diff options
-rw-r--r-- | support/schema/aur-schema.sql | 6 | ||||
-rw-r--r-- | web/html/account.php | 62 | ||||
-rw-r--r-- | web/html/index.php | 8 | ||||
-rw-r--r-- | web/html/logout.php | 2 | ||||
-rw-r--r-- | web/lang/account_po.inc | 25 | ||||
-rw-r--r-- | web/lang/acctfuncs_po.inc | 5 | ||||
-rw-r--r-- | web/lang/index_po.inc | 15 | ||||
-rw-r--r-- | web/lib/acctfuncs.inc | 104 |
8 files changed, 178 insertions, 49 deletions
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index ede9e6ea..ffd1d983 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -39,7 +39,11 @@ CREATE TABLE Users ( ); -- A default developer account for testing purposes INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES ( - 1, 3, 'root', 'root@localhost', 'changeme'); + 1, 3, 'dev', 'dev@localhost', 'dev'); +INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES ( + 2, 2, 'tu', 'tu@localhost', 'tu'); +INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES ( + 3, 1, 'user', 'user@localhost', 'user'); -- Track Users logging in/out of AUR web site. diff --git a/web/html/account.php b/web/html/account.php index b0452c5b..a00a5e53 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -19,10 +19,10 @@ if (isset($_COOKIE["AURSID"])) { # security check # - if ($atype == "Trusted user" || $atype == "Developer") { + if ($atype == "Trusted User" || $atype == "Developer") { # the user has entered search criteria, find any matching accounts # - search_results_page($_REQUEST["O"], $_REQUEST["SB"], + search_results_page($atype, $_REQUEST["O"], $_REQUEST["SB"], $_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"], $_REQUEST["E"], $_REQUEST["R"], $_REQUEST["I"]); @@ -35,23 +35,74 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($_REQUEST["Action"] == "DisplayAccount") { # the user has clicked 'edit', display the account details in a form # + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = ".intval($_REQUEST["ID"]); + $result = db_query($q, $dbh); + if (!$result) { + print __("Could not retrieve information for the specified user."); + + } else { + $row = mysql_fetch_assoc($result); + + # double check to make sure logged in user can edit this account + # + if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) { + print __("You do not have permission to edit this account."); + } else { + + display_account_form($atype, "UpdateAccount", $row["Username"], + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["NewPkgNotify"], $row["ID"]); + } + } } elseif ($_REQUEST["Action"] == "UpdateAccount") { # user is submitting their modifications to an existing account # + process_account_form($atype, "edit", "UpdateAccount", + $_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"], + $_REQUEST["E"], $_REQUEST["P"], $_REQUEST["C"], + $_REQUEST["R"], $_REQUEST["L"], $_REQUEST["I"], + $_REQUEST["N"], $_REQUEST["ID"]); + } else { - if ($atype == "Trusted user" || $atype == "Developer") { + if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev # print __("Use this form to search existing accounts.")."<br/>\n"; search_accounts_form(); } else { - # TODO A normal user, give them the ability to edit + # A normal user, give them the ability to edit # their own account # - print __("Regular users can edit their own account."); + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes, Sessions "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = Sessions.UsersID "; + $q.= "AND Sessions.SessionID = '"; + $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $result = db_query($q, $dbh); + if (!$result) { + print __("Could not retrieve information for the specified user."); + + } else { + $row = mysql_fetch_assoc($result); + # don't need to check if they have permissions, this is a + # normal user editing themselves. + # + print __("Use this form to update your account."); + print "<br/>"; + print __("Leave the password fields blank to keep your same password."); + display_account_form($atype, "UpdateAccount", $row["Username"], + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["NewPkgNotify"], $row["ID"]); + } } } @@ -69,6 +120,7 @@ if (isset($_COOKIE["AURSID"])) { } else { # display the account request form # + print __("Use this form to create an account."); display_account_form("", "NewAccount"); } } diff --git a/web/html/index.php b/web/html/index.php index dd9b2ccb..77d42b56 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -11,7 +11,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # if (!isset($_REQUEST['user'])) { - $login_error = __("You must supply an email address."); + $login_error = __("You must supply a username."); } if (!isset($_REQUEST['pass'])) { $login_error = __("You must supply a password."); @@ -25,7 +25,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { - $login_error = __("Incorrect password for email address, %s.", + $login_error = __("Incorrect password for username, %s.", array($_REQUEST["user"])); } else { $row = mysql_fetch_row($result); @@ -79,7 +79,7 @@ print " </td>"; # XXX Is this the proper way to add some spacing between table cells? # print " <td> </td>"; -print " <td align='right'>\n"; +print " <td align='left' valign='top' nowrap>\n"; if (!isset($_COOKIE["AURSID"])) { # the user is not logged in, give them login widgets # @@ -104,7 +104,7 @@ if (!isset($_COOKIE["AURSID"])) { print "</form>\n"; } else { - print __("Currently logged in as: %h%s%h", + print __("Logged-in as: %h%s%h", array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); } print " </td>"; diff --git a/web/html/logout.php b/web/html/logout.php index 07a787a1..a81c6455 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -9,6 +9,8 @@ set_lang(); # this sets up the visitor's language if (isset($_COOKIE["AURSID"])) { $q = "DELETE FROM Sessions WHERE SessionID = '"; $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $dbh = db_connect(); + db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); } diff --git a/web/lang/account_po.inc b/web/lang/account_po.inc index c69515e8..678a04a7 100644 --- a/web/lang/account_po.inc +++ b/web/lang/account_po.inc @@ -246,4 +246,29 @@ $_t["en"]["You are not allowed to access this area."] = "You are not allowed to # $_t["fr"]["You are not allowed to access this area."] = "--> Traduction fran�aise ici. <--"; # $_t["de"]["You are not allowed to access this area."] = "--> Deutsche �bersetzung hier. <--"; +$_t["en"]["Use this form to create an account."] = "Use this form to create an account."; +# $_t["es"]["Use this form to create an account."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Use this form to create an account."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Use this form to create an account."] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["Use this form to update your account."] = "Use this form to update your account."; +# $_t["es"]["Use this form to update your account."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Use this form to update your account."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Use this form to update your account."] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["Leave the password fields blank to keep your same password."] = "Leave the password fields blank to keep your same password."; +# $_t["es"]["Leave the password fields blank to keep your same password."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Leave the password fields blank to keep your same password."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Leave the password fields blank to keep your same password."] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["Could not retrieve information for the specified user."] = "Could not retrieve information for the specified user."; +# $_t["es"]["Could not retrieve information for the specified user."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Could not retrieve information for the specified user."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Could not retrieve information for the specified user."] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["You do not have permission to edit this account."] = "You do not have permission to edit this account."; +# $_t["es"]["You do not have permission to edit this account."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["You do not have permission to edit this account."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["You do not have permission to edit this account."] = "--> Deutsche �bersetzung hier. <--"; + ?>
\ No newline at end of file diff --git a/web/lang/acctfuncs_po.inc b/web/lang/acctfuncs_po.inc index fb59c42c..757ce847 100644 --- a/web/lang/acctfuncs_po.inc +++ b/web/lang/acctfuncs_po.inc @@ -191,4 +191,9 @@ $_t["en"]["No more results to display."] = "No more results to display."; # $_t["fr"]["No more results to display."] = "--> Traduction fran�aise ici. <--"; # $_t["de"]["No more results to display."] = "--> Deutsche �bersetzung hier. <--"; +$_t["en"]["A Trusted User cannot assign Developer status."] = "A Trusted User cannot assign Developer status."; +# $_t["es"]["A Trusted User cannot assign Developer status."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["A Trusted User cannot assign Developer status."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["A Trusted User cannot assign Developer status."] = "--> Deutsche �bersetzung hier. <--"; + ?>
