qemudb/account.php

<?

/*
 *  Account Login / Logout Handler for AppDB
 *
 */

include("path.php");
include(BASE."include/"."incl.php");

//set http header to not cache
header("Pragma: no-cache");
header("Cache-control: no-cache");

//check command and process
if(isset($_POST['cmd']))
 do_account($_POST['cmd']);
else
 do_account($_GET['cmd']);

//process according to $cmd from URL
function do_account($cmd = null)
{
	if (! $cmd) return 0;
	switch($cmd)
	{
    case "new":
        apidb_header("New Account");
        include(BASE."include/"."form_new.php");
        apidb_footer();
        exit;

    case "do_new":
        cmd_do_new();
        exit;

    case "login":
        apidb_header("Login");
        include(BASE."include/"."form_login.php");
        apidb_footer();
        exit;

    case "do_login":
        cmd_do_login();
        exit;

    case "send_passwd":
        cmd_send_passwd();
        exit;

    case "logout":
        apidb_session_destroy();
        addmsg("You are successfully logged out.", "green");
        redirect(apidb_fullurl("index.php"));
        exit;
	}
	//not valid command, display error page
	errorpage("Internal Error","This module was called with incorrect parameters");
	exit;
}

//retry
function retry($cmd, $msg)
{
    addmsg($msg, "red");
    do_account($cmd);
}

//create new account
function cmd_do_new()
{
    
    if(ereg("^.+@.+\\..+$", $_POST['ext_username']))
	{
	    $_POST['ext_username'] = "";
	    retry("new", "Invalid Username, must not contain special characters");
	    return;
	}
    if(strlen($_POST['ext_username']) < 3)
	{
	    $_POST['ext_username'] = "";
	    retry("new", "Username must be at least 3 characters");
	    return;
	}
    if(strlen($_POST['ext_password']) < 5)
	{
	    retry("new", "Password must be at least 5 characters");
	    return;
	}
    if($_POST['ext_password'] != $_POST['ext_password2'])
	{
	    retry("new", "Passwords don't match");
	    return;
	}
    if(!isset($_POST['ext_realname']))
	{
	    retry("new", "You don't have a Real name?");
	    return;
	}
    if(!ereg("^.+@.+\\..+$", $_POST['ext_email']))
	{
	    $_POST['ext_email'] = "";
	    retry("new", "Invalid email address");
	    return;
	}

    $user = new User();

    if($user->exists($_POST['ext_username']))
	{
	    $_POST['ext_username'] = "";
	    retry("new", "That username is already in use");
	    return;
	}

    $result = $user->create($_POST['ext_username'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['ext_email']);

    if($result == null)
	{
	    $user->login($_POST['ext_username'], $_POST['ext_password']);
	    addmsg("Account created! (".$_POST['ext_username'].")", "green");
	    redirect(apidb_fullurl());
	}
    else
        retry("new", "Failed to create account: $result");
}

//email lost password
function cmd_send_passwd()
{
    $user = new User();
    
    $userid = $user->lookup_userid($_POST['ext_username']);
    $passwd = generate_passwd();
    
    if ($userid)
    {	
        if ($user->update($userid, $passwd))
        {
            $msg =  "Application DB Lost Password\n";
            $msg .= "----------------------------\n";
            $msg .= "We have received a request that you lost your password.\n";
            $msg .= "We will create a new password for you. You can then change\n";
            $msg .= "your password at the Preferences screen.\n\n";
            $msg .= "Your new password is: ".$passwd."\n\n";
            
            if (mail($user->lookup_email($userid), '[AppDB] Lost Password', $msg))
            {
                addmsg("Your new password has been emailed to you.", "green");
            }
            else
            {
                addmsg("Your password has changed, but we could not email it to you. Contact Support!", "red");
            }
        }
        else
        {
            addmsg("Internal Error, we could not update your password.", "red");
        }
    }
    else
    {
        addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");
    }
    
    redirect(apidb_fullurl("account.php?cmd=login"));
}

//on login handler
function cmd_do_login()
{
    $user = new User();
    $result = $user->login($_POST['ext_username'], $_POST['ext_password']);

    if($result == null)
	{
	    $_SESSION['current'] = $user;
	    addmsg("You are successfully logged in as '$user->username'.", "green");
	    redirect(apidb_fullurl("index.php"));    	    
	}
    else
	{
	    retry("login","Login failed ($result)");
	    $_SESSION['current'] = "";
	}
}

?>
Initial revision 2004-03-15 16:22:00 +00:00			`<?`

			`/*`
			`* Account Login / Logout Handler for AppDB`
			`*`
			`*/`

			`include("path.php");`
			`include(BASE."include/"."incl.php");`

			`//set http header to not cache`
			`header("Pragma: no-cache");`
			`header("Cache-control: no-cache");`

			`//check command and process`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(isset($_POST['cmd']))`
			`do_account($_POST['cmd']);`
			`else`
			`do_account($_GET['cmd']);`
Initial revision 2004-03-15 16:22:00 +00:00
			`//process according to $cmd from URL`
			`function do_account($cmd = null)`
			`{`
			`if (! $cmd) return 0;`
			`switch($cmd)`
			`{`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00			`case "new":`
			`apidb_header("New Account");`
			`include(BASE."include/"."form_new.php");`
			`apidb_footer();`
			`exit;`

			`case "do_new":`
			`cmd_do_new();`
			`exit;`

			`case "login":`
			`apidb_header("Login");`
			`include(BASE."include/"."form_login.php");`
			`apidb_footer();`
			`exit;`

			`case "do_login":`
			`cmd_do_login();`
			`exit;`

			`case "send_passwd":`
			`cmd_send_passwd();`
			`exit;`

			`case "logout":`
			`apidb_session_destroy();`
			`addmsg("You are successfully logged out.", "green");`
			`redirect(apidb_fullurl("index.php"));`
			`exit;`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`//not valid command, display error page`
			`errorpage("Internal Error","This module was called with incorrect parameters");`
			`exit;`
			`}`

			`//retry`
			`function retry($cmd, $msg)`
			`{`
			`addmsg($msg, "red");`
			`do_account($cmd);`
			`}`

			`//create new account`
			`function cmd_do_new()`
			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00
			`if(ereg("^.+@.+\\..+$", $_POST['ext_username']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_POST['ext_username'] = "";`
Initial revision 2004-03-15 16:22:00 +00:00			`retry("new", "Invalid Username, must not contain special characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(strlen($_POST['ext_username']) < 3)`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_POST['ext_username'] = "";`
Initial revision 2004-03-15 16:22:00 +00:00			`retry("new", "Username must be at least 3 characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(strlen($_POST['ext_password']) < 5)`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`retry("new", "Password must be at least 5 characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if($_POST['ext_password'] != $_POST['ext_password2'])`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`retry("new", "Passwords don't match");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(!isset($_POST['ext_realname']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`retry("new", "You don't have a Real name?");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(!ereg("^.+@.+\\..+$", $_POST['ext_email']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_POST['ext_email'] = "";`
Initial revision 2004-03-15 16:22:00 +00:00			`retry("new", "Invalid email address");`
			`return;`
			`}`

			`$user = new User();`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if($user->exists($_POST['ext_username']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_POST['ext_username'] = "";`
Initial revision 2004-03-15 16:22:00 +00:00			`retry("new", "That username is already in use");`
			`return;`
			`}`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$result = $user->create($_POST['ext_username'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['ext_email']);`
Initial revision 2004-03-15 16:22:00 +00:00
			`if($result == null)`
			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$user->login($_POST['ext_username'], $_POST['ext_password']);`
			`addmsg("Account created! (".$_POST['ext_username'].")", "green");`
Initial revision 2004-03-15 16:22:00 +00:00			`redirect(apidb_fullurl());`
			`}`
			`else`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00			`retry("new", "Failed to create account: $result");`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`//email lost password`
			`function cmd_send_passwd()`
			`{`
			`$user = new User();`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$userid = $user->lookup_userid($_POST['ext_username']);`
Initial revision 2004-03-15 16:22:00 +00:00			`$passwd = generate_passwd();`

			`if ($userid)`
			`{`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00			`if ($user->update($userid, $passwd))`
			`{`
Initial revision 2004-03-15 16:22:00 +00:00			`$msg = "Application DB Lost Password\n";`
			`$msg .= "----------------------------\n";`
			`$msg .= "We have received a request that you lost your password.\n";`
			`$msg .= "We will create a new password for you. You can then change\n";`
			`$msg .= "your password at the Preferences screen.\n\n";`
			`$msg .= "Your new password is: ".$passwd."\n\n";`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00
			`if (mail($user->lookup_email($userid), '[AppDB] Lost Password', $msg))`
			`{`
			`addmsg("Your new password has been emailed to you.", "green");`
			`}`
			`else`
			`{`
			`addmsg("Your password has changed, but we could not email it to you. Contact Support!", "red");`
			`}`
			`}`
			`else`
			`{`
			`addmsg("Internal Error, we could not update your password.", "red");`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`else`
			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`redirect(apidb_fullurl("account.php?cmd=login"));`
			`}`

			`//on login handler`
			`function cmd_do_login()`
			`{`
			`$user = new User();`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$result = $user->login($_POST['ext_username'], $_POST['ext_password']);`
Initial revision 2004-03-15 16:22:00 +00:00
			`if($result == null)`
			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_SESSION['current'] = $user;`
Add a dropdown list of vendors to the app submit page. Automatch the dropdown vendor selection on the admin side of there is an exact or partial name match. Clear out the vendor field if a match is found. Display username when logging in to the db. 2004-04-06 21:26:10 +00:00			`addmsg("You are successfully logged in as '$user->username'.", "green");`
Initial revision 2004-03-15 16:22:00 +00:00			`redirect(apidb_fullurl("index.php"));`
			`}`
			`else`
			`{`
			`retry("login","Login failed ($result)");`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$_SESSION['current'] = "";`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`}`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`?>`