# 
# 
# add_file "www/user-actions.php"
#  content [aa3667da94ee7a18543bbb487d3e658704602c20]
# 
# patch "schema.sql"
#  from [2228048240ab389f01871f603c78352c61219bc6]
#    to [3bc6dddf39d90aee66ef92a6fc2b25756a8e18e0]
# 
# patch "www/common.php"
#  from [d03c23808961469f23f2cf39399563d445da05f5]
#    to [b3d58f037ac01cd79b36aa512d985a4f5b53b281]
# 
# patch "www/login.php"
#  from [7c220dced8ab641bbe26b96b87d2490bfb9569b7]
#    to [d22d0cba163de0db350017eb0427c7bdd7e0abe2]
# 
# patch "www/sidebar.php"
#  from [d239d1d918c046a9bcc97239fdab200b554868ea]
#    to [bf888eca0fe896772daa4a00fe755d6ecfb1aa1b]
# 
# patch "www/user.php"
#  from [b96f9986c71882d180be59d2454dd27063bf06c4]
#    to [877d668d0f7964e6929ddfab3f07d48483e39475]
# 
============================================================
--- www/user-actions.php	aa3667da94ee7a18543bbb487d3e658704602c20
+++ www/user-actions.php	aa3667da94ee7a18543bbb487d3e658704602c20
@@ -0,0 +1,14 @@
+<?php
+if ($validuser) {
+if ($newmail = $_REQUEST["newmail"]) {
+	$db->BeginTrans();
+	$res = $db->Execute("UPDATE users SET email = ? WHERE username = ?", array($newmail, $username));
+	if ($res) {
+		$db->CommitTrans();
+		$email = $newmail;
+	} else {
+		$db->RollbackTrans();
+	}
+}
+}
+?>
============================================================
--- schema.sql	2228048240ab389f01871f603c78352c61219bc6
+++ schema.sql	3bc6dddf39d90aee66ef92a6fc2b25756a8e18e0
@@ -1,7 +1,9 @@ CREATE TABLE users ( username varchar(80
 
 CREATE TABLE users ( username varchar(80), 
 		     password char(40),
 		     admin smallint,
+		     email varchar(40),
+		     active smallint,
 			primary key (username) );
 
 CREATE TABLE projects ( name varchar(80),
============================================================
--- www/common.php	d03c23808961469f23f2cf39399563d445da05f5
+++ www/common.php	b3d58f037ac01cd79b36aa512d985a4f5b53b281
@@ -55,6 +55,8 @@ while($v = each($splitconf)) {
 		$monotone = nxt($splitconf);
 	} elseif($i == "site_owner_email") {
 		$site_owner_email = nxt($splitconf);
+	} elseif($i == "base_url") {
+		$base_url = nxt($splitconf);
 	}
 }
 reset($splitconf);
@@ -98,13 +100,18 @@ $administrator = false;
 include_once($adodb_path);
 $validuser = false;
 $administrator = false;
+$pass_ok = false;
 $db = &ADONewConnection( $dbstring );
-$result = $db->Execute("SELECT password, admin FROM users WHERE username=?", array($username));
+$result = $db->Execute("SELECT password, admin, email, active FROM users WHERE username=?", array($username));
 if ($result) {
 	$rows = $result->RecordCount();
 	if ($rows == 1) {
 		if ($result->fields[0] == $shapass) {
-			$validuser = true;
+			$pass_ok = true;
+			if ($result->fields[3] == 1) {
+				$validuser = true;
+			}
+			$email = $result->fields[2];
 			if ($result->fields[1] == 1) {
 				$administrator = true;
 			}
============================================================
--- www/login.php	7c220dced8ab641bbe26b96b87d2490bfb9569b7
+++ www/login.php	d22d0cba163de0db350017eb0427c7bdd7e0abe2
@@ -14,7 +14,7 @@ function page_head() {
 }
 
 function page_head() {
-	global $validuser, $username, $location;
+	global $validuser, $username, $location, $DOCTYPE;
 	$level = 'main';
 	?><?= $DOCTYPE ?>
 	<html>
@@ -32,6 +32,36 @@ function page_head() {
 	<?
 }
 
