account.php 23.3 KB
Newer Older
Dries's avatar
   
Dries committed
1
<?php
Dries's avatar
   
Dries committed
2

3
include_once "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
   
Dries committed
5
6
if (variable_get(dev_timing, 0)) timer_start();

Dries's avatar
Dries committed
7
function account_get_user($uname) {
Dries's avatar
   
Dries committed
8
9
10
11
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
12
function account_email() {
Dries's avatar
   
Dries committed
13
  $output .= "<P>". t("Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.") ."</P>\n";
Dries's avatar
Dries committed
14
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
   
Dries committed
15
16
17
18
19
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><P>\n";
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("E-mail new password") ."\">\n";
Dries's avatar
Dries committed
20
21
22
23
24
  $output .= "</FORM>\n";

  return $output;
}

Dries's avatar
   
Dries committed
25
function account_create($error = "") {
Dries's avatar
Dries committed
26
27
  global $theme;

Dries's avatar
   
Dries committed
28
  if ($error) {
Dries's avatar
   
Dries committed
29
    $output .= "<P><FONT COLOR=\"red\">". t("Failed to create account") .": ". check_output($error) .".</FONT></P>\n";
Dries's avatar
   
Dries committed
30
31
32
    watchdog("message", "failed to create account: $error.");
  }
  else {
Dries's avatar
   
Dries committed
33
    $output .= "<P>". t("Registering allows you to comment, to moderate comments and pending submissions, to customize the look and feel of the site and generally helps you interact with the site more efficiently.") ."</P><P>". t("To create an account, simply fill out this form an click the 'Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.") ."</P>\n";
Dries's avatar
   
Dries committed
34
  }
Dries's avatar
Dries committed
35
36

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
   
Dries committed
37
38
39
40
41
  $output .= "<B>". t("Username") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"userid\"><BR>\n";
  $output .= "<SMALL><I>". t("Enter your desired username: only letters, numbers and common special characters are allowed.") ."</I></SMALL><P>\n";
  $output .= "<B>". t("E-mail address") .":</B><BR>\n";
  $output .= "<INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
42
  $output .= "<SMALL><I>". t("You will be sent instructions on how to validate your account via this e-mail address: make sure it is accurate.") ."</I></SMALL><P>\n";
Dries's avatar
   
Dries committed
43

Dries's avatar
   
Dries committed
44
  $output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"". t("Create account") ."\">\n";
Dries's avatar
Dries committed
45
  $output .= "</FORM>\n";
Dries's avatar
   
Dries committed
46

Dries's avatar
   
Dries committed
47
  return $output;
48
}
Dries's avatar
   
Dries committed
49

Dries's avatar
Dries committed
50
51
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
   
Dries committed
52
  if ($userid && $passwd) $user = new User($userid, $passwd);
Dries's avatar
   
Dries committed
53
54
55
56
57
58
59
60
61
62
63
64
65
  if ($user->id) {
    if ($rule = user_ban($user->userid, "username")) {
      watchdog("message", "failed to login for '$user->userid': banned by $rule->type rule '$rule->mask'");
    }
    else if ($rule = user_ban($user->last_host, "hostname")) {
      watchdog("message", "failed to login for '$user->userid': banned by $rule->type rule '$rule->mask'");
    }
    else {
      session_register("user");
      watchdog("message", "session opened for '$user->userid'");
    }
  }
  else watchdog("message", "failed to login for '$userid': invalid username - password combination");
Dries's avatar
Dries committed
66
67
68
}

function account_session_close() {
Dries's avatar
   
Dries committed
69
  global $user;
Dries's avatar
   
Dries committed
70
  watchdog("message", "session closed for user '$user->userid'");
Dries's avatar
Dries committed
71
72
73
74
75
76
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
Dries's avatar
   
Dries committed
77
  global $allowed_html, $theme, $user;
Dries's avatar
Dries committed
78

