[Mvblog-commits] r731 - in trunk: common upgrades/mysql upgrades/pgsql upgrades/sqlite
mvblog-commits at lists.three-dimensional.net
mvblog-commits at lists.three-dimensional.net
Mon Dec 24 11:40:19 CET 2007
Author: michiel
Date: 2007-12-24 11:40:19 +0100 (Mon, 24 Dec 2007)
New Revision: 731
Added:
trunk/upgrades/mysql/2007122300.php
trunk/upgrades/pgsql/2007122300.php
trunk/upgrades/sqlite/2007122300.php
Modified:
trunk/common/mvblog.php
Log:
During a drive to DenHaag I came up with this.
Thanks to nancy for driving me there so I could code.
-Introduce user settings.
-Let users decide wether their email address is shown by their comments.
Closes #173 and Re #107
Modified: trunk/common/mvblog.php
===================================================================
--- trunk/common/mvblog.php 2007-12-23 12:00:24 UTC (rev 730)
+++ trunk/common/mvblog.php 2007-12-24 10:40:19 UTC (rev 731)
@@ -154,16 +154,20 @@
}
switch ($action) {
/* user related functions */
- case "register_confirm" : $this->register_confirm(); break;
- case "register_save" : $this->register_save(); break;
- case "register_user" : $this->register_user(); break;
- case "user_login" :
+ //this one is here for backward compatibiliy. Can be removed in release 4
+ case "register_confirm" : $this->user_confirm(); break;
+ //new user actions
+ case "user_confirm" : $this->user_confirm(); break;
+ case "user_save" : $this->user_save(); break;
+ case "user_new" : $this->user_edit(1); break;
+ case "user_login" :
if (array_key_exists("user", $_REQUEST) && $this->user_login($_REQUEST["user"])) {
$this->get_articles($start, $limit);
} else {
echo gettext("wrong username/pass");
}
break;
+ case "user_settings" : $this->user_edit(0); break;
/* article related functions */
case "view" : $this->show_article($_REQUEST["id"]); break;
case "viewdossier" : $this->get_articles($start, $limit, 0, $_REQUEST["id"]); break;
@@ -523,7 +527,10 @@
$locked = 1;
} elseif (array_key_exists("blog_user", $_SESSION) && !empty($_SESSION["blog_user"])) {
$comment_authorinfo["author"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["realname"]));
- $comment_authorinfo["email"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["email"]));
+ if ($_SESSION["blog_user"]["email_public"])
+ $comment_authorinfo["email"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["email"]));
+ else
+ $comment_authorinfo["email"] = "";
$comment_authorinfo["url"] = htmlspecialchars(stripslashes($_SESSION["blog_user"]["website"]));
$locked = 1;
} else {
@@ -773,7 +780,7 @@
<?php echo gettext("username"); ?>: <input type="text" name="user[username]" value="" /><br />
<?php echo gettext("password"); ?>: <input type="password" name="user[password]" value="" /><br />
<input type="submit" name="login" value="<?php echo gettext("login"); ?>" />
- <a href="index.php?action=register_user"><?php echo gettext("Register"); ?></a>
+ <a href="index.php?action=user_new"><?php echo gettext("Register"); ?></a>
</form>
<?php
} else {
@@ -799,6 +806,9 @@
<?php if (array_key_exists("author_id", $_SESSION) && !empty($_SESSION["author_id"])) { ?>
<li class="default_list_item"><a href="admin/index.php" title="admin"><?php echo gettext("Admin"); ?></a></li>
<?php } ?>
+ <?php if (array_key_exists("blog_user", $_SESSION)) { ?>
+ <li class="default_list_item"><a href="index.php?action=user_settings" title="settings"><?php echo gettext("Settings"); ?></a></li>
+ <?php } ?>
</ul>
<?php
$pluginsdata = $this->plugman->run_hooks("menu_default_output", "");
@@ -1186,38 +1196,68 @@
}
}
/* }}} */
- /* register_user() {{{ */
- public function register_user() {
+ /* user_edit {{{ */
+ /**
+ * Form to alter user information. Can be used for both new users and editing settings
+ *
+ * @param int $register if set, register a new user, otherwise it's a logged in user wanting to alter settings.
