forked from science-ation/science-ation
Fix email checking
user_account now saves info, and does online-checking of usernames. Form validation is fun!
This commit is contained in:
parent
1697287a35
commit
712348dbb9
@ -48,7 +48,7 @@ function account_valid_password($pass)
|
||||
/* A more strict version of isEmailAddress() */
|
||||
function account_valid_email($str)
|
||||
{
|
||||
$x = preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
|
||||
$x = eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
|
||||
return ($x == 1) ? true : false;
|
||||
}
|
||||
|
||||
|
198
user_account.php
198
user_account.php
@ -48,61 +48,88 @@
|
||||
$back_link = "user_main.php";
|
||||
unset($_SESSION['request_uri']);
|
||||
|
||||
if($_GET['action']=="save") {
|
||||
echo "Not implemented!";
|
||||
function user_account_check_username($accounts_id, $username)
|
||||
{
|
||||
if(!account_valid_user($username)) return false;
|
||||
|
||||
$u = mysql_real_escape_string($u);
|
||||
$q = mysql_query("SELECT id FROM accounts WHERE username='$u' AND deleted='no' AND id!=$accounts_id");
|
||||
if(mysql_num_rows($q) != 0) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
switch($_GET['action']) {
|
||||
case 'check_username':
|
||||
$x = user_account_check_username($accounts_id, $_GET['username']);
|
||||
echo json_encode(array('valid' => $x));
|
||||
exit;
|
||||
|
||||
case 'save':
|
||||
$a = account_load($accounts_id);
|
||||
|
||||
$save_email = false;
|
||||
if($a['email'] != $_POST['email']) {
|
||||
$save_email = true;
|
||||
/* Since we're using input validation we dont' have to report errors back to the user, the validator
|
||||
* should catch them all, so we'll just go ahead and save (or error out) */
|
||||
debug_(print_r($_POST), true);
|
||||
|
||||
$email = trim($_POST['email']);
|
||||
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
|
||||
$username = $username_link ? $email : trim($_POST['username']);
|
||||
|
||||
if($a['email'] != $email && $email != '') {
|
||||
$save = true;
|
||||
/* Change email */
|
||||
$email = $_POST['email'];
|
||||
if(!account_valid_email($email)) {
|
||||
error_('Invalid email address');
|
||||
$save_email = false;
|
||||
}
|
||||
$save = false;
|
||||
}
|
||||
|
||||
$save_username = false;
|
||||
|
||||
$save_pass = false;
|
||||
if($_POST['pass1']!='' || $_POST['pass2']!='') {
|
||||
$pass = mysql_escape_string($_POST['pass1']);
|
||||
//first, lets see if they choose the same password again (bad bad bad)
|
||||
$q=mysql_query("SELECT password FROM accounts WHERE
|
||||
id='{$_SESSION['accounts_id']}'
|
||||
AND password='$pass'");
|
||||
|
||||
if(mysql_num_rows($q))
|
||||
error_("You cannot choose the same password again. Please choose a different password");
|
||||
else if($_POST['pass1'] == '')
|
||||
error_("New Password is required");
|
||||
else if($_POST['pass1'] != $_POST['pass2'])
|
||||
error_("Passwords do not match");
|
||||
else if(account_valid_password($_POST['pass1']) == false)
|
||||
error_("The password contains invalid characters or is not long enough");
|
||||
else {
|
||||
$pass = $_POST['pass1'];
|
||||
$save_pass = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if($save_email) {
|
||||
action_create_set_email($accounts_id, $email);
|
||||
if($save) {
|
||||
// action_create_set_email($accounts_id, $email);
|
||||
happy_("An email has been sent to %1 to confirm the new email address", array($email));
|
||||
}
|
||||
if($save_pass) {
|
||||
}
|
||||
|
||||
if($a['username'] != $username) {
|
||||
$save = true;
|
||||
/* Make sure it isn't in use */
|
||||
$x = user_account_check_username($accounts_id, $username);
|
||||
if($x == false) $save = false;
|
||||
|
||||
if($save) {
|
||||
/* Update it */
|
||||
$u = mysql_real_escape_string($username);
|
||||
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
|
||||
happy_("Username updated");
|
||||
}
|
||||
}
|
||||
|
||||
$pass1 = $_POST['pass1'];
|
||||
$pass2 = $_POST['pass2'];
|
||||
if($pass1!='' || $pass2!='') {
|
||||
$pass = mysql_escape_string($pass1);
|
||||
//first, lets see if they choose the same password again (bad bad bad)
|
||||
$q=mysql_query("SELECT password FROM accounts WHERE
|
||||
id='$accounts_id' AND password='$pass'");
|
||||
|
||||
$save = false;
|
||||
if(mysql_num_rows($q))
|
||||
error_("You cannot choose the same password again. Please choose a different password");
|
||||
else if($pass1 == '')
|
||||
error_("New Password is required");
|
||||
else if($pass1 != $pass2)
|
||||
error_("Passwords do not match");
|
||||
else if(account_valid_password($pass1) == false)
|
||||
error_("The password contains invalid characters or is not long enough");
|
||||
else {
|
||||
account_set_password($_SESSION['accounts_id'], $pass);
|
||||
unset($_SESSION['password_expired']);
|
||||
|
||||
happy_('Password has been successfully updated');
|
||||
header("location: $back_link");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
send_header("Account Information",
|
||||
