account.php 29.1 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
 
Dries committed
2

Dries's avatar
 
Dries committed
3
include "includes/common.inc";
Dries's avatar
Dries committed
4

Dries's avatar
Dries committed
5
function account_get_user($uname) {
Dries's avatar
 
Dries committed
6 7 8 9
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

Dries's avatar
Dries committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
function account_email() {
  $output .= "<P>Lost your password?  Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
  $output .= "  <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n";
  $output .= "  <TR><TH ALIGN=\"right\">E-mail addres:</TH><TD><INPUT NAME=\"email\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\"></TD></TR>\n";
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";

  return $output;
}

function account_create($user = "", $error = "") {
  global $theme;

  if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
Dries's avatar
 
Dries committed
27
  else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below.  An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
Dries's avatar
Dries committed
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  $output .= "<P>\n";
  $output .= " <B>Username:</B><BR>\n";
  $output .= " <INPUT NAME=\"userid\" VALUE=\"$userid\"><BR>\n";
  $output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <B>E-mail address:</B><BR>\n";
  $output .= " <INPUT NAME=\"email\" VALUE=\"$email\"><BR>\n";
  $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
  $output .= "</P>\n";
  $output .= "<P>\n";
  $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
  $output .= "</P>\n";
  $output .= "</FORM>\n";
Dries's avatar
 
Dries committed
44

Dries's avatar
 
Dries committed
45
  return $output;
46
}
Dries's avatar
 
Dries committed
47

Dries's avatar
Dries committed
48 49
function account_session_start($userid, $passwd) {
  global $user;
Dries's avatar
 
Dries committed
50

Dries's avatar
Dries committed
51
  $user = new User($userid, $passwd);
Dries's avatar
 
Dries committed
52 53
  if ($user->id) {
    session_start();
Dries's avatar
Dries committed
54
    session_register("user");
Dries's avatar
 
Dries committed
55
    watchdog("message", "session opened for user `$user->userid'");
Dries's avatar
Dries committed
56 57
  }
  else {
Dries's avatar
 
Dries committed
58
    watchdog("warning", "failed login for user `$userid'");
Dries's avatar
Dries committed
59 60 61 62 63
  }
}

function account_session_close() {
  global $user;  
Dries's avatar
 
Dries committed
64
  watchdog("message", "session closed for user `$user->userid'");
Dries's avatar
Dries committed
65 66 67 68 69 70 71 72
  session_unset();
  session_destroy();
  unset($user);
}

function account_user_edit() {
  global $theme, $user;

Dries's avatar
 
Dries committed
73
  if ($user->id) {
Dries's avatar
Dries committed
74 75
    ### Generate output/content:
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
Dries's avatar
 
Dries committed
76 77 78
    $output .= "<B>Username:</B><BR>\n";
    $output .= "&nbsp; $user->userid<P>\n";
    $output .= "<I>Required, unique, and can not be changed.</I><P>\n";
Dries's avatar
Dries committed
79 80 81 82
    $output .= "<B>Real name:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n";
    $output .= "<I>Optional.</I><P>\n";
    $output .= "<B>Real e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
83 84
    $output .= "&nbsp; $user->real_email<P>\n";
    $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n";
Dries's avatar
Dries committed
85
    $output .= "<B>Fake e-mail address:</B><BR>\n";
Dries's avatar
 
Dries committed
86 87
    $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n";
    $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n";
Dries's avatar
Dries committed
88 89 90 91 92 93
    $output .= "<B>URL of homepage:</B><BR>\n";
    $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n";
    $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
    $output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
    $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->bio</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
Dries's avatar
 
Dries committed
94
    $output .= "<B>Signature:</B> (255 char. limit)<BR>\n";
Dries's avatar
Dries committed
95 96 97
    $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n";
    $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
    $output .= "<B>Password:</B><BR>\n";
Dries's avatar
 
