summaryrefslogtreecommitdiffstats
path: root/web/template/account_edit_form.php
AgeCommit message (Collapse)AuthorFilesLines
2020-01-30Verify current password against logged in userLukas Fleischer1-2/+2
When changing the password of an account, instead of asking for the old password of the account, ask for the password of the currently logged in user. This allows privileged users to edit other accounts without knowing their passwords. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Require current password when setting a new oneLukas Fleischer1-12/+20
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-10-05Add a simple CAPTCHA to the sign up formLukas Fleischer1-0/+11
Add a CAPTCHA to protect against automated account creation. The CAPTCHA changes whenever three new accounts are registered. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-08-06Allow listing all comments from a userJohannes Löthberg1-0/+1
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-12Stop using each()Lukas Fleischer1-2/+2
The each() function has been deprecated as of PHP 7.2.0. Use foreach loops instead. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-05Point out that the user name is public when registeringLukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman1-0/+15
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-08-14Add details link from account edit formJohannes Löthberg1-0/+1
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-08Add a homepage field to accountsLukas Fleischer1-0/+5
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-21Send notifications when changing ownershipLukas Fleischer1-0/+4
Add a new option that makes it possible to subscribe to package ownership changes (adoption/disownment). Fixes FS#15412. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add support for package update notificationsLukas Fleischer1-0/+4
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add global comment notification settingLukas Fleischer1-0/+8
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-30Shorten maxlength of email input fields to 254 charactersMarcel Korpel1-1/+1
After 24734d0 (Shorten Email column to 254 characters, 2015-11-12) the maximum length of the input fields should be shortened, too. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-25Support long email addressesLukas Fleischer1-1/+1
According to RFC 3696 (and the associated errata), an email address can be up to 256 characters long. Change the database field and the length limit on all input fields accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-25Fix user name length limit on the account edit formLukas Fleischer1-1/+1
Change the maxlength attribute of the user name input field such that it corresponds to the username_max_len option. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-20Add option to hide one's email addressMarcel Korpel1-0/+5
Implements FS#42343. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-19account_edit_form.php: Warn users to correctly enter their email addressMarcel Korpel1-0/+4
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Use username from the database if one is provided by the userMarcel Korpel1-2/+2
This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-05-31Do not show the activity check box when registeringLukas Fleischer1-0/+2
Creating an inactive account does not make sense. Hide the activity check box from the registration page. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-05-31Show the SSH key field on the registration pageLukas Fleischer1-2/+0
Now that we have a short explanation on how we use the SSH public key, we can show that field on the registration page. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-05-31Add more details on the SSH public key fieldLukas Fleischer1-7/+12
Also, reorder the fields such that optional fields come last. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2014-12-29Disallow specifying an SSH key during registrationLukas Fleischer1-0/+2
Make sure that users confirm their email addresses before setting an initial SSH key. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-27Add support for adding SSH public keys to profilesLukas Fleischer1-0/+5
Users can now add an SSH public key on the account edit page. This will later be used to authenticate users via SSH. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Do not show deletion link on the registration pageLukas Fleischer1-1/+1
In 7df8dc8 (Add support for deleting user accounts, 2014-07-25), a link to the account deletion page was added to the account edit form. Make sure we only show this link if the user actually wants to edit an account and do not show this link on the account registration page. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Add support for deleting user accountsLukas Fleischer1-0/+4
Users can now delete their own accounts by clicking a link in the account edit form and confirming the deletion on a follow-up page. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Add a new user group "Trusted User & Developer"Lukas Fleischer1-0/+4
This group has full permissions on everything. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer1-5/+2
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Allow for setting an account's inactivity statusLukas Fleischer1-0/+5
This adds a field to the users table and corresponding fields to the account edit and display forms that allow for setting an (in-)activity status. This might turn out to be useful if a user is on vacation and can not respond to update/orphan/deletion requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Enforce e-mail validation during registrationLukas Fleischer1-2/+2
Remove the password field from the account creation form and always send a password reset request via e-mail instead. This ensures that only users with valid e-mail addresses are able to login. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Fix default selection on the account edit pageLukas Fleischer1-3/+3
We used a mixture of account type IDs and account type descriptions on the account edit page. This resulted in the account type field always defaulting to "Normal user" after an invalid form had been submitted. Consistently use account type IDs to avoid this. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-20account_edit_form.php: Fix some XHTML errorscanyonknight1-7/+9
* Add </option> close tags * Add VI delimiter to selected option * Add quotes to language codes Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-11Remove character limit on password lengthcanyonknight1-2/+2
As all new passwords are hashed and therefore stored in the database at the same length, this limitation is no longer needed. Fixes FS#31855 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-04Sync account editing page with archwebLukas Fleischer1-105/+76
Synchronize the layout of the account editing page with the profiles page from archweb. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-29/+29
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Make account registration work with recent account editing changescanyonknight1-0/+4
The account editing form requires two different form action URLs due to the fact that the same template is shared for both account registration and account editing. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user account update pagecanyonknight1-1/+1
The "UpdateAccount" page displays information as to whether an account update was successful. All POST account info goes to this page, so use it with sane URLs. Before: AUR_URL/account/?Action=UpdateAccount&U=userfoo After: AUR_URL/account/userfoo/update Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17account_edit_form.php: Remove another stray "</div>"Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-1/+1
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-0/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06acctfuncs.inc.php: Move XHTML to account_edit_form.php templatecanyonknight1-0/+138
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of a function that simply echoes the code, and moves it into a more reasonable template file in account_edit_form.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>