account.php 19.8 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

Dries's avatar
Dries committed
3
include "includes/theme.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
 
Dries committed
10
function account_login() {
Dries's avatar
Dries committed
11 12
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
 
Dries committed
13 14 15
  $output .= "  <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n";
  $output .= "  <TR><TH ALIGN=\"right\">Password:</TH><TD><INPUT NAME=\"passwd\" TYPE=\"password\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Login\"></TD></TR>\n";
Dries's avatar
 
Dries committed
16 17
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
18 19
  $output .= "You don't have an account yet?  <A HREF=\"account.php?op=register\">Register</A> as new user.\n";

Dries's avatar
 
Dries committed
20
  return $output;
21
}
Dries's avatar
 
Dries committed
22

Dries's avatar
Dries committed
23 24
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
25

Dries's avatar
Dries committed
26
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
27 28
  if ($user->id) {
    session_start();
Dries's avatar
Dries committed
29
    session_register("user");
Dries's avatar
 
Dries committed
30
    watchdog(1, "session opened for user `$user->userid'");
Dries's avatar
Dries committed
31 32
  }
  else {
Dries's avatar
 
Dries committed
33
    watchdog(2, "failed login for user `$userid'");
Dries's avatar
Dries committed
34 35 36 37 38
  }
}

function account_session_close() {
  global $user;  
Dries's avatar
 
Dries committed
39
  watchdog(1, "session closed for user `$user->userid'");
Dries's avatar
Dries committed
40 41 42 43 44 45 46 47
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
  global $theme, $user;

Dries's avatar
 
Dries committed
48
  if ($user->id) {
Dries's avatar
Dries committed
49 50
    ### Generate output/content:
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
51 52 53
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
54 55 56 57
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
58 59
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
60
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
61 62
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
63 64 65 66 67 68 69 70 71 72
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
    $output .= "<B>Singature:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
73
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
74 75 76 77 78 79 80 81 82 83 84
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

    ### Display output/content:
    $theme->header();
    $theme->box("Edit your information", $output);
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
85
    $theme->box("Login", account_login()); 
Dries's avatar
Dries committed
86 87 88 89 90 91
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
92
  if ($user->id) {
Dries's avatar
Dries committed
93
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
94
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
95 96 97
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
98 99 100 101

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
102 103 104 105 106 107
  }
}

function account_page_edit() {
  global $theme, $themes, $user;

Dries's avatar
 
Dries committed
108
  if ($user->id) {
Dries's avatar
Dries committed
109 110 111 112 113 114 115 116 117 118 119 120
    ### Generate output/content:
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";

    ### Loop (dynamically) through all available themes:
    foreach ($themes as $key=>$value) { 
      $options .= "<OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>";
    }

    $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
121
    $output .= "<INPUT NAME=\"edit[stories]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->stories\"><P>\n";
Dries's avatar
Dries committed
122
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
123 124 125
    $options  = "<OPTION VALUE=\"nested\"". ($user->mode == "nested" ? " SELECTED" : "") .">Nested</OPTION>";
    $options .= "<OPTION VALUE=\"flat\"". ($user->mode == "flat" ? " SELECTED" : "") .">Flat</OPTION>";
    $options .= "<OPTION VALUE=\"threaded\"". ($user->mode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>";
Dries's avatar
Dries committed
126
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
127 128 129 130
    $output .= "<SELECT NAME=\"edit[mode]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"0\"". ($user->sort == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->sort == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->sort == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
Dries's avatar
Dries committed
131
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
132 133 134 135 136 137 138 139
    $output .= "<SELECT NAME=\"edit[sort]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
    $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
    $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
    $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
    $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
Dries committed
140
    $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
141
    $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n";
Dries's avatar
Dries committed
142 143 144 145 146 147 148 149 150 151 152
    $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save page settings\"><BR>\n";
    $output .= "</FORM>\n";

    ### Display output/content:
    $theme->header();
    $theme->box("Customize your page", $output);
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
153
    $theme->box("Login", account_login()); 
Dries's avatar
Dries committed
154 155 156 157 158 159
    $theme->footer();
  }
}

function account_page_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
160
  if ($user->id) {
Dries's avatar
Dries committed
161
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
162 163 164 165 166
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
167
  }
168
}
Dries's avatar
 