+ */
+ public function user_edit($register = 1) {
?>
<div class="log_post">
<div class="log_posthead">
- <h1><?php echo gettext("Registration process"); ?></h1>
+ <h1>
+ <?php
+ if ($register)
+ echo gettext("Registration process");
+ else
+ echo gettext("Settings");
+ ?>
+ </h1>
</div>
<div class="log_postbody">
<?php
+ //debug
+ //print_r($_SESSION["blog_user"]);
+ //$_SESSION["blog_user"]["email_public"] = 1;
+ if ($register) {
echo gettext("Register here.")."<br />";
echo gettext("Registering an account gives you extra privileges like commenting on posts.")."<br />";
echo gettext("The exact privileges you get depend on the plugins loaded.");
+ } elseif (array_key_exists("saved", $_REQUEST)) {
+ echo gettext("Settings succesfully saved.");
+ }
?>
<form name="register" method="post" action="index.php">
- <input type="hidden" name="action" value="register_save" />
+ <input type="hidden" name="action" value="user_save" />
+ <?php if (!$register) echo "<input type=\"hidden\" name=\"reg[userid]\" value=\"".$_SESSION["blog_user"]["user_id"]."\" />"; ?>
<table><tr>
<td><?php echo gettext("username"); ?></td>
- <td><input type="text" name="reg[username]" /></td>
+ <td>
+ <?php
+ if ($register)
+ echo "<input type=\"text\" name=\"reg[username]\" />";
+ else
+ echo $_SESSION["blog_user"]["username"];
+ ?>
+ </td>
</tr><tr>
<td><?php echo gettext("password"); ?></td>
- <td><input type="password" name="reg[password]" /></td>
+ <td><input type="password" name="reg[password]" value="" /></td>
</tr><tr>
<td><?php echo gettext("real name"); ?></td>
- <td><input type="text" name="reg[realname]" /></td>
+ <td><input type="text" name="reg[realname]" value="<?php echo (!$register)?$_SESSION["blog_user"]["realname"]:""; ?>" /></td>
</tr><tr>
<td><?php echo gettext("email"); ?></td>
- <td><input type="text" name="reg[email]" /></td>
+ <td><input type="text" name="reg[email]" value="<?php echo (!$register)?$_SESSION["blog_user"]["email"]:""; ?>" /></td>
</tr><tr>
+ <td><?php echo gettext("show email on website"); ?></td>
+ <td><input type="checkbox" name="reg[email_public]" value="1" <?php echo (!$register && array_key_exists("email_public", $_SESSION["blog_user"]) && $_SESSION["blog_user"]["email_public"])?"checked=\"checked\"":""; ?> /></td>
+ </tr><tr>
<td><?php echo gettext("website"); ?></td>
- <td><input type="text" name="reg[website]" /></td>
+ <td><input type="text" name="reg[website]" value="<?php echo (!$register)?$_SESSION["blog_user"]["website"]:""; ?>" /></td>
</tr><tr>
- <td colspan="2"><input type="submit" value="<?php echo gettext("register"); ?>" /></td>
+ <td colspan="2"><input type="submit" value="<?php echo ($register)?gettext("register"):gettext("save"); ?>" /></td>
</tr></table>
</form>
</div>
@@ -1225,61 +1265,93 @@
<?php
}
/* }}} */
- /* register_save() {{{ */
- public function register_save() {
+ /* user_save() {{{ */
+ public function user_save() {
+ if (array_key_exists("userid", $_REQUEST["reg"])) {
+ if ($_SESSION["blog_user"]["user_id"] != $_REQUEST["reg"]["userid"])
+ die("This is not ok. request and session have different user id information. Possible hack attempt.");
+ $register = 0;
+ } else {
+ $register = 1;
+ }
/* sanitize input */
- $username = $this->_sanitize($_REQUEST["reg"]["username"]);
- $password = $this->_sanitize($_REQUEST["reg"]["password"], array("bbcode" => 1));
+ if ($register)
+ $username = $this->_sanitize($_REQUEST["reg"]["username"]);
+ if ($_REQUEST["reg"]["password"])
+ $password = $this->_sanitize($_REQUEST["reg"]["password"], array("bbcode" => 1));
+ else
+ $password = "";
$realname = $this->_sanitize($_REQUEST["reg"]["realname"], array("space" => 1));
$email = $this->_sanitize($_REQUEST["reg"]["email"], array("email" => 1));
$website = $this->_sanitize($_REQUEST["reg"]["website"], array("url" => 1));
+ $email_public = (array_key_exists("email_public", $_REQUEST["reg"]))?1:0;
- $regcode = md5(mktime().$username.$email.$website);
- /* check to see if user is already there */
- /** @todo Should be implemented in input form as AJAX call */
- $sql = sprintf("SELECT COUNT(*) AS count FROM blog_users WHERE username = '%s'", $username);
- $res =& $this->db->query($sql);
- $row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
- if ($row["count"] > 0) {
- die(gettext("username already registered"));
+ if ($register) {
+ $regcode = md5(mktime().$username.$email.$website);
+ /* check to see if user is already there */
+ /** @todo Should be implemented in input form as AJAX call */
+ $sql = sprintf("SELECT COUNT(*) AS count FROM blog_users WHERE username = '%s'", $username);
+ $res =& $this->db->query($sql);
+ $row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
+ if ($row["count"] > 0) {
+ die(gettext("username already registered"));
+ }
+ /* build query to store into db */
+ $sql = sprintf("INSERT INTO blog_users (username, password, realname, email, website, regcode, email_public) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d)",
+ $username, $password, $realname,
+ $email, $website, $regcode, $email_public
+ );
+ } else {
+ if ($password)
+ $passwdq = sprintf(", password = '%'", $password);
+ else
+ $passwdq = "";
+ $_SESSION["blog_user"]["realname"] = $realname;
+ $_SESSION["blog_user"]["email"] = $email;
+ $_SESSION["blog_user"]["email_public"] = $email_public;
+ $_SESSION["blog_user"]["website"] = $website;
+ $sql = sprintf("UPDATE blog_users SET realname = '%s'%s, email = '%s', website = '%s', email_public = %d WHERE id = %d",
+ $realname, $passwdq, $email, $website, $email_public, $_SESSION["blog_user"]["user_id"]);
}
- /* build query to store into db */
- $sql = sprintf("INSERT INTO blog_users (username, password, realname, email, website, regcode) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
- $username, $password, $realname,
- $email, $website, $regcode
- );
$this->db->exec($sql);
- if (array_key_exists("HTTPS", $_SERVER) && $_SERVER["HTTPS"] == "on")
- $proto = "https";
- else
- $proto = "http";
+ if ($register) {
+ if (array_key_exists("HTTPS", $_SERVER) && $_SERVER["HTTPS"] == "on")
+ $proto = "https";
+ else
+ $proto = "http";
- $confirmuri = $proto."://".$_SERVER["SERVER_NAME"].substr($_SERVER["PHP_SELF"],0,strrpos($_SERVER["PHP_SELF"], "/"))."/index.php?action=register_confirm&code=$regcode&email=$email";
+ $confirmuri = $proto."://".$_SERVER["SERVER_NAME"].substr($_SERVER["PHP_SELF"],0,strrpos($_SERVER["PHP_SELF"], "/"))."/index.php?action=register_confirm&code=$regcode&email=$email";
- $mail_subject = gettext("Your MvBlog registration.");
- $mail_body = gettext("Thank you for registering your username")." ".$username." ".gettext("with password")." ".$password."\n";
- $mail_body .= gettext("Copy/paste the following link in your browsers addressbar to finish the registration process.")."\n\n";
- $mail_body .= $confirmuri."\n\n";
- $mail_from = "register at mvblog.org";
- mail($email, $mail_subject, $mail_body, "From: $mail_from", "-f$mail_from");
- ?>
- <div class="log_post">
- <div class="log_posthead">
- <h1><?php echo gettext("Registration process"); ?></h1>
+ $mail_subject = gettext("Your MvBlog registration.");
+ $mail_body = gettext("Thank you for registering your username")." ".$username." ".gettext("with password")." ".$password."\n";
+ $mail_body .= gettext("Copy/paste the following link in your browsers addressbar to finish the registration process.")."\n\n";
+ $mail_body .= $confirmuri."\n\n";
+ $mail_from = "register at mvblog.org";
+ mail($email, $mail_subject, $mail_body, "From: $mail_from", "-f$mail_from");
+ ?>
+ <div class="log_post">
+ <div class="log_posthead">
+ <h1><?php echo gettext("Registration process"); ?></h1>
+ </div>
+ <div class="log_postbody">
+ <?php
+ echo gettext("You should receive an email message on the address you specified within minutes.")."<br />";
+ echo gettext("This email contains information on how to activate your account. Once activated you can login and enjoy the extra privileges.")."<br /><br />";
+ echo gettext("Thank you for registering with MvBlog.");
+ ?>
+ </div>
</div>
- <div class="log_postbody">
- <?php
- echo gettext("You should receive an email message on the address you specified within minutes.")."<br />";
- echo gettext("This email contains information on how to activate your account. Once activated you can login and enjoy the extra privileges.")."<br /><br />";
- echo gettext("Thank you for registering with MvBlog.");
- ?>
- </div>
- </div>
- <?php
+ <?php
+ } else {
+ header("Location: index.php?action=user_settings&saved=1");
+ }
}
/* }}} */
- /* register_confirm() {{{ */
- public function register_confirm() {
+ /* user_confirm() {{{ */
+ /**
+ * Check confirmation after registering a new account
+ */
+ public function user_confirm() {
$check = 0;
if (array_key_exists("code", $_REQUEST) && !empty($_REQUEST["code"])) {
if (array_key_exists("email", $_REQUEST) && !empty($_REQUEST["email"])) {
@@ -1318,7 +1390,7 @@
echo gettext("Enter your email address and confirmation code below.");
?>
<form name="regconfirm" method="post" action="index.php">
- <input type="hidden" name="action" value="register_confirm">
+ <input type="hidden" name="action" value="user_confirm">
<table><tr>
<td><?php echo gettext("email"); ?></td>
<td><input type="text" name="email" /></td>
Added: trunk/upgrades/mysql/2007122300.php
===================================================================
--- trunk/upgrades/mysql/2007122300.php (rev 0)
+++ trunk/upgrades/mysql/2007122300.php 2007-12-24 10:40:19 UTC (rev 731)
@@ -0,0 +1,3 @@
+<?php
+$sql[] = "ALTER TABLE blog_users ADD COLUMN email_public TINYINT(2);";
+?>
Added: trunk/upgrades/pgsql/2007122300.php
===================================================================
--- trunk/upgrades/pgsql/2007122300.php (rev 0)
+++ trunk/upgrades/pgsql/2007122300.php 2007-12-24 10:40:19 UTC (rev 731)
@@ -0,0 +1,3 @@
+<?php
+$sql[] = "ALTER TABLE blog_users ADD COLUMN email_public smallint;";
+?>
Added: trunk/upgrades/sqlite/2007122300.php
===================================================================
--- trunk/upgrades/sqlite/2007122300.php (rev 0)
+++ trunk/upgrades/sqlite/2007122300.php 2007-12-24 10:40:19 UTC (rev 731)
@@ -0,0 +1,3 @@
+<?php
+$sql[] = "ALTER TABLE blog_users ADD COLUMN email_public smallint(3);";
+?>
More information about the Mvblog-commits
mailing list