Menu
▾
▴
[Webnotes-cvs] webnotes/core config_inc.php,1.17,1.18 email_api.php,1.1,1.2 user_api.php,1.7,1.8
|
From: <vb...@us...> - 2002-09-17 06:25:07
|
Update of /cvsroot/webnotes/webnotes/core In directory usw-pr-cvs1:/tmp/cvs-serv14333/core Modified Files: config_inc.php email_api.php user_api.php Log Message: - Removed the sql query from login and using core functions. - Removed e-mail configs that were copied from Mantis but were not needed. - Removed some e-mail apis that were not used. Also removed code that uses phpMailer. - Clean up of user_api.php and implementing user_where*() methods which allow getting user information or changing password using any key (id, username, e-mail, cookie). Index: config_inc.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- config_inc.php 17 Sep 2002 00:55:35 -0000 1.17 +++ config_inc.php 17 Sep 2002 06:25:03 -0000 1.18 @@ -31,13 +31,6 @@ $g_phpWN_page_table = 'phpWN_page_table'; $g_phpWN_user_table = 'phpWN_user_table'; - ################### - # EMAIL SETTINGS - ################### - - $g_webmaster_email = 'web...@my...'; - $g_administrator_email = 'ad...@my...'; - #################### # SERVER SETTINGS #################### @@ -133,26 +126,25 @@ # AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN $g_auth_type = AUTH_PLAIN; - ############################# - # Mantis Email Settings - ############################# + # allow users to signup for their own accounts + $g_allow_signup = ON; - # --- email variables ------------- - $g_administrator_email = "administrator@nowhere"; - $g_webmaster_email = "webmaster@nowhere"; + ################### + # EMAIL SETTINGS + ################### - # the "From: " field in emails - $g_from_email = "noreply@nowhere"; + # This option allows you to use a remote SMTP host. Must use the phpMailer script + # Name of smtp host, needed for phpMailer, taken from php.ini + $g_smtp_host = 'localhost'; - # the "To: " address all emails are sent. This can be a mailing list or archive address. - # Actual users are emailed via the bcc: fields - $g_to_email = "nobody@nowhere"; + $g_webmaster_email = 'webmaster@nowhere'; + $g_administrator_email = 'admin@nowhere'; - # the return address for bounced mail - $g_return_path_email = "admin@nowhere"; + # the "From: " field in emails + $g_from_email = 'noreply@nowhere'; - # allow users to signup for their own accounts - $g_allow_signup = ON; + # the return address for bounced mail + $g_return_path_email = 'admin@nowhere'; # if ON users will be sent their password when reset. # if OFF the password will be set to blank. @@ -161,58 +153,13 @@ # allow email notification $g_enable_email_notification = ON; - # notify developers and higher when a new bug comes in - # only if their preference is also set - $g_notify_developers_on_new = ON; - - # set to OFF to disable email check - $g_validate_email = ON; - $g_check_mx_record = ON; - - # This disables the automatic generation of mailto: links - # Valid values: NONE, ALL, NO_ANONYMOUS, ADMIN_ONLY - $g_show_user_email = OFF; - + # @@@@ what is the benefit of this option? # Set to OFF to remove X-Priority header $g_use_x_priority = ON; - # Set to OFF on Windows systems, as long as php-mail-function has its bcc-bug (~PHP 4.0.6) - $g_use_bcc = ON; - # some Mail transfer agents (MTAs) don't like bare linefeeds... # or they take good input and create barelinefeeds # If problems occur when sending mail through your server try turning this OFF # more here: http://pobox.com/~djb/docs/smtplf.html $g_mail_send_crlf = OFF; - - # phpMailer instead of standard mail() function (REQUIRES PHP 4.x.x) - # Get the phpMailer-package from http://phpmailer.sourceforge.net - # The installation is very simple you only need 2 plain text php-files - # class.smtp.php - # class.phpmailer.php - - # Copy these files to your php-include-dir i.e. "c:\php\includes" or - # "/usr/lib/php/includes" - # and add this path to the "include_path"-entry in the php.ini file. - # The installation is described in the readme and there is also a simple - # example. - # PhpMailer comes with a detailed documentation in phpdoc format. - - $g_use_phpMailer = OFF; - - # select the method to mail by: - # 0 - mail() - # 1 - sendmail - # 2 - SMTP - $g_phpMailer_method = 0; - - # This option allows you to use a remote SMTP host. Must use the phpMailer script - # Name of smtp host, needed for phpMailer, taken from php.ini - $g_smtp_host = "localhost"; - - # --- email separator and padding ------------ - $g_email_separator1 = "======================================================================="; - $g_email_separator2 = "-----------------------------------------------------------------------"; - $g_email_padding_length = 28; - ?