From 2b6f4e62bea0abea0942b750e39d4acdd5111f9f Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Wed, 19 May 2004 02:57:18 +0000 Subject: [PATCH] Tweeking. Add account management page. --- www/account.php | 407 +++++++++++++++++++++++++++++++++++++++++--- www/articles.php | 8 +- www/phplib/auth.php | 12 +- www/str.php | 6 +- 4 files changed, 399 insertions(+), 34 deletions(-) diff --git a/www/account.php b/www/account.php index 78487b9..142d020 100644 --- a/www/account.php +++ b/www/account.php @@ -1,6 +1,6 @@ "User", + 50 => "Devel", + 100 => "Admin" +); + + +// +// 'account_header()' - Show standard account page header... +// + +function +account_header($title) +{ + html_header("$title"); + + html_start_links(1); + html_link("$title", "$PHP_SELF?L"); + html_link("Manage Accounts", "$PHP_SELF?A"); + html_link("Manage Comments", "comment.php?l"); + html_link("Change Password", "$PHP_SELF?P"); + html_link("Logout", "$PHP_SELF?X"); + html_end_links(); + + print("

$title

\n"); +} + + if ($argc == 1 && $argv[0] == "X") auth_logout(); @@ -23,25 +55,362 @@ if ($LOGIN_USER == "") exit(0); } -if ($argc == 1) - $op = "$argv[0]"; +if ($argc >= 1) +{ + $op = $argv[0][0]; + $data = substr($argv[0], 1); +} else $op = "L"; switch ($op) { + case 'A' : + // Manage accounts... + if ($data == "add") + { + if ($REQUEST_METHOD == "POST") + { + // Get data from form... + if (array_key_exists("IS_PUBLISHED", $_POST)) + $is_published = (int)$_POST["IS_PUBLISHED"]; + else + $is_published = 1; + + if (array_key_exists("NAME", $_POST)) + $name = $_POST["NAME"]; + else + $name = ""; + + if (array_key_exists("EMAIL", $_POST)) + $email = $_POST["EMAIL"]; + else + $email = ""; + + if (array_key_exists("PASSWORD", $_POST)) + $password = $_POST["PASSWORD"]; + else + $password = ""; + + if (array_key_exists("PASSWORD2", $_POST)) + $password2 = $_POST["PASSWORD2"]; + else + $password2 = ""; + + if (array_key_exists("LEVEL", $_POST)) + $level = (int)$_POST["LEVEL"]; + else + $level = 0; + + if ($name != "" && $email != "" && + (($password == "" && $password2 == "") || + $password == $password2)) + $havedata = 1; + else + $havedata = 0; + } + else + { + // Use blank account info... + $name = ""; + $is_published = 0; + $email = $row["email"]; + $level = $row["level"]; + $password = ""; + $password2 = ""; + $havedata = 0; + } + + account_header("Manage Accounts"); + + if ($havedata) + { + // Store new data... + $hash = md5("$name:$password"); + $name = db_escape($name); + $email = db_escape($email); + $date = time(); + + db_query("INSERT INTO users VALUES(NULL,$is_published," + ."'$name','$email','$hash',$level,$date,'$LOGIN_USER'," + ."$date,'$LOGIN_USER')"); + + print("

Account added successfully!

\n"); + + html_start_links(1); + html_link("Return to Manage Accounts", "$PHP_SELF?A"); + html_end_links(); + } + else + { + $name = htmlspecialchars($name, ENT_QUOTES); + $email = htmlspecialchars($email, ENT_QUOTES); + + print("
" + ."

\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."\n" + ."
Published:"); + select_is_published($is_published); + print("
Username:
EMail:
Access Level:
Password:
Password Again:
" + ."

\n"); + } + + html_footer(); + } + else if ($data == "disable") + { + // Disable accounts... + if ($REQUEST_METHOD == "POST") + { + db_query("BEGIN TRANSACTION"); + + reset($_POST); + while (list($key, $val) = each($_POST)) + if (substr($key, 0, 3) == "ID_") + { + $id = (int)substr($key, 3); + + db_query("UPDATE users SET is_published = 0 WHERE id = $id"); + } + + db_query("COMMIT TRANSACTION"); + } + + header("Location: $PHP_SELF?A"); + } + else if ($data == "modify") + { + // Modify account... + if ($argc != 2 || $argv[1] == "") + { + header("Location: $PHP_SELF?A"); + exit(); + } + + $name = $argv[1]; + + if ($REQUEST_METHOD == "POST") + { + // Get data from form... + if (array_key_exists("IS_PUBLISHED", $_POST)) + $is_published = (int)$_POST["IS_PUBLISHED"]; + else + $is_published = 1; + + if (array_key_exists("EMAIL", $_POST)) + $email = $_POST["EMAIL"]; + else + $email = ""; + + if (array_key_exists("PASSWORD", $_POST)) + $password = $_POST["PASSWORD"]; + else + $password = ""; + + if (array_key_exists("PASSWORD2", $_POST)) + $password2 = $_POST["PASSWORD2"]; + else + $password2 = ""; + + if (array_key_exists("LEVEL", $_POST)) + $level = (int)$_POST["LEVEL"]; + else + $level = 0; + + if ($email != "" && + (($password == "" && $password2 == "") || + $password == $password2)) + $havedata = 1; + else + $havedata = 0; + } + else + { + // Get data from existing account... + $result = db_query("SELECT * FROM users WHERE " + ."name='" . db_escape($name) ."'"); + if (db_count($result) != 1) + { + header("Location: $PHP_SELF?A"); + exit(); + } + + $row = db_next($result); + $is_published = $row["is_published"]; + $email = $row["email"]; + $level = $row["level"]; + $password = ""; + $password2 = ""; + $havedata = 0; + + db_free($result); + } + + account_header("Manage Accounts"); + + if ($havedata) + { + // Store new data... + if ($password != "") + $hash = ", hash='" . md5("$name:$password") . "'"; + else + $hash = ""; + + $name = db_escape($name); + $email = db_escape($email); + $date = time(); + + db_query("UPDATE users SET " + ."email='$email'$hash, level='$level', " + ."is_published=$is_published, modify_user='$LOGIN_USER', " + ."modify_date = $date WHERE name='$name'"); + + print("