array("Main" => "user_main.php")
|
||||
@ -119,8 +146,7 @@ if($_GET['action']=="save") {
|
||||
$d = '';
|
||||
|
||||
$email = $a['email'];
|
||||
$username_yes = 'checked="checked"';
|
||||
$username_no = '';
|
||||
$username_link = 'checked="checked"';
|
||||
$username = $email;
|
||||
$ud = 'disabled="disabled"';
|
||||
|
||||
@ -171,69 +197,125 @@ if($_GET['action']=="save") {
|
||||
|
||||
<script type="text/javascript">
|
||||
$.validator.setDefaults({
|
||||
submitHandler: function() { alert("submitted!"); }
|
||||
});
|
||||
|
||||
|
||||
$().ready(function() {
|
||||
var username_valid = true;
|
||||
var username_checking = true;
|
||||
var check_username_time = false;
|
||||
|
||||
// validate signup form on keyup and submit
|
||||
function username_changed()
|
||||
{
|
||||
username_checking = false;
|
||||
username_valid = true;
|
||||
|
||||
/* Immediately go to checking... */
|
||||
$("#accountform").validate().element( "#username" );
|
||||
$("#accountform").validate().element( "#email" );
|
||||
|
||||
if(check_username_time != false)
|
||||
clearTimeout(check_username_time);
|
||||
check_username_time = setTimeout(function() {
|
||||
var username = $("#username").val();
|
||||
username_checking = false;
|
||||
$.getJSON("<?=$config['SFIABDIRECTORY']?>/user_account.php?action=check_username&accounts_id=<?=$accounts_id?>&username="+username,
|
||||
function(json){
|
||||
username_valid = (json.valid == 1) ? true : false;
|
||||
username_checking = true;
|
||||
$("#accountform").validate().element( "#username" );
|
||||
$("#accountform").validate().element( "#email" );
|
||||
});
|
||||
}, 500);
|
||||
|
||||
}
|
||||
|
||||
function email_changed() {
|
||||
if($("#username_link").is(":checked")) {
|
||||
$("#username").val($('#email').val());
|
||||
username_changed();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$.validator.addMethod("username_in_use",function(value, element) {
|
||||
if(element.id == 'username') {
|
||||
return username_valid;
|
||||
} else {
|
||||
if($("#username_link").is(":checked"))
|
||||
return username_valid;
|
||||
else
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
$.validator.addMethod("checking",function(value, element) {
|
||||
return username_checking;
|
||||
});
|
||||
|
||||
$().ready(function() {
|
||||
$("#accountform").validate({
|
||||
rules: {
|
||||
email: {
|
||||
required: true,
|
||||
email: true
|
||||
email: true,
|
||||
username_in_use: true,
|
||||
},
|
||||
username: {
|
||||
required: "#username_link:checked",
|
||||
// required: "#username_link:checked",
|
||||
username_in_use: true,
|
||||
checking: true,
|
||||
minlength: 4
|
||||
},
|
||||
pass1: {
|
||||
required: true,
|
||||
minlength: 6,
|
||||
maxlength: 32
|
||||
},
|
||||
pass2: {
|
||||
required: true,
|
||||
minlength: 6,
|
||||
maxlength: 32,
|
||||
equalTo: "#pass1"
|
||||
}
|
||||
},
|
||||
messages: {
|
||||
email: {
|
||||
required: "Please enter an email address",
|
||||
email: "Please enter a valid email address",
|
||||
username_in_use: "Email aready in use as a username, use a different email, or uncheck the username box below"
|
||||
},
|
||||
username: {
|
||||
required: "Please enter a username",
|
||||
minlength: "Your username must consist of at least 2 characters"
|
||||
minlength: "Your username must consist of at least 2 characters",
|
||||
username_in_use: "Username is taken, please choose a different one",
|
||||
checking: "Checking..."
|
||||
},
|
||||
pass1: {
|
||||
required: "Please provide a password",
|
||||
minlength: "Your password must be at least 6 characters long",
|
||||
maxlength: "Your password must be at most 32 characters long"
|
||||
},
|
||||
pass2: {
|
||||
required: "Please provide a password",
|
||||
minlength: "Your password must be at least 6 characters long",
|
||||
maxlength: "Your password must be at most 32 characters long",
|
||||
equalTo: "Please enter the same password as above"
|
||||
}
|
||||
},
|
||||
submitHandler: function() {
|
||||
$("#debug").load("user_account.php?action=save&accounts_id=<?=$accounts_id?>", $("#accountform").serializeArray());
|
||||
}
|
||||
});
|
||||
|
||||
/* Code to disable the username box */
|
||||
var username_link = $("#username_link").is(":checked");
|
||||
$("#username").attr("disabled", username_link);
|
||||
$("#username_link").click(function() {
|
||||
$("#username").attr("disabled", this.checked);
|
||||
username_link_change();
|
||||
email_changed();
|
||||
username_changed();
|
||||
});
|
||||
|
||||
function username_link_change() {
|
||||
if($("#username_link").is(":checked")) {
|
||||
$("#username").val($('#email').val());
|
||||
}
|
||||
}
|
||||
$("#email").change(username_link_change);
|
||||
$("#email").keyup(username_link_change);
|
||||
$("#email").change(email_changed);
|
||||
$("#email").keyup(email_changed);
|
||||
$("#username").change(username_changed);
|
||||
$("#username").keyup(username_changed);
|
||||
|
||||
});
|
||||
</script>
|
||||
|
Loading…
Reference in New Issue
Block a user