Context Navigation

← Previous Change
Next Change →

Changeset 731 for trunk

Timestamp:

12/24/07 11:40:19 (11 months ago)

Author:

michiel

Message:

During a drive to DenHaag? I came up with this.
Thanks to nancy for driving me there so I could code.

-Introduce user settings.
-Let users decide wether their email address is shown by their comments.

Closes #173 and Re #107

Location:

trunk

Files:

: 3 added
: 1 modified

Legend:

: Unmodified
: Added
: Removed

trunk/common/mvblog.php

r729	r731
155	155	switch ($action) {
156	156	/* user related functions */
157		case "register_confirm" : $this->register_confirm(); break;
158		case "register_save" : $this->register_save(); break;
159		case "register_user" : $this->register_user(); break;
160		case "user_login" :
	157	//this one is here for backward compatibiliy. Can be removed in release 4
	158	case "register_confirm" : $this->user_confirm(); break;
	159	//new user actions
	160	case "user_confirm" : $this->user_confirm(); break;
	161	case "user_save" : $this->user_save(); break;
	162	case "user_new" : $this->user_edit(1); break;
	163	case "user_login" :
161	164	if (array_key_exists("user", $_REQUEST) && $this->user_login($_REQUEST["user"])) {
162	165	$this->get_articles($start, $limit);
…	…
165	168	}
166	169	break;
	170	case "user_settings" : $this->user_edit(0); break;
167	171	/* article related functions */
168	172	case "view" : $this->show_article($_REQUEST["id"]); break;
…	…
524	528	} elseif (array_key_exists("blog_user", $_SESSION) && !empty($_SESSION["blog_user"])) {
525	529	$comment_authorinfo["author"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["realname"]));
526		$comment_authorinfo["email"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["email"]));
	530	if ($_SESSION["blog_user"]["email_public"])
	531	$comment_authorinfo["email"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["email"]));
	532	else
	533	$comment_authorinfo["email"] = "";
527	534	$comment_authorinfo["url"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["website"]));
528	535	$locked = 1;
…	…
774	781	<?php echo gettext("password"); ?>: <input type="password" name="user[password]" value="" /><br />
775	782	<input type="submit" name="login" value="<?php echo gettext("login"); ?>" />
776		<a href="index.php?action=~~register_user~~"><?php echo gettext("Register"); ?></a>
	783	<a href="index.php?action=user_new"><?php echo gettext("Register"); ?></a>
777	784	</form>
778	785	<?php
…	…
799	806	<?php if (array_key_exists("author_id", $_SESSION) && !empty($_SESSION["author_id"])) { ?>
800	807	<li class="default_list_item"><a href="admin/index.php" title="admin"><?php echo gettext("Admin"); ?></a></li>
	808	<?php } ?>
	809	<?php if (array_key_exists("blog_user", $_SESSION)) { ?>
	810	<li class="default_list_item"><a href="index.php?action=user_settings" title="settings"><?php echo gettext("Settings"); ?></a></li>
801	811	<?php } ?>
802	812	</ul>
…	…
1187	1197	}
1188	1198	/* }}} */
1189		/* register_user() {{{ */
1190		public function register_user() {
	1199	/* user_edit {{{ */
	1200	/**
	1201	* Form to alter user information. Can be used for both new users and editing settings
	1202	*
	1203	* @param int $register if set, register a new user, otherwise it's a logged in user wanting to alter settings.
	1204	*/
	1205	public function user_edit($register = 1) {
1191	1206	?>
1192	1207	<div class="log_post">
1193	1208	<div class="log_posthead">
1194		<h1><?php echo gettext("Registration process"); ?></h1>
	1209	<h1>
	1210	<?php
	1211	if ($register)
	1212	echo gettext("Registration process");
	1213	else
	1214	echo gettext("Settings");
	1215	?>
	1216	</h1>
1195	1217	</div>
1196	1218	<div class="log_postbody">
1197	1219	<?php
	1220	//debug
	1221	//print_r($_SESSION["blog_user"]);
	1222	//$_SESSION["blog_user"]["email_public"] = 1;
	1223	if ($register) {
1198	1224	echo gettext("Register here.")."<br />";
1199	1225	echo gettext("Registering an account gives you extra privileges like commenting on posts.")."<br />";
1200	1226	echo gettext("The exact privileges you get depend on the plugins loaded.");
	1227	} elseif (array_key_exists("saved", $_REQUEST)) {
	1228	echo gettext("Settings succesfully saved.");
	1229	}
1201	1230	?>
1202	1231	<form name="register" method="post" action="index.php">
1203		<input type="hidden" name="action" value="register_save" />
	1232	<input type="hidden" name="action" value="user_save" />
	1233	<?php if (!$register) echo "<input type=\"hidden\" name=\"reg[userid]\" value=\"".$_SESSION["blog_user"]["user_id"]."\" />"; ?>
1204	1234	<table><tr>
1205	1235	<td><?php echo gettext("username"); ?></td>
1206		<td><input type="text" name="reg[username]" /></td>
	1236	<td>
	1237	<?php
	1238	if ($register)
	1239	echo "<input type=\"text\" name=\"reg[username]\" />";
	1240	else
	1241	echo $_SESSION["blog_user"]["username"];
	1242	?>
	1243	</td>
1207	1244	</tr><tr>
1208	1245	<td><?php echo gettext("password"); ?></td>
1209		<td><input type="password" name="reg[password]" /></td>
	1246	<td><input type="password" name="reg[password]" value="" /></td>
1210	1247	</tr><tr>
1211	1248	<td><?php echo gettext("real name"); ?></td>
1212		<td><input type="text" name="reg[realname]" /></td>
	1249	<td><input type="text" name="reg[realname]" value="<?php echo (!$register)?$_SESSION["blog_user"]["realname"]:""; ?>" /></td>
1213	1250	</tr><tr>
1214	1251	<td><?php echo gettext("email"); ?></td>
1215		<td><input type="text" name="reg[email]" /></td>
	1252	<td><input type="text" name="reg[email]" value="<?php echo (!$register)?$_SESSION["blog_user"]["email"]:""; ?>" /></td>
	1253	</tr><tr>
	1254	<td><?php echo gettext("show email on website"); ?></td>
	1255	<td><input type="checkbox" name="reg[email_public]" value="1" <?php echo (!$register && array_key_exists("email_public", $_SESSION["blog_user"]) && $_SESSION["blog_user"]["email_public"])?"checked=\"checked\"":""; ?> /></td>
1216	1256	</tr><tr>
1217	1257	<td><?php echo gettext("website"); ?></td>
1218		<td><input type="text" name="reg[website]" /></td>
	1258	<td><input type="text" name="reg[website]" value="<?php echo (!$register)?$_SESSION["blog_user"]["website"]:""; ?>" /></td>
1219	1259	</tr><tr>
1220		<td colspan="2"><input type="submit" value="<?php echo ~~gettext("register~~"); ?>" /></td>
	1260	<td colspan="2"><input type="submit" value="<?php echo ($register)?gettext("register"):gettext("save"); ?>" /></td>
1221	1261	</tr></table>
1222	1262	</form>
…	…
1226	1266	}
1227	1267	/* }}} */
1228		/* register_save() {{{ */
1229		public function register_save() {
	1268	/* user_save() {{{ */
	1269	public function user_save() {
	1270	if (array_key_exists("userid", $_REQUEST["reg"])) {
	1271	if ($_SESSION["blog_user"]["user_id"] != $_REQUEST["reg"]["userid"])
	1272	die("This is not ok. request and session have different user id information. Possible hack attempt.");
	1273	$register = 0;
	1274	} else {
	1275	$register = 1;
	1276	}
1230	1277	/* sanitize input */
1231		$username = $this->_sanitize($_REQUEST["reg"]["username"]);
1232		$password = $this->_sanitize($_REQUEST["reg"]["password"], array("bbcode" => 1));
	1278	if ($register)
	1279	$username = $this->_sanitize($_REQUEST["reg"]["username"]);
	1280	if ($_REQUEST["reg"]["password"])
	1281	$password = $this->_sanitize($_REQUEST["reg"]["password"], array("bbcode" => 1));
	1282	else
	1283	$password = "";
1233	1284	$realname = $this->_sanitize($_REQUEST["reg"]["realname"], array("space" => 1));
1234	1285	$email = $this->_sanitize($_REQUEST["reg"]["email"], array("email" => 1));
1235	1286	$website = $this->_sanitize($_REQUEST["reg"]["website"], array("url" => 1));
1236
1237		$regcode = md5(mktime().$username.$email.$website);
1238		/* check to see if user is already there */
1239		/** @todo Should be implemented in input form as AJAX call */
1240		$sql = sprintf("SELECT COUNT(*) AS count FROM blog_users WHERE username = '%s'", $username);
1241		$res =& $this->db->query($sql);
1242		$row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
1243		if ($row["count"] > 0) {
1244		die(gettext("username already registered"));
1245		}
1246		/* build query to store into db */
1247		$sql = sprintf("INSERT INTO blog_users (username, password, realname, email, website, regcode) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
1248		$username, $password, $realname,
1249		$email, $website, $regcode
1250		);
	1287	$email_public = (array_key_exists("email_public", $_REQUEST["reg"]))?1:0;
	1288
	1289	if ($register) {
	1290	$regcode = md5(mktime().$username.$email.$website);
	1291	/* check to see if user is already there */
	1292	/** @todo Should be implemented in input form as AJAX call */
	1293	$sql = sprintf("SELECT COUNT(*) AS count FROM blog_users WHERE username = '%s'", $username);
	1294	$res =& $this->db->query($sql);
	1295	$row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
	1296	if ($row["count"] > 0) {
	1297	die(gettext("username already registered"));
	1298	}
	1299	/* build query to store into db */
	1300	$sql = sprintf("INSERT INTO blog_users (username, password, realname, email, website, regcode, email_public) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d)",
	1301	$username, $password, $realname,
	1302	$email, $website, $regcode, $email_public
	1303	);
	1304	} else {
	1305	if ($password)
	1306	$passwdq = sprintf(", password = '%'", $password);
	1307	else
	1308	$passwdq = "";
	1309	$_SESSION["blog_user"]["realname"] = $realname;
	1310	$_SESSION["blog_user"]["email"] = $email;
	1311	$_SESSION["blog_user"]["email_public"] = $email_public;
	1312	$_SESSION["blog_user"]["website"] = $website;
	1313	$sql = sprintf("UPDATE blog_users SET realname = '%s'%s, email = '%s', website = '%s', email_public = %d WHERE id = %d",
	1314	$realname, $passwdq, $email, $website, $email_public, $_SESSION["blog_user"]["user_id"]);
	1315	}
1251	1316	$this->db->exec($sql);
1252		if (array_key_exists("HTTPS", $_SERVER) && $_SERVER["HTTPS"] == "on")
1253		$proto = "https";
1254		else
1255		$proto = "http";
1256
1257		$confirmuri = $proto."://".$_SERVER["SERVER_NAME"].substr($_SERVER["PHP_SELF"],0,strrpos($_SERVER["PHP_SELF"], "/"))."/index.php?action=register_confirm&code=$regcode&email=$email";
1258
1259		$mail_subject = gettext("Your MvBlog registration.");
1260		$mail_body = gettext("Thank you for registering your username")." ".$username." ".gettext("with password")." ".$password."\n";
1261		$mail_body .= gettext("Copy/paste the following link in your browsers addressbar to finish the registration process.")."\n\n";
1262		$mail_body .= $confirmuri."\n\n";
1263		$mail_from = "register@mvblog.org";
1264		mail($email, $mail_subject, $mail_body, "From: $mail_from", "-f$mail_from");
1265		?>
1266		<div class="log_post">
1267		<div class="log_posthead">
1268		<h1><?php echo gettext("Registration process"); ?></h1>
	1317	if ($register) {
	1318	if (array_key_exists("HTTPS", $_SERVER) && $_SERVER["HTTPS"] == "on")
	1319	$proto = "https";
	1320	else
	1321	$proto = "http";
	1322
	1323	$confirmuri = $proto."://".$_SERVER["SERVER_NAME"].substr($_SERVER["PHP_SELF"],0,strrpos($_SERVER["PHP_SELF"], "/"))."/index.php?action=register_confirm&code=$regcode&email=$email";
	1324
	1325	$mail_subject = gettext("Your MvBlog registration.");
	1326	$mail_body = gettext("Thank you for registering your username")." ".$username." ".gettext("with password")." ".$password."\n";
	1327	$mail_body .= gettext("Copy/paste the following link in your browsers addressbar to finish the registration process.")."\n\n";
	1328	$mail_body .= $confirmuri."\n\n";
	1329	$mail_from = "register@mvblog.org";
	1330	mail($email, $mail_subject, $mail_body, "From: $mail_from", "-f$mail_from");
	1331	?>
	1332	<div class="log_post">
	1333	<div class="log_posthead">
	1334	<h1><?php echo gettext("Registration process"); ?></h1>
	1335	</div>
	1336	<div class="log_postbody">
	1337	<?php
	1338	echo gettext("You should receive an email message on the address you specified within minutes.")."<br />";
	1339	echo gettext("This email contains information on how to activate your account. Once activated you can login and enjoy the extra privileges.")."<br /><br />";
	1340	echo gettext("Thank you for registering with MvBlog.");
	1341	?>
	1342	</div>
1269	1343	</div>
1270		<div class="log_postbody">
1271		<?php
1272		echo gettext("You should receive an email message on the address you specified within minutes.")."<br />";
1273		echo gettext("This email contains information on how to activate your account. Once activated you can login and enjoy the extra privileges.")."<br /><br />";
1274		echo gettext("Thank you for registering with MvBlog.");
1275		?>
1276		</div>
1277		</div>
1278		<?php
1279		}
1280		/* }}} */
1281		/* register_confirm() {{{ */
1282		public function register_confirm() {
	1344	<?php
	1345	} else {
	1346	header("Location: index.php?action=user_settings&saved=1");
	1347	}
	1348	}
	1349	/* }}} */
	1350	/* user_confirm() {{{ */
	1351	/**
	1352	* Check confirmation after registering a new account
	1353	*/
	1354	public function user_confirm() {
1283	1355	$check = 0;
1284	1356	if (array_key_exists("code", $_REQUEST) && !empty($_REQUEST["code"])) {
…	…
1319	1391	?>
1320	1392	<form name="regconfirm" method="post" action="index.php">
1321		<input type="hidden" name="action" value="~~regist~~er_confirm">
	1393	<input type="hidden" name="action" value="user_confirm">
1322	1394	<table><tr>
1323	1395	<td><?php echo gettext("email"); ?></td>

Context Navigation

Changeset 731 for trunk

Legend:

trunk/common/mvblog.php

Download in other formats: