Menu
▾
▴
webnotes-cvs — CVS monitoring only
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(240) |
Oct
(66) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
(7) |
Oct
|
Nov
|
Dec
|
|
From: <vb...@us...> - 2002-09-18 06:55:07
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv18631/core
Modified Files:
access_api.php config_defaults_inc.php constants_inc.php
Log Message:
Started working on the access levels infrastructure
Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- access_api.php 16 Sep 2002 13:27:20 -0000 1.5
+++ access_api.php 18 Sep 2002 06:55:02 -0000 1.6
@@ -9,6 +9,17 @@
# --------------------------------------------------------
# --------------------
+ # function to be called when a user is attempting to access a page that
+ # he/she is not authorised to. This outputs an access denied message then
+ # re-directs to the mainpage.
+ function access_denied( $p_url = null ) {
+ echo '<div class="error">';
+ echo 'Access Denied';
+ # print_bracket_link( $p_url, lang_get( 'proceed' ) );
+ print '</div>';
+ exit;
+ }
+ # --------------------
# Check to see that the unique identifier is really unique
function check_cookie_string_duplicate( $p_cookie_string ) {
global $g_phpWN_user_table;
@@ -136,4 +147,46 @@
}
}
### --------------------
+ # Make sure that the specified action can be done by the logged-in user
+ # true: allowed
+ # false: not allowed
+ # if for this action a threshold is defined, it will be used.
+ # if the threshold is set to NOBODY, the specified set of user types will be used.
+ # if action is unknown, then it will return false
+ function access_check_action( $p_action ) {
+ global $g_string_cookie_val, $g_access_levels, $g_access_sets;
+
+ if ( !isset( $g_access_levels[$p_action] ) ) {
+ return false;
+ }
+
+ if ( empty( $g_string_cookie_val ) ) {
+ $t_access_level = ANONYMOUS;
+ } else {
+ $t_user = user_get_info( user_where_current() );
+ if ( false === $t_user ) {
+ return false;
+ }
+
+ $t_access_level = $t_user['access_level'];
+ }
+
+ if ( NOBODY !== $g_access_levels[$p_action] ) {
+ return ( $t_access_level >= $g_access_levels[$p_action] );
+ }
+
+ if ( !isset( $g_access_sets[$p_action] ) ) {
+ return false;
+ }
+
+ return ( in_array( $t_access_level, $g_access_sets[$p_action] ) );
+ }
+ ### --------------------
+ function access_ensure_check_action( $p_action, $p_url = null ) {
+ if ( access_check_action( $p_action ) ) {
+ return;
+ }
+
+ access_denied( $p_url );
+ }
?>
Index: config_defaults_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_defaults_inc.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- config_defaults_inc.php 17 Sep 2002 22:18:24 -0000 1.1
+++ config_defaults_inc.php 18 Sep 2002 06:55:03 -0000 1.2
@@ -125,9 +125,42 @@
# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
$g_auth_type = AUTH_PLAIN;
-
+
# allow users to signup for their own accounts
$g_allow_signup = ON;
+
+ # Access Levels
+ # any user with an access level that is greater than or equal to the specified
+ # threshold, will be able to perform the action. If an action is to be disabled
+ # for all access levels (including administrator) or to be only allowed for a
+ # specified set of access levels ($g_access_sets), then it should be set to
+ # NOBODY.
+ $g_access_levels = array(
+ ACTION_NOTES_VIEW => ANONYMOUS,
+ ACTION_NOTES_SUBMIT => ANONYMOUS,
+ ACTION_NOTES_EDIT => MODERATOR,
+ ACTION_NOTES_EDIT_OWN => REGISTERED,
+ ACTION_NOTES_DELETE_OWN => REGISTERED,
+ ACTION_NOTES_ACCEPT => MODERATOR,
+ ACTION_NOTES_ARCHIVE => MODERATOR,
+ ACTION_USER_ADD => ADMINISTRATOR,
+ ACTION_USER_EDIT => ADMINISTRATOR,
+ ACTION_USER_DELETE => ADMINISTRATOR );
+
+ # This array specified for each action, the user types that can perform it.
+ # This is more flexible than specifying a threshold. This is only used when
+ # the threshold is set to NOBODY for the specified action.
+ $g_access_sets = array(
+ ACTION_NOTES_VIEW => array(),
+ ACTION_NOTES_SUBMIT => array(),
+ ACTION_NOTES_EDIT => array(),
+ ACTION_NOTES_EDIT_OWN => array(),
+ ACTION_NOTES_DELETE_OWN => array(),
+ ACTION_NOTES_ACCEPT => array(),
+ ACTION_NOTES_ARCHIVE => array(),
+ ACTION_USER_ADD => array(),
+ ACTION_USER_EDIT => array(),
+ ACTION_USER_DELETE => array() );
###################
# EMAIL SETTINGS
Index: constants_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/constants_inc.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- constants_inc.php 15 Sep 2002 04:03:52 -0000 1.4
+++ constants_inc.php 18 Sep 2002 06:55:03 -0000 1.5
@@ -21,6 +21,7 @@
define( 'AUTH_MD5', 2 );
# User Levels
+ define( 'NOBODY', 100 ); # to disable an action completely (no user has access level 100)
define( 'ADMINISTRATOR', 90 );
define( 'MODERATOR', 70 );
define( 'REGISTERED', 40 );
@@ -36,6 +37,6 @@
define( 'ACTION_NOTES_ACCEPT', 7 );
define( 'ACTION_NOTES_ARCHIVE', 8 );
define( 'ACTION_USER_ADD', 51 );
- define( 'ACTION_USER_MODIFY', 52 );
+ define( 'ACTION_USER_EDIT', 52 );
define( 'ACTION_USER_DELETE', 53 );
?>
|
|
From: <vb...@us...> - 2002-09-17 22:18:37
|
Update of /cvsroot/webnotes/webnotes/core In directory usw-pr-cvs1:/tmp/cvs-serv23737/core Modified Files: api.php Added Files: config_defaults_inc.php Removed Files: config_inc.php Log Message: - 0000048: Rename config_inc.php to config_defaults_inc.php --- NEW FILE: config_defaults_inc.php --- <?php # phpWebNotes - a php based note addition system # Copyright (C) 2000-2002 Webnotes Team - web...@so... # This program is distributed under the terms and conditions of the GPL # See the files README and LICENSE for details # -------------------------------------------------------- # $Id: config_defaults_inc.php,v 1.1 2002/09/17 22:18:24 vboctor Exp $ # -------------------------------------------------------- ##################### # VERSION SETTINGS ##################### $g_phpWebNotes_version = '2.0.0-CVS'; ### Display phpWebNotes version on pages $g_show_version = ON; ###################### # DATABASE SETTINGS ###################### $g_hostname = 'localhost'; $g_db_username = 'root'; $g_db_password = ''; $g_database_name = 'phpWebNotes'; ### Database Table Names $g_phpWN_note_table = 'phpWN_note_table'; $g_phpWN_page_table = 'phpWN_page_table'; $g_phpWN_user_table = 'phpWN_user_table'; #################### # SERVER SETTINGS #################### # Using Microsoft Internet Information Server (IIS) $g_use_iis = OFF; ### File extension to use. Default is .php. ### Switch to .php3 if you ran convertToPHP3 $g_ext = '.php'; ### url directory $g_web_directory = '/webnotes/'; ### absolute directory path $g_absolute_directory = dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR; ###################### # COOKIES' SETTINGS ###################### ### Cookies $g_string_cookie = 'PHPWEBNOTES_COOKIE_STRING'; ################## # TIME SETTINGS ################## ### Time to wait between redirects (except index.html) $g_time_wait = 2; ### This is how long the "save login" cookies live. $g_cookie_time_length = 30000000; # 1 year ##################### # DISPLAY SETTINGS ##################### $g_window_title = 'phpWebNotes'; $g_page_title = 'phpWebNotes'; ### default ordering of the notes. ### ASC = newest on bottom $g_note_order = 'ASC'; ### optional page includes (for appearance customization) $g_top_page_inc = ''; $g_bottom_page_inc = ''; $g_date_format = 'm-d-y H:i'; ### change to language you want... choices are: ### english $g_language = 'english'; ### Theme to be used $g_theme = 'phpnet'; ### Customize this file for the add message page $g_note_add_include = 'note_add_msg_inc.php'; ### Colors $g_table_border_color = '#aaaaaa'; $g_table_title_color = '#cccccc'; # temporary color, should be changed $g_primary_dark_color = '#d8d8d8'; $g_primary_light_color = '#e8e8e8'; $g_white_color = '#ffffff'; $g_header_color = '#bbddff'; #################################### # CACHING / OPTIMISATION SETTINGS #################################### # minutes to wait before document is stale (in minutes) $g_content_expire = 0; ################### # ADMIN SETTINGS ################### $g_auto_index_pages = ON; ######################## # MODERATION SETTINGS ######################## $g_auto_accept_notes = OFF; ################################ # SECURITY AND AUTHENTICATION ################################ # AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN $g_auth_type = AUTH_PLAIN; # allow users to signup for their own accounts $g_allow_signup = ON; ################### # EMAIL SETTINGS ################### # This option allows you to use a remote SMTP host. Must use the phpMailer script # Name of smtp host, needed for phpMailer, taken from php.ini $g_smtp_host = 'localhost'; $g_webmaster_email = 'webmaster@nowhere'; $g_administrator_email = 'admin@nowhere'; # the "From: " field in emails $g_from_email = 'noreply@nowhere'; # the return address for bounced mail $g_return_path_email = 'admin@nowhere'; # if ON users will be sent their password when reset. # if OFF the password will be set to blank. $g_send_reset_password = ON; # allow email notification $g_enable_email_notification = ON; # @@@@ what is the benefit of this option? # Set to OFF to remove X-Priority header $g_use_x_priority = ON; # some Mail transfer agents (MTAs) don't like bare linefeeds... # or they take good input and create barelinefeeds # If problems occur when sending mail through your server try turning this OFF # more here: http://pobox.com/~djb/docs/smtplf.html $g_mail_send_crlf = OFF; ?> Index: api.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/api.php,v retrieving revision 1.23 retrieving revision 1.24 diff -u -d -r1.23 -r1.24 --- api.php 17 Sep 2002 00:55:35 -0000 1.23 +++ api.php 17 Sep 2002 22:18:24 -0000 1.24 @@ -18,7 +18,7 @@ # The $g_ext can not be used before the custom config is included. require_once( $t_path_core . 'php_api.php' ); require_once( $t_path_core . 'constants_inc.php' ); - require_once( $t_path_core . 'config_inc.php' ); + require_once( $t_path_core . 'config_defaults_inc.php' ); $t_custom_config = $t_path_core . 'custom_config_inc.php'; if ( file_exists( $t_custom_config ) ) { --- config_inc.php DELETED --- |
|
From: <vb...@us...> - 2002-09-17 21:51:20
|
Update of /cvsroot/webnotes/webnotes/doc In directory usw-pr-cvs1:/tmp/cvs-serv14758/doc Modified Files: ChangeLog Log Message: - Fixed a strange parse error with email_api + renamed make_lf_crlf to comply with the email_* prefix. - Updated the changelog. Index: ChangeLog =================================================================== RCS file: /cvsroot/webnotes/webnotes/doc/ChangeLog,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- ChangeLog 17 Sep 2002 00:55:35 -0000 1.14 +++ ChangeLog 17 Sep 2002 21:51:17 -0000 1.15 @@ -29,8 +29,7 @@ * Fixed a problem in db_generate.sql where the administrator account had access level 0 and was not enabled. * Added db_upgrade.sql to upgrade the db and include the password field change. * Added support for cross referencing between notes on the same document (#<note number>). - * Added user sign up support ($g_allow_signup) - emailing passwords not yet implemented. - * Added email notifications on signup,. + * Added user sign up support ($g_allow_signup) 03.12.2000 - 1.0.0 |
|
From: <vb...@us...> - 2002-09-17 21:51:20
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv14758/core
Modified Files:
email_api.php
Log Message:
- Fixed a strange parse error with email_api + renamed make_lf_crlf to
comply with the email_* prefix.
- Updated the changelog.
Index: email_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/email_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- email_api.php 17 Sep 2002 06:25:03 -0000 1.2
+++ email_api.php 17 Sep 2002 21:51:17 -0000 1.3
@@ -71,29 +71,29 @@
$t_headers .= $p_header;
- $t_recipient = make_lf_crlf( $t_recipient );
- $t_subject = make_lf_crlf( $t_subject );
- $t_message = make_lf_crlf( $t_message );
- $t_headers = make_lf_crlf( $t_headers );
+ $t_recipient = email_make_lf_crlf( $t_recipient );
+ $t_subject = email_make_lf_crlf( $t_subject );
+ $t_message = email_make_lf_crlf( $t_message );
+ $t_headers = email_make_lf_crlf( $t_headers );
$result = mail( $t_recipient, $t_subject, $t_message, $t_headers );
if ( false === $result ) {
echo "PROBLEMS SENDING MAIL TO: $t_recipient<br />";
- echo htmlspecialchars($t_recipient)."<br />";
- echo htmlspecialchars($t_subject)."<br />";
- echo nl2br(htmlspecialchars($t_headers))."<br />";
- #echo nl2br(htmlspecialchars($t_message))."<br />";
+ echo htmlspecialchars($t_recipient).'<br />';
+ echo htmlspecialchars($t_subject).'<br />';
+ echo nl2br(htmlspecialchars($t_headers)).'<br />';
+ #echo nl2br(htmlspecialchars($t_message)).'<br />';
exit;
}
}
# --------------------
# clean up LF to CRLF
- function make_lf_crlf( $p_string ) {
- if ( ON == config_get( 'mail_send_crlf' ) {
- $p_string = str_replace( "\n", "\r\n", $p_string );
- return str_replace( "\r\r\n", "\r\n", $p_string );
- } else {
+ function email_make_lf_crlf( $p_string ) {
+ if ( OFF == config_get( 'mail_send_crlf' ) ) {
return $p_string;
}
+
+ $p_string = str_replace( "\n", "\r\n", $p_string );
+ return str_replace( "\r\r\n", "\r\n", $p_string );
}
# --------------------
-?>
+?>
\ No newline at end of file
|
|
From: <vb...@us...> - 2002-09-17 07:05:00
|
Update of /cvsroot/webnotes/webnotes/doc In directory usw-pr-cvs1:/tmp/cvs-serv25192/doc Modified Files: ROADMAP Log Message: Updating roadmap. Index: ROADMAP =================================================================== RCS file: /cvsroot/webnotes/webnotes/doc/ROADMAP,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- ROADMAP 9 Sep 2002 11:24:30 -0000 1.10 +++ ROADMAP 17 Sep 2002 07:04:57 -0000 1.11 @@ -11,12 +11,15 @@ * Support for themes * Implement php.net theme * Implement classic theme to provide the original look'n'feel of version 1.0.0. - * Email notifications to administrators on the submission of new notes. - * Support MD5 password encryption (by default) + * Email notifications to moderators/administrators on the submission of new notes. + * Support MD5 password encryption (as the default) * Database schema modifications - * Update the demo installation that is used from the website. - * A new administrator interface - * Allow certain HTML tags + * A new administrator interface to manage pages, notes, and users. + * A new moderator interface to manage notes. + * A new user interface to manage own posting / own information. + * Multiple access levels: Anonymous, Registered, Moderator, Administrator. + * Allowing users to signup (configurable). + * Support auto-accept mode to be used for Intranet / Demo installations. 2.0.1 * Language Localisation (English, French, Italian, German). @@ -29,6 +32,8 @@ * LDAP Support * New Manual * Support direct links to specific notes + * Allow certain HTML tags + * Ability to assign a set of pages for each moderator to manage. 3.0.0 * Database abstraction |
|
From: <vb...@us...> - 2002-09-17 06:25:07
|
Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv14333
Modified Files:
admin_change_password.php login.php
Log Message:
- Removed the sql query from login and using core functions.
- Removed e-mail configs that were copied from Mantis but were not needed.
- Removed some e-mail apis that were not used. Also removed code that uses phpMailer.
- Clean up of user_api.php and implementing user_where*() methods which allow getting user information or changing password using any key (id, username, e-mail, cookie).
Index: admin_change_password.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/admin_change_password.php,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- admin_change_password.php 16 Sep 2002 05:24:40 -0000 1.14
+++ admin_change_password.php 17 Sep 2002 06:25:03 -0000 1.15
@@ -15,19 +15,16 @@
$f_password = gpc_get_string( 'f_password' );
$f_password2 = gpc_get_string( 'f_password' );
- if ( false === user_change_password( $g_string_cookie_val, $f_current_password, $f_password, $f_password2 ) ) {
- echo "NOT IMPLEMENTED";
- exit;
- }
-
- echo <<<EOT
- <div align="center">
- <p>Password changed successfully</p>
- </div>
+ if ( false !== user_change_password( user_where_current(), $f_current_password, $f_password, $f_password2 ) ) {
+ echo <<<EOT
+ <div align="center">
+ <p>Password changed successfully</p>
+ </div>
EOT;
+ }
}
- $row = get_user_info_arr( $g_string_cookie_val );
+ $row = user_get_info( user_where_current() );
extract( $row, EXTR_PREFIX_ALL, "v" );
print_html_top();
Index: login.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/login.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- login.php 16 Sep 2002 06:32:49 -0000 1.10
+++ login.php 17 Sep 2002 06:25:03 -0000 1.11
@@ -14,14 +14,7 @@
$f_password = gpc_get_string( 'f_password' );
$f_perm_login = gpc_get_string( 'f_perm_login', 'off' );
- $c_username = db_prepare_string( $f_username );
-
- ### get user info
- $query = "SELECT *
- FROM $g_phpWN_user_table
- WHERE username='$c_username'";
- $result = db_query( $query );
- $row = db_fetch_array( $result );
+ $row = user_get_info( user_where_username_equals( $f_username ) );
if ( $row ) {
extract( $row, EXTR_PREFIX_ALL, 'v' );
|
|
From: <vb...@us...> - 2002-09-17 06:25:07
|
Update of /cvsroot/webnotes/webnotes/core In directory usw-pr-cvs1:/tmp/cvs-serv14333/core Modified Files: config_inc.php email_api.php user_api.php Log Message: - Removed the sql query from login and using core functions. - Removed e-mail configs that were copied from Mantis but were not needed. - Removed some e-mail apis that were not used. Also removed code that uses phpMailer. - Clean up of user_api.php and implementing user_where*() methods which allow getting user information or changing password using any key (id, username, e-mail, cookie). Index: config_inc.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- config_inc.php 17 Sep 2002 00:55:35 -0000 1.17 +++ config_inc.php 17 Sep 2002 06:25:03 -0000 1.18 @@ -31,13 +31,6 @@ $g_phpWN_page_table = 'phpWN_page_table'; $g_phpWN_user_table = 'phpWN_user_table'; - ################### - # EMAIL SETTINGS - ################### - - $g_webmaster_email = 'web...@my...'; - $g_administrator_email = 'ad...@my...'; - #################### # SERVER SETTINGS #################### @@ -133,26 +126,25 @@ # AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN $g_auth_type = AUTH_PLAIN; - ############################# - # Mantis Email Settings - ############################# + # allow users to signup for their own accounts + $g_allow_signup = ON; - # --- email variables ------------- - $g_administrator_email = "administrator@nowhere"; - $g_webmaster_email = "webmaster@nowhere"; + ################### + # EMAIL SETTINGS + ################### - # the "From: " field in emails - $g_from_email = "noreply@nowhere"; + # This option allows you to use a remote SMTP host. Must use the phpMailer script + # Name of smtp host, needed for phpMailer, taken from php.ini + $g_smtp_host = 'localhost'; - # the "To: " address all emails are sent. This can be a mailing list or archive address. - # Actual users are emailed via the bcc: fields - $g_to_email = "nobody@nowhere"; + $g_webmaster_email = 'webmaster@nowhere'; + $g_administrator_email = 'admin@nowhere'; - # the return address for bounced mail - $g_return_path_email = "admin@nowhere"; + # the "From: " field in emails + $g_from_email = 'noreply@nowhere'; - # allow users to signup for their own accounts - $g_allow_signup = ON; + # the return address for bounced mail + $g_return_path_email = 'admin@nowhere'; # if ON users will be sent their password when reset. # if OFF the password will be set to blank. @@ -161,58 +153,13 @@ # allow email notification $g_enable_email_notification = ON; - # notify developers and higher when a new bug comes in - # only if their preference is also set - $g_notify_developers_on_new = ON; - - # set to OFF to disable email check - $g_validate_email = ON; - $g_check_mx_record = ON; - - # This disables the automatic generation of mailto: links - # Valid values: NONE, ALL, NO_ANONYMOUS, ADMIN_ONLY - $g_show_user_email = OFF; - + # @@@@ what is the benefit of this option? # Set to OFF to remove X-Priority header $g_use_x_priority = ON; - # Set to OFF on Windows systems, as long as php-mail-function has its bcc-bug (~PHP 4.0.6) - $g_use_bcc = ON; - # some Mail transfer agents (MTAs) don't like bare linefeeds... # or they take good input and create barelinefeeds # If problems occur when sending mail through your server try turning this OFF # more here: http://pobox.com/~djb/docs/smtplf.html $g_mail_send_crlf = OFF; - - # phpMailer instead of standard mail() function (REQUIRES PHP 4.x.x) - # Get the phpMailer-package from http://phpmailer.sourceforge.net - # The installation is very simple you only need 2 plain text php-files - # class.smtp.php - # class.phpmailer.php - - # Copy these files to your php-include-dir i.e. "c:\php\includes" or - # "/usr/lib/php/includes" - # and add this path to the "include_path"-entry in the php.ini file. - # The installation is described in the readme and there is also a simple - # example. - # PhpMailer comes with a detailed documentation in phpdoc format. - - $g_use_phpMailer = OFF; - - # select the method to mail by: - # 0 - mail() - # 1 - sendmail - # 2 - SMTP - $g_phpMailer_method = 0; - - # This option allows you to use a remote SMTP host. Must use the phpMailer script - # Name of smtp host, needed for phpMailer, taken from php.ini - $g_smtp_host = "localhost"; - - # --- email separator and padding ------------ - $g_email_separator1 = "======================================================================="; - $g_email_separator2 = "-----------------------------------------------------------------------"; - $g_email_padding_length = 28; - ?> Index: email_api.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/email_api.php,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- email_api.php 17 Sep 2002 00:55:35 -0000 1.1 +++ email_api.php 17 Sep 2002 06:25:03 -0000 1.2 @@ -7,42 +7,10 @@ ########################################################################### # Email API ########################################################################### - # -------------------- - # check to see that the format is valid and that the mx record exists - function is_valid_email( $p_email ) { - global $g_validate_email, $g_check_mx_record; - - # if we don't validate then just accept - if ( OFF == $g_validate_email ) { - return true; - } - # Use a regular expression to check to see if the email is in valid format - # x-xx.xxx@yyy.zzz.abc etc. - if (eregi("^[_.0-9a-z-]+@([0-9a-z][-0-9a-z.]+).([a-z]{2,6}$)", $p_email, $check)) { - # passed format check. see if we should check the mx records - if ( ON == $g_check_mx_record ) { # Check for valid mx records - if (getmxrr($check[1].".".$check[2], $temp)) { - return true; - } else { - $host = substr( strstr( $check[0], '@' ), 1 )."."; - - # for no mx record... try dns check - if (checkdnsrr ( $host, "ANY" )) - return true; - } - } else { - # Email format was valid but did't check for valid mx records - return true; - } - } - # Everything failed. Bad email. - return false; - } # -------------------- # Send password to user function email_signup( $p_username, $t_password, $p_email ) { - # Email Strings $s_new_account_subject = "Your new user account"; $s_new_account_greeting = "Greetings and welcome to the WebNotes. Here is the information you need to login\n\n"; @@ -51,7 +19,7 @@ $s_new_account_password = "Password: "; $s_new_account_message = "After logging into the site please change your password. Also note that your password is stored via one way encryption. The staff cannot retrieve your password. If you forget your password it will have to be reset.\n\n"; $s_new_account_do_not_reply = "Do not reply to this message.\n"; - + # Build Welcome Message $t_message = $s_new_account_greeting. $s_new_account_username.$p_username."\n". @@ -59,43 +27,20 @@ $s_new_account_message. $s_new_account_do_not_reply; - $t_headers = ""; - email_send( $p_email, $s_new_account_subject, $t_message, $t_headers ); - } - # -------------------- - # Send new password when user forgets - function email_reset( $p_user_id, $p_password ) { - global $g_mantis_user_table, $g_path, - $s_reset_request_msg, $s_account_name_msg, - $s_news_password_msg; - - $query = "SELECT username, email - FROM $g_mantis_user_table - WHERE id='$p_user_id'"; - $result = db_query( $query ); - $row = db_fetch_array( $result ); - extract( $row, EXTR_PREFIX_ALL, "v" ); - - # Build Welcome Message - $t_message = $s_reset_request_msg."\n\n". - $s_account_name_msg.": ".$v_username."\n". - $s_news_password_msg.": ".$p_password."\n\n". - $g_path."\n\n"; - - email_send( $v_email, "New Password", $t_message ); + email_send( $p_email, $s_new_account_subject, $t_message ); } # -------------------- # this function sends the actual email - function email_send( $p_recipient, $p_subject, $p_message, $p_header="" ) { + function email_send( $p_recipient, $p_subject, $p_message, $p_header='' ) { global $g_from_email, $g_enable_email_notification, $g_return_path_email, $g_use_x_priority, $g_use_phpMailer, $g_phpMailer_method, $g_smtp_host; - + # short-circuit if no emails should be sent - if ( OFF ==$g_enable_email_notification ) { + if ( OFF == $g_enable_email_notification ) { return; } - + $t_recipient = trim( $p_recipient ); $t_subject = trim( $p_subject ); $t_message = trim( $p_message ); @@ -109,103 +54,41 @@ #echo nl2br($t_message)."<br />"; #exit; - if ( ON == $g_use_phpMailer ) { - # Visit http://phpmailer.sourceforge.net - # if you have problems with phpMailer - - include("class.phpmailer.php"); - $mail = new phpmailer; - - # Select the method to send mail - switch ( $g_phpMailer_method ) { - case 0: $mail->IsMail(); - break; - case 1: $mail->IsSendmail(); - break; - case 2: $mail->IsSMTP(); - break; - } - $mail->IsHTML(false); # set email format to plain text - $mail->WordWrap = 80; # set word wrap to 50 characters - $mail->Priority = 0; # Urgent = 1, Not Urgent = 5, Disable = 0 - $mail->Host = $g_smtp_host; - $mail->From = $g_from_email; - $mail->FromName = ""; - - # add to the Recipient list - $t_recipient_list = split(",", $t_recipient); - while ( list( , $t_recipient ) = each( $t_recipient_list ) ) { - if ( !empty( $t_recipient ) ) { - $mail->AddAddress( $t_recipient, "" ); - } - } - # add to the BCC list - $t_bcc_list = split(",", $p_header); - while(list(, $t_bcc) = each($t_bcc_list)) { - if ( !empty( $t_bcc ) ) { - $mail->AddBCC($t_bcc, ""); - } - } - - $mail->Subject = $t_subject; - $mail->Body = make_lf_crlf( "\n".$t_message ); - - if( !$mail->Send() ) { - PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<br />"; - PRINT "Mailer Error: ".$mail->ErrorInfo."<br />"; - exit; - } - } else { - # Visit http://www.php.net/manual/function.mail.php - # if you have problems with mailing + # Visit http://www.php.net/manual/function.mail.php + # if you have problems with mailing - $t_headers = "From: $g_from_email\n"; - #$t_headers .= "Reply-To: $p_reply_to_email\n"; + $t_headers = "From: $g_from_email\n"; + #$t_headers .= "Reply-To: $p_reply_to_email\n"; - $t_headers .= "X-Sender: <$g_from_email>\n"; - $t_headers .= "X-Mailer: PHP/".phpversion()."\n"; - if ( ON == $g_use_x_priority ) { - $t_headers .= "X-Priority: 0\n"; # Urgent = 1, Not Urgent = 5, Disable = 0 - } - $t_headers .= "Return-Path: <$g_return_path_email>\n"; # return email if error - # If you want to send foreign charsets - # $t_headers .= "Content-Type: text/html; charset=iso-8859-1\n"; + $t_headers .= "X-Sender: <$g_from_email>\n"; + $t_headers .= "X-Mailer: PHP/".phpversion()."\n"; + if ( ON == $g_use_x_priority ) { + $t_headers .= "X-Priority: 0\n"; # Urgent = 1, Not Urgent = 5, Disable = 0 + } + $t_headers .= "Return-Path: <$g_return_path_email>\n"; # return email if error + # If you want to send foreign charsets + # $t_headers .= "Content-Type: text/html; charset=iso-8859-1\n"; - $t_headers .= $p_header; + $t_headers .= $p_header; - $t_recipient = make_lf_crlf( $t_recipient ); - $t_subject = make_lf_crlf( $t_subject ); - $t_message = make_lf_crlf( $t_message ); - $t_headers = make_lf_crlf( $t_headers ); - $result = mail( $t_recipient, $t_subject, $t_message, $t_headers ); - if ( TRUE != $result ) { - PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<p>"; - PRINT htmlspecialchars($t_recipient)."<br />"; - PRINT htmlspecialchars($t_subject)."<p>"; - PRINT nl2br(htmlspecialchars($t_headers))."<br />"; - #PRINT nl2br(htmlspecialchars($t_message))."<p>"; - exit; - } + $t_recipient = make_lf_crlf( $t_recipient ); + $t_subject = make_lf_crlf( $t_subject ); + $t_message = make_lf_crlf( $t_message ); + $t_headers = make_lf_crlf( $t_headers ); + $result = mail( $t_recipient, $t_subject, $t_message, $t_headers ); + if ( false === $result ) { + echo "PROBLEMS SENDING MAIL TO: $t_recipient<br />"; + echo htmlspecialchars($t_recipient)."<br />"; + echo htmlspecialchars($t_subject)."<br />"; + echo nl2br(htmlspecialchars($t_headers))."<br />"; + #echo nl2br(htmlspecialchars($t_message))."<br />"; + exit; } } # -------------------- - # helper function - function get_bug_summary( $p_bug_id ) { - global $g_mantis_bug_table; - - $query = "SELECT summary - FROM $g_mantis_bug_table - WHERE id='$p_bug_id'"; - $result = db_query( $query ); - return db_result( $result, 0, 0 ); - } - # -------------------- - # -------------------- # clean up LF to CRLF function make_lf_crlf( $p_string ) { - global $g_mail_send_crlf; - - if ( ON == $g_mail_send_crlf ) { + if ( ON == config_get( 'mail_send_crlf' ) { $p_string = str_replace( "\n", "\r\n", $p_string ); return str_replace( "\r\r\n", "\r\n", $p_string ); } else { Index: user_api.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- user_api.php 17 Sep 2002 00:55:35 -0000 1.7 +++ user_api.php 17 Sep 2002 06:25:03 -0000 1.8 @@ -14,8 +14,13 @@ ### -------------------- function user_create( $p_username, $p_password, $p_email, $p_access_level = null, $p_enabled = true ) { - if ( false !== user_get_id( $p_username ) ) { - echo "Duplicate user.<br />"; + if ( false !== user_get_info( user_where_username_equals( $p_username ) ) ) { + echo "Duplicate user.<br />"; + return false; + } + + if ( false !== user_get_info( user_where_email_equals( $p_email ) ) ) { + echo "Duplicate email.<br />"; return false; } @@ -49,48 +54,61 @@ } $t_password = create_random_password( $p_email ); - + if ( false === user_create( $p_username, $t_password, $p_email ) ) { return false; } - + email_signup($p_username, $t_password, $p_email); - # @@@@ Send e-mail here. return true; } ### -------------------- - function user_get_id( $p_username ) { - global $g_phpWN_user_table; - + function user_where_current( ) { + global $g_string_cookie_val; + return ( user_where_cookie_equals( $g_string_cookie_val ) ); + } + ### -------------------- + function user_where_id_equals( $p_id ) { + $c_id = db_prepare_int( $p_id ); + return ("(id='$c_id')"); + } + ### -------------------- + function user_where_username_equals( $p_username ) { $c_username = db_prepare_string( $p_username ); + return ("(username='$c_username')"); + } + ### -------------------- + function user_where_email_equals( $p_email ) { + $c_email = db_prepare_string( $p_email ); + return ("(email='$c_email')"); + } + ### -------------------- + function user_where_cookie_equals( $p_cookie ) { + $c_cookie = db_prepare_string( $p_cookie ); + return ("(cookie_string='$c_cookie')"); + } + ### -------------------- + # The parameter passed to this function is constructed via user_where_*(). + # $p_where is not cleaned, since it is assume that all the necessary escaping is + # done in the function that constructed the where statement. + function user_get_info( $p_where ) { + $query = "SELECT * + FROM " . config_get( 'phpWN_user_table' ) . " + WHERE $p_where + LIMIT 1"; - $query = "SELECT id - FROM $g_phpWN_user_table - WHERE username='$c_username'"; $result = db_query( $query ); if ( false === $result ) { - return false; + return false; } $row = db_fetch_array( $result ); if ( false === $row ) { - return false; + return false; } - return $row['id']; - } - ### -------------------- - function get_user_info_arr( $p_string_cookie_val ) { - global $g_phpWN_user_table; - - $c_string_cookie_val = db_prepare_string( $p_string_cookie_val ); - - $query = "SELECT * - FROM $g_phpWN_user_table - WHERE cookie_string='$c_string_cookie_val'"; - $result = db_query( $query ); - return db_fetch_array( $result ); + return $row; } ### -------------------- function user_get_all() { @@ -112,32 +130,9 @@ return $t_users_array; } ### -------------------- - function user_get_info( $p_id ) { - global $g_phpWN_user_table; - - $c_id = db_prepare_int( $p_id ); - - $query = "SELECT * - FROM $g_phpWN_user_table - WHERE id = $c_id"; - - $result = db_query( $query ); - if ( false === $result ) { - echo 'User not found.<br />'; - return false; - } - - if ( $row = db_fetch_array( $result ) ) { - return ( $row ); - } - - return false; - } - ### -------------------- - function user_change_password( $p_string_cookie_val, $p_old_password, $p_new_password, $p_verify_password = null ) { - global $g_phpWN_user_table; - - $t_user = get_user_info_arr( $p_string_cookie_val ); + # $p_where is constructed using user_where_*(). + function user_change_password( $p_where, $p_old_password, $p_new_password, $p_verify_password = null ) { + $t_user = user_get_info( $p_where ); if ( false === $t_user ) { return false; ## error message printed by user_get_info(). } @@ -154,11 +149,10 @@ $t_password = access_encrypt_password( $p_new_password ); $c_password = db_prepare_string( $t_password ); - $c_cookie_string = db_prepare_string( $p_string_cookie_val ); - $query = "UPDATE $g_phpWN_user_table + $query = "UPDATE " . config_get( 'phpWN_user_table' ) . " SET password='$c_password' - WHERE cookie_string='$c_cookie_string'"; + WHERE $p_where"; $result = db_query( $query ); if ( false === $result ) { return false; |
|
From: <rm...@us...> - 2002-09-17 00:55:38
|
Update of /cvsroot/webnotes/webnotes/doc In directory usw-pr-cvs1:/tmp/cvs-serv7030/doc Modified Files: ChangeLog Log Message: email notifications on signup Index: ChangeLog =================================================================== RCS file: /cvsroot/webnotes/webnotes/doc/ChangeLog,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- ChangeLog 16 Sep 2002 13:27:20 -0000 1.13 +++ ChangeLog 17 Sep 2002 00:55:35 -0000 1.14 @@ -30,6 +30,7 @@ * Added db_upgrade.sql to upgrade the db and include the password field change. * Added support for cross referencing between notes on the same document (#<note number>). * Added user sign up support ($g_allow_signup) - emailing passwords not yet implemented. + * Added email notifications on signup,. 03.12.2000 - 1.0.0 |
|
From: <rm...@us...> - 2002-09-17 00:55:38
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv7030/core
Modified Files:
api.php config_inc.php user_api.php
Added Files:
email_api.php
Log Message:
email notifications on signup
--- NEW FILE: email_api.php ---
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30...
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
###########################################################################
# Email API
###########################################################################
# --------------------
# check to see that the format is valid and that the mx record exists
function is_valid_email( $p_email ) {
global $g_validate_email, $g_check_mx_record;
# if we don't validate then just accept
if ( OFF == $g_validate_email ) {
return true;
}
# Use a regular expression to check to see if the email is in valid format
# x-xx.xxx@yyy.zzz.abc etc.
if (eregi("^[_.0-9a-z-]+@([0-9a-z][-0-9a-z.]+).([a-z]{2,6}$)", $p_email, $check)) {
# passed format check. see if we should check the mx records
if ( ON == $g_check_mx_record ) { # Check for valid mx records
if (getmxrr($check[1].".".$check[2], $temp)) {
return true;
} else {
$host = substr( strstr( $check[0], '@' ), 1 ).".";
# for no mx record... try dns check
if (checkdnsrr ( $host, "ANY" ))
return true;
}
} else {
# Email format was valid but did't check for valid mx records
return true;
}
}
# Everything failed. Bad email.
return false;
}
# --------------------
# Send password to user
function email_signup( $p_username, $t_password, $p_email ) {
# Email Strings
$s_new_account_subject = "Your new user account";
$s_new_account_greeting = "Greetings and welcome to the WebNotes. Here is the information you need to login\n\n";
$s_new_account_url = "You can login to the site here: ";
$s_new_account_username = "Username: ";
$s_new_account_password = "Password: ";
$s_new_account_message = "After logging into the site please change your password. Also note that your password is stored via one way encryption. The staff cannot retrieve your password. If you forget your password it will have to be reset.\n\n";
$s_new_account_do_not_reply = "Do not reply to this message.\n";
# Build Welcome Message
$t_message = $s_new_account_greeting.
$s_new_account_username.$p_username."\n".
$s_new_account_password.$t_password."\n\n".
$s_new_account_message.
$s_new_account_do_not_reply;
$t_headers = "";
email_send( $p_email, $s_new_account_subject, $t_message, $t_headers );
}
# --------------------
# Send new password when user forgets
function email_reset( $p_user_id, $p_password ) {
global $g_mantis_user_table, $g_path,
$s_reset_request_msg, $s_account_name_msg,
$s_news_password_msg;
$query = "SELECT username, email
FROM $g_mantis_user_table
WHERE id='$p_user_id'";
$result = db_query( $query );
$row = db_fetch_array( $result );
extract( $row, EXTR_PREFIX_ALL, "v" );
# Build Welcome Message
$t_message = $s_reset_request_msg."\n\n".
$s_account_name_msg.": ".$v_username."\n".
$s_news_password_msg.": ".$p_password."\n\n".
$g_path."\n\n";
email_send( $v_email, "New Password", $t_message );
}
# --------------------
# this function sends the actual email
function email_send( $p_recipient, $p_subject, $p_message, $p_header="" ) {
global $g_from_email, $g_enable_email_notification,
$g_return_path_email, $g_use_x_priority,
$g_use_phpMailer, $g_phpMailer_method, $g_smtp_host;
# short-circuit if no emails should be sent
if ( OFF ==$g_enable_email_notification ) {
return;
}
$t_recipient = trim( $p_recipient );
$t_subject = trim( $p_subject );
$t_message = trim( $p_message );
# for debugging only
#echo $t_recipient."<br />".$t_subject."<br />".$t_message."<br />".$t_headers;
#exit;
#echo "<br />xxxRecipient =".$t_recipient."<br />";
#echo "Headers =".nl2br($t_headers)."<br />";
#echo $t_subject."<br />";
#echo nl2br($t_message)."<br />";
#exit;
if ( ON == $g_use_phpMailer ) {
# Visit http://phpmailer.sourceforge.net
# if you have problems with phpMailer
include("class.phpmailer.php");
$mail = new phpmailer;
# Select the method to send mail
switch ( $g_phpMailer_method ) {
case 0: $mail->IsMail();
break;
case 1: $mail->IsSendmail();
break;
case 2: $mail->IsSMTP();
break;
}
$mail->IsHTML(false); # set email format to plain text
$mail->WordWrap = 80; # set word wrap to 50 characters
$mail->Priority = 0; # Urgent = 1, Not Urgent = 5, Disable = 0
$mail->Host = $g_smtp_host;
$mail->From = $g_from_email;
$mail->FromName = "";
# add to the Recipient list
$t_recipient_list = split(",", $t_recipient);
while ( list( , $t_recipient ) = each( $t_recipient_list ) ) {
if ( !empty( $t_recipient ) ) {
$mail->AddAddress( $t_recipient, "" );
}
}
# add to the BCC list
$t_bcc_list = split(",", $p_header);
while(list(, $t_bcc) = each($t_bcc_list)) {
if ( !empty( $t_bcc ) ) {
$mail->AddBCC($t_bcc, "");
}
}
$mail->Subject = $t_subject;
$mail->Body = make_lf_crlf( "\n".$t_message );
if( !$mail->Send() ) {
PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<br />";
PRINT "Mailer Error: ".$mail->ErrorInfo."<br />";
exit;
}
} else {
# Visit http://www.php.net/manual/function.mail.php
# if you have problems with mailing
$t_headers = "From: $g_from_email\n";
#$t_headers .= "Reply-To: $p_reply_to_email\n";
$t_headers .= "X-Sender: <$g_from_email>\n";
$t_headers .= "X-Mailer: PHP/".phpversion()."\n";
if ( ON == $g_use_x_priority ) {
$t_headers .= "X-Priority: 0\n"; # Urgent = 1, Not Urgent = 5, Disable = 0
}
$t_headers .= "Return-Path: <$g_return_path_email>\n"; # return email if error
# If you want to send foreign charsets
# $t_headers .= "Content-Type: text/html; charset=iso-8859-1\n";
$t_headers .= $p_header;
$t_recipient = make_lf_crlf( $t_recipient );
$t_subject = make_lf_crlf( $t_subject );
$t_message = make_lf_crlf( $t_message );
$t_headers = make_lf_crlf( $t_headers );
$result = mail( $t_recipient, $t_subject, $t_message, $t_headers );
if ( TRUE != $result ) {
PRINT "PROBLEMS SENDING MAIL TO: $t_recipient<p>";
PRINT htmlspecialchars($t_recipient)."<br />";
PRINT htmlspecialchars($t_subject)."<p>";
PRINT nl2br(htmlspecialchars($t_headers))."<br />";
#PRINT nl2br(htmlspecialchars($t_message))."<p>";
exit;
}
}
}
# --------------------
# helper function
function get_bug_summary( $p_bug_id ) {
global $g_mantis_bug_table;
$query = "SELECT summary
FROM $g_mantis_bug_table
WHERE id='$p_bug_id'";
$result = db_query( $query );
return db_result( $result, 0, 0 );
}
# --------------------
# --------------------
# clean up LF to CRLF
function make_lf_crlf( $p_string ) {
global $g_mail_send_crlf;
if ( ON == $g_mail_send_crlf ) {
$p_string = str_replace( "\n", "\r\n", $p_string );
return str_replace( "\r\r\n", "\r\n", $p_string );
} else {
return $p_string;
}
}
# --------------------
?>
Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- api.php 16 Sep 2002 13:27:20 -0000 1.22
+++ api.php 17 Sep 2002 00:55:35 -0000 1.23
@@ -66,6 +66,7 @@
require_once( $t_path_core . 'link_api.php' );
require_once( $t_path_core . 'util_api.php' );
require_once( $t_path_core . 'gpc_api.php' );
+ require_once( $t_path_core . 'email_api.php' );
require_once( $t_path_main . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $g_theme .
DIRECTORY_SEPARATOR . 'theme_api.php' );
Index: config_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- config_inc.php 16 Sep 2002 13:27:20 -0000 1.16
+++ config_inc.php 17 Sep 2002 00:55:35 -0000 1.17
@@ -132,7 +132,87 @@
# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
$g_auth_type = AUTH_PLAIN;
+
+ #############################
+ # Mantis Email Settings
+ #############################
+
+ # --- email variables -------------
+ $g_administrator_email = "administrator@nowhere";
+ $g_webmaster_email = "webmaster@nowhere";
+
+ # the "From: " field in emails
+ $g_from_email = "noreply@nowhere";
+
+ # the "To: " address all emails are sent. This can be a mailing list or archive address.
+ # Actual users are emailed via the bcc: fields
+ $g_to_email = "nobody@nowhere";
+
+ # the return address for bounced mail
+ $g_return_path_email = "admin@nowhere";
# allow users to signup for their own accounts
- $g_allow_signup = ON;
+ $g_allow_signup = ON;
+
+ # if ON users will be sent their password when reset.
+ # if OFF the password will be set to blank.
+ $g_send_reset_password = ON;
+
+ # allow email notification
+ $g_enable_email_notification = ON;
+
+ # notify developers and higher when a new bug comes in
+ # only if their preference is also set
+ $g_notify_developers_on_new = ON;
+
+ # set to OFF to disable email check
+ $g_validate_email = ON;
+ $g_check_mx_record = ON;
+
+ # This disables the automatic generation of mailto: links
+ # Valid values: NONE, ALL, NO_ANONYMOUS, ADMIN_ONLY
+ $g_show_user_email = OFF;
+
+ # Set to OFF to remove X-Priority header
+ $g_use_x_priority = ON;
+
+ # Set to OFF on Windows systems, as long as php-mail-function has its bcc-bug (~PHP 4.0.6)
+ $g_use_bcc = ON;
+
+ # some Mail transfer agents (MTAs) don't like bare linefeeds...
+ # or they take good input and create barelinefeeds
+ # If problems occur when sending mail through your server try turning this OFF
+ # more here: http://pobox.com/~djb/docs/smtplf.html
+ $g_mail_send_crlf = OFF;
+
+ # phpMailer instead of standard mail() function (REQUIRES PHP 4.x.x)
+ # Get the phpMailer-package from http://phpmailer.sourceforge.net
+ # The installation is very simple you only need 2 plain text php-files
+ # class.smtp.php
+ # class.phpmailer.php
+
+ # Copy these files to your php-include-dir i.e. "c:\php\includes" or
+ # "/usr/lib/php/includes"
+ # and add this path to the "include_path"-entry in the php.ini file.
+ # The installation is described in the readme and there is also a simple
+ # example.
+ # PhpMailer comes with a detailed documentation in phpdoc format.
+
+ $g_use_phpMailer = OFF;
+
+ # select the method to mail by:
+ # 0 - mail()
+ # 1 - sendmail
+ # 2 - SMTP
+ $g_phpMailer_method = 0;
+
+ # This option allows you to use a remote SMTP host. Must use the phpMailer script
+ # Name of smtp host, needed for phpMailer, taken from php.ini
+ $g_smtp_host = "localhost";
+
+ # --- email separator and padding ------------
+ $g_email_separator1 = "=======================================================================";
+ $g_email_separator2 = "-----------------------------------------------------------------------";
+ $g_email_padding_length = 28;
+
?>
Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- user_api.php 16 Sep 2002 13:27:20 -0000 1.6
+++ user_api.php 17 Sep 2002 00:55:35 -0000 1.7
@@ -49,11 +49,12 @@
}
$t_password = create_random_password( $p_email );
- echo "Password is '$t_password'.<br />";
+
if ( false === user_create( $p_username, $t_password, $p_email ) ) {
return false;
}
-
+
+ email_signup($p_username, $t_password, $p_email);
# @@@@ Send e-mail here.
return true;
|
|
From: <vb...@us...> - 2002-09-16 13:27:23
|
Update of /cvsroot/webnotes/webnotes/doc In directory usw-pr-cvs1:/tmp/cvs-serv1428/doc Modified Files: ChangeLog Log Message: - Got the user login to work (by creating the cookies, and implementing some extra code / re-using code from Mantis). - Fixed a java script problem in the signup page. - Added $g_allow_signup to enable/disable signup support. Index: ChangeLog =================================================================== RCS file: /cvsroot/webnotes/webnotes/doc/ChangeLog,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- ChangeLog 16 Sep 2002 06:32:49 -0000 1.12 +++ ChangeLog 16 Sep 2002 13:27:20 -0000 1.13 @@ -29,7 +29,7 @@ * Fixed a problem in db_generate.sql where the administrator account had access level 0 and was not enabled. * Added db_upgrade.sql to upgrade the db and include the password field change. * Added support for cross referencing between notes on the same document (#<note number>). - * Added a prototype of the sign up page. + * Added user sign up support ($g_allow_signup) - emailing passwords not yet implemented. 03.12.2000 - 1.0.0 |
|
From: <vb...@us...> - 2002-09-16 13:27:23
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv1428/core
Modified Files:
access_api.php api.php config_inc.php user_api.php
Log Message:
- Got the user login to work (by creating the cookies, and implementing
some extra code / re-using code from Mantis).
- Fixed a java script problem in the signup page.
- Added $g_allow_signup to enable/disable signup support.
Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- access_api.php 16 Sep 2002 05:24:40 -0000 1.4
+++ access_api.php 16 Sep 2002 13:27:20 -0000 1.5
@@ -8,24 +8,61 @@
# $Id$
# --------------------------------------------------------
+ # --------------------
+ # Check to see that the unique identifier is really unique
+ function check_cookie_string_duplicate( $p_cookie_string ) {
+ global $g_phpWN_user_table;
+
+ $c_cookie_string = addslashes($p_cookie_string);
+
+ $query = "SELECT COUNT(*)
+ FROM $g_phpWN_user_table
+ WHERE cookie_string='$c_cookie_string'";
+ $result = db_query( $query );
+ $t_count = db_result( $result, 0, 0 );
+ return ( $t_count > 0 );
+ }
+ # --------------------
+ # This string is used to use as the login identified for the web cookie
+ # It is not guarranteed to be unique and should be checked
+ # The string returned should be 64 characters in length
+ function generate_cookie_string() {
+ $t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
+ $t_val = md5( $t_val ) . md5( time() );
+ return substr( $t_val, 0, 64 );
+ }
+ # --------------------
+ # The string returned should be 64 characters in length
+ function create_cookie_string() {
+ $t_cookie_string = generate_cookie_string();
+ while ( check_cookie_string_duplicate( $t_cookie_string ) ) {
+ $t_cookie_string = generate_cookie_string();
+ }
+ return $t_cookie_string;
+ }
### --------------------
function access_encrypt_password( $p_password ) {
switch( config_get( 'auth_type' ) ) {
case AUTH_PLAIN:
- return ( $p_password );
+ $t_password = $p_password;
+ break;
case AUTH_CRYPT:
$salt = substr( $p_password, 0, 2 );
- return ( crypt( $p_password, $salt ) );
+ $t_password = crypt( $p_password, $salt );
+ break;
case AUTH_MD5:
- return ( md5( $p_password ) );
-
+ $t_password = md5( $p_password );
+ break;
+
default:
# @@@@ Replace with proper error
echo "Invalid authentication type";
exit;
} // switchconfig_get()) {
+
+ return substr( $t_password, 0, 32 );
}
### --------------------
function password_match( $p_test_password, $p_password ) {
Index: api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/api.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- api.php 14 Sep 2002 15:19:12 -0000 1.21
+++ api.php 16 Sep 2002 13:27:20 -0000 1.22
@@ -31,6 +31,7 @@
$g_login_success_page = $g_web_directory . 'admin' . $g_ext;
$g_logout = $g_web_directory . 'logout' . $g_ext;
$g_logout_redirect_page = $g_web_directory;
+ $g_signup_page = $g_web_directory . 'signup_page' . $g_ext;
$g_admin_index_files = $g_web_directory . 'admin_index_files' . $g_ext;
$g_admin_view_queue = $g_web_directory . 'admin_view_queue' . $g_ext;
Index: config_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_inc.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- config_inc.php 14 Sep 2002 06:22:03 -0000 1.15
+++ config_inc.php 16 Sep 2002 13:27:20 -0000 1.16
@@ -132,4 +132,7 @@
# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
$g_auth_type = AUTH_PLAIN;
+
+ # allow users to signup for their own accounts
+ $g_allow_signup = ON;
?>
Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- user_api.php 16 Sep 2002 05:24:40 -0000 1.5
+++ user_api.php 16 Sep 2002 13:27:20 -0000 1.6
@@ -13,6 +13,73 @@
###########################################################################
### --------------------
+ function user_create( $p_username, $p_password, $p_email, $p_access_level = null, $p_enabled = true ) {
+ if ( false !== user_get_id( $p_username ) ) {
+ echo "Duplicate user.<br />";
+ return false;
+ }
+
+ if ( null === $p_access_level ) {
+ $p_access_level = REGISTERED; # @@@@ Move to config.
+ }
+
+ $c_username = db_prepare_string( $p_username );
+ $c_email = db_prepare_string( $p_email );
+ $c_encrypted_password = db_prepare_string( access_encrypt_password( $p_password ) );
+
+ $t_seed = $p_email . $p_username;
+ $t_cookie_string = create_cookie_string( $t_seed );
+ $c_cookie_string = db_prepare_string( $t_cookie_string );
+
+ $query = "INSERT INTO phpWN_user_table (username, password, email, cookie_string)
+ VALUES ('$c_username', '$c_encrypted_password', '$c_email', '$c_cookie_string')";
+ $result = mysql_query($query);
+
+ return( false !== $result );
+ }
+ ### --------------------
+ function user_signup( $p_username, $p_email ) {
+ # Check to see if signup is allowed
+ if ( OFF == config_get( 'allow_signup' ) ) {
+ return false;
+ }
+
+ if ( empty( $p_username ) || empty( $p_email ) ) {
+ return false;
+ }
+
+ $t_password = create_random_password( $p_email );
+ echo "Password is '$t_password'.<br />";
+ if ( false === user_create( $p_username, $t_password, $p_email ) ) {
+ return false;
+ }
+
+ # @@@@ Send e-mail here.
+
+ return true;
+ }
+ ### --------------------
+ function user_get_id( $p_username ) {
+ global $g_phpWN_user_table;
+
+ $c_username = db_prepare_string( $p_username );
+
+ $query = "SELECT id
+ FROM $g_phpWN_user_table
+ WHERE username='$c_username'";
+ $result = db_query( $query );
+ if ( false === $result ) {
+ return false;
+ }
+
+ $row = db_fetch_array( $result );
+ if ( false === $row ) {
+ return false;
+ }
+
+ return $row['id'];
+ }
+ ### --------------------
function get_user_info_arr( $p_string_cookie_val ) {
global $g_phpWN_user_table;
|
|
From: <vb...@us...> - 2002-09-16 13:27:23
|
Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv1428
Modified Files:
login_page.php signup_page.php
Log Message:
- Got the user login to work (by creating the cookies, and implementing
some extra code / re-using code from Mantis).
- Fixed a java script problem in the signup page.
- Added $g_allow_signup to enable/disable signup support.
Index: login_page.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/login_page.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- login_page.php 16 Sep 2002 06:32:49 -0000 1.18
+++ login_page.php 16 Sep 2002 13:27:19 -0000 1.19
@@ -60,12 +60,13 @@
<div align="center">
<form name="f_login_form" method="post" action="$g_login">
<table class="width50" summary="">
- <tr bgcolor="$g_header_color">
- <td colspan="2" class="form-title"><strong>$s_login_title</strong></td>
+ <tr>
+ <td class="form-title" width="25%"><strong>$s_login_title</strong></td>
+ <td class="form-title" width="75%" align="right">[ <a href="signup_page.php"><strong>Sign Up</strong></a> ]</td>
</tr>
<tr class="row-1">
- <td class="category" width="25%">$s_username:</td>
- <td width="75%"><input type="text" name="f_username" size="32" maxlength="32" /></td>
+ <td class="category">$s_username:</td>
+ <td><input type="text" name="f_username" size="32" maxlength="32" /></td>
</tr>
<tr class="row-2">
<td class="category">$s_password:</td>
@@ -81,10 +82,6 @@
</table>
</form>
</div>
-
-<div align="right">
-<a href="signup_page.php"><strong>Sign Up</strong></a>
-</div>
<script type="text/javascript" language="JavaScript">
window.document.f_login_form.f_username.focus();
@@ -96,4 +93,4 @@
print_footer(__FILE__);
print_body_bottom();
print_html_bottom();
-?>
\ No newline at end of file
+?>
Index: signup_page.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/signup_page.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- signup_page.php 16 Sep 2002 06:32:49 -0000 1.1
+++ signup_page.php 16 Sep 2002 13:27:19 -0000 1.2
@@ -9,7 +9,11 @@
# --------------------------------------------------------
require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
-
+
+ if ( OFF == config_get( 'allow_signup' ) ) {
+ util_header_redirect( $g_login_page );
+ }
+
print_html_top();
print_head_top();
print_title( $g_window_title );
@@ -19,43 +23,35 @@
print_body_top();
print_header( $g_page_title );
print_top_page( $g_top_page_inc );
-
- if (isset($submit)){
- $username = gpc_get_string('f_username');
- $email = gpc_get_string('f_email');
- $password = create_random_password($email);
- $c_username = db_prepare_string( $username );
- $c_email = db_prepare_string( $email );
- $c_password = db_prepare_string( $password );
-
- $query = "INSERT INTO phpWN_user_table (username, password, email) VALUES ('$c_username', '$c_password', '$c_email')";
- $result = mysql_query($query);
+ if ( isset( $submit ) ) {
+ $t_username = gpc_get_string( 'f_username' );
+ $t_email = gpc_get_string( 'f_email' );
- echo <<<EOT
- <div align="center">
- <h1:>An e-mail is sent to <a href="mailto:$email">$email</a> with the login details. It is recommended to change your password on first login.</h1>
- <br />
- $password
- <br />
- <a href="$g_login_page"><strong>[ Login ]</strong></a>
- </div>
+ if ( user_signup( $t_username, $t_email ) ) {
+ echo <<<EOT
+ <div align="center">
+ <p>An e-mail is sent to <a href="mailto:$t_email">$t_email</a> with the login details. It is recommended to change your password on first login.</p>
+ [ <a href="$g_login_page"><strong>Login</strong></a> ]
+ </div>
EOT;
+ } else {
+ # @@@@ proper error
+ echo "Unable to signup user.<br />";
+ }
+
print_bottom_page( $g_bottom_page_inc );
- print_footer(__FILE__);
+ print_footer( __FILE__ );
print_body_bottom();
print_html_bottom();
exit;
}
-
echo <<<EOT
<div align="center">
- <form action="$PHP_SELF" method="post">
- <h1:>By filling out the following information. You will be sent email with your password.</h1>
-
+ <form name="f_signup_form" action="$PHP_SELF" method="post">
<table class="width50" summary="">
- <tr bgcolor="$g_header_color">
+ <tr>
<td colspan="2" class="form-title"><strong>Sign Up</strong></td>
</tr>
<tr class="row-1">
@@ -74,13 +70,13 @@
</div>
<script type="text/javascript" language="JavaScript">
-window.document.f_login_form.f_username.focus();
+window.document.f_signup_form.f_username.focus();
</script>
EOT;
print_bottom_page( $g_bottom_page_inc );
- print_footer(__FILE__);
+ print_footer( __FILE__ );
print_body_bottom();
print_html_bottom();
?>
|
|
From: <rm...@us...> - 2002-09-16 06:32:52
|
Update of /cvsroot/webnotes/webnotes/doc In directory usw-pr-cvs1:/tmp/cvs-serv26986/doc Modified Files: ChangeLog Log Message: add a prototype fpr the sign up page Index: ChangeLog =================================================================== RCS file: /cvsroot/webnotes/webnotes/doc/ChangeLog,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- ChangeLog 15 Sep 2002 02:25:58 -0000 1.11 +++ ChangeLog 16 Sep 2002 06:32:49 -0000 1.12 @@ -29,6 +29,7 @@ * Fixed a problem in db_generate.sql where the administrator account had access level 0 and was not enabled. * Added db_upgrade.sql to upgrade the db and include the password field change. * Added support for cross referencing between notes on the same document (#<note number>). + * Added a prototype of the sign up page. 03.12.2000 - 1.0.0 |
|
From: <rm...@us...> - 2002-09-16 06:32:52
|
Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv26986
Modified Files:
login.php login_page.php
Added Files:
signup_page.php
Log Message:
add a prototype fpr the sign up page
--- NEW FILE: signup_page.php ---
<?php
# phpWebNotes - a php based note addition system
# Copyright (C) 2000-2002 Webnotes Team - web...@so...
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: signup_page.php,v 1.1 2002/09/16 06:32:49 rmetira Exp $
# --------------------------------------------------------
require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
print_html_top();
print_head_top();
print_title( $g_window_title );
print_css( $g_css_inc_file );
print_meta_inc( $g_meta_inc_file );
print_head_bottom();
print_body_top();
print_header( $g_page_title );
print_top_page( $g_top_page_inc );
if (isset($submit)){
$username = gpc_get_string('f_username');
$email = gpc_get_string('f_email');
$password = create_random_password($email);
$c_username = db_prepare_string( $username );
$c_email = db_prepare_string( $email );
$c_password = db_prepare_string( $password );
$query = "INSERT INTO phpWN_user_table (username, password, email) VALUES ('$c_username', '$c_password', '$c_email')";
$result = mysql_query($query);
echo <<<EOT
<div align="center">
<h1:>An e-mail is sent to <a href="mailto:$email">$email</a> with the login details. It is recommended to change your password on first login.</h1>
<br />
$password
<br />
<a href="$g_login_page"><strong>[ Login ]</strong></a>
</div>
EOT;
print_bottom_page( $g_bottom_page_inc );
print_footer(__FILE__);
print_body_bottom();
print_html_bottom();
exit;
}
echo <<<EOT
<div align="center">
<form action="$PHP_SELF" method="post">
<h1:>By filling out the following information. You will be sent email with your password.</h1>
<table class="width50" summary="">
<tr bgcolor="$g_header_color">
<td colspan="2" class="form-title"><strong>Sign Up</strong></td>
</tr>
<tr class="row-1">
<td class="category" width="25%">$s_username:</td>
<td width="75%"><input type="text" name="f_username" size="32" maxlength="32" /></td>
</tr>
<tr class="row-2">
<td class="category">E-mail:</td>
<td><input type="text" name="f_email" size="32" maxlength="64" /></td>
</tr>
<tr>
<td class="form-buttons" colspan="2"><input type="submit" name="submit" value="Register" /></td>
</tr>
</table>
</form>
</div>
<script type="text/javascript" language="JavaScript">
window.document.f_login_form.f_username.focus();
</script>
EOT;
print_bottom_page( $g_bottom_page_inc );
print_footer(__FILE__);
print_body_bottom();
print_html_bottom();
?>
Index: login.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/login.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- login.php 14 Sep 2002 06:22:02 -0000 1.9
+++ login.php 16 Sep 2002 06:32:49 -0000 1.10
@@ -8,14 +8,14 @@
# $Id$
# --------------------------------------------------------
- require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
+ require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
$f_username = gpc_get_string( 'f_username' );
$f_password = gpc_get_string( 'f_password' );
$f_perm_login = gpc_get_string( 'f_perm_login', 'off' );
$c_username = db_prepare_string( $f_username );
-
+
### get user info
$query = "SELECT *
FROM $g_phpWN_user_table
Index: login_page.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/login_page.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- login_page.php 15 Sep 2002 05:08:04 -0000 1.17
+++ login_page.php 16 Sep 2002 06:32:49 -0000 1.18
@@ -82,6 +82,10 @@
</form>
</div>
+<div align="right">
+<a href="signup_page.php"><strong>Sign Up</strong></a>
+</div>
+
<script type="text/javascript" language="JavaScript">
window.document.f_login_form.f_username.focus();
</script>
|
|
From: <vb...@us...> - 2002-09-16 05:24:43
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv5760/core
Modified Files:
access_api.php user_api.php
Log Message:
The change password form is now working.
Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- access_api.php 14 Sep 2002 06:22:03 -0000 1.3
+++ access_api.php 16 Sep 2002 05:24:40 -0000 1.4
@@ -9,23 +9,27 @@
# --------------------------------------------------------
### --------------------
- function password_match( $p_test_password, $p_password ) {
+ function access_encrypt_password( $p_password ) {
switch( config_get( 'auth_type' ) ) {
case AUTH_PLAIN:
- return ( strcmp( $p_test_password, $p_password ) == 0 );
+ return ( $p_password );
case AUTH_CRYPT:
$salt = substr( $p_password, 0, 2 );
- return ( crypt( $p_test_password, $salt ) == $p_password );
+ return ( crypt( $p_password, $salt ) );
- case AUTH_MD5:
- return ( md5( $p_test_password ) == $p_password );
+ case AUTH_MD5:
+ return ( md5( $p_password ) );
default:
# @@@@ Replace with proper error
echo "Invalid authentication type";
exit;
} // switchconfig_get()) {
+ }
+ ### --------------------
+ function password_match( $p_test_password, $p_password ) {
+ return ( access_encrypt_password( $p_test_password ) === $p_password );
}
### --------------------
function access_verify_login( $p_username, $p_password ) {
Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- user_api.php 15 Sep 2002 04:03:52 -0000 1.4
+++ user_api.php 16 Sep 2002 05:24:40 -0000 1.5
@@ -44,19 +44,58 @@
return $t_users_array;
}
### --------------------
- function user_change_password( $p_id, $p_old_password, $p_new_password, $p_verify_password = null ) {
- # @@@@ to be implemented
- #if ( $f_password == $f_password2 ) {
- # $f_password = crypt($f_password);
- # $query = "UPDATE $g_phpWN_user_table
- # SET password='$f_password'
- # WHERE id='$f_id'";
- # $result = db_query( $query );
- # $pass_change = 1;
- #} else {
- # # @@@@
- # echo "PASSWORDS DO NOT MATCH";
- # exit;
- #}
+ function user_get_info( $p_id ) {
+ global $g_phpWN_user_table;
+
+ $c_id = db_prepare_int( $p_id );
+
+ $query = "SELECT *
+ FROM $g_phpWN_user_table
+ WHERE id = $c_id";
+
+ $result = db_query( $query );
+ if ( false === $result ) {
+ echo 'User not found.<br />';
+ return false;
+ }
+
+ if ( $row = db_fetch_array( $result ) ) {
+ return ( $row );
+ }
+
+ return false;
+ }
+ ### --------------------
+ function user_change_password( $p_string_cookie_val, $p_old_password, $p_new_password, $p_verify_password = null ) {
+ global $g_phpWN_user_table;
+
+ $t_user = get_user_info_arr( $p_string_cookie_val );
+ if ( false === $t_user ) {
+ return false; ## error message printed by user_get_info().
+ }
+
+ if ( !access_verify_login( $t_user['username'], $p_old_password ) ) {
+ echo 'Original password is incorrect.<br />';
+ return false;
+ }
+
+ if ( ( $p_verify_password !== null ) && ( $p_verify_password != $p_new_password ) ) {
+ echo 'New and verify passwords do not match.<br />';
+ return false;
+ }
+
+ $t_password = access_encrypt_password( $p_new_password );
+ $c_password = db_prepare_string( $t_password );
+ $c_cookie_string = db_prepare_string( $p_string_cookie_val );
+
+ $query = "UPDATE $g_phpWN_user_table
+ SET password='$c_password'
+ WHERE cookie_string='$c_cookie_string'";
+ $result = db_query( $query );
+ if ( false === $result ) {
+ return false;
+ }
+
+ return true;
}
?>
|
|
From: <vb...@us...> - 2002-09-16 05:24:42
|
Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv5760
Modified Files:
admin_change_password.php
Log Message:
The change password form is now working.
Index: admin_change_password.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/admin_change_password.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- admin_change_password.php 15 Sep 2002 04:03:51 -0000 1.13
+++ admin_change_password.php 16 Sep 2002 05:24:40 -0000 1.14
@@ -11,14 +11,20 @@
require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
if ( isset( $f_action ) && ( $f_action == 'change' ) ) {
- $f_current_password = gpc_get_string( $f_current_password );
- $f_password = gpc_get_string( $f_password );
- $f_password2 = gpc_get_string( $f_password2 );
+ $f_current_password = gpc_get_string( 'f_current_password' );
+ $f_password = gpc_get_string( 'f_password' );
+ $f_password2 = gpc_get_string( 'f_password' );
- # @@@@ Use user_change_password() after it is implemented
+ if ( false === user_change_password( $g_string_cookie_val, $f_current_password, $f_password, $f_password2 ) ) {
+ echo "NOT IMPLEMENTED";
+ exit;
+ }
- echo "NOT IMPLEMENTED";
- exit;
+ echo <<<EOT
+ <div align="center">
+ <p>Password changed successfully</p>
+ </div>
+EOT;
}
$row = get_user_info_arr( $g_string_cookie_val );
|
|
From: <vb...@us...> - 2002-09-16 04:47:25
|
Update of /cvsroot/webnotes/webnotes/sql In directory usw-pr-cvs1:/tmp/cvs-serv29176/sql Modified Files: db_upgrade.sql Log Message: Fixed the case of the table names Index: db_upgrade.sql =================================================================== RCS file: /cvsroot/webnotes/webnotes/sql/db_upgrade.sql,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- db_upgrade.sql 15 Sep 2002 04:03:52 -0000 1.2 +++ db_upgrade.sql 16 Sep 2002 04:47:22 -0000 1.3 @@ -1,2 +1,2 @@ -ALTER TABLE `phpwn_user_table` CHANGE `password` `password` VARCHAR( 32 ) NOT NULL; -ALTER TABLE `phpwn_user_table` CHANGE `access_level` `access_level` INT( 2 ) DEFAULT '40' NOT NULL; \ No newline at end of file +ALTER TABLE `phpWN_user_table` CHANGE `password` `password` VARCHAR( 32 ) NOT NULL; +ALTER TABLE `phpWN_user_table` CHANGE `access_level` `access_level` INT( 2 ) DEFAULT '40' NOT NULL; |
|
From: <vb...@us...> - 2002-09-15 13:20:59
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv8553/core
Modified Files:
css_inc.php
Log Message:
Updating the submit note page to follow the new look'n'feel.
Index: css_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/css_inc.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- css_inc.php 15 Sep 2002 04:03:52 -0000 1.6
+++ css_inc.php 15 Sep 2002 13:20:56 -0000 1.7
@@ -18,6 +18,7 @@
address { font-family:Verdana, Arial; font-size: 8pt }
div {width: auto; font-size: 10pt; clear: both;}
div.code {background-color: #f0f0f0; border: 1px solid #444444; padding: 8px; font-family: courier new, courier, fixed; white-space: pre;}
+div.note75 { width: 75%; background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
div.note {background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
div.warning {background-color: #f8e0e0; border: 1px solid #aa4444; padding: 8px;}
div.parent {background-color: #e8e8e8; border-bottom: 1px solid #aaaaaa; padding-top: 4px;}
@@ -32,4 +33,5 @@
td.form-title { background-color: #ffffff; color: #000000; font-weight: bold; }
td.form-buttons { background-color: #ffffff; color: #000000; font-weight: bold; text-align: center; }
table.width50 { width: 50%; border: solid 1px #000000; }
+table.width75 { width: 75%; border: solid 1px #000000; }
</style>
|
|
From: <vb...@us...> - 2002-09-15 13:20:59
|
Update of /cvsroot/webnotes/webnotes In directory usw-pr-cvs1:/tmp/cvs-serv8553 Modified Files: note_add_msg_inc.php note_add_page.php Log Message: Updating the submit note page to follow the new look'n'feel. Index: note_add_msg_inc.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/note_add_msg_inc.php,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- note_add_msg_inc.php 11 Sep 2002 09:49:54 -0000 1.6 +++ note_add_msg_inc.php 15 Sep 2002 13:20:56 -0000 1.7 @@ -8,15 +8,19 @@ # $Id$ # -------------------------------------------------------- ?> +<br /> <div align="center"> +<div class="note75" align="center"> + <strong>NOTE</strong><br /><br /> <table width="75%"> <tr> <td> <p>You can contribute your insights to this document via your web browser!</p> <p>Just add your comment and (optional) email address in the form below. If you do specify your real email, anti-spam measures are encouraged (eg. la...@ma...).</p> - <p>Currently no HTML tags are allowed. Line breaks are preserved.</p> + <p>No HTML tags are allowed. Line breaks are preserved.</p> <p>After you add your note it will be queued for approval by a moderator. Your note may be edited for spelling, grammar, and content.</p> </td> </tr> </table> +</div> </div> Index: note_add_page.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/note_add_page.php,v retrieving revision 1.15 retrieving revision 1.16 diff -u -d -r1.15 -r1.16 --- note_add_page.php 11 Sep 2002 09:49:54 -0000 1.15 +++ note_add_page.php 15 Sep 2002 13:20:56 -0000 1.16 @@ -49,36 +49,35 @@ echo <<<EOT <br /> <div align="center"> - <table bgcolor="$g_table_border_color" width="75%" cellspacing="1" border="0"> - <form method="post" action="note_preview_page.php"> + <table class="width75" summary=""> + <form method="post" action="$g_note_preview_page"> <input type="hidden" name="f_came_from" value="$HTTP_REFERER" /> <input type="hidden" name="f_page_id" value="$f_page_id" /> <input type="hidden" name="f_url" value="$f_url" /> - - <tr bgcolor="$g_header_color"> - <td colspan="2"><strong><? echo $s_add_note ?></strong></td> + + <tr class="form-title"> + <td colspan="2"><strong>$s_add_note</strong></td> </tr> - <tr bgcolor="$g_primary_light_color"> - <td width="15%">$s_page</td> + <tr class="row-1"> + <td class="category" width="15%">$s_page</td> <td width="85%">$t_base_page_name</td> </tr> - <tr bgcolor="$g_primary_dark_color"> - <td>$s_date</td> + <tr class="row-2"> + <td class="category">$s_date</td> <td>$t_date</td> </tr> - <tr bgcolor="$g_primary_light_color"> - <td>$s_email</td> + <tr class="row-1"> + <td class="category">$s_email</td> <td><input type="text" name="f_email" size="64" maxlength="128" /></td> </tr> - <tr bgcolor="$g_primary_dark_color"> - <td>$s_note</td> + <tr class="row-2"> + <td class="category">$s_note</td> <td><textarea type="text" name="f_note" rows="16" cols="72"></textarea></td> </tr> - <tr bgcolor="$g_white_color"> - <td colspan="2" align="center" width="80%"><input type="submit" value="Preview" /> + <tr> + <td class="form-buttons" colspan="2" align="center" width="80%"><input type="submit" value="Preview" /> </td> - </tr> </form> </table> |
|
From: <vb...@us...> - 2002-09-15 05:08:07
|
Update of /cvsroot/webnotes/webnotes/themes/phpnet
In directory usw-pr-cvs1:/tmp/cvs-serv17699/themes/phpnet
Modified Files:
theme_api.php
Log Message:
Some fixes as recommended by HTMLTidy.
Index: theme_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/themes/phpnet/theme_api.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- theme_api.php 15 Sep 2002 02:25:58 -0000 1.11
+++ theme_api.php 15 Sep 2002 05:08:05 -0000 1.12
@@ -39,7 +39,7 @@
#$path = dirname ( __FILE__ ) . DIRECTORY_SEPARATOR . 'images' . DIRECTORY_SEPARATOR;
#$image = $path .'notes_add.gif';
- $url = $g_web_directory . '/themes/' . $g_theme . '/images/';
+ $url = $g_web_directory . 'themes/' . $g_theme . '/images/';
$add_picture = $url . 'notes_add.gif';
$help_picture = $url . 'notes_about.gif';
@@ -51,7 +51,7 @@
}
echo <<<EOT
- <table border="0" cellpadding="4" cellspacing="0" width="100%">
+ <table summary="" border="0" cellpadding="4" cellspacing="0" width="100%">
<tr bgcolor="#d0d0d0" valign="top">
<td><small>User Contributed Notes</small><br /><strong>$p_page</strong></td>
<td align="right">
@@ -70,40 +70,43 @@
if ( isset( $p_note_info_array['id'] ) && ( $p_note_info_array['id'] != 0 ) ) {
$t_id = '#' . (integer)$p_note_info_array['id'];
+ $t_id_view = '<pre>' . $t_id . '</pre>';
+ $t_id_bookmark = "<a name=\"$t_id\"></a>";
} else {
- $t_id = '';
+ $t_id_view = ' ';
+ $t_id_bookmark = '';
}
if ( isset( $p_note_info_array['email'] ) ) {
- $t_email = $p_note_info_array['email'];
+ $t_email = $p_note_info_array['email'];
} else {
$t_email = '';
}
if ( isset( $p_note_info_array['date'] ) ) {
- $t_date = $p_note_info_array['date'];
+ $t_date = $p_note_info_array['date'];
} else {
$t_date = '';
}
if ( isset( $p_note_info_array['note'] ) ) {
- $t_note = $p_note_info_array['note'];
+ $t_note = '<pre>' . $p_note_info_array['note'] . '</pre>';
} else {
- $t_note = '';
+ $t_note = ' ';
}
-
+
echo <<<EOT
<tr valign="top">
<td bgcolor="#e0e0e0" colspan="2">
- <a name="$t_id"></a>
+ $t_id_bookmark
- <table border="0" cellpadding="2" cellspacing="0" width="100%">
- <tr align="top" bgcolor="#e0e0e0">
- <td><b>$t_email</b><br/>$t_date</td>
- <td align="right"><pre>$t_id</pre></td>
+ <table summary="" border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr valign="top" bgcolor="#e0e0e0">
+ <td><strong>$t_email</strong><br/>$t_date</td>
+ <td align="right">$t_id_view</td>
</tr>
<tr bgcolor="#f0f0f0">
- <td colspan="2"><pre>$t_note</pre></td>
+ <td colspan="2">$t_note</td>
</tr>
</table>
</td>
@@ -118,7 +121,7 @@
$c_url = urlencode( $p_url );
$t_page_id = page_get_id( $p_page );
- $url = $g_web_directory . '/themes/' . $g_theme . '/images/';
+ $url = $g_web_directory . 'themes/' . $g_theme . '/images/';
$add_picture = $url . 'notes_add.gif';
$help_picture = $url . 'notes_about.gif';
@@ -135,7 +138,7 @@
$t_link_start<img src="$add_picture" border="0" width="13" height="13" alt="Add Notes" />$t_link_end
<img src="$help_picture" border="0" width="13" height="13" alt="About Notes" />
</td>
- </tr>
+ </tr>
</table>
EOT;
}
|
|
From: <vb...@us...> - 2002-09-15 05:08:07
|
Update of /cvsroot/webnotes/webnotes/themes/classic
In directory usw-pr-cvs1:/tmp/cvs-serv17699/themes/classic
Modified Files:
theme_api.php
Log Message:
Some fixes as recommended by HTMLTidy.
Index: theme_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/themes/classic/theme_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- theme_api.php 11 Sep 2002 09:49:55 -0000 1.4
+++ theme_api.php 15 Sep 2002 05:08:05 -0000 1.5
@@ -68,9 +68,9 @@
}
if ( isset( $p_note_info_array['note'] ) ) {
- $t_note = $p_note_info_array['note'];
+ $t_note = '<pre>' . $p_note_info_array['note'] . '</pre>';
} else {
- $t_note = '';
+ $t_note = ' ';
}
echo <<<EOT
@@ -78,7 +78,7 @@
<td> <em><a href="mailto:$t_email">$t_email</a></em> - $t_date</td>
</tr>
<tr bgcolor="$g_primary_light_color">
- <td><pre>$t_note</pre></td>
+ <td>$t_note</td>
</tr>
<tr bgcolor="$g_white_color" height="2">
<td></td>
|
|
From: <vb...@us...> - 2002-09-15 05:08:07
|
Update of /cvsroot/webnotes/webnotes In directory usw-pr-cvs1:/tmp/cvs-serv17699 Modified Files: login_page.php note_preview_page.php Log Message: Some fixes as recommended by HTMLTidy. Index: login_page.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/login_page.php,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- login_page.php 14 Sep 2002 23:27:36 -0000 1.16 +++ login_page.php 15 Sep 2002 05:08:04 -0000 1.17 @@ -59,7 +59,7 @@ echo <<<EOT <div align="center"> <form name="f_login_form" method="post" action="$g_login"> - <table class="width50"> + <table class="width50" summary=""> <tr bgcolor="$g_header_color"> <td colspan="2" class="form-title"><strong>$s_login_title</strong></td> </tr> Index: note_preview_page.php =================================================================== RCS file: /cvsroot/webnotes/webnotes/note_preview_page.php,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- note_preview_page.php 13 Sep 2002 07:17:53 -0000 1.4 +++ note_preview_page.php 15 Sep 2002 05:08:04 -0000 1.5 @@ -19,20 +19,21 @@ print_body_top(); print_header( $g_page_title ); + $f_page_id = gpc_get_int( 'f_page_id' ); + $f_email = string_disable_html( gpc_get_string( 'f_email' ) ); + $f_note = string_disable_html( gpc_get_string( 'f_note' ) ); + $f_came_from = gpc_get_string( 'f_came_from' ); + $f_url = gpc_get_string( 'f_url' ); + $t_back = htmlspecialchars( $HTTP_REFERER ); + echo <<<EOT <br /> <div align="center"> - <a href="$HTTP_REFERER">$s_back_link</a> + <a href="$t_back">$s_back_link</a> </div> <br /> EOT; - $f_page_id = gpc_get_int( 'f_page_id' ); - $f_email = string_disable_html( gpc_get_string( 'f_email' ) ); - $f_note = string_disable_html( gpc_get_string( 'f_note' ) ); - $f_came_from = gpc_get_string( 'f_came_from' ); - $f_url = gpc_get_string( 'f_url' ); - $t_note['id'] = '0'; $t_note['email']= $f_email; $t_note['date'] = date ($g_date_format); @@ -44,24 +45,17 @@ theme_notes_end( $t_page, $f_url, true ); $f_email = string_to_form( $f_email ); - $f_note = string_to_form( $f_note ); + $f_note = string_to_form( $f_note ); echo <<<EOT - <form method="post" action="note_add.php"> - - <input type="hidden" name="f_came_from" value="$f_came_from" /> - <input type="hidden" name="f_page_id" value="$f_page_id" /> - <input type="hidden" name="f_url" value="$f_url" /> - - <input type="hidden" name="f_email" value="$f_email" /> - <input type="hidden" name="f_note" value="$f_note" /> - - <table width="100%"> - <tr bgcolor="$g_white_color"> - <td colspan="2" align="center" width="80%"><input type="submit" value="Submit" /> - </td> - </tr> - </table> + <br /> + <form method="post" action="$g_note_add"> + <input type="hidden" name="f_came_from" value="$f_came_from" /> + <input type="hidden" name="f_page_id" value="$f_page_id" /> + <input type="hidden" name="f_url" value="$f_url" /> + <input type="hidden" name="f_email" value="$f_email" /> + <input type="hidden" name="f_note" value="$f_note" /> + <input type="submit" name="f_submit" value="Submit" /> </form> EOT; |
|
From: <vb...@us...> - 2002-09-15 04:03:55
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv5285/core
Modified Files:
constants_inc.php css_inc.php user_api.php
Log Message:
Some clean up of the change password page + using the Mantis style +
requiring the current password in the change password form.
Index: constants_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/constants_inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- constants_inc.php 14 Sep 2002 06:22:03 -0000 1.3
+++ constants_inc.php 15 Sep 2002 04:03:52 -0000 1.4
@@ -15,8 +15,27 @@
define( 'ON', 1 );
define( 'OFF', 0 );
- # Authentication Types
+ # Authentication Types
define( 'AUTH_PLAIN', 0 );
define( 'AUTH_CRYPT', 1 );
define( 'AUTH_MD5', 2 );
+
+ # User Levels
+ define( 'ADMINISTRATOR', 90 );
+ define( 'MODERATOR', 70 );
+ define( 'REGISTERED', 40 );
+ define( 'ANONYMOUS', 10 );
+
+ # Actions
+ define( 'ACTION_NOTES_VIEW', 1 );
+ define( 'ACTION_NOTES_SUBMIT', 2 );
+ define( 'ACTION_NOTES_EDIT', 3 );
+ define( 'ACTION_NOTES_EDIT_OWN', 4 );
+ define( 'ACTION_NOTES_DELETE', 5 );
+ define( 'ACTION_NOTES_DELETE_OWN', 6 );
+ define( 'ACTION_NOTES_ACCEPT', 7 );
+ define( 'ACTION_NOTES_ARCHIVE', 8 );
+ define( 'ACTION_USER_ADD', 51 );
+ define( 'ACTION_USER_MODIFY', 52 );
+ define( 'ACTION_USER_DELETE', 53 );
?>
Index: css_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/css_inc.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- css_inc.php 14 Sep 2002 23:27:36 -0000 1.5
+++ css_inc.php 15 Sep 2002 04:03:52 -0000 1.6
@@ -9,35 +9,27 @@
# --------------------------------------------------------
?>
<style type="text/css">
-form { margin: 0px; display: inline; }
+
+form { margin: 0px; display: inline; }
body { background-color: #ffffff; font-family:Verdana, Arial; font-size: 10pt }
td { font-family:Verdana, Arial; font-size: 10pt; padding: 4px; text-align: left; }
p { font-family:Verdana, Arial; font-size: 10pt }
h3 { font-family:Verdana, Arial; font-size: 13pt; font-weight: bold; text-align: center }
address { font-family:Verdana, Arial; font-size: 8pt }
-div {width: auto; font-size: 10pt; clear: both;}
-div.code {background-color: #f0f0f0; border: 1px solid #444444; padding: 8px; font-family: courier new, courier, fixed; white-space: pre;}
-div.note {background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
-div.warning {background-color: #f8e0e0; border: 1px solid #aa4444; padding: 8px;}
-div.parent {background-color: #e8e8e8; border-bottom: 1px solid #aaaaaa; padding-top: 4px;}
-
-div.example {background-color: #f4f4f4; font-family: courier new, courier, fixed; border-left: 1px solid #000000; border-right: 1px solid #000000; display: inline;}
-
-div.float-right {background-color: #ffffcc; border: 1px solid #88aa44; float: right; width: 30%; display: inline; padding: 8px;}
-div.float-left {background-color: #ffffcc; border: 1px solid #88aa44; float: left; width: 30%; display: inline; padding: 8px;}
-
-div.title {background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
-div.box { border: 1px solid #000000; padding: 8px;}
-
+div {width: auto; font-size: 10pt; clear: both;}
+div.code {background-color: #f0f0f0; border: 1px solid #444444; padding: 8px; font-family: courier new, courier, fixed; white-space: pre;}
+div.note {background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
+div.warning {background-color: #f8e0e0; border: 1px solid #aa4444; padding: 8px;}
+div.parent {background-color: #e8e8e8; border-bottom: 1px solid #aaaaaa; padding-top: 4px;}
+div.example {background-color: #f4f4f4; font-family: courier new, courier, fixed; border-left: 1px solid #000000; border-right: 1px solid #000000; display: inline;}
+div.title {background-color: #c8e0f8; border: 1px solid #4444aa; padding: 8px;}
+div.box { border: 1px solid #000000; padding: 8px;}
div.warning {background-color: #f8e0e0; border: 1px solid #aa4444; padding: 8px;}
div.menu {background-color: #f4f4f4; border: 1px solid #000000; padding: 8px; text-align: center; }
-
-tr.row-1 { background-color: #d8d8d8; color: #000000; }
-tr.row-2 { background-color: #e8e8e8; color: #000000; }
-td.category { background-color: #c8c8e8; color: #000000; font-weight: bold; }
-td.form-title { background-color: #ffffff; color: #000000; font-weight: bold; }
-td.form-buttons { background-color: #ffffff; color: #000000; font-weight: bold; text-align: center; }
-
+tr.row-1 { background-color: #d8d8d8; color: #000000; }
+tr.row-2 { background-color: #e8e8e8; color: #000000; }
+td.category { background-color: #c8c8e8; color: #000000; font-weight: bold; }
+td.form-title { background-color: #ffffff; color: #000000; font-weight: bold; }
+td.form-buttons { background-color: #ffffff; color: #000000; font-weight: bold; text-align: center; }
table.width50 { width: 50%; border: solid 1px #000000; }
-
</style>
Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- user_api.php 14 Sep 2002 15:19:12 -0000 1.3
+++ user_api.php 15 Sep 2002 04:03:52 -0000 1.4
@@ -43,4 +43,20 @@
return $t_users_array;
}
+ ### --------------------
+ function user_change_password( $p_id, $p_old_password, $p_new_password, $p_verify_password = null ) {
+ # @@@@ to be implemented
+ #if ( $f_password == $f_password2 ) {
+ # $f_password = crypt($f_password);
+ # $query = "UPDATE $g_phpWN_user_table
+ # SET password='$f_password'
+ # WHERE id='$f_id'";
+ # $result = db_query( $query );
+ # $pass_change = 1;
+ #} else {
+ # # @@@@
+ # echo "PASSWORDS DO NOT MATCH";
+ # exit;
+ #}
+ }
?>
|
|
From: <vb...@us...> - 2002-09-15 04:03:55
|
Update of /cvsroot/webnotes/webnotes
In directory usw-pr-cvs1:/tmp/cvs-serv5285
Modified Files:
admin_change_password.php
Log Message:
Some clean up of the change password page + using the Mantis style +
requiring the current password in the change password form.
Index: admin_change_password.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/admin_change_password.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- admin_change_password.php 14 Sep 2002 15:19:12 -0000 1.12
+++ admin_change_password.php 15 Sep 2002 04:03:51 -0000 1.13
@@ -8,20 +8,17 @@
# $Id$
# --------------------------------------------------------
- require_once( "core" . DIRECTORY_SEPARATOR . "api.php" );
+ require_once( 'core' . DIRECTORY_SEPARATOR . 'api.php' );
- if (isset($f_action)&&($f_action=="change")) {
- if ($f_password==$f_password2) {
- $f_password = crypt($f_password);
- $query = "UPDATE $g_phpWN_user_table
- SET password='$f_password'
- WHERE id='$f_id'";
- $result = db_query( $query );
- $pass_change = 1;
- } else {
- PRINT "PASSWORDS DO NOT MATCH";
- exit;
- }
+ if ( isset( $f_action ) && ( $f_action == 'change' ) ) {
+ $f_current_password = gpc_get_string( $f_current_password );
+ $f_password = gpc_get_string( $f_password );
+ $f_password2 = gpc_get_string( $f_password2 );
+
+ # @@@@ Use user_change_password() after it is implemented
+
+ echo "NOT IMPLEMENTED";
+ exit;
}
$row = get_user_info_arr( $g_string_cookie_val );
@@ -38,55 +35,45 @@
print_admin_menu();
- echo '<br /><div align="center">';
-
if ( isset( $pass_change ) && ( $pass_change == 1 ) ) {
- echo "Password changed.<br />";
+ echo '<div align="center">Password changed.</div>';
+ } else {
+ echo <<<EOT
+ <div align="center">
+ <form method="post" action="$g_admin_change_password">
+ <input type="hidden" name="f_action" value="change" />
+ <input type="hidden" name="f_id" value="$v_id" />
+ <table class="width50">
+ <tr class="form-title">
+ <td colspan="2">
+ <strong>$s_change_password_title</strong>
+ </td>
+ </tr>
+ <tr class="row-1">
+ <td class="category" width="25%">$s_username:</td>
+ <td width="75%">$v_username</td>
+ </tr>
+ <tr class="row-2">
+ <td class="category">Current Password:</td>
+ <td><input type="password" name="f_current_password" size="32" maxlength="32" /></td>
+ </tr>
+ <tr class="row-1">
+ <td class="category">$s_password:</td>
+ <td><input type="password" name="f_password" size="32" maxlength="32" /></td>
+ </tr>
+ <tr class="row-2">
+ <td class="category">$s_verify_password:</td>
+ <td><input type="password" name="f_password2" size="32" maxlength="32" /></td>
+ </tr>
+ <tr>
+ <td class="form-buttons" colspan="2"><input type="submit" value="$s_change_password_link" /></td>
+ </tr>
+ </table>
+ </form>
+ </div>
+EOT;
}
-?>
-<form method="post" action="<? echo $g_admin_change_password ?>">
-<input type="hidden" name="f_action" value="change" />
-<input type="hidden" name="f_id" value="<? echo $v_id ?>" />
-<table width="40%" bgcolor="<? echo $g_table_border_color ?>" cellspacing="1" border="0">
-<tr bgcolor=<? echo $g_header_color ?>>
- <td colspan="2" bgcolor="<? echo $g_table_title_color ?>">
- <strong><? echo $s_change_password_title ?></strong>
- </td>
-</tr>
-<tr bgcolor="<? echo $g_white_color ?>">
- <td width="25%">
- <? echo $s_username ?>:
- </td>
- <td width="75%">
- <? echo $v_username ?>
- </td>
-</tr>
-<tr bgcolor="<? echo $g_white_color ?>">
- <td>
- <? echo $s_password ?>:
- </td>
- <td>
- <input type="password" name="f_password" size="32" maxlength="32" />
- </td>
-</tr>
-<tr bgcolor="<? echo $g_white_color ?>">
- <td>
- <? echo $s_verify_password ?>:
- </td>
- <td>
- <input type="password" name="f_password2" size="32" maxlength="32" />
- </td>
-</tr>
-<tr bgcolor="<? echo $g_white_color ?>">
- <td align="center" colspan="2">
- <input type="submit" value="<? echo $s_change_password_link ?>" />
- </td>
-</tr>
-</table>
-</form>
-</div>
-<?php
print_bottom_page( $g_bottom_page_inc );
print_footer( __FILE__ );
print_body_bottom();
|
|
From: <vb...@us...> - 2002-09-15 04:03:55
|
Update of /cvsroot/webnotes/webnotes/sql In directory usw-pr-cvs1:/tmp/cvs-serv5285/sql Modified Files: db_upgrade.sql Log Message: Some clean up of the change password page + using the Mantis style + requiring the current password in the change password form. Index: db_upgrade.sql =================================================================== RCS file: /cvsroot/webnotes/webnotes/sql/db_upgrade.sql,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- db_upgrade.sql 14 Sep 2002 06:22:03 -0000 1.1 +++ db_upgrade.sql 15 Sep 2002 04:03:52 -0000 1.2 @@ -1 +1,2 @@ -ALTER TABLE `phpwn_user_table` CHANGE `password` `password` VARCHAR( 32 ) NOT NULL \ No newline at end of file +ALTER TABLE `phpwn_user_table` CHANGE `password` `password` VARCHAR( 32 ) NOT NULL; +ALTER TABLE `phpwn_user_table` CHANGE `access_level` `access_level` INT( 2 ) DEFAULT '40' NOT NULL; \ No newline at end of file |
