diff options
Diffstat (limited to 'web/html/account.php')
| -rw-r--r-- | web/html/account.php | 57 |
1 files changed, 16 insertions, 41 deletions
diff --git a/web/html/account.php b/web/html/account.php index 5a0ef50..b0906d9 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -12,9 +12,8 @@ html_header(__('Accounts')); # Main page processing here # -echo "<div class=\"pgbox\">\n"; -echo " <div class=\"pgboxtitle\"><span class=\"f3\">".__("Accounts")."</span></div>\n"; -echo " <div class=\"pgboxbody\">\n"; +echo "<div class=\"box\">\n"; +echo " <h2>".__("Accounts")."</h2>\n"; $action = in_request("Action"); @@ -33,7 +32,8 @@ if (isset($_COOKIE["AURSID"])) { # search_results_page($atype, in_request("O"), in_request("SB"), in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("R"), in_request("I")); + in_request("E"), in_request("R"), in_request("I"), + in_request("K")); } else { # a non-privileged user is trying to access the search page @@ -44,17 +44,10 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($action == "DisplayAccount") { # the user has clicked 'edit', display the account details in a form # - $q = "SELECT Users.*, AccountTypes.AccountType "; - $q.= "FROM Users, AccountTypes "; - $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Users.ID = ".intval(in_request("ID")); - $result = db_query($q, $dbh); - if (!mysql_num_rows($result)) { + $row = account_details(in_request("ID"), in_request("U")); + if (empty($row)) { print __("Could not retrieve information for the specified user."); - } else { - $row = mysql_fetch_assoc($result); - # double check to make sure logged in user can edit this account # if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) { @@ -64,27 +57,20 @@ if (isset($_COOKIE["AURSID"])) { display_account_form($atype, "UpdateAccount", $row["Username"], $row["AccountType"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["ID"]); + $row["IRCNick"], $row["PGPKey"], $row["ID"]); } } } elseif ($action == "AccountInfo") { # no editing, just looking up user info # - $q = "SELECT Users.*, AccountTypes.AccountType "; - $q.= "FROM Users, AccountTypes "; - $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Users.ID = ".intval(in_request("ID")); - $result = db_query($q, $dbh); - if (!mysql_num_rows($result)) { + $row = account_details(in_request("ID"), in_request("U")); + if (empty($row)) { print __("Could not retrieve information for the specified user."); } else { - $row = mysql_fetch_assoc($result); - display_account_info($row["Username"], - $row["AccountType"], $row["Email"], $row["RealName"], - $row["IRCNick"]); + include("account_details.php"); } - + } elseif ($action == "UpdateAccount") { # user is submitting their modifications to an existing account # @@ -93,10 +79,8 @@ if (isset($_COOKIE["AURSID"])) { in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), - in_request("ID")); + in_request("K"), in_request("ID")); } - - } else { if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev @@ -108,18 +92,10 @@ if (isset($_COOKIE["AURSID"])) { # A normal user, give them the ability to edit # their own account # - $q = "SELECT Users.*, AccountTypes.AccountType "; - $q.= "FROM Users, AccountTypes, Sessions "; - $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '"; - $q.= db_escape_string($_COOKIE["AURSID"])."'"; - $result = db_query($q, $dbh); - if (!mysql_num_rows($result)) { + $row = own_account_details($_COOKIE["AURSID"]); + if (empty($row)) { print __("Could not retrieve information for the specified user."); - } else { - $row = mysql_fetch_assoc($result); # don't need to check if they have permissions, this is a # normal user editing themselves. # @@ -129,7 +105,7 @@ if (isset($_COOKIE["AURSID"])) { display_account_form($atype, "UpdateAccount", $row["Username"], $row["AccountType"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["ID"]); + $row["IRCNick"], $row["PGPKey"], $row["ID"]); } } } @@ -145,7 +121,7 @@ if (isset($_COOKIE["AURSID"])) { process_account_form("","new", "NewAccount", in_request("U"), 1, 0, in_request("E"), in_request("P"), in_request("C"), in_request("R"), - in_request("L"), in_request("I")); + in_request("L"), in_request("I"), in_request("K")); } else { # display the account request form @@ -155,7 +131,6 @@ if (isset($_COOKIE["AURSID"])) { } } -echo " </div>"; echo "</div>"; html_footer(AUR_VERSION); |