forked from science-ation/science-ation
712348dbb9
user_account now saves info, and does online-checking of usernames. Form validation is fun!
152 lines
4.0 KiB
PHP
152 lines
4.0 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2010 David Grant <dave@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
|
|
function account_valid_user($user)
|
|
{
|
|
/* Find any character that doesn't match the valid username characters
|
|
* (^ inverts the matching remember */
|
|
$x = preg_match('[^a-zA-Z0-9@.-_]',$user);
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
return ($x == 1) ? false : true;
|
|
}
|
|
|
|
function account_valid_password($pass)
|
|
{
|
|
/* Same as user, but allow more characters */
|
|
$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
if($x == 1) return false;
|
|
|
|
if(strlen($pass) < 6) return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
/* A more strict version of isEmailAddress() */
|
|
function account_valid_email($str)
|
|
{
|
|
$x = eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
|
|
return ($x == 1) ? true : false;
|
|
}
|
|
|
|
/* Duplicate of common.inc.php:generatePassword, which will be deleted
|
|
* eventually when ALL users are handled through this file */
|
|
function account_generate_password($pwlen=8)
|
|
{
|
|
//these are good characters that are not easily confused with other characters :)
|
|
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
|
|
$len=strlen($available) - 1;
|
|
|
|
$key="";
|
|
for($x=0;$x<$pwlen;$x++)
|
|
$key.=$available{rand(0,$len)};
|
|
return $key;
|
|
}
|
|
|
|
function account_set_password($accounts_id, $password = NULL)
|
|
{
|
|
$save_old = false;
|
|
if($password == NULL) {
|
|
$q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'");
|
|
$a = mysql_fetch_assoc($q);
|
|
/* Generate a new password */
|
|
$password = account_generate_password(12);
|
|
/* save the old password only if it's not an auto-generated one */
|
|
if($a['passwordset'] != '0000-00-00') $save_old = true;
|
|
/* Expire the password */
|
|
$save_set = "'0000-00-00'";
|
|
} else {
|
|
/* Set the password, no expiry, save the old */
|
|
$save_old = true;
|
|
$save_set = 'NOW()';
|
|
}
|
|
|
|
$p = mysql_escape_string($password);
|
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
|
$set .= "password='$p', passwordset=$save_set ";
|
|
|
|
$query = "UPDATE accounts SET $set WHERE id='$accounts_id'";
|
|
mysql_query($query);
|
|
echo mysql_error();
|
|
|
|
return $password;
|
|
}
|
|
|
|
function account_load($id)
|
|
{
|
|
$id = intval($id);
|
|
$q = mysql_query("SELECT * FROM accounts WHERE id='$id'");
|
|
if(mysql_num_rows($q) == 0) {
|
|
echo "No such account $id";
|
|
exit;
|
|
}
|
|
if(mysql_num_rows($q) > 1) {
|
|
echo "More than one account returned for $id";
|
|
exit;
|
|
}
|
|
|
|
$a = mysql_fetch_assoc($q);
|
|
return $a;
|
|
}
|
|
|
|
|
|
function account_create($username)
|
|
{
|
|
global $config;
|
|
|
|
/* Sanity check username */
|
|
if(!user_valid_user($username)) {
|
|
return -1;
|
|
}
|
|
|
|
/* Make sure the user doesn't exist */
|
|
$us = mysql_real_escape_string($username);
|
|
$q = mysql_query("SELECT * FROM accounts WHERE username='$us'");
|
|
if(mysql_num_rows($q)) {
|
|
return -2;
|
|
}
|
|
|
|
/* Create the account */
|
|
mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`)
|
|
VALUES ('$us', NOW(),'no','no')");
|
|
echo mysql_error();
|
|
|
|
$accounts_id = mysql_insert_id();
|
|
|
|
account_set_password($accounts_id, NULL);
|
|
|
|
$a = account_load($accounts_id);
|
|
return $a;
|
|
}
|
|
|
|
|
|
/*
|
|
if(user_valid_email($username)) {
|
|
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
|
|
}
|
|
*/
|
|
?>
|