AIR
/
mxml
mirror of https://github.com/michaelrsweet/mxml.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tweeking.

Browse Source 
Add account management page.
pull/193/head
Michael R Sweet 20 years ago
parent 22c5612303
commit 2b6f4e62be
4 changed files with 399 additions and 34 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 407
      www/account.php
  2. 8
      www/articles.php
  3. 12
      www/phplib/auth.php
  4. 6
      www/str.php

407
www/account.php
Unescape View File

@ -1,6 +1,6 @@
<?php
//
// "$Id: account.php,v 1.6 2004/05/19 01:39:04 mike Exp $"
// "$Id: account.php,v 1.7 2004/05/19 02:57:18 mike Exp $"
//
// Account management page...
//
@ -14,6 +14,38 @@ include_once "phplib/common.php";
include_once "phplib/str.php";
//
// Access levels...
//
$levels = array(
0 => "User",
50 => "Devel",
100 => "Admin"
);
//
// 'account_header()' - Show standard account page header...
//
function
account_header($title)
{
html_header("$title");
html_start_links(1);
html_link("$title", "$PHP_SELF?L");
html_link("Manage Accounts", "$PHP_SELF?A");
html_link("Manage Comments", "comment.php?l");
html_link("Change Password", "$PHP_SELF?P");
html_link("Logout", "$PHP_SELF?X");
html_end_links();
print("<h1>$title</h1>\n");
}
if ($argc == 1 && $argv[0] == "X")
auth_logout();
@ -23,25 +55,362 @@ if ($LOGIN_USER == "")
exit(0);
}
if ($argc == 1)
$op = "$argv[0]";
if ($argc >= 1)
{
$op = $argv[0][0];
$data = substr($argv[0], 1);
}
else
$op = "L";
switch ($op)
{
case 'L' :
// List
html_header("New/Pending");
case 'A' :
// Manage accounts...
if ($data == "add")
{
if ($REQUEST_METHOD == "POST")
{
// Get data from form...
if (array_key_exists("IS_PUBLISHED", $_POST))
$is_published = (int)$_POST["IS_PUBLISHED"];
else
$is_published = 1;
if (array_key_exists("NAME", $_POST))
$name = $_POST["NAME"];
else
$name = "";
if (array_key_exists("EMAIL", $_POST))
$email = $_POST["EMAIL"];
else
$email = "";
if (array_key_exists("PASSWORD", $_POST))
$password = $_POST["PASSWORD"];
else
$password = "";
if (array_key_exists("PASSWORD2", $_POST))
$password2 = $_POST["PASSWORD2"];
else
$password2 = "";
if (array_key_exists("LEVEL", $_POST))
$level = (int)$_POST["LEVEL"];
else
$level = 0;
if ($name != "" && $email != "" &&
(($password == "" && $password2 == "") ||
$password == $password2))
$havedata = 1;
else
$havedata = 0;
}
else
{
// Use blank account info...
$name = "";
$is_published = 0;
$email = $row["email"];
$level = $row["level"];
$password = "";
$password2 = "";
$havedata = 0;
}
account_header("Manage Accounts");
if ($havedata)
{
// Store new data...
$hash = md5("$name:$password");
$name = db_escape($name);
$email = db_escape($email);
$date = time();
db_query("INSERT INTO users VALUES(NULL,$is_published,"
."'$name','$email','$hash',$level,$date,'$LOGIN_USER',"
."$date,'$LOGIN_USER')");
print("<p>Account added successfully!</p>\n");
html_start_links(1);
html_link("Return to Manage Accounts", "$PHP_SELF?A");
html_end_links();
}
else
{
$name = htmlspecialchars($name, ENT_QUOTES);
$email = htmlspecialchars($email, ENT_QUOTES);
print("<form method='POST' action='$PHP_SELF?Aadd'>"
."<p><table width='100%'>\n"
."<tr><th align='right'>Published:</th>"
."<td>");
select_is_published($is_published);
print("</td></tr>\n"
."<tr><th align='right'>Username:</th>"
."<td><input type='text' name='NAME' size='40' "
