avatar
 
Dries committed
373 374
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $site_name crew\n";
Dries's avatar
 
Dries committed
375

Dries's avatar
Dries committed
376
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
377

Dries's avatar
 
Dries committed
378
    mail($new[real_email], "Account details for $site_name", $message, "From: noreply");
Dries's avatar
 
Dries committed
379

Dries's avatar
 
Dries committed
380
    $theme->header();
Dries's avatar
 
Dries committed
381
    $theme->box("Create user account", "Congratulations!  Your member account has been successfully created and further instructions on how to activate your account have been sent to your e-mail address.");
Dries's avatar
 
Dries committed
382 383 384 385
    $theme->footer();
  }
}

Dries's avatar
Dries committed
386
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
387 388 389 390 391 392 393 394
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
Dries's avatar
 
Dries committed
395 396
        $output .= "Your account has been successfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
        watchdog("message", "$name: account confirmation successful");
Dries's avatar
 
Dries committed
397 398 399
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
400
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
401 402 403 404
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
405
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
406 407 408 409
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
410
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
411 412 413 414 415
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
416
}
Dries's avatar
 
Dries committed
417

Dries's avatar
Dries committed
418
function account_password($min_length=6) {
419
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
420
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
421
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
422
  return $password;
Dries's avatar
Dries committed
423 424
}

Dries's avatar
 
Dries committed
425
function account_track_comments() {
Dries's avatar
Dries committed
426
  global $theme, $user;
Dries's avatar
 
Dries committed
427

Dries's avatar
 
Dries committed
428
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
Dries's avatar
 
Dries committed
429

Dries's avatar
 
Dries committed
430
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
431
    $output .= "<LI>". format_plural($story->count, comment, comments) ." attached to story `<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
432
    $output .= " <UL>\n";
Dries's avatar
 
Dries committed
433

Dries's avatar
 
Dries committed
434
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND lid = $story->id");
Dries's avatar
 
Dries committed
435
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
436
      $output .= "  <LI><A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - replies: ". comment_num_replies($comment->cid) ." - score: ". comment_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
437 438 439
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
440

Dries's avatar
 
Dries committed
441
  $output = ($output) ? "$output" : "$info <CENTER>You have not posted any comments recently.</CENTER>\n";
Dries's avatar
 
Dries committed
442

Dries's avatar
Dries committed
443 444 445
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
446 447
}

Dries's avatar
 
Dries committed
448 449 450
function account_track_stories() {
  global $theme, $user;

Dries's avatar
 
Dries committed
451
  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.section, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
Dries's avatar
 
Dries committed
452

Dries's avatar
 
Dries committed
453 454
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
455
    $output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
Dries's avatar
 
Dries committed
456
    $output .= " <TR><TD ALIGN=\"right\"><B>Section:</B></TD><TD><A HREF=\"search.php?section=". urlencode($story->section) ."\">". check_output($story->section) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
457 458 459 460 461 462
    $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
 
Dries committed
463
  $theme->box("Track your stories", ($output ? "$output" : "You have not posted any stories.\n"));
Dries's avatar
 
Dries committed
464 465 466 467 468 469
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

Dries's avatar
 
Dries committed
470
  $period = 259200; // 3 days
Dries's avatar
 
Dries committed
471

Dries's avatar
 
Dries committed
472 473 474
  $sresult = db_query("SELECT s.subject, s.id, COUNT(c.lid) AS count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE s.status = 2 AND c.link = 'story' AND ". time() ." - c.timestamp < $period GROUP BY c.lid ORDER BY count DESC LIMIT 10");
  while ($story = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($story->count, "new comment", "new comments") ." attached to story '<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>':</LI>";
Dries's avatar
 
Dries committed
475

Dries's avatar
 
Dries committed
476 477 478 479 480 481 482
    $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = $story->id AND c.link = 'story' ORDER BY timestamp DESC LIMIT $story->count");
    $output .= "<UL>\n";
    while ($comment = db_fetch_object($cresult)) {
      $output .= " <LI>'<A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' by ". format_username($comment->userid) ."</LI>\n";
    }
    $output .= "</UL>\n";
  }
Dries's avatar
 
Dries committed
483

Dries's avatar
 
Dries committed
484
  $theme->header();
Dries's avatar
 
Dries committed
485
  $theme->box("Track $site_name", $output);
Dries's avatar
 
Dries committed
486 487 488
  $theme->footer();
}

Dries's avatar
 
Dries committed
489
// Security check:
Dries's avatar
 
Dries committed
490 491 492 493 494
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

495
switch ($op) {
Dries's avatar
Dries committed
496
  case "Login":
Dries's avatar
Dries committed
497 498
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
499
    break;
Dries's avatar
Dries committed
500 501 502 503 504
  case "E-mail password":
    account_email_submit($userid, $email);
    break;
  case "Create account":
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
505
    break;
Dries's avatar
 
Dries committed
506 507
  case "confirm":
    account_create_confirm($name, $hash);
Dries's avatar
Dries committed
508
    break;
509
  case "Save user information":
Dries's avatar
Dries committed
510 511
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
512
    break;
Dries's avatar
 
Dries committed
513 514
  case "Save site settings":
    account_site_save($edit);
515
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
516
    break;
Dries's avatar
 
Dries committed
517 518
  case "Save content settings":
    account_content_save($edit);
Dries's avatar
 
Dries committed
519 520
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
 
Dries committed
548 549
      case "content":
        account_content_edit();
Dries's avatar
 
Dries committed
550
        break;
Dries's avatar
 
Dries committed
551 552 553
      case "site":
        account_site_edit();
        break;
Dries's avatar
 
Dries committed
554
      default:
Dries's avatar
 
Dries committed
555
        account_user_edit();
Dries's avatar
 
Dries committed
556 557
    }
    break;
Dries's avatar
 
Dries committed
558
  default:
Dries's avatar
Dries committed
559
    account_user($user->userid);
Dries's avatar
Dries committed
560
}
Dries's avatar
 
Dries committed
561

Dries's avatar
Dries committed
562
?>