Dries committed
169

Dries's avatar
Dries committed
170
function account_user($uname) {
Dries's avatar
 
Dries committed
171
  global $user, $theme;
Dries's avatar
 
Dries committed
172

Dries's avatar
 
Dries committed
173
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
174
    $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
Dries's avatar
 
Dries committed
175
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
176 177
    $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
178
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
179 180 181
    $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
182
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
183 184

    ### Display account information:
Dries's avatar
 
Dries committed
185
    $theme->header();
186
    $theme->box("Your user information", $output);
Dries's avatar
 
Dries committed
187 188
    $theme->footer();
  }
Dries's avatar
Dries committed
189
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
190
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
191
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
Dries's avatar
 
Dries committed
192
    $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
193 194
    $box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
195 196 197 198
    $box1 .= "</TABLE>\n";

    $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND c.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
199 200 201 202 203 204
      $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A></TD></TR>\n";
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">$comment->story</A></TD></TR>\n";
      $box2 .= "</TABLE>\n";
      $box2 .= "<BR><BR>\n";
205 206
      $comments++;
    }
Dries's avatar
 
Dries committed
207

208 209
    $result = db_query("SELECT d.* FROM diaries d LEFT JOIN users u ON u.id = d.author WHERE u.userid = '$uname' AND d.timestamp > ". (time() - 1209600) ."  ORDER BY id DESC LIMIT 2");
    while ($diary = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
210
      $box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
211 212 213
      $diaries++;
    }
    
Dries's avatar
 
Dries committed
214
    ### Display account information:
Dries's avatar
 
Dries committed
215
    $theme->header();
216 217 218
    if ($box1) $theme->box("User information for $uname", $box1);
    if ($box2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $box2);
    if ($box3) $theme->box("$uname has posted ". format_plural($diaries, "diary entry", "diary entries") ." recently", $box3);
Dries's avatar
 
Dries committed
219 220 221
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
222
    ### Display login form:
Dries's avatar
 
Dries committed
223
    $theme->header();
Dries's avatar
 
Dries committed
224
    $theme->box("Login", account_login()); 
Dries's avatar
 
Dries committed
225
    $theme->footer();
Dries's avatar
Dries committed
226 227
  }
}
Dries's avatar
 
Dries committed
228

Dries's avatar
 
Dries committed
229 230
function account_validate($user) {
  include "includes/ban.inc";
Dries's avatar
Dries committed
231

Dries's avatar
 
Dries committed
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
  ### Verify username and e-mail address:
  $user[userid] = trim($user[userid]);
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

  ### Check to see whether the username or e-mail address are banned:
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

  ### Verify whether username and e-mail address are unique:
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
247 248
}

Dries's avatar
 
Dries committed
249
function account_register_enter($user = "", $error = "") {
250 251
  global $theme;

Dries's avatar
 
Dries committed
252 253 254 255 256 257 258
  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to maintain an online diary, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Register' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"><BR>\n";
Dries's avatar
 
Dries committed
259
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
Dries's avatar
 
Dries committed
260 261 262 263 264 265 266 267 268
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"new[real_email]\" VALUE=\"$new[real_email]\"><BR>\n";
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Register\">\n";
  $output .= "</P>\n";
Dries's avatar
 
Dries committed
269 270
  $output .= "</FORM>\n";

Dries's avatar
Dries committed
271
  $theme->header();
Dries's avatar
 
Dries committed
272
  $theme->box("Register as new user", $output);
Dries's avatar
Dries committed
273 274
  $theme->footer();
}
Dries's avatar
 
Dries committed
275

Dries's avatar
 
Dries committed
276
function account_register_submit($new) {
Dries's avatar
 
Dries committed
277 278 279
  global $theme, $mail, $sitename, $siteurl;
  
  $siteurl = "www.drop.org"; // temporary solution
Dries's avatar
 
Dries committed
280

Dries's avatar
 
Dries committed
281 282 283 284 285 286 287
  if ($rval = account_validate($new)) { 
    account_register_enter($new, "$rval");
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
288

