forked from science-ation/science-ation
359 lines
11 KiB
PHP
359 lines
11 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
Copyright (C) 2007 David Grant <dave@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
require_once("common.inc.php");
|
|
require_once("account.inc.php");
|
|
|
|
/* Make sure the user is logged in with just an account (accounts_id is set),
|
|
* dont' call user_auth_required because they may not have a user */
|
|
if(!isset($_SESSION['accounts_id'])) {
|
|
message_push(error(i18n("You must login to view that page")));
|
|
header("location: {$config['SFIABDIRECTORY']}/index.php");
|
|
exit;
|
|
}
|
|
|
|
/* Superuser may edit this for any account, if the user is not a superuser, force
|
|
* the accounts_id to be whatever is in the session */
|
|
if($_SESSION['superuser']) {
|
|
$accounts_id = intval($_GET['accounts_id']);
|
|
if($accounts_id == 0) $accounts_id = $_SESSION['accounts_id'];
|
|
} else {
|
|
$accounts_id = $_SESSION['accounts_id'];
|
|
}
|
|
|
|
function user_account_check_username($accounts_id, $username)
|
|
{
|
|
if(!account_valid_user($username)) return false;
|
|
|
|
$u = mysql_real_escape_string($username);
|
|
$q = mysql_query("SELECT id FROM accounts WHERE username='$u' AND deleted='no' AND id!=$accounts_id");
|
|
if(mysql_num_rows($q) != 0) return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
switch($_GET['action']) {
|
|
case 'check_username':
|
|
$x = user_account_check_username($accounts_id, $_GET['username']);
|
|
echo json_encode(array('valid' => $x));
|
|
exit;
|
|
|
|
case 'save':
|
|
$a = account_load($accounts_id);
|
|
|
|
/* Since we're using input validation we dont' have to report errors back to the user, the validator
|
|
* should catch them all, so we'll just go ahead and save (or error out) */
|
|
debug_(print_r($_POST), true);
|
|
|
|
$email = trim($_POST['email']);
|
|
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
|
|
$username = $username_link ? $email : trim($_POST['username']);
|
|
|
|
if(array_key_exists('email', $_POST)) {
|
|
/* If this key doesn't exist, don't even try to update the email or the usename, the
|
|
* user is in a "must date their password" mode */
|
|
if($a['email'] != $email && $email != '') {
|
|
$save = true;
|
|
/* Change email */
|
|
if(!account_valid_email($email)) {
|
|
error_('Invalid email address');
|
|
$save = false;
|
|
}
|
|
|
|
if($save) {
|
|
// action_create_set_email($accounts_id, $email);
|
|
happy_("An email has been sent to %1 to confirm the new email address", array($email));
|
|
}
|
|
}
|
|
|
|
/* Update link */
|
|
$x = ($a['link_username_to_email'] == 'yes') ? true : false;
|
|
if($x != $username_link) {
|
|
$l = $username_link ? 'yes' : 'no';
|
|
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
|
|
}
|
|
|
|
/* Update username */
|
|
if($a['username'] != $username) {
|
|
if(user_account_check_username($accounts_id, $username)) {
|
|
/* Update it */
|
|
$u = mysql_real_escape_string($username);
|
|
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
|
|
happy_("Username updated");
|
|
}
|
|
}
|
|
}
|
|
|
|
$pass1 = $_POST['pass1'];
|
|
$pass2 = $_POST['pass2'];
|
|
if($pass1!='' || $pass2!='') {
|
|
$pass = mysql_escape_string($pass1);
|
|
//first, lets see if they choose the same password again (bad bad bad)
|
|
$q=mysql_query("SELECT password FROM accounts WHERE
|
|
id='$accounts_id' AND password='$pass'");
|
|
|
|
$save = false;
|
|
/* All of this, except matching the previous password, is checked
|
|
* by the form validator */
|
|
if(mysql_num_rows($q))
|
|
error_("You cannot choose the same password again. Please choose a different password");
|
|
else if($pass1 == '')
|
|
error_("New Password is required");
|
|
else if($pass1 != $pass2)
|
|
error_("Passwords do not match");
|
|
else if(account_valid_password($pass1) == false)
|
|
error_("The password contains invalid characters or is not long enough");
|
|
else {
|
|
account_set_password($_SESSION['accounts_id'], $pass);
|
|
unset($_SESSION['password_expired']);
|
|
|
|
happy_('Password has been successfully updated');
|
|
}
|
|
}
|
|
/* Forward to the request_uri if it's set */
|
|
if(isset($_SESSION['request_uri'])) {
|
|
$link = $_SESSION['request_uri'];
|
|
unset($_SESSION['request_uri']);
|
|
?>
|
|
<script type="text/javascript">
|
|
window.document.location="<?=$link?>";
|
|
</script>
|
|
<?
