account.php 27.8 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

Dries's avatar
Dries committed
3
include "includes/theme.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
 
Dries committed
10
function account_login() {
Dries's avatar
Dries committed
11 12
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
 
Dries committed
13 14 15
  $output .= "  <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n";
  $output .= "  <TR><TH ALIGN=\"right\">Password:</TH><TD><INPUT NAME=\"passwd\" TYPE=\"password\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Login\"></TD></TR>\n";
Dries's avatar
 
Dries committed
16 17
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";
Dries's avatar
Dries committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

  return $output;
}

function account_email() {
  $output .= "<P>Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
  $output .= "  <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n";
  $output .= "  <TR><TH ALIGN=\"right\">E-mail addres:</TH><TD><INPUT NAME=\"email\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\"></TD></TR>\n";
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to maintain an online diary, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"userid\" VALUE=\"$userid\"><BR>\n";
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"email\" VALUE=\"$email\"><BR>\n";
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
  $output .= "</P>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
56

Dries's avatar
 
Dries committed
57
  return $output;
58
}
Dries's avatar
 
Dries committed
59

Dries's avatar
Dries committed
60 61
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
62

Dries's avatar
Dries committed
63
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
64 65
  if ($user->id) {
    session_start();
Dries's avatar
Dries committed
66
    session_register("user");
Dries's avatar
 
Dries committed
67
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
68 69
  }
  else {
Dries's avatar
 
Dries committed
70
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
71 72 73 74 75
  }
}

function account_session_close() {
  global $user;  
Dries's avatar
 
Dries committed
76
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
77 78 79 80 81 82 83 84
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
  global $theme, $user;

Dries's avatar
 
Dries committed
85
  if ($user->id) {
Dries's avatar
Dries committed
86 87
    ### Generate output/content:
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
88 89 90
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
91 92 93 94
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
95 96
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
97
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
98 99
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
100 101 102 103 104 105
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
Dries's avatar
 
Dries committed
106
    $output .= "<B>Signature:</B> (255 char. limit)<BR>\n";
Dries's avatar
Dries committed
107 108 109
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
110
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
111 112 113 114 115 116 117 118 119 120 121
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

    ### Display output/content:
    $theme->header();
    $theme->box("Edit your information", $output);
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
122
    $theme->box("Login", account_login()); 
Dries's avatar
Dries committed
123 124
    $theme->box("E-mail password", account_email());
    $theme->box("Create new account", account_create());
Dries's avatar
Dries committed
125 126 127 128 129 130
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
131
  if ($user->id) {
Dries's avatar
Dries committed
132
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
133
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
134 135 136
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
137 138 139 140

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
141 142 143 144 145 146
  }
}

function account_page_edit() {
  global $theme, $themes, $user;

Dries's avatar
 
Dries committed
147
  if ($user->id) {
Dries's avatar
Dries committed
148 149 150 151
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";

    foreach ($themes as $key=>$value) { 
Dries's avatar
 
Dries committed
152
      $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
Dries committed
153 154
    }

Dries's avatar
 
Dries committed
155
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
Dries committed
156
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
157 158 159
    $output .= "<B>Timezone:</B><BR>\n";

    $date = time() - date("Z");
Dries's avatar
 
Dries committed
160
    for ($zone = -43200; $zone <= 46800; $zone += 3600) {
Dries's avatar
 
Dries committed
161 162 163 164 165
      $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
    }

