Context Navigation

usersettings.php @ 43

Visit:

Revision 43, 12.6 KB (checked in by DarTar, 7 years ago)
Typo: replacing "abbrv" with "abbr".

Line
1	<?php
2	// defaults
3	define('PASSWORD_MIN_LENGTH', "5");
4	define('VALID_EMAIL_PATTERN', "/^.+?\@.+?\..+$/"); //TODO: Use central regex library
5
6	// i18n strings
7	define('USER_LOGGED_OUT', "You are now logged out.");
8	define('USER_SETTINGS_STORED', "User settings stored!");
9	define('ERROR_NO_BLANK', "Sorry, blanks are not permitted in the password.");
10	define('ERROR_PASSWORD_TOO_SHORT', "Sorry, the password must contain at least %s characters.");
11	define('PASSWORD_CHANGED', "Password changed!");
12	define('ERROR_OLD_PASSWORD_WRONG', "The old password you entered is wrong.");
13	define('USER_EMAIL_LABEL', "Your email address:");
14	define('DOUBLECLICK_LABEL', "Doubleclick Editing:");
15	define('SHOW_COMMENTS_LABEL', "Show comments by default:");
16	define('RECENTCHANGES_DISPLAY_LIMIT_LABEL', "RecentChanges display limit:");
17	define('PAGEREVISION_LIST_LIMIT_LABEL', "Page revisions list limit:");
18	define('UPDATE_SETTINGS_INPUT', "Update Settings");
19	define('CHANGE_PASSWORD_LABEL', "Change your password:");
20	define('CURRENT_PASSWORD_LABEL', "Your current password:");
21	define('NEW_PASSWORD_LABEL', "Your new password:");
22	define('CHANGE_BUTTON_LABEL', "Change");
23	define('REGISTER_BUTTON_LABEL', "Register");
24	define('QUICK_LINKS', "See a list of pages you own (MyPages) and pages you've edited (MyChanges).");
25	define('ERROR_WRONG_PASSWORD', "Sorry, you entered the wrong password.");
26	define('ERROR_EMPTY_USERNAME', "Please fill in your user name.");
27	define('ERROR_RESERVED_PAGENAME', "Sorry, this name is reserved for a page. Please choose a different name.");
28	define('ERROR_WIKINAME', "User name must be ##\"\"WikiName\"\"## formatted, e.g. ##\"\"JohnDoe\"\"##.");
29	define('ERROR_EMPTY_PASSWORD', "Please fill in a password.");
30	define('ERROR_EMPTY_CONFIRMATION_PASSWORD', "You must confirm your password to register a new account.");
31	define('ERROR_PASSWORD_MATCH', "Passwords didn't match.");
32	define('ERROR_EMAIL_ADDRESS_REQUIRED', "You must specify an email address.");
33	define('ERROR_INVALID_EMAIL_ADDRESS', "That doesn't quite look like an email address.");
34	define('REGISTERED_USER_LOGIN_LABEL', "If you're already a registered user, log in here!");
35	define('REGISTER_HEADING', "===Login/Register===");
36	define('WIKINAME_LABEL', "Your <abbr title=\"A WikiName is formed by two or more capitalized words without space, e.g. JohnDoe\">WikiName</abbr>:");
37	define('PASSWORD_LABEL', "Password (min. %s chars):");
38	define('LOGIN_BUTTON_LABEL', "Login");
39	define('NEW_USER_REGISTER_LABEL', "Stuff you only need to fill in when you're logging in for the first time (and thus signing up as a new user on this site).");
40	define('CONFIRM_PASSWORD_LABEL', "Confirm password:");
41	define('RETRIEVE_PASSWORD_HEADING', "===Forgot your password?===");
42	define('RETRIEVE_PASSWORD_MESSAGE', "Log in here with the temporary password. --- If you need a temporary password, click [[PasswordForgotten here]].");
43	define('TEMP_PASSWORD_LABEL', "Your temp password:");
44
45	// is user logging out?
