diff options
Diffstat (limited to 'web/html')
-rw-r--r-- | web/html/account.php | 62 | ||||
-rw-r--r-- | web/html/index.php | 8 | ||||
-rw-r--r-- | web/html/logout.php | 2 |
3 files changed, 63 insertions, 9 deletions
diff --git a/web/html/account.php b/web/html/account.php index b0452c5b..a00a5e53 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -19,10 +19,10 @@ if (isset($_COOKIE["AURSID"])) { # security check # - if ($atype == "Trusted user" || $atype == "Developer") { + if ($atype == "Trusted User" || $atype == "Developer") { # the user has entered search criteria, find any matching accounts # - search_results_page($_REQUEST["O"], $_REQUEST["SB"], + search_results_page($atype, $_REQUEST["O"], $_REQUEST["SB"], $_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"], $_REQUEST["E"], $_REQUEST["R"], $_REQUEST["I"]); @@ -35,23 +35,74 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($_REQUEST["Action"] == "DisplayAccount") { # the user has clicked 'edit', display the account details in a form # + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = ".intval($_REQUEST["ID"]); + $result = db_query($q, $dbh); + if (!$result) { + print __("Could not retrieve information for the specified user."); + + } else { + $row = mysql_fetch_assoc($result); + + # double check to make sure logged in user can edit this account + # + if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) { + print __("You do not have permission to edit this account."); + } else { + + display_account_form($atype, "UpdateAccount", $row["Username"], + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["NewPkgNotify"], $row["ID"]); + } + } } elseif ($_REQUEST["Action"] == "UpdateAccount") { # user is submitting their modifications to an existing account # + process_account_form($atype, "edit", "UpdateAccount", + $_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"], + $_REQUEST["E"], $_REQUEST["P"], $_REQUEST["C"], + $_REQUEST["R"], $_REQUEST["L"], $_REQUEST["I"], + $_REQUEST["N"], $_REQUEST["ID"]); + } else { - if ($atype == "Trusted user" || $atype == "Developer") { + if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev # print __("Use this form to search existing accounts.")."<br/>\n"; search_accounts_form(); } else { - # TODO A normal user, give them the ability to edit + # A normal user, give them the ability to edit # their own account # - print __("Regular users can edit their own account."); + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes, Sessions "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = Sessions.UsersID "; + $q.= "AND Sessions.SessionID = '"; + $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $result = db_query($q, $dbh); + if (!$result) { + print __("Could not retrieve information for the specified user."); + + } else { + $row = mysql_fetch_assoc($result); + # don't need to check if they have permissions, this is a + # normal user editing themselves. + # + print __("Use this form to update your account."); + print "<br/>"; + print __("Leave the password fields blank to keep your same password."); + display_account_form($atype, "UpdateAccount", $row["Username"], + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["NewPkgNotify"], $row["ID"]); + } } } @@ -69,6 +120,7 @@ if (isset($_COOKIE["AURSID"])) { } else { # display the account request form # + print __("Use this form to create an account."); display_account_form("", "NewAccount"); } } diff --git a/web/html/index.php b/web/html/index.php index dd9b2ccb..77d42b56 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -11,7 +11,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # if (!isset($_REQUEST['user'])) { - $login_error = __("You must supply an email address."); + $login_error = __("You must supply a username."); } if (!isset($_REQUEST['pass'])) { $login_error = __("You must supply a password."); @@ -25,7 +25,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { - $login_error = __("Incorrect password for email address, %s.", + $login_error = __("Incorrect password for username, %s.", array($_REQUEST["user"])); } else { $row = mysql_fetch_row($result); @@ -79,7 +79,7 @@ print " </td>"; # XXX Is this the proper way to add some spacing between table cells? # print " <td> </td>"; -print " <td align='right'>\n"; +print " <td align='left' valign='top' nowrap>\n"; if (!isset($_COOKIE["AURSID"])) { # the user is not logged in, give them login widgets # @@ -104,7 +104,7 @@ if (!isset($_COOKIE["AURSID"])) { print "</form>\n"; } else { - print __("Currently logged in as: %h%s%h", + print __("Logged-in as: %h%s%h", array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); } print " </td>"; diff --git a/web/html/logout.php b/web/html/logout.php index 07a787a1..a81c6455 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -9,6 +9,8 @@ set_lang(); # this sets up the visitor's language if (isset($_COOKIE["AURSID"])) { $q = "DELETE FROM Sessions WHERE SessionID = '"; $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $dbh = db_connect(); + db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); } |