Dries committed
98
    $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n";
Dries's avatar
Dries committed
99 100 101 102 103 104 105 106 107 108 109
    $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
    $output .= "</FORM>\n";

    ### Display output/content:
    $theme->header();
    $theme->box("Edit your information", $output);
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
110
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
111
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
112 113 114 115 116 117
    $theme->footer();
  }
}

function account_user_save($edit) {
  global $user;
Dries's avatar
 
Dries committed
118

Dries's avatar
 
Dries committed
119
  if ($user->id) {
Dries's avatar
Dries committed
120
    $data[name] = $edit[name];
Dries's avatar
 
Dries committed
121
    $data[fake_email] = $edit[fake_email];
Dries's avatar
Dries committed
122 123 124
    $data[url] = $edit[url];
    $data[bio] = $edit[bio];
    $data[signature] = $edit[signature];
Dries's avatar
 
Dries committed
125 126 127 128

    if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1];

    user_save($data, $user->id);
Dries's avatar
Dries committed
129 130 131
  }
}

Dries's avatar
 
Dries committed
132
function account_site_edit() {
Dries's avatar
Dries committed
133 134
  global $theme, $themes, $user;

Dries's avatar
 
Dries committed
135
  if ($user->id) {
Dries's avatar
Dries committed
136 137 138 139
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
    $output .= "<B>Theme:</B><BR>\n";

    foreach ($themes as $key=>$value) { 
Dries's avatar
 
Dries committed
140
      $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
Dries's avatar
Dries committed
141 142
    }

Dries's avatar
 
Dries committed
143
    $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
Dries's avatar
Dries committed
144
    $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
Dries's avatar
 
Dries committed
145 146 147
    $output .= "<B>Timezone:</B><BR>\n";

    $date = time() - date("Z");
Dries's avatar
 
Dries committed
148
    for ($zone = -43200; $zone <= 46800; $zone += 3600) {
Dries's avatar
 
Dries committed
149 150 151 152 153
      $options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
    }

    $output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
    $output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
Dries's avatar
Dries committed
154
    $output .= "<B>Maximum number of stories:</B><BR>\n";
Dries's avatar
 
Dries committed
155 156 157 158 159 160
    
    for ($stories = 10; $stories <= 30; $stories += 5) {
      $options3 .= "<OPTION VALUE=\"$stories\"". (($user->stories == $stories) ? " SELECTED" : "") .">$stories</OPTION>\n";
    }

    $output .= "<SELECT NAME=\"edit[stories]\">\n$options3</SELECT><BR>\n";
Dries's avatar
Dries committed
161
    $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
Dries's avatar
 
Dries committed
162 163 164
    $options  = "<OPTION VALUE=\"nested\"". ($user->mode == "nested" ? " SELECTED" : "") .">Nested</OPTION>";
    $options .= "<OPTION VALUE=\"flat\"". ($user->mode == "flat" ? " SELECTED" : "") .">Flat</OPTION>";
    $options .= "<OPTION VALUE=\"threaded\"". ($user->mode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>";
Dries's avatar
Dries committed
165
    $output .= "<B>Comment display mode:</B><BR>\n";
Dries's avatar
 
Dries committed
166 167 168 169
    $output .= "<SELECT NAME=\"edit[mode]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"0\"". ($user->sort == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->sort == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->sort == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
Dries's avatar
Dries committed
170
    $output .= "<B>Comment sort order:</B><BR>\n";
Dries's avatar
 
Dries committed
171 172 173 174 175 176 177 178
    $output .= "<SELECT NAME=\"edit[sort]\">$options</SELECT><P>\n";
    $options  = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
    $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
    $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
    $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
    $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
    $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
    $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
Dries's avatar
Dries committed
179
    $output .= "<B>Comment threshold:</B><BR>\n";
Dries's avatar
 
Dries committed
180
    $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n";
Dries's avatar
Dries committed
181
    $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
Dries's avatar
 
