2010-07-13 18:00:53 +00:00
< ?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website : http :// www . sfiab . ca
Copyright ( C ) 2005 Sci - Tech Ontario Inc < info @ scitechontario . org >
Copyright ( C ) 2005 James Grant < james @ lightbox . org >
Copyright ( C ) 2007 David Grant < dave @ lightbox . org >
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation , version 2.
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; see the file COPYING . If not , write to
the Free Software Foundation , Inc . , 59 Temple Place - Suite 330 ,
Boston , MA 02111 - 1307 , USA .
*/
?>
< ?
2010-07-15 09:18:02 +00:00
require_once ( " common.inc.php " );
require_once ( " account.inc.php " );
2010-07-13 18:00:53 +00:00
2010-07-15 09:18:02 +00:00
/* Make sure the user is logged in with just an account ( accounts_id is set ),
* dont ' call user_auth_required because they may not have a user */
if ( ! isset ( $_SESSION [ 'accounts_id' ])) {
2010-07-13 18:00:53 +00:00
message_push ( error ( i18n ( " You must login to view that page " )));
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /index.php " );
exit ;
2010-07-15 09:18:02 +00:00
}
2010-07-13 18:00:53 +00:00
/* Superuser may edit this for any account , if the user is not a superuser , force
* the accounts_id to be whatever is in the session */
if ( $_SESSION [ 'superuser' ]) {
$accounts_id = intval ( $_GET [ 'accounts_id' ]);
if ( $accounts_id == 0 ) $accounts_id = $_SESSION [ 'accounts_id' ];
} else {
$accounts_id = $_SESSION [ 'accounts_id' ];
}
2010-07-14 18:09:28 +00:00
function user_account_check_username ( $accounts_id , $username )
{
if ( ! account_valid_user ( $username )) return false ;
2010-08-08 09:09:49 +00:00
$u = mysql_real_escape_string ( $username );
2010-07-14 18:09:28 +00:00
$q = mysql_query ( " SELECT id FROM accounts WHERE username=' $u ' AND deleted='no' AND id!= $accounts_id " );
if ( mysql_num_rows ( $q ) != 0 ) return false ;
return true ;
}
switch ( $_GET [ 'action' ]) {
case 'check_username' :
$x = user_account_check_username ( $accounts_id , $_GET [ 'username' ]);
echo json_encode ( array ( 'valid' => $x ));
2010-07-13 18:00:53 +00:00
exit ;
2010-07-14 18:09:28 +00:00
case 'save' :
2010-07-13 18:00:53 +00:00
$a = account_load ( $accounts_id );
2010-07-14 18:09:28 +00:00
/* Since we 're using input validation we dont' have to report errors back to the user , the validator
* should catch them all , so we ' ll just go ahead and save ( or error out ) */
debug_ ( print_r ( $_POST ), true );
$email = trim ( $_POST [ 'email' ]);
$username_link = ( $_POST [ 'username_link' ] == 'yes' ) ? true : false ;
$username = $username_link ? $email : trim ( $_POST [ 'username' ]);
2010-07-15 09:18:02 +00:00
if ( array_key_exists ( 'email' , $_POST )) {
/* If this key doesn 't exist, don' t even try to update the email or the usename , the
* user is in a " must date their password " mode */
if ( $a [ 'email' ] != $email && $email != '' ) {
$save = true ;
/* Change email */
if ( ! account_valid_email ( $email )) {
error_ ( 'Invalid email address' );
$save = false ;
}
if ( $save ) {
// action_create_set_email($accounts_id, $email);
happy_ ( " An email has been sent to %1 to confirm the new email address " , array ( $email ));
}
2010-07-13 18:00:53 +00:00
}
2010-07-14 18:09:28 +00:00
2010-07-15 09:18:02 +00:00
/* Update link */
$x = ( $a [ 'link_username_to_email' ] == 'yes' ) ? true : false ;
