[GNUnet-SVN] r4163 - i18nHTML/src/admin

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r4163 - i18nHTML/src/admin

From:	grothoff
Subject:	[GNUnet-SVN] r4163 - i18nHTML/src/admin
Date:	Mon, 1 Jan 2007 21:49:21 -0800 (PST)
Author: grothoff
Date: 2007-01-01 21:49:19 -0800 (Mon, 01 Jan 2007)
New Revision: 4163

Modified:
   i18nHTML/src/admin/index.php
   i18nHTML/src/admin/login.php
   i18nHTML/src/admin/signup.php
   i18nHTML/src/admin/signup_form.php
   i18nHTML/src/admin/tables.php
Log:
stuff

Modified: i18nHTML/src/admin/index.php
===================================================================
--- i18nHTML/src/admin/index.php        2007-01-02 05:36:11 UTC (rev 4162)
+++ i18nHTML/src/admin/index.php        2007-01-02 05:49:19 UTC (rev 4163)
@@ -23,26 +23,39 @@
 echo "<html><head>";
 TITLE("WWW translation: Administration");
 echo "</head><body>";
-W("This is the i18nHTML administrative interface.");
+W("This is the %s administrative interface.",
+  extlink_("http://gnunet.org/i18nHTML/","i18nHTML";));
+
+H2("Translation");
+
 echo "<ul>\n";
-LILI("status.php", "Display statistics");
 LILI("editor.php", "Go to mass translation");
-LILI("tables.php", "Initialize tables");
-
 // search for suspicious translations
 // LILI("dig.php", "Search for suspicious translations");
 
 // allow admins to delete translations of lower-level
 // accounts
 // LILI("delete.php", "Administer translations");
+echo "</ul>\n";
 
+H2("Account management");
+echo "<ul>\n";
 // allow admins to delete accounts (& all translations)
 // of lower-level or to grant administrative priviledges
 // LILI("accounts.php", "Manage acconts");
 
 // have a table with legal languages (for signing up)
 // LILI("languages.php", "Setup languages");
+echo "</ul>\n";
 
+
+H2("Site administration");
+echo "<ul>\n";
+LILI("status.php", "Display statistics");
+LILI("tables.php", "Initialize tables");
 echo "</ul>\n";
+
+echo "</ul>\n";
 generateFooter();
-echo "</body></html>";
\ No newline at end of file
+echo "</body></html>";
+?>
\ No newline at end of file

Modified: i18nHTML/src/admin/login.php
===================================================================
--- i18nHTML/src/admin/login.php        2007-01-02 05:36:11 UTC (rev 4162)
+++ i18nHTML/src/admin/login.php        2007-01-02 05:49:19 UTC (rev 4163)
@@ -27,9 +27,10 @@
 $uid = -1;
 if ( (isset($_SESSION['username'])) &&
      (isset($_SESSION['password'])) ) {
-  $username = $_SESSION['username'];
-  $password = crypt($_SESSION['password']);  
-  $query = "SELECT allowed,uid FROM " . $i18nHTMLsqlPrefix . "accounts WHERE 
username=\"$username\" AND password=\"$password\"";
+  $username =  mysql_real_escape_string($_SESSION['username']);
+  $password =  mysql_real_escape_string(crypt($_SESSION['password']));  
+  $query = "SELECT allowed,uid FROM " . $i18nHTMLsqlPrefix . 
+           "accounts WHERE username=\"$username\" AND password=\"$password\"";
   $result = mysql_query($query, $connection);
   $num = 0;
   if ($result)