Account modified successfully!

\n"); + + html_start_links(1); + html_link("Return to Manage Accounts", "$PHP_SELF?A"); + html_end_links(); + } + else + { + $name = htmlspecialchars($name, ENT_QUOTES); + $email = htmlspecialchars($email, ENT_QUOTES); + + print("
" + ."

\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."" + ."\n" + ."\n" + ."
Published:"); + select_is_published($is_published); + print("
Username:$name
EMail:
Access Level:"); + + if ($LOGIN_USER == $name) + print("" + . $levels[$level]); + else + { + print(""); + } + + print("
Password:
Password Again:
" + ."

\n"); + } + + html_footer(); + } + else + { + // List accounts... + account_header("Manage Accounts"); + + $result = db_query("SELECT * FROM users ORDER BY name"); + + print("
\n"); + + html_start_table(array("Username", "EMail", "Level")); + + while ($row = db_next($result)) + { + $name = htmlspecialchars($row["name"], ENT_QUOTES); + $email = htmlspecialchars($row["email"], ENT_QUOTES); + $level = $levels[$row["level"]]; + + if ($row["is_published"] == 0) + $email .= " Private"; + + html_start_row(); + print("" + ."$name" + ."" + ."$email" + ."" + ."$level"); + html_end_row(); + } + + html_start_row("header"); + print(" 
"); + html_end_row(); + + html_end_table(); + + html_start_links(1); + html_link("Add Account", "$PHP_SELF?Aadd"); + html_end_links(); + + html_footer(); + } + break; + case 'L' : // List - html_header("New/Pending"); - - html_start_links(1); - html_link("New/Pending", "$PHP_SELF?L"); - html_link("Manage Comments", "comment.php?l"); - html_link("Change Password", "$PHP_SELF?P"); - html_link("Logout", "$PHP_SELF?X"); - html_end_links(); - - print("

New/Pending

\n"); + account_header("New/Pending"); $email = db_escape($_COOKIE["FROM"]); @@ -151,15 +520,7 @@ switch ($op) case 'P' : // Change password - html_header("Change Password"); - - html_start_links(1); - html_link("New/Pending", "$PHP_SELF?L"); - html_link("Change Password", "$PHP_SELF?P"); - html_link("Logout", "$PHP_SELF?X"); - html_end_links(); - - print("

Change Password

\n"); + account_header("Change Password"); if ($REQUEST_METHOD == "POST" && array_key_exists("PASSWORD", $_POST) && @@ -190,6 +551,6 @@ switch ($op) // -// End of "$Id: account.php,v 1.6 2004/05/19 01:39:04 mike Exp $". +// End of "$Id: account.php,v 1.7 2004/05/19 02:57:18 mike Exp $". // ?> diff --git a/www/articles.php b/www/articles.php index 769c538..d9c67a6 100644 --- a/www/articles.php +++ b/www/articles.php @@ -1,6 +1,6 @@ "; - print(""); + print(""); if ($LOGIN_USER) print(""); print("$link$id"); @@ -437,7 +437,7 @@ switch ($op) { html_start_row("header"); - print("Published: "); + print(" 
Published: "); select_is_published(); print("\n"); @@ -716,6 +716,6 @@ switch ($op) // -// End of "$Id: articles.php,v 1.5 2004/05/19 00:57:33 mike Exp $". +// End of "$Id: articles.php,v 1.6 2004/05/19 02:57:18 mike Exp $". // ?> diff --git a/www/phplib/auth.php b/www/phplib/auth.php index 65d7246..087f103 100644 --- a/www/phplib/auth.php +++ b/www/phplib/auth.php @@ -1,6 +1,6 @@ diff --git a/www/str.php b/www/str.php index db798d8..6c8ee3c 100644 --- a/www/str.php +++ b/www/str.php @@ -1,6 +1,6 @@ "); + print(" 
"); print("Status: