account.php 21.7 KB
Newer Older
Dries's avatar
   
Dries committed
1
<?php
Dries's avatar
   
Dries committed
2

3
include_once "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
CHANGES    
Dries committed
5
page_header();
Dries's avatar
   
Dries committed
6

Dries's avatar
Dries committed
7
function account_get_user($uname) {
Dries's avatar
   
Dries committed
8
9
10
11
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
12
function account_email() {
Dries's avatar
   
Dries committed
13
  $output .= "<P>". t("Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.") ."</P>\n";
Dries's avatar
Dries committed
14
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
   
Dries committed
15
16
17
18
19
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><P>\n";
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("E-mail new password") ."\">\n";
Dries's avatar
Dries committed
20
21
22
23
24
  $output .= "</FORM>\n";

  return $output;
}

Dries's avatar
   
Dries committed
25
function account_create($error = "") {
Dries's avatar
Dries committed
26
  global $theme;
Dries's avatar
   
Dries committed
27

Dries's avatar
   
Dries committed
28
  if ($error) {
Dries's avatar
   
Dries committed
29
    $output .= "<P><FONT COLOR=\"red\">". t("Failed to create account") .": ". check_output($error) .".</FONT></P>\n";
Dries's avatar
   
Dries committed
30
    watchdog("account", "failed to create account: $error.");
Dries's avatar
   
Dries committed
31
32
  }
  else {
Dries's avatar
   
Dries committed
33
    $output .= "<P>". t("Registering allows you to comment, to moderate comments and pending submissions, to customize the look and feel of the site and generally helps you interact with the site more efficiently.") ."</P><P>". t("To create an account, simply fill out this form an click the 'Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.") ."</P>\n";
Dries's avatar
   
Dries committed
34
  }
Dries's avatar
Dries committed
35
36

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
   
Dries committed
37
38
39
40
41
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><BR>\n";
  $output .= "<SMALL><I>". t("Enter your desired username: only letters, numbers and common special characters are allowed.") ."</I></SMALL><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
42
  $output .= "<SMALL><I>". t("You will be sent instructions on how to validate your account via this e-mail address: make sure it is accurate.") ."</I></SMALL><P>\n";
Dries's avatar
   
Dries committed
43

Dries's avatar
   
Dries committed
44
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("Create account") ."\">\n";
Dries's avatar
Dries committed
45
  $output .= "</FORM>\n";
Dries's avatar
   
Dries committed
46

Dries's avatar
   
Dries committed
47
  return $output;
48
}
Dries's avatar
   
Dries committed
49

Dries's avatar
Dries committed
50
51
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
   
Dries committed
52
  if ($userid && $passwd) $user = new User($userid, $passwd);
Dries's avatar
   
Dries committed
53
54
  if ($user->id) {
    if ($rule = user_ban($user->userid, "username")) {
Dries's avatar
   
Dries committed
55
      watchdog("account", "failed to login for '$user->userid': banned by $rule->type rule '$rule->mask'");
Dries's avatar
   
Dries committed
56
57
    }
    else if ($rule = user_ban($user->last_host, "hostname")) {
Dries's avatar
   
Dries committed
58
      watchdog("account", "failed to login for '$user->userid': banned by $rule->type rule '$rule->mask'");
Dries's avatar
   
Dries committed
59
60
61
    }
    else {
      session_register("user");
Dries's avatar
   
Dries committed
62
      watchdog("account", "session opened for '$user->userid'");
Dries's avatar
   
Dries committed
63
64
    }
  }
Dries's avatar
   
Dries committed
65
  else watchdog("account", "failed to login for '$userid': invalid username - password combination");
Dries's avatar
Dries committed
66
67
68
}

function account_session_close() {
Dries's avatar
   
Dries committed
69
  global $user;
Dries's avatar
   
Dries committed
70
  watchdog("account", "session closed for user '$user->userid'");
Dries's avatar
Dries committed
71
72
73
74
75
76
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
CHANGES    
Dries committed
77
  global $theme, $user;
Dries's avatar
Dries committed
78

