Fix email checking

user_account now saves info, and does online-checking of usernames.
Form validation is fun!
This commit is contained in:
dave 2010-07-14 18:09:28 +00:00
parent 1697287a35
commit 712348dbb9
2 changed files with 137 additions and 55 deletions

View File

@ -48,7 +48,7 @@ function account_valid_password($pass)
/* A more strict version of isEmailAddress() */
function account_valid_email($str)
{
$x = preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
$x = eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
return ($x == 1) ? true : false;
}

View File

@ -48,61 +48,88 @@
$back_link = "user_main.php";
unset($_SESSION['request_uri']);
if($_GET['action']=="save") {
echo "Not implemented!";
function user_account_check_username($accounts_id, $username)
{
if(!account_valid_user($username)) return false;
$u = mysql_real_escape_string($u);
$q = mysql_query("SELECT id FROM accounts WHERE username='$u' AND deleted='no' AND id!=$accounts_id");
if(mysql_num_rows($q) != 0) return false;
return true;
}
switch($_GET['action']) {
case 'check_username':
$x = user_account_check_username($accounts_id, $_GET['username']);
echo json_encode(array('valid' => $x));
exit;
case 'save':
$a = account_load($accounts_id);
$save_email = false;
if($a['email'] != $_POST['email']) {
$save_email = true;
/* Since we're using input validation we dont' have to report errors back to the user, the validator
* should catch them all, so we'll just go ahead and save (or error out) */
debug_(print_r($_POST), true);
$email = trim($_POST['email']);
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
$username = $username_link ? $email : trim($_POST['username']);
if($a['email'] != $email && $email != '') {
$save = true;
/* Change email */
$email = $_POST['email'];
if(!account_valid_email($email)) {
error_('Invalid email address');
$save_email = false;
}
$save = false;
}
$save_username = false;
$save_pass = false;
if($_POST['pass1']!='' || $_POST['pass2']!='') {
$pass = mysql_escape_string($_POST['pass1']);
//first, lets see if they choose the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM accounts WHERE
id='{$_SESSION['accounts_id']}'
AND password='$pass'");
if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password");
else if($_POST['pass1'] == '')
error_("New Password is required");
else if($_POST['pass1'] != $_POST['pass2'])
error_("Passwords do not match");
else if(account_valid_password($_POST['pass1']) == false)
error_("The password contains invalid characters or is not long enough");
else {
$pass = $_POST['pass1'];
$save_pass = true;
}
}
if($save_email) {
action_create_set_email($accounts_id, $email);
if($save) {
// action_create_set_email($accounts_id, $email);
happy_("An email has been sent to %1 to confirm the new email address", array($email));
}
if($save_pass) {
}
if($a['username'] != $username) {
$save = true;
/* Make sure it isn't in use */
$x = user_account_check_username($accounts_id, $username);
if($x == false) $save = false;
if($save) {
/* Update it */
$u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
happy_("Username updated");
}
}
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1!='' || $pass2!='') {
$pass = mysql_escape_string($pass1);
//first, lets see if they choose the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM accounts WHERE
id='$accounts_id' AND password='$pass'");
$save = false;
if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password");
else if($pass1 == '')
error_("New Password is required");
else if($pass1 != $pass2)
error_("Passwords do not match");
else if(account_valid_password($pass1) == false)
error_("The password contains invalid characters or is not long enough");
else {
account_set_password($_SESSION['accounts_id'], $pass);
unset($_SESSION['password_expired']);
happy_('Password has been successfully updated');
header("location: $back_link");
exit;
}
}
exit;
}
send_header("Account Information",
array("Main" => "user_main.php")
@ -119,8 +146,7 @@ if($_GET['action']=="save") {
$d = '';
$email = $a['email'];
$username_yes = 'checked="checked"';
$username_no = '';
$username_link = 'checked="checked"';
$username = $email;
$ud = 'disabled="disabled"';
@ -171,69 +197,125 @@ if($_GET['action']=="save") {
<script type="text/javascript">
$.validator.setDefaults({
submitHandler: function() { alert("submitted!"); }
});
$().ready(function() {
var username_valid = true;
var username_checking = true;
var check_username_time = false;
// validate signup form on keyup and submit
function username_changed()
{
username_checking = false;
username_valid = true;
/* Immediately go to checking... */
$("#accountform").validate().element( "#username" );
$("#accountform").validate().element( "#email" );
if(check_username_time != false)
clearTimeout(check_username_time);
check_username_time = setTimeout(function() {
var username = $("#username").val();
username_checking = false;
$.getJSON("<?=$config['SFIABDIRECTORY']?>/user_account.php?action=check_username&accounts_id=<?=$accounts_id?>&username="+username,
function(json){
username_valid = (json.valid == 1) ? true : false;
username_checking = true;
$("#accountform").validate().element( "#username" );
$("#accountform").validate().element( "#email" );
});
}, 500);
}
function email_changed() {
if($("#username_link").is(":checked")) {
$("#username").val($('#email').val());
username_changed();
}
}
$.validator.addMethod("username_in_use",function(value, element) {
if(element.id == 'username') {
return username_valid;
} else {
if($("#username_link").is(":checked"))
return username_valid;
else
return true;
}
});
$.validator.addMethod("checking",function(value, element) {
return username_checking;
});
$().ready(function() {
$("#accountform").validate({
rules: {
email: {
required: true,
email: true
email: true,
username_in_use: true,
},
username: {
required: "#username_link:checked",
// required: "#username_link:checked",
username_in_use: true,
checking: true,
minlength: 4
},
pass1: {
required: true,
minlength: 6,
maxlength: 32
},
pass2: {
required: true,
minlength: 6,
maxlength: 32,
equalTo: "#pass1"
}
},
messages: {
email: {
required: "Please enter an email address",
email: "Please enter a valid email address",
username_in_use: "Email aready in use as a username, use a different email, or uncheck the username box below"
},
username: {
required: "Please enter a username",
minlength: "Your username must consist of at least 2 characters"
minlength: "Your username must consist of at least 2 characters",
username_in_use: "Username is taken, please choose a different one",
checking: "Checking..."
},
pass1: {
required: "Please provide a password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long"
},
pass2: {
required: "Please provide a password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long",
equalTo: "Please enter the same password as above"
}
},
submitHandler: function() {
$("#debug").load("user_account.php?action=save&accounts_id=<?=$accounts_id?>", $("#accountform").serializeArray());
}
});
/* Code to disable the username box */
var username_link = $("#username_link").is(":checked");
$("#username").attr("disabled", username_link);
$("#username_link").click(function() {
$("#username").attr("disabled", this.checked);
username_link_change();
email_changed();
username_changed();
});
function username_link_change() {
if($("#username_link").is(":checked")) {
$("#username").val($('#email').val());
}
}
$("#email").change(username_link_change);
$("#email").keyup(username_link_change);
$("#email").change(email_changed);
$("#email").keyup(email_changed);
$("#username").change(username_changed);
$("#username").keyup(username_changed);
});
</script>