account.php 29 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

Dries's avatar
 
Dries committed
3
include "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10 11 12
function account_email() {
  $output .= "<P>Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
13 14 15 16 17 18 19 20 21 22 23
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"email\"><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\">\n";
  $output .= "</P>\n";
Dries's avatar
Dries committed
24 25 26 27 28 29 30 31 32
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
Dries's avatar
 
Dries committed
33
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
Dries's avatar
Dries committed
34 35 36 37

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
Dries's avatar
 
Dries committed
38
  $output .= " <INPUT NAME=\"userid\"><BR>\n";
Dries's avatar
Dries committed
39 40 41 42
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
43
  $output .= " <INPUT NAME=\"email\"><BR>\n";
Dries's avatar
Dries committed
44 45 46 47 48 49
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
  $output .= "</P>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
50

Dries's avatar
 
Dries committed
51
  return $output;
52
}
Dries's avatar
 
Dries committed
53

Dries's avatar
Dries committed
54 55
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
56

Dries's avatar
Dries committed
57
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
58 59
  if ($user->id) {
    session_start();
Dries's avatar
Dries committed
60
    session_register("user");
Dries's avatar
 
Dries committed
61
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
62 63
  }
  else {
Dries's avatar
 
Dries committed
64
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
65 66 67 68 69
  }
}

function account_session_close() {
  global $user;  
Dries's avatar
 
Dries committed
70
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
71 72 73 74 75 76 77 78
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
  global $theme, $user;

Dries's avatar
 
Dries committed
79
  if ($user->id) {
Dries's avatar
 
Dries committed
80
    // Generate output/content:
Dries's avatar
Dries committed
81
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
82 83 84
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
85 86 87 88
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
89 90
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
91
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
92 93
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
94 95 96 97 98 99
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
Dries's avatar
 
Dries committed
100
    $output .= "<B>Signature:</B> (255 char. limit)<BR>\n";
Dries's avatar
Dries committed
101 102 103
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
104
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
105 106 107 108
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

Dries's avatar
 
Dries committed
109
    // Display output/content:
Dries's avatar
Dries committed
110
    $theme->header();
Dries's avatar
 
Dries committed
111
    $theme->box("Edit user settings", $output);
Dries's avatar
Dries committed
112 113 114 115
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
116
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
117
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
118 119 120 121 122 123
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
124

Dries's avatar
 
Dries committed
125
  if ($user->id) {
Dries's avatar
Dries committed
126
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
127
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
128 129 130
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
131 132 133 134

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
135 136 137
  }
}

Dries's avatar
 
Dries committed
138
function account_site_edit() {
Dries's avatar
Dries committed
139 140
  global $theme, $themes, $user;

Dries's avatar
 
Dries committed
141
  if ($user->id) {
Dries's avatar
Dries committed
142 143 144 145
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";

    foreach ($themes as $key=>$value) { 
Dries's avatar
 
Dries committed
146
      $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
Dries committed
147 148
    }

Dries's avatar
 
Dries committed
149
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
Dries committed
150
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
151 152 153
    $output .= "<B>Timezone:</B><BR>\n";

    $date = time() - date("Z");
Dries's avatar
 
Dries committed
154
    for ($zone = -43200; $zone <= 46800; $zone += 3600) {
Dries's avatar
 
Dries committed
155 156 157 158 159
      $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
    }

    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
    $output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
Dries's avatar
Dries committed
160
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
161 162 163 164 165 166
    
    for ($stories = 10; $stories <= 30; $stories += 5) {
      $options3 .= "<OPTION VALUE=\"$stories\"". (($user->stories == $stories) ? " SELECTED" : "") .">$stories</OPTION>\n";
    }

    $output .= "<SELECT NAME=\"edit[stories]\">\n$options3</SELECT><BR>\n";
Dries's avatar
Dries committed
167
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
168 169 170
    $options  = "<OPTION VALUE=\"nested\"". ($user->mode == "nested" ? " SELECTED" : "") .">Nested</OPTION>";
    $options .= "<OPTION VALUE=\"flat\"". ($user->mode == "flat" ? " SELECTED" : "") .">Flat</OPTION>";
    $options .= "<OPTION VALUE=\"threaded\"". ($user->mode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>";
Dries's avatar
Dries committed
171
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
172 173 174 175
    $output .= "<SELECT NAME=\"edit[mode]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"0\"". ($user->sort == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->sort == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->sort == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
Dries's avatar
Dries committed
176
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
177 178 179 180 181 182 183 184
    $output .= "<SELECT NAME=\"edit[sort]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
    $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
    $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
    $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
    $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
Dries committed
185
    $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
186
    $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n";
Dries's avatar
Dries committed
187
    $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
Dries's avatar
 
Dries committed
188 189 190


    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save site settings\"><BR>\n";
Dries's avatar
Dries committed
191 192 193
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
194
    $theme->box("Edit site settings", $output);
Dries's avatar
Dries committed
195 196 197 198
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
199
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
200
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
201 202 203 204
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
205
function account_site_save($edit) {
Dries's avatar
Dries committed
206
  global $user;
Dries's avatar
 
Dries committed
207

Dries's avatar
 
Dries committed
208
  if ($user->id) {
Dries's avatar
Dries committed
209
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
210
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
211 212 213 214 215
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
216
  }
217
}
Dries's avatar
 
Dries committed
218

Dries's avatar
 
Dries committed
219
function account_content_edit() {
Dries's avatar
 
Dries committed
220 221 222 223 224 225 226
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  
    $output .= "<B>Blocks:</B><BR>\n";

Dries's avatar
 
Dries committed
227
    $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module");
Dries's avatar
 
Dries committed
228 229 230 231 232 233 234 235 236 237 238 239
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));

      $options = "";
      for ($weight = 0; $weight < 10; $weight++) {
        $options .= "<OPTION VALUE=\"$weight\"". (($entry->weight == $weight) ? " SELECTED" : "") .">". (($weight == 0) ? "off" : $weight) ."</OPTION>\n";
      }

      $output .= "<SELECT NAME=\"edit[$block->name]\">\n$options</SELECT>";
      $output .= "$block->name<BR>";
    } 
 
Dries's avatar
 
Dries committed
240
    $output .= "<I>You can more or less position your blocks by assigning them weights.  The heavy blocks will sink down whereas the light blocks will be positioned at the top of the page.</I><P>\n";
Dries's avatar
 
Dries committed
241
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save content settings\"><BR>\n";
Dries's avatar
 
Dries committed
242 243 244
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
245
    $theme->box("Edit content settings", $output);
Dries's avatar
 
Dries committed
246 247 248 249 250 251 252 253 254 255
    $theme->footer();
  }
  else {
    $theme->header();
    $theme->box("Create user account", account_create());
    $theme->box("E-mail password", account_email());
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
256
function account_content_save($edit) {
Dries's avatar
 
Dries committed
257 258 259 260 261 262 263 264 265
  global $user;
  if ($user->id) {
    db_query("DELETE FROM layout WHERE user = $user->id");
    foreach ($edit as $block=>$weight) {
      db_query("INSERT INTO layout (user, block, weight) VALUES ('". check_input($user->id) ."', '". check_input($block) ."', '". check_input($weight) ."')");
    }
  }
}

Dries's avatar
Dries committed
266
function account_user($uname) {
Dries's avatar
 
Dries committed
267
  global $user, $theme;
Dries's avatar
 
Dries committed
268

Dries's avatar
 
Dries committed
269
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
270
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
271 272
    $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
273
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
274 275 276
    $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
277
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
278

Dries's avatar
 
Dries committed
279
    // Display account information:
Dries's avatar
 
Dries committed
280
    $theme->header();
Dries's avatar
 
Dries committed
281
    $theme->box("View user settings", $output);
Dries's avatar
 
Dries committed
282 283
    $theme->footer();
  }
Dries's avatar
Dries committed
284
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
285
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
286
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
Dries's avatar
 
Dries committed
287
    $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
288 289
    $box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
290 291
    $box1 .= "</TABLE>\n";

Dries's avatar
Dries committed
292
    $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND s.status = 2 AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
293
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
294
      $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
295
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
296
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
297
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
298
      $box2 .= "</TABLE>\n";
Dries's avatar
 
Dries committed
299
      $box2 .= "<P>\n";
300 301
      $comments++;
    }
Dries's avatar
 
Dries committed
302

303 304
    $result = db_query("SELECT d.* FROM diaries d LEFT JOIN users u ON u.id = d.author WHERE u.userid = '$uname' AND d.timestamp > ". (time() - 1209600) ."  ORDER BY id DESC LIMIT 2");
    while ($diary = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
305
      $box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
306 307 308
      $diaries++;
    }
    
Dries's avatar
 
Dries committed
309
    // Display account information:
Dries's avatar
 
Dries committed
310
    $theme->header();
311 312 313
    if ($box1) $theme->box("User information for $uname", $box1);
    if ($box2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $box2);
    if ($box3) $theme->box("$uname has posted ". format_plural($diaries, "diary entry", "diary entries") ." recently", $box3);
Dries's avatar
 
Dries committed
314 315 316
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
317
    // Display login form:
Dries's avatar
 
Dries committed
318
    $theme->header();
Dries's avatar
 
Dries committed
319
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
320
    $theme->box("E-mail password", account_email());
Dries's avatar
 
Dries committed
321
    $theme->footer();
Dries's avatar
Dries committed
322 323
  }
}
Dries's avatar
 
Dries committed
324

Dries's avatar
 
Dries committed
325
function account_validate($user) {
Dries's avatar
 
Dries committed
326
  // Verify username and e-mail address:
Dries's avatar
 
Dries committed
327 328 329 330
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

Dries's avatar
 
Dries committed
331
  // Check to see whether the username or e-mail address are banned:
Dries's avatar
 
Dries committed
332 333 334
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

Dries's avatar
 
Dries committed
335
  // Verify whether username and e-mail address are unique:
Dries's avatar
 
Dries committed
336 337 338 339
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
340 341
}

Dries's avatar
Dries committed
342 343
function account_email_submit($userid, $email) {
  global $theme, $site_name, $site_url; 
344

Dries's avatar
Dries committed
345 346 347
  $result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
  
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
348 349 350
    $passwd = account_password();
    $status = 1;
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
351

Dries's avatar
 
Dries committed
352
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
353

Dries's avatar
 
Dries committed
354 355
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
    $message = "$userid,\n\n\nyou requested us to e-mail you a new password for your $site_name account.  Note that you will need to re-activate your account before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically re-activate your account.  Once activated you can login using the following information:\n\n    username: $userid\n    password: $passwd\n\n\n-- $site_name crew\n";
Dries's avatar
Dries committed
356 357 358

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
 
Dries committed
359
    mail($email, "Account details for $site_name", $message, "From: noreply");
Dries's avatar
Dries committed
360 361 362 363 364 365 366

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
    $output = "Could not sent password: no match for the specified username and e-mail address.";
  }
Dries's avatar
 
Dries committed
367

Dries's avatar
Dries committed
368
  $theme->header();
Dries's avatar
Dries committed
369
  $theme->box("E-mail password", $output);
Dries's avatar
Dries committed
370 371
  $theme->footer();
}
Dries's avatar
 
Dries committed
372

Dries's avatar
Dries committed
373 374 375 376 377
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
  
  $new[userid] = $userid;
  $new[real_email] = $email;
Dries's avatar
 
Dries committed
378
  
Dries's avatar
 
Dries committed
379
  if ($rval = account_validate($new)) { 
Dries's avatar
Dries committed
380
    $theme->header();
Dries's avatar
 
Dries committed
381
    $theme->box("Create user account", account_create($new, $rval));
Dries's avatar
Dries committed
382
    $theme->footer();
Dries's avatar
 
Dries committed
383 384 385 386 387
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
388

Dries's avatar
 
Dries committed
389
    user_save($new);
Dries's avatar
Dries committed
390

Dries's avatar
 
Dries committed
391 392
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $site_name crew\n";
Dries's avatar
 
Dries committed
393

Dries's avatar
Dries committed
394
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
395

Dries's avatar
 
Dries committed
396
    mail($new[real_email], "Account details for $site_name", $message, "From: noreply");
Dries's avatar
 
Dries committed
397

Dries's avatar
 
Dries committed
398
    $theme->header();
Dries's avatar
 
Dries committed
399
    $theme->box("Create user account", "Congratulations!  Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
Dries's avatar
 
Dries committed
400 401 402 403
    $theme->footer();
  }
}

Dries's avatar
Dries committed
404
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
405 406 407 408 409 410 411 412 413
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
        $output .= "Your account has been sucessfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
 
Dries committed
414
        watchdog("message", "$name: account confirmation sucessful");
Dries's avatar
 
Dries committed
415 416 417
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
418
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
419 420 421 422
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
423
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
424 425 426 427
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
428
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
429 430 431 432 433
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
434
}
Dries's avatar
 
Dries committed
435

Dries's avatar
Dries committed
436
function account_password($min_length=6) {
437
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
438
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
439
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
440
  return $password;
Dries's avatar
Dries committed
441 442
}

Dries's avatar
 
Dries committed
443
function account_track_comments() {
Dries's avatar
Dries committed
444
  global $theme, $user;
Dries's avatar
 
Dries committed
445

Dries's avatar
 
Dries committed
446
  $msg = "<P>This page might be helpful in case you want to keep track of your recent comments in any of the current discussions.  You are presented an overview of your comments in each of the stories you participated in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
447 448 449 450

  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
451
    $output .= "<LI>". format_plural($story->count, comment, comments) ." attached to story `<A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
452 453 454 455
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
456
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - replies: ". discussion_num_replies($comment->cid) ." - score: ". discussion_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
457 458 459
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
460

Dries's avatar
 
Dries committed
461
  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any comments recently.</B></CENTER>\n";
Dries's avatar
 
Dries committed
462

Dries's avatar
Dries committed
463 464 465
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
466 467
}

Dries's avatar
 
Dries committed
468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537
function account_track_stories() {
  global $theme, $user;

  $msg = "<P>This page might be helpful in case you want to keep track of the stories you contributed.  You are presented an overview of your stories along with the number of replies each story got.\n<P>\n"; 

  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.category, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
  
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Category:</B></TD><TD><A HREF=\"search.php?category=". urlencode($story->category) ."\">". check_output($story->category) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any stories.</B></CENTER>\n";

  $theme->header();
  $theme->box("Track your stories", $output);
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

  $result1 = db_query("SELECT c.cid, c.pid, c.sid, c.subject, u.userid, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE s.status = 2 ORDER BY cid DESC LIMIT 10");

  while ($comment = db_fetch_object($result1)) {
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Author:</B></TD><TD>". format_username($comment->userid) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
    $box1 .= "</TABLE>\n";
    $box1 .= "<P>\n";
  }

  $users_total = db_result(db_query("SELECT COUNT(id) FROM users"));
  
  $stories_posted  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 2"));
  $stories_queued  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 1"));
  $stories_dumped = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 0"));

  $result = db_query("SELECT u.userid, COUNT(s.author) AS count FROM stories s LEFT JOIN users u ON s.author = u.id GROUP BY s.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $stories_posters .= format_username($poster->userid) .", ";

  $comments_total = db_result(db_query("SELECT COUNT(cid) FROM comments")); 
  $comments_score = db_result(db_query("SELECT TRUNCATE(AVG(score / votes), 2) FROM comments WHERE votes > 0"));

  $result = db_query("SELECT u.userid, COUNT(c.author) AS count FROM comments c LEFT JOIN users u ON c.author = u.id GROUP BY c.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $comments_posters .= format_username($poster->userid) .", ";

  $diaries_total = db_result(db_query("SELECT COUNT(id) FROM diaries"));

  $result = db_query("SELECT u.userid, COUNT(d.author) AS count FROM diaries d LEFT JOIN users u ON d.author = u.id GROUP BY d.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $diaries_posters .= format_username($poster->userid) .", ";
  
  $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\">\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Users:</B></TD><TD>$users_total users</TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Stories:</B></TD><TD>$stories_posted posted, $stories_queued queued, $stories_dumped dumped<BR><I>[most frequent posters: $stories_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Comments:</B></TD><TD>$comments_total comments with an average score of $comments_score<BR><I>[most frequent posters: $comments_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Diaries:</B></TD><TD>$diaries_total diary entries<BR><I>[most frequent posters: $diaries_posters ...]</I></TD></TR>\n";
  $box2 .= "</TABLE>\n";

  $theme->header();
  $theme->box("Recent comments", $box1);
  $theme->box("Site statistics", $box2);
  $theme->footer();
}

Dries's avatar
 
Dries committed
538
// Security check:
Dries's avatar
 
Dries committed
539 540 541 542 543
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

544
switch ($op) {
Dries's avatar
Dries committed
545
  case "Login":
Dries's avatar
Dries committed
546 547
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
548
    break;
Dries's avatar
Dries committed
549 550 551 552 553
  case "E-mail password":
    account_email_submit($userid, $email);
    break;
  case "Create account":
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
554
    break;
Dries's avatar
 
Dries committed
555 556
  case "confirm":
    account_create_confirm($name, $hash);
Dries's avatar
Dries committed
557
    break;
558
  case "Save user information":
Dries's avatar
Dries committed
559 560
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
561
    break;
Dries's avatar
 
Dries committed
562 563
  case "Save site settings":
    account_site_save($edit);
564
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
565
    break;
Dries's avatar
 
Dries committed
566 567
  case "Save content settings":
    account_content_save($edit);
Dries's avatar
 
Dries committed
568 569
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
570 571 572 573 574 575 576 577 578 579
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      case "diary":
Dries's avatar
 
Dries committed
580
        header("Location: module.php?mod=diary&op=view&name=$user->userid");
Dries's avatar
 
Dries committed
581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602
        break;        
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
      case "user":
        account_user_edit();
        break;
Dries's avatar
 
Dries committed
603 604 605
      case "site":
        account_site_edit();
        break;
Dries's avatar
 
Dries committed
606 607
      case "content":
        account_content_edit();
Dries's avatar
 
Dries committed
608 609
        break;
      default:
Dries's avatar
 
Dries committed
610
        header("Location: module.php?mod=diary&op=add&name=$user->userid");
Dries's avatar
 
Dries committed
611 612
    }
    break;
Dries's avatar
 
Dries committed
613
  default: 
Dries's avatar
Dries committed
614
    account_user($user->userid);
Dries's avatar
Dries committed
615
}
Dries's avatar
 
Dries committed
616

Dries's avatar
Dries committed
617
?>