."maxsize='255' value='$name'/></td></tr>\n"
."<tr><th align='right'>EMail:</th>"
."<td><input type='text' name='EMAIL' size='40' "
."maxsize='255' value='$email'/></td></tr>\n"
."<tr><th align='right'>Access Level:</th>"
."<td><select name='LEVEL'>");
if ($level == 0)
print("<option value='0' selected>User</option>");
else
print("<option value='0'>User</option>");
if ($level == 50)
print("<option value='50' selected>Devel</option>");
else
print("<option value='50'>Devel</option>");
if ($level == 100)
print("<option value='100' selected>Admin</option>");
else
print("<option value='100'>Admin</option>");
print("</select></td></tr>\n"
."<tr><th align='right'>Password:</th>"
."<td><input type='password' name='PASSWORD' size='16' "
."maxsize='255'/></td></tr>\n"
."<tr><th align='right'>Password Again:</th>"
."<td><input type='password' name='PASSWORD2' size='16' "
."maxsize='255'/></td></tr>\n"
."<tr><th></th><td><input type='submit' value='Add Account'/>"
."</td></tr>\n"
."</table></p></form>\n");
}
html_footer();
}
else if ($data == "disable")
{
// Disable accounts...
if ($REQUEST_METHOD == "POST")
{
db_query("BEGIN TRANSACTION");
reset($_POST);
while (list($key, $val) = each($_POST))
if (substr($key, 0, 3) == "ID_")
{
$id = (int)substr($key, 3);
db_query("UPDATE users SET is_published = 0 WHERE id = $id");
}
db_query("COMMIT TRANSACTION");
}
html_start_links(1);
html_link("New/Pending", "$PHP_SELF?L");
html_link("Manage Comments", "comment.php?l");
html_link("Change Password", "$PHP_SELF?P");
html_link("Logout", "$PHP_SELF?X");
html_end_links();
header("Location: $PHP_SELF?A");
}
else if ($data == "modify")
{
// Modify account...
if ($argc != 2 || $argv[1] == "")
{
header("Location: $PHP_SELF?A");
exit();
}
$name = $argv[1];
if ($REQUEST_METHOD == "POST")
{
// Get data from form...
if (array_key_exists("IS_PUBLISHED", $_POST))
$is_published = (int)$_POST["IS_PUBLISHED"];
else
$is_published = 1;
if (array_key_exists("EMAIL", $_POST))
$email = $_POST["EMAIL"];
else
$email = "";
if (array_key_exists("PASSWORD", $_POST))
$password = $_POST["PASSWORD"];
else
$password = "";
if (array_key_exists("PASSWORD2", $_POST))
$password2 = $_POST["PASSWORD2"];
else
$password2 = "";
if (array_key_exists("LEVEL", $_POST))
$level = (int)$_POST["LEVEL"];
else
$level = 0;
if ($email != "" &&
(($password == "" && $password2 == "") ||
$password == $password2))
$havedata = 1;
else
$havedata = 0;
}
else
{
// Get data from existing account...
$result = db_query("SELECT * FROM users WHERE "
."name='" . db_escape($name) ."'");
if (db_count($result) != 1)
{
header("Location: $PHP_SELF?A");
exit();
}
$row = db_next($result);
$is_published = $row["is_published"];
$email = $row["email"];
$level = $row["level"];
$password = "";
$password2 = "";
$havedata = 0;
db_free($result);
}
account_header("Manage Accounts");
if ($havedata)
{
// Store new data...
if ($password != "")
$hash = ", hash='" . md5("$name:$password") . "'";
else
$hash = "";
$name = db_escape($name);
$email = db_escape($email);
$date = time();
db_query("UPDATE users SET "
."email='$email'$hash, level='$level', "
."is_published=$is_published, modify_user='$LOGIN_USER', "
."modify_date = $date WHERE name='$name'");
print("<p>Account modified successfully!</p>\n");
html_start_links(1);
html_link("Return to Manage Accounts", "$PHP_SELF?A");