Dries committed
182 183 184


    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save site settings\"><BR>\n";
Dries's avatar
Dries committed
185 186 187
    $output .= "</FORM>\n";

    $theme->header();
Dries's avatar
 
Dries committed
188
    $theme->box("Edit your settings", $output);
Dries's avatar
Dries committed
189 190 191 192
    $theme->footer();
  }
  else {
    $theme->header();
Dries's avatar
 
Dries committed
193
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
194
    $theme->box("E-mail password", account_email());
Dries's avatar
Dries committed
195 196 197 198
    $theme->footer();
  }
}

Dries's avatar
 
Dries committed
199
function account_site_save($edit) {
Dries's avatar
Dries committed
200
  global $user;
Dries's avatar
 
Dries committed
201

Dries's avatar
 
Dries committed
202
  if ($user->id) {
Dries's avatar
Dries committed
203
    $data[theme] = $edit[theme];
Dries's avatar
 
Dries committed
204
    $data[timezone] = $edit[timezone];
Dries's avatar
 
Dries committed
205 206 207 208 209
    $data[stories] = $edit[stories];
    $data[mode] = $edit[mode];
    $data[sort] = $edit[sort];
    $data[threshold] = $edit[threshold];
    user_save($data, $user->id);
Dries's avatar
Dries committed
210
  }
211
}
Dries's avatar
 
Dries committed
212

Dries's avatar
 
Dries committed
213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259
function account_block_edit() {
  global $theme, $user;

  if ($user->id) {
    $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
  
    $output .= "<B>Blocks:</B><BR>\n";

    $result = db_query("SELECT * FROM blocks WHERE status = 1");
    while ($block = db_fetch_object($result)) {
      $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'"));

      $options = "";
      for ($weight = 0; $weight < 10; $weight++) {
        $options .= "<OPTION VALUE=\"$weight\"". (($entry->weight == $weight) ? " SELECTED" : "") .">". (($weight == 0) ? "off" : $weight) ."</OPTION>\n";
      }

      $output .= "<SELECT NAME=\"edit[$block->name]\">\n$options</SELECT>";
      $output .= "$block->name<BR>";
    } 
 
    $output .= "<I>You can more or less position your blocks by assigning them weights.  The heavy blocks sink down whereas the light blocks will be positioned on top.</I><P>\n";
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save block settings\"><BR>\n";
    $output .= "</FORM>\n";

    $theme->header();
    $theme->box("Edit your blocks", $output);
    $theme->footer();
  }
  else {
    $theme->header();
    $theme->box("Create user account", account_create());
    $theme->box("E-mail password", account_email());
    $theme->footer();
  }
}

function account_block_save($edit) {
  global $user;
  if ($user->id) {
    db_query("DELETE FROM layout WHERE user = $user->id");
    foreach ($edit as $block=>$weight) {
      db_query("INSERT INTO layout (user, block, weight) VALUES ('". check_input($user->id) ."', '". check_input($block) ."', '". check_input($weight) ."')");
    }
  }
}

Dries's avatar
Dries committed
260
function account_user($uname) {
Dries's avatar
 
Dries committed
261
  global $user, $theme;
Dries's avatar
 
Dries committed
262

Dries's avatar
 
Dries committed
263
  if ($user->id && $user->userid == $uname) {
Dries's avatar
 
Dries committed
264
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
265 266
    $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
267
    $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($user->fake_email) ."</A></TD></TR>\n";
268 269 270
    $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
271
    $output .= "</TABLE>\n";
Dries's avatar
 
Dries committed
272 273

    ### Display account information:
Dries's avatar
 
Dries committed
274
    $theme->header();
Dries's avatar
 
Dries committed
275
    $theme->box("View your information", $output);
Dries's avatar
 
Dries committed
276 277
    $theme->footer();
  }
Dries's avatar
Dries committed
278
  elseif ($uname && $account = account_get_user($uname)) {
Dries's avatar
 
Dries committed
279
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
280
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
Dries's avatar
 
