diff options
Diffstat (limited to 'web/account-edit.php')
-rw-r--r-- | web/account-edit.php | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/web/account-edit.php b/web/account-edit.php new file mode 100644 index 0000000..5702a23 --- /dev/null +++ b/web/account-edit.php @@ -0,0 +1,174 @@ +<? +require_once("../include/Namespace.inc"); +require_once("../include/Tools.inc"); +require_once("../include/Template.inc"); + +$namespace = new Namespace( + array( have_database => 1, + have_session => 1, + have_user => 1 ) +) or + die("Nobody loves me. I don't even have space for a name."); + +if (! $namespace->user->check_login()) { + redirect($namespace, 'login.php?form_id=login&goto=account-edit.php'); + $namespace->stop(); + exit; +}; + +$rules = Array(); +$rules['commit']['name'] = array(type => 'string', optional => 1); +$rules['commit']['password1'] = array(type => 'string', optional => 1); +$rules['commit']['password2'] = array(type => 'string', optional => 1); + +$rules['addr_enable']['address_ref'] = array(type => 'integer'); +$rules['addr_enable']['enable'] = array(type => 'string', length=>200, discard=>1); + +$rules['addr_disable']['address_ref'] = array(type => 'integer'); +$rules['addr_disable']['disable'] = array(type => 'string', length=>200, discard=>1); + +$rules['addr_verify']['address_ref'] = array(type => 'integer'); +$rules['addr_verify']['code'] = array(type => 'string', length=>200); +$rules['addr_verify']['verify'] = array(type => 'string', length=>200, discard=>1); + +$rules['addr_delete']['address_ref'] = array(type => 'integer'); +$rules['addr_delete']['delete'] = array(type => 'string', length=>200, discard=>1); + +$rules['addr_new']['address'] = array(type => 'string', length=>512); +$rules['addr_new']['addr_new'] = array(type => 'string', length=>200, discard=>1); + +$arguments = param_check($GLOBALS, $rules, array(params_required=>false)); + +$message = ''; +$created = 0; + +unset($selected_address); +if (isset($arguments['address_ref'])) { + $selected_address = $namespace->database->query_row('SELECT address.ref, address.address FROM address WHERE address.account_ref=? AND address.ref=?', array($namespace->session->data['user']['ref'], $arguments['address_ref'])); + if (! $selected_address) + error('Insufficient priviliges'); +}; + +switch($arguments['form_id']) { + case 'commit': + $namespace->session->set_id(); + $name = $arguments['name']; + $password1 = $arguments['password1']; + $password2 = $arguments['password2']; + + if ($password1 != $password2) { + $message .= 'Pasword mismatch.'; + } else { + $account = array(); + $account['name'] = $name; + if ($password1 != '') { + $account['password'] = $password1; + }; + + $result = $namespace->database->update('account', $namespace->session->data['user']['ref'], $account); + if ($result) + $message = 'Update successfull.'; + else + $message = 'Error (do not ask me what happened. I would be the last to know.)'; + } + break; + + case 'addr_enable': + $result = $namespace->database->update('address', $arguments['address_ref'], array(enabled => 'T')); + if ($result) $message = 'Update successfull.'; + else $message = 'Error (do not ask me what happened. I would be the last to know.)'; + break; + + case 'addr_disable': + $result = $namespace->database->update('address', $arguments['address_ref'], array(enabled => 'F')); + if ($result) $message = 'Update successfull.'; + else $message = 'Error (do not ask me what happened. I would be the last to know.)'; + break; + + case 'addr_verify': + assert(isset($selected_address)); + assert(isset($selected_address['address'])); + $address = $selected_address['address']; + $code = md5($address . $namespace->config->secret); + $code = substr($code, 0, 8); + if ($code == $arguments['code']) { + $update = array(); + $update['verified'] = 'T'; + $result = $namespace->database->update('address', $arguments['address_ref'], $update); + if ($result) $message = 'Update successfull.'; + else $message = 'Error (do not ask me what happened. I would be the last to know.)'; + } else + $message = 'Mismatch - Address not enabled'; + break; + + case 'addr_delete': + $result = $namespace->database->delete_row('address', $arguments['address_ref']); + if ($result) $message = 'Update successfull.'; + else $message = 'Error (do not ask me what happened. I would be the last to know.)'; + break; + + case 'addr_new': + $address = $arguments['address']; + if (! preg_match('/^[a-zA-Z0-9+=_.-]+@[a-zA-Z0-9+=_.-]+$/', $address) ) + error("Address '$address' does not match ^[a-zA-Z0-9+=_.-]+@[a-zA-Z0-9+=_.-]+$"); + + $code = md5($address.$namespace->config->secret); + $code = substr($code, 0, 8); + + $addr = array(); + $addr['address'] = $address; + $addr['account_ref'] = $namespace->session->data['user']['ref']; + $addr['verified'] = 'F'; + $addr['enabled'] = 'T'; + + $username = $namespace->session->data['user']['username']; + $result = $namespace->database->insert('address', $addr); + if ($result) { + $message = "Someone, probably you, has requested the following address be added to the $username\r\n". + "account on www.noreply.org:\r\n". + "\r\n". + "Address: $address\r\n". + "\r\n". + "Your Code to activate that address is »".$code."«\r\n". + "\r\n". + "You can log in at\r\n". + "http://www.noreply.org/login.php?form_id=login&username=$username\n\r\n". + "\r\n". + "Should you have problems please contact ".$namespace->config->mail_operator.".\r\n"; + mail($address, "Your Noreply Account", $message, + "From: ".$namespace->config->mail_from."\r\n". + "Sender: ".$namespace->config->mail_sender."\r\n". + "Reply-To: ".$namespace->config->mail_replyto + ); + $message = 'Update successfull. An email with the authorization code has been sent.'; + } else + $message = 'Error (perhaps the username already exists).'; + break; + + case '': + break; + + default: + error('unknown form '.$form_id.' in switch statement'); +} + +$row = $namespace->database->query_row('SELECT ref, username, name FROM account WHERE ref=?', array($namespace->session->data['user']['ref'])); + +$data = array(); +$data['message'] = $message; +$data['user'] = $namespace->session->data['user']['username']; +$data['username_field'] = $row['username']; +$data['name_field'] = $row['name']; +$data['addresses'] = $namespace->database->query_all('SELECT address.*, true as t, false as f FROM address WHERE account_ref=?', array($row['ref'])); +$data['PHP_SELF'] = $PHP_SELF; + +$template = new Template('account-edit.html', $namespace->config->template_path); +$template->parse($data); +print $template->output(); + +$namespace->stop(); + + +# vim:set ts=4: +# vim:set shiftwidth=4: +?> |