Dries's avatar
   
Dries committed
79
  if ($user->id) {
Dries's avatar
   
Dries committed
80
81
82
83
84
85
86
87
88
89
90
91
    // construct form:
    $form .= form_item(t("Username"), $user->userid, t("Required, unique, and can not be changed."));
    $form .= form_textfield(t("Real name"), "name", $user->name, 30, 55, t("Optional"));
    $form .= form_item(t("Real e-mail address"), $user->real_email, t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password."));
    $form .= form_textfield(t("Fake e-mail address"), "fake_email", $user->fake_email, 30, 55, t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want."));
    $form .= form_textfield(t("Homepage"), "url", $user->url, 30, 55, t("Optional") .". ". t("Make sure you enter fully qualified URLs only.  That is, remember to include \"http://\"."));
    $form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
    $form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
    $form .= form_item(t("Password"), "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\">", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
    $form .= form_submit(t("Save user information"));

    // display form:
Dries's avatar
Dries committed
92
    $theme->header();
Dries's avatar
   
Dries committed
93
    $theme->box(t("Edit user information"), form("account.php", $form));
Dries's avatar
Dries committed
94
95
96
97
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
98
99
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
100
101
102
103
104
105
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
   
Dries committed
106
  if ($user->id) {
Dries's avatar
   
Dries committed
107
108
    $user = user_save($user, array("name" => $edit[name], "fake_email" => $edit[fake_email], "url" => $edit[url], "bio" => $edit[bio], "signature" => $edit[signature]));
    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $user = user_save($user, array("passwd" => $edit[pass1]));
Dries's avatar
Dries committed
109
110
111
  }
}

Dries's avatar
   
Dries committed
112
function account_site_edit() {
Dries's avatar
   
Dries committed
113
  global $cmodes, $corder, $theme, $themes, $languages, $user;
Dries's avatar
Dries committed
114

Dries's avatar
   
Dries committed
115
  if ($user->id) {
Dries's avatar
   
Dries committed
116
117
118
119
120
121
122
123
124
125
126
127
128
129
    // construct form:
    foreach ($themes as $key=>$value) $options .= "<OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
    $form .= form_item(t("Theme"), "<SELECT NAME=\"edit[theme]\">$options</SELECT>", t("Selecting a different theme will change the look and feel of the site."));
    for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
    $form .= form_select(t("Timezone"), "timezone", $user->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
    $form .= form_select(t("Language"), "language", $user->language, $languages, t("Selecting a different language will change the language of the site."));
    $form .= form_select(t("Number of nodes to display"), "nodes", $user->nodes, array(10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The maximum number of nodes that will be displayed on the main page."));
    $form .= form_select(t("Comment display mode"), "mode", $user->mode, $cmodes);
    $form .= form_select(t("Comment display order"), "sort", $user->sort, $corder);
    for ($count = -1; $count < 6; $count++) $threshold[$count] = t("Filter") ." - $count";
    $form .= form_select(t("Comment filter"), "threshold", $user->threshold, $threshold, t("Comments that scored less than this threshold setting will be ignored.  Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points."));
    $form .= form_submit(t("Save site settings"));

    // display form:
Dries's avatar
Dries committed
130
    $theme->header();
Dries's avatar
   
Dries committed
131
    $theme->box(t("Edit your preferences"), form("account.php", $form));
Dries's avatar
Dries committed
132
133
134
135
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
136
137
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
Dries committed
138
139
140
141
    $theme->footer();
  }
}

Dries's avatar
   
Dries committed
142
function account_site_save($edit) {
Dries's avatar
Dries committed
143
  global $user;
Dries's avatar
   
Dries committed
144
  if ($user->id) {
Dries's avatar
   
Dries committed
145
    $user = user_save($user, array("theme" => $edit[theme], "timezone" => $edit[timezone], "language" => $edit[language], "nodes" => $edit[nodes], "mode" => $edit[mode], "sort" => $edit[sort], "threshold" => $edit[threshold]));
Dries's avatar
Dries committed
146
  }
147
}
Dries's avatar
   
Dries committed
148

Dries's avatar
   
Dries committed
149
function account_content_edit() {
Dries's avatar
   
Dries committed
150
151
152
  global $theme, $user;

  if ($user->id) {
Dries's avatar
   
Dries committed
153
    // construct form:
Dries's avatar
   
Dries committed
154
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
   
Dries committed
155
156
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));
Dries's avatar
   
Dries committed
157
      $options .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> ". t($block->name) ."<BR>\n";
Dries's avatar
   
Dries committed
158
    }
Dries's avatar
   
Dries committed
159

Dries's avatar
   
Dries committed
160
161
162
163
    $form .= form_item(t("Blocks in side bars"), $options, t("Enable the blocks you would like to see displayed in the side bars."));
    $form .= form_submit(t("Save content settings"));

    // display form:
Dries's avatar
   
Dries committed
164
    $theme->header();
Dries's avatar
   
Dries committed
165
    $theme->box(t("Edit your content"), form("account.php", $form));
Dries's avatar
   
Dries committed
166
167
168
169
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
   
Dries committed
170
171
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
   
Dries committed
172
173
174
175
    $theme->footer();
  }
}

Dries's avatar
   
Dries committed
176
function account_content_save($edit) {
Dries's avatar
   
Dries committed
177
178
  global $user;
  if ($user->id) {
Dries's avatar
   
Dries committed
179
    db_query("DELETE FROM layout WHERE user = '$user->id'");
Dries's avatar
   
Dries committed
180
    foreach (($edit ? $edit : array()) as $block=>$weight) {
Dries's avatar
   
Dries committed
181
      db_query("INSERT INTO layout (user, block) VALUES ('$user->id', '". check_input($block) ."')");
Dries's avatar
   
Dries committed
182
183
184
185
    }
  }
}

Dries's avatar
Dries committed
186
function account_user($uname) {
Dries's avatar
   
Dries committed
187
  global $user, $status, $theme;
Dries's avatar
   
Dries committed
188

Dries's avatar
   
Dries committed
189
  if ($user->id && $user->userid == $uname) {
Dries's avatar
   
Dries committed
190
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
Dries's avatar
   
Dries committed
191
192
193
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
194
195
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Bio") .":</B></TD><TD>". check_output($user->bio, 1) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Signature") .":</B></TD><TD>". check_output($user->signature, 1) ."</TD></TR>\n";
Dries's avatar
   
Dries committed
196
    $output .= "</TABLE>\n";
Dries's avatar
   
Dries committed
197

Dries's avatar
   
Dries committed
198
    // Display account information:
Dries's avatar
   
Dries committed
199
    $theme->header();
Dries's avatar
   
Dries committed
200
    $theme->box(t("Personal information"), $output);
Dries's avatar
   
Dries committed
201
202
    $theme->footer();
  }
Dries's avatar
Dries committed
203
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
   
Dries committed
204
205
206
207
208
209
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Username") .":</B></TD><TD>$account->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("E-mail") .":</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Homepage") .":</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>". t("Bio") .":</B></TD><TD>". check_output($account->bio) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
210

Dries's avatar
   
Dries committed
211
    // Display account information:
Dries's avatar
   
Dries committed
212
    $theme->header();
Dries's avatar
   
Dries committed
213
    $theme->box(strtr(t("%a's user information"), array("%a" => $uname)), $output);
Dries's avatar
   
Dries committed
214
215
    $theme->footer();
  }
Dries's avatar
   
Dries committed
216
  else {
Dries's avatar
   
Dries committed
217
    // Display login form:
Dries's avatar
   
Dries committed
218
    $theme->header();
Dries's avatar
   
Dries committed
219
220
    $theme->box(t("Create user account"), account_create());
    $theme->box(t("E-mail new password"), account_email());
Dries's avatar
   
Dries committed
221
    $theme->footer();
Dries's avatar
Dries committed
222
223
  }
}
Dries's avatar
   