> Index: email_api.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/email_api.php,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- email_api.php 17 Sep 2002 00:55:35 -0000 1.1 +++ email_api.php 17 Sep 2002 06:25:03 -0000 1.2 @@ -7,42 +7,10 @@ ########################################################################### # Email API ########################################################################### - # -------------------- - # check to see that the format is valid and that the mx record exists - function is_valid_email( $p_email ) { - global $g_validate_email, $g_check_mx_record; - - # if we don't validate then just accept - if ( OFF == $g_validate_email ) { - return true; - } - # Use a regular expression to check to see if the email is in valid format - # x-xx.xxx@yyy.zzz.abc etc. - if (eregi("^[_.0-9a-z-]+@([0-9a-z][-0-9a-z.]+).([a-z]{2,6}$)", $p_email, $check)) { - # passed format check. see if we should check the mx records - if ( ON == $g_check_mx_record ) { # Check for valid mx records - if (getmxrr($check[1].".".$check[2], $temp)) { - return true; - } else { - $host = substr( strstr( $check[0], '@' ), 1 )."."; - - # for no mx record... try dns check - if (checkdnsrr ( $host, "ANY" )) - return true; - } - } else { - # Email format was valid but did't check for valid mx records - return true; - } - } - # Everything failed. Bad email. - return false; - } # -------------------- # Send password to user function email_signup( $p_username, $t_password, $p_email ) { - # Email Strings $s_new_account_subject = "Your new user account"; $s_new_account_greeting = "Greetings and welcome to the WebNotes. Here is the information you need to login\n\n"; @@ -51,7 +19,7 @@ $s_new_account_password = "Password: "; $s_new_account_message = "After logging into the site please change your password. Also note that your password is stored via one way encryption. The staff cannot retrieve your password. If you forget your password it will have to be reset.\n\n"; $s_new_account_do_not_reply = "Do not reply to this message.\n"; - + # Build Welcome Message $t_message = $s_new_account_greeting. $s_new_account_username.$p_username."\n". @@ -59,43 +27,20 @@ $s_new_account_message. $s_new_account_do_not_reply; - $t_headers = ""; - email_send( $p_email, $s_new_account_subject, $t_message, $t_headers ); - } - # -------------------- - # Send new password when user forgets - function email_reset( $p_user_id, $p_password ) { - global $g_mantis_user_table, $g_path, - $s_reset_request_msg, $s_account_name_msg, - $s_news_password_msg; - - $query = "SELECT username, email - FROM $g_mantis_user_table - WHERE id='$p_user_id'"; - $result = db_query( $query ); - $row = db_fetch_array( $result ); - extract( $row, EXTR_PREFIX_ALL, "v" ); - - # Build Welcome Message - $t_message = $s_reset_request_msg."\n\n". - $s_account_name_msg.": ".$v_username."\n". - $s_news_password_msg.": ".$p_password."\n\n". - $g_path."\n\n"; - - email_send( $v_email, "New Password", $t_message ); + email_send( $p_email, $s_new_account_subject, $t_message ); } # -------------------- # this function sends the actual email - function email_send( $p_recipient, $p_subject, $p_message, $p_header="" ) { + function email_send( $p_recipient, $p_subject, $p_message, $p_header='' ) { global $g_from_email, $g_enable_email_notification, $g_return_path_email, $g_use_x_priority, $g_use_phpMailer, $g_phpMailer_method, $g_smtp_host; - + # short-circuit if no emails should be sent - if ( OFF ==$g_enable_email_notification ) { + if ( OFF == $g_enable_email_notification ) { return; } - + $t_recipient = trim( $p_recipient ); $t_subject = trim( $p_subject ); $t_message = trim( $p_message ); @@ -109,103 +54,41 @@ #echo nl2br($t_message)."