46	if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "logout"))
47	{
48	$this->LogoutUser();
49	$this->Redirect($this->href(), USER_LOGGED_OUT);
50	}
51	else if ($user = $this->GetUser())
52	{
53
54	// is user trying to update?
55	if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "update"))
56	{
57	$this->Query("update ".$this->config["table_prefix"]."users set ".
58	"email = '".mysql_real_escape_string($_POST["email"])."', ".
59	"doubleclickedit = '".mysql_real_escape_string($_POST["doubleclickedit"])."', ".
60	"show_comments = '".mysql_real_escape_string($_POST["show_comments"])."', ".
61	"revisioncount = '".mysql_real_escape_string($_POST["revisioncount"])."', ".
62	"changescount = '".mysql_real_escape_string($_POST["changescount"])."' ".
63	"where name = '".$user["name"]."' limit 1");
64
65	$this->SetUser($this->LoadUser($user["name"]));
66
67	// forward
68	$this->Redirect($this->href(), USER_SETTINGS_STORED);
69	}
70
71	if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "changepass"))
72	{
73	// check password
74	$password = $_POST["password"];
75	if (preg_match("/ /", $password)) $passerror = ERROR_NO_BLANK;
76	else if (strlen($password) < PASSWORD_MIN_LENGTH) $passerror = sprintf(ERROR_PASSWORD_TOO_SHORT, PASSWORD_MIN_LENGTH);
77	else if (($user["password"] == md5($_POST["oldpass"])) \|\| ($user["password"] == $_POST["oldpass"]))
78	{
79	$this->Query("update ".$this->config["table_prefix"]."users set "."password = md5('".mysql_real_escape_string($password)."') "."where name = '".$user["name"]."'");
80	$user["password"]=md5($password);
81	$this->SetUser($user);
82	$this->Redirect($this->href(), PASSWORD_CHANGED);
83	}
84	else
85	{
86	$passerror = ERROR_OLD_PASSWORD_WRONG;
87	}
88	}
89
90	print "<script type=\"text/javascript\"><!-- \nfunction hov(loc,cls){ \n if(loc.className) loc.className=cls;\n}\n //-->\n</script>\n";
91	// user is logged in; display config form
92	print($this->FormOpen());
93	?>
94	<input type="hidden" name="action" value="update" />
95	<table>
96	<tr>
97	<td align="right"></td>
98	<td>Hello, <?php echo $this->Link($user["name"]) ?>!</td>
99	</tr>
100	<tr>
101	<td align="right"><?php echo USER_EMAIL_LABEL ?></td>
102	<td><input name="email" value="<?php echo $this->htmlspecialchars_ent($user["email"]) ?>" size="40" /></td>
103	</tr>
104	<tr>
105	<td align="right"><?php echo DOUBLECLICK_LABEL ?></td>
106	<td><input type="hidden" name="doubleclickedit" value="N" /><input type="checkbox" name="doubleclickedit" value="Y" <?php echo $user["doubleclickedit"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
107	</tr>
108	<tr>
109	<td align="right"><?php echo SHOW_COMMENTS_LABEL ?></td>
110	<td><input type="hidden" name="show_comments" value="N" /><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
111	</tr>
112	<tr>
113	<td align="right"><?php echo RECENTCHANGES_DISPLAY_LIMIT_LABEL ?></td>
114	<td><input name="changescount" value="<?php echo $this->htmlspecialchars_ent($user["changescount"]) ?>" size="40" /></td>
115	</tr>
116	<tr>
117	<td align="right"><?php echo PAGEREVISION_LIST_LIMIT_LABEL ?></td>
