Commit 84912ddb authored by eric's avatar eric
Browse files

account adding/editing is working

parent 64db1236
......@@ -39,7 +39,11 @@ CREATE TABLE Users (
);
-- A default developer account for testing purposes
INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES (
1, 3, 'root', 'root@localhost', 'changeme');
1, 3, 'dev', 'dev@localhost', 'dev');
INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES (
2, 2, 'tu', 'tu@localhost', 'tu');
INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd) VALUES (
3, 1, 'user', 'user@localhost', 'user');
-- Track Users logging in/out of AUR web site.
......
......@@ -19,10 +19,10 @@ if (isset($_COOKIE["AURSID"])) {
# security check
#
if ($atype == "Trusted user" || $atype == "Developer") {
if ($atype == "Trusted User" || $atype == "Developer") {
# the user has entered search criteria, find any matching accounts
#
search_results_page($_REQUEST["O"], $_REQUEST["SB"],
search_results_page($atype, $_REQUEST["O"], $_REQUEST["SB"],
$_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"],
$_REQUEST["E"], $_REQUEST["R"], $_REQUEST["I"]);
......@@ -35,23 +35,74 @@ if (isset($_COOKIE["AURSID"])) {
} elseif ($_REQUEST["Action"] == "DisplayAccount") {
# the user has clicked 'edit', display the account details in a form
#
$q = "SELECT Users.*, AccountTypes.AccountType ";
$q.= "FROM Users, AccountTypes ";
$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
$q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
$result = db_query($q, $dbh);
if (!$result) {
print __("Could not retrieve information for the specified user.");
} else {
$row = mysql_fetch_assoc($result);
# double check to make sure logged in user can edit this account
#
if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
print __("You do not have permission to edit this account.");
} else {
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["NewPkgNotify"], $row["ID"]);
}
}
} elseif ($_REQUEST["Action"] == "UpdateAccount") {
# user is submitting their modifications to an existing account
#
process_account_form($atype, "edit", "UpdateAccount",
$_REQUEST["U"], $_REQUEST["T"], $_REQUEST["S"],
$_REQUEST["E"], $_REQUEST["P"], $_REQUEST["C"],
$_REQUEST["R"], $_REQUEST["L"], $_REQUEST["I"],
$_REQUEST["N"], $_REQUEST["ID"]);
} else {
if ($atype == "Trusted user" || $atype == "Developer") {
if ($atype == "Trusted User" || $atype == "Developer") {
# display the search page if they're a TU/dev
#
print __("Use this form to search existing accounts.")."<br/>\n";
search_accounts_form();
} else {
# TODO A normal user, give them the ability to edit
# A normal user, give them the ability to edit
# their own account
#
print __("Regular users can edit their own account.");
$q = "SELECT Users.*, AccountTypes.AccountType ";
$q.= "FROM Users, AccountTypes, Sessions ";
$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
$q.= "AND Users.ID = Sessions.UsersID ";
$q.= "AND Sessions.SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"])."'";
$result = db_query($q, $dbh);
if (!$result) {
print __("Could not retrieve information for the specified user.");
} else {
$row = mysql_fetch_assoc($result);
# don't need to check if they have permissions, this is a
# normal user editing themselves.
#
print __("Use this form to update your account.");
print "<br/>";
print __("Leave the password fields blank to keep your same password.");
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["NewPkgNotify"], $row["ID"]);
}
}
}
......@@ -69,6 +120,7 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# display the account request form
#
print __("Use this form to create an account.");
display_account_form("", "NewAccount");
}
}
......
......@@ -11,7 +11,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
# Attempting to log in
#
if (!isset($_REQUEST['user'])) {
$login_error = __("You must supply an email address.");
$login_error = __("You must supply a username.");
}
if (!isset($_REQUEST['pass'])) {
$login_error = __("You must supply a password.");
......@@ -25,7 +25,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Incorrect password for email address, %s.",
$login_error = __("Incorrect password for username, %s.",
array($_REQUEST["user"]));
} else {
$row = mysql_fetch_row($result);
......@@ -79,7 +79,7 @@ print " </td>";
# XXX Is this the proper way to add some spacing between table cells?
#
print " <td>&nbsp;&nbsp;</td>";
print " <td align='right'>\n";
print " <td align='left' valign='top' nowrap>\n";
if (!isset($_COOKIE["AURSID"])) {
# the user is not logged in, give them login widgets
#
......@@ -104,7 +104,7 @@ if (!isset($_COOKIE["AURSID"])) {
print "</form>\n";
} else {
print __("Currently logged in as: %h%s%h",
print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
}
print " </td>";
......
