diff options
| author |   Eudyptula <eitan@mosenkis.net> | 2009-06-25 15:22:42 -0400 |
|---|---|---|
| committer | Eudyptula <eitan@mosenkis.net> | 2009-06-25 15:22:42 -0400 |
| commit | a171039a434de5bb44af48c776bc7625a09c7752 (patch) | |
| tree | bf9b39c864ee5a01a9f5d5b12173899aeab05897 /frontend | |
| parent | Cleaned up various unused bits of code; moved finished images to their own di... (diff) | |
| download | ingenue-a171039a434de5bb44af48c776bc7625a09c7752.tar.gz ingenue-a171039a434de5bb44af48c776bc7625a09c7752.tar.bz2 ingenue-a171039a434de5bb44af48c776bc7625a09c7752.zip | |
Added logout and user self-registration with email confirmation; Updates to sql_row_obj; PDO subclass for debugging
Diffstat (limited to 'frontend')
| -rw-r--r-- | frontend/functions/xhtmlemail.php | 18 | ||||
| -rw-r--r-- | frontend/include/header.php | 12 | ||||
| -rw-r--r-- | frontend/pages/login.php | 24 | ||||
| -rw-r--r-- | frontend/pages/logout.php | 16 | ||||
| -rw-r--r-- | frontend/pages/register.php | 66 | ||||
| -rw-r--r-- | frontend/routing.csv | 4 |
6 files changed, 103 insertions, 37 deletions
diff --git a/frontend/functions/xhtmlemail.php b/frontend/functions/xhtmlemail.php deleted file mode 100644 index 753a6dc..0000000 --- a/frontend/functions/xhtmlemail.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php -// Sends an XHTML email with the appropriate headers and the necessary opening and closing for an XHTML document -function xhtmlemail($to,$from,$subj,$cont,$inheads=null) { - global $conf; - if ($from===null) { - $from=$conf['emailfrom']; - } - $heads='MIME-Version: 1.0' . "\r\n"; - $heads.='Content-type: text/html; charset=utf-8' . "\r\n"; - $heads.='From: '.$from."\r\n"; - $heads.='X-Mailer: MosBlog/'.MOSBLOG_VERSION."\r\n"; - if ($inheads!==null) { - $heads.="\r\n".$inheads; - } - $cont='<?xml version="1.0" encoding="utf-8"?>'."\n".'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'."\n".'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'.$cont.'</html>'."\n"; - return mail($to,$subj,$cont,$heads); -} -?> diff --git a/frontend/include/header.php b/frontend/include/header.php index 578605a..0822f68 100644 --- a/frontend/include/header.php +++ b/frontend/include/header.php @@ -37,7 +37,17 @@ echo '<li><a href="'.url('logs').'">Log viewer</a></li>'; </div> <div id="top" class="box"> <?php - echo (isset($S['user'])?'<a href="'.url('logout').'">Logout</a>':'<a href="'.url('login').'">Login</a>'); + $links=array(); + if (isset($S['user'])) { + $links['logout'.(strlen($S['request'])?'/'.$S['request']:'')]='Logout'; + } else { + $links['login'.(strlen($S['request'])?'/'.$S['request']:'')]='Login'; + $links['register']='Register'; + } + foreach ($links as $url => $text) { + $links[$url]='<a href="'.url($url).'">'.htmlentities($text).'</a>'; + } + echo implode(' • ', $links); ?> </div> <div id="main" class="box"> diff --git a/frontend/pages/login.php b/frontend/pages/login.php index 881a821..13eeb0a 100644 --- a/frontend/pages/login.php +++ b/frontend/pages/login.php @@ -2,28 +2,16 @@ function init_login() { global $S, $request, $conf; if (isset($S['user'])) { + // Should we let you continue to $request['go'] instead? return 'welcome'; } else { if (isset($request['email']) && isset($request['password'])) { $r=$S['pdo']->query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($request['email']).' AND `passhash`="'.sha1($request['password']).'"'); if ($r->rowCount()) { $S['user']=new sql_user($r->fetch(PDO::FETCH_ASSOC)); - $id=null; - while (!$id) { - $id=randstring(30); - $r=$S['pdo']->query('SELECT * FROM `sessions` WHERE `id`="'.$id.'"'); - if ($r->rowCount()) { - $id=null; - } - } - $session=new sql_session($id, $S['user']->id, time(), $conf['sessionlength']); - debug('setcookie', $conf['cookiename'].'='.$id); - if (setcookie($conf['cookiename'], $session->id, time()+$conf['sessionlength'], $S['cookie_dir'], '', false, true)) { - $session->write(); - $S['login_result']=true; - } + $S['login.result']=sql_session::create(); } else { - $S['login_result']=false; + $S['login.result']=false; } } return array('title' => 'Login'); @@ -35,10 +23,10 @@ function body_login() { $request['go']=$S['request']; echo print_warning('Please sign in to access this page.'); } - if (isset($S['login_result'])) { - if ($S['login_result'] === 'error') { + if (isset($S['login.result'])) { + if ($S['login.result'] === 'error') { echo print_error('An error occurred while signing you in.'); - } elseif ($S['login_result']) { + } elseif ($S['login.result']) { echo print_success('Welcome, '.$S['user']->name); echo '<a href="'.url(isset($request['go'])?