if ( $x != $username_link ) {
$l = $username_link ? 'yes' : 'no' ;
mysql_query ( " UPDATE accounts SET link_username_to_email=' $l ' WHERE id= $accounts_id " );
}
/* Update username */
if ( $a [ 'username' ] != $username ) {
if ( user_account_check_username ( $accounts_id , $username )) {
/* Update it */
$u = mysql_real_escape_string ( $username );
mysql_query ( " UPDATE accounts SET username=' $u ' WHERE id= $accounts_id " );
happy_ ( " Username updated " );
}
}
2010-07-14 18:09:28 +00:00
}
2010-07-13 18:00:53 +00:00
2010-07-14 18:09:28 +00:00
$pass1 = $_POST [ 'pass1' ];
$pass2 = $_POST [ 'pass2' ];
if ( $pass1 != '' || $pass2 != '' ) {
$pass = mysql_escape_string ( $pass1 );
2010-07-13 18:00:53 +00:00
//first, lets see if they choose the same password again (bad bad bad)
$q = mysql_query ( " SELECT password FROM accounts WHERE
2010-07-14 18:09:28 +00:00
id = '$accounts_id' AND password = '$pass' " );
2010-07-13 18:00:53 +00:00
2010-07-14 18:09:28 +00:00
$save = false ;
2010-07-15 09:18:02 +00:00
/* All of this , except matching the previous password , is checked
* by the form validator */
2010-07-13 18:00:53 +00:00
if ( mysql_num_rows ( $q ))
2010-07-14 18:09:28 +00:00
error_ ( " You cannot choose the same password again. Please choose a different password " );
else if ( $pass1 == '' )
2010-07-13 18:00:53 +00:00
error_ ( " New Password is required " );
2010-07-14 18:09:28 +00:00
else if ( $pass1 != $pass2 )
2010-07-13 18:00:53 +00:00
error_ ( " Passwords do not match " );
2010-07-14 18:09:28 +00:00
else if ( account_valid_password ( $pass1 ) == false )
2010-07-13 18:00:53 +00:00
error_ ( " The password contains invalid characters or is not long enough " );
else {
2010-07-14 18:09:28 +00:00
account_set_password ( $_SESSION [ 'accounts_id' ], $pass );
unset ( $_SESSION [ 'password_expired' ]);
2010-07-13 18:00:53 +00:00
2010-07-14 18:09:28 +00:00
happy_ ( 'Password has been successfully updated' );
}
2010-07-13 18:00:53 +00:00
}
2010-07-15 09:18:02 +00:00
/* Forward to the request_uri if it's set */
if ( isset ( $_SESSION [ 'request_uri' ])) {
$link = $_SESSION [ 'request_uri' ];
unset ( $_SESSION [ 'request_uri' ]);
?>
< script type = " text/javascript " >
window . document . location = " <?= $link ?> " ;
</ script >
< ?
}
2010-08-08 09:09:49 +00:00
2010-07-14 18:09:28 +00:00
exit ;
2010-07-13 18:00:53 +00:00
}
2010-08-08 09:09:48 +00:00
// send_header("Account Information",
// array("Main" => "user_main.php")
// ,"change_password"
// );
2010-07-13 18:00:53 +00:00
$a = account_load ( $accounts_id );
$d = '' ;
$email = $a [ 'email' ];
2010-07-14 19:02:05 +00:00
$username_link = ( $a [ 'link_username_to_email' ] == 'yes' ) ? 'checked="checked"' : '' ;
2010-07-13 18:00:53 +00:00
$username = $email ;
if ( $_SESSION [ 'password_expired' ] == true ) {
2010-07-15 09:18:02 +00:00
echo error ( i18n ( 'Your password has expired. You must choose a new password now.' ));
2010-07-13 18:00:53 +00:00
$d = 'disabled="disabled"' ;
2010-07-15 09:17:59 +00:00
$validator_passreq = 'required: true,' ;
2010-07-15 09:18:02 +00:00
echo " drect to: { $_SESSION [ 'request_uri' ] } " ;;
2010-07-13 18:00:53 +00:00
}
?>
2010-08-08 17:15:17 +00:00
< h4 >< ? = i18n ( " Account/Login Information " ) ?> </h4>
2010-08-08 09:09:49 +00:00
< br />
2010-07-13 18:00:53 +00:00
< form class = " editor " name = " account " id = " accountform " >