Dries's avatar
   
Dries committed
79
  if ($user->id) {
Dries's avatar
   
Dries committed
80
81
82
83
84
85
    // construct form:
    $form .= form_item(t("Username"), $user->userid, t("Required, unique, and can not be changed."));
    $form .= form_textfield(t("Real name"), "name", $user->name, 30, 55, t("Optional"));
    $form .= form_item(t("Real e-mail address"), $user->real_email, t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password."));
    $form .= form_textfield(t("Fake e-mail address"), "fake_email", $user->fake_email, 30, 55, t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want."));
    $form .= form_textfield(t("Homepage"), "url", $user->url, 30, 55, t("Optional") .". ". t("Make sure you enter fully qualified URLs only.  That is, remember to include \"http://\"."));
Dries's avatar
CHANGES    
Dries committed
86
87
    $form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
    $form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
Dries's avatar
   
Dries committed
88
89
90
91
    $form .= form_item(t("Password"), "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\">", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
    $form .= form_submit(t("Save user information"));

    // display form:
Dries's avatar
Dries committed
92
    $theme->header();
Dries's avatar
   
Dries committed
93
    $theme->box(t("Edit user information"), form("account.php", $form));
Dries's avatar
Dries committed
94
95
96
97
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
98
99
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
100
101
102
103
104
105
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
   
Dries committed
106
  if ($user->id) {
Dries's avatar
   
Dries committed
107
108
    $user = user_save($user, array("name" => $edit[name], "fake_email" => $edit[fake_email], "url" => $edit[url], "bio" => $edit[bio], "signature" => $edit[signature]));
    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $user = user_save($user, array("passwd" => $edit[pass1]));
Dries's avatar
Dries committed
109
110
111
  }
}

Dries's avatar
   
Dries committed
112
function account_site_edit() {
Dries's avatar
   
Dries committed
113
  global $cmodes, $corder, $theme, $themes, $languages, $user;
Dries's avatar
Dries committed
114

Dries's avatar
   
Dries committed
115
  if ($user->id) {
Dries's avatar
   
Dries committed
116
117
118
119
120
121
122
123
124
125
126
127
128
129
    // construct form:
    foreach ($themes as $key=>$value) $options .= "<OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
    $form .= form_item(t("Theme"), "<SELECT NAME=\"edit[theme]\">$options</SELECT>", t("Selecting a different theme will change the look and feel of the site."));
    for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
    $form .= form_select(t("Timezone"), "timezone", $user->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
    $form .= form_select(t("Language"), "language", $user->language, $languages, t("Selecting a different language will change the language of the site."));
    $form .= form_select(t("Number of nodes to display"), "nodes", $user->nodes, array(10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The maximum number of nodes that will be displayed on the main page."));
    $form .= form_select(t("Comment display mode"), "mode", $user->mode, $cmodes);
    $form .= form_select(t("Comment display order"), "sort", $user->sort, $corder);
    for ($count = -1; $count < 6; $count++) $threshold[$count] = t("Filter") ." - $count";
    $form .= form_select(t("Comment filter"), "threshold", $user->threshold, $threshold, t("Comments that scored less than this threshold setting will be ignored.  Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points."));
    $form .= form_submit(t("Save site settings"));

    // display form:
Dries's avatar
Dries committed
130
    $theme->header();
Dries's avatar
   
Dries committed
131
    $theme->box(t("Edit your preferences"), form("account.php", $form));
Dries's avatar
Dries committed
132
133
134
135
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
136
    if (variable_get("account_register", 1)) $theme->box(t("Create user account"), account_create());
Dries's avatar
   
Dries committed
137
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
138
139
140
141
    $theme->footer();
  }
}

Dries's avatar
   
Dries committed
142
function account_site_save($edit) {
Dries's avatar
Dries committed
143
  global $user;
Dries's avatar
   
Dries committed
144
  if ($user->id) {
Dries's avatar
   
Dries committed
145
    $user = user_save($user, array("theme" => $edit[theme], "timezone" => $edit[timezone], "language" => $edit[language], "nodes" => $edit[nodes], "mode" => $edit[mode], "sort" => $edit[sort], "threshold" => $edit[threshold]));
Dries's avatar
Dries committed
146
  }
147
}
Dries's avatar
   
Dries committed
148

Dries's avatar
   
Dries committed
149
function account_content_edit() {
Dries's avatar
   
Dries committed
150
151
152
  global $theme, $user;

  if ($user->id) {
Dries's avatar
   
Dries committed
153
    // construct form:
Dries's avatar
   
Dries committed
154
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
   
Dries committed
155
156
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
   
Dries committed
157
      $options .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> ". t($block->name) ."<BR>\n";
Dries's avatar
   