118	<td><input name="revisioncount" value="<?php echo $this->htmlspecialchars_ent($user["revisioncount"]) ?>" size="40" /></td>
119	</tr>
120	<tr>
121	<td></td>
122	<td><input type="submit" value="<?php echo UPDATE_SETTINGS_INPUT ?>" /> <input type="button" value="Logout" onclick="document.location='<?php echo $this->href("", "", "action=logout"); ?>'" /></td>
123	</tr>
124	</table>
125	<?php
126	print($this->FormClose());
127
128	print($this->FormOpen());
129	?>
130	<input type="hidden" name="action" value="changepass" />
131	<table>
132	<tr>
133	<td align="left"><b><?php echo CHANGE_PASSWORD_LABEL ?></b></td>
134	<td><br /><br /> </td>
135	</tr>
136	<?php
137	if (isset($passerror))
138	{
139	print('<tr><td></td><td><em class="error">'.$this->Format($passerror).'</em></td></tr>'."\n");
140	}
141	?>
142	<tr>
143	<td align="left"><?php echo CURRENT_PASSWORD_LABEL ?></td>
144	<td><input type="password" name="oldpass" size="40" /></td>
145	</tr>
146	<tr>
147	<td align="left"><?php echo NEW_PASSWORD_LABEL ?></td>
148	<td><input type="password" name="password" size="40" /></td>
149	</tr>
150	<tr>
151	<td></td>
152	<td><input type="submit" value="<?php echo CHANGE_BUTTON_LABEL ?>" size="40" /></td>
153
154	</tr>
155	</table>
156	<br />
157	<?php echo $this->Format(QUICK_LINKS); ?>
158	<?php
159	print($this->FormClose());
160	}
161	else
162	{
163	// user is not logged in
164	print "<script type=\"text/javascript\"><!-- \nfunction hov(loc,cls){ \n if(loc.className) loc.className=cls;\n}\n //-->\n</script>\n";
165
166	// is user trying to log in or register?
167	if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "login"))
168	{
169	// if user name already exists, check password
170	if ($existingUser = $this->LoadUser($_POST["name"]))
171	{
172	// check password
173	if ($existingUser["password"] == md5($_POST["password"]))
174	{
175	$this->SetUser($existingUser);
176	$this->Redirect($this->href());
177	}
178	else
179	{
180	$error = ERROR_WRONG_PASSWORD;
181	}
182	}
183	// otherwise, create new account
184	else
185	{
186	$name = trim($_POST["name"]);
187	$email = trim($_POST["email"]);
188	$password = $_POST["password"];
189	$confpassword = $_POST["confpassword"];
190
191	// check if name is WikiName style
192	if (strlen($name)==0) $error = ERROR_EMPTY_USERNAME;
193	elseif (!$this->IsWikiName($name)) $error = ERROR_WIKINAME;
194	elseif ($this->ExistsPage($name)) $error = ERROR_RESERVED_PAGENAME;
195	elseif (strlen($password)==0) $error = ERROR_EMPTY_PASSWORD;
196	elseif (preg_match("/ /", $password)) $error = ERROR_NO_BLANK;
197	elseif (strlen($password) < PASSWORD_MIN_LENGTH) $error = sprintf(ERROR_PASSWORD_TOO_SHORT, PASSWORD_MIN_LENGTH);
198	elseif (strlen($confpassword)==0) $error = ERROR_EMPTY_CONFIRMATION_PASSWORD;
199	elseif ($confpassword != $password) $error = ERROR_PASSWORD_MATCH;
200	elseif (!$email) $error = ERROR_EMAIL_ADDRESS_REQUIRED;
201	elseif (!preg_match(VALID_EMAIL_PATTERN, $email)) $error = ERROR_INVALID_EMAIL_ADDRESS;
202	else
203	{
204	$this->Query("insert into ".$this->config["table_prefix"]."users set ".
205	"signuptime = now(), ".
206	"name = '".mysql_real_escape_string($name)."', ".
207	"email = '".mysql_real_escape_string($email)."', ".
