summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib/acctfuncs.inc')
-rw-r--r--web/lib/acctfuncs.inc847
1 files changed, 0 insertions, 847 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
deleted file mode 100644
index b2f0548..0000000
--- a/web/lib/acctfuncs.inc
+++ /dev/null
@@ -1,847 +0,0 @@
-<?php
-
-# Helper function- retrieve request param if available, "" otherwise
-function in_request($name) {
- if (isset($_REQUEST[$name])) {
- return $_REQUEST[$name];
- }
- return "";
-}
-
-# Display the standard Account form, pass in default values if any
-
-function display_account_form($UTYPE,$A,$U="",$T="",$S="",
- $E="",$P="",$C="",$R="",$L="",$I="",$UID=0) {
- # UTYPE: what user type the form is being displayed for
- # A: what "form" name to use
- # U: value to display for username
- # T: value to display for account type
- # S: value to display for account suspended
- # E: value to display for email address
- # P: password value
- # C: confirm password value
- # R: value to display for RealName
- # L: value to display for Language preference
- # I: value to display for IRC nick
- # N: new package notify value
- # UID: Users.ID value in case form is used for editing
-
- global $SUPPORTED_LANGS;
-
- print "<form action='account.php' method='post'>\n";
- print "<fieldset>";
- print "<input type='hidden' name='Action' value='".$A."' />\n";
- if ($UID) {
- print "<input type='hidden' name='ID' value='".$UID."' />\n";
- }
- print "</fieldset>";
- print "<table border='0' cellpadding='0' cellspacing='0' width='80%' style=\"margin:0 auto;\">\n";
- print "<tr><td colspan='2'>&nbsp;</td></tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Username").":</td>";
- print "<td align='left'><input type='text' size='30' maxlength='64'";
- print " name='U' value='".htmlspecialchars($U,ENT_QUOTES)."' /> (".__("required").")</td>";
- print "</tr>\n";
-
- # Only TUs or Devs can promote/demote/suspend a user
- if ($UTYPE == "Trusted User" || $UTYPE == "Developer") {
- print "<tr>";
- print "<td align='left'>".__("Account Type").":</td>";
- print "<td align='left'><select name=T>\n";
- print "<option value='1'";
- $T == "User" ? print " selected>" : print ">";
- print __("Normal user")."\n";
- print "<option value='2'";
- $T == "Trusted User" ? print " selected>" : print ">";
- print __("Trusted user")."\n";
-
- # Only developers can make another account a developer
- if ($UTYPE == "Developer") {
- print "<option value='3'";
- $T == "Developer" ? print " selected>" : print ">";
- print __("Developer")."\n";
- }
- print "</select></td>";
- print "</tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Account Suspended").":</td>";
- print "<td align='left'><input type='checkbox' name='S'";
- if ($S) {
- print " checked=\"checked\" />";
- } else {
- print " />";
- }
- print "</tr>\n";
- }
-
- print "<tr>";
- print "<td align='left'>".__("Email Address").":</td>";
- print "<td align='left'><input type='text' size='30' maxlength='64'";
- print " name='E' value='".htmlspecialchars($E,ENT_QUOTES)."' /> (".__("required").")</td>";
- print "</tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Password").":</td>";
- print "<td align='left'><input type='password' size='30' maxlength='32'";
- print " name='P' value='".$P."' />";
- if ($A != "UpdateAccount") {
- print " (".__("required").")";
- }
- print "</td></tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Re-type password").":</td>";
- print "<td align='left'><input type='password' size='30' maxlength='32'";
- print " name='C' value='".$C."' />";
- if ($A != "UpdateAccount") {
- print " (".__("required").")";
- }
- print "</td></tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Real Name").":</td>";
- print "<td align='left'><input type='text' size='30' maxlength='32'";
- print " name='R' value='".htmlspecialchars($R,ENT_QUOTES)."' /></td>";
- print "</tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("IRC Nick").":</td>";