Dries committed
158
    }
Dries's avatar
   
Dries committed
159

Dries's avatar
   
Dries committed
160
161
162
163
    $form .= form_item(t("Blocks in side bars"), $options, t("Enable the blocks you would like to see displayed in the side bars."));
    $form .= form_submit(t("Save content settings"));

    // display form:
Dries's avatar
   
Dries committed
164
    $theme->header();
Dries's avatar
   
Dries committed
165
    $theme->box(t("Edit your content"), form("account.php", $form));
Dries's avatar
   
Dries committed
166
167
168
169
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
170
171
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
   
Dries committed
172
173
174
175
    $theme->footer();
  }
}

Dries's avatar
   
Dries committed
176
function account_content_save($edit) {
Dries's avatar
   
Dries committed
177
178
  global $user;
  if ($user->id) {
Dries's avatar
   
Dries committed
179
    db_query("DELETE FROM layout WHERE user = '$user->id'");
Dries's avatar
   
Dries committed
180
    foreach (($edit ? $edit : array()) as $block=>$weight) {
Dries's avatar
   
Dries committed
181
      db_query("INSERT INTO layout (user, block) VALUES ('$user->id', '". check_input($block) ."')");
Dries's avatar
   
Dries committed
182
183
184
185
    }
  }
}

Dries's avatar
Dries committed
186
function account_user($uname) {
Dries's avatar
   
Dries committed
187
  global $user, $theme;
Dries's avatar
   
Dries committed
188

Dries's avatar
   
Dries committed
189
  if ($user->id && $user->userid == $uname) {
Dries's avatar
   
Dries committed
190
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
   
Dries committed
191
192
193
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
194
195
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Bio") .":</B></TD><TD>". check_output($user->bio, 1) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Signature") .":</B></TD><TD>". check_output($user->signature, 1) ."</TD></TR>\n";
Dries's avatar
   
Dries committed
196
    $output .= "</TABLE>\n";
Dries's avatar
   
Dries committed
197

Dries's avatar
   
Dries committed
198
    // Display account information:
Dries's avatar
   
Dries committed
199
    $theme->header();
Dries's avatar
   
Dries committed
200
    $theme->box(t("Personal information"), $output);
Dries's avatar
   
Dries committed
201
202
    $theme->footer();
  }
Dries's avatar
Dries committed
203
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
   
Dries committed
204
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
   
Dries committed
205
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>". check_output($account->userid) ."</TD></TR>\n";
Dries's avatar
   
Dries committed
206
207
208
209
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Bio") .":</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
210

Dries's avatar
   
Dries committed
211
    // Display account information:
Dries's avatar
   
Dries committed
212
    $theme->header();
Dries's avatar
   
Dries committed
213
    $theme->box(strtr(t("%a's user information"), array("%a" => $uname)), $output);
Dries's avatar
   
Dries committed
214
215
    $theme->footer();
  }
Dries's avatar
   
Dries committed
216
  else {
Dries's avatar
   
Dries committed
217
    // Display login form:
Dries's avatar
   
Dries committed
218
    $theme->header();
Dries's avatar
   
Dries committed
219
    if (variable_get("account_register", 1)) $theme->box(t("Create user account"), account_create());
Dries's avatar
   
Dries committed
220
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
   
Dries committed
221
    $theme->footer();
Dries's avatar
Dries committed
222
223
  }
}
Dries's avatar
   
Dries committed
224

Dries's avatar
Dries committed
225
function account_email_submit($userid, $email) {
Dries's avatar
   
Dries committed
226
  global $theme;
227

Dries's avatar
   
Dries committed
228
  $result = db_query("SELECT id FROM users WHERE userid = '$userid' AND real_email = '$email'");
Dries's avatar
   
Dries committed
229

Dries's avatar
Dries committed
230
  if ($account = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
231
232
    $passwd = account_password();
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
   
Dries committed
233
    $status = 1;
Dries's avatar
   
Dries committed
234

Dries's avatar
   
Dries committed
235
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
236

Dries's avatar
   
Dries committed
237
    $link = path_uri() ."account.php?op=confirm&name=$userid&hash=$hash";
Dries's avatar
   
Dries committed
238
239
    $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
    $message = strtr(t("%a,\n\n\nyou requested us to e-mail you a new password for your account at %b.  You will need to re-confirm your account or you will not be able to login.  To confirm your account updates visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team"), array("%a" => $userid, "%b" => variable_get(site_name, "drupal"), "%c" => $link, "%d" => $passwd));
Dries's avatar
Dries committed
240

Dries's avatar
   
Dries committed
241
    watchdog("account", "new password: `$userid' &lt;$email&gt;");
Dries's avatar
Dries committed
242

Dries's avatar
Dries committed
243
    mail($email, $subject, $message, "From: noreply");
Dries's avatar
Dries committed
244

Dries's avatar
   
Dries committed
245
    $output = t("Your password and further instructions have been sent to your e-mail address.");
Dries's avatar
Dries committed
246
247
  }
  else {
Dries's avatar
   
Dries committed
248
    watchdog("account", "new password: '$userid' and &lt;$email&gt; do not match");
Dries's avatar
   
Dries committed
249
    $output = t("Could not sent password: no match for the specified username and e-mail address.");
Dries's avatar
Dries committed
250
  }
Dries's avatar
   
Dries committed
251

Dries's avatar
Dries committed
252
  $theme->header();
Dries's avatar
   
Dries committed
253
  $theme->box(t("E-mail new password"), $output);
Dries's avatar
Dries committed
254
255
  $theme->footer();
}
Dries's avatar
   
Dries committed
256

Dries's avatar
Dries committed
257
function account_create_submit($userid, $email) {
258
  global $theme, $HTTP_HOST, $REQUEST_URI;
Dries's avatar
   
Dries committed
259

Dries's avatar
   
Dries committed
260
261
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
   
Dries committed
262
263

  if ($error = account_validate($new)) {
Dries's avatar
Dries committed
264
    $theme->header();
Dries's avatar
   
Dries committed
265
    $theme->box(t("Create user account"), account_create($error));
Dries's avatar
Dries committed
266
    $theme->footer();
Dries's avatar
   
Dries committed
267
268
269
  }
  else {
    $new[passwd] = account_password();
Dries's avatar
   
Dries committed
270
    $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
Dries's avatar
   
Dries committed
271

Dries's avatar
   
Dries committed
272
    $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
Dries's avatar
Dries committed
273

Dries's avatar
   
Dries committed
274
    $link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
Dries's avatar
   
Dries committed
275
276
    $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
    $message = strtr(t("%a,\n\n\nsomeone signed up for a user account on %b and supplied this e-mail address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.  If this was you, you will have to confirm your account first or you will not be able to login.  To confirm your account visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team\n"), array("%a" => $new[userid], "%b" => variable_get(site_name, "drupal"), "%c" => $link, "%d" => $new[passwd]));
Dries's avatar
   
Dries committed
277

Dries's avatar
   
Dries committed
278
    watchdog("account", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
   
Dries committed
279

Dries's avatar
Dries committed
280
    mail($new[real_email], $subject, $message, "From: noreply");
Dries's avatar
   
Dries committed
281

Dries's avatar
   
Dries committed
282
    $theme->header();
Dries's avatar
Dries committed
283
    $theme->box(t("Create user account"), t("Congratulations!  Your member account has been successfully created and further instructions on how to confirm your account have been sent to your e-mail address.  You have to confirm your account first or you will not be able to login."));
Dries's avatar
   
Dries committed
284
285
286
287
    $theme->footer();
  }
}

Dries's avatar
Dries committed
288
function account_create_confirm($name, $hash) {
Dries's avatar
   
Dries committed
289
290
291
292
293
294
295
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
Dries's avatar
   
Dries committed
296
        db_query("UPDATE users SET status = '2', hash = '' WHERE userid = '$name'");
Dries's avatar
   
Dries committed
297
        $output = t("Your account has been successfully confirmed.");
Dries's avatar
   
Dries committed
298
        watchdog("account", "$name: account confirmation successful");
Dries's avatar
   
Dries committed
299
300
      }
      else {
Dries's avatar
   
Dries committed
301
        $output = t("Confirmation failed: invalid confirmation hash.");
Dries's avatar
Dries committed
302
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
   
Dries committed
303
304
305
      }
    }
    else {
Dries's avatar
   
Dries committed
306
      $output = t("Confirmation failed: your account has already been confirmed.");
Dries's avatar
Dries committed
307
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
   
Dries committed
308
309
310
    }
  }
  else {
Dries's avatar
   
Dries committed
311
    $output = t("Confirmation failed: non-existing account.");
Dries's avatar
Dries committed
312
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
   
Dries committed
313
314
315
  }

  $theme->header();
Dries's avatar
   
Dries committed
316
  $theme->box(t("Create user account"), $output);
Dries's avatar
   
Dries committed
317
  $theme->footer();
Dries's avatar
Dries committed
318
}
Dries's avatar
   
Dries committed
319

Dries's avatar
   
Dries committed
320
function account_track_comments() {
Dries's avatar
Dries committed
321
  global $theme, $user;
Dries's avatar
   
Dries committed
322

323
  $sresult = db_query("SELECT n.nid, n.title, COUNT(n.nid) AS count FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.author = '$user->id' GROUP BY n.nid DESC ORDER BY n.nid DESC LIMIT 5");
Dries's avatar
   
Dries committed
324

Dries's avatar
   
Dries committed
325
326
  while ($node = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to node") ." `<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>`:</LI>\n";
Dries's avatar
   
Dries committed
327
    $output .= " <UL>\n";
Dries's avatar
   
Dries committed
328

Dries's avatar
   
Dries committed
329
    $cresult = db_query("SELECT * FROM comments WHERE author = '$user->id' AND lid = '$node->nid'");
Dries's avatar
   
Dries committed
330
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
Dries committed
331
      $output .= "  <LI><A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> (". t("replies") .": ". comment_num_replies($comment->cid) .", ". t("votes") .": $comment->votes, ". t("score") .": ". comment_score($comment) .")</LI>\n";
Dries's avatar
   
Dries committed
332
333
334
    }
    $output .= " </UL>\n";
  }
Dries's avatar
   
Dries committed
335

Dries's avatar
Dries committed
336
  $theme->header();
Dries's avatar
   
Dries committed
337
  $theme->box(t("Track your comments"), ($output ? $output : t("You have not posted any comments recently.")));
Dries's avatar
Dries committed
338
  $theme->footer();
Dries's avatar
   
Dries committed
339
340
}

Dries's avatar
   
Dries committed
341
function account_track_nodes() {
Dries's avatar
   
Dries committed
342
  global $theme, $user;
Dries's avatar
   
Dries committed
343

344
  $result = db_query("SELECT n.nid, n.type, n.title, n.timestamp, COUNT(c.cid) AS count FROM node n LEFT JOIN comments c ON c.lid = n.nid WHERE n.status = '". node_status("posted") ."' AND n.author = '$user->id' GROUP BY n.nid DESC ORDER BY n.nid DESC LIMIT 25");
Dries's avatar
   
Dries committed
345

Dries's avatar
   
Dries committed
346
  while ($node = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
347
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
   
Dries committed
348
349
350
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Subject") .":</B></TD><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A> (". format_plural($node->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Type") .":</B></TD><TD>". check_output($node->type) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Date") .":</B></TD><TD>". format_date($node->timestamp) ."</TD></TR>\n";
Dries's avatar
   
Dries committed
351
352
353
354
355
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
   
Dries committed
356
  $theme->box(t("Track your nodes"), ($output ? $output : t("You have not posted any nodes.")));
Dries's avatar
   
Dries committed
357
358
359
360
  $theme->footer();
}

function account_track_site() {
Dries's avatar
   
Dries committed
361
  global $theme, $user;
Dries's avatar
   
Dries committed
362

Dries's avatar
   
Dries committed
363
  $period = 259200; // 3 days
Dries's avatar
   
Dries committed
364

Dries's avatar
   
Dries committed
365
366
  $theme->header();

Dries's avatar
   
Dries committed
367
  $nresult = db_query("SELECT n.nid, n.title, COUNT(c.cid) AS count FROM comments c LEFT JOIN node n ON n.nid = c.lid WHERE n.status = '". node_status("posted") ."' AND c.timestamp > ". (time() - $period) ." GROUP BY c.lid ORDER BY count DESC");
Dries's avatar
   
Dries committed
368
369
  while ($node = db_fetch_object($nresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to") ." '<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>':</LI>";
Dries's avatar
   
Dries committed
370

Dries's avatar
   
Dries committed
371
    $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = $node->nid ORDER BY c.timestamp DESC LIMIT $node->count");
Dries's avatar
   