\ No newline at end of file diff --git a/web/lang/index_po.inc b/web/lang/index_po.inc index 58bb8ab0..d96cd67a 100644 --- a/web/lang/index_po.inc +++ b/web/lang/index_po.inc @@ -96,4 +96,19 @@ $_t["en"]["Incorrect password for email address, %s."] = "Incorrect password for # $_t["fr"]["Incorrect password for email address, %s."] = "--> Traduction fran�aise ici. <--"; # $_t["de"]["Incorrect password for email address, %s."] = "--> Deutsche �bersetzung hier. <--"; +$_t["en"]["Incorrect password for username, %s."] = "Incorrect password for username, %s."; +# $_t["es"]["Incorrect password for username, %s."] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Incorrect password for username, %s."] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Incorrect password for username, %s."] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["Logged in as: %h%s%h"] = "Logged in as: %h%s%h"; +# $_t["es"]["Logged in as: %h%s%h"] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Logged in as: %h%s%h"] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Logged in as: %h%s%h"] = "--> Deutsche �bersetzung hier. <--"; + +$_t["en"]["Logged-in as: %h%s%h"] = "Logged-in as: %h%s%h"; +# $_t["es"]["Logged-in as: %h%s%h"] = "--> Traducci�n espa�ola aqu�. <--"; +# $_t["fr"]["Logged-in as: %h%s%h"] = "--> Traduction fran�aise ici. <--"; +# $_t["de"]["Logged-in as: %h%s%h"] = "--> Deutsche �bersetzung hier. <--"; + ?>
\ No newline at end of file diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 9579381e..97b84ba5 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -3,9 +3,9 @@ include_once("acctfuncs_po.inc"); # Display the standard Account form, pass in default values if any # -function display_account_form($SID,$A,$U="",$T="",$S="", - $E="",$P="",$C="",$R="",$L="",$I="",$N="") { - # SID: the session id cookie value (if any) +function display_account_form($UTYPE,$A,$U="",$T="",$S="", + $E="",$P="",$C="",$R="",$L="",$I="",$N="",$UID=0) { + # UTYPE: what user type the form is being displayed for # A: what "form" name to use # U: value to display for username # T: value to display for account type @@ -17,41 +17,43 @@ function display_account_form($SID,$A,$U="",$T="",$S="", # L: value to display for Language preference # I: value to display for IRC nick # N: new package notify value + # UID: Users.ID value in case form is used for editing global $SUPPORTED_LANGS; print "<form action='/account.php' method='post'>\n"; print "<input type='hidden' name='Action' value='".$A."'>\n"; + if ($UID) { + print "<input type='hidden' name='ID' value='".$UID."'>\n"; + } print "<center>\n"; print "<table border='0' cellpadding='0' cellspacing='0' width='80%'>\n"; print "<tr><td colspan='2'> </td></tr>\n"; - # figure out what account type the visitor is - # - if ($SID) { - $atype = account_from_sid($SID); - } else { - $atype = ""; - } - print "<tr>"; print "<td align='left'>".__("Username").":</td>"; print "<td align='left'><input type='text' size='30' maxlength='64'"; print " name='U' value='".$U."'> (".__("required").")</td>"; print "</tr>\n"; - if ($atype == "Trusted User" || $atype == "Developer") { + if ($UTYPE == "Trusted User" || $UTYPE == "Developer") { # only TUs or Devs can promote/demote/suspend a user # print "<tr>"; print "<td align='left'>".__("Account Type").":</td>"; print "<td align='left'><select name=T>\n"; - print "<option value='u'> ".__("Normal user")."\n"; - print "<option value='t'> ".__("Trusted user")."\n"; - if ($atype == "Developer") { + print "<option value='1'"; + $T == "User" ? print " selected>" : print ">"; + print __("Normal user")."\n"; + print "<option value='2'"; + $T == "Trusted User" ? print " selected>" : print ">"; + print __("Trusted user")."\n"; + if ($UTYPE == "Developer") { # only developers can make another account a developer # - print "<option value='d'> ".__("Developer")."\n"; + print "<option value='3'"; + $T == "Developer" ? print " selected>" : print ">"; + print __("Developer")."\n"; } print "</select></td>"; print "</tr>\n"; @@ -76,14 +78,20 @@ function display_account_form($SID,$A,$U="",$T="",$S="", print "<tr>"; print "<td align='left'>".__("Password").":</td>"; print "<td align='left'><input type='password' size='30' maxlength='32'"; - print " name='P' value='".$P."'> (".__("required").")</td>"; - print "</tr>\n"; + print " name='P' value='".$P."'>"; + if ($TYPE == "new") { + print " (".__("required").")"; + } + print "</td></tr>\n"; print "<tr>"; print "<td align='left'>".__("Re-type password").":</td>"; print "<td align='left'><input type='password' size='30' maxlength='32'"; - print " name='C' value='".$C."'> (".__("required").")</td>"; - print "</tr>\n"; + print " name='C' value='".$C."'>"; + if ($TYPE == "new") { + print " (".__("required").")"; + } + print "</td></tr>\n"; print "<tr>"; print "<td align='left'>".__("Real Name").":</td>"; @@ -124,7 +132,7 @@ function display_account_form($SID,$A,$U="",$T="",$S="", print "<tr>"; print "<td> </td>"; print "<td align='left'>"; - if ($A == "ModifyAccount") { + if ($A == "UpdateAccount") { print "<input type='submit' value='".__("Update")."'> "; } else { print "<input type='submit' value='".__("Create")."'> "; @@ -142,9 +150,9 @@ function display_account_form($SID,$A,$U="",$T="",$S="", # process form input from a new/edit account form # -function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", +function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $P="",$C="",$R="",$L="",$I="",$N="",$UID=0) { - # SID: the session id from the cookie + # UTYPE: The user's account type # TYPE: either "edit" or "new" # A: what parent "form" name to use # U: value to display for username @@ -162,8 +170,6 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", # error check and process request for a new/modified account # global $SUPPORTED_LANGS; - dbug("=> process_account_form"); - dbug(" A=$A,U=$U,T=$T,S=$S,E=$E,P=$P,C=$C,R=$R,L=$L,I=$I,N=$N"); $dbh = db_connect(); $error = ""; @@ -187,6 +193,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); } + if ($UTYPE == "Trusted User" && $T == 3) { + $error = __("A Trusted User cannot assign Developer status."); + } if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { $error = __("Language is not currently supported."); } @@ -196,6 +205,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", # $q = "SELECT COUNT(*) AS CNT FROM Users "; $q.= "WHERE Username = '".mysql_escape_string($U)."'"; + if ($TYPE == "edit") { + $q.= " AND ID != ".intval($UID); + } $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_array($result); @@ -211,6 +223,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", # $q = "SELECT COUNT(*) AS CNT FROM Users "; $q.= "WHERE Email = '".mysql_escape_string($E)."'"; + if ($TYPE == "edit") { + $q.= " AND ID != ".intval($UID); + } $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_array($result); @@ -222,7 +237,7 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", } if ($error) { print "<span class='error'>".$error."</span><br/>\n"; - display_account_form($SID, $A, $U, $T, $S, $E, "", "", + display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "", $R, $L, $I, $N, $UID); } else { if ($TYPE == "new") { @@ -259,11 +274,19 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="", # no errors, go ahead and modify the user account # $q = "UPDATE Users SET "; - $q.= "AccountTypeID = ".intval($T); - $q.= ", Suspended = ".intval($S); - $q.= ", Username = '".mysql_escape_string($U)."'"; + $q.= "Username = '".mysql_escape_string($U)."'"; + if ($T) { + $q.= ", AccountTypeID = ".intval($T); + } + if ($S) { + $q.= ", Suspended = 1"; + } else { + $q.= ", Suspended = 0"; + } $q.= ", Email = '".mysql_escape_string($E)."'"; - $q.= ", Passwd = '".mysql_escape_string($P)."'"; + if ($P) { + $q.= ", Passwd = '".mysql_escape_string($P)."'"; + } $q.= ", RealName = '".mysql_escape_string($R)."'"; $q.= ", LangPreference = '".mysql_escape_string($L)."'"; $q.= ", IRCNick = '".mysql_escape_string($I)."'"; @@ -340,7 +363,6 @@ function search_accounts_form() { print "<td align='left'><select name=SB>\n"; print "<option value='u'> ".__("Username")."\n"; print "<option value='t'> ".__("Account Type")."\n"; - print "<option value='e'> ".__("Email address")."\n"; print "<option value='r'> ".__("Real Name")."\n"; print "<option value='i'> ".__("IRC Nick")."\n"; print "<option value='v'> ".__("Last vote")."\n"; @@ -349,7 +371,7 @@ function search_accounts_form() { print "<tr>"; print "<td> </td>"; - print "<td align='left'>"; + print "<td align='left'> <br/> "; print "<input type='submit' value='".__("Search'")."> "; print "<input type='reset' value='".__("Reset")."'></td>"; print "</tr>\n"; @@ -363,8 +385,9 @@ function search_accounts_form() { # search results page # -function search_results_page($O=0,$SB="",$U="",$T="", +function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $S="",$E="",$R="",$I="") { + # UTYPE: what account type the user belongs to # O: what row offset we're at # SB: how to sort the results # U: value to display for username @@ -422,9 +445,6 @@ function search_results_page($O=0,$SB="",$U="",$T="", case 't': $q.= "ORDER BY AccountTypeID, Username "; break; - case 'e': - $q.= "ORDER BY Email, AccountTypeID "; - break; case 'r': $q.= "ORDER BY RealName, AccountTypeID "; break; @@ -500,9 +520,15 @@ function search_results_page($O=0,$SB="",$U="",$T="", : print __("Never"); print "</span></td>"; print "<td class='".$c."'><span class='f5'>"; - $edit_url = "/account.php?Action=DisplayAccount&ID=".$row["ID"]; - print "<a href='".$edit_url . "'>"; - print "Edit</a></span></td>"; + if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer") { + # TUs can't edit devs + # + print " </span></td>"; + } else { + $edit_url = "/account.php?Action=DisplayAccount&ID=".$row["ID"]; + print "<a href='".$edit_url . "'>"; + print "Edit</a></span></td>"; + } print "</tr>\n"; $i++; } |