208	"password = md5('".mysql_real_escape_string($_POST["password"])."')");
209
210	// log in
211	$this->SetUser($this->LoadUser($name));
212
213	// forward
214	$this->Redirect($this->href());
215	}
216	}
217	}
218	elseif (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "updatepass"))
219	{
220	// check if name is WikiName style
221	$name = trim($_POST["yourname"]);
222	if (!$this->IsWikiName($name)) $newerror = ERROR_WIKINAME;
223
224	// if user name already exists, check password
225	elseif ($existingUser = $this->LoadUser($_POST["yourname"]))
226	// updatepassword
227	if ($existingUser["password"] == $_POST["temppassword"])
228	{
229	$this->SetUser($existingUser, $_POST["remember"]);
230	$this->Redirect($this->href());
231	}
232	else
233	{
234	$newerror = ERROR_WRONG_PASSWORD;
235	}
236	}
237
238	print($this->FormOpen());
239	?>
240	<input type="hidden" name="action" value="login" />
241	<table>
242	<tr>
243	<td colspan="2"><?php echo $this->Format(REGISTER_HEADING) ?></td><td></td>
244	</tr>
245	<tr>
246	<td align="right"></td>
247	<td><?php echo $this->Format(REGISTERED_USER_LOGIN_LABEL); ?></td>
248	</tr>
249	<?php
250	if (isset($error))
251	{
252	print('<tr><td></td><td><em class="error">'.$this->Format($error).'</em></td></tr>'."\n");
253	}
254	?>
255	<tr>
256	<td align="right"><?php echo WIKINAME_LABEL ?></td>
257	<td><input name="name" size="40" value="<?php if (isset($name)) echo $name; ?>" /></td>
258	</tr>
259	<tr>
260	<td align="right"><?php echo sprintf(PASSWORD_LABEL, PASSWORD_MIN_LENGTH) ?></td>
261	<td><input type="password" name="password" size="40" /></td>
262	</tr>
263	<tr>
264	<td></td>
265	<td><input type="submit" value="<?php echo LOGIN_BUTTON_LABEL ?>" size="40" /></td>
266	</tr>
267	<tr>
268	<td align="right"></td>
269	<td width="500"><?php echo $this->Format(NEW_USER_REGISTER_LABEL); ?></td>
270	</tr>
271	<tr>
272	<td align="right"><?php echo CONFIRM_PASSWORD_LABEL ?></td>
273	<td><input type="password" name="confpassword" size="40" /></td>
274	</tr>
275	<tr>
276	<td align="right"><?php echo USER_EMAIL_LABEL ?></td>
277	<td><input name="email" size="40" value="<?php if (isset($email)) echo $email; ?>" /></td>
278	</tr>
279	<tr>
280	<td></td>
281	<td><input type="submit" value="<?php echo REGISTER_BUTTON_LABEL ?>" size="40" /></td>
282	</tr>
283	</table>
284	<?php
285	print($this->FormClose());
286	print($this->FormOpen());
287	?>
288	<input type="hidden" name="action" value="updatepass" />
289	<table>
290	<tr>
291	<td colspan="2"><br /><hr /><?php echo $this->Format(RETRIEVE_PASSWORD_HEADING) ?></td><td></td>
292	</tr>
293	<tr>
294	<td align="left"></td>
295	<td><?php echo $this->Format(RETRIEVE_PASSWORD_MESSAGE) ?></td>
296	</tr>
297	<?php
298	if (isset($newerror))
299	{
300	print('<tr><td></td><td><em class="error">'.$this->Format($newerror).'</em></td></tr>'."\n");
301	}
302	?>
303	<tr>
304	<td align="right"><?php echo WIKINAME_LABEL ?></td>
305	<td><input name="yourname" value="<?php if (isset($_POST["yourname"])) echo $_POST["yourname"]; ?>" size="40" /></td>
306	</tr>
307	<tr>
308	<td align="right"><?php echo TEMP_PASSWORD_LABEL ?></td>
309	<td><input name="temppassword" size="40" /></td>
310	</tr>
311	<tr>
312	<td></td>
313	<td><input type="submit" value="<?php echo LOGIN_BUTTON_LABEL ?>" size="40" /></td>
314	</tr>
315	</table>
316	<?php
317	print($this->FormClose());
318	}
319	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/actions/usersettings.php @ 43

Download in other formats: