account.php 14.7 KB
Newer Older
Dries's avatar
Dries committed
1
<?
Dries's avatar
   
Dries committed
2
3
include "config.inc";
include "functions.inc";
Dries's avatar
Dries committed
4

Dries's avatar
   
Dries committed
5
6
7
8
9
function account_getUser($uname) {
  $result = db_query("SELECT * FROM users WHERE userid = '$uname'");
  return db_fetch_object($result);
}

10
function showLogin($userid = "") {
Dries's avatar
   
Dries committed
11
12
13
14
15
16
17
18
19
20
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= " <TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  $output .= "  <TR><TH>User ID:</TH><TD><INPUT NAME=userid VALUE=\"$userid\"></TD></TR>\n";
  $output .= "  <TR><TH>Password:</TH><TD><INPUT NAME=passwd TYPE=password></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><INPUT NAME=op TYPE=submit VALUE=\"Login\"></TD></TR>\n";
  $output .= "  <TR><TD ALIGN=center><A HREF=\"account.php?op=new\">Register</A> as new user.</A></TD></TR>\n";
  $output .= "  <TR><TD COLSPAN=2>$user->ublock</TD></TR>\n";
  $output .= " </TABLE>\n";
  $output .= "</FORM>\n";
  return $output;
21
}
Dries's avatar
   
Dries committed
22

23
24
25
26
27
function showAccess() {
  global $user, $access;
  foreach ($access as $key=>$value) if ($user->access & $value) $result .= "$key<BR>";
  return $result;
}
Dries's avatar
   
Dries committed
28
29

function showUser($uname) {
Dries's avatar
   
Dries committed
30
31
  global $user;

Dries's avatar
   
Dries committed
32
33
34
35
36
37
38
39
40
41
42
43
44
  include "theme.inc";
  
  if ($user && $uname && $user->userid == $uname) {
    $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
    $output .= " <TR><TD><B>Name:</B></TD><TD>$user->name</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$user->femail\">$user->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$user->url\">$user->url</A></TD></TR>\n";
    if ($user->access > 0) $output .= "<TR><TD VALIGN=top><B>Access:</B></TD><TD>". showAccess() ."</TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$user->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$user->signature</TD></TR>\n";
    $output .= "</TABLE>\n";
Dries's avatar
   
Dries committed
45
46

    ### Display account information:
Dries's avatar
   
Dries committed
47
48
49
50
51
52
53
54
55
56
57
58
59
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  elseif ($uname && $account = account_getUser($uname)) {
    $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
    $output .= " <TR><TD><B>User ID:</B></TD><TD>$account->userid</TD></TR>\n";
    $output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$account->femail\">$account->femail</A></TD></TR>\n";
    $output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$account->url\">$account->url</A></TD></TR>\n";
    $output .= " <TR><TD><B>Bio:</B></TD><TD>$account->bio</TD></TR>\n";
    $output .= " <TR><TD><B>Signature:</B></TD><TD>$account->signature</TD></TR>\n";
    $output .= "</TABLE>\n";

Dries's avatar
   
Dries committed
60
    ### Display account information:
Dries's avatar
   
Dries committed
61
62
63
64
65
    $theme->header();
    $theme->box("User information", $output);
    $theme->footer();
  }
  else { 
Dries's avatar
   
Dries committed
66
    ### Display login form:
Dries's avatar
   
Dries committed
67
68
69
    $theme->header();
    $theme->box("Login", showLogin($userid)); 
    $theme->footer();
Dries's avatar
Dries committed
70
71
  }
}
Dries's avatar
   
Dries committed
72

73
function newUser($user = "", $error="") {
Dries's avatar
   
Dries committed
74
75
76
77
78
79
80
81
82
83
84
  include "theme.inc";
  $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
  $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
  if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n";
  $output .= "<TR><TH>Name:</TH><TD><INPUT NAME=\"new[name]\" VALUE=\"$new[name]\"></TD></TR>\n";
  $output .= "<TR><TH>User ID:</TR><TD><INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"></TD></TR>\n";
  $output .= "<TR><TH>E-mail:</TH><TD><INPUT NAME=\"new[email]\" VALUE=\"$new[email]\"></TD></TR>\n";
  $output .= "<TR><TD ALIGN=right COLSPAN=2><INPUT NAME=op TYPE=submit VALUE=\"Register\"></TD></TR>\n";
  $output .= "</TABLE>\n";
  $output .= "</FORM>\n";

Dries's avatar
Dries committed
85
  $theme->header();
Dries's avatar
   
Dries committed
86
  $theme->box("Register as new user", $output);
Dries's avatar
Dries committed
87
88
  $theme->footer();
}
Dries's avatar
   
Dries committed
89

90
function validateUser($user) {
Dries's avatar
   
Dries committed
91
  include "ban.inc";
Dries's avatar
   
Dries committed
92

93
94
95
  ### Verify username and e-mail address:
  $user[userid] = trim($user[userid]);
  if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
Dries's avatar
   
Dries committed
96
  if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
97
  if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
Dries's avatar
   
Dries committed
98
99
100
101

  ### Check to see whether the username or e-mail address are banned:
  if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
  if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
Dries's avatar
Dries committed
102

Dries's avatar
   
Dries committed
103
  ### Verify whether username and e-mail address are unique:
Dries's avatar
   
Dries committed
104
105
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
  if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
Dries's avatar
   
Dries committed
106

107
  return($rval);
Dries's avatar
Dries committed
108
}
Dries's avatar
   
Dries committed
109
110

function account_makePassword($min_length=6) {
111
  mt_srand((double)microtime() * 1000000);
Dries's avatar
   
Dries committed
112
  $words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
Dries's avatar
   
Dries committed
113
  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
114
  return $password;
Dries's avatar
Dries committed
115
116
}

117
switch ($op) {
Dries's avatar
Dries committed
118
  case "Login":
119
    session_start();
Dries's avatar
   
Dries committed
120
121
    $user = new User($userid, $passwd);
    if ($user && $user->valid()) session_register("user");
Dries's avatar
   
Dries committed
122
    showUser($user->userid);
Dries's avatar
Dries committed
123
    break;
124
125
  case "new":
    newUser();
Dries's avatar
Dries committed
126
    break;
Dries's avatar
   
Dries committed
127
  case "info":
Dries's avatar
   
Dries committed
128
129
    showUser($uname);
    break;
natrak's avatar
natrak committed
130
  case "logout":
Dries's avatar
   
Dries committed
131
132
    // session_start();
    session_unset();
natrak's avatar
natrak committed
133
    session_destroy();
natrak's avatar
natrak committed
134
    unset($user);
135
    showUser();
Dries's avatar
Dries committed
136
    break;
137
138
139
  case "Register":
    if ($rval = validateUser($new)) { newUser($new, "<B>Error: $rval</B>"); }
    else {
Dries's avatar
   
Dries committed
140
141
142
143
      include"theme.inc";

      ### Generate new password:
      $new[passwd] = account_makePassword();
Dries's avatar
   
Dries committed
144
      dbsave("users", $new);
Dries's avatar
   
Dries committed
145

146
      if ($system == 1) {
Dries's avatar
   
Dries committed
147
148
149
150
        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your password is: <B>$new[passwd]</B><BR><A HREF=\"account.php?op=Login&userid=$new[userid]&passwd=$new[passwd]\">Login</A> to change your personal settings.");
        $theme->footer();
151
      } else {
Dries's avatar
   
Dries committed
152
153
154
155
156
157
158
        ### Send e-mail with account details:
        mail($new[email], "Account details for $sitename", "$user->name,\n\nyour $sitename member account has been created succesfully.  To be able to use it, you must login using the information below.  Please save this mail for further reference.\n\n   username: $new[userid]\n     e-mail: $new[email]\n   password: $new[passwd]\n\nThis password is generated by a randomizer.  It is recommended that you change this password immediately.\n\n$contact_signature", "From: $contact_email\nX-Mailer: PHP/" . phpversion());

        ### Display account information:
        $theme->header();
        $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>.  Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login.");
        $theme->footer();
159
160
      }
    }
Dries's avatar
Dries committed
161
    break;
Dries's avatar
   
Dries committed
162
  case "user":
Dries's avatar
   
Dries committed
163
    if ($user && $user->valid()) {
Dries's avatar
   
Dries committed
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Real name:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->name\"><BR>\n";
      $output .= "<I>Optional.</I><P>\n";
      $output .= "<B>Real e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[email]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->email\"><BR>\n";
      $output .= "<I>Required, but never displayed publicly: needed in case you lose your password.</I><P>\n";
      $output .= "<B>Fake e-mail address:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[femail]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->femail\"><BR>\n";
      $output .= "<I>Optional, and displayed publicly by your comments. You may spam proof it if you want.</I><P>\n";
      $output .= "<B>URL of homepage:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->url\"><BR>\n";
      $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
      $output .= "<B>Bio:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=35 ROWS=5 WRAP=virtual>$user->bio</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
      $output .= "<B>User block:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[ublock]\" COLS=35 ROWS=5 WRAP=virtual>$user->ublock</TEXTAREA><BR>\n";
Dries's avatar
   
Dries committed
183
      $output .= "<INPUT NAME=\"edit[ublockon]\" TYPE=checkbox". ($user->ublockon == 1 ? " CHECKED" : "") ."> Enable user block<BR>\n";
Dries's avatar
   
Dries committed
184
185
186
187
188
189
190
191
192
193
194
195
196
197
      $output .= "<I>Enable the checkbox and whatever you enter below will appear on your costum main page.</I><P>\n";
      $output .= "<B>Password:</B><BR>\n";
      $output .= "<INPUT TYPE=password NAME=\"edit[pass1]\" SIZE=10 MAXLENGTH=20> <INPUT TYPE=password NAME=edit[pass2] SIZE=10 MAXLENGTH=20><BR>\n";
      $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save user information\"><BR>\n";
      $output .= "</FORM>\n";

      ### Display output/content:
      include "theme.inc";
      $theme->header();
      $theme->box("Edit user information", $output);
      $theme->footer();
    }
    else {
Dries's avatar
   
Dries committed
198
      include "theme.inc";
Dries's avatar
   
Dries committed
199
200
201
202
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
203
    break;
Dries's avatar
   
Dries committed
204
  case "page":
Dries's avatar
   
Dries committed
205
206
207
208
    if ($user && $user->valid()) {
      ### Generate output/content:
      $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
      $output .= "<B>Theme:</B><BR>\n";
Dries's avatar
   
Dries committed
209

Dries's avatar
   
Dries committed
210
211
212
213
      ### Loop (dynamically) through all available themes:
      $handle = opendir("themes");
      while ($file = readdir($handle)) if(!ereg("^\.",$file) && file_exists("themes/$file/theme.class.php")) $options .= "<OPTION VALUE=\"$file\"". (((!empty($userinfo[theme])) && ($file == $cfg_theme)) || ($user->theme == $file) ? " SELECTED" : "") .">$file</OPTION>";
      closedir($handle);
Dries's avatar
   
Dries committed
214

Dries's avatar
   
Dries committed
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
      if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme;
      $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
      $output .= "<I>Changes the look and feel of the site.</I><P>\n";
      $output .= "<B>Maximum number of stories:</B><BR>\n";
      $output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=3 SIZE=3 VALUE=\"$user->storynum\"><P>\n";
      $options  = "<OPTION VALUE=\"nested\"". ($user->umode == 'nested' ? " SELECTED" : "") .">Nested</OPTION>";
      $options .= "<OPTION VALUE=\"flat\"". ($user->umode == 'flat' ? " SELECTED" : "") .">Flat</OPTION>";
      $options .= "<OPTION VALUE=\"threaded\"". ($user->umode == 'threaded' ? " SELECTED" : "") .">Threaded</OPTION>";
      $output .= "<B>Display mode:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=0". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
      $output .= "<B>Sort order:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n";
      $options  = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
      $options .= "<OPTION VALUE=0". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
      $options .= "<OPTION VALUE=1". ($user->thold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>";
      $options .= "<OPTION VALUE=2". ($user->thold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>";
      $options .= "<OPTION VALUE=3". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
      $options .= "<OPTION VALUE=4". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
      $options .= "<OPTION VALUE=5". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
      $output .= "<B>Threshold:</B><BR>\n";
      $output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n";
      $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
      $output .= "<B>Singature:</B> (255 char limit)<BR>\n";
      $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=35 ROWS=5 WRAP=virtual>$user->signature</TEXTAREA><BR>\n";
      $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
      $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save page settings\"><BR>\n";
      $output .= "</FORM>\n";
Dries's avatar
   
Dries committed
245

Dries's avatar
   
Dries committed
246
247
248
249
250
251
252
253
254
255
256
257
      ### Display output/content:
      include "theme.inc";
      $theme->header();
      $theme->box("Customize page", $output);
      $theme->footer();
    }
    else {
      include "theme.inc";
      $theme->header();
      $theme->box("Login", showLogin($userid)); 
      $theme->footer();
    }
Dries's avatar
Dries committed
258
    break;
259
  case "Save user information":
Dries's avatar
   
Dries committed
260
    if ($user && $user->valid()) {
261
262
263
264
265
266
267
268
      $data[name] = $edit[name];
      $data[email] = $edit[email];
      $data[femail] = $edit[femail];
      $data[url] = $edit[url];
      $data[bio] = $edit[bio];
      $data[ublock] = $edit[ublock];
      $data[ublockon] = $edit[ublockon];
      if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; }
Dries's avatar
   
Dries committed
269
      dbsave("users", $data, $user->id);
Dries's avatar
   
Dries committed
270
      $user->rehash();
271
    }
Dries's avatar
   
Dries committed
272
    showUser($user->userid);
Dries's avatar
Dries committed
273
    break;
274
  case "Save page settings":
Dries's avatar
   
Dries committed
275
    if ($user && $user->valid()) {
276
277
278
279
280
281
      $data[theme] = $edit[theme];
      $data[storynum] = $edit[storynum];
      $data[umode] = $edit[umode];
      $data[uorder] = $edit[uorder];
      $data[thold] = $edit[thold];
      $data[signature] = $edit[signature];
Dries's avatar
   
Dries committed
282
      dbsave("users", $data, $user->id);
Dries's avatar
   
Dries committed
283
      $user->rehash();
284
    }
Dries's avatar
   
Dries committed
285
    showUser($user->userid);
Dries's avatar
Dries committed
286
    break;
Dries's avatar
   
Dries committed
287
288
  default: 
    showUser($user->userid);
Dries's avatar
Dries committed
289
}
Dries's avatar
   
Dries committed
290

Dries's avatar
Dries committed
291
?>