2010-07-13 03:30:11 +00:00
|
|
|
<?
|
|
|
|
/*
|
|
|
|
This file is part of the 'Science Fair In A Box' project
|
|
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
|
|
|
|
Copyright (C) 2010 David Grant <dave@lightbox.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public
|
|
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; see the file COPYING. If not, write to
|
|
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
?>
|
|
|
|
<?
|
|
|
|
|
|
|
|
function account_valid_user($user)
|
|
|
|
{
|
|
|
|
/* Find any character that doesn't match the valid username characters
|
|
|
|
* (^ inverts the matching remember */
|
|
|
|
$x = preg_match('[^a-zA-Z0-9@.-_]',$user);
|
|
|
|
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
|
|
return ($x == 1) ? false : true;
|
|
|
|
}
|
|
|
|
|
|
|
|
function account_valid_password($pass)
|
|
|
|
{
|
|
|
|
/* Same as user, but allow more characters */
|
|
|
|
$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);
|
|
|
|
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
|
|
if($x == 1) return false;
|
|
|
|
|
|
|
|
if(strlen($pass) < 6) return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Duplicate of common.inc.php:generatePassword, which will be deleted
|
|
|
|
* eventually when ALL users are handled through this file */
|
|
|
|
function account_generate_password($pwlen=8)
|
|
|
|
{
|
|
|
|
//these are good characters that are not easily confused with other characters :)
|
|
|
|
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
|
|
|
|
$len=strlen($available) - 1;
|
|
|
|
|
|
|
|
$key="";
|
|
|
|
for($x=0;$x<$pwlen;$x++)
|
|
|
|
$key.=$available{rand(0,$len)};
|
|
|
|
return $key;
|
|
|
|
}
|
|
|
|
|
|
|
|
function account_set_password($accounts_id, $password = NULL)
|
|
|
|
{
|
|
|
|
$save_old = false;
|
|
|
|
if($password == NULL) {
|
|
|
|
$q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'");
|
|
|
|
$a = mysql_fetch_assoc($q);
|
|
|
|
/* Generate a new password */
|
|
|
|
$password = account_generate_password(12);
|
|
|
|
/* save the old password only if it's not an auto-generated one */
|
|
|
|
if($a['passwordset'] != '0000-00-00') $save_old = true;
|
|
|
|
/* Expire the password */
|
|
|
|
$save_set = "'0000-00-00'";
|
|
|
|
} else {
|
|
|
|
/* Set the password, no expiry, save the old */
|
|
|
|
$save_old = true;
|
|
|
|
$save_set = 'NOW()';
|
|
|
|
}
|
|
|
|
|
|
|
|
$p = mysql_escape_string($password);
|
|
|
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
|
|
|
$set .= "password='$p', passwordset=$save_set ";
|
|
|
|
|
|
|
|
$query = "UPDATE accounts SET $set WHERE id='$accounts_id'";
|
|
|
|
mysql_query($query);
|
|
|
|
echo mysql_error();
|
|
|
|
|
|
|
|
return $password;
|
|
|
|
}
|
|
|
|
|
|
|
|
function account_load($id)
|
|
|
|
{
|
|
|
|
$id = intval($id);
|
2010-10-01 21:04:05 +00:00
|
|
|
//we dont want password or the pending email code in here
|
|
|
|
$q = mysql_query("SELECT id,
|
|
|
|
username,
|
|
|
|
link_username_to_email,
|
|
|
|
passwordset,
|
|
|
|
email,
|
|
|
|
pendingemail,
|
|
|
|
superuser,
|
|
|
|
deleted,
|
|
|
|
deleted_datetime,
|
|
|
|
created
|
|
|
|
FROM accounts WHERE id='$id'");
|
2010-07-13 03:30:11 +00:00
|
|
|
if(mysql_num_rows($q) == 0) {
|
2010-07-27 19:06:36 +00:00
|
|
|
return false;
|
2010-07-13 03:30:11 +00:00
|
|
|
