account adding/editing is working

3 files changed, 63 insertions, 9 deletions

diff --git a/web/html/account.php b/web/html/account.php
index b0452c5..a00a5e5 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -19,10 +19,10 @@ if (isset($_COOKIE["AURSID"])) {
 
 		# security check
 		#
-		if ($atype == "Trusted user" || $atype == "Developer") {
+		if ($atype == "Trusted User" || $atype == "Developer") {
 			# the user has entered search criteria, find any matching accounts
 			#
-			search_results_page($_REQUEST["O"], $_REQUEST["SB"],
+			search_results_page($atype, $_REQUEST["O"], $_REQUEST["SB"],
 					$_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"],
 					$_REQUEST["E"], $_REQUEST["R"], $_REQUEST["I"]);
 
@@ -35,23 +35,74 @@ if (isset($_COOKIE["AURSID"])) {
 	} elseif ($_REQUEST["Action"] == "DisplayAccount") {
 		# the user has clicked 'edit', display the account details in a form
 		#
+		$q = "SELECT Users.*, AccountTypes.AccountType ";
+		$q.= "FROM Users, AccountTypes ";
+		$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+		$q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+		$result = db_query($q, $dbh);
+		if (!$result) {
+			print __("Could not retrieve information for the specified user.");
+
+		} else {
+			$row = mysql_fetch_assoc($result);
+
+			# double check to make sure logged in user can edit this account
+			#
+			if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
+				print __("You do not have permission to edit this account.");
+			} else {
+
+				display_account_form($atype, "UpdateAccount", $row["Username"],
+						$row["AccountType"], $row["Suspended"], $row["Email"],
+						"", "", $row["RealName"], $row["LangPreference"],
+						$row["IRCNick"], $row["NewPkgNotify"], $row["ID"]);
+			}
+		}
 
 	} elseif ($_REQUEST["Action"] == "UpdateAccount") {
 		# user is submitting their modifications to an existing account
 		#
+		process_account_form($atype, "edit", "UpdateAccount",
+				$_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"],
+				$_REQUEST["E"], $_REQUEST["P"], $_REQUEST["C"],
+				$_REQUEST["R"], $_REQUEST["L"], $_REQUEST["I"],
+				$_REQUEST["N"], $_REQUEST["ID"]);
+
 
 	} else {
-		if ($atype == "Trusted user" || $atype == "Developer") {
+		if ($atype == "Trusted User" || $atype == "Developer") {
 			# display the search page if they're a TU/dev
 			#
 			print __("Use this form to search existing accounts.")."<br/>\n";
 			search_accounts_form();
 
 		} else {
-			# TODO A normal user, give them the ability to edit
+			# A normal user, give them the ability to edit
 			# their own account
 			#
-			print __("Regular users can edit their own account.");
+			$q = "SELECT Users.*, AccountTypes.AccountType ";
+			$q.= "FROM Users, AccountTypes, Sessions ";
+			$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+			$q.= "AND Users.ID = Sessions.UsersID ";
+			$q.= "AND Sessions.SessionID = '";
+			$q.= mysql_escape_string($_COOKIE["AURSID"])."'";
+			$result = db_query($q, $dbh);
+			if (!$result) {
+				print __("Could not retrieve information for the specified user.");
+
+			} else {
+				$row = mysql_fetch_assoc($result);
+				# don't need to check if they have permissions, this is a
+				# normal user editing themselves.
+				#
+				print __("Use this form to update your account.");
+				print "<br/>";
+				print __("Leave the password fields blank to keep your same password.");
+				display_account_form($atype, "UpdateAccount", $row["Username"],
+						$row["AccountType"], $row["Suspended"], $row["Email"],
+						"", "", $row["RealName"], $row["LangPreference"],
+						$row["IRCNick"], $row["NewPkgNotify"], $row["ID"]);
+			}
 		}
 	}
 
@@ -69,6 +120,7 @@ if (isset($_COOKIE["AURSID"])) {
 	} else {
 		# display the account request form
 		#
+		print __("Use this form to create an account.");
 		display_account_form("", "NewAccount");
 	}
 }
diff --git a/web/html/index.php b/web/html/index.php
index dd9b2cc..77d42b5 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -11,7 +11,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
 	# Attempting to log in
 	#
 	if (!isset($_REQUEST['user'])) {
-		$login_error = __("You must supply an email address.");
+		$login_error = __("You must supply a username.");
 	}
 	if (!isset($_REQUEST['pass'])) {
 		$login_error = __("You must supply a password.");
@@ -25,7 +25,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
 		$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
 		$result = db_query($q, $dbh);
 		if (!$result) {
-			$login_error = __("Incorrect password for email address, %s.",
+			$login_error = __("Incorrect password for username, %s.",
 						array($_REQUEST["user"]));
 		} else {
 			$row = mysql_fetch_row($result);
@@ -79,7 +79,7 @@ print "  </td>";
 # XXX Is this the proper way to add some spacing between table cells?
 #
 print "  <td>&nbsp;&nbsp;</td>";
-print "  <td align='right'>\n";
+print "  <td align='left' valign='top' nowrap>\n";
 if (!isset($_COOKIE["AURSID"])) {
 	# the user is not logged in, give them login widgets
 	#
@@ -104,7 +104,7 @@ if (!isset($_COOKIE["AURSID"])) {
 	print "</form>\n";
 
 } else {
-	print __("Currently logged in as: %h%s%h",
+	print __("Logged-in as: %h%s%h",
 			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
 }
 print "  </td>";
diff --git a/web/html/logout.php b/web/html/logout.php
index 07a787a..a81c645 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -9,6 +9,8 @@ set_lang();                 # this sets up the visitor's language
 if (isset($_COOKIE["AURSID"])) {
 	$q = "DELETE FROM Sessions WHERE SessionID = '";
 	$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
+	$dbh = db_connect();
+	db_query($q, $dbh);
 	setcookie("AURSID", "", time() - (60*60*24*30), "/");
 }