Dries committed
281
    $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email($account->fake_email) ."</TD></TR>\n";
282 283
    $box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
284 285
    $box1 .= "</TABLE>\n";

Dries's avatar
Dries committed
286
    $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND s.status = 2 AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
287
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
288
      $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
Dries's avatar
 
Dries committed
289
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
290
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
Dries's avatar
 
Dries committed
291
      $box2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
Dries's avatar
 
Dries committed
292
      $box2 .= "</TABLE>\n";
Dries's avatar
 
Dries committed
293
      $box2 .= "<P>\n";
294 295
      $comments++;
    }
Dries's avatar
 
Dries committed
296

297 298
    $result = db_query("SELECT d.* FROM diaries d LEFT JOIN users u ON u.id = d.author WHERE u.userid = '$uname' AND d.timestamp > ". (time() - 1209600) ."  ORDER BY id DESC LIMIT 2");
    while ($diary = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
299
      $box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
300 301 302
      $diaries++;
    }
    
Dries's avatar
 
Dries committed
303
    ### Display account information:
Dries's avatar
 
Dries committed
304
    $theme->header();
305 306 307
    if ($box1) $theme->box("User information for $uname", $box1);
    if ($box2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $box2);
    if ($box3) $theme->box("$uname has posted ". format_plural($diaries, "diary entry", "diary entries") ." recently", $box3);
Dries's avatar
 
Dries committed
308 309 310
    $theme->footer();
  }
  else { 
Dries's avatar
 
Dries committed
311
    ### Display login form:
Dries's avatar
 
Dries committed
312
    $theme->header();
Dries's avatar
 
Dries committed
313
    $theme->box("Create user account", account_create());
Dries's avatar
Dries committed
314
    $theme->box("E-mail password", account_email());
Dries's avatar
 
Dries committed
315
    $theme->footer();
Dries's avatar
Dries committed
316 317
  }
}
Dries's avatar
 
Dries committed
318

Dries's avatar
 
Dries committed
319 320
function account_validate($user) {
  include "includes/ban.inc";
Dries's avatar
Dries committed
321

Dries's avatar
 
Dries committed
322 323 324 325 326 327 328 329 330 331 332 333 334 335
  ### Verify username and e-mail address:
  if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
  if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";

  ### Check to see whether the username or e-mail address are banned:
  if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned  for the following reason: <I>$ban->reason</I>.</LI>\n";
  if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";

  ### Verify whether username and e-mail address are unique:
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
  if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";

  return $error;
Dries's avatar
Dries committed
336 337
}

Dries's avatar
Dries committed
338 339
function account_email_submit($userid, $email) {
  global $theme, $site_name, $site_url; 
340

Dries's avatar
Dries committed
341 342 343
  $result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
  
  if ($account = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
344 345 346
    $passwd = account_password();
    $status = 1;
    $hash = substr(md5("$userid. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
347

Dries's avatar
 
Dries committed
348
    db_query("UPDATE users SET passwd = PASSWORD('$passwd'), hash = '$hash', status = '$status' WHERE userid = '$userid'");
Dries's avatar
Dries committed
349

Dries's avatar
 
Dries committed
350 351
    $link = $site_url ."account.php?op=confirm&name=$userid&hash=$hash";
    $message = "$userid,\n\n\nyou requested us to e-mail you a new password for your $site_name account.  Note that you will need to re-activate your account before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically re-activate your account.  Once activated you can login using the following information:\n\n    username: $userid\n    password: $passwd\n\n\n-- $site_name crew\n";
Dries's avatar
Dries committed
352 353 354

    watchdog("message", "new password: `$userid' &lt;$email&gt;");

Dries's avatar
 
Dries committed
355
    mail($email, "Account details for $site_name", $message, "From: noreply");
Dries's avatar
Dries committed
356 357 358 359 360 361 362