......@@ -9,6 +9,8 @@ set_lang(); # this sets up the visitor's language
if (isset($_COOKIE["AURSID"])) {
$q = "DELETE FROM Sessions WHERE SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
$dbh = db_connect();
db_query($q, $dbh);
setcookie("AURSID", "", time() - (60*60*24*30), "/");
}
......
......@@ -246,4 +246,29 @@ $_t["en"]["You are not allowed to access this area."] = "You are not allowed to
# $_t["fr"]["You are not allowed to access this area."] = "--> Traduction franaise ici. <--";
# $_t["de"]["You are not allowed to access this area."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Use this form to create an account."] = "Use this form to create an account.";
# $_t["es"]["Use this form to create an account."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Use this form to create an account."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Use this form to create an account."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Use this form to update your account."] = "Use this form to update your account.";
# $_t["es"]["Use this form to update your account."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Use this form to update your account."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Use this form to update your account."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Leave the password fields blank to keep your same password."] = "Leave the password fields blank to keep your same password.";
# $_t["es"]["Leave the password fields blank to keep your same password."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Leave the password fields blank to keep your same password."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Leave the password fields blank to keep your same password."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Could not retrieve information for the specified user."] = "Could not retrieve information for the specified user.";
# $_t["es"]["Could not retrieve information for the specified user."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Could not retrieve information for the specified user."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Could not retrieve information for the specified user."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["You do not have permission to edit this account."] = "You do not have permission to edit this account.";
# $_t["es"]["You do not have permission to edit this account."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["You do not have permission to edit this account."] = "--> Traduction franaise ici. <--";
# $_t["de"]["You do not have permission to edit this account."] = "--> Deutsche bersetzung hier. <--";
?>
\ No newline at end of file
......@@ -191,4 +191,9 @@ $_t["en"]["No more results to display."] = "No more results to display.";
# $_t["fr"]["No more results to display."] = "--> Traduction franaise ici. <--";
# $_t["de"]["No more results to display."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["A Trusted User cannot assign Developer status."] = "A Trusted User cannot assign Developer status.";
# $_t["es"]["A Trusted User cannot assign Developer status."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["A Trusted User cannot assign Developer status."] = "--> Traduction franaise ici. <--";
# $_t["de"]["A Trusted User cannot assign Developer status."] = "--> Deutsche bersetzung hier. <--";
?>
\ No newline at end of file
......@@ -96,4 +96,19 @@ $_t["en"]["Incorrect password for email address, %s."] = "Incorrect password for
# $_t["fr"]["Incorrect password for email address, %s."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Incorrect password for email address, %s."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Incorrect password for username, %s."] = "Incorrect password for username, %s.";
# $_t["es"]["Incorrect password for username, %s."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Incorrect password for username, %s."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Incorrect password for username, %s."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Logged in as: %h%s%h"] = "Logged in as: %h%s%h";
# $_t["es"]["Logged in as: %h%s%h"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Logged in as: %h%s%h"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Logged in as: %h%s%h"] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Logged-in as: %h%s%h"] = "Logged-in as: %h%s%h";
# $_t["es"]["Logged-in as: %h%s%h"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Logged-in as: %h%s%h"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Logged-in as: %h%s%h"] = "--> Deutsche bersetzung hier. <--";
?>