Dries committed
224

Dries's avatar
   
Dries committed
225
function account_validate($user) {
Dries's avatar
   
Dries committed
226
  // Verify username and e-mail address:
Dries's avatar
   
Dries committed
227
228
  if (empty($user[real_email]) || (!check_mail($user[real_email]))) $error = t("the e-mail address '$user[real_email]' is not valid");
  if (empty($user[userid]) || (!check_name($user[userid]))) $error = t("the username '$user[userid]' is not valid");
Dries's avatar
   
Dries committed
229
  if (strlen($user[userid]) > 15) $error = t("the username '$user[userid]' is too long: it must be less than 15 characters");
Dries's avatar
   
Dries committed
230

Dries's avatar
   
Dries committed
231
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
   
Dries committed
232
233
  if ($ban = user_ban($user[userid], "username")) $error = t("the username '$user[userid]' is banned") .": <I>$ban->reason</I>";
  if ($ban = user_ban($user[real_email], "e-mail address")) $error = t("the e-mail address '$user[real_email]' is banned") .": <I>$ban->reason</I>";
Dries's avatar
   
Dries committed
234

Dries's avatar
   
Dries committed
235
  // Verify whether username and e-mail address are unique:
Dries's avatar
   
Dries committed
236
237
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the username '$user[userid]' is already taken");
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) $error = t("the e-mail address '$user[real_email]' is already in use by another account");
Dries's avatar
   
Dries committed
238
239

  return $error;
Dries's avatar
Dries committed
240
241
}

Dries's avatar
Dries committed
242
function account_email_submit($userid, $email) {
Dries's avatar
   
Dries committed
243
  global $theme;
244

Dries's avatar
   
Dries committed
245
  $result = db_query("SELECT id FROM users WHERE userid = '$userid' AND real_email = '$email'");
Dries's avatar
   
Dries committed
246

Dries's avatar
Dries committed
247
  if ($account = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
248
249
    $passwd = account_password();
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
   
Dries committed
250
    $status = 1;
Dries's avatar
   
Dries committed
251

Dries's avatar
   
Dries committed
252
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
253

Dries's avatar
   
Dries committed
254
255
256
    $link = variable_get(site_url, "http://drupal/") ."account.php?op=confirm&name=$userid&hash=$hash";
    $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
    $message = strtr(t("%a,\n\n\nyou requested us to e-mail you a new password for your account at %b.  You will need to re-confirm your account or you will not be able to login.  To confirm your account updates visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team"), array("%a" => $userid, "%b" => variable_get(site_name, "drupal"), "%c" => $link, "%d" => $passwd));
Dries's avatar
Dries committed
257

Dries's avatar
Dries committed
258
259
    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
Dries committed
260
    mail($email, $subject, $message, "From: noreply");
Dries's avatar
Dries committed
261

Dries's avatar
   
Dries committed
262
    $output = t("Your password and further instructions have been sent to your e-mail address.");
Dries's avatar
Dries committed
263
264
265
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
Dries's avatar
   
Dries committed
266
    $output = t("Could not sent password: no match for the specified username and e-mail address.");
Dries's avatar
Dries committed
267
  }
Dries's avatar
   
Dries committed
268

Dries's avatar
Dries committed
269
  $theme->header();
Dries's avatar
   
Dries committed
270
  $theme->box(t("E-mail new password"), $output);
Dries's avatar
Dries committed
271
272
  $theme->footer();
}
Dries's avatar
   
Dries committed
273

Dries's avatar
Dries committed
274
function account_create_submit($userid, $email) {
Dries's avatar
   
Dries committed
275
  global $theme;
Dries's avatar
   
Dries committed
276

Dries's avatar
   
Dries committed
277
278
  $new[userid] = trim($userid);
  $new[real_email] = trim($email);
Dries's avatar
   
Dries committed
279
280

  if ($error = account_validate($new)) {
Dries's avatar
Dries committed
281
    $theme->header();
Dries's avatar
   
