account.php 25.8 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

3
include_once "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10
function account_email() {
Dries's avatar
 
Dries committed
11
  $output .= "<P>". t("Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.") ."</P>\n";
Dries's avatar
Dries committed
12
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
13 14 15 16 17
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><P>\n";
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("E-mail new password") ."\">\n";
Dries's avatar
Dries committed
18 19 20 21 22 23 24 25
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

Dries's avatar
 
Dries committed
26
  if ($error) $output .= "<P><FONT COLOR=\"red\">". t("Failed to create account: $error.") ."</FONT></P>\n";
Dries's avatar
 
Dries committed
27
  else $output .= "<P>". t("Registering allows you to comment on stories, to moderate comments and pending stories, to customize the look and feel of the site and generally helps you interact with the site more efficiently.") ."</P><P>". t("To create an account, simply fill out this form an click the 'Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.") ."</P>\n";
Dries's avatar
Dries committed
28 29

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
30 31 32 33 34
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><BR>\n";
  $output .= "<SMALL><I>". t("Enter your desired username: only letters, numbers and common special characters are allowed.") ."</I></SMALL><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
35
  $output .= "<SMALL><I>". t("You will be sent instructions on how to validate your account via this e-mail address: make sure it is accurate.") ."</I></SMALL><P>\n";
Dries's avatar
 
Dries committed
36
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("Create account") ."\">\n";
Dries's avatar
Dries committed
37
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
38

Dries's avatar
 
Dries committed
39
  return $output;
40
}
Dries's avatar
 
Dries committed
41

Dries's avatar
Dries committed
42 43
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
44

Dries's avatar
Dries committed
45
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
46
  if ($user->id) {
Dries's avatar
Dries committed
47
    session_register("user");
Dries's avatar
 
Dries committed
48
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
49 50
  }
  else {
Dries's avatar
 
Dries committed
51
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
52 53 54 55
  }
}

function account_session_close() {
Dries's avatar
 
Dries committed
56
  global $user;
Dries's avatar
 
Dries committed
57
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
58 59 60 61 62 63
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
 
Dries committed
64
  global $allowed_html, $theme, $user;
Dries's avatar
Dries committed
65

Dries's avatar
 
Dries committed
66
  if ($user->id) {
Dries's avatar
 
Dries committed
67
    // Generate output/content:
Dries's avatar
Dries committed
68
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
69

Dries's avatar
 
Dries committed
70
    $output .= "<B>". t("Username") .":</B><BR>\n";
Dries's avatar
 
Dries committed
71
    $output .= "&nbsp; $user->userid<P>\n";
Dries's avatar
 
Dries committed
72
    $output .= "<I>". t("Required, unique, and can not be changed.") ."</I><P>\n";
Dries's avatar
 
Dries committed
73

Dries's avatar
 
Dries committed
74
    $output .= "<B>". t("Real name") .":</B><BR>\n";
Dries's avatar
Dries committed
75
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
Dries's avatar
 
Dries committed
76 77
    $output .= "<I>". t("Optional") .".</I><P>\n";

Dries's avatar
 
Dries committed
78
    $output .= "<B>". t("Real e-mail address") .":</B><BR>\n";
Dries's avatar
 
Dries committed
79
    $output .= "&nbsp; $user->real_email<P>\n";
Dries's avatar
 
Dries committed
80
    $output .= "<I>". t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password.") ."</I><P>\n";
Dries's avatar
 
Dries committed
81

Dries's avatar
 
Dries committed
82
    $output .= "<B>". t("Fake e-mail address") .":</B><BR>\n";
Dries's avatar
 
Dries committed
83
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
Dries's avatar
 
Dries committed
84 85
    $output .= "<I>". t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want.") ."</I><P>\n";

Dries's avatar
 
Dries committed
86
    $output .= "<B>". t("Homepage") .":</B><BR>\n";
Dries's avatar
Dries committed
87
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
Dries's avatar
 
Dries committed
88 89
    $output .= "<I>". t("Optional") .". ". t("Make sure you enter fully qualified URLs only.  That is, remember to include \"http://\".") ."</I><P>\n";

Dries's avatar
 
Dries committed
90
    $output .= "<B>". t("Bio") .":</B> (". t("maximal 255 characters") .")<BR>\n";
Dries's avatar
Dries committed
91
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
92 93
    $output .= "<I>". t("Optional") .". ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I><P>\n";

Dries's avatar
 
Dries committed
94
    $output .= "<B>". t("Signature") .":</B> (". t("maximal 255 characters") .")<BR>\n";
Dries's avatar
Dries committed
95
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
96 97
    $output .= "<I>". t("Optional") .". ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I><P>\n";

Dries's avatar
 
Dries committed
98
    $output .= "<B>". t("Password") .":</B><BR>\n";
Dries's avatar
 
Dries committed
99
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
 
Dries committed
100
    $output .= "<I>". t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.") ."</I><P>\n";
Dries's avatar
 
Dries committed
101 102

    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save user information") ."\"><BR>\n";
Dries's avatar
Dries committed
103 104
    $output .= "</FORM>\n";

Dries's avatar
 
Dries committed
105
    // Display output/content:
Dries's avatar
Dries committed
106
    $theme->header();
Dries's avatar
 
Dries committed
107
    $theme->box(t("Edit user information"), $output);
Dries's avatar
Dries committed
108 109 110 111
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
112 113
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
114 115 116 117 118 119
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
120

Dries's avatar
 
Dries committed
121
  if ($user->id) {
Dries's avatar
Dries committed
122
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
123
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
124 125 126
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
127 128 129 130

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
131 132 133
  }
}

Dries's avatar
 
Dries committed
134
function account_site_edit() {
Dries's avatar
 
Dries committed
135
  global $cmodes, $corder, $theme, $themes, $languages, $user;
Dries's avatar
Dries committed
136

Dries's avatar
 
Dries committed
137
  if ($user->id) {
Dries's avatar
Dries committed
138
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
139

Dries's avatar
 
Dries committed
140 141
    $output .= "<B>". t("Theme" ) .":</B><BR>\n";
    foreach ($themes as $key=>$value) $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
 
Dries committed
142
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
 
Dries committed
143
    $output .= "<I>". t("Selecting a different theme will change the look and feel of the site.") ."</I><P>\n";
Dries's avatar
 
Dries committed
144

Dries's avatar
 
Dries committed
145
    $output .= "<B>". t("Timezone") .":</B><BR>\n";
Dries's avatar
 
Dries committed
146
    $date = time() - date("Z");
Dries's avatar
 
Dries committed
147
    for ($zone = -43200; $zone <= 46800; $zone += 3600) $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
Dries's avatar
 
Dries committed
148
    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
Dries's avatar
 
Dries committed
149
    $output .= "<I>". t("Select what time you currently have and your timezone settings will be set appropriate.") ."</I><P>\n";
Dries's avatar
 
Dries committed
150 151 152 153 154 155

    $output .= "<B>". t("Language" ) .":</B><BR>\n";
    foreach ($languages as $key=>$value) $options3 .= " <OPTION VALUE=\"$key\"". (($user->language == $key) ? " SELECTED" : "") .">$value - $key</OPTION>\n";
    $output .= "<SELECT NAME=\"edit[language]\">\n$options3</SELECT><BR>\n";
    $output .= "<I>". t("Selecting a different language will change the language the site.") ."</I><P>\n";

Dries's avatar
 
Dries committed
156
    $output .= "<B>". t("Maximum number of stories to display") .":</B><BR>\n";
Dries's avatar
 
Dries committed
157 158
    for ($stories = 10; $stories <= 30; $stories += 5) $options4 .= "<OPTION VALUE=\"$stories\"". (($user->stories == $stories) ? " SELECTED" : "") .">$stories</OPTION>\n";
    $output .= "<SELECT NAME=\"edit[stories]\">\n$options4</SELECT><BR>\n";
Dries's avatar
 
Dries committed
159
    $output .= "<I>". t("The maximum number of stories that will be displayed on the main page.") ."</I><P>\n";
Dries's avatar
 
Dries committed
160 161
    foreach ($cmodes as $key=>$value) $options5 .= "<OPTION VALUE=\"$key\"". ($user->mode == $key ? " SELECTED" : "") .">$value</OPTION>\n";

Dries's avatar
 
Dries committed
162
    $output .= "<B>". t("Comment display mode") .":</B><BR>\n";
Dries's avatar
 
Dries committed
163 164 165
    $output .= "<SELECT NAME=\"edit[mode]\">$options5</SELECT><P>\n";
    foreach ($corder as $key=>$value) $options6 .= "<OPTION VALUE=\"$key\"". ($user->sort == $key ? " SELECTED" : "") .">$value</OPTION>\n";

Dries's avatar
 
Dries committed
166
    $output .= "<B>". t("Comment sort order") .":</B><BR>\n";
Dries's avatar
 
Dries committed
167 168 169
    $output .= "<SELECT NAME=\"edit[sort]\">$options6</SELECT><P>\n";
    for ($i = -1; $i < 6; $i++) $options7 .= " <OPTION VALUE=\"$i\"". ($user->threshold == $i ? " SELECTED" : "") .">Filter - $i</OPTION>";

Dries's avatar
 
Dries committed
170
    $output .= "<B>". t("Comment filter") .":</B><BR>\n";
Dries's avatar
 
Dries committed
171
    $output .= "<SELECT NAME=\"edit[threshold]\">$options7</SELECT><BR>\n";
Dries's avatar
 
Dries committed
172
    $output .= "<I>". t("Comments that scored less than this threshold setting will be ignored.  Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.") ."</I><P>\n";
Dries's avatar
 
Dries committed
173 174

    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save site settings") ."\"><BR>\n";
Dries's avatar
Dries committed
175 176 177
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
178
    $theme->box(t("Edit your preferences"), $output);
Dries's avatar
Dries committed
179 180 181 182
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
183 184
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
185 186 187 188
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
189
function account_site_save($edit) {
Dries's avatar
Dries committed
190
  global $user;
Dries's avatar
 
Dries committed
191

Dries's avatar
 
Dries committed
192
  if ($user->id) {
Dries's avatar
Dries committed
193
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
194
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
195
    $data[language] = $edit[language];
Dries's avatar
 
Dries committed
196 197 198 199 200
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
201
  }
202
}
Dries's avatar
 
Dries committed
203

Dries's avatar
 
Dries committed
204
function account_content_edit() {
Dries's avatar
 
Dries committed
205 206 207 208
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
209
    $output .= "<B>". t("Blocks in side bars") .":</B><BR>\n";
Dries's avatar
 
Dries committed
210
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
 
Dries committed
211 212
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
 
Dries committed
213
      $output .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> ". t($block->name) ."<BR>\n";
Dries's avatar
 
Dries committed
214
    }
Dries's avatar
 
Dries committed
215
    $output .= "<P><I>". t("Enable the blocks you would like to see displayed in the side bars.") ."</I></P>\n";
Dries's avatar
 
Dries committed
216
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Save content settings") ."\">\n";
Dries's avatar
 
Dries committed
217 218 219
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
220
    $theme->box(t("Edit your content"), $output);
Dries's avatar
 
Dries committed
221 222 223 224
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
225 226
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
 
Dries committed
227 228 229 230
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
231
function account_content_save($edit) {
Dries's avatar
 
Dries committed
232 233 234
  global $user;
  if ($user->id) {
    db_query("DELETE FROM layout WHERE user = $user->id");
Dries's avatar
 
Dries committed
235 236
    foreach (($edit ? $edit : array()) as $block=>$weight) {
      db_query("INSERT INTO layout (user, block) VALUES ('". check_input($user->id) ."', '". check_input($block) ."')");
Dries's avatar
 
Dries committed
237 238 239 240
    }
  }
}

Dries's avatar
Dries committed
241
function account_user($uname) {
Dries's avatar
 
Dries committed
242
  global $user, $theme;
Dries's avatar
 
Dries committed
243

Dries's avatar
 
Dries committed
244 245 246 247 248 249 250
  function module($name, $module, $username) {
    global $theme;
    if ($module["user"] && $block = $module["user"]($username, "user", "view")) {
      if ($block["content"]) $theme->box($block["subject"], $block["content"]);
    }
  }

Dries's avatar
 
Dries committed
251
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
252
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
 
Dries committed
253 254 255 256 257
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Bio") .":</B></TD><TD>". check_output($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Signature") .":</B></TD><TD>". check_output($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
258
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
259

Dries's avatar
 
Dries committed
260
    // Display account information:
Dries's avatar
 
Dries committed
261
    $theme->header();
Dries's avatar
 
Dries committed
262
    $theme->box(t("Personal information"), $output);
Dries's avatar
 
Dries committed
263 264
    $theme->footer();
  }
Dries's avatar
Dries committed
265
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
266
    $block1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
267 268 269 270
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$account->userid</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>". t("Bio") .":</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
271
    $block1 .= "</TABLE>\n";
272

Dries's avatar
 
Dries committed
273
    $result = db_query("SELECT c.cid, c.pid, c.lid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.lid WHERE u.userid = '$uname' AND s.status = 2 AND c.link = 'story' AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
274
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
275
      $block2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
276 277 278
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Comment") .":</B></TD><TD><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Date") .":</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
      $block2 .= " <TR><TD ALIGN=\"right\"><B>". t("Story") .":</B></TD><TD><A HREF=\"story.php?id=$comment->lid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
279 280
      $block2 .= "</TABLE>\n";
      $block2 .= "<P>\n";
281 282
      $comments++;
    }
Dries's avatar
 
Dries committed
283

Dries's avatar
 
Dries committed
284
    // Display account information:
Dries's avatar
 
Dries committed
285
    $theme->header();
Dries's avatar
Dries committed
286
    if ($block1) $theme->box(strtr(t("%a's user information"), array("%a" => $uname)), $block1);
Dries's avatar
 
Dries committed
287
    if ($block2) $theme->box(strtr(t("%a has posted %b recently"), array("%a" => $uname, "%b" => format_plural($comments, "comment", "comments"))), $block2);
Dries's avatar
 
Dries committed
288
    module_iterate("module", $uname);
Dries's avatar
 
Dries committed
289 290
    $theme->footer();
  }
Dries's avatar
 
Dries committed
291
  else {
Dries's avatar
 
Dries committed
292
    // Display login form:
Dries's avatar
 
Dries committed
293
    $theme->header();
Dries's avatar
 
Dries committed
294 295
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
 
Dries committed
296
    $theme->footer();
Dries's avatar
Dries committed
297 298
  }
}
Dries's avatar
 
Dries committed
299

Dries's avatar
 
Dries committed
300
function account_validate($user) {
Dries's avatar
 
Dries committed
301 302
  global $type2index;

Dries's avatar
 
Dries committed
303
  // Verify username and e-mail address:
Dries's avatar
 
Dries committed
304 305 306
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error = t("the specified e-mail address is not valid");
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error = t("the specified username is not valid");
  if (strlen($user[userid]) > 15) $error = t("the specified username is too long: it must be less than 15 characters");
Dries's avatar
 
Dries committed
307

Dries's avatar
 
Dries committed
308
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
309 310
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error = t("the specified username is banned") .": <I>$ban->reason</I>";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error = t("the specified e-mail address is banned") .": <I>$ban->reason</I>.";
Dries's avatar
 
Dries committed
311

Dries's avatar
 
Dries committed
312
  // Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
313 314
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the specified username is already taken");
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error = t("the specified e-mail address is already used for another account");
Dries's avatar
 
Dries committed
315 316

  return $error;
Dries's avatar
Dries committed
317 318
}

Dries's avatar
Dries committed
319
function account_email_submit($userid, $email) {
Dries's avatar
 
Dries committed
320
  global $theme, $site_name, $site_url;
321

Dries's avatar
Dries committed
322
  $result = db_query("SELECT id FROM users WHERE userid = '". check_input($userid) ."' AND real_email = '". check_input($email) ."'");
Dries's avatar
 
Dries committed
323

Dries's avatar
Dries committed
324
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
325 326
    $passwd = account_password();
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
327
    $status = 1;
Dries's avatar
 
Dries committed
328

Dries's avatar
 
Dries committed
329
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
330

Dries's avatar
 
Dries committed
331
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
Dries's avatar
Dries committed
332 333 334 335
    $subject = strtr(t("Account details for %a"), array("%a" => $site_name));
    $message = strtr(t("%a,\n\n\nyou requested us to e-mail you a new password for your account at %b.  You will need to re-confirm your account or you will not be able to login.  To confirm your account updates visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team"), array("%a" => $userid, "%b" => $site_name, "%c" => $link, "%d" => $passwd));

    print "<PRE>$subject<BR>$message</PRE>";
Dries's avatar
Dries committed
336 337 338

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
Dries committed
339
    mail($email, $subject, $message, "From: noreply");
Dries's avatar
Dries committed
340 341 342 343 344

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
Dries's avatar
 
Dries committed
345
    $output = t("Could not sent password: no match for the specified username and e-mail address.");
Dries's avatar
Dries committed
346
  }
Dries's avatar
 
Dries committed
347

Dries's avatar
Dries committed
348
  $theme->header();
Dries's avatar
 
Dries committed
349
  $theme->box(t("E-mail new password"), $output);
Dries's avatar
Dries committed
350 351
  $theme->footer();
}
Dries's avatar
 
Dries committed
352

Dries's avatar
Dries committed
353 354
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
Dries's avatar
 
Dries committed
355

Dries's avatar
 
Dries committed
356 357
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
 
Dries committed
358 359

  if ($error = account_validate($new)) {
Dries's avatar
Dries committed
360
    $theme->header();
Dries's avatar
 
Dries committed
361
    $theme->box(t("Create user account"), account_create($new, $error));
Dries's avatar
Dries committed
362
    $theme->footer();
Dries's avatar
 
Dries committed
363 364 365 366 367
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
368

Dries's avatar
 
Dries committed
369
    user_save($new);
Dries's avatar
Dries committed
370

Dries's avatar
 
Dries committed
371
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
Dries's avatar
Dries committed
372 373
    $subject = strtr(t("Account details for %a"), array("%a" => $site_name));
    $message = strtr(t("%a,\n\n\nsomeone signed up for a user account on %b and supplied this e-mail address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.  If this was you, you will have to confirm your account first or you will not be able to login.  To confirm your account visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team\n"), array("%a" => $new[userid], "%b" => $site_name, "%c" => $link, "%d" => $new[passwd]));
Dries's avatar
 
Dries committed
374

Dries's avatar
Dries committed
375
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
376

Dries's avatar
Dries committed
377
    mail($new[real_email], $subject, $message, "From: noreply");
Dries's avatar
 
Dries committed
378

Dries's avatar
 
Dries committed
379
    $theme->header();
Dries's avatar
Dries committed
380
    $theme->box(t("Create user account"), t("Congratulations!  Your member account has been successfully created and further instructions on how to confirm your account have been sent to your e-mail address.  You have to confirm your account first or you will not be able to login."));
Dries's avatar
 
Dries committed
381 382 383 384
    $theme->footer();
  }
}

Dries's avatar
Dries committed
385
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
386 387 388 389 390 391 392 393
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
Dries's avatar
 
Dries committed
394 395
        $output .= "Your account has been successfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
        watchdog("message", "$name: account confirmation successful");
Dries's avatar
 
Dries committed
396 397 398
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
399
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
400 401 402 403
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
404
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
405 406 407 408
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
409
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
410 411 412
  }

  $theme->header();
Dries's avatar
 
Dries committed
413
  $theme->box(t("Create user account"), $output);
Dries's avatar
 
Dries committed
414
  $theme->footer();
Dries's avatar
Dries committed
415
}
Dries's avatar
 
Dries committed
416

Dries's avatar
Dries committed
417
function account_password($min_length=6) {
418
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
419
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
420
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
421
  return $password;
Dries's avatar
Dries committed
422 423
}

Dries's avatar
 
Dries committed
424
function account_track_comments() {
Dries's avatar
Dries committed
425
  global $theme, $user;
Dries's avatar
 
Dries committed
426

Dries's avatar
 
Dries committed
427
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
Dries's avatar
 
Dries committed
428

Dries's avatar
 
Dries committed
429
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
430
    $output .= "<LI>". format_plural($story->count, "comment", "comments") ." ". t("attached to story") ." `<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
431
    $output .= " <UL>\n";
Dries's avatar
 
Dries committed
432

Dries's avatar
 
Dries committed
433
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND lid = $story->id");
Dries's avatar
 
Dries committed
434
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
435
      $output .= "  <LI><A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - ". t("replies") .": ". comment_num_replies($comment->cid) ." - ". t("score") .": ". comment_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
436 437 438
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
439

