This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ ?> /?]',$pass); /* If x==1, a match was found, and the input is bad */ if($x == 1) return false; if(strlen($pass) < 6) return false; return true; } /* Duplicate of common.inc.php:generatePassword, which will be deleted * eventually when ALL users are handled through this file */ function account_generate_password($pwlen=8) { //these are good characters that are not easily confused with other characters :) $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; $len=strlen($available) - 1; $key=""; for($x=0;$x<$pwlen;$x++) $key.=$available{rand(0,$len)}; return $key; } function account_set_password($accounts_id, $password = NULL) { $save_old = false; if($password == NULL) { $q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'"); $a = mysql_fetch_assoc($q); /* Generate a new password */ $password = account_generate_password(12); /* save the old password only if it's not an auto-generated one */ if($a['passwordset'] != '0000-00-00') $save_old = true; /* Expire the password */ $save_set = "'0000-00-00'"; } else { /* Set the password, no expiry, save the old */ $save_old = true; $save_set = 'NOW()'; } $p = mysql_escape_string($password); $set = ($save_old == true) ? 'oldpassword=password, ' : ''; $set .= "password='$p', passwordset=$save_set "; $query = "UPDATE accounts SET $set WHERE id='$accounts_id'"; mysql_query($query); echo mysql_error(); return $password; } function account_load($id) { $id = intval($id); $q = mysql_query("SELECT * FROM accounts WHERE id='$id'"); if(mysql_num_rows($q) == 0) { return false; } if(mysql_num_rows($q) > 1) { return false; } $a = mysql_fetch_assoc($q); return $a; } function account_load_by_username($username) { $un = mysql_real_escape_string($username); $q = mysql_query("SELECT * FROM accounts WHERE username='$un'"); if(mysql_num_rows($q) == 0) { return false; } if(mysql_num_rows($q) > 1) { return false; } $a = mysql_fetch_assoc($q); return $a; } function account_create($username,$password=NULL) { global $config; /* Sanity check username */ if(!account_valid_user($username)) { return -1; } /* Make sure the user doesn't exist */ $us = mysql_real_escape_string($username); $q = mysql_query("SELECT * FROM accounts WHERE username='$us'"); if(mysql_num_rows($q)) { return -2; } /* Create the account */ mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) VALUES ('$us', NOW(),'no','no')"); echo mysql_error(); $accounts_id = mysql_insert_id(); account_set_password($accounts_id, $password); account_set_email($accounts_id, $email); $a = account_load($accounts_id); return $a; } function account_set_email($accounts_id,$email) { global $config; //we dont actually set the email until its confirmed, we only set the pending email :p if(isEmailAddress($email)) { $code=generatePassword(24); mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'"); $urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://"; $urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}"; $urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code; $link=$urlmain."/".$urlemailconfirm; email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link)); } } /* */ ?>