account.php 28 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

Dries's avatar
 
Dries committed
3
include "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10 11 12
function account_email() {
  $output .= "<P>Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
13 14 15 16 17 18 19 20 21 22 23
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"email\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\">\n";
  $output .= "</P>\n";
Dries's avatar
Dries committed
24 25 26 27 28 29 30 31
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

Dries's avatar
 
Dries committed
32
  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to create account:</FONT>$error</B>\n";
Dries's avatar
 
Dries committed
33
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
Dries's avatar
Dries committed
34 35 36 37

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
Dries's avatar
 
Dries committed
38
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
Dries's avatar
Dries committed
39 40 41 42
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
43
  $output .= " <INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
44 45 46 47 48 49
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
  $output .= "</P>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
50

Dries's avatar
 
Dries committed
51
  return $output;
52
}
Dries's avatar
 
Dries committed
53

Dries's avatar
Dries committed
54 55
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
56

Dries's avatar
Dries committed
57
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
58 59
  if ($user->id) {
    session_start();
Dries's avatar
Dries committed
60
    session_register("user");
Dries's avatar
 
Dries committed
61
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
62 63
  }
  else {
Dries's avatar
 
Dries committed
64
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
65 66 67 68 69
  }
}

function account_session_close() {
  global $user;  
Dries's avatar
 
Dries committed
70
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
71 72 73 74 75 76
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
 
Dries committed
77
  global $allowed_html, $theme, $user;
Dries's avatar
Dries committed
78

Dries's avatar
 
Dries committed
79
  if ($user->id) {
Dries's avatar
 
Dries committed
80
    // Generate output/content:
Dries's avatar
Dries committed
81
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
82 83 84
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
85 86 87 88
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
89 90
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
91
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
92 93
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
94 95 96 97 98
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
99
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.<BR>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I><P>\n";
Dries's avatar
 
Dries committed
100
    $output .= "<B>Signature:</B> (255 char. limit)<BR>\n";
Dries's avatar
Dries committed
101
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
Dries's avatar
 
Dries committed
102
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments.<BR>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I><P>\n";
Dries's avatar
Dries committed
103
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
104
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
105 106 107 108
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

Dries's avatar
 
Dries committed
109
    // Display output/content:
Dries's avatar
Dries committed
110
    $theme->header();
Dries's avatar
 
Dries committed
111
    $theme->box("Edit user information", $output);
Dries's avatar
Dries committed
112 113 114 115
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
116
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
117
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
118 119 120 121 122 123
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
124

Dries's avatar
 
Dries committed
125
  if ($user->id) {
Dries's avatar
Dries committed
126
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
127
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
128 129 130
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
131 132 133 134

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
135 136 137
  }
}

Dries's avatar
 
Dries committed
138
function account_site_edit() {
Dries's avatar
 
Dries committed
139
  global $cmodes, $corder, $theme, $themes, $user;
Dries's avatar
Dries committed
140

Dries's avatar
 
Dries committed
141
  if ($user->id) {
Dries's avatar
Dries committed
142 143 144
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";
    foreach ($themes as $key=>$value) { 
Dries's avatar
 
Dries committed
145
      $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
Dries committed
146
    }
Dries's avatar
 
Dries committed
147
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
Dries committed
148
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
149 150
    $output .= "<B>Timezone:</B><BR>\n";
    $date = time() - date("Z");
Dries's avatar
 
Dries committed
151
    for ($zone = -43200; $zone <= 46800; $zone += 3600) {
Dries's avatar
 