+function newuserbox() {
+?>
+<fieldset><legend>New user</legend>
+<form method="post" action="login.php">
+<p>
+Username: <input type="text" name="username"/><br/>
+Password: <input type="password" name="password"/><br/>
+Retype Password: <input type="password" name="password2"/><br/>
+Email: <input type="text" name="mail"/><br/>
+<input type="submit" name="newuser2" value="Create Account"/>
+</p>
+</form>
+</fieldset>
+<?
+}
+function activatebox() {
+?>
+<fieldset><legend>Activate your account</legend>
+<form method="post" action="login.php">
+<p>
+Username: <input type="text" name="username"/><br/>
+Password: <input type="password" name="password"/><br/>
+Token: <input type="text" name="token"/><br/>
+<input type="submit" name="activate" value="Activate Account"/>
+</p>
+</form>
+</fieldset>
+<?
+}
+
 if($_REQUEST['logout']) {
 	setcookie('AUTH', null, 0, '/');
 	$validuser = false;
@@ -40,33 +70,78 @@ if($_REQUEST['logout']) {
 	Logged out.<br/>
 	<?
 } else if ($_REQUEST['newuser']) {
+	page_head();
+	newuserbox();
+} else if ($_REQUEST['newuser2']) {
+	page_head();
 	if ($username == "" || $shapass == "") {
-		$res = "Your username and password cannot be blank.<br/>\n";
+		$res = "Your username and password cannot be blank.";
+	} elseif ($_REQUEST["password"] != $_REQUEST["password2"]) {
+		$res = "You typed you password differently in each box.";
 	} else {
 		$db->BeginTrans();
-		#		pg_exec($db, "LOCK TABLE users");
 		$result = $db->Execute("SELECT * FROM users WHERE username=?", array($username));
 		if (!$result) {
-			$res = "Internal server error.<br/>\n";
+			$res = "Internal server error.";
 		} else if ($result->RecordCount() == 0) {
-			$query = "INSERT INTO users (username, password, admin) VALUES ('%s', '%s', 0)";
-			$ires = $db->Execute("INSERT INTO users (username, password) VALUES(?,?)",
-				array($username, $shapass));
+			$ires = $db->Execute("INSERT INTO users (username, password, admin, email, active) VALUES(?,?,0,?,0)",
+				array($username, $shapass, $_REQUEST["mail"]));
 			if (!$ires) {
-				$res = "That username is already taken.<br/>\n";
+				$res = "Internal server error.";
 				$db->RollbackTrans();
 			} else {
-				$res = "Added user $username.<br/>\n";
+				$t = mktok($username, $shapass, "validate");
+				$mailbody = "Your username is " . $username . "\r\n" . 
+				"Your password is " . $_REQUEST["password"] . "\r\n" .
+				"Your activation token is " . $t . "\r\n" . 
+				"Please go to " . $base_url . "login.php?activate=activate and enter these values.";
+				$mailok = mail($_REQUEST["mail"], "Account at " . $hostname, $mailbody,"From: " . $site_owner_email);
+				if ($mailok) {
+				$res = "Added user $username.";
 				$validuser = true;
+				} else {
+					$db->RollbackTrans();
+					$res = "Could not send activation email.";
+				}
 			}
 		} else {
-			$res = "That username is already taken.<br/>\n";
+			$res = "That username is already taken.";
 		}
 		$db->CommitTrans();
 	}
-	docookie($username, $shapass);
-	page_head();
-	print $res;
+	print ($res . "<br/>\n");
+	if ($validuser) {
+		activatebox();
+	} else {
+		newuserbox();
+	}
+} elseif ($_REQUEST['activate']) {
+	if ($username == '') {
+		page_head();
+		activatebox();
+	} elseif ($pass_ok) {
+		$t = mktok($username, $shapass, "validate");
+		if ($t == $_REQUEST["token"]) {
