| blob | 5de16dd594f78b06152608205f8ddd230774a2a4 |
1 <?php
2 include_once("acctfuncs_po.inc");
4 # Display the standard Account form, pass in default values if any
5 #
6 function display_account_form($UTYPE,$A,$U="",$T="",$S="",
7 $E="",$P="",$C="",$R="",$L="",$I="",$N="",$UID=0) {
8 # UTYPE: what user type the form is being displayed for
9 # A: what "form" name to use
10 # U: value to display for username
11 # T: value to display for account type
12 # S: value to display for account suspended
13 # E: value to display for email address
14 # P: password value
15 # C: confirm password value
16 # R: value to display for RealName
17 # L: value to display for Language preference
18 # I: value to display for IRC nick
19 # N: new package notify value
20 # UID: Users.ID value in case form is used for editing
22 global $SUPPORTED_LANGS;
24 print "<form action='/account.php' method='post'>\n";
25 print "<input type='hidden' name='Action' value='".$A."'>\n";
26 if ($UID) {
27 print "<input type='hidden' name='ID' value='".$UID."'>\n";
28 }
29 print "<center>\n";
30 print "<table border='0' cellpadding='0' cellspacing='0' width='80%'>\n";
31 print "<tr><td colspan='2'> </td></tr>\n";
33 print "<tr>";
34 print "<td align='left'>".__("Username").":</td>";
35 print "<td align='left'><input type='text' size='30' maxlength='64'";
36 print " name='U' value='".$U."'> (".__("required").")</td>";
37 print "</tr>\n";
39 if ($UTYPE == "Trusted User" || $UTYPE == "Developer") {
40 # only TUs or Devs can promote/demote/suspend a user
41 #
42 print "<tr>";
43 print "<td align='left'>".__("Account Type").":</td>";
44 print "<td align='left'><select name=T>\n";
45 print "<option value='1'";
46 $T == "User" ? print " selected>" : print ">";
47 print __("Normal user")."\n";
48 print "<option value='2'";
49 $T == "Trusted User" ? print " selected>" : print ">";
50 print __("Trusted user")."\n";
51 if ($UTYPE == "Developer") {
52 # only developers can make another account a developer
53 #
54 print "<option value='3'";
55 $T == "Developer" ? print " selected>" : print ">";
56 print __("Developer")."\n";
57 }
58 print "</select></td>";
59 print "</tr>\n";
61 print "<tr>";
62 print "<td align='left'>".__("Account Suspended").":</td>";
63 print "<td align='left'><input type='checkbox' name='S'";
64 if ($S) {
65 print " checked>";
66 } else {
67 print ">";
68 }
69 print "</tr>\n";
70 }
72 print "<tr>";
73 print "<td align='left'>".__("Email Address").":</td>";
74 print "<td align='left'><input type='text' size='30' maxlength='64'";
75 print " name='E' value='".$E."'> (".__("required").")</td>";
76 print "</tr>\n";
78 print "<tr>";
79 print "<td align='left'>".__("Password").":</td>";
80 print "<td align='left'><input type='password' size='30' maxlength='32'";
81 print " name='P' value='".$P."'>";
82 if ($TYPE == "new") {
83 print " (".__("required").")";
84 }
85 print "</td></tr>\n";
87 print "<tr>";
88 print "<td align='left'>".__("Re-type password").":</td>";
89 print "<td align='left'><input type='password' size='30' maxlength='32'";
90 print " name='C' value='".$C."'>";
91 if ($TYPE == "new") {
92 print " (".__("required").")";
93 }
94 print "</td></tr>\n";
96 print "<tr>";
97 print "<td align='left'>".__("Real Name").":</td>";
98 print "<td align='left'><input type='text' size='30' maxlength='32'";
99 print " name='R' value='".$R."'></td>";
100 print "</tr>\n";
102 print "<tr>";
103 print "<td align='left'>".__("IRC Nick").":</td>";
104 print "<td align='left'><input type='text' size='30' maxlength='32'";
105 print " name='I' value='".$I."'></td>";
106 print "</tr>\n";
108 print "<tr>";
109 print "<td align='left'>".__("Language").":</td>";
110 print "<td align='left'><select name=L>\n";
111 while (list($code, $lang) = each($SUPPORTED_LANGS)) {
112 if ($L == $code) {
113 print "<option value=".$code." selected> ".$lang."\n";
114 } else {
115 print "<option value=".$code."> ".$lang."\n";
116 }
117 }
118 print "</select></td>";
119 print "</tr>\n";
121 print "<tr>";
122 print "<td align='left'>".__("New Package Notify").":</td>";
123 print "<td align='left'><input type='checkbox' name='N'";
124 if ($N) {
125 print " checked>";
126 } else {
127 print ">";
128 }
129 print "</tr>\n";
131 print "<tr><td colspan='2'> </td></tr>\n";