    $output = "Your password and further instructions have been sent to your e-mail address.";
  }
  else {
    watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
    $output = "Could not sent password: no match for the specified username and e-mail address.";
  }
Dries's avatar
 
Dries committed
363

Dries's avatar
Dries committed
364
  $theme->header();
Dries's avatar
Dries committed
365
  $theme->box("E-mail password", $output);
Dries's avatar
Dries committed
366 367
  $theme->footer();
}
Dries's avatar
 
Dries committed
368

Dries's avatar
Dries committed
369 370 371 372 373
function account_create_submit($userid, $email) {
  global $theme, $site_name, $site_url;
  
  $new[userid] = $userid;
  $new[real_email] = $email;
Dries's avatar
 
Dries committed
374
  
Dries's avatar
 
Dries committed
375
  if ($rval = account_validate($new)) { 
Dries's avatar
Dries committed
376
    $theme->header();
Dries's avatar
 
Dries committed
377
    $theme->box("Create user account", account_create($new, $rval));
Dries's avatar
Dries committed
378
    $theme->footer();
Dries's avatar
 
Dries committed
379 380 381 382 383
  }
  else {
    $new[passwd] = account_password();
    $new[status] = 1;
    $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
Dries's avatar
 
Dries committed
384

Dries's avatar
 
Dries committed
385
    user_save($new);
Dries's avatar
Dries committed
386

Dries's avatar
 
Dries committed
387 388
    $link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
    $message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact.  If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login.  You can do so simply by visiting the URL below:\n\n    $link\n\nVisiting this URL will automatically activate your account.  Once activated you can login using the following information:\n\n    username: $new[userid]\n    password: $new[passwd]\n\n\n-- $site_name crew\n";
Dries's avatar
 
Dries committed
389

Dries's avatar
Dries committed
390
    watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
Dries's avatar
 
Dries committed
391

Dries's avatar
 
Dries committed
392
    mail($new[real_email], "Account details for $site_name", $message, "From: noreply");
Dries's avatar
 
Dries committed
393

Dries's avatar
 
Dries committed
394
    $theme->header();
Dries's avatar
 
Dries committed
395
    $theme->box("Create user account", "Congratulations!  Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
Dries's avatar
 
Dries committed
396 397 398 399
    $theme->footer();
  }
}

Dries's avatar
Dries committed
400
function account_create_confirm($name, $hash) {
Dries's avatar
 
Dries committed
401 402 403 404 405 406 407 408 409
  global $theme;

  $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");

  if ($account = db_fetch_object($result)) {
    if ($account->status == 1) {
      if ($account->hash == $hash) {
        db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'");
        $output .= "Your account has been sucessfully confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
 
Dries committed
410
        watchdog("message", "$name: account confirmation sucessful");
Dries's avatar
 
Dries committed
411 412 413
      }
      else {
        $output .= "Confirmation failed: invalid confirmation hash.\n";
Dries's avatar
Dries committed
414
        watchdog("warning", "$name: invalid confirmation hash");
Dries's avatar
 
Dries committed
415 416 417 418
      }
    }
    else {
      $output .= "Confirmation failed: your account has already been confirmed.  You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
Dries's avatar
Dries committed
419
      watchdog("warning", "$name: attempt to re-confirm account");
Dries's avatar
 
Dries committed
420 421 422 423
    }
  }
  else {
    $output .= "Confirmation failed: no such account found.<BR>";
Dries's avatar
Dries committed
424
    watchdog("warning", "$name: attempt to confirm non-existing account");
Dries's avatar
 
Dries committed
425 426 427 428 429
  }

  $theme->header();
  $theme->box("Account confirmation", $output);
  $theme->footer();
Dries's avatar
Dries committed
430
}
Dries's avatar
 
Dries committed
431

Dries's avatar
Dries committed
432
function account_password($min_length=6) {
433
  mt_srand((double)microtime() * 1000000);
Dries's avatar
 
Dries committed
434
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
 
Dries committed
435
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
436
  return $password;
Dries's avatar
Dries committed
437 438
}

Dries's avatar
 
Dries committed
439
function account_track_comments() {
Dries's avatar
Dries committed
440
  global $theme, $user;
Dries's avatar
 
Dries committed
441

Dries's avatar
 
Dries committed
442
  $msg = "<P>This page might be helpful in case you want to keep track of your recent comments in any of the current discussions.  You are presented an overview of your comments in each of the stories you participated in along with the number of replies each comment got.\n<P>\n"; 
Dries's avatar
 
Dries committed
443 444 445 446

  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  
  while ($story = db_fetch_object($sresult)) {
Dries's avatar
 
Dries committed
447
    $output .= "<LI>". format_plural($story->count, comment, comments) ." attached to story `<A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n";
Dries's avatar
 
Dries committed
448 449 450 451
    $output .= " <UL>\n";
   
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
Dries's avatar
 
Dries committed
452
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - replies: ". discussion_num_replies($comment->cid) ." - score: ". discussion_score($comment) ."</LI>\n";
Dries's avatar
 
Dries committed
453 454 455
    }
    $output .= " </UL>\n";
  }
Dries's avatar
 
Dries committed
456

Dries's avatar
 
Dries committed
457
  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any comments recently.</B></CENTER>\n";
Dries's avatar
 
Dries committed
458

Dries's avatar
Dries committed
459 460 461
  $theme->header();
  $theme->box("Track your comments", $output);
  $theme->footer();
Dries's avatar
 
Dries committed
462 463
}

Dries's avatar
 
Dries committed
464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533
function account_track_stories() {
  global $theme, $user;

  $msg = "<P>This page might be helpful in case you want to keep track of the stories you contributed.  You are presented an overview of your stories along with the number of replies each story got.\n<P>\n"; 

  $result = db_query("SELECT s.id, s.subject, s.timestamp, s.category, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
  
  while ($story = db_fetch_object($result)) {
    $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Category:</B></TD><TD><A HREF=\"search.php?category=". urlencode($story->category) ."\">". check_output($story->category) ."</A></TD></TR>\n";
    $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
    $output .= "</TABLE>\n";
    $output .= "<P>\n";
  }

  $output = ($output) ? "$msg $output" : "$info <CENTER><B>You have not posted any stories.</B></CENTER>\n";

  $theme->header();
  $theme->box("Track your stories", $output);
  $theme->footer();
}

function account_track_site() {
  global $theme, $user, $site_name;

  $result1 = db_query("SELECT c.cid, c.pid, c.sid, c.subject, u.userid, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE s.status = 2 ORDER BY cid DESC LIMIT 10");

  while ($comment = db_fetch_object($result1)) {
    $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Author:</B></TD><TD>". format_username($comment->userid) ."</TD></TR>\n";
    $box1 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">". check_output($comment->story) ."</A></TD></TR>\n";
    $box1 .= "</TABLE>\n";
    $box1 .= "<P>\n";
  }

  $users_total = db_result(db_query("SELECT COUNT(id) FROM users"));
  
  $stories_posted  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 2"));
  $stories_queued  = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 1"));
  $stories_dumped = db_result(db_query("SELECT COUNT(id) FROM stories WHERE status = 0"));

  $result = db_query("SELECT u.userid, COUNT(s.author) AS count FROM stories s LEFT JOIN users u ON s.author = u.id GROUP BY s.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $stories_posters .= format_username($poster->userid) .", ";

  $comments_total = db_result(db_query("SELECT COUNT(cid) FROM comments")); 
  $comments_score = db_result(db_query("SELECT TRUNCATE(AVG(score / votes), 2) FROM comments WHERE votes > 0"));

  $result = db_query("SELECT u.userid, COUNT(c.author) AS count FROM comments c LEFT JOIN users u ON c.author = u.id GROUP BY c.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $comments_posters .= format_username($poster->userid) .", ";

  $diaries_total = db_result(db_query("SELECT COUNT(id) FROM diaries"));

  $result = db_query("SELECT u.userid, COUNT(d.author) AS count FROM diaries d LEFT JOIN users u ON d.author = u.id GROUP BY d.author ORDER BY count DESC LIMIT 10");
  while ($poster = db_fetch_object($result)) $diaries_posters .= format_username($poster->userid) .", ";
  
  $box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\">\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Users:</B></TD><TD>$users_total users</TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Stories:</B></TD><TD>$stories_posted posted, $stories_queued queued, $stories_dumped dumped<BR><I>[most frequent posters: $stories_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Comments:</B></TD><TD>$comments_total comments with an average score of $comments_score<BR><I>[most frequent posters: $comments_posters ...]</I></TD></TR>\n";
  $box2 .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Diaries:</B></TD><TD>$diaries_total diary entries<BR><I>[most frequent posters: $diaries_posters ...]</I></TD></TR>\n";
  $box2 .= "</TABLE>\n";

  $theme->header();
  $theme->box("Recent comments", $box1);
  $theme->box("Site statistics", $box2);
  $theme->footer();
}

Dries's avatar
 
Dries committed
534 535 536 537 538 539
### Security check:
if (strstr($name, " ") || strstr($hash, " ")) {
  watchdog("error", "account: attempt to provide malicious input through URI");
  exit();
}

540
switch ($op) {
Dries's avatar
Dries committed
541
  case "Login":
Dries's avatar
Dries committed
542 543
    account_session_start($userid, $passwd);
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
544
    break;
Dries's avatar
Dries committed
545 546 547 548 549
  case "E-mail password":
    account_email_submit($userid, $email);
    break;
  case "Create account":
    account_create_submit($userid, $email);
Dries's avatar
Dries committed
550
    break;
Dries's avatar
 
Dries committed
551 552
  case "confirm":
    account_create_confirm($name, $hash);
Dries's avatar
Dries committed
553
    break;
554
  case "Save user information":
Dries's avatar
Dries committed
555 556
    account_user_save($edit);
    account_user($user->userid);
Dries's avatar
Dries committed
557
    break;
Dries's avatar
 
Dries committed
558 559
  case "Save site settings":
    account_site_save($edit);
560
    header("Location: account.php?op=info");
Dries's avatar
Dries committed
561
    break;
Dries's avatar
 
Dries committed
562 563 564 565
  case "Save block settings":
    account_block_save($edit);
    account_user($user->userid);
    break;
Dries's avatar
 
Dries committed
566 567 568 569 570 571 572 573 574 575
  case "logout":
    account_session_close();
    header("Location: account.php?op=info");
    break;
  case "view":
    switch ($topic) {
      case "info":
        account_user($user->userid);
        break;
      case "diary":
Dries's avatar
 
Dries committed
576
        header("Location: module.php?mod=diary&op=view&name=$user->userid");
Dries's avatar
 
Dries committed
577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598
        break;        
      default:
        account_user($name);
    }
    break;
  case "track":
    switch ($topic) {
      case "site":
        account_track_site();
        break;
      case "stories":
        account_track_stories();
        break;
      default:
        account_track_comments();
    }
    break;
  case "edit":
    switch ($topic) {
      case "user":
        account_user_edit();
        break;
Dries's avatar
 
Dries committed
599 600 601 602 603
      case "site":
        account_site_edit();
        break;
      case "block":
        account_block_edit();
Dries's avatar
 
Dries committed
604 605
        break;
      default:
Dries's avatar
 
Dries committed
606
        header("Location: module.php?mod=diary&op=add&name=$user->userid");
Dries's avatar
 
Dries committed
607 608
    }
    break;
Dries's avatar
 
Dries committed
609
  default: 
Dries's avatar
Dries committed
610
    account_user($user->userid);
Dries's avatar
Dries committed
611
}
Dries's avatar
 
Dries committed
612

Dries's avatar
Dries committed
613
?>