<br />"; #exit; - if ( ON == $g_use_phpMailer ) { - # Visit http://phpmailer.sourceforge.net - # if you have problems with phpMailer - - include("class.phpmailer.php"); - $mail = new phpmailer; - - # Select the method to send mail - switch ( $g_phpMailer_method ) { - case 0: $mail->IsMail(); - break; - case 1: $mail->IsSendmail(); - break; - case 2: $mail->IsSMTP(); - break; - } - $mail->IsHTML(false); # set email format to plain text - $mail->WordWrap = 80; # set word wrap to 50 characters - $mail->Priority = 0; # Urgent = 1, Not Urgent = 5, Disable = 0 - $mail->Host = $g_smtp_host; - $mail->From = $g_from_email; - $mail->FromName = ""; - - # add to the Recipient list - $t_recipient_list = split(",", $t_recipient); - while ( list( , $t_recipient ) = each( $t_recipient_list ) ) { - if ( !empty( $t_recipient ) ) { - $mail->AddAddress( $t_recipient, "" ); - } - } - # add to the BCC list - $t_bcc_list = split(",", $p_header); - while(list(, $t_bcc) = each($t_bcc_list)) { - if ( !empty( $t_bcc ) ) { - $mail->AddBCC($t_bcc, ""); - } - } - - $mail->Subject = $t_subject; - $mail->Body = make_lf_crlf( "\n".$t_message ); - - if( !$mail->Send() ) { - PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<br />"; - PRINT "Mailer Error: ".$mail->ErrorInfo."<br />"; - exit; - } - } else { - # Visit http://www.php.net/manual/function.mail.php - # if you have problems with mailing + # Visit http://www.php.net/manual/function.mail.php + # if you have problems with mailing - $t_headers = "From: $g_from_email\n"; - #$t_headers .= "Reply-To: $p_reply_to_email\n"; + $t_headers = "From: $g_from_email\n"; + #$t_headers .= "Reply-To: $p_reply_to_email\n"; - $t_headers .= "X-Sender: <$g_from_email>\n"; - $t_headers .= "X-Mailer: PHP/".phpversion()."\n"; - if ( ON == $g_use_x_priority ) { - $t_headers .= "X-Priority: 0\n"; # Urgent = 1, Not Urgent = 5, Disable = 0 - } - $t_headers .= "Return-Path: <$g_return_path_email>\n"; # return email if error - # If you want to send foreign charsets - # $t_headers .= "Content-Type: text/html; charset=iso-8859-1\n"; + $t_headers .= "X-Sender: <$g_from_email>\n"; + $t_headers .= "X-Mailer: PHP/".phpversion()."\n"; + if ( ON == $g_use_x_priority ) { + $t_headers .= "X-Priority: 0\n"; # Urgent = 1, Not Urgent = 5, Disable = 0 + } + $t_headers .= "Return-Path: <$g_return_path_email>\n"; # return email if error + # If you want to send foreign charsets + # $t_headers .= "Content-Type: text/html; charset=iso-8859-1\n"; - $t_headers .= $p_header; + $t_headers .= $p_header; - $t_recipient = make_lf_crlf( $t_recipient ); - $t_subject = make_lf_crlf( $t_subject ); - $t_message = make_lf_crlf( $t_message ); - $t_headers = make_lf_crlf( $t_headers ); - $result = mail( $t_recipient, $t_subject, $t_message, $t_headers ); - if ( TRUE != $result ) { - PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<p>"; - PRINT htmlspecialchars($t_recipient)."<br />"; - PRINT htmlspecialchars($t_subject)."<p>"; - PRINT nl2br(htmlspecialchars($t_headers))."<br />"; - #PRINT nl2br(htmlspecialchars($t_message))."<p>"; - exit; - } + $t_recipient = make_lf_crlf( $t_recipient ); + $t_subject = make_lf_crlf( $t_subject ); + $t_message = make_lf_crlf( $t_message ); + $t_headers = make_lf_crlf( $t_headers ); + $result = mail( $t_recipient, $t_subject, $t_message, $t_headers ); + if ( false === $result ) { + echo "PROBLEMS SENDING MAIL TO: $t_recipient<br />"; + echo htmlspecialchars($t_recipient)."<br />"; + echo htmlspecialchars($t_subject)."<br />"; + echo nl2br(htmlspecialchars($t_headers))."<br />"; + #echo nl2br(htmlspecialchars($t_message))."<br />"; + exit; } } # -------------------- - # helper function - function get_bug_summary( $p_bug_id ) { - global $g_mantis_bug_table; - - $query = "SELECT summary - FROM $g_mantis_bug_table - WHERE id='$p_bug_id'"; - $result = db_query( $query ); - return db_result( $result, 0, 0 ); - } - # -------------------- - # -------------------- # clean up LF to CRLF function make_lf_crlf( $p_string ) { - global $g_mail_send_crlf; - - if ( ON == $g_mail_send_crlf ) { + if ( ON == config_get( 'mail_send_crlf' ) { $p_string = str_replace( "\n", "\r\n", $p_string ); return str_replace( "\r\r\n", "\r\n", $p_string ); } else { Index: user_api.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- user_api.php 17 Sep 2002 00:55:35 -0000 1.7 +++ user_api.php 17 Sep 2002 06:25:03 -0000 1.8 @@ -14,8 +14,13 @@ ### -------------------- function user_create( $p_username, $p_password, $p_email, $p_access_level = null, $p_enabled = true ) { - if ( false !== user_get_id( $p_username ) ) { - echo "Duplicate user.<br />"; + if ( false !== user_get_info( user_where_username_equals( $p_username ) ) ) { + echo "Duplicate user.<br />"; + return false; + } + + if ( false !== user_get_info( user_where_email_equals( $p_email ) ) ) { + echo "Duplicate email.<br />"; return false; } @@ -49,48 +54,61 @@ } $t_password = create_random_password( $p_email ); - + if ( false === user_create( $p_username, $t_password, $p_email ) ) { return false; } - + email_signup($p_username, $t_password, $p_email); - # @@@@ Send e-mail here. return true; } ### -------------------- - function user_get_id( $p_username ) { - global $g_phpWN_user_table; - + function user_where_current( ) { + global $g_string_cookie_val; + return ( user_where_cookie_equals( $g_string_cookie_val ) ); + } + ### -------------------- + function user_where_id_equals( $p_id ) { + $c_id = db_prepare_int( $p_id ); + return ("(id='$c_id')"); + } + ### -------------------- + function user_where_username_equals( $p_username ) { $c_username = db_prepare_string( $p_username ); + return ("(username='$c_username')"); + } + ### -------------------- + function user_where_email_equals( $p_email ) { + $c_email = db_prepare_string( $p_email ); + return ("(email='$c_email')"); + } + ### -------------------- + function user_where_cookie_equals( $p_cookie ) { + $c_cookie = db_prepare_string( $p_cookie ); + return ("(cookie_string='$c_cookie')"); + } + ### -------------------- + # The parameter passed to this function is constructed via user_where_*(). + # $p_where is not cleaned, since it is assume that all the necessary escaping is + # done in the function that constructed the where statement. + function user_get_info( $p_where ) { + $query = "SELECT * + FROM " . config_get( 'phpWN_user_table' ) . " + WHERE $p_where + LIMIT 1"; - $query = "SELECT id - FROM $g_phpWN_user_table - WHERE username='$c_username'"; $result = db_query( $query ); if ( false === $result ) { - return false; + return false; } $row = db_fetch_array( $result ); if ( false === $row ) { - return false; + return false; } - return $row['id']; - } - ### -------------------- - function get_user_info_arr( $p_string_cookie_val ) { - global $g_phpWN_user_table; - - $c_string_cookie_val = db_prepare_string( $p_string_cookie_val ); - - $query = "SELECT * - FROM $g_phpWN_user_table - WHERE cookie_string='$c_string_cookie_val'"; - $result = db_query( $query ); - return db_fetch_array( $result ); + return $row; } ### -------------------- function user_get_all() { @@ -112,32 +130,9 @@ return $t_users_array; } ### -------------------- - function user_get_info( $p_id ) { - global $g_phpWN_user_table; - - $c_id = db_prepare_int( $p_id ); - - $query = "SELECT * - FROM $g_phpWN_user_table - WHERE id = $c_id"; - - $result = db_query( $query ); - if ( false === $result ) { - echo 'User not found.<br />'; - return false; - } - - if ( $row = db_fetch_array( $result ) ) { - return ( $row ); - } - - return false; - } - ### -------------------- - function user_change_password( $p_string_cookie_val, $p_old_password, $p_new_password, $p_verify_password = null ) { - global $g_phpWN_user_table; - - $t_user = get_user_info_arr( $p_string_cookie_val ); + # $p_where is constructed using user_where_*(). + function user_change_password( $p_where, $p_old_password, $p_new_password, $p_verify_password = null ) { + $t_user = user_get_info( $p_where ); if ( false === $t_user ) { return false; ## error message printed by user_get_info(). } @@ -154,11 +149,10 @@ $t_password = access_encrypt_password( $p_new_password ); $c_password = db_prepare_string( $t_password ); - $c_cookie_string = db_prepare_string( $p_string_cookie_val ); - $query = "UPDATE $g_phpWN_user_table + $query = "UPDATE " . config_get( 'phpWN_user_table' ) . " SET password='$c_password' - WHERE cookie_string='$c_cookie_string'"; + WHERE $p_where"; $result = db_query( $query ); if ( false === $result ) { return false; |