}
|
|
|
|
if(mysql_num_rows($q) > 1) {
|
2010-07-27 19:06:36 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$a = mysql_fetch_assoc($q);
|
|
|
|
return $a;
|
|
|
|
}
|
|
|
|
|
|
|
|
function account_load_by_username($username)
|
|
|
|
{
|
|
|
|
$un = mysql_real_escape_string($username);
|
|
|
|
$q = mysql_query("SELECT * FROM accounts WHERE username='$un'");
|
|
|
|
if(mysql_num_rows($q) == 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if(mysql_num_rows($q) > 1) {
|
|
|
|
return false;
|
2010-07-13 03:30:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$a = mysql_fetch_assoc($q);
|
|
|
|
return $a;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-09-27 19:13:56 +00:00
|
|
|
function account_create($username,$password=NULL)
|
2010-07-13 03:30:11 +00:00
|
|
|
{
|
|
|
|
global $config;
|
|
|
|
|
|
|
|
/* Sanity check username */
|
2010-07-27 19:06:36 +00:00
|
|
|
if(!account_valid_user($username)) {
|
2010-07-13 03:30:11 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Make sure the user doesn't exist */
|
|
|
|
$us = mysql_real_escape_string($username);
|
|
|
|
$q = mysql_query("SELECT * FROM accounts WHERE username='$us'");
|
|
|
|
if(mysql_num_rows($q)) {
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
2010-09-27 19:52:43 +00:00
|
|
|
//if the password is set, make sure its valid, if its null, thats OK, it'll get generated and set by account_set_password
|
2010-09-27 20:04:12 +00:00
|
|
|
if($password && !account_valid_password($password)) {
|
2010-09-27 19:52:43 +00:00
|
|
|
return -3;
|
|
|
|
}
|
|
|
|
|
2010-07-13 03:30:11 +00:00
|
|
|
/* Create the account */
|
|
|
|
mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`)
|
|
|
|
VALUES ('$us', NOW(),'no','no')");
|
|
|
|
echo mysql_error();
|
|
|
|
|
|
|
|
$accounts_id = mysql_insert_id();
|
|
|
|
|
2010-09-27 19:13:56 +00:00
|
|
|
account_set_password($accounts_id, $password);
|
2010-07-13 03:30:11 +00:00
|
|
|
$a = account_load($accounts_id);
|
2010-09-27 19:13:56 +00:00
|
|
|
|
2010-07-13 03:30:11 +00:00
|
|
|
return $a;
|
|
|
|
}
|
|
|
|
|
2010-09-27 19:13:56 +00:00
|
|
|
function account_set_email($accounts_id,$email) {
|
|
|
|
global $config;
|
|
|
|
//we dont actually set the email until its confirmed, we only set the pending email :p
|
|
|
|
if(isEmailAddress($email)) {
|
|
|
|
$code=generatePassword(24);
|
|
|
|
mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'");
|
|
|
|
|
|
|
|
$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
|
|
|
|
$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
|
|
|
|
$urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code;
|
|
|
|
$link=$urlmain."/".$urlemailconfirm;
|
|
|
|
|
|
|
|
email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link));
|
|
|
|
}
|
|
|
|
}
|
2010-07-13 03:30:11 +00:00
|
|
|
|
2010-10-06 20:01:15 +00:00
|
|
|
// add the necessary role to the account's user record for the specified conference
|
|
|
|
function account_add_role($accounts_id, $roles_id, $conferences_id, $password = null){
|
|
|
|
// create the user if they don't exist
|
|
|
|
// active = yes
|
|
|
|
// complete = no
|
|
|
|
}
|
|
|
|
|
|
|
|
function account_remove_role($accounts_id, $roles_id, $conferences_id){
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-07-13 03:30:11 +00:00
|
|
|
/*
|
|
|
|
*/
|
|
|
|
?>
|