#
#
# add_file "www/user-actions.php"
# content [aa3667da94ee7a18543bbb487d3e658704602c20]
#
# patch "schema.sql"
# from [2228048240ab389f01871f603c78352c61219bc6]
# to [3bc6dddf39d90aee66ef92a6fc2b25756a8e18e0]
#
# patch "www/common.php"
# from [d03c23808961469f23f2cf39399563d445da05f5]
# to [b3d58f037ac01cd79b36aa512d985a4f5b53b281]
#
# patch "www/login.php"
# from [7c220dced8ab641bbe26b96b87d2490bfb9569b7]
# to [d22d0cba163de0db350017eb0427c7bdd7e0abe2]
#
# patch "www/sidebar.php"
# from [d239d1d918c046a9bcc97239fdab200b554868ea]
# to [bf888eca0fe896772daa4a00fe755d6ecfb1aa1b]
#
# patch "www/user.php"
# from [b96f9986c71882d180be59d2454dd27063bf06c4]
# to [877d668d0f7964e6929ddfab3f07d48483e39475]
#
============================================================
--- www/user-actions.php aa3667da94ee7a18543bbb487d3e658704602c20
+++ www/user-actions.php aa3667da94ee7a18543bbb487d3e658704602c20
@@ -0,0 +1,14 @@
+BeginTrans();
+ $res = $db->Execute("UPDATE users SET email = ? WHERE username = ?", array($newmail, $username));
+ if ($res) {
+ $db->CommitTrans();
+ $email = $newmail;
+ } else {
+ $db->RollbackTrans();
+ }
+}
+}
+?>
============================================================
--- schema.sql 2228048240ab389f01871f603c78352c61219bc6
+++ schema.sql 3bc6dddf39d90aee66ef92a6fc2b25756a8e18e0
@@ -1,7 +1,9 @@ CREATE TABLE users ( username varchar(80
CREATE TABLE users ( username varchar(80),
password char(40),
admin smallint,
+ email varchar(40),
+ active smallint,
primary key (username) );
CREATE TABLE projects ( name varchar(80),
============================================================
--- www/common.php d03c23808961469f23f2cf39399563d445da05f5
+++ www/common.php b3d58f037ac01cd79b36aa512d985a4f5b53b281
@@ -55,6 +55,8 @@ while($v = each($splitconf)) {
$monotone = nxt($splitconf);
} elseif($i == "site_owner_email") {
$site_owner_email = nxt($splitconf);
+ } elseif($i == "base_url") {
+ $base_url = nxt($splitconf);
}
}
reset($splitconf);
@@ -98,13 +100,18 @@ $administrator = false;
include_once($adodb_path);
$validuser = false;
$administrator = false;
+$pass_ok = false;
$db = &ADONewConnection( $dbstring );
-$result = $db->Execute("SELECT password, admin FROM users WHERE username=?", array($username));
+$result = $db->Execute("SELECT password, admin, email, active FROM users WHERE username=?", array($username));
if ($result) {
$rows = $result->RecordCount();
if ($rows == 1) {
if ($result->fields[0] == $shapass) {
- $validuser = true;
+ $pass_ok = true;
+ if ($result->fields[3] == 1) {
+ $validuser = true;
+ }
+ $email = $result->fields[2];
if ($result->fields[1] == 1) {
$administrator = true;
}
============================================================
--- www/login.php 7c220dced8ab641bbe26b96b87d2490bfb9569b7
+++ www/login.php d22d0cba163de0db350017eb0427c7bdd7e0abe2
@@ -14,7 +14,7 @@ function page_head() {
}
function page_head() {
- global $validuser, $username, $location;
+ global $validuser, $username, $location, $DOCTYPE;
$level = 'main';
?>= $DOCTYPE ?>
@@ -32,6 +32,36 @@ function page_head() {
}
+function newuserbox() {
+?>
+
+
+}
+function activatebox() {
+?>
+
+
+}
+
if($_REQUEST['logout']) {
setcookie('AUTH', null, 0, '/');
$validuser = false;
@@ -40,33 +70,78 @@ if($_REQUEST['logout']) {
Logged out.
} else if ($_REQUEST['newuser']) {
+ page_head();
+ newuserbox();
+} else if ($_REQUEST['newuser2']) {
+ page_head();
if ($username == "" || $shapass == "") {
- $res = "Your username and password cannot be blank.
