diff options
-rw-r--r-- | web/lib/acctfuncs.inc | 76 |
1 files changed, 36 insertions, 40 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 9ed4f22..91b6249 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -1,7 +1,7 @@ <?php # Display the standard Account form, pass in default values if any -# + function display_account_form($UTYPE,$A,$U="",$T="",$S="", $E="",$P="",$C="",$R="",$L="",$I="",$N="",$UID=0) { # UTYPE: what user type the form is being displayed for @@ -35,21 +35,20 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print " name='U' value='".$U."'> (".__("required").")</td>"; print "</tr>\n"; + # Only TUs or Devs can promote/demote/suspend a user if ($UTYPE == "Trusted User" || $UTYPE == "Developer") { - # only TUs or Devs can promote/demote/suspend a user - # print "<tr>"; print "<td align='left'>".__("Account Type").":</td>"; print "<td align='left'><select name=T>\n"; print "<option value='1'"; $T == "User" ? print " selected>" : print ">"; - print __("Normal user")."\n"; + print __("Normal user")."\n"; print "<option value='2'"; $T == "Trusted User" ? print " selected>" : print ">"; print __("Trusted user")."\n"; + + # Only developers can make another account a developer if ($UTYPE == "Developer") { - # only developers can make another account a developer - # print "<option value='3'"; $T == "Developer" ? print " selected>" : print ">"; print __("Developer")."\n"; @@ -79,7 +78,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print "<td align='left'><input type='password' size='30' maxlength='32'"; print " name='P' value='".$P."'>"; if ($A != "UpdateAccount") { - print " (".__("required").")"; + print " (".__("required").")"; } print "</td></tr>\n"; @@ -88,7 +87,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print "<td align='left'><input type='password' size='30' maxlength='32'"; print " name='C' value='".$C."'>"; if ($A != "UpdateAccount") { - print " (".__("required").")"; + print " (".__("required").")"; } print "</td></tr>\n"; @@ -136,7 +135,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", if ($A == "UpdateAccount") { print "<input type='submit' class='button'"; - print " value='".__("Update")."'> "; + print " value='".__("Update")."'> "; } else { print "<input type='submit' class='button'"; print " value='".__("Create")."'> "; @@ -172,20 +171,21 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # UID: database Users.ID value # error check and process request for a new/modified account - # global $SUPPORTED_LANGS; - if(isset($_COOKIE['AURSID'])) + if(isset($_COOKIE['AURSID'])) { $editor_user = uid_from_sid($_COOKIE['AURSID']); - else + } + else { $editor_user = null; + } $dbh = db_connect(); $error = ""; if (empty($E) || empty($U)) { $error = __("Missing a required field."); } - + if ($TYPE == "new") { # they need password fields for this type of action # @@ -200,10 +200,10 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) $error = __("The username is invalid.") . "<ul>\n" - ."<li>" . __("It must be between %s and %s characters long", + ."<li>" . __("It must be between %s and %s characters long", USERNAME_MIN_LEN, USERNAME_MAX_LEN ) . "</li>" - . "<li>" . __("Start and end with a letter or number") . "</li>" + . "<li>" . __("Start and end with a letter or number") . "</li>" . "<li>" . __("Can contain only one period, underscore or hyphen.") . "</li>\n</ul>"; @@ -211,8 +211,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $error = __("Password fields do not match."); } if (!$error && $P != '' && !good_passwd($P)) - $error = - __("Your password must be at least %s characters.",PASSWD_MIN_LEN); + $error = __("Your password must be at least %s characters.",PASSWD_MIN_LEN); if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); @@ -266,9 +265,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { if ($TYPE == "new") { # no errors, go ahead and create the unprivileged user - # - - #md5hash the password + + # md5hash the password $P = md5($P); $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; @@ -299,9 +297,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { # no errors, go ahead and modify the user account - # - #md5 hash the password + # md5 hash the password $q = "UPDATE Users SET "; $q.= "Username = '".mysql_real_escape_string($U)."'"; if ($T) { @@ -545,8 +542,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", # Display non-editable account info # -function display_account_info($U="",$T="", - $E="",$R="",$I="") { +function display_account_info($U="", $T="", $E="", $R="", $I="") { # U: value to display for username # T: value to display for account type # E: value to display for email address @@ -565,7 +561,7 @@ function display_account_info($U="",$T="", print " <td align='left'>".__("Username").":</td>\n"; print " <td align='left'>".$U."</td>\n"; print " </tr>\n"; - + print " <tr>\n"; print " <td align='left'>".__("Account Type").":</td>\n"; print " <td align='left'>"; @@ -573,11 +569,11 @@ function display_account_info($U="",$T="", print __("User"); } elseif ($T == "Trusted User") { print __("Trusted User"); - } elseif ($T == "Developer") { + } elseif ($T == "Developer") { print __("Developer"); } print "</td>\n"; - + print " <tr>\n"; print " <td align='left'>".__("Email Address").":</td>\n"; print " <td align='left'><a href='mailto:".$E."'>".$E."</a></td>\n"; @@ -613,7 +609,6 @@ function try_login() { if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { - $userID = valid_user($_REQUEST['user']); if ( user_suspended( $userID ) ) { @@ -641,7 +636,7 @@ function try_login() { } $num_tries++; - } + } if ($logged_in) { # set our SID cookie @@ -685,16 +680,14 @@ function try_login() { */ function valid_username( $user ) { - - #Is it non-empty? if (!empty($user)) { - + #Is username at not too short or too long? if ( strlen($user) >= USERNAME_MIN_LEN && strlen($user) <= USERNAME_MAX_LEN ) { - + $user = strtolower($user); - #Does username: + # Does username: # start and end with a letter or number # contain only letters and numbers, # and at most has one dash, period, or underscore @@ -704,7 +697,7 @@ function valid_username( $user ) } } } - + return; } @@ -721,7 +714,8 @@ function valid_user( $user ) . mysql_real_escape_string($user). "'"; $result = mysql_fetch_row(db_query($q, $dbh)); - #Is the username in the database? + + # Is the username in the database? if ($result[0]) { return $result[0]; } @@ -750,7 +744,7 @@ function valid_passwd( $userID, $passwd ) $result = mysql_fetch_row(db_query($q, $dbh)); if ($result[0]) { - #is it the right password? + # Is it the right password? return true; } } @@ -792,8 +786,9 @@ function user_is_privileged( $id ) $dbh = db_connect(); $q = "SELECT AccountTypeID FROM Users WHERE ID = '$id'"; $result = mysql_fetch_row(db_query($q, $dbh)); - if( $result[0] > 1) + if( $result[0] > 1) { return $result[0]; + } return 0; } @@ -802,10 +797,11 @@ function user_is_privileged( $id ) function clear_expired_sessions($dbh = null) { global $LOGIN_TIMEOUT; - if (empty($dbh)) + if (empty($dbh)) { $dbh = db_connect(); + } - $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)"; + $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)"; db_query($q, $dbh); return; |