- print "<td align='left'><input type='text' size='30' maxlength='32'";
- print " name='I' value='".htmlspecialchars($I,ENT_QUOTES)."' /></td>";
- print "</tr>\n";
-
- print "<tr>";
- print "<td align='left'>".__("Language").":</td>";
- print "<td align='left'><select name=L>\n";
-
- reset($SUPPORTED_LANGS);
- while (list($code, $lang) = each($SUPPORTED_LANGS)) {
- if ($L == $code) {
- print "<option value=".$code." selected> ".$lang."\n";
- } else {
- print "<option value=".$code."> ".$lang."\n";
- }
- }
- print "</select></td>";
- print "</tr>\n";
-
- print "<tr><td colspan='2'>&nbsp;</td></tr>\n";
- print "<tr>";
- print "<td>&nbsp;</td>";
- print "<td align='left'>";
-
- if ($A == "UpdateAccount") {
- print "<input type='submit' class='button'";
- print " value='".__("Update")."' /> &nbsp; ";
- } else {
- print "<input type='submit' class='button'";
- print " value='".__("Create")."' /> &nbsp; ";
- }
- print "<input type='reset' class='button' value='".__("Reset")."' />";
- print "</td>";
- print "</tr>\n";
-
- print "</table>\n";
- print "</form>\n";
- return;
-} # function display_account_form()
-
-
-# process form input from a new/edit account form
-#
-function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
- $P="",$C="",$R="",$L="",$I="",$UID=0) {
- # UTYPE: The user's account type
- # TYPE: either "edit" or "new"
- # A: what parent "form" name to use
- # U: value to display for username
- # T: value to display for account type
- # S: value to display for account suspended
- # E: value to display for email address
- # P: password value
- # C: confirm password value
- # R: value to display for RealName
- # L: value to display for Language preference
- # I: value to display for IRC nick
- # N: new package notify value
- # UID: database Users.ID value
-
- # error check and process request for a new/modified account
- global $SUPPORTED_LANGS;
-
- if(isset($_COOKIE['AURSID'])) {
- $editor_user = uid_from_sid($_COOKIE['AURSID']);
- }
- else {
- $editor_user = null;
- }
-
- $dbh = db_connect();
- $error = "";
- if (empty($E) || empty($U)) {
- $error = __("Missing a required field.");
- }
-
- if ($TYPE == "new") {
- # they need password fields for this type of action
- #
- if (empty($P) || empty($C)) {
- $error = __("Missing a required field.");
- }
- } else {
- if (!$UID) {
- $error = __("Missing User ID");
- }
- }
-
- if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
- $error = __("The username is invalid.") . "<ul>\n"
- ."<li>" . __("It must be between %s and %s characters long",
- USERNAME_MIN_LEN, USERNAME_MAX_LEN )
- . "</li>"
- . "<li>" . __("Start and end with a letter or number") . "</li>"
- . "<li>" . __("Can contain only one period, underscore or hyphen.")
- . "</li>\n</ul>";
-
- if (!$error && $P && $C && ($P != $C)) {
- $error = __("Password fields do not match.");
- }
- if (!$error && $P != '' && !good_passwd($P))
- $error = __("Your password must be at least %s characters.",PASSWD_MIN_LEN);
-
- if (!$error && !valid_email($E)) {
- $error = __("The email address is invalid.");
- }
- if ($UTYPE == "Trusted User" && $T == 3) {
- $error = __("A Trusted User cannot assign Developer status.");
- }
- if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
- $error = __("Language is not currently supported.");
- }
- if (!$error) {
- # check to see if this username is available
- # NOTE: a race condition exists here if we care...
- #
- $q = "SELECT COUNT(*) AS CNT FROM Users ";
- $q.= "WHERE Username = '".mysql_real_escape_string($U)."'";
- if ($TYPE == "edit") {
- $q.= " AND ID != ".intval($UID);
- }
- $result = db_query($q, $dbh);
- if ($result) {
- $row = mysql_fetch_array($result);
- if ($row[0]) {
- $error = __("The username, %h%s%h, is already in use.",
- "<b>", htmlspecialchars($U,ENT_QUOTES), "</b>");
- }
- }
- }
- if (!$error) {
- # check to see if this email address is available
- # NOTE: a race condition exists here if we care...