\ No newline at end of file
......@@ -3,9 +3,9 @@ include_once("acctfuncs_po.inc");
# Display the standard Account form, pass in default values if any
#
function display_account_form($SID,$A,$U="",$T="",$S="",
$E="",$P="",$C="",$R="",$L="",$I="",$N="") {
# SID: the session id cookie value (if any)
function display_account_form($UTYPE,$A,$U="",$T="",$S="",
$E="",$P="",$C="",$R="",$L="",$I="",$N="",$UID=0) {
# UTYPE: what user type the form is being displayed for
# A: what "form" name to use
# U: value to display for username
# T: value to display for account type
......@@ -17,41 +17,43 @@ function display_account_form($SID,$A,$U="",$T="",$S="",
# L: value to display for Language preference
# I: value to display for IRC nick
# N: new package notify value
# UID: Users.ID value in case form is used for editing
global $SUPPORTED_LANGS;
print "<form action='/account.php' method='post'>\n";
print "<input type='hidden' name='Action' value='".$A."'>\n";
if ($UID) {
print "<input type='hidden' name='ID' value='".$UID."'>\n";
}
print "<center>\n";
print "<table border='0' cellpadding='0' cellspacing='0' width='80%'>\n";
print "<tr><td colspan='2'>&nbsp;</td></tr>\n";
# figure out what account type the visitor is
#
if ($SID) {
$atype = account_from_sid($SID);
} else {
$atype = "";
}
print "<tr>";
print "<td align='left'>".__("Username").":</td>";
print "<td align='left'><input type='text' size='30' maxlength='64'";
print " name='U' value='".$U."'> (".__("required").")</td>";
print "</tr>\n";
if ($atype == "Trusted User" || $atype == "Developer") {
if ($UTYPE == "Trusted User" || $UTYPE == "Developer") {
# only TUs or Devs can promote/demote/suspend a user
#
print "<tr>";
print "<td align='left'>".__("Account Type").":</td>";
print "<td align='left'><select name=T>\n";
print "<option value='u'> ".__("Normal user")."\n";
print "<option value='t'> ".__("Trusted user")."\n";
if ($atype == "Developer") {
print "<option value='1'";
$T == "User" ? print " selected>" : print ">";
print __("Normal user")."\n";
print "<option value='2'";
$T == "Trusted User" ? print " selected>" : print ">";
print __("Trusted user")."\n";
if ($UTYPE == "Developer") {
# only developers can make another account a developer
#
print "<option value='d'> ".__("Developer")."\n";
print "<option value='3'";
$T == "Developer" ? print " selected>" : print ">";
print __("Developer")."\n";
}
print "</select></td>";
print "</tr>\n";
......@@ -76,14 +78,20 @@ function display_account_form($SID,$A,$U="",$T="",$S="",
print "<tr>";
print "<td align='left'>".__("Password").":</td>";
print "<td align='left'><input type='password' size='30' maxlength='32'";
print " name='P' value='".$P."'> (".__("required").")</td>";
print "</tr>\n";
print " name='P' value='".$P."'>";
if ($TYPE == "new") {
print " (".__("required").")";
}
print "</td></tr>\n";
print "<tr>";
print "<td align='left'>".__("Re-type password").":</td>";
print "<td align='left'><input type='password' size='30' maxlength='32'";
print " name='C' value='".$C."'> (".__("required").")</td>";
print "</tr>\n";
print " name='C' value='".$C."'>";
if ($TYPE == "new") {
print " (".__("required").")";
}
print "</td></tr>\n";
print "<tr>";
print "<td align='left'>".__("Real Name").":</td>";
......@@ -124,7 +132,7 @@ function display_account_form($SID,$A,$U="",$T="",$S="",
print "<tr>";
print "<td>&nbsp;</td>";
print "<td align='left'>";
if ($A == "ModifyAccount") {
if ($A == "UpdateAccount") {
print "<input type='submit' value='".__("Update")."'> &nbsp; ";
} else {
print "<input type='submit' value='".__("Create")."'> &nbsp; ";
......@@ -142,9 +150,9 @@ function display_account_form($SID,$A,$U="",$T="",$S="",
# process form input from a new/edit account form
#
function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$N="",$UID=0) {
# SID: the session id from the cookie
# UTYPE: The user's account type
# TYPE: either "edit" or "new"
# A: what parent "form" name to use
# U: value to display for username
......@@ -162,8 +170,6 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