Dries committed
152 153 154 155
      $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
    }
    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
    $output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
Dries's avatar
Dries committed
156
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
157 158 159 160
    for ($stories = 10; $stories <= 30; $stories += 5) {
      $options3 .= "<OPTION VALUE=\"$stories\"". (($user->stories == $stories) ? " SELECTED" : "") .">$stories</OPTION>\n";
    }
    $output .= "<SELECT NAME=\"edit[stories]\">\n$options3</SELECT><BR>\n";
Dries's avatar
Dries committed
161
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
162 163 164
    foreach ($cmodes as $key=>$value) {
      $options4 .= "<OPTION VALUE=\"$key\"". ($user->mode == $key ? " SELECTED" : "") .">$value</OPTION>\n";
    }
Dries's avatar
Dries committed
165
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
166 167 168 169
    $output .= "<SELECT NAME=\"edit[mode]\">$options4</SELECT><P>\n";
    foreach ($corder as $key=>$value) {
      $options5 .= "<OPTION VALUE=\"$key\"". ($user->sort == $key ? " SELECTED" : "") .">$value</OPTION>\n";
    }
Dries's avatar
Dries committed
170
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
171
    $output .= "<SELECT NAME=\"edit[sort]\">$options5</SELECT><P>\n";
Dries's avatar
 
Dries committed
172 173 174 175 176 177 178
    $options  = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
    $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
    $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
    $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
    $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
Dries committed
179
    $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
180
    $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n";
Dries's avatar
Dries committed
181
    $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
Dries's avatar
 
Dries committed
182
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save site settings\"><BR>\n";
Dries's avatar
Dries committed
183 184 185
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
186
    $theme->box("Edit your preferences", $output);
Dries's avatar
Dries committed
187 188 189 190
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
191
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
192
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
193 194 195 196
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
197
function account_site_save($edit) {
Dries's avatar
Dries committed
198
  global $user;
Dries's avatar
 
Dries committed
199

Dries's avatar
 
Dries committed
200
  if ($user->id) {
Dries's avatar
Dries committed
201
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
202
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
203 204 205 206 207
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
208
  }
209
}
Dries's avatar
 
Dries committed
210

Dries's avatar
 
Dries committed
211
function account_content_edit() {
Dries's avatar
 
Dries committed
212 213 214 215 216
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  
Dries's avatar
 
Dries committed
217
    $output .= "<B>Blocks in side bars:</B><BR>\n";
Dries's avatar
 
Dries committed
218

Dries's avatar
 
Dries committed
219
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
 
Dries committed
220 221
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
 
Dries committed
222
      $output .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> $block->name<BR>\n";
Dries's avatar
 
Dries committed
223 224
    } 
 
Dries's avatar
 
Dries committed
225 226
    $output .= "<P><I>Enable the blocks you would like to see displayed in the side bars.</I></P>\n";
    $output .= "<P><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save content settings\"></P>\n";
Dries's avatar
 
Dries committed
227 228 229
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
230
    $theme->box("Edit site content", $output);
Dries's avatar
 
Dries committed
231 232 233 234 235 236 237 238 239 240
    $theme->footer();
  }
  else {
    $theme->header();
    $theme->box("Create user account", account_create());
    $theme->box("E-mail password", account_email());
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
241
function account_content_save($edit) {
Dries's avatar
 
Dries committed
242 243 244
  global $user;
  if ($user->id) {
    db_query("DELETE FROM layout WHERE user = $user->id");
Dries's avatar
 
Dries committed
245 246
    foreach (($edit ? $edit : array()) as $block=>$weight) {
      db_query("INSERT INTO layout (user, block) VALUES ('". check_input($user->id) ."', '". check_input($block) ."')");
Dries's avatar
 
Dries committed
247 248 249 250
    }
  }
}

Dries's avatar
Dries committed
251
function account_user($uname) {
Dries's avatar
 
Dries committed
252
  global $user, $theme;
Dries's avatar
 
Dries committed
253

Dries's avatar
 
Dries committed
254 255 256 257 258 259 260
  function module($name, $module, $username) {
    global $theme;
    if ($module["user"] && $block = $module["user"]($username, "user", "view")) {
      if ($block["content"]) $theme->box($block["subject"], $block["content"]);
    }
  }

Dries's avatar
 
Dries committed
261
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
262
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
263 264
    $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
265
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
266 267 268
    $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
269
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
270

Dries's avatar
 
Dries committed
271
    // Display account information:
Dries's avatar
 
Dries committed
272
    $theme->header();
Dries's avatar
 
Dries committed
273
    $theme->box("View user settings", $output);
Dries's avatar
 
