From 38eda65735e81d2774759a2aa6e9922c7131f830 Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 21 Jun 2004 19:36:54 +0000 Subject: working on the accounts stuff --- web/html/account.php | 406 +++++++++++++++++++++++++++++++++++++++++++- web/html/css/containers.css | 1 + web/html/index.php | 13 +- 3 files changed, 412 insertions(+), 8 deletions(-) (limited to 'web/html') diff --git a/web/html/account.php b/web/html/account.php index 4d2cd9f6..b03aee55 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -5,12 +5,412 @@ set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in html_header(); # print out the HTML header +# Display the standard Account form +# SID: the session id cookie value (if any) +# A: what "form" name to use +# U: value to display for username +# T: value to display for account type +# S: value to display for account suspended +# E: value to display for email address +# P: password value +# C: confirm password value +# R: value to display for RealName +# L: value to display for Language preference +# I: value to display for IRC nick +# N: new package notify value +function display_account_form($SID,$A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",$L="",$I="",$N="") { + global $SUPPORTED_LANGS; -# Any text you print out to the visitor, use the __() function -# for i18n support. See 'testpo.php' for more details. + print "
\n"; + print "\n"; + print "
\n"; + print "\n"; + print "\n"; + + # figure out what account type the visitor is + # + if ($SID) { + $atype = account_from_sid($SID); + } else { + $atype = ""; + } + + print ""; + print ""; + print ""; + print "\n"; + + if ($atype == "Trusted User" || $atype == "Developer") { + # only TUs or Devs can promote/demote/suspend a user + # + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print "\n"; + } + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print "\n"; + + print "\n"; + print ""; + print ""; + print ""; + print "\n"; + + print "
 
".__("Username:")." (".__("required").")
".__("Account Type:")."
".__("Account Suspended:").""; + } else { + print ">"; + } + print "
".__("Email Address:")." (".__("required").")
".__("Password:")." (".__("required").")
".__("Re-type password:")." (".__("required").")
".__("Real Name:")."
".__("IRC Nick:")."
".__("Language:")."
".__("New Package Notify:").""; + } else { + print ">"; + } + print "
 
 "; + if ($A == "ModifyAccount") { + print "   "; + } else { + print "   "; + } + print ""; + print "
\n"; + print "
\n"; + print "
\n"; +} # function display_account_form() + + +# Main page processing here # -print __("Under construction...")."
\n"; +if (isset($_COOKIE["AURSID"])) { + # visitor is logged in + # + $dbh = db_connect(); + + if ($_REQUEST["Action"] == "SearchAccounts") { + # the user has entered search criteria, find any matching accounts + # + $HITS_PER_PAGE = 50; + $OFFSET = 0; + + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + if ($_REQUEST["T"] == "u") { + $q.= "AND AccountTypes.ID = 1 "; + } elseif ($_REQUEST["T"] == "t") { + $q.= "AND AccountTypes.ID = 2 "; + } elseif ($_REQUEST["T"] == "d") { + $q.= "AND AccountTypes.ID = 3 "; + } + if ($_REQUEST["S"]) { + $q.= "AND Users.Suspended = 1 "; + } + if ($_REQUEST["U"]) { + $q.= "AND Username LIKE '%".mysql_escape_string($_REQUEST["U"])."%' "; + } + if ($_REQUEST["E"]) { + $q.= "AND Email LIKE '%".mysql_escape_string($_REQUEST["E"])."%' "; + } + if ($_REQUEST["R"]) { + $q.= "AND RealName LIKE '%".mysql_escape_string($_REQUEST["R"])."%' "; + } + if ($_REQUEST["I"]) { + $q.= "AND IRCNick LIKE '%".mysql_escape_string($_REQUEST["I"])."%' "; + } + $q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE; + $result = db_query($q, $dbh); + if (!$result) { + print __("No results matched your search criteria."); + } else { + print "
\n"; + print "\n"; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + print "
"; + print "\n"; + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print "\n"; + $i = 0; + while ($row = mysql_fetch_assoc($result)) { + if ($i % 2) { + print ""; + } else { + print ""; + } + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print "\n"; + $i++; + } + print "
".__("Username")."".__("Type")."".__("Status")."".__("Real Name")."".__("IRC Nick")."".__("Last Voted")."
".$row["Username"]."".user_type($row["AccountType"]).""; + if ($row["Suspended"]) { + print __("Suspended"); + } else { + print __("Active"); + } + print ""; + $row["RealName"] ? print $row["RealName"] : print " "; + print ""; + $row["IRCNick"] ? print $row["IRCNick"] : print " "; + print ""; + $row["LastVoted"] + ? print date("Ymd", $row["LastVoted"]) + : print __("Never"); + print "
\n"; + print "
"; + print "
\n"; + print "\n"; + print "\n"; + print ""; + print "
\n"; + print "		"; + print "
\n"; + print "\n"; + print "\n"; + print ""; + print "
\n"; + print "
\n"; + print "
\n"; + } + + + } elseif ($_REQUEST["Action"] == "DisplayAccount") { + # the user has clicked 'edit', display the account details in a form + # + + } elseif ($_REQUEST["Action"] == "UpdateAccount") { + # user is submitting their modifications to an existing account + # + + } else { + # display the search page + # + print "
\n"; + print "\n"; + print "
\n"; + print "\n"; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print ""; + print ""; + print ""; + print "\n"; + + print "
 
".__("Username:")."
".__("Account Type:")."
".__("Account Suspended:").""; + print "
".__("Email Address:")."
".__("Real Name:")."
".__("IRC Nick:")."
 "; + print "   "; + print "
\n"; + print "
\n"; + print "
\n"; + } + +} else { + # visitor is not logged in + # + if ($_REQUEST["Action"] == "NewAccount") { + # error check and process request for a new account + # + $dbh = db_connect(); + $error = ""; + if (!isset($_REQUEST["E"]) || !isset($_REQUEST["P"]) || + !isset($_REQUEST["C"])) { + $error = __("Missing a required field."); + } + if (!$error && ($_REQUEST["P"] != $_REQUEST["C"])) { + $error = __("Password fields do not match."); + } + if (!$error && !valid_email($_REQUEST["E"])) { + $error = __("The email address is invalid."); + } + if (!$error && !array_key_exists($_REQUEST["L"], $SUPPORTED_LANGS)) { + $error = __("Language is not currently supported."); + } + if (!$error) { + # check to see if this username is available + # NOTE: a race condition exists here if we care... + # + $q = "SELECT COUNT(*) AS CNT FROM Users "; + $q.= "WHERE Username = '".mysql_escape_string($_REQUEST["U"])."'"; + $result = db_query($q, $dbh); + if ($result) { + $row = mysql_fetch_array($result); + if ($row[0]) { + $error = __("The username, %h%s%h, is already in use.", + array("", $_REQUEST["U"], "")); + } + } + } + if (!$error) { + # check to see if this email address is available + # NOTE: a race condition exists here if we care... + # + $q = "SELECT COUNT(*) AS CNT FROM Users "; + $q.= "WHERE Email = '".mysql_escape_string($_REQUEST["E"])."'"; + $result = db_query($q, $dbh); + if ($result) { + $row = mysql_fetch_array($result); + if ($row[0]) { + $error = __("The address, %h%s%h, is already in use.", + array("", $_REQUEST["E"], "")); + } + } + } + if ($error) { + print "".$error."
\n"; + display_account_form("", "NewAccount", "", "", + $_REQUEST["U"], $_REQUEST["E"], $_REQUEST["R"], $_REQUEST["L"], + $_REQUEST["I"], $_REQUEST["N"]); + } else { + # no errors, go ahead and create the unprivileged user + # + $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; + $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; + $q.= "VALUES (1, 0, '".mysql_escape_string($_REQUEST["U"])."'"; + $q.= ", '".mysql_escape_string($_REQUEST["E"])."'"; + $q.= ", '".mysql_escape_string($_REQUEST["P"])."'"; + $q.= ", '".mysql_escape_string($_REQUEST["R"])."'"; + $q.= ", '".mysql_escape_string($_REQUEST["L"])."'"; + $q.= ", '".mysql_escape_string($_REQUEST["I"])."'"; + if ($_REQUEST["N"] == "on") { + $q.= ", 1)"; + } else { + $q.= ", 0)"; + } + $result = db_query($q, $dbh); + if (!$result) { + print __("Error trying to create account, %h%s%h: %s.", + array("", $_REQUEST["U"], "", mysql_error($dbh))); + } else { + # account created, tell them so. + # + print __("The account, %h%s%h, has been successfully created.", + array("", $_REQUEST["U"], "")); + print "

\n"; + print __("Click on the Home link above to login."); + print "

\n"; + } + } + } else { + # display the account request form + # + display_account_form("", "NewAccount"); + } +} html_footer("\$Id$"); +# vim: ts=2 sw=2 noet ft=php ?> diff --git a/web/html/css/containers.css b/web/html/css/containers.css index 69ed1d96..1f437e70 100644 --- a/web/html/css/containers.css +++ b/web/html/css/containers.css @@ -76,6 +76,7 @@ { background-color: #ffffff; border-right: 1px solid #000; + border-left: 1px solid #000; border-bottom: 1px solid #000; text-align: center; vertical-align: top; diff --git a/web/html/index.php b/web/html/index.php index ad7b73f0..dd9b2ccb 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -11,7 +11,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # if (!isset($_REQUEST['user'])) { - $login_error = __("You must supply a username."); + $login_error = __("You must supply an email address."); } if (!isset($_REQUEST['pass'])) { $login_error = __("You must supply a password."); @@ -21,11 +21,11 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' "; + $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { - $login_error = __("Incorrect password for username %s.", + $login_error = __("Incorrect password for email address, %s.", array($_REQUEST["user"])); } else { $row = mysql_fetch_row($result); @@ -70,13 +70,16 @@ html_header(); print "\n"; print "\n"; -print " "; -print " "; +print "
 
"; +print " 		"; print __("This is where the intro text will go."); print __("For now, it's just a place holder."); print __("It's more important to get the login functionality finished."); print __("After that, this can be filled in with more meaningful text."); print "  
\n"; +# XXX Is this the proper way to add some spacing between table cells? +# +print " 		  \n"; if (!isset($_COOKIE["AURSID"])) { # the user is not logged in, give them login widgets # -- cgit v1.2.3-24-g4f1b