Dries committed
282
    $theme->box(t("Create user account"), account_create($error));
Dries's avatar
Dries committed
283
    $theme->footer();
Dries's avatar
   
Dries committed
284
285
286
  }
  else {
    $new[passwd] = account_password();
Dries's avatar
   
Dries committed
287
    $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
Dries's avatar
   
Dries committed
288

Dries's avatar
   
Dries committed
289
    $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
Dries's avatar
Dries committed
290

Dries's avatar
   
Dries committed
291
292
293
    $link = variable_get(site_url, "http://drupal/") ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
    $message = strtr(t("%a,\n\n\nsomeone signed up for a user account on %b and supplied this e-mail address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.  If this was you, you will have to confirm your account first or you will not be able to login.  To confirm your account visit the URL below:\n\n   %c\n\nOnce confirmed you can login using the following username and password:\n\n   username: %a\n   password: %d\n\n\n-- %b team\n"), array("%a" => $new[userid], "%b" => variable_get(site_name, "drupal"), "%c" => $link, "%d" => $new[passwd]));
Dries's avatar
   
Dries committed
294

Dries's avatar
Dries committed
295
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
   
Dries committed
296

Dries's avatar
Dries committed
297
    mail($new[real_email], $subject, $message, "From: noreply");
Dries's avatar
   
Dries committed
298

Dries's avatar
   
Dries committed
299
    $theme->header();
Dries's avatar
Dries committed
300
    $theme->box(t("Create user account"), t("Congratulations!  Your member account has been successfully created and further instructions on how to confirm your account have been sent to your e-mail address.  You have to confirm your account first or you will not be able to login."));
Dries's avatar
   
Dries committed
301
302
303
304
    $theme->footer();
  }
}

Dries's avatar
Dries committed
305
function account_create_confirm($name, $hash) {
Dries's avatar
   
Dries committed
306
307
308
309
310
311
312
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
Dries's avatar
   
Dries committed
313
        db_query("UPDATE users SET status = '2', hash = '' WHERE userid = '$name'");
Dries's avatar
   
Dries committed
314
        $output = t("Your account has been successfully confirmed.");
Dries's avatar
   
Dries committed
315
        watchdog("message", "$name: account confirmation successful");
Dries's avatar
   
Dries committed
316
317
      }
      else {
Dries's avatar
   
Dries committed
318
        $output = t("Confirmation failed: invalid confirmation hash.");
Dries's avatar
Dries committed
319
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
   
Dries committed
320
321
322
      }
    }
    else {
Dries's avatar
   
Dries committed
323
      $output = t("Confirmation failed: your account has already been confirmed.");
Dries's avatar
Dries committed
324
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
   
Dries committed
325
326
327
    }
  }
  else {
Dries's avatar
   
Dries committed
328
    $output = t("Confirmation failed: non-existing account.");
Dries's avatar
Dries committed
329
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
   
Dries committed
330
331
332
  }

  $theme->header();
Dries's avatar
   
Dries committed
333
  $theme->box(t("Create user account"), $output);
Dries's avatar
   
Dries committed
334
  $theme->footer();
Dries's avatar
Dries committed
335
}
Dries's avatar
   
Dries committed
336

Dries's avatar
Dries committed
337
function account_password($min_length=6) {
338
  mt_srand((double)microtime() * 1000000);
Dries's avatar
   
Dries committed
339
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
   
Dries committed
340
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
341
  return $password;
Dries's avatar
Dries committed
342
343
}

Dries's avatar
   
Dries committed
344
function account_track_comments() {
Dries's avatar
Dries committed
345
  global $theme, $user;
Dries's avatar
   
Dries committed
346

Dries's avatar
   
Dries committed
347
  $sresult = db_query("SELECT n.nid, n.title, COUNT(n.nid) AS count FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.author = '$user->id' GROUP BY n.nid DESC LIMIT 5");
Dries's avatar
   