|
|
}
|
|
|
|
/* Update the status */
|
|
$newstatus=user_account_status(null, $a);
|
|
?>
|
|
<script type="text/javascript">
|
|
user_update_tab_status('account','<?=$newstatus?>');
|
|
</script>
|
|
<?
|
|
exit;
|
|
}
|
|
|
|
// send_header("Account Information",
|
|
// array("Main" => "user_main.php")
|
|
// ,"change_password"
|
|
// );
|
|
|
|
$a = account_load($accounts_id);
|
|
|
|
$d = '';
|
|
$email = $a['email'];
|
|
$username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : '';
|
|
$username = $email;
|
|
|
|
if($_SESSION['password_expired'] == true) {
|
|
echo error(i18n('Your password has expired. You must choose a new password now.'));
|
|
$d = 'disabled="disabled"';
|
|
$validator_passreq = 'required: true,';
|
|
echo "drect to: {$_SESSION['request_uri']}";;
|
|
}
|
|
|
|
?>
|
|
<h4><?=i18n("Account/Login Information")?> - <span class="status_account"></span></h4>
|
|
<br />
|
|
|
|
<form class="editor" name="account" id="accountform">
|
|
<table width="90%">
|
|
<tr>
|
|
<td style="text-align: left" colspan="2"><b>Email</b><hr /></td>
|
|
</tr><tr>
|
|
<td><label for="email"><?=i18n('Email')?>:</label></td>
|
|
<td><input id="email" <?=$d?> name="email" type="text" size="20" value="<?=$email?>"></td>
|
|
</tr><tr>
|
|
<td></td><td>
|
|
<div style="font-size: 0.75em;"><?=i18n('Changing the email address will cause a confirmation email to be sent to the new email address before the change will take effect.')?></div>
|
|
<br />
|
|
</td>
|
|
</tr><tr>
|
|
<td style="text-align: left" colspan="2"><b>Username</b><hr /></td>
|
|
</tr><tr>
|
|
<td><?=i18n('Username')?>:</td>
|
|
<td> <input <?=$ud?> <?=$d?> id="username" name=username type="text" size="20" value="<?=$username?>"><br />
|
|
<input id="username_link" <?=$username_link?> <?=$d?> type="checkbox" name="username_link" value="yes" />
|
|
<?=i18n('Use the email address as the login username')?><br />
|
|
|
|
</td>
|
|
</tr><tr>
|
|
<td colspan="2">
|
|
<br />
|
|
</td>
|
|
</tr><tr>
|
|
<td style="text-align: left" colspan="2"><b>Password</b><hr /></td>
|
|
</tr><tr>
|
|
<td><label for="pass1"><?=i18n('New Password')?>:</label></td>
|
|
<td><input id="pass1" name="pass1" type="password" size="20" value=""></td>
|
|
</tr><tr>
|
|
<td><label for="pass2"><?=i18n('Confirm New Password')?>:</label></td>
|
|
<td><input id="pass2" name="pass2" type="password" size="20" value=""></td>
|
|
</tr><tr>
|
|
<td></td><td>
|
|
<div style="font-size: 0.75em;"><?=i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')?></div>
|
|
</td>
|
|
</tr></table>
|
|
<br />
|
|
<br />
|
|
<input type="submit" value="<?=i18n("Save")?>" />
|
|
</form>
|
|
|
|
|
|
<br />
|
|
|
|
<script type="text/javascript">
|
|
var username_valid = true;
|
|
var username_checking = true;
|
|
var check_username_time = false;
|
|
|
|
function username_changed()
|
|
{
|
|
username_checking = false;
|
|
username_valid = true;
|
|
|
|
/* Immediately go to checking... */
|
|
$("#accountform").validate().element( "#username" );
|
|
$("#accountform").validate().element( "#email" );
|
|
|
|
if(check_username_time != false)
|
|
clearTimeout(check_username_time);
|
|
check_username_time = setTimeout(function() {
|
|
var username = $("#username").val();
|
|
username_checking = false;
|
|
$.getJSON("<?=$config['SFIABDIRECTORY']?>/user_account.php?action=check_username&accounts_id=<?=$accounts_id?>&username="+username,
|
|
function(json){
|
|
username_valid = (json.valid == 1) ? true : false;
|
|
username_checking = true;
|
|
$("#accountform").validate().element( "#username" );
|
|
$("#accountform").validate().element( "#email" );
|
|
});
|
|
}, 500);
|
|
|
|
}
|
|
|
|
function email_changed() {
|
|
if($("#username_link").is(":checked")) {
|
|
$("#username").val($('#email').val());
|
|
username_changed();
|
|
}
|
|
}
|
|
|
|
|
|
$.validator.addMethod("username_in_use",function(value, element) {
|
|
if(element.id == 'username') {
|
|
return username_valid;
|
|
} else {
|
|
if($("#username_link").is(":checked"))
|
|
return username_valid;
|
|
else
|
|
return true;
|
|
}
|
|
});
|
|
|
|
$.validator.addMethod("checking",function(value, element) {
|
|
return username_checking;
|
|
});
|
|
|
|
$(document).ready(function() {
|
|
$("#accountform").validate({
|
|
rules: {
|
|
email: {
|
|
required: true,
|
|
email: true,
|
|
username_in_use: true,
|
|
},
|
|
username: {
|
|
// required: "#username_link:checked",
|
|
username_in_use: true,
|
|
checking: true,
|
|
minlength: 4
|
|
},
|
|
pass1: {
|
|
<?=$validator_passreq?>
|
|
minlength: 6,
|
|
maxlength: 32
|
|
},
|
|
pass2: {
|
|
<?=$validator_passreq?>
|
|
minlength: 6,
|
|
maxlength: 32,
|
|
equalTo: "#pass1"
|
|
}
|
|
},
|
|
messages: {
|
|
email: {
|
|
required: "Please enter an email address",
|
|
email: "Please enter a valid email address",
|
|
username_in_use: "Email aready in use as a username, use a different email, or uncheck the username box below"
|
|
},
|
|
username: {
|
|
required: "Please enter a username",
|
|
minlength: "Your username must consist of at least 2 characters",
|
|
username_in_use: "Username is taken, please choose a different one",
|
|
checking: "Checking..."
|
|
},
|
|
pass1: {
|
|
required: "Please enter a password",
|
|
minlength: "Your password must be at least 6 characters long",
|
|
maxlength: "Your password must be at most 32 characters long"
|
|
},
|
|
pass2: {
|
|
required: "Please confirm the password",
|
|
minlength: "Your password must be at least 6 characters long",
|
|
maxlength: "Your password must be at most 32 characters long",
|
|
equalTo: "Please enter the same password as above"
|
|
}
|
|
},
|
|
submitHandler: function() {
|
|
$("#debug").load("user_account.php?action=save&accounts_id=<?=$accounts_id?>", $("#accountform").serializeArray());
|
|
}
|
|
});
|
|
|
|
user_update_tab_status('account');
|
|
|
|
|
|
<? if($_SESSION['password_expired'] == false) { ?>
|
|
/* Code to disable the username box, only included if the password hasn't expired */
|
|
var username_link = $("#username_link").is(":checked");
|
|
$("#username").attr("disabled", username_link);
|
|
$("#username_link").click(function() {
|
|
$("#username").attr("disabled", this.checked);
|
|
email_changed();
|
|
username_changed();
|
|
});
|
|
$("#email").change(email_changed);
|
|
$("#email").keyup(email_changed);
|
|
$("#username").change(username_changed);
|
|
$("#username").keyup(username_changed);
|
|
|
|
<? } ?>
|
|
|
|
});
|
|
</script>
|
|
|
|
|
|
<?
|
|
//send_footer();
|
|
?>
|