[Webnotes-cvs] webnotes/core access_api.php,1.4,1.5 api.php,1.21,1.22 config_inc.php,1.15,1.16 user_api.php,1.5,1.6

[<vb...@us...>]

Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv1428/core

Modified Files:
	access_api.php api.php config_inc.php user_api.php 
Log Message:
- Got the user login to work (by creating the cookies, and implementing 
some extra code / re-using code from Mantis).
- Fixed a java script problem in the signup page.
- Added $g_allow_signup to enable/disable signup support.

Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- access_api.php	16 Sep 2002 05:24:40 -0000	1.4
+++ access_api.php	16 Sep 2002 13:27:20 -0000	1.5
@@ -8,24 +8,61 @@
 	# $Id$
 	# --------------------------------------------------------
 
+	# --------------------
+	# Check to see that the unique identifier is really unique
+	function check_cookie_string_duplicate( $p_cookie_string ) {
+		global $g_phpWN_user_table;
+
+		$c_cookie_string = addslashes($p_cookie_string);
+
+		$query = "SELECT COUNT(*)
+				FROM $g_phpWN_user_table
+				WHERE cookie_string='$c_cookie_string'";
+		$result = db_query( $query );
+		$t_count = db_result( $result, 0, 0 );
+		return ( $t_count > 0 );
+	}	
+	# --------------------
+	# This string is used to use as the login identified for the web cookie
+	# It is not guarranteed to be unique and should be checked
+	# The string returned should be 64 characters in length
+	function generate_cookie_string() {
+		$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
+		$t_val = md5( $t_val ) . md5( time() );
+		return substr( $t_val, 0, 64 );
+	}
+	# --------------------
+	# The string returned should be 64 characters in length
+	function create_cookie_string() {
+		$t_cookie_string = generate_cookie_string();
+		while ( check_cookie_string_duplicate( $t_cookie_string ) ) {
+			$t_cookie_string = generate_cookie_string();
+		}
+		return $t_cookie_string;
+	}
 	### --------------------
 	function access_encrypt_password( $p_password ) {
 		switch( config_get( 'auth_type' ) ) {
 			case AUTH_PLAIN: 
-				return ( $p_password );
+				$t_password = $p_password;
+				break;
 
 			case AUTH_CRYPT: 
 				$salt = substr( $p_password, 0, 2 );
-				return ( crypt( $p_password, $salt ) );
+				$t_password = crypt( $p_password, $salt );
+				break;
 
 			case AUTH_MD5:
-				return ( md5( $p_password ) );
-				
+				$t_password = md5( $p_password );
+				break;
+
 			default:
 				# @@@@ Replace with proper error
 				echo "Invalid authentication type";
 				exit;
 		} // switchconfig_get()) {
+
+		return substr( $t_password, 0, 32 );
 	}
 	### --------------------
 	function password_match( $p_test_password, $p_password ) {

Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- api.php	14 Sep 2002 15:19:12 -0000	1.21
+++ api.php	16 Sep 2002 13:27:20 -0000	1.22
@@ -31,6 +31,7 @@
 	$g_login_success_page = $g_web_directory . 'admin' . $g_ext;
 	$g_logout = $g_web_directory . 'logout' . $g_ext;
 	$g_logout_redirect_page = $g_web_directory;
+	$g_signup_page = $g_web_directory . 'signup_page' . $g_ext;
 
 	$g_admin_index_files = $g_web_directory . 'admin_index_files' . $g_ext;
 	$g_admin_view_queue = $g_web_directory . 'admin_view_queue' . $g_ext;

Index: config_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- config_inc.php	14 Sep 2002 06:22:03 -0000	1.15
+++ config_inc.php	16 Sep 2002 13:27:20 -0000	1.16
@@ -132,4 +132,7 @@
 
 	# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
 	$g_auth_type = AUTH_PLAIN;
+
+	# allow users to signup for their own accounts
+	$g_allow_signup = ON;
 ?>

Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- user_api.php	16 Sep 2002 05:24:40 -0000	1.5
+++ user_api.php	16 Sep 2002 13:27:20 -0000	1.6
@@ -13,6 +13,73 @@
 	###########################################################################
 
 	### --------------------
+	function user_create( $p_username, $p_password, $p_email, $p_access_level = null, $p_enabled = true ) {
+		if ( false !== user_get_id( $p_username ) ) {
+		    echo "Duplicate user.<br />";
+			return false;
+		}
+
+		if ( null === $p_access_level ) {
+		    $p_access_level = REGISTERED;   # @@@@ Move to config.
+		}
+
+		$c_username = db_prepare_string( $p_username );
+		$c_email = db_prepare_string( $p_email );
+		$c_encrypted_password = db_prepare_string( access_encrypt_password( $p_password ) );
+
+		$t_seed = $p_email . $p_username;
+		$t_cookie_string = create_cookie_string( $t_seed );
+		$c_cookie_string = db_prepare_string( $t_cookie_string );
+
+		$query = "INSERT INTO phpWN_user_table (username, password, email, cookie_string)
+					VALUES ('$c_username', '$c_encrypted_password', '$c_email', '$c_cookie_string')";
+		$result = mysql_query($query);
+
+		return( false !== $result );
+	}
+	### --------------------
+	function user_signup( $p_username, $p_email ) {
+		# Check to see if signup is allowed
+		if ( OFF == config_get( 'allow_signup' ) ) {
+			return false;
+		}
+
+		if ( empty( $p_username ) || empty( $p_email ) ) {
+		    return false;
+		}
+
+		$t_password = create_random_password( $p_email );
+		echo "Password is '$t_password'.<br />";
+		if ( false === user_create( $p_username, $t_password, $p_email ) ) {
+		    return false;
+		}
+
+		# @@@@ Send e-mail here.
+
+		return true;
+	}
+	### --------------------
+	function user_get_id( $p_username ) {
+		global $g_phpWN_user_table;
+
+		$c_username = db_prepare_string( $p_username );
+
+		$query = "SELECT id
+				FROM $g_phpWN_user_table
+				WHERE username='$c_username'";
+		$result = db_query( $query );
+		if ( false === $result ) {
+		    return false;
+		}
+
+		$row = db_fetch_array( $result );
+		if ( false === $row ) {
+		    return false;
+		}
+
+		return $row['id'];
+	}
+	### --------------------
 	function get_user_info_arr( $p_string_cookie_val ) {
 		global $g_phpWN_user_table;