Changeset 1161 in ExiteCMS for modules/common/wiki/php-files/modules/wiki/actions/usersettings.php
- Timestamp:
- 12/08/07 00:11:27 (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
modules/common/wiki/php-files/modules/wiki/actions/usersettings.php
r876 r1161 310 310 else 311 311 { 312 // print confirmation message on successful logout 313 if (isset($_GET['out']) && ($_GET['out'] == 'true')) 314 { 315 $success = USER_LOGGED_OUT; 316 } 317 318 // is user trying to log in or register? 319 if (isset($_POST['action']) && ($_POST['action'] == 'login')) 320 { 321 // if user name already exists, check password 322 if (isset($_POST['name']) && $existingUser = $this->LoadUser($_POST['name'])) 323 { 324 // check password 325 switch(TRUE){ 326 case (strlen($_POST['password']) == 0): 327 $error = ERROR_EMPTY_PASSWORD; 328 $password_highlight = INPUT_ERROR_STYLE; 329 break; 330 case (md5($_POST['password']) != $existingUser['password']): 331 $error = ERROR_WRONG_PASSWORD; 332 $password_highlight = INPUT_ERROR_STYLE; 333 break; 334 default: 335 $this->SetUser($existingUser); 336 $this->Redirect($url, ''); 337 } 338 } 339 // BEGIN *** Register *** 340 else // otherwise, proceed to registration 341 { 342 $name = trim($_POST['name']); 343 $email = trim($this->GetSafeVar('email', 'post')); 344 $password = $_POST['password']; 345 $confpassword = $_POST['confpassword']; 346 347 // validate input 348 switch(TRUE) 349 { 350 case (strlen($name) == 0): 351 $error = ERROR_EMPTY_USERNAME; 352 $username_highlight = INPUT_ERROR_STYLE; 353 break; 354 case (!$this->IsWikiName($name)): 355 $error = ERROR_WIKINAME; 356 $username_highlight = INPUT_ERROR_STYLE; 357 break; 358 case ($this->ExistsPage($name)): 359 $error = ERROR_RESERVED_PAGENAME; 360 $username_highlight = INPUT_ERROR_STYLE; 361 break; 362 case (strlen($password) == 0): 363 $error = ERROR_EMPTY_PASSWORD; 364 $password_highlight = INPUT_ERROR_STYLE; 365 break; 366 case (preg_match("/ /", $password)): 367 $error = ERROR_NO_BLANK; 368 $password_highlight = INPUT_ERROR_STYLE; 369 break; 370 case (strlen($password) < PASSWORD_MIN_LENGTH): 371 $error = sprintf(ERROR_PASSWORD_TOO_SHORT, PASSWORD_MIN_LENGTH); 372 $password_highlight = INPUT_ERROR_STYLE; 373 break; 374 case (strlen($confpassword) == 0): 375 $error = ERROR_EMPTY_CONFIRMATION_PASSWORD; 376 $password_highlight = INPUT_ERROR_STYLE; 377 $password_confirm_highlight = INPUT_ERROR_STYLE; 378 break; 379 case ($confpassword != $password): 380 $error = ERROR_PASSWORD_MATCH; 381 $password_highlight = INPUT_ERROR_STYLE; 382 $password_confirm_highlight = INPUT_ERROR_STYLE; 383 break; 384 case (strlen($email) == 0): 385 $error = ERROR_EMAIL_ADDRESS_REQUIRED; 386 $email_highlight = INPUT_ERROR_STYLE; 387 $password_highlight = INPUT_ERROR_STYLE; 388 $password_confirm_highlight = INPUT_ERROR_STYLE; 389 break; 390 case (!preg_match(VALID_EMAIL_PATTERN, $email)): 391 $error = ERROR_INVALID_EMAIL_ADDRESS; 392 $email_highlight = INPUT_ERROR_STYLE; 393 $password_highlight = INPUT_ERROR_STYLE; 394 $password_confirm_highlight = INPUT_ERROR_STYLE; 395 break; 396 default: //valid input, create user 397 $this->Query("INSERT INTO ".$this->config['table_prefix']."users SET ". 398 "signuptime = now(), ". 399 "name = '".mysql_real_escape_string($name)."', ". 400 "email = '".mysql_real_escape_string($email)."', ". 401 "password = md5('".mysql_real_escape_string($_POST['password'])."')"); 402 403 // log in 404 $this->SetUser($this->LoadUser($name)); 405 $params .= 'registered=true'; 406 $this->Redirect($url.$params); 407 } 408 } 409 // END *** Register *** 410 } 411 412 // BEGIN *** Usersettings *** 413 elseif (isset($_POST['action']) && ($_POST['action'] == 'updatepass')) 414 { 415 $name = trim($_POST['yourname']); 416 if (strlen($name) == 0) // empty username 417 { 418 $newerror = ERROR_EMPTY_USERNAME; 419 $username_temp_highlight = INPUT_ERROR_STYLE; 420 } 421 elseif (!$this->IsWikiName($name)) // check if name is WikiName style 422 { 423 $newerror = ERROR_WIKINAME; 424 $username_temp_highlight = INPUT_ERROR_STYLE; 425 } 426 elseif (!