    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
    $output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
Dries's avatar
Dries committed
166
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
167
    $output .= "<INPUT NAME=\"edit[stories]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->stories\"><P>\n";
Dries's avatar
Dries committed
168
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
169 170 171
    $options  = "<OPTION VALUE=\"nested\"". ($user->mode == "nested" ? " SELECTED" : "") .">Nested</OPTION>";
    $options .= "<OPTION VALUE=\"flat\"". ($user->mode == "flat" ? " SELECTED" : "") .">Flat</OPTION>";
    $options .= "<OPTION VALUE=\"threaded\"". ($user->mode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>";
Dries's avatar
Dries committed
172
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
173 174 175 176
    $output .= "<SELECT NAME=\"edit[mode]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"0\"". ($user->sort == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->sort == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->sort == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
Dries's avatar
Dries committed
177
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
178 179 180 181 182 183 184 185
    $output .= "<SELECT NAME=\"edit[sort]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
    $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
    $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
    $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
    $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
Dries committed
186
    $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
187
    $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n";
Dries's avatar
Dries committed
188 189 190 191 192
    $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save page settings\"><BR>\n";
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
193
    $theme->box("Edit your settings", $output);
Dries's avatar
Dries committed
194 195 196 197
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
198
    $theme->box("Login", account_login()); 
Dries's avatar
Dries committed
199 200
    $theme->box("E-mail password", account_email());
    $theme->box("E-mail password", account_create());
Dries's avatar
Dries committed
201 202 203 204 205 206
    $theme->footer();
  }
}

function account_page_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
207
  if ($user->id) {
Dries's avatar
Dries committed
208
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
209
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
210 211 212 213 214
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
215
  }
216
}
Dries's avatar
 
Dries committed
217

Dries's avatar
Dries committed
218
function account_user($uname) {
Dries's avatar
 
Dries committed
219
  global $user, $theme;
Dries's avatar
 
Dries committed
220

Dries's avatar
 
Dries committed
221
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
222
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
223 224
    $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
225
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
226 227 228
    $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
229
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
230 231

    ### Display account information:
Dries's avatar
 
Dries committed
232
    $theme->header();
Dries's avatar
 
Dries committed
233
    $theme->box("View your information", $output);
Dries's avatar
 
Dries committed
234 235
    $theme->footer();
  }
Dries's avatar
Dries committed
236
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
237
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
238
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
Dries's avatar
 
Dries committed
239
    $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
240 241
    $box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
242 243
    $box1 .= "</TABLE>\n";

Dries's avatar
Dries committed
244
    $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND s.status = 2 AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
245
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
246
      $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
247
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
248
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
249
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
250
      $box2 .= "</TABLE>\n";
Dries's avatar
 
Dries committed
251
      $box2 .= "<P>\n";
252 253
      $comments++;
    }
Dries's avatar
 
Dries committed
254

255 256
    $result = db_query("SELECT d.* FROM diaries d LEFT JOIN users u ON u.id = d.author WHERE u.userid = '$uname' AND d.timestamp > ". (time() - 1209600) ."  ORDER BY id DESC LIMIT 2");
    while ($diary = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
257
      $box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
258 259 260
      $diaries++;
    }
    
Dries's avatar
 
Dries committed
261
    ### Display account information:
Dries's avatar
 
Dries committed
262
    $theme->header();
263 264 265
    if ($box1) $theme->box("User information for $uname", $box1);
    if ($box2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $box2);
    if ($box3) $theme->box("$uname has posted ". format_plural($diaries, "diary entry", "diary entries") ." recently", $box3);
Dries's avatar
 
Dries committed
266 267 268
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
269
    ### Display login form:
Dries's avatar
 
Dries committed
270
    $theme->header();
Dries's avatar
 
Dries committed
271
    $theme->box("Login", account_login()); 
Dries's avatar
Dries committed
272 273
    $theme->box("E-mail password", account_email());
    $theme->box("Create new account", account_create());
Dries's avatar
 
Dries committed
274
    $theme->footer();
Dries's avatar
Dries committed
275 276
  }
}
Dries's avatar
 
Dries committed
277

Dries's avatar
 
Dries committed
278 279
function account_validate($user) {
  include "includes/ban.inc";
Dries's avatar
Dries committed
280

Dries's avatar
 
Dries committed
281 282 283 284 285 286 287 288 289 290 291 292 293 294
  ### Verify username and e-mail address:
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

  ### Check to see whether the username or e-mail address are banned:
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

  ### Verify whether username and e-mail address are unique:
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
295 296
}

Dries's avatar
Dries committed
297 298
function account_email_submit($userid, $email) {
  global $theme, $site_name, $site_url; 
299