# error check and process request for a new/modified account
#
global $SUPPORTED_LANGS;
dbug("=> process_account_form");
dbug(" A=$A,U=$U,T=$T,S=$S,E=$E,P=$P,C=$C,R=$R,L=$L,I=$I,N=$N");
$dbh = db_connect();
$error = "";
......@@ -187,6 +193,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
if (!$error && !valid_email($E)) {
$error = __("The email address is invalid.");
}
if ($UTYPE == "Trusted User" && $T == 3) {
$error = __("A Trusted User cannot assign Developer status.");
}
if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
$error = __("Language is not currently supported.");
}
......@@ -196,6 +205,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
#
$q = "SELECT COUNT(*) AS CNT FROM Users ";
$q.= "WHERE Username = '".mysql_escape_string($U)."'";
if ($TYPE == "edit") {
$q.= " AND ID != ".intval($UID);
}
$result = db_query($q, $dbh);
if ($result) {
$row = mysql_fetch_array($result);
......@@ -211,6 +223,9 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
#
$q = "SELECT COUNT(*) AS CNT FROM Users ";
$q.= "WHERE Email = '".mysql_escape_string($E)."'";
if ($TYPE == "edit") {
$q.= " AND ID != ".intval($UID);
}
$result = db_query($q, $dbh);
if ($result) {
$row = mysql_fetch_array($result);
......@@ -222,7 +237,7 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
}
if ($error) {
print "<span class='error'>".$error."</span><br/>\n";
display_account_form($SID, $A, $U, $T, $S, $E, "", "",
display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
$R, $L, $I, $N, $UID);
} else {
if ($TYPE == "new") {
......@@ -259,11 +274,19 @@ function process_account_form($SID,$TYPE,$A,$U="",$T="",$S="",$E="",
# no errors, go ahead and modify the user account
#
$q = "UPDATE Users SET ";
$q.= "AccountTypeID = ".intval($T);
$q.= ", Suspended = ".intval($S);
$q.= ", Username = '".mysql_escape_string($U)."'";
$q.= "Username = '".mysql_escape_string($U)."'";
if ($T) {
$q.= ", AccountTypeID = ".intval($T);
}
if ($S) {
$q.= ", Suspended = 1";
} else {
$q.= ", Suspended = 0";
}
$q.= ", Email = '".mysql_escape_string($E)."'";
$q.= ", Passwd = '".mysql_escape_string($P)."'";
if ($P) {
$q.= ", Passwd = '".mysql_escape_string($P)."'";
}
$q.= ", RealName = '".mysql_escape_string($R)."'";
$q.= ", LangPreference = '".mysql_escape_string($L)."'";
$q.= ", IRCNick = '".mysql_escape_string($I)."'";
......@@ -340,7 +363,6 @@ function search_accounts_form() {
print "<td align='left'><select name=SB>\n";
print "<option value='u'> ".__("Username")."\n";
print "<option value='t'> ".__("Account Type")."\n";
print "<option value='e'> ".__("Email address")."\n";
print "<option value='r'> ".__("Real Name")."\n";
print "<option value='i'> ".__("IRC Nick")."\n";
print "<option value='v'> ".__("Last vote")."\n";
......@@ -349,7 +371,7 @@ function search_accounts_form() {
print "<tr>";
print "<td>&nbsp;</td>";
print "<td align='left'>";
print "<td align='left'>&nbsp;<br/>&nbsp;&nbsp;&nbsp;&nbsp;";
print "<input type='submit' value='".__("Search'")."> &nbsp; ";
print "<input type='reset' value='".__("Reset")."'></td>";
print "</tr>\n";
......@@ -363,8 +385,9 @@ function search_accounts_form() {
# search results page
#
function search_results_page($O=0,$SB="",$U="",$T="",
function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
$S="",$E="",$R="",$I="") {
# UTYPE: what account type the user belongs to
# O: what row offset we're at
# SB: how to sort the results
# U: value to display for username
......@@ -422,9 +445,6 @@ function search_results_page($O=0,$SB="",$U="",$T="",
case 't':
$q.= "ORDER BY AccountTypeID, Username ";
break;
case 'e':
$q.= "ORDER BY Email, AccountTypeID ";
break;
case 'r':
$q.= "ORDER BY RealName, AccountTypeID ";
break;
......@@ -500,9 +520,15 @@ function search_results_page($O=0,$SB="",$U="",$T="",
: print __("Never");
print "</span></td>";
print "<td class='".$c."'><span class='f5'>";
$edit_url = "/account.php?Action=DisplayAccount&ID=".$row["ID"];
print "<a href='".$edit_url . "'>";
print "Edit</a></span></td>";
if ($UTYPE == "Trusted User" && $row["AccountType"] == "Developer") {
# TUs can't edit devs
#
print "&nbsp;</span></td>";
} else {
$edit_url = "/account.php?Action=DisplayAccount&ID=".$row["ID"];
print "<a href='".$edit_url . "'>";
print "Edit</a></span></td>";
}
print "</tr>\n";
$i++;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment