qemudb/account.php

<?php
/********************************************/
/* Account Login / Logout Handler for AppDB */
/********************************************/

include("path.php");
include(BASE."include/"."incl.php");

// set http header to not cache
header("Pragma: no-cache");
header("Cache-control: no-cache");

// check command and process
if(isset($_POST['cmd']))
    do_account($_POST['cmd']);
else
    do_account($_GET['cmd']);


/**
 * process according to $cmd from URL
 */
function do_account($cmd = null)
{
    if (!$cmd) return 0;
    switch($cmd)
    {
        case "new":
            apidb_header("New Account");
            include(BASE."include/"."form_new.php");
            apidb_footer();
            exit;

        case "do_new":
            cmd_do_new();
            exit;

        case "login":
            apidb_header("Login");
            include(BASE."include/"."form_login.php");
            apidb_footer();
            exit;

        case "do_login":
            cmd_do_login();
            exit;

        case "send_passwd":
            cmd_send_passwd();
            exit;

        case "logout":
            $GLOBALS['session']->destroy();
            addmsg("You are successfully logged out.", "green");
            redirect(apidb_fullurl("index.php"));
            exit;
    }
    //not valid command, display error page
    errorpage("Internal Error","This module was called with incorrect parameters");
    exit;
}

/**
 * retry
 */
function retry($cmd, $msg)
{
    addmsg($msg, "red");
    do_account($cmd);
}


/**
 * create new account
 */
function cmd_do_new()
{
    
    if(ereg("^.+@.+\\..+$", $_POST['ext_username']))
    {
        $_POST['ext_username'] = "";
        retry("new", "Invalid Username, must not contain special characters");
        return;
    }
    if(strlen($_POST['ext_username']) < 3)
    {
        $_POST['ext_username'] = "";
        retry("new", "Username must be at least 3 characters");
        return;
    }
    if(strlen($_POST['ext_password']) < 5)
    {
        retry("new", "Password must be at least 5 characters");
        return;
    }
    if($_POST['ext_password'] != $_POST['ext_password2'])
    {
        retry("new", "Passwords don't match");
        return;
    }
    if(!isset($_POST['ext_realname']))
    {
        retry("new", "You don't have a Real name?");
        return;
    }
    if(!ereg("^.+@.+\\..+$", $_POST['ext_email']))
    {
        $_POST['ext_email'] = "";
        retry("new", "Invalid email address");
        return;
    }

    $user = new User();

    if($user->exists($_POST['ext_username']))
    {
        $_POST['ext_username'] = "";
        retry("new", "That username is already in use");
        return;
    }

    $result = $user->create($_POST['ext_username'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['ext_email']);

    if($result == null)
    {
        $user->login($_POST['ext_username'], $_POST['ext_password']);
        addmsg("Account created! (".$_POST['ext_username'].")", "green");
        redirect(apidb_fullurl());
    }
    else
        retry("new", "Failed to create account: $result");
}


/**
 * email lost password
 */
function cmd_send_passwd()
{
    $user = new User();
    
    $userid = $user->lookup_userid($_POST['ext_username']);
    $passwd = generate_passwd();
    
    if ($userid)
    {
        if ($user->update($userid, $passwd))
        {
            $msg =  "Application DB Lost Password\n";
            $msg .= "----------------------------\n";
            $msg .= "We have received a request that you lost your password.\n";
            $msg .= "We will create a new password for you. You can then change\n";
            $msg .= "your password at the Preferences screen.\n\n";
            $msg .= "Your new password is: ".$passwd."\n\n";
            
            if (mail($user->lookup_email($userid), '[AppDB] Lost Password', $msg))
            {
                addmsg("Your new password has been emailed to you.", "green");
            }
            else
            {
                addmsg("Your password has changed, but we could not email it to you. Contact Support!", "red");
            }
        }
        else
        {
            addmsg("Internal Error, we could not update your password.", "red");
        }
    }
    else
    {
        addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");
    }
    
    redirect(apidb_fullurl("account.php?cmd=login"));
}


/**
 * on login handler
 */
function cmd_do_login()
{
    $user = new User();
    $result = $user->login($_POST['ext_username'], $_POST['ext_password']);

    if($result == null)
    {
        $_SESSION['current'] = $user;
        addmsg("You are successfully logged in as '$user->username'.", "green");
        redirect(apidb_fullurl("index.php"));    	    
    } else
    {
        retry("login","Login failed ($result)");
        $_SESSION['current'] = "";
    }
}

?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
			`/********************************************/`
			`/* Account Login / Logout Handler for AppDB */`
			`/********************************************/`
Initial revision 2004-03-15 16:22:00 +00:00
			`include("path.php");`
			`include(BASE."include/"."incl.php");`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`// set http header to not cache`
Initial revision 2004-03-15 16:22:00 +00:00			`header("Pragma: no-cache");`
			`header("Cache-control: no-cache");`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`// check command and process`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(isset($_POST['cmd']))`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`do_account($_POST['cmd']);`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`else`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`do_account($_GET['cmd']);`