132 print "<tr>";
133 print "<td> </td>";
134 print "<td align='left'>";
135 if ($A == "UpdateAccount") {
136 print "<input type='submit' class='button'";
137 print " value='".__("Update")."'> ";
138 } else {
139 print "<input type='submit' class='button'";
140 print " value='".__("Create")."'> ";
141 }
142 print "<input type='reset' class='button' value='".__("Reset")."'>";
143 print "</td>";
144 print "</tr>\n";
146 print "</table>\n";
147 print "</center>\n";
148 print "</form>\n";
149 return;
150 } # function display_account_form()
153 # process form input from a new/edit account form
154 #
155 function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
156 $P="",$C="",$R="",$L="",$I="",$N="",$UID=0) {
157 # UTYPE: The user's account type
158 # TYPE: either "edit" or "new"
159 # A: what parent "form" name to use
160 # U: value to display for username
161 # T: value to display for account type
162 # S: value to display for account suspended
163 # E: value to display for email address
164 # P: password value
165 # C: confirm password value
166 # R: value to display for RealName
167 # L: value to display for Language preference
168 # I: value to display for IRC nick
169 # N: new package notify value
170 # UID: database Users.ID value
172 # error check and process request for a new/modified account
173 #
174 global $SUPPORTED_LANGS;
176 $dbh = db_connect();
177 $error = "";
178 if (!isset($E) || !isset($U)) {
179 $error = __("Missing a required field.");
180 }
181 if ($TYPE == "new") {
182 # they need password fields for this type of action
183 #
184 if (!isset($P) || !isset($C)) {
185 $error = __("Missing a required field.");
186 }
187 } else {
188 if (!$UID) {
189 $error = __("Missing User ID");
190 }
191 }
192 if (!$error && $P && $C && ($P != $C)) {
193 $error = __("Password fields do not match.");
194 }
195 if (!$error && !valid_email($E)) {
196 $error = __("The email address is invalid.");
197 }
198 if ($UTYPE == "Trusted User" && $T == 3) {
199 $error = __("A Trusted User cannot assign Developer status.");
200 }
201 if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
202 $error = __("Language is not currently supported.");
203 }
204 if (!$error) {
205 # check to see if this username is available
206 # NOTE: a race condition exists here if we care...
207 #
208 $q = "SELECT COUNT(*) AS CNT FROM Users ";
209 $q.= "WHERE Username = '".mysql_real_escape_string($U)."'";
210 if ($TYPE == "edit") {
211 $q.= " AND ID != ".intval($UID);
212 }
213 $result = db_query($q, $dbh);
214 if ($result) {
215 $row = mysql_fetch_array($result);
216 if ($row[0]) {
217 $error = __("The username, %h%s%h, is already in use.",
218 array("<b>", $U, "</b>"));
219 }
220 }
221 }
222 if (!$error) {
223 # check to see if this email address is available
224 # NOTE: a race condition exists here if we care...
225 #
226 $q = "SELECT COUNT(*) AS CNT FROM Users ";
227 $q.= "WHERE Email = '".mysql_real_escape_string($E)."'";
228 if ($TYPE == "edit") {
229 $q.= " AND ID != ".intval($UID);
230 }
231 $result = db_query($q, $dbh);
232 if ($result) {
233 $row = mysql_fetch_array($result);
234 if ($row[0]) {
235 $error = __("The address, %h%s%h, is already in use.",
236 array("<b>", $E, "</b>"));
237 }
238 }
239 }
240 if ($error) {
241 print "<span class='error'>".$error."</span><br/>\n";
242 display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
243 $R, $L, $I, $N, $UID);
244 } else {
245 if ($TYPE == "new") {
246 # no errors, go ahead and create the unprivileged user
247 #
249 #md5hash the password
250 $P = md5($P);
251 $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, ";
252 $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) ";
253 $q.= "VALUES (1, 0, '".mysql_real_escape_string($U)."'";
254 $q.= ", '".mysql_real_escape_string($E)."'";
255 $q.= ", '".mysql_real_escape_string($P)."'";
256 $q.= ", '".mysql_real_escape_string($R)."'";
257 $q.= ", '".mysql_real_escape_string($L)."'";
258 $q.= ", '".mysql_real_escape_string($I)."'";
259 if ($N) {
260 $q.= ", 1)";
261 } else {
262 $q.= ", 0)";
263 }
264 $result = db_query($q, $dbh);
265 if (!$result) {
266 print __("Error trying to create account, %h%s%h: %s.",
267 array("<b>", $U, "</b>", mysql_error($dbh)));
268 } else {
269 # account created/modified, tell them so.
270 #
271 print __("The account, %h%s%h, has been successfully created.",
272 array("<b>", $U, "</b>"));
273 print "<p>\n";
274 print __("Click on the Home link above to login.");
275 print "</p>\n";
276 }
278 } else {
279 # no errors, go ahead and modify the user account
280 #
282 #md5 hash the password
283 $q = "UPDATE Users SET ";
284 $q.= "Username = '".mysql_real_escape_string($U)."'";
285 if ($T) {
286 $q.= ", AccountTypeID = ".intval($T);
287 }
288 if ($S) {
289 $q.= ", Suspended = 1";
290 } else {
291 $q.= ", Suspended = 0";
292 }
293 $q.= ", Email = '".mysql_real_escape_string($E)."'";
294 if ($P) {
295 $q.= ", Passwd = '".mysql_real_escape_string(md5($P))."'";
296 }
297 $q.= ", RealName = '".mysql_real_escape_string($R)."'";
298 $q.= ", LangPreference = '".mysql_real_escape_string($L)."'";
299 $q.= ", IRCNick = '".mysql_real_escape_string($I)."'";
300 $q.= ", NewPkgNotify = ";
301 if ($N) {
302 $q.= "1 ";
303 } else {
304 $q.= "0 ";
305 }
306 $q.= "WHERE ID = ".intval($UID);
307 $result = db_query($q, $dbh);
308 if (!$result) {
309 print __("Error trying to modify account, %h%s%h: %s.",
310 array("<b>", $U, "</b>", mysql_error($dbh)));
311 } else {
312 print __("The account, %h%s%h, has been successfully modified.",
313 array("<b>", $U, "</b>"));
314 }
315 }
316 }
317 return;
318 }
320 # search existing accounts
321 #
322 function search_accounts_form() {
323 print "<form action='/account.php' method='post'>\n";
324 print "<input type='hidden' name='Action' value='SearchAccounts'>\n";
325 print "<center>\n";
326 print "<table border='0' cellpadding='0' cellspacing='0' width='80%'>\n";
327 print "<tr><td colspan='2'> </td></tr>\n";
329 print "<tr>";
330 print "<td align='left'>".__("Username").":</td>";
331 print "<td align='left'><input type='text' size='30' maxlength='64'";
332 print " name='U'></td>";
333 print "</tr>\n";
335 print "<tr>";
336 print "<td align='left'>".__("Account Type").":</td>";
337 print "<td align='left'><select name=T>\n";
338 print "<option value=''> ".__("Any type")."\n";
339 print "<option value='u'> ".__("Normal user")."\n";
340 print "<option value='t'> ".__("Trusted user")."\n";
341 print "<option value='d'> ".__("Developer")."\n";
342 print "</select></td>";
343 print "</tr>\n";
345 print "<tr>";
346 print "<td align='left'>".__("Account Suspended").":</td>";
347 print "<td align='left'><input type='checkbox' name='S'>";
348 print "</tr>\n";
350 print "<tr>";
351 print "<td align='left'>".__("Email Address").":</td>";
352 print "<td align='left'><input type='text' size='30' maxlength='64'";
353 print " name='E'></td>";
354 print "</tr>\n";
356 print "<tr>";
357 print "<td align='left'>".__("Real Name").":</td>";
358 print "<td align='left'><input type='text' size='30' maxlength='32'";
359 print " name='R'></td>";
360 print "</tr>\n";
362 print "<tr>";
363 print "<td align='left'>".__("IRC Nick").":</td>";
364 print "<td align='left'><input type='text' size='30' maxlength='32'";
365 print " name='I'></td>";
366 print "</tr>\n";
368 print "<tr>";
369 print "<td align='left'>".__("Sort by").":</td>";
370 print "<td align='left'><select name=SB>\n";
371 print "<option value='u'> ".__("Username")."\n";
372 print "<option value='t'> ".__("Account Type")."\n";
373 print "<option value='r'> ".__("Real Name")."\n";
374 print "<option value='i'> ".__("IRC Nick")."\n";
375 print "<option value='v'> ".__("Last vote")."\n";
376 print "</select></td>";
377 print "</tr>\n";
379 print "<tr>";
380 print "<td> </td>";
381 print "<td align='left'> <br/> ";
382 print "<input type='submit' class='button'";
383 print " value='".__("Search'")."> ";
384 print "<input type='reset' class='button'";
385 print " value='".__("Reset")."'></td>";
386 print "</tr>\n";
388 print "</table>\n";
389 print "</center>\n";
390 print "</form>\n";
391 return;
392 }
395 # search results page