\n";
+ $res = "Your username and password cannot be blank.";
+ } elseif ($_REQUEST["password"] != $_REQUEST["password2"]) {
+ $res = "You typed you password differently in each box.";
} else {
$db->BeginTrans();
- # pg_exec($db, "LOCK TABLE users");
$result = $db->Execute("SELECT * FROM users WHERE username=?", array($username));
if (!$result) {
- $res = "Internal server error.
\n";
+ $res = "Internal server error.";
} else if ($result->RecordCount() == 0) {
- $query = "INSERT INTO users (username, password, admin) VALUES ('%s', '%s', 0)";
- $ires = $db->Execute("INSERT INTO users (username, password) VALUES(?,?)",
- array($username, $shapass));
+ $ires = $db->Execute("INSERT INTO users (username, password, admin, email, active) VALUES(?,?,0,?,0)",
+ array($username, $shapass, $_REQUEST["mail"]));
if (!$ires) {
- $res = "That username is already taken.
\n";
+ $res = "Internal server error.";
$db->RollbackTrans();
} else {
- $res = "Added user $username.
\n";
+ $t = mktok($username, $shapass, "validate");
+ $mailbody = "Your username is " . $username . "\r\n" .
+ "Your password is " . $_REQUEST["password"] . "\r\n" .
+ "Your activation token is " . $t . "\r\n" .
+ "Please go to " . $base_url . "login.php?activate=activate and enter these values.";
+ $mailok = mail($_REQUEST["mail"], "Account at " . $hostname, $mailbody,"From: " . $site_owner_email);
+ if ($mailok) {
+ $res = "Added user $username.";
$validuser = true;
+ } else {
+ $db->RollbackTrans();
+ $res = "Could not send activation email.";
+ }
}
} else {
- $res = "That username is already taken.
\n";
+ $res = "That username is already taken.";
}
$db->CommitTrans();
}
- docookie($username, $shapass);
- page_head();
- print $res;
+ print ($res . "
\n");
+ if ($validuser) {
+ activatebox();
+ } else {
+ newuserbox();
+ }
+} elseif ($_REQUEST['activate']) {
+ if ($username == '') {
+ page_head();
+ activatebox();
+ } elseif ($pass_ok) {
+ $t = mktok($username, $shapass, "validate");
+ if ($t == $_REQUEST["token"]) {
+ $res = $db->Execute("UPDATE users SET active=1 WHERE username=?", array($username));
+ if ($res) {
+ docookie($username, $shapass);
+ $validuser = true;
+ page_head();
+ print "Account activated.";
+ } else {
+ page_head();
+ print "Internal server error.";
+ }
+ } else {
+ page_head();
+ print "Token incorrect.
\n";
+ activatebox();
+ }
+ } else {
+ page_head();
+ print "Username or password incorrect.
\n";
+ activatebox();
+ }
} else if ($_REQUEST['newpass']) {
if (!$validuser) {
$res = "Username or password incorrect.";
@@ -74,6 +149,8 @@ if($_REQUEST['logout']) {
$newpass = $_REQUEST['newpass'];
if ($newpass == "") {
$res = "Your new password cannot be blank.";
+ } elseif ($newpass != $_REQUEST['newpass2']) {
+ $res = "You typed you password differently in each box.";
} else {
$query = "UPDATE users SET password=? WHERE username=?";
$result = $db->Execute($query, array(sha1($newpass), $username));
============================================================
--- www/sidebar.php d239d1d918c046a9bcc97239fdab200b554868ea
+++ www/sidebar.php bf888eca0fe896772daa4a00fe755d6ecfb1aa1b
@@ -16,6 +16,7 @@ if ($validuser) {
} else {
?>
+
+
}
if ($validuser && $level == 'main') {
============================================================
--- www/user.php b96f9986c71882d180be59d2454dd27063bf06c4
+++ www/user.php 877d668d0f7964e6929ddfab3f07d48483e39475
@@ -1,4 +1,5 @@
include_once('common.php') ?>
+ include("user-actions.php") ?>
= $DOCTYPE ?>
@@ -6,7 +7,7 @@
?>
-Project admin page for =$project?>
+User page for =$username?>
@@ -24,11 +25,21 @@ if ($user = $_GET['user']) {
print "$user";
} else {
?>
+
+
+
} ?>