Initial revision 2004-03-15 16:22:00 +00:00
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`/**`
			`* process according to $cmd from URL`
			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`function do_account($cmd = null)`
			`{`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`if (!$cmd) return 0;`
			`switch($cmd)`
			`{`
			`case "new":`
			`apidb_header("New Account");`
			`include(BASE."include/"."form_new.php");`
			`apidb_footer();`
			`exit;`

			`case "do_new":`
			`cmd_do_new();`
			`exit;`

			`case "login":`
			`apidb_header("Login");`
			`include(BASE."include/"."form_login.php");`
			`apidb_footer();`
			`exit;`

			`case "do_login":`
			`cmd_do_login();`
			`exit;`

			`case "send_passwd":`
			`cmd_send_passwd();`
			`exit;`

			`case "logout":`
updated to a slightly more improved version of the session management code should solve bugs with logging in on register_globals = off; 2004-12-13 03:50:02 +00:00			`$GLOBALS['session']->destroy();`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`addmsg("You are successfully logged out.", "green");`
			`redirect(apidb_fullurl("index.php"));`
			`exit;`
			`}`
			`//not valid command, display error page`
			`errorpage("Internal Error","This module was called with incorrect parameters");`
			`exit;`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`/**`
			`* retry`
			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`function retry($cmd, $msg)`
			`{`
			`addmsg($msg, "red");`
			`do_account($cmd);`
			`}`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00
			`/**`
			`* create new account`
			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`function cmd_do_new()`
			`{`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00
			`if(ereg("^.+@.+\\..+$", $_POST['ext_username']))`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$_POST['ext_username'] = "";`
			`retry("new", "Invalid Username, must not contain special characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(strlen($_POST['ext_username']) < 3)`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$_POST['ext_username'] = "";`
			`retry("new", "Username must be at least 3 characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(strlen($_POST['ext_password']) < 5)`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`retry("new", "Password must be at least 5 characters");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if($_POST['ext_password'] != $_POST['ext_password2'])`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`retry("new", "Passwords don't match");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(!isset($_POST['ext_realname']))`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`retry("new", "You don't have a Real name?");`
			`return;`
			`}`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if(!ereg("^.+@.+\\..+$", $_POST['ext_email']))`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$_POST['ext_email'] = "";`
			`retry("new", "Invalid email address");`
			`return;`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00
			`$user = new User();`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`if($user->exists($_POST['ext_username']))`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$_POST['ext_username'] = "";`
			`retry("new", "That username is already in use");`
			`return;`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$result = $user->create($_POST['ext_username'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['ext_email']);`
Initial revision 2004-03-15 16:22:00 +00:00
			`if($result == null)`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$user->login($_POST['ext_username'], $_POST['ext_password']);`
			`addmsg("Account created! (".$_POST['ext_username'].")", "green");`
			`redirect(apidb_fullurl());`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`else`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00			`retry("new", "Failed to create account: $result");`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00
			`/**`
			`* email lost password`
			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`function cmd_send_passwd()`
			`{`
			`$user = new User();`

- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$userid = $user->lookup_userid($_POST['ext_username']);`
Initial revision 2004-03-15 16:22:00 +00:00			`$passwd = generate_passwd();`

			`if ($userid)`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00			`if ($user->update($userid, $passwd))`
			`{`
Initial revision 2004-03-15 16:22:00 +00:00			`$msg = "Application DB Lost Password\n";`
			`$msg .= "----------------------------\n";`
			`$msg .= "We have received a request that you lost your password.\n";`
			`$msg .= "We will create a new password for you. You can then change\n";`
			`$msg .= "your password at the Preferences screen.\n\n";`
			`$msg .= "Your new password is: ".$passwd."\n\n";`
Fix some indenting in account.php. 2004-12-01 22:26:04 +00:00
			`if (mail($user->lookup_email($userid), '[AppDB] Lost Password', $msg))`
			`{`
			`addmsg("Your new password has been emailed to you.", "green");`
			`}`
			`else`
			`{`
			`addmsg("Your password has changed, but we could not email it to you. Contact Support!", "red");`
			`}`
			`}`
			`else`
			`{`
			`addmsg("Internal Error, we could not update your password.", "red");`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`else`
			`{`
Fix 2 cross site scripting problems. 2004-12-19 17:54:09 +00:00			`addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`redirect(apidb_fullurl("account.php?cmd=login"));`
			`}`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00
			`/**`
			`* on login handler`
			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`function cmd_do_login()`
			`{`
			`$user = new User();`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$result = $user->login($_POST['ext_username'], $_POST['ext_password']);`
Initial revision 2004-03-15 16:22:00 +00:00
			`if($result == null)`
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`{`
			`$_SESSION['current'] = $user;`
			`addmsg("You are successfully logged in as '$user->username'.", "green");`
			`redirect(apidb_fullurl("index.php"));`
			`} else`
			`{`
			`retry("login","Login failed ($result)");`
			`$_SESSION['current'] = "";`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`?>`