396 #
397 function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
398 $S="",$E="",$R="",$I="") {
399 # UTYPE: what account type the user belongs to
400 # O: what row offset we're at
401 # SB: how to sort the results
402 # U: value to display for username
403 # T: value to display for account type
404 # S: value to display for account suspended
405 # E: value to display for email address
406 # R: value to display for RealName
407 # I: value to display for IRC nick
409 $HITS_PER_PAGE = 50;
410 if ($O) {
411 $OFFSET = intval($O);
412 } else {
413 $OFFSET = 0;
414 }
415 if ($OFFSET < 0) {
416 $OFFSET = 0;
417 }
418 $search_vars = array();
420 $q = "SELECT Users.*, AccountTypes.AccountType ";
421 $q.= "FROM Users, AccountTypes ";
422 $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
423 if ($T == "u") {
424 $q.= "AND AccountTypes.ID = 1 ";
425 $search_vars[] = "T";
426 } elseif ($T == "t") {
427 $q.= "AND AccountTypes.ID = 2 ";
428 $search_vars[] = "T";
429 } elseif ($T == "d") {
430 $q.= "AND AccountTypes.ID = 3 ";
431 $search_vars[] = "T";
432 }
433 if ($S) {
434 $q.= "AND Users.Suspended = 1 ";
435 $search_vars[] = "S";
436 }
437 if ($U) {
438 $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' ";
439 $search_vars[] = "U";
440 }
441 if ($E) {
442 $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' ";
443 $search_vars[] = "E";
444 }
445 if ($R) {
446 $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' ";
447 $search_vars[] = "R";
448 }
449 if ($I) {
450 $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' ";
451 $search_vars[] = "I";
452 }
453 switch ($SB) {
454 case 't':
455 $q.= "ORDER BY AccountTypeID, Username ";
456 break;
457 case 'r':
458 $q.= "ORDER BY RealName, AccountTypeID ";
459 break;
460 case 'i':
461 $q.= "ORDER BY IRCNick, AccountTypeID ";
462 break;
463 case 'v':
464 $q.= "ORDER BY LastVoted, Username ";
465 break;
466 default:
467 $q.= "ORDER BY Username, AccountTypeID ";
468 break;
469 }
470 $search_vars[] = "SB";
471 $q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE;
473 $result = db_query($q, $dbh);
474 if (!$result) {
475 print __("No results matched your search criteria.");
476 } else {
477 $num_rows = mysql_num_rows($result);
478 if ($num_rows) {
479 print "<center>\n";
480 print "<table border='0' cellpadding='0'";
481 print " cellspacing='0' width='90%'>\n";
482 print "<tr>";
483 print "<td colspan='2'>";
484 print "<table border='0' cellpadding='0'";
485 print " cellspacing='0' width='100%'>\n";
486 print "<th class='header'>";
487 print "<span class='f2'>".__("Username")."</span></th>";
488 print "<th class='header'>";
489 print "<span class='f2'>".__("Type")."</span></th>";
490 print "<th class='header'>";
491 print "<span class='f2'>".__("Status")."</span></th>";
492 print "<th class='header'>";
493 print "<span class='f2'>".__("Real Name")."</span></th>";
494 print "<th class='header'>";
495 print "<span class='f2'>".__("IRC Nick")."</span></th>";
496 print "<th class='header'>";
497 print "<span class='f2'>".__("Last Voted")."</span></th>";
498 print "<th class='header'>";
499 print "<span class='f2'>".__("Edit Account")."</span></th>";
500 print "</tr>\n";
501 $i = 0;
502 while ($row = mysql_fetch_assoc($result)) {
503 if ($i % 2) {
504 $c = "data1";
505 } else {
506 $c = "data2";
507 }
508 print "<tr>";
509 print "<td class='".$c."'>";
510 print "<span class='f5'><a href='/packages.php?SeB=m&K=".$row["Username"]."'>".$row["Username"]."</a></span></td>";
511 print "<td class='".$c."'>";
512 print "<span class='f5'>".$row["AccountType"];
513 print "</span></td>";
514 print "<td class='".$c."'><span class='f5'>";
515 if ($row["Suspended"]) {
516 print __("Suspended");
517 } else {
518 print __("Active");
519 }
520 print "</span></td>";
521 print "<td class='".$c."'><span class='f5'>";
522 $row["RealName"] ? print $row["RealName"] : print " ";