Dries committed
348

Dries's avatar
   
Dries committed
349
350
  while ($node = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to node") ." `<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>`:</LI>\n";
Dries's avatar
   
Dries committed
351
    $output .= " <UL>\n";
Dries's avatar
   
Dries committed
352

Dries's avatar
   
Dries committed
353
    $cresult = db_query("SELECT * FROM comments WHERE author = '$user->id' AND lid = '$node->nid'");
Dries's avatar
   
Dries committed
354
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
Dries committed
355
      $output .= "  <LI><A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> (". t("replies") .": ". comment_num_replies($comment->cid) .", ". t("votes") .": $comment->votes, ". t("score") .": ". comment_score($comment) .")</LI>\n";
Dries's avatar
   
Dries committed
356
357
358
    }
    $output .= " </UL>\n";
  }
Dries's avatar
   
Dries committed
359

Dries's avatar
Dries committed
360
  $theme->header();
Dries's avatar
   
Dries committed
361
  $theme->box(t("Track your comments"), ($output ? $output : t("You have not posted any comments recently.")));
Dries's avatar
Dries committed
362
  $theme->footer();
Dries's avatar
   
Dries committed
363
364
}

Dries's avatar
   
Dries committed
365
function account_track_nodes() {
Dries's avatar
   
Dries committed
366
  global $status, $theme, $user;
Dries's avatar
   
Dries committed
367

Dries's avatar
   
Dries committed
368
  $result = db_query("SELECT n.nid, n.type, n.title, n.timestamp, COUNT(c.cid) AS count FROM node n LEFT JOIN comments c ON c.lid = n.nid WHERE n.status = '$status[posted]' AND n.author = '$user->id' GROUP BY n.nid DESC LIMIT 25");
Dries's avatar
   
Dries committed
369

Dries's avatar
   
Dries committed
370
  while ($node = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
371
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
   
Dries committed
372
373
374
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Subject") .":</B></TD><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A> (". format_plural($node->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Type") .":</B></TD><TD>". check_output($node->type) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>". t("Date") .":</B></TD><TD>". format_date($node->timestamp) ."</TD></TR>\n";
Dries's avatar
   
Dries committed
375
376
377
378
379
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $theme->header();
Dries's avatar
   
Dries committed
380
  $theme->box(t("Track your nodes"), ($output ? $output : t("You have not posted any nodes.")));
Dries's avatar
   
Dries committed
381
382
383
384
  $theme->footer();
}

function account_track_site() {
Dries's avatar
   
Dries committed
385
  global $rstatus, $status, $theme, $user;
Dries's avatar
   
Dries committed
386

Dries's avatar
   
Dries committed
387
  $period = 259200; // 3 days
Dries's avatar
   
Dries committed
388

Dries's avatar
   
Dries committed
389
390
  $theme->header();

Dries's avatar
   
Dries committed
391
  $sresult = db_query("SELECT n.title, n.nid, COUNT(c.lid) AS count FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE n.status = '$status[posted]' AND ". time() ." - n.timestamp < $period GROUP BY c.lid ORDER BY n.timestamp DESC LIMIT 10");
Dries's avatar
   
Dries committed
392
393
  while ($node = db_fetch_object($sresult)) {
    $output .= "<LI>". format_plural($node->count, "comment", "comments") ." ". t("attached to node") ." '<A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A>':</LI>";
Dries's avatar
   
Dries committed
394

Dries's avatar
   
Dries committed
395
    $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = '$node->nid' ORDER BY c.timestamp DESC LIMIT $node->count");
Dries's avatar
   
Dries committed
396
397
    $output .= "<UL>\n";
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
   
Dries committed
398
      $output .= " <LI>'<A HREF=\"node.php?id=$node->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' ". t("by") ." ". format_username($comment->userid) ."</LI>\n";
Dries's avatar
   
Dries committed
399
400
401
    }
    $output .= "</UL>\n";
  }
Dries's avatar
   
Dries committed
402

Dries's avatar
   
Dries committed
403
404
405
406
407
408
409
410
411
  $theme->box(t("Recent comments"), ($output ? $output : t("No comments recently.")));

  unset($output);

  $result = db_query("SELECT n.title, n.nid, n.type, n.status, u.userid FROM node n LEFT JOIN users u ON n.author = u.id WHERE ". time() ." - n.timestamp < $period ORDER BY n.timestamp DESC LIMIT 10");

  $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
  $output .= " <TR><TH>". t("Subject") ."</TH><TH>". t("Author") ."</TH><TH>". t("Type") ."</TH><TH>". t("Status") ."</TH></TR>\n";
  while ($node = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
412
    $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></TD><TD ALIGN=\"center\">". format_username($node->userid) ."</TD><TD ALIGN=\"center\">$node->type</TD><TD>". $rstatus[$node->status] ."</TD></TR>";
Dries's avatar
   
Dries committed
413
414
415
416
417
  }
  $output .= "</TABLE>";

  $theme->box(t("Recent nodes"), ($output ? $output : t("No nodes recently.")));

Dries's avatar
   
Dries committed
418
419
420
  $theme->footer();
}

Dries's avatar
   
Dries committed
421
// Security check:
Dries's avatar
   
Dries committed
422
423
424
425
426
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

427
switch ($op) {
Dries's avatar
   
Dries committed
428
  case t("E-mail new password"):
Dries's avatar
   
Dries committed
429
    account_email_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
430
    break;
Dries's avatar
   
Dries committed
431
  case t("Create account"):
Dries's avatar
   
Dries committed
432
    account_create_submit(check_input($userid), check_input($email));
Dries's avatar
Dries committed
433
    break;
Dries's avatar
   
Dries committed
434
  case t("Save user information"):
Dries's avatar
Dries committed
435
436
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
437
    break;
Dries's avatar
   
Dries committed
438
  case t("Save site settings"):
Dries's avatar
   
Dries committed
439
    account_site_save($edit);
440
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
441
    break;
Dries's avatar
   
Dries committed
442
  case t("Save content settings"):
Dries's avatar
   
Dries committed
443
    account_content_save($edit);
Dries's avatar
   
Dries committed
444
445
    account_user($user->userid);
    break;
Dries's avatar
   
Dries committed
446
  case "confirm":
Dries's avatar
   
Dries committed
447
    account_create_confirm(check_input($name), check_input($hash));
Dries's avatar
   
Dries committed
448
449
    break;
  case "login":
Dries's avatar
   
Dries committed
450
    account_session_start(check_input($userid), check_input($passwd));
Dries's avatar
   
Dries committed
451
452
    header("Location: account.php?op=info");
    break;
Dries's avatar
   
Dries committed
453
454
455
456
457
458
459
460
461
462
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      default:
Dries's avatar
   
Dries committed
463
        account_user(check_input($name));
Dries's avatar
   
Dries committed
464
465
466
467
468
469
470
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
Dries's avatar
   
Dries committed
471
472
      case "nodes":
        account_track_nodes();
Dries's avatar
   
Dries committed
473
474
475
476
477
478
479
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
Dries's avatar
   
Dries committed
480
481
      case "content":
        account_content_edit();
Dries's avatar
   
Dries committed
482
        break;
Dries's avatar
   
Dries committed
483
484
485
      case "site":
        account_site_edit();
        break;
Dries's avatar
   
Dries committed
486
      default:
Dries's avatar
   
Dries committed
487
        account_user_edit();
Dries's avatar
   
Dries committed
488
489
    }
    break;
Dries's avatar
   
Dries committed
490
  default:
Dries's avatar
Dries committed
491
    account_user($user->userid);
Dries's avatar
Dries committed
492
}
Dries's avatar
   
Dries committed
493

Dries's avatar
   
Dries committed
494
495
if (variable_get(dev_timing, 0)) timer_print();

Dries's avatar
   
Dries committed
496
?>