- #
- $q = "SELECT COUNT(*) AS CNT FROM Users ";
- $q.= "WHERE Email = '".mysql_real_escape_string($E)."'";
- if ($TYPE == "edit") {
- $q.= " AND ID != ".intval($UID);
- }
- $result = db_query($q, $dbh);
- if ($result) {
- $row = mysql_fetch_array($result);
- if ($row[0]) {
- $error = __("The address, %h%s%h, is already in use.",
- "<b>", htmlspecialchars($E,ENT_QUOTES), "</b>");
- }
- }
- }
- if ($error) {
- print "<span class='error'>".$error."</span><br/>\n";
- display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
- $R, $L, $I, $UID);
- } else {
- if ($TYPE == "new") {
- # no errors, go ahead and create the unprivileged user
- $salt = generate_salt();
- $P = salted_hash($P, $salt);
- $escaped = array_map('mysql_real_escape_string',
- array($U, $E, $P, $salt, $R, $L, $I));
- $q = "INSERT INTO Users (" .
- "AccountTypeID, Suspended, Username, Email, Passwd, Salt" .
- ", RealName, LangPreference, IRCNick) " .
- "VALUES (1, 0, '" . implode("', '", $escaped) . "')";
- $result = db_query($q, $dbh);
- if (!$result) {
- print __("Error trying to create account, %h%s%h: %s.",
- "<b>", htmlspecialchars($U,ENT_QUOTES), "</b>", mysql_error($dbh));
- } else {
- # account created/modified, tell them so.
- #
- print __("The account, %h%s%h, has been successfully created.",
- "<b>", htmlspecialchars($U,ENT_QUOTES), "</b>");
- print "<p>\n";
- print __("Click on the Home link above to login.");
- print "</p>\n";
- }
-
- } else {
- # no errors, go ahead and modify the user account
-
- $q = "UPDATE Users SET ";
- $q.= "Username = '".mysql_real_escape_string($U)."'";
- if ($T) {
- $q.= ", AccountTypeID = ".intval($T);
- }
- if ($S) {
- $q.= ", Suspended = 1";
- } else {
- $q.= ", Suspended = 0";
- }
- $q.= ", Email = '".mysql_real_escape_string($E)."'";
- if ($P) {
- $salt = generate_salt();
- $hash = salted_hash($P, $salt);
- $q .= ", Passwd = '$hash', Salt = '$salt'";
- }
- $q.= ", RealName = '".mysql_real_escape_string($R)."'";
- $q.= ", LangPreference = '".mysql_real_escape_string($L)."'";
- $q.= ", IRCNick = '".mysql_real_escape_string($I)."'";
- $q.= " WHERE ID = ".intval($UID);
- $result = db_query($q, $dbh);
- if (!$result) {
- print __("Error trying to modify account, %h%s%h: %s.",
- "<b>", htmlspecialchars($U,ENT_QUOTES), "</b>", mysql_error($dbh));
- } else {
- print __("The account, %h%s%h, has been successfully modified.",
- "<b>", htmlspecialchars($U,ENT_QUOTES), "</b>");
- }
- }
- }
- return;
-}
-
-# search existing accounts
-#
-function search_accounts_form() {
- include("search_accounts_form.php");
- return;
-}
-
-
-# search results page
-#
-function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
- $S="",$E="",$R="",$I="") {
- # UTYPE: what account type the user belongs to
- # O: what row offset we're at
- # SB: how to sort the results
- # U: value to display for username
- # T: value to display for account type
- # S: value to display for account suspended
- # E: value to display for email address
- # R: value to display for RealName
- # I: value to display for IRC nick
-
- $HITS_PER_PAGE = 50;
- if ($O) {
- $OFFSET = intval($O);
- } else {
- $OFFSET = 0;
- }
- if ($OFFSET < 0) {
- $OFFSET = 0;
- }
- $search_vars = array();
-
- $q = "SELECT Users.*, AccountTypes.AccountType ";
- $q.= "FROM Users, AccountTypes ";
- $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- if ($T == "u") {
- $q.= "AND AccountTypes.ID = 1 ";
- $search_vars[] = "T";
- } elseif ($T == "t") {
- $q.= "AND AccountTypes.ID = 2 ";
- $search_vars[] = "T";
- } elseif ($T == "d") {
- $q.= "AND AccountTypes.ID = 3 ";
- $search_vars[] = "T";
- }
- if ($S) {
- $q.= "AND Users.Suspended = 1 ";
- $search_vars[] = "S";
- }
- if ($U) {
- $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' ";
- $search_vars[] = "U";
- }
- if ($E) {
- $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' ";
- $search_vars[] = "E";
- }
- if ($R) {
- $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' ";
- $search_vars[] = "R";
- }
- if ($I) {
- $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' ";
- $search_vars[] = "I";
- }
- switch ($SB) {
- case 't':
- $q.= "ORDER BY AccountTypeID, Username ";
- break;
- case 'r':
- $q.= "ORDER BY RealName, AccountTypeID ";
- break;
- case 'i':
- $q.= "ORDER BY IRCNick, AccountTypeID ";
- break;
- case 'v':
- $q.= "ORDER BY LastVoted, Username ";
- break;
- default:
- $q.= "ORDER BY Username, AccountTypeID ";
- break;
- }
- $search_vars[] = "SB";
- $q.= "LIMIT " . $HITS_PER_PAGE . " OFFSET " . $OFFSET;
-
- $dbh = db_connect();
-
- $result = db_query($q, $dbh);
- if (!$result) {
- print __("No results matched your search criteria.");
- } else {
- $num_rows = mysql_num_rows($result);
- if ($num_rows) {
- print "<table border='0' cellpadding='0'";
- print " cellspacing='0' width='90%'";
- print " style=\"margin:0 auto\">\n";
- print "<tr>";
- print "<td colspan='2'>";
- print "<table border='0' cellpadding='0'";
- print " cellspacing='0' width='100%'>\n";
- print "<tr>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Username")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Type")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Status")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Real Name")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("IRC Nick")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Last Voted")."</span></th>";
- print "<th class='header'>";
- print "<span class='f2'>".__("Edit Account")."</span></th>";
- print "</tr>\n";
- $i = 0;
- while ($row = mysql_fetch_assoc($result)) {
- if ($i % 2) {
- $c = "data1";
- } else {
- $c = "data2";
- }
- print "<tr>";
- print "<td class='".$c."'>";
- print "<span class='f5'><a href='packages.php?SeB=m&amp;K=".$row["Username"]."'>".$row["Username"]."</a></span></td>";
- print "<td class='".$c."'>";
- print "<span class='f5'>".$row["AccountType"];
- print "</span></td>";
- print "<td class='".$c."'><span class='f5'>";
- if ($row["Suspended"]) {
- print __("Suspended");
- } else {
- print __("Active");
- }
- print "</span></td>";
- print "<td class='".$c."'><span class='f5'>";
- $row["RealName"] ? print htmlspecialchars($row["RealName"],ENT_QUOTES) : print "&nbsp;";
- print "</span></td>";
- print "<td class='".$c."'><span class='f5'>";
- $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;";
- print "</span></td>";
- print "<td class='".$c."'><span class='f5'>";
- $row["LastVoted"]
- ? print date("Ymd", $row["LastVoted"])
- : print __("Never");
- print "</span></td>";
- print "<td class='".$c."'><span class='f5'>";
- if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer") {
- # TUs can't edit devs
- #
- print "&nbsp;</span></td>";
- } else {
- $edit_url = "account.php?Action=DisplayAccount&amp;ID=".$row["ID"];
- print "<a href='".$edit_url . "'>";
- print "Edit</a></span></td>";
- }
- print "</tr>\n";
- $i++;
- }
- print "</table>\n";
- print "</td></tr>\n";
-
- print "<tr>";
- print "<td align='left'>";
- print "<form action='account.php' method='post'>\n";
- print "<fieldset>";
- print "<input type='hidden' name='Action' value='SearchAccounts' />\n";
- print "<input type='hidden' name='O'";
- print " value='".($OFFSET-$HITS_PER_PAGE)."' />\n";
- reset($search_vars);
- while (list($k, $ind) = each($search_vars)) {
- print "<input type='hidden' name='".$ind."'";
- print " value='".${$ind}."' />\n";
- }
- print "<input type='submit' class='button'";
- print " value='&lt;-- ".__("Less")."' />";
- print "</fieldset>";
- print "</form>\n";
- print "</td>";
- print "<td align='right'>";
- print "<form action='account.php' method='post'>\n";
- print "<fieldset>";
- print "<input type='hidden' name='Action' value='SearchAccounts' />\n";
- print "<input type='hidden' name='O'";
- print " value='".($OFFSET+$HITS_PER_PAGE)."' />\n";
- reset($search_vars);