2010-08-08 09:09:48 +00:00
< table width = " 90% " >
< tr >
< td style = " text-align: left " colspan = " 2 " >< b > Email </ b >< hr /></ td >
</ tr >< tr >
2010-07-13 18:00:53 +00:00
< td >< label for = " email " >< ? = i18n ( 'Email' ) ?> :</label></td>
2010-07-13 18:27:14 +00:00
< td >< input id = " email " < ? = $d ?> name="email" type="text" size="20" value="<?=$email?>"></td>
2010-07-13 18:00:53 +00:00
</ tr >< tr >
< td ></ td >< td >
2010-08-08 09:09:48 +00:00
< div style = " font-size: 0.75em; " >< ? = i18n ( 'Changing the email address will cause a confirmation email to be sent to the new email address before the change will take effect.' ) ?> </div>
< br />
2010-07-13 18:00:53 +00:00
</ td >
2010-08-08 09:09:48 +00:00
</ tr >< tr >
< td style = " text-align: left " colspan = " 2 " >< b > Username </ b >< hr /></ td >
2010-07-13 18:00:53 +00:00
</ tr >< tr >
< td >< ? = i18n ( 'Username' ) ?> :</td>
< td > < input < ? = $ud ?> <?=$d?> id="username" name=username type="text" size="20" value="<?=$username?>"><br />
2010-07-14 19:02:05 +00:00
< input id = " username_link " < ? = $username_link ?> <?=$d?> type="checkbox" name="username_link" value="yes" />
2010-07-13 18:00:53 +00:00
< ? = i18n ( 'Use the email address as the login username' ) ?> <br />
</ td >
</ tr >< tr >
< td colspan = " 2 " >
2010-08-08 09:09:48 +00:00
< br />
2010-07-13 18:00:53 +00:00
</ td >
2010-08-08 09:09:48 +00:00
</ tr >< tr >
< td style = " text-align: left " colspan = " 2 " >< b > Password </ b >< hr /></ td >
2010-07-13 18:00:53 +00:00
</ tr >< tr >
< td >< label for = " pass1 " >< ? = i18n ( 'New Password' ) ?> :</label></td>
< td >< input id = " pass1 " name = " pass1 " type = " password " size = " 20 " value = " " ></ td >
</ tr >< tr >
< td >< label for = " pass2 " >< ? = i18n ( 'Confirm New Password' ) ?> :</label></td>
< td >< input id = " pass2 " name = " pass2 " type = " password " size = " 20 " value = " " ></ td >
</ tr >< tr >
< td ></ td >< td >
< div style = " font-size: 0.75em; " >< ? = i18n ( 'Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.' ) ?> </div>
</ td >
</ tr ></ table >
< br />
< br />
< input type = " submit " value = " <?=i18n( " Save " )?> " />
</ form >
< br />
< script type = " text/javascript " >
2010-07-14 18:09:28 +00:00
var username_valid = true ;
var username_checking = true ;
var check_username_time = false ;
function username_changed ()
{
username_checking = false ;
username_valid = true ;
/* Immediately go to checking... */
$ ( " #accountform " ) . validate () . element ( " #username " );
$ ( " #accountform " ) . validate () . element ( " #email " );
if ( check_username_time != false )
clearTimeout ( check_username_time );
check_username_time = setTimeout ( function () {
var username = $ ( " #username " ) . val ();
username_checking = false ;
$ . getJSON ( " <?= $config['SFIABDIRECTORY'] ?>/user_account.php?action=check_username&accounts_id=<?= $accounts_id ?>&username= " + username ,
function ( json ){
username_valid = ( json . valid == 1 ) ? true : false ;
username_checking = true ;
$ ( " #accountform " ) . validate () . element ( " #username " );
$ ( " #accountform " ) . validate () . element ( " #email " );
});
}, 500 );
}
function email_changed () {
if ( $ ( " #username_link " ) . is ( " :checked " )) {
$ ( " #username " ) . val ( $ ( '#email' ) . val ());
username_changed ();
}
}