($this->LoadUser($_POST['yourname']))) //check if user exists 427 { 428 $newerror = ERROR_NON_EXISTENT_USERNAME; 429 $username_temp_highlight = INPUT_ERROR_STYLE; 430 } 431 elseif ($existingUser = $this->LoadUser($_POST['yourname'])) // if user name already exists, check password 432 { 433 // updatepassword 434 if ($existingUser['password'] == $_POST['temppassword']) 435 { 436 $this->SetUser($existingUser, $_POST['remember']); 437 $this->Redirect($url); 438 } 439 else 440 { 441 $newerror = ERROR_WRONG_PASSWORD; 442 $password_temp_highlight = INPUT_ERROR_STYLE; 443 } 444 } 445 } 446 // END *** Usersettings *** 447 448 // BEGIN *** Login/Register *** 449 print($this->FormOpen()); 450 ?> 451 <input type="hidden" name="action" value="login" /> 452 <table class="usersettings"> 453 <tr> 454 <td colspan="2"><?php echo $this->Format(REGISTER_HEADING) ?></td> 455 <td> </td> 456 </tr> 457 <tr> 458 <td> </td> 459 <td><?php echo $this->Format(REGISTERED_USER_LOGIN_LABEL); ?></td> 460 </tr> 461 <?php 462 switch (true) 463 { 464 case (isset($error)): 465 echo '<tr><td></td><td><em class="error">'.$this->Format($error).'</em></td></tr>'."\n"; 466 break; 467 case (isset($success)): 468 echo '<tr><td></td><td><em class="success">'.$this->Format($success).'</em></td></tr>'."\n"; 469 break; 470 } 471 ?> 472 <tr> 473 <td align="right"><?php echo WIKINAME_LABEL ?></td> 474 <td><input <?php echo $username_highlight; ?> name="name" size="40" value="<?php echo $this->GetSafeVar('name', 'post'); ?>" /></td> 475 </tr> 476 <tr> 477 <td align="right"><?php echo sprintf(PASSWORD_LABEL, PASSWORD_MIN_LENGTH) ?></td> 478 <td><input <?php echo $password_highlight; ?> type="password" name="password" size="40" /></td> 479 </tr> 480 <tr> 481 <td> </td> 482 <td><input type="submit" value="<?php echo LOGIN_BUTTON_LABEL ?>" size="40" /></td> 483 </tr> 484 <tr> 485 <td> </td> 486 <td width="500"><?php echo $this->Format(NEW_USER_REGISTER_LABEL); ?></td> 487 </tr> 488 <tr> 489 <td align="right"><?php echo CONFIRM_PASSWORD_LABEL ?></td> 490 <td><input <?php echo $password_confirm_highlight; ?> type="password" name="confpassword" size="40" /></td> 491 </tr> 492 <tr> 493 <td align="right"><?php echo USER_EMAIL_LABEL ?></td> 494 <td><input <?php echo $email_highlight; ?> name="email" size="40" value="<?php echo $email; ?>" /></td> 495 </tr> 496 <tr> 497 <td> </td> 498 <td><input type="submit" value="<?php echo REGISTER_BUTTON_LABEL ?>" size="40" /></td> 499 </tr> 500 </table> 501 <?php 502 print($this->FormClose()); 503 // END *** Login/Register *** 504 505 // BEGIN *** Login Temp Password *** 506 print($this->FormOpen()); 507 ?> 508 <input type="hidden" name="action" value="updatepass" /> 509 <table class="usersettings"> 510 <tr> 511 <td colspan="2"><br /><hr /><?php echo $this->Format(RETRIEVE_PASSWORD_HEADING) ?></td><td></td> 512 </tr> 513 <tr> 514 <td align="left"></td> 515 <td><?php echo $this->Format(RETRIEVE_PASSWORD_MESSAGE) ?></td> 516 </tr> 517 <?php 518 if (isset($newerror)) 519 { 520 print('<tr><td></td><td><em class="error">'.$this->Format($newerror).'</em></td></tr>'."\n"); 521 } 522 ?> 523 <tr> 524 <td align="right"><?php echo WIKINAME_LABEL ?></td> 525 <td><input <?php echo $username_temp_highlight; ?> name="yourname" value="<?php echo $this->GetSafeVar('yourname', 'post'); ?>" size="40" /></td> 526 </tr> 527 <tr> 528 <td align="right"><?php echo TEMP_PASSWORD_LABEL ?></td> 529 <td><input <?php echo $password_temp_highlight; ?> name="temppassword" size="40" /></td> 530 </tr> 531 <tr> 532 <td> </td> 533 <td><input type="submit" value="<?php echo LOGIN_BUTTON_LABEL ?>" size="40" /></td> 534 </tr> 535 </table> 536 <?php 537 print($this->FormClose()); 538 // END *** Login Temp Password *** 312 echo '<p><em class="error">You aren\'t allowed to read this page.</em></p></div>'; 313 echo "\n".'</div><!--closing page content-->'."\n"; //TODO: move to templating class 539 314 } 540 315 ?>
Note: See TracChangeset
for help on using the changeset viewer.