Dries committed
274 275
    $theme->footer();
  }
Dries's avatar
Dries committed
276
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
277 278 279 280 281 282
    $block1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
    $block1 .= "</TABLE>\n";
283

Dries's avatar
 
Dries committed
284
    $result = db_query("SELECT c.cid, c.pid, c.lid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.lid WHERE u.userid = '$uname' AND s.status = 2 c.link = 'story' AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
285
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
286
      $block2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
287
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
288
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
289
      $block2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"story.php?id=$comment->lid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
290 291
      $block2 .= "</TABLE>\n";
      $block2 .= "<P>\n";
292 293
      $comments++;
    }
Dries's avatar
 
Dries committed
294

Dries's avatar
 
Dries committed
295
    // Display account information:
Dries's avatar
 
Dries committed
296
    $theme->header();
Dries's avatar
 
Dries committed
297 298
    if ($block1) $theme->box("User information for $uname", $block1);
    if ($block2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $block2);
Dries's avatar
 
Dries committed
299
    module_iterate("module", $uname);
Dries's avatar
 
Dries committed
300 301 302
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
303
    // Display login form:
Dries's avatar
 
Dries committed
304
    $theme->header();
Dries's avatar
 
Dries committed
305
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
306
    $theme->box("E-mail password", account_email());
Dries's avatar
 
Dries committed
307
    $theme->footer();
Dries's avatar
Dries committed
308 309
  }
}
Dries's avatar
 
Dries committed
310

Dries's avatar
 
Dries committed
311
function account_validate($user) {
Dries's avatar
 
Dries committed
312 313
  global $type2index;

Dries's avatar
 
Dries committed
314
  // Verify username and e-mail address:
Dries's avatar
 
Dries committed
315 316 317 318
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

Dries's avatar
 
Dries committed
319
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
320 321 322
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

Dries's avatar
 
Dries committed
323
  // Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
324 325 326 327
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
328 329
}

Dries's avatar
Dries committed
330 331
function account_email_submit($userid, $email) {
  global $theme, $site_name, $site_url; 
332

Dries's avatar
Dries committed
333 334 335
  $result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
  
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
336 337 338
    $passwd = account_password();
    $status = 1;
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
339

Dries's avatar
 
Dries committed
340
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
341

Dries's avatar
 
Dries committed
342 343
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
    $message = "$userid,\n\n\nyou requested us to e-mail you a new password for your $site_name account.  Note that you will need to re-activate your account before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically re-activate your account.  Once activated you can login using the following information:\n\n    username: $userid\n    password: $passwd\n\n\n-- $site_name crew\n";
Dries's avatar
Dries committed
344 345 346

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
 
Dries committed
347
    mail($email, "Account details for $site_name", $message, "From: noreply");
Dries's avatar
Dries committed
348 349 350 351 352 353 354

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
    $output = "Could not sent password: no match for the specified username and e-mail address.";
  }
Dries's avatar
 
Dries committed
355

Dries's avatar
Dries committed
356
  $theme->header();
Dries's avatar
Dries committed
357
  $theme->box("E-mail password", $output);
Dries's avatar
Dries committed
358 359
  $theme->footer();
}
Dries's avatar
 
Dries committed
360

Dries's avatar
Dries committed
361 362 363
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
  
Dries's avatar
 
Dries committed
364 365
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
 
Dries committed
366
  
Dries's avatar
 
Dries committed
367
  if ($error = account_validate($new)) { 
Dries's avatar
Dries committed
368
    $theme->header();
Dries's avatar
 
Dries committed
369
    $theme->box("Create user account", account_create($new, $error));
Dries's avatar
Dries committed
370
    $theme->footer();
Dries's avatar
 
Dries committed
371 372 373 374 375
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
376

Dries's avatar
 
Dries committed
377
    user_save($new);
Dries's avatar
Dries committed
378

Dries's avatar
 
Dries committed
379 380
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $site_name crew\n";
Dries's avatar
 
Dries committed
381

Dries's avatar
Dries committed
382
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
383

Dries's avatar
 
Dries committed
384
    mail($new[real_email], "Account details for $site_name", $message, "From: noreply");
Dries's avatar
 
Dries committed
385

Dries's avatar
 
Dries committed
386
    $theme->header();
Dries's avatar
 
Dries committed
387
    $theme->box("Create user account", "Congratulations!  Your member account has been successfully created and further instructions on how to activate your account have been sent to your e-mail address.");
Dries's avatar
 
Dries committed
388 389 390 391
    $theme->footer();
  }
}

Dries's avatar
Dries committed
392
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
393 394 395 396 397 398 399 400
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
Dries's avatar
 
Dries committed
401 402
        $output .= "Your account has been successfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
        watchdog("message", "$name: account confirmation successful");
Dries's avatar
 
Dries committed
403 404 405
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
406
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
407 408 409 410
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
411
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
412 413 414 415
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
416
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
417 418 419 420 421
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
422
}
Dries's avatar
 
Dries committed
423

Dries's avatar
Dries committed
424
function account_password($min_length=6) {
425
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
426
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
427
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
428
  return $password;
Dries's avatar
Dries committed
429 430
}

Dries's avatar
 
Dries committed
431
function account_track_comments() {
Dries's avatar
Dries committed
432
  global $theme, $user;
Dries's avatar
 
Dries committed
433

Dries's avatar
 
Dries committed
434
  $msg = "<P>This page might be helpful in case you want to keep track of your recent comments in any of the current discussions.  You are presented an overview of your comments in each of the stories you participated in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
435

Dries's avatar
 
Dries committed
436
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
Dries's avatar
 
Dries committed
437 438
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
439
    $output .= "<LI>". format_plural($story->count, comment, comments) ." attached to story `<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
440 441
    $output .= " <UL>\n";
   
Dries's avatar
 
Dries committed
442
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND lid = $story->id");
Dries's avatar
 
Dries committed
443
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
444
      $output .= "  <LI><A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - replies: ". comment_num_replies($comment->cid) ." - score: ". comment_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
445 446 447
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
448

Dries's avatar
 
Dries committed
449
  $output = ($output) ? "$msg $output" : "$info <CENTER>You have not posted any comments recently.</CENTER>\n";
Dries's avatar
 
Dries committed
450

Dries's avatar
Dries committed
451 452 453
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
454 455
}

Dries's avatar
 
Dries committed
456 457 458 459 460
function account_track_stories() {
  global $theme, $user;

  $msg = "<P>This page might be helpful in case you want to keep track of the stories you contributed.  You are presented an overview of your stories along with the number of replies each story got.\n<P>\n"; 

Dries's avatar
 
Dries committed
461
  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.category, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
Dries's avatar
 
Dries committed
462 463 464
  
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
465
    $output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
Dries's avatar
 
Dries committed
466 467 468 469 470 471 472
    $output .= " <TR><TD ALIGN=\"right\"><B>Category:</B></TD><TD><A HREF=\"search.php?category=". urlencode($story->category) ."\">". check_output($story->category) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
 
Dries committed
473
  $theme->box("Track your stories", ($output ? "$msg $output" : "$msg You have not posted any stories.\n"));
Dries's avatar
 
Dries committed
474 475 476 477 478 479
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

Dries's avatar
 
Dries committed
480
  $result1 = db_query("SELECT c.cid, c.pid, c.lid, c.subject, u.userid, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.lid WHERE s.status = 2 ORDER BY cid DESC LIMIT 10");
Dries's avatar
 
Dries committed
481 482

  while ($comment = db_fetch_object($result1)) {
Dries's avatar
 
Dries committed
483
    $block1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
484
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
485
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Author:</B></TD><TD>". format_username($comment->userid) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
486
    $block1 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"story.php?id=$comment->lid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
487 488
    $block1 .= "</TABLE>\n";
    $block1 .= "<P>\n";
Dries's avatar
 
Dries committed
489
  }
Dries's avatar
 
Dries committed
490
  $block1 = ($block1) ? $block1 : "<CENTER>You have not posted any comments recently.</CENTER>\n";
Dries's avatar
 
Dries committed
491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511

  $users_total = db_result(db_query("SELECT COUNT(id) FROM users"));
  
  $stories_posted  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 2"));
  $stories_queued  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 1"));
  $stories_dumped = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 0"));

  $result = db_query("SELECT u.userid, COUNT(s.author) AS count FROM stories s LEFT JOIN users u ON s.author = u.id GROUP BY s.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $stories_posters .= format_username($poster->userid) .", ";

  $comments_total = db_result(db_query("SELECT COUNT(cid) FROM comments")); 
  $comments_score = db_result(db_query("SELECT TRUNCATE(AVG(score / votes), 2) FROM comments WHERE votes > 0"));

  $result = db_query("SELECT u.userid, COUNT(c.author) AS count FROM comments c LEFT JOIN users u ON c.author = u.id GROUP BY c.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $comments_posters .= format_username($poster->userid) .", ";

  $diaries_total = db_result(db_query("SELECT COUNT(id) FROM diaries"));

  $result = db_query("SELECT u.userid, COUNT(d.author) AS count FROM diaries d LEFT JOIN users u ON d.author = u.id GROUP BY d.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $diaries_posters .= format_username($poster->userid) .", ";
  
Dries's avatar
 
Dries committed
512 513 514 515 516
  $block2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\">\n";
  $block2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Users:</B></TD><TD>$users_total users</TD></TR>\n";
  $block2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Stories:</B></TD><TD>$stories_posted posted, $stories_queued queued, $stories_dumped dumped<BR><I>[most frequent posters: $stories_posters ...]</I></TD></TR>\n";
  $block2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Comments:</B></TD><TD>$comments_total comments with an average score of $comments_score<BR><I>[most frequent posters: $comments_posters ...]</I></TD></TR>\n";
  $block2 .= "</TABLE>\n";
Dries's avatar
 
Dries committed
517 518

  $theme->header();
Dries's avatar
 
Dries committed
519 520
  $theme->box("Recent comments", $block1);
  $theme->box("Site statistics", $block2);
Dries's avatar
 
Dries committed
521 522 523
  $theme->footer();
}

Dries's avatar
 
Dries committed
524
// Security check:
Dries's avatar
 
Dries committed
525 526 527 528 529
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

530
switch ($op) {
Dries's avatar
Dries committed
531
  case "Login":
Dries's avatar
Dries committed
532 533
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
534
    break;
Dries's avatar
Dries committed
535 536 537 538 539
  case "E-mail password":
    account_email_submit($userid, $email);
    break;
  case "Create account":
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
540
    break;
Dries's avatar
 
Dries committed
541 542
  case "confirm":
    account_create_confirm($name, $hash);
Dries's avatar
Dries committed
543
    break;
544
  case "Save user information":
Dries's avatar
Dries committed
545 546
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
547
    break;
Dries's avatar
 
Dries committed
548 549
  case "Save site settings":
    account_site_save($edit);
550
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
551
    break;
Dries's avatar
 
Dries committed
552 553
  case "Save content settings":
    account_content_save($edit);
Dries's avatar
 
Dries committed
554 555
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
 
Dries committed
583 584
      case "content":
        account_content_edit();
Dries's avatar
 
Dries committed
585
        break;
Dries's avatar
 
Dries committed
586 587 588
      case "site":
        account_site_edit();
        break;
Dries's avatar
 
Dries committed
589
      default:
Dries's avatar
 
Dries committed
590
        account_user_edit();
Dries's avatar
 
Dries committed
591 592
    }
    break;
Dries's avatar
 
Dries committed
593
  default: 
Dries's avatar
Dries committed
594
    account_user($user->userid);
Dries's avatar
Dries committed
595
}
Dries's avatar
 
Dries committed
596

Dries's avatar
Dries committed
597
?>