$request['go']:'').'">Continue</a>'; die; diff --git a/frontend/pages/logout.php b/frontend/pages/logout.php new file mode 100644 index 0000000..6eccd3d --- /dev/null +++ b/frontend/pages/logout.php @@ -0,0 +1,16 @@ +<?php +function init_logout() { + global $S, $conf, $request; + if (isset($S['session'])) { + $S['session']->delete(); + } + setcookie($conf['cookiename'], '', 1, $S['cookie_dir'], '', false, true); + if (isset($request['go'])) { + header('Location: '.url($request['go'])); + } +} +function body_logout() { + echo print_success('Logged out.'); + echo '<a href="'.url('login').'">Log back in</a>'; +} +?> diff --git a/frontend/pages/register.php b/frontend/pages/register.php new file mode 100644 index 0000000..344ee25 --- /dev/null +++ b/frontend/pages/register.php @@ -0,0 +1,66 @@ +<?php +function init_register() { + global $S; + if (isset($S['user'])) { + header('Location: '.url()); + return 'welcome'; + } + if (isset($request['token']) && preg_match('/^[a-zA-Z0-9]{30}$/', $request['token'])) { + $r=$S['pdo']->query('SELECT * FROM `tokens` WHERE `id`=\''.$request['token'].'\''); + if ($r->rowCount()) { + $S['register.token']=new sql_registrationtoken($r->fetch(PDO::FETCH_ASSOC)); + if (isset($request['password'])) { + $S['register.fail']=''; + if (!isset($request['name']) || !Validate::username($request['name'])) + $S['register.fail'].=print_warning('The username you entered is invalid. Names must be at least two characters long and may contain alphanumeric characters, period, space, underscore, and dash.'); + if (!isset($request['password']) || strlen($request['password']) <= 4) + $S['register.fail'].=print_warning('Please enter a password at least five characters long.'); + if ($S['register.fail']=='') { + $S['user']=new sql_user(null, $S['register.token']->email, $request['name'], sha1($request['password']), ''); + $S['user']->write(); + $S['register.token']->delete(); + unset($S['register.token']); + sql_session::create(); + } + } + } + } + return array('title' => 'Register'); +} +function body_register() { + global $S, $request, $conf; + if (isset($S['user'])) + echo print_success('Account creation complete.'); + elseif (isset($request['email'])) { + if (!Validate::email($request['email'])) + echo print_warning('The email address you entered is invalid.').'<a href="javascript:history.go(-1)">Back</a>'; + // 5.3.0 - goto print form + else { + if ($S['pdo']->query('SELECT COUNT(*) FROM `users` WHERE `email`='.$S['pdo']->quote($request['email']))->fetch(PDO::FETCH_COLUMN)) + echo print_warning('An account already exists with this email address.').'<a href="'.url('login').'">Login</a>'; + else { + if ($token=$S['pdo']->query('SELECT * FROM `registrationtokens` WHERE `email`='.$S['pdo']->quote($request['email']))->fetch(PDO::FETCH_ASSOC)) { + echo print_warning('A confirmation email has already been sent to this email address... sending another email.'); + $token=new sql_registrationtoken($token); + } else { + $token=sql_registrationtoken::create(); + $token->email=$request['email']; + } + $token->expire=time()+24*3600; // 24 Hours before expiration (not implemented) + $token->write(); + xhtmlemail($request['email'], null, $conf['title'].' account creation', 'To complete your account registration, click this link: <a href="'.url('register/'.$token->id).'">'.url('register/'.$token->id).'</a>.'); + echo print_success('You will receive an email soon at '.htmlentities($request['email']).' with instructions to finish creating your account.'); + } + } + } elseif (isset($S['register.token'])) { + if (isset($S['register.fail'])) + echo $S['register.fail']; + else + echo '<h3>Register</h3><form action="'.url('register').'" method="post"><input type="hidden" name="token" value="'.$request['token'].'" />Display name: <input name="name" /><br/>Password: <input type="password" name="password" /><br/><input type="submit" value="Create Account" /></form>'; + } else + echo '<h3>Register</h3><form action="'.url('register').'" method="post"> + E-mail: <input name="email" /><br/> + <input type="submit" value="Create Account" /> + </form>'; +} +?> diff --git a/frontend/routing.csv b/frontend/routing.csv index 841529d..4baf180 100644 --- a/frontend/routing.csv +++ b/frontend/routing.csv @@ -25,7 +25,11 @@ ^download/([a-zA-Z0-9]{6})$ downloadimage build # Session ^login$ login +^login/(.+)$ login go ^logout$ logout +^logout/(.+)$ logout go +# Account stuff +^register$ register # Pass through ^(js)/([0-9a-zA-Z-_]+\.(js))$ passthrough dir file ext ^(images)/([0-9a-zA-Z-_]+\.(gif|jpg|jpeg|ico))$ passthrough dir file ext |