- while (list($k, $ind) = each($search_vars)) {
- print "<input type='hidden' name='".$ind."'";
- print " value='".${$ind}."' />\n";
- }
- print "<input type='submit' class='button'";
- print " value='".__("More")." --&gt;' />";
- print "</fieldset>";
- print "</form>\n";
- print "</td>";
- print "</tr>\n";
- print "</table>\n";
- } else {
- print "<p style=\"text-align:center;\">\n";
- print __("No more results to display.");
- print "</p>\n";
- }
- }
- return;
-}
-
-# Display non-editable account info
-#
-function display_account_info($U="", $T="", $E="", $R="", $I="") {
- # U: value to display for username
- # T: value to display for account type
- # E: value to display for email address
- # R: value to display for RealName
- # I: value to display for IRC nick
-
- global $SUPPORTED_LANGS;
-
- print "<table border='0' cellpadding='0' cellspacing='0' width='33%' style=\"margin:0 auto;\">\n";
- print " <tr>\n";
- print " <td colspan='2'>&nbsp;</td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td align='left'>".__("Username").":</td>\n";
- print " <td align='left'>".$U."</td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td align='left'>".__("Account Type").":</td>\n";
- print " <td align='left'>";
- if ($T == "User") {
- print __("User");
- } elseif ($T == "Trusted User") {
- print __("Trusted User");
- } elseif ($T == "Developer") {
- print __("Developer");
- }
- print " </td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td align='left'>".__("Email Address").":</td>\n";
- print " <td align='left'><a href='mailto:".htmlspecialchars($E,ENT_QUOTES)."'>".htmlspecialchars($E,ENT_QUOTES)."</a></td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td align='left'>".__("Real Name").":</td>\n";
- print " <td align='left'>".htmlspecialchars($R,ENT_QUOTES)."</td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td align='left'>".__("IRC Nick").":</td>\n";
- print " <td align='left'>".htmlspecialchars($I,ENT_QUOTES)."</td>\n";
- print " </tr>\n";
-
- print " <tr>\n";
- print " <td colspan='2'><a href='packages.php?K=".$U."&amp;SeB=m'>".__("View this user's packages")."</a></td>\n";
- print " </tr>\n";
-
- print "</table>\n";
- return;
-}
-
-/*
- * Returns SID (Session ID) and error (error message) in an array
- * SID of 0 means login failed.
- */
-function try_login() {
- global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
-
- $login_error = "";
- $new_sid = "";
- $userID = null;
-
- if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
-
- $userID = valid_user($_REQUEST['user']);
-
- if ( user_suspended( $userID ) ) {
- $login_error = "Account Suspended.";
- }
- elseif ( $userID && isset($_REQUEST['passwd'])
- && valid_passwd($userID, $_REQUEST['passwd']) ) {
-
- $logged_in = 0;
- $num_tries = 0;
-
- # Account looks good. Generate a SID and store it.
-
- $dbh = db_connect();
- while (!$logged_in && $num_tries < 5) {
- if ($MAX_SESSIONS_PER_USER) {
- # Delete all user sessions except the
- # last ($MAX_SESSIONS_PER_USER - 1).
- $q = "DELETE s.* FROM Sessions s ";
- $q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
- $q.= "WHERE UsersId = " . $userID . " ";
- $q.= "ORDER BY LastUpdateTS DESC ";
- $q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q ";
- $q.= "ON s.SessionID = q.SessionID ";
- $q.= "WHERE s.UsersId = " . $userID . " ";
- $q.= "AND q.SessionID IS NULL;";
- db_query($q, $dbh);
- }
-
- $new_sid = new_sid();
- $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
- ." VALUES (" . $userID . ", '" . $new_sid . "', UNIX_TIMESTAMP())";
- $result = db_query($q, $dbh);
-
- # Query will fail if $new_sid is not unique
- if ($result) {
- $logged_in = 1;
- break;
- }
-
- $num_tries++;
- }
-
- if ($logged_in) {
- # set our SID cookie
-
- if (isset($_POST['remember_me']) &&
- $_POST['remember_me'] == "on") {
- # Set cookies for 30 days.
- $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
-
- # Set session for 30 days.