+			$res = $db->Execute("UPDATE users SET active=1 WHERE username=?", array($username));
+			if ($res) {
+				docookie($username, $shapass);
+				$validuser = true;
+				page_head();
+				print "Account activated.";
+			} else {
+				page_head();
+				print "Internal server error.";
+			}
+		} else {
+			page_head();
+			print "Token incorrect.<br/>\n";
+			activatebox();
+		}
+	} else {
+		page_head();
+		print "Username or password incorrect.<br/>\n";
+		activatebox();
+	}
 } else if ($_REQUEST['newpass']) {
 	if (!$validuser) {
 		$res = "Username or password incorrect.";
@@ -74,6 +149,8 @@ if($_REQUEST['logout']) {
 		$newpass = $_REQUEST['newpass'];
 		if ($newpass == "") {
 			$res = "Your new password cannot be blank.";
+		} elseif ($newpass != $_REQUEST['newpass2']) {
+			$res = "You typed you password differently in each box.";
 		} else {
 			$query = "UPDATE users SET password=? WHERE username=?";
 			$result = $db->Execute($query, array(sha1($newpass), $username));
============================================================
--- www/sidebar.php	d239d1d918c046a9bcc97239fdab200b554868ea
+++ www/sidebar.php	bf888eca0fe896772daa4a00fe755d6ecfb1aa1b
@@ -16,6 +16,7 @@ if ($validuser) {
 	<?
 } else {
 	?>
+	<fieldset><legend>Returning user</legend>
 	<form method="post" action="<?=($level=='project')?'../../':''?>login.php">
 	<p>
 	Username:<br/>
@@ -23,9 +24,17 @@ if ($validuser) {
 	Password:<br/>
 	<input type="password" name="password" id="password"/><br/>
 	<input type="hidden" name="location" value="<?=$location?$location:$_SERVER['PHP_SELF']?>"/>
-	<input type="submit" value="Login" name="login"/> <input type="submit" value="New user" name="newuser"/>
+	<input type="submit" value="Login" name="login"/>
 	</p>
 	</form>
+	</fieldset>
+	<fieldset><legend>New User</legend>
+	<form method="get" action="<?=($level=='project')?'../../':''?>login.php">
+	<p>
+	<input type="submit" value="Create account" name="newuser"/>
+	</p>
+	</form>
+	</fieldset>
 	<?
 }
 if ($validuser && $level == 'main') {
============================================================
--- www/user.php	b96f9986c71882d180be59d2454dd27063bf06c4
+++ www/user.php	877d668d0f7964e6929ddfab3f07d48483e39475
@@ -1,4 +1,5 @@
 <? include_once('common.php') ?>
+<? include("user-actions.php") ?>
 <?= $DOCTYPE ?>
 
 <?
@@ -6,7 +7,7 @@
 ?>
 <html>
 <head>
-<title>Project admin page for <?=$project?> </title>
+<title>User page for <?=$username?> </title>
 <link rel="stylesheet" type="text/css" href="main.css">
 <script type="text/javascript" src="MochiKit/MochiKit.js"></script>
 <script type="text/javascript" src="common.js"></script>
@@ -24,11 +25,21 @@ if ($user = $_GET['user']) {
 	print "$user";
 } else {
 ?>
+<fieldset><legend>Change password</legend>
 <form method="POST" action="login.php">
-Change password:<br/>
-<input type="password" name="newpass" /><br/>
+New password: <input type="password" name="newpass" /><br/>
+Retype password: <input type="password" name="newpass2" /><br/>
 <input type="submit" value="Change"/>
 </form>
+</fieldset>
+
+<fieldset><legend>Email</legend>
+<form method="POST" action="user.php">
+Your current email address is <?=$email?>.<br/>
+New email: <input type="text" name="newmail" /><br/>
+<input type="submit" value="Change"/>
+</form>
+</fieldset>
 <? } ?>
 </div>
 </body>