html_end_links();
}
else
{
$name = htmlspecialchars($name, ENT_QUOTES);
$email = htmlspecialchars($email, ENT_QUOTES);
print("<form method='POST' action='$PHP_SELF?Amodify+$name'>"
."<p><table width='100%'>\n"
."<tr><th align='right'>Published:</th>"
."<td>");
select_is_published($is_published);
print("</td></tr>\n"
."<tr><th align='right'>Username:</th>"
."<td>$name</td></tr>\n"
."<tr><th align='right'>EMail:</th>"
."<td><input type='text' name='EMAIL' size='40' "
."maxsize='255' value='$email'/></td></tr>\n"
."<tr><th align='right'>Access Level:</th>"
."<td>");
if ($LOGIN_USER == $name)
print("<input type='hidden' name='LEVEL' value='$level'/>"
. $levels[$level]);
else
{
print("<select name='LEVEL'>");
if ($level == 0)
print("<option value='0' selected>User</option>");
else
print("<option value='0'>User</option>");
if ($level == 50)
print("<option value='50' selected>Devel</option>");
else
print("<option value='50'>Devel</option>");
if ($level == 100)
print("<option value='100' selected>Admin</option>");
else
print("<option value='100'>Admin</option>");
print("</select>");
}
print("</td></tr>\n"
."<tr><th align='right'>Password:</th>"
."<td><input type='password' name='PASSWORD' size='16' "
."maxsize='255'/></td></tr>\n"
."<tr><th align='right'>Password Again:</th>"
."<td><input type='password' name='PASSWORD2' size='16' "
."maxsize='255'/></td></tr>\n"
."<tr><th></th><td><input type='submit' value='Modify Account'/>"
."</td></tr>\n"
."</table></p></form>\n");
}
html_footer();
}
else
{
// List accounts...
account_header("Manage Accounts");
print("<h1>New/Pending</h1>\n");
$result = db_query("SELECT * FROM users ORDER BY name");
print("<form method='POST' action='$PHP_SELF?Adisable'>\n");
html_start_table(array("Username", "EMail", "Level"));
while ($row = db_next($result))
{
$name = htmlspecialchars($row["name"], ENT_QUOTES);
$email = htmlspecialchars($row["email"], ENT_QUOTES);
$level = $levels[$row["level"]];
if ($row["is_published"] == 0)
$email .= " <img src='images/private.gif' width='16' height='16' "
."border='0' align='middle' alt='Private'/>";
html_start_row();
print("<td nowrap><input type='checkbox' name='ID_$row[id]'/>"
."<a href='$PHP_SELF?Amodify+$name'>$name</a></td>"
."<td align='center'><a href='$PHP_SELF?Amodify+$name'>"
."$email</a></td>"
."<td align='center'><a href='$PHP_SELF?Amodify+$name'>"
."$level</a></td>");
html_end_row();
}
html_start_row("header");
print("<td align='center' colspan='3'>&nbsp;<br /><input type='submit' "
."value='Disable Checked Accounts'/></td>");
html_end_row();
html_end_table();
html_start_links(1);
html_link("Add Account", "$PHP_SELF?Aadd");
html_end_links();
html_footer();
}
break;
case 'L' :
// List
account_header("New/Pending");
$email = db_escape($_COOKIE["FROM"]);
@ -151,15 +520,7 @@ switch ($op)
case 'P' :
// Change password
html_header("Change Password");
html_start_links(1);
html_link("New/Pending", "$PHP_SELF?L");
html_link("Change Password", "$PHP_SELF?P");
html_link("Logout", "$PHP_SELF?X");
html_end_links();
print("<h1>Change Password</h1>\n");
account_header("Change Password");
if ($REQUEST_METHOD == "POST" &&
array_key_exists("PASSWORD", $_POST) &&
@ -190,6 +551,6 @@ switch ($op)
//
// End of "$Id: account.php,v 1.6 2004/05/19 01:39:04 mike Exp $".
// End of "$Id: account.php,v 1.7 2004/05/19 02:57:18 mike Exp $".
//
?>

8
www/articles.php
Unescape View File

@ -1,6 +1,6 @@
<?php
//
// "$Id: articles.php,v 1.5 2004/05/19 00:57:33 mike Exp $"
// "$Id: articles.php,v 1.6 2004/05/19 02:57:18 mike Exp $"
//
// Web form for the article table...
//
@ -407,7 +407,7 @@ switch ($op)
$id = $row['id'];
$link = "<a href='$PHP_SELF?L$id$options' alt='Article #$id'>";
print("<td align='center' nowrap>");
print("<td nowrap>");
if ($LOGIN_USER)
print("<input type='checkbox' name='ID_$row[id]'>");
print("$link$id</a></td>");
@ -437,7 +437,7 @@ switch ($op)
{
html_start_row("header");
print("<th colspan='4'>Published:&nbsp;");
print("<th colspan='4'>&nbsp;<br />Published:&nbsp;");
select_is_published();
print("<input type='submit' value='Modify Selected Articles'/></th>\n");
@ -716,6 +716,6 @@ switch ($op)
//
// End of "$Id: articles.php,v 1.5 2004/05/19 00:57:33 mike Exp $".
// End of "$Id: articles.php,v 1.6 2004/05/19 02:57:18 mike Exp $".
//
?>

12
www/phplib/auth.php
Unescape View File

@ -1,6 +1,6 @@
<?
//
// "$Id: auth.php,v 1.4 2004/05/18 01:39:00 mike Exp $"
// "$Id: auth.php,v 1.5 2004/05/19 02:57:18 mike Exp $"
//
// Authentication functions for PHP pages...
//
@ -50,7 +50,9 @@ auth_current()
return ("");
// Lookup the username in the users table and compare...
$result = db_query("SELECT * FROM users WHERE name='".db_escape($cookie[0])."'");
$result = db_query("SELECT * FROM users WHERE "
."name='".db_escape($cookie[0])."' AND "
."is_published = 1");
if (db_count($result) == 1 && ($row = db_next($result)))
{
// Compute the session ID...
@ -92,7 +94,9 @@ auth_login($name, // I - Username
$LOGIN_USER = "";
// Lookup the username in the database...
$result = db_query("SELECT * FROM users WHERE name='".db_escape($name)."'");
$result = db_query("SELECT * FROM users WHERE "
."name='".db_escape($name)."' AND "
."is_published = 1");
if (db_count($result) == 1 && ($row = db_next($result)))
{
// Compute the hash of the name and password...
@ -137,6 +141,6 @@ auth_logout()
//
// End of "$Id: auth.php,v 1.4 2004/05/18 01:39:00 mike Exp $".
// End of "$Id: auth.php,v 1.5 2004/05/19 02:57:18 mike Exp $".
//
?>

6
www/str.php
Unescape View File

@ -1,6 +1,6 @@
<?php
//
// "$Id: str.php,v 1.7 2004/05/19 00:57:33 mike Exp $"
// "$Id: str.php,v 1.8 2004/05/19 02:57:18 mike Exp $"
//
// Software Trouble Report page...
//
@ -863,7 +863,7 @@ switch ($op)
if ($LOGIN_USER)
{
html_start_row("header");
print("<th colspan='8'>");
print("<th colspan='8'>&nbsp;<br />");
print("Status:&nbsp;<select name='STATUS'>"
."<option value=''>No Change</option>");
@ -1852,6 +1852,6 @@ switch ($op)
}
//
// End of "$Id: str.php,v 1.7 2004/05/19 00:57:33 mike Exp $".
// End of "$Id: str.php,v 1.8 2004/05/19 02:57:18 mike Exp $".
//
?>

Write Preview
Loading…
Cancel
Save