$ . validator . addMethod ( " username_in_use " , function ( value , element ) {
if ( element . id == 'username' ) {
return username_valid ;
} else {
if ( $ ( " #username_link " ) . is ( " :checked " ))
return username_valid ;
else
return true ;
}
});
$ . validator . addMethod ( " checking " , function ( value , element ) {
return username_checking ;
});
2010-07-13 18:00:53 +00:00
2010-08-08 09:09:49 +00:00
$ ( document ) . ready ( function () {
2010-07-13 18:00:53 +00:00
$ ( " #accountform " ) . validate ({
rules : {
email : {
required : true ,
2010-07-14 18:09:28 +00:00
email : true ,
username_in_use : true ,
2010-07-13 18:00:53 +00:00
},
username : {
2010-07-14 18:09:28 +00:00
// required: "#username_link:checked",
username_in_use : true ,
checking : true ,
2010-07-13 18:00:53 +00:00
minlength : 4
},
pass1 : {
2010-07-15 09:17:59 +00:00
< ? = $validator_passreq ?>
2010-07-13 18:00:53 +00:00
minlength : 6 ,
maxlength : 32
},
pass2 : {
2010-07-15 09:17:59 +00:00
< ? = $validator_passreq ?>
2010-07-13 18:00:53 +00:00
minlength : 6 ,
maxlength : 32 ,
equalTo : " #pass1 "
}
},
messages : {
2010-07-14 18:09:28 +00:00
email : {
required : " Please enter an email address " ,
email : " Please enter a valid email address " ,
username_in_use : " Email aready in use as a username, use a different email, or uncheck the username box below "
},
2010-07-13 18:00:53 +00:00
username : {
required : " Please enter a username " ,
2010-07-14 18:09:28 +00:00
minlength : " Your username must consist of at least 2 characters " ,
username_in_use : " Username is taken, please choose a different one " ,
checking : " Checking... "
2010-07-13 18:00:53 +00:00
},
pass1 : {
2010-07-15 09:17:59 +00:00
required : " Please enter a password " ,
2010-07-13 18:00:53 +00:00
minlength : " Your password must be at least 6 characters long " ,
maxlength : " Your password must be at most 32 characters long "
},
pass2 : {
2010-07-15 09:17:59 +00:00
required : " Please confirm the password " ,
2010-07-13 18:28:13 +00:00
minlength : " Your password must be at least 6 characters long " ,
2010-07-13 18:00:53 +00:00
maxlength : " Your password must be at most 32 characters long " ,
equalTo : " Please enter the same password as above "
}
2010-07-14 18:09:28 +00:00
},
submitHandler : function () {
$ ( " #debug " ) . load ( " user_account.php?action=save&accounts_id=<?= $accounts_id ?> " , $ ( " #accountform " ) . serializeArray ());
2010-07-13 18:00:53 +00:00
}
});
2010-08-08 09:09:49 +00:00
2010-07-15 09:17:59 +00:00
< ? if ( $_SESSION [ 'password_expired' ] == false ) { ?>
/* Code to disable the username box, only included if the password hasn't expired */
2010-07-13 18:00:53 +00:00
var username_link = $ ( " #username_link " ) . is ( " :checked " );
$ ( " #username " ) . attr ( " disabled " , username_link );
$ ( " #username_link " ) . click ( function () {
$ ( " #username " ) . attr ( " disabled " , this . checked );
2010-07-14 18:09:28 +00:00
email_changed ();
username_changed ();
2010-07-13 18:00:53 +00:00
});
2010-07-14 18:09:28 +00:00
$ ( " #email " ) . change ( email_changed );
$ ( " #email " ) . keyup ( email_changed );
$ ( " #username " ) . change ( username_changed );
$ ( " #username " ) . keyup ( username_changed );
2010-07-15 09:17:59 +00:00
< ? } ?>
2010-07-13 18:00:53 +00:00
});
</ script >
< ?
2010-08-08 09:09:48 +00:00
//send_footer();
2010-07-13 18:00:53 +00:00
?>