Dries's avatar
Dries committed
440
  $theme->header();
Dries's avatar
 
Dries committed
441
  $theme->box(t("Track your comments"), ($output ? $output : t("You have not posted any comments recently.")));
Dries's avatar
Dries committed
442
  $theme->footer();
Dries's avatar
 
Dries committed
443 444
}

Dries's avatar
 
Dries committed
445 446 447
function account_track_stories() {
  global $theme, $user;

Dries's avatar
 
Dries committed
448
  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.section, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
Dries's avatar
 
Dries committed
449

Dries's avatar
 
Dries committed
450 451
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
452 453 454
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Subject") .":</B></TD><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Section") .":</B></TD><TD><A HREF=\"search.php?section=". urlencode($story->section) ."\">". check_output($story->section) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Date") .":</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
455 456 457 458 459
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
 
Dries committed
460
  $theme->box(t("Track your stories"), ($output ? $output : t("You have not posted any stories.")));
Dries's avatar
 
Dries committed
461 462 463 464 465 466
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

Dries's avatar
 
Dries committed
467
  $period = 259200; // 3 days
Dries's avatar
 
Dries committed
468

Dries's avatar
 
Dries committed
469 470
  $sresult = db_query("SELECT s.subject, s.id, COUNT(c.lid) AS count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE s.status = 2 AND c.link = 'story' AND ". time() ." - c.timestamp < $period GROUP BY c.lid ORDER BY count DESC LIMIT 10");
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
471
    $output .= "<LI>". format_plural($story->count, "comment", "comments") ." ". t("attached to story") ." '<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>':</LI>";
Dries's avatar
 
Dries committed
472

Dries's avatar
 
Dries committed
473 474 475
    $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = $story->id AND c.link = 'story' ORDER BY timestamp DESC LIMIT $story->count");
    $output .= "<UL>\n";
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
476
      $output .= " <LI>'<A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' ". t("by") ." ". format_username($comment->userid) ."</LI>\n";
Dries's avatar
 
Dries committed
477 478 479
    }
    $output .= "</UL>\n";
  }
Dries's avatar
 
Dries committed
480

Dries's avatar
 
Dries committed
481
  $theme->header();
Dries's avatar
 
Dries committed
482
  $theme->box(strtr(t("Track %a"), array("%a" => $site_name)), ($output ? $output : t("No comments or stories posted recently.")));
Dries's avatar
 
Dries committed
483 484 485
  $theme->footer();
}

Dries's avatar
 
Dries committed
486
// Security check:
Dries's avatar
 
Dries committed
487 488 489 490 491
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

492
switch ($op) {
Dries's avatar
 
Dries committed
493
  case t("E-mail new password"):
Dries's avatar
Dries committed
494 495
    account_email_submit($userid, $email);
    break;
Dries's avatar
 
Dries committed
496
  case t("Create account"):
Dries's avatar
Dries committed
497
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
498
    break;
Dries's avatar
 
Dries committed
499
  case t("Save user information"):
Dries's avatar
Dries committed
500 501
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
502
    break;
Dries's avatar
 
Dries committed
503
  case t("Save site settings"):
Dries's avatar
 
Dries committed
504
    account_site_save($edit);
505
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
506
    break;
Dries's avatar
 
Dries committed
507
  case t("Save content settings"):
Dries's avatar
 
Dries committed
508
    account_content_save($edit);
Dries's avatar
 
Dries committed
509 510
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
511 512 513 514 515 516 517
  case "confirm":
    account_create_confirm($name, $hash);
    break;
  case "login":
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
    break;
Dries's avatar
 
Dries committed
518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
 
Dries committed
545 546
      case "content":
        account_content_edit();
Dries's avatar
 
Dries committed
547
        break;
Dries's avatar
 
Dries committed
548 549 550
      case "site":
        account_site_edit();
        break;
Dries's avatar
 
Dries committed
551
      default:
Dries's avatar
 
Dries committed
552
        account_user_edit();
Dries's avatar
 
Dries committed
553 554
    }
    break;
Dries's avatar
 
Dries committed
555
  default:
Dries's avatar
Dries committed
556
    account_user($user->userid);
Dries's avatar
Dries committed
557
}
Dries's avatar
 
Dries committed
558

Dries's avatar
 
Dries committed
559
?>