Dries's avatar
Dries committed
300 301 302
  $result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
  
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
303 304 305
    $passwd = account_password();
    $status = 1;
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
306

Dries's avatar
 
Dries committed
307
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
308

Dries's avatar
 
Dries committed
309 310
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
    $message = "$userid,\n\n\nyou requested us to e-mail you a new password for your $site_name account.  Note that you will need to re-activate your account before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically re-activate your account.  Once activated you can login using the following information:\n\n    username: $userid\n    password: $passwd\n\n\n-- $site_name crew\n";
Dries's avatar
Dries committed
311 312 313

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
 
Dries committed
314
    mail($email, "Account details for $site_name", $message, "From: noreply");
Dries's avatar
Dries committed
315 316 317 318 319 320 321

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
    $output = "Could not sent password: no match for the specified username and e-mail address.";
  }
Dries's avatar
 
Dries committed
322

Dries's avatar
Dries committed
323
  $theme->header();
Dries's avatar
Dries committed
324
  $theme->box("E-mail password", $output);
Dries's avatar
Dries committed
325 326
  $theme->footer();
}
Dries's avatar
 
Dries committed
327

Dries's avatar
Dries committed
328 329 330 331 332
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
  
  $new[userid] = $userid;
  $new[real_email] = $email;
Dries's avatar
 
Dries committed
333
  
Dries's avatar
 
Dries committed
334
  if ($rval = account_validate($new)) { 
Dries's avatar
Dries committed
335 336 337
    $theme->header();
    $theme->box("Create new account", account_create($new, $rval));
    $theme->footer();
Dries's avatar
 
Dries committed
338 339 340 341 342
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
343

Dries's avatar
 
Dries committed
344
    user_save($new);
Dries's avatar
Dries committed
345

Dries's avatar
 
Dries committed
346 347
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $site_name crew\n";
Dries's avatar
 
Dries committed
348

Dries's avatar
Dries committed
349
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
350

Dries's avatar
 
Dries committed
351
    mail($new[real_email], "Account details for $site_name", $message, "From: noreply");
Dries's avatar
 
Dries committed
352

Dries's avatar
 
Dries committed
353
    $theme->header();
Dries's avatar
Dries committed
354
    $theme->box("Create new account", "Congratulations!  Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
Dries's avatar
 
Dries committed
355 356 357 358
    $theme->footer();
  }
}

Dries's avatar
Dries committed
359
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
360 361 362 363 364 365 366 367 368
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
        $output .= "Your account has been sucessfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
 
Dries committed
369
        watchdog("message", "$name: account confirmation sucessful");
Dries's avatar
 
Dries committed
370 371 372
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
373
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
374 375 376 377
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
378
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
379 380 381 382
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
383
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
384 385 386 387 388
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
389
}
Dries's avatar
 
Dries committed
390

Dries's avatar
Dries committed
391
function account_password($min_length=6) {
392
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
393
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
394
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
395
  return $password;
Dries's avatar
Dries committed
396 397
}

Dries's avatar
 
Dries committed
398
function account_track_comments() {
Dries's avatar
Dries committed
399
  global $theme, $user;
Dries's avatar
 
Dries committed
400

Dries's avatar
 
Dries committed
401
  $msg = "<P>This page might be helpful in case you want to keep track of your recent comments in any of the current discussions.  You are presented an overview of your comments in each of the stories you participated in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
402 403 404 405

  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
406
    $output .= "<LI>". format_plural($story->count, comment, comments) ." attached to story `<A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
407 408 409 410
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
411
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - replies: ". discussion_num_replies($comment->cid) ." - score: ". discussion_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
412 413 414
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
415

Dries's avatar
 
Dries committed
416
  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any comments recently.</B></CENTER>\n";
Dries's avatar
 
Dries committed
417

Dries's avatar
Dries committed
418 419 420
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
421 422
}

Dries's avatar
 
Dries committed
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492
function account_track_stories() {
  global $theme, $user;

  $msg = "<P>This page might be helpful in case you want to keep track of the stories you contributed.  You are presented an overview of your stories along with the number of replies each story got.\n<P>\n"; 

  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.category, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
  
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Category:</B></TD><TD><A HREF=\"search.php?category=". urlencode($story->category) ."\">". check_output($story->category) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any stories.</B></CENTER>\n";

  $theme->header();
  $theme->box("Track your stories", $output);
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

  $result1 = db_query("SELECT c.cid, c.pid, c.sid, c.subject, u.userid, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE s.status = 2 ORDER BY cid DESC LIMIT 10");

  while ($comment = db_fetch_object($result1)) {
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Author:</B></TD><TD>". format_username($comment->userid) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
    $box1 .= "</TABLE>\n";
    $box1 .= "<P>\n";
  }

  $users_total = db_result(db_query("SELECT COUNT(id) FROM users"));
  
  $stories_posted  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 2"));
  $stories_queued  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 1"));
  $stories_dumped = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 0"));

  $result = db_query("SELECT u.userid, COUNT(s.author) AS count FROM stories s LEFT JOIN users u ON s.author = u.id GROUP BY s.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $stories_posters .= format_username($poster->userid) .", ";

  $comments_total = db_result(db_query("SELECT COUNT(cid) FROM comments")); 
  $comments_score = db_result(db_query("SELECT TRUNCATE(AVG(score / votes), 2) FROM comments WHERE votes > 0"));

  $result = db_query("SELECT u.userid, COUNT(c.author) AS count FROM comments c LEFT JOIN users u ON c.author = u.id GROUP BY c.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $comments_posters .= format_username($poster->userid) .", ";

  $diaries_total = db_result(db_query("SELECT COUNT(id) FROM diaries"));

  $result = db_query("SELECT u.userid, COUNT(d.author) AS count FROM diaries d LEFT JOIN users u ON d.author = u.id GROUP BY d.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $diaries_posters .= format_username($poster->userid) .", ";
  
  $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\">\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Users:</B></TD><TD>$users_total users</TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Stories:</B></TD><TD>$stories_posted posted, $stories_queued queued, $stories_dumped dumped<BR><I>[most frequent posters: $stories_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Comments:</B></TD><TD>$comments_total comments with an average score of $comments_score<BR><I>[most frequent posters: $comments_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Diaries:</B></TD><TD>$diaries_total diary entries<BR><I>[most frequent posters: $diaries_posters ...]</I></TD></TR>\n";
  $box2 .= "</TABLE>\n";

  $theme->header();
  $theme->box("Recent comments", $box1);
  $theme->box("Site statistics", $box2);
  $theme->footer();
}

Dries's avatar
 
Dries committed
493 494 495 496 497 498
### Security check:
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

499
switch ($op) {
Dries's avatar
Dries committed
500
  case "Login":
Dries's avatar
Dries committed
501 502
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
503
    break;
Dries's avatar
Dries committed
504 505 506 507 508
  case "E-mail password":
    account_email_submit($userid, $email);
    break;
  case "Create account":
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
509
    break;
Dries's avatar
 
Dries committed
510 511
  case "confirm":
    account_create_confirm($name, $hash);
Dries's avatar
Dries committed
512
    break;
513
  case "Save user information":
Dries's avatar
Dries committed
514 515
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
516
    break;
517
  case "Save page settings":
Dries's avatar
Dries committed
518
    account_page_save($edit);
519
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
520
    break;
Dries's avatar
 
Dries committed
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      case "diary":
        header("Location: diary.php?op=view&name=$user->userid");
        break;        
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
      case "user":
        account_user_edit();
        break;
      case "page":
        account_page_edit();
        break;
      default:
Dries's avatar
Dries committed
558
        header("Location: diary.php?op=add&name=$user->userid");
Dries's avatar
 
Dries committed
559 560
    }
    break;
Dries's avatar
 
Dries committed
561
  default: 
Dries's avatar
Dries committed
562
    account_user($user->userid);
Dries's avatar
Dries committed
563
}
Dries's avatar
 
Dries committed
564

Dries's avatar
Dries committed
565
?>