Dries's avatar
 
Dries committed
289
    user_save($new);
Dries's avatar
Dries committed
290

Dries's avatar
 
Dries committed
291
    $link = "http://$siteurl/account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
Dries's avatar
 
Dries committed
292 293 294
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $sitename and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $sitename crew\n";

    mail($new[real_email], "Account details for $sitename", $message, "From: noreply@$sitename");
Dries's avatar
 
Dries committed
295 296

    watchdog(1, "new user `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
297

Dries's avatar
 
Dries committed
298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333
    $theme->header();
    $theme->box("Account details", "Congratulations!  Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
    $theme->footer();
  }
}

function account_register_confirm($name, $hash) {
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
        $output .= "Your account has been sucessfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
        watchdog(1, "$name: account confirmation sucessful");
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
        watchdog(3, "$name: invalid confirmation hash");
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
      watchdog(3, "$name: attempt to re-confirm account");
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
    watchdog(3, "$name: attempt to confirm non-existing account");
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
334
}
Dries's avatar
 
Dries committed
335

Dries's avatar
Dries committed
336
function account_password($min_length=6) {
337
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
338
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
339
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
340
  return $password;
Dries's avatar
Dries committed
341 342
}

Dries's avatar
Dries committed
343 344
function account_comments() {
  global $theme, $user;
Dries's avatar
 
Dries committed
345

Dries's avatar
 
Dries committed
346
  $info = "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions.  You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
347 348 349 350

  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
351
    $output .= "<LI>". format_plural($story->count, comment, comments) ." in story `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
Dries's avatar
 
Dries committed
352 353 354 355
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
356
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". format_plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
Dries's avatar
 
Dries committed
357 358 359
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
360 361 362

  $output = ($output) ? "$info $output" : "$info <CENTER><B>You have not posted any comments recently.</B></CENTER>\n";

Dries's avatar
Dries committed
363 364 365
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
366 367
}

368
switch ($op) {
Dries's avatar
Dries committed
369
  case "Login":
Dries's avatar
Dries committed
370 371
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
372
    break;
Dries's avatar
 
Dries committed
373 374 375 376 377 378 379 380
  case "register":
    account_register_enter();
    break;
  case "confirm":
    account_register_confirm($name, $hash);
    break;
  case "Register":
    account_register_submit($new);
Dries's avatar
Dries committed
381
    break;
Dries's avatar
 
Dries committed
382
  case "view":
Dries's avatar
Dries committed
383
    account_user($name);
Dries's avatar
 
Dries committed
384
    break;
385
  case "info":
Dries's avatar
Dries committed
386
    account_user($user->userid);
387
    break;
Dries's avatar
 
Dries committed
388
  case "discussion":
Dries's avatar
Dries committed
389
    account_comments();
Dries's avatar
 
Dries committed
390
    break;
natrak's avatar
natrak committed
391
  case "logout":
Dries's avatar
Dries committed
392 393
    account_session_close();
    header("Location: account.php");
Dries's avatar
Dries committed
394
    break;
395
  case "Register":
Dries's avatar
 
Dries committed
396
    account_register_submit($new);
Dries's avatar
Dries committed
397
    break;
Dries's avatar
 
Dries committed
398
  case "user":
Dries's avatar
Dries committed
399
    account_user_edit();
Dries's avatar
Dries committed
400
    break;
Dries's avatar
 
Dries committed
401
  case "page":
Dries's avatar
Dries committed
402
    account_page_edit();
Dries's avatar
Dries committed
403
    break;
404
  case "Save user information":
Dries's avatar
Dries committed
405 406
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
407
    break;
408
  case "Save page settings":
Dries's avatar
Dries committed
409
    account_page_save($edit);
410
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
411
    break;
Dries's avatar
 
Dries committed
412
  default: 
Dries's avatar
Dries committed
413
    account_user($user->userid);
Dries's avatar
Dries committed
414
}
Dries's avatar
 
Dries committed
415

Dries's avatar
Dries committed
416
?>