523 print "</span></td>";
524 print "<td class='".$c."'><span class='f5'>";
525 $row["IRCNick"] ? print $row["IRCNick"] : print " ";
526 print "</span></td>";
527 print "<td class='".$c."'><span class='f5'>";
528 $row["LastVoted"]
529 ? print date("Ymd", $row["LastVoted"])
530 : print __("Never");
531 print "</span></td>";
532 print "<td class='".$c."'><span class='f5'>";
533 if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer") {
534 # TUs can't edit devs
535 #
536 print " </span></td>";
537 } else {
538 $edit_url = "/account.php?Action=DisplayAccount&ID=".$row["ID"];
539 print "<a href='".$edit_url . "'>";
540 print "Edit</a></span></td>";
541 }
542 print "</tr>\n";
543 $i++;
544 }
545 print "</table>\n";
546 print "</td></tr>\n";
548 print "<tr>";
549 print "<td align='left'>";
550 print "<form action='/account.php' method='post'>\n";
551 print "<input type='hidden' name='Action' value='SearchAccounts'>\n";
552 print "<input type='hidden' name='O'";
553 print " value='".($OFFSET-$HITS_PER_PAGE)."'>\n";
554 reset($search_vars);
555 while (list($k, $ind) = each($search_vars)) {
556 print "<input type='hidden' name='".$ind."'";
557 print " value='".${$ind}."'>\n";
558 }
559 print "<input type='submit' class='button'";
560 print " value='<-- ".__("Less")."'>";
561 print "</form>\n";
562 print "</td>";
563 print "<td align='right'>";
564 print "<form action='/account.php' method='post'>\n";
565 print "<input type='hidden' name='Action' value='SearchAccounts'>\n";
566 print "<input type='hidden' name='O'";
567 print " value='".($OFFSET+$HITS_PER_PAGE)."'>\n";
568 reset($search_vars);
569 while (list($k, $ind) = each($search_vars)) {
570 print "<input type='hidden' name='".$ind."'";
571 print " value='".${$ind}."'>\n";
572 }
573 print "<input type='submit' class='button'";
574 print " value='".__("More")." -->'>";
575 print "</form>\n";
576 print "</td>";
577 print "</tr>\n";
578 print "</table>\n";
579 print "</center>\n";
580 } else {
581 print "<center>\n";
582 print __("No more results to display.");
583 print "</center>\n";
584 }
585 }
586 return;
587 }
589 # Display non-editable account info
590 #
591 function display_account_info($U="",$T="",
592 $E="",$R="",$I="") {
593 # U: value to display for username
594 # T: value to display for account type
595 # E: value to display for email address
596 # R: value to display for RealName
597 # I: value to display for IRC nick
599 global $SUPPORTED_LANGS;
601 print "<center>\n";
602 print "<table border='0' cellpadding='0' cellspacing='0' width='33%'>\n";
603 print " <tr>\n";
604 print " <td colspan='2'> </td>\n";
605 print " </tr>\n";
607 print " <tr>\n";
608 print " <td align='left'>".__("Username").":</td>\n";
609 print " <td align='left'>".$U."</td>\n";
610 print " </tr>\n";
612 print " <tr>\n";
613 print " <td align='left'>".__("Account Type").":</td>\n";
614 print " <td align='left'>";
615 if ($T == "User") {
616 print __("User");
617 } elseif ($T == "Trusted User") {
618 print __("Trusted User");
619 } elseif ($T == "Developer") {
620 print __("Developer");
621 }
622 print "</td>\n";
624 print " <tr>\n";
625 print " <td align='left'>".__("Email Address").":</td>\n";
626 print " <td align='left'><a href='mailto:".$E."'>".$E."</a></td>\n";
627 print " </tr>\n";
629 print " <tr>\n";
630 print " <td align='left'>".__("Real Name").":</td>\n";
631 print " <td align='left'>".$R."</td>\n";
632 print " </tr>\n";
634 print " <tr>\n";
635 print " <td align='left'>".__("IRC Nick").":</td>\n";
636 print " <td align='left'>".$I."</td>\n";
637 print " </tr>\n";
639 print " <tr>\n";
640 print " <td colspan='2'><a href='/packages.php?K=".$U."&SeB=m'>".__("View this user's packages")."</a></td>\n";
641 print " </tr>\n";
643 print "</table>\n";
644 print "</center>\n";
645 return;
646 }
648 # vim: ts=2 sw=2 noet ft=php
649 ?>