\n"; print "\n"; print "
\n"; print "\n"; print "\n"; # figure out what account type the visitor is # if ($SID) { $atype = account_from_sid($SID); } else { $atype = ""; } print ""; print ""; print ""; print "\n"; if ($atype == "Trusted User" || $atype == "Developer") { # only TUs or Devs can promote/demote/suspend a user # print ""; print ""; print ""; print "\n"; print ""; print ""; print "\n"; } print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print "\n"; print "\n"; print ""; print ""; print ""; print "\n"; print "
 
".__("Username:")." (".__("required").")
".__("Account Type:")."
".__("Account Suspended:").""; } else { print ">"; } print "
".__("Email Address:")." (".__("required").")
".__("Password:")." (".__("required").")
".__("Re-type password:")." (".__("required").")
".__("Real Name:")."
".__("IRC Nick:")."
".__("Language:")."
".__("New Package Notify:").""; } else { print ">"; } print "
 
 "; if ($A == "ModifyAccount") { print "   "; } else { print "   "; } print ""; print "
\n"; print "
\n"; print "\n"; } # function display_account_form() # Main page processing here # if (isset($_COOKIE["AURSID"])) { # visitor is logged in # $dbh = db_connect(); if ($_REQUEST["Action"] == "SearchAccounts") { # the user has entered search criteria, find any matching accounts # $HITS_PER_PAGE = 50; $OFFSET = 0; $q = "SELECT Users.*, AccountTypes.AccountType "; $q.= "FROM Users, AccountTypes "; $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; if ($_REQUEST["T"] == "u") { $q.= "AND AccountTypes.ID = 1 "; } elseif ($_REQUEST["T"] == "t") { $q.= "AND AccountTypes.ID = 2 "; } elseif ($_REQUEST["T"] == "d") { $q.= "AND AccountTypes.ID = 3 "; } if ($_REQUEST["S"]) { $q.= "AND Users.Suspended = 1 "; } if ($_REQUEST["U"]) { $q.= "AND Username LIKE '%".mysql_escape_string($_REQUEST["U"])."%' "; } if ($_REQUEST["E"]) { $q.= "AND Email LIKE '%".mysql_escape_string($_REQUEST["E"])."%' "; } if ($_REQUEST["R"]) { $q.= "AND RealName LIKE '%".mysql_escape_string($_REQUEST["R"])."%' "; } if ($_REQUEST["I"]) { $q.= "AND IRCNick LIKE '%".mysql_escape_string($_REQUEST["I"])."%' "; } $q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE; $result = db_query($q, $dbh); if (!$result) { print __("No results matched your search criteria."); } else { print "
\n"; print "\n"; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print "
"; print "\n"; print ""; print ""; print ""; print ""; print ""; print ""; print "\n"; $i = 0; while ($row = mysql_fetch_assoc($result)) { if ($i % 2) { print ""; } else { print ""; } print ""; print ""; print ""; print ""; print ""; print ""; print "\n"; $i++; } print "
".__("Username")."".__("Type")."".__("Status")."".__("Real Name")."".__("IRC Nick")."".__("Last Voted")."
".$row["Username"]."".user_type($row["AccountType"]).""; if ($row["Suspended"]) { print __("Suspended"); } else { print __("Active"); } print ""; $row["RealName"] ? print $row["RealName"] : print " "; print ""; $row["IRCNick"] ? print $row["IRCNick"] : print " "; print ""; $row["LastVoted"] ? print date("Ymd", $row["LastVoted"]) : print __("Never"); print "
\n"; print "
"; print "
\n"; print "\n"; print "\n"; print ""; print "
\n"; print "		"; print "
\n"; print "\n"; print "\n"; print ""; print "
\n"; print "
\n"; print "
\n"; } } elseif ($_REQUEST["Action"] == "DisplayAccount") { # the user has clicked 'edit', display the account details in a form # } elseif ($_REQUEST["Action"] == "UpdateAccount") { # user is submitting their modifications to an existing account # } else { # display the search page # print "
\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print ""; print ""; print ""; print "\n"; print "
 
".__("Username:")."
".__("Account Type:")."
".__("Account Suspended:").""; print "
".__("Email Address:")."
".__("Real Name:")."
".__("IRC Nick:")."
 "; print "   "; print "
\n"; print "
\n"; print "
\n"; } } else { # visitor is not logged in # if ($_REQUEST["Action"] == "NewAccount") { # error check and process request for a new account # $dbh = db_connect(); $error = ""; if (!isset($_REQUEST["E"]) || !isset($_REQUEST["P"]) || !isset($_REQUEST["C"])) { $error = __("Missing a required field."); } if (!$error && ($_REQUEST["P"] != $_REQUEST["C"])) { $error = __("Password fields do not match."); } if (!$error && !valid_email($_REQUEST["E"])) { $error = __("The email address is invalid."); } if (!$error && !array_key_exists($_REQUEST["L"], $SUPPORTED_LANGS)) { $error = __("Language is not currently supported."); } if (!$error) { # check to see if this username is available # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; $q.= "WHERE Username = '".mysql_escape_string($_REQUEST["U"])."'"; $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_array($result); if ($row[0]) { $error = __("The username, %h%s%h, is already in use.", array("", $_REQUEST["U"], "")); } } } if (!$error) { # check to see if this email address is available # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; $q.= "WHERE Email = '".mysql_escape_string($_REQUEST["E"])."'"; $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_array($result); if ($row[0]) { $error = __("The address, %h%s%h, is already in use.", array("", $_REQUEST["E"], "")); } } } if ($error) { print "".$error."
\n"; display_account_form("", "NewAccount", "", "", $_REQUEST["U"], $_REQUEST["E"], $_REQUEST["R"], $_REQUEST["L"], $_REQUEST["I"], $_REQUEST["N"]); } else { # no errors, go ahead and create the unprivileged user # $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; $q.= "VALUES (1, 0, '".mysql_escape_string($_REQUEST["U"])."'"; $q.= ", '".mysql_escape_string($_REQUEST["E"])."'"; $q.= ", '".mysql_escape_string($_REQUEST["P"])."'"; $q.= ", '".mysql_escape_string($_REQUEST["R"])."'"; $q.= ", '".mysql_escape_string($_REQUEST["L"])."'"; $q.= ", '".mysql_escape_string($_REQUEST["I"])."'"; if ($_REQUEST["N"] == "on") { $q.= ", 1)"; } else { $q.= ", 0)"; } $result = db_query($q, $dbh); if (!$result) { print __("Error trying to create account, %h%s%h: %s.", array("", $_REQUEST["U"], "", mysql_error($dbh))); } else { # account created, tell them so. # print __("The account, %h%s%h, has been successfully created.", array("", $_REQUEST["U"], "")); print "

\n"; print __("Click on the Home link above to login."); print "

\n"; } } } else { # display the account request form # display_account_form("", "NewAccount"); } } html_footer("\$Id$"); # vim: ts=2 sw=2 noet ft=php ?>