Dries committed
372
373
    $output .= "<UL>\n";
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
   
Dries committed
374
      $output .= " <LI>'<A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' ". t("by") ." ". format_username($comment->userid) ."</LI>\n";
Dries's avatar
   
Dries committed
375
376
377
    }
    $output .= "</UL>\n";
  }
Dries's avatar
   
Dries committed
378

Dries's avatar
   
Dries committed
379
380
381
382
383
384
385
386
387
  $theme->box(t("Recent comments"), ($output ? $output : t("No comments recently.")));

  unset($output);

  $result = db_query("SELECT n.title, n.nid, n.type, n.status, u.userid FROM node n LEFT JOIN users u ON n.author = u.id WHERE ". time() ." - n.timestamp < $period ORDER BY n.timestamp DESC LIMIT 10");

  $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
  $output .= " <TR><TH>". t("Subject") ."</TH><TH>". t("Author") ."</TH><TH>". t("Type") ."</TH><TH>". t("Status") ."</TH></TR>\n";
  while ($node = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
388
    $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></TD><TD ALIGN=\"center\">". format_username($node->userid) ."</TD><TD ALIGN=\"center\">$node->type</TD><TD>". node_status($node->status) ."</TD></TR>";
Dries's avatar
   
Dries committed
389
390
391
392
393
  }
  $output .= "</TABLE>";

  $theme->box(t("Recent nodes"), ($output ? $output : t("No nodes recently.")));

Dries's avatar
   
Dries committed
394
395
396
  $theme->footer();
}

Dries's avatar
   
Dries committed
397
// Security check:
Dries's avatar
   
Dries committed
398
399
400
401
402
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

403
switch ($op) {
Dries's avatar
   
Dries committed
404
  case t("E-mail new password"):
Dries's avatar
   
Dries committed
405
    account_email_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
406
    break;
Dries's avatar
   
Dries committed
407
  case t("Create account"):
Dries's avatar
   
Dries committed
408
    if (variable_get("account_register", 1)) account_create_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
409
    break;
Dries's avatar
   
Dries committed
410
  case t("Save user information"):
Dries's avatar
Dries committed
411
412
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
413
    break;
Dries's avatar
   
Dries committed
414
  case t("Save site settings"):
Dries's avatar
   
Dries committed
415
    account_site_save($edit);
416
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
417
    break;
Dries's avatar
   
Dries committed
418
  case t("Save content settings"):
Dries's avatar
   
Dries committed
419
    account_content_save($edit);
Dries's avatar
   
Dries committed
420
421
    account_user($user->userid);
    break;
Dries's avatar
   
Dries committed
422
  case "confirm":
Dries's avatar
   
Dries committed
423
    account_create_confirm(check_input($name), check_input($hash));
Dries's avatar
   
Dries committed
424
425
    break;
  case "login":
Dries's avatar
   
Dries committed
426
    account_session_start(check_input($userid), check_input($passwd));
Dries's avatar
   
Dries committed
427
428
    header("Location: account.php?op=info");
    break;
Dries's avatar
   
Dries committed
429
430
431
432
433
434
435
436
437
438
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
Dries's avatar
   
Dries committed
439
        account_user(check_input($name));
Dries's avatar
   
Dries committed
440
441
442
443
444
445
446
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
Dries's avatar
   
Dries committed
447
448
      case "nodes":
        account_track_nodes();
Dries's avatar
   
Dries committed
449
450
451
452
453
454
455
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
   
Dries committed
456
457
      case "content":
        account_content_edit();
Dries's avatar
   
Dries committed
458
        break;
Dries's avatar
   
Dries committed
459
460
461
      case "site":
        account_site_edit();
        break;
Dries's avatar
   
Dries committed
462
      default:
Dries's avatar
   
Dries committed
463
        account_user_edit();
Dries's avatar
   
Dries committed
464
465
    }
    break;
Dries's avatar
   
Dries committed
466
  default:
Dries's avatar
Dries committed
467
    account_user($user->userid);
Dries's avatar
Dries committed
468
}
Dries's avatar
   
Dries committed
469

Dries's avatar
CHANGES    
Dries committed
470
page_footer();
Dries's avatar
   
Dries committed
471

Dries's avatar
   
Dries committed
472
?>