Modified: i18nHTML/src/admin/signup.php
===================================================================
--- i18nHTML/src/admin/signup.php       2007-01-02 05:36:11 UTC (rev 4162)
+++ i18nHTML/src/admin/signup.php       2007-01-02 05:49:19 UTC (rev 4163)
@@ -37,20 +37,30 @@
   $_SESSION['email'] = $_POST['email'];
 if (isset($_POST['language']))
   $_SESSION['language'] = $_POST['language'];
+if (isset($_POST['realname']))
+  $_SESSION['realname'] = $_POST['realname'];
 if ( (isset($_SESSION['username'])) &&
      (isset($_SESSION['language'])) &&
      (isset($_SESSION['email'])) ) {
-  $username = $_SESSION['username'];
-  $language = $_SESSION['language'];
-  $email    = $_SESSION['email'];
-  $password = mkpass();
+  $username =  mysql_real_escape_string($_SESSION['username']);
+  $language =  mysql_real_escape_string($_SESSION['language']);
+  $email    =  mysql_real_escape_string($_SESSION['email']);
+  $realname =  mysql_real_escape_string($_SESSION['realname']);
+  $password =  mkpass();
+
+  // FIXME: check account does not yet exist!
+  $query = "SELECT language FROM " . $i18nHTMLsqlPrefix . "accounts WHERE 
username=\"$username\";";
+  mysql_query($query, $connection);     
+  // ...
+
   if (mail($email, 
            "Your i18nHTML password", 
            "Somebody, possibly you, requested an i18nHTML account.\n" .
            "If this was not you, ignore this e-mail.\n" .
            "Your password is '$password'.")) {
+    $password = mysql_real_escape_string($password);
     $password = crypt($password);
-    $query = "INSERT INTO " . $i18nHTMLsqlPrefix . "accounts 
VALUES(\"$username\",\"$password\",\"$language\",0);";
+    $query = "INSERT INTO " . $i18nHTMLsqlPrefix . "accounts 
VALUES(\"$username\",\"$password\",\"$realname\",\"$language\",0);";
     mysql_query($query, $connection);     
     echo "E-mail with password sent.\n";
   } else

Modified: i18nHTML/src/admin/signup_form.php
===================================================================
--- i18nHTML/src/admin/signup_form.php  2007-01-02 05:36:11 UTC (rev 4162)
+++ i18nHTML/src/admin/signup_form.php  2007-01-02 05:49:19 UTC (rev 4163)
@@ -12,15 +12,21 @@
 <form name="login_form" method="post" action="signup.php">
 <table class="width50" cellspacing="1">
 <tr>
-       <td class="form-title">Login</td>
+       <td class="form-title">Create new account</td>
 </tr>
 <tr class="row-1">
-       <td class="category" width="25%">Username</td>
+        <td class="category" width="25%">Desired login</td>
        <td width="75%">
                <input type="text" name="username" size="32" maxlength="32" />
        </td>
 </tr>
 <tr class="row-2">
+        <td class="category" width="25%">Real name (for acknowledgements, 
maybe empty)</td>
+       <td width="75%">
+               <input type="text" name="realname" size="32" maxlength="32" />
+       </td>
+</tr>
+<tr class="row-3">
        <td class="category">
 
                Email   </td>
@@ -28,7 +34,7 @@
                <input type="email" name="email" size="32" maxlength="128" />
        </td>
 </tr>
-<tr class="row-3">
+<tr class="row-4">
        <td class="category">
 
                Target translation language</td>

Modified: i18nHTML/src/admin/tables.php
===================================================================
--- i18nHTML/src/admin/tables.php       2007-01-02 05:36:11 UTC (rev 4162)
+++ i18nHTML/src/admin/tables.php       2007-01-02 05:49:19 UTC (rev 4163)
@@ -36,7 +36,7 @@
 }
 
 $query="CREATE TABLE IF NOT EXISTS " . $i18nHTMLsqlPrefix . "accounts" .
-       " (username TINYBLOB, password BLOB, allowed BLOB, level INT, uid 
BIGINT NOT NULL AUTO_INCREMENT, " .
+       " (username TINYBLOB, password BLOB, realname BLOB, allowed BLOB, level 
INT, uid BIGINT NOT NULL AUTO_INCREMENT, " .
        "INDEX(username(10)), PRIMARY KEY(uid))";
 $result = mysql_query($query, $connection);
 if (!$result) {
[Prev in Thread]
Current Thread
[Next in Thread]
[GNUnet-SVN] r4163 - i18nHTML/src/admin, grothoff <=
Prev by Date: [GNUnet-SVN] r4162 - i18nHTML/src/admin
Next by Date: [GNUnet-SVN] r4164 - in i18nHTML: . src/admin
Previous by thread: [GNUnet-SVN] r4162 - i18nHTML/src/admin
Next by thread: [GNUnet-SVN] r4164 - in i18nHTML: . src/admin
Index(es):
- Date
- Thread