- $q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
- $q.= "WHERE SessionID = '$new_sid'";
- db_query($q, $dbh);
- }
- else
- $cookie_time = 0;
-
- setcookie("AURSID", $new_sid, $cookie_time, "/");
- header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
- $login_error = "";
-
- }
- else {
- $login_error = "Error trying to generate session id.";
- }
- }
- else {
- $login_error = __("Bad username or password.");
- }
- }
- return array('SID' => $new_sid, 'error' => $login_error);
-}
-
-/*
- * Only checks if the name itself is valid
- * Longer or equal to USERNAME_MIN_LEN
- * Shorter or equal to USERNAME_MAX_LEN
- * Starts and ends with a letter or number
- * Contains at most ONE dot, hyphen, or underscore
- * Returns the username if it is valid
- * Returns nothing if it isn't valid
- */
-function valid_username( $user )
-{
- if (!empty($user)) {
-
- #Is username at not too short or too long?
- if ( strlen($user) >= USERNAME_MIN_LEN &&
- strlen($user) <= USERNAME_MAX_LEN ) {
-
- $user = strtolower($user);
- # Does username:
- # start and end with a letter or number
- # contain only letters and numbers,
- # and at most has one dash, period, or underscore
- if ( preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/", $user) ) {
- #All is good return the username
- return $user;
- }
- }
- }
-
- return;
-}
-
-/*
- * Checks if the username is valid and if it exists in the database
- * Returns the username ID or nothing
- */
-function valid_user( $user )
-{
- /* if ( $user = valid_username($user) ) { */
- if ( $user ) {
- $dbh = db_connect();
- $q = "SELECT ID FROM Users WHERE Username = '"
- . mysql_real_escape_string($user). "'";
-
- $result = db_query($q, $dbh);
- # Is the username in the database?
- if ($result) {
- $row = mysql_fetch_row($result);
- return $row[0];
- }
- }
- return;
-}
-
-function good_passwd( $passwd )
-{
- if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
- return true;
- }
- return false;
-}
-
-/* Verifies that the password is correct for the userID specified.
- * Returns true or false
- */
-function valid_passwd( $userID, $passwd )
-{
- if ( strlen($passwd) > 0 ) {
- $dbh = db_connect();
-
- # get salt for this user
- $salt = get_salt($userID);
- if ($salt) {
- # use salt
- $passwd_q = "SELECT ID FROM Users" .
- " WHERE ID = " . $userID . " AND Passwd = '" .
- salted_hash($passwd, $salt) . "'";
- $result = db_query($passwd_q, $dbh);
- if ($result) {
- $passwd_result = mysql_fetch_row($result);
- if ($passwd_result[0]) {
- return true;
- }
- }
- } else {
- # check without salt
- $nosalt_q = "SELECT ID FROM Users".
- " WHERE ID = " . $userID .
- " AND Passwd = '" . md5($passwd) . "'";
- $result = db_query($nosalt_q, $dbh);
- if ($result) {
- $nosalt_row = mysql_fetch_row($result);
- if ($nosalt_row[0]) {
- # password correct, but salt it first
- if (!save_salt($userID, $passwd)) {
- trigger_error("Unable to salt user's password;" .
- " ID " . $userID, E_USER_WARNING);
- return false;
- }
- return true;
- }
- }
- }
- }
- return false;
-}
-
-/*
- * Is the user account suspended?
- */
-function user_suspended( $id )
-{
- if (!$id) {
- return false;
- }
- $dbh = db_connect();
- $q = "SELECT Suspended FROM Users WHERE ID = " . $id;
- $result = db_query($q, $dbh);
- if ($result) {
- $row = mysql_fetch_row($result);
- if ($result[0] == 1 ) {
- return true;
- }
- }
- return false;
-}
-
-/*
- * This should be expanded to return something
- */
-function user_delete( $id )
-{
- $dbh = db_connect();
- $q = "DELETE FROM Users WHERE ID = " . $id;
- db_query($q, $dbh);
- return;
-}
-
-/*
- * A different way of determining a user's privileges
- * rather than account_from_sid()
- */
-function user_is_privileged( $id )
-{
- $dbh = db_connect();
- $q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
- $result = db_query($q, $dbh);
- if ($result) {
- $row = mysql_fetch_row($result);
- if( $result[0] > 1) {
- return $result[0];
- }
- }
- return 0;
-
-}
-
-# Clear out old expired sessions.
-function clear_expired_sessions($dbh = null) {
- global $LOGIN_TIMEOUT;
-
- if (empty($dbh)) {
- $dbh = db_connect();
- }
-
- $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
- db_query($q, $dbh);
-
- return;
-}
-