user = $user; } public function add_link($name, $link, $position=50) { while(isset($this->parts[$position])) $position++; $this->parts[$position] = "$name"; } } class UserPage extends Extension { // event handling {{{ public function receive_event($event) { if(is_a($event, 'InitExtEvent')) { global $config; $config->set_default_bool("login_signup_enabled", true); $config->set_default_int("login_memory", 365); } if(is_a($event, 'PageRequestEvent') && ($event->page == "user")) { global $page; global $user; global $database; global $config; if($event->get_arg(0) == "login") { if(isset($_POST['user']) && isset($_POST['pass'])) { $this->login(); } else { $page->set_title("Login"); $page->set_heading("Login"); $page->add_block(new NavBlock()); $page->add_block(new Block("Login There", "There should be a login box to the left")); } } else if($event->get_arg(0) == "logout") { setcookie("shm_session", "", time()+60*60*24*$config->get_int('login_memory'), "/"); $page->set_mode("redirect"); $page->set_redirect(make_link("index")); } else if($event->get_arg(0) == "changepass") { $this->change_password_wrapper(); } else if($event->get_arg(0) == "create") { $this->create_user_wrapper(); } else if($event->get_arg(0) == "set_more") { $this->set_more_wrapper(); } else { // view $duser = ($event->count_args() == 0) ? $user : $database->get_user_by_name($event->get_arg(0)); $this->build_user_page($duser); } } // user info is shown on all pages if(is_a($event, 'PageRequestEvent')) { global $user; global $page; if($user->is_anonymous()) { $page->add_block(new Block("Login", $this->build_login_block(), "left", 90)); } else { $page->add_block(new Block("User Links", $this->build_links_block(), "left", 90)); } } if(is_a($event, 'SetupBuildingEvent')) { $sb = new SetupBlock("User Options"); $sb->add_bool_option("login_signup_enabled", "Allow new signups: "); $sb->add_longtext_option("login_tac", "
Terms & Conditions:
"); $event->panel->add_block($sb); } if(is_a($event, 'UserBlockBuildingEvent')) { $event->add_link("User Config", make_link("user")); $event->add_link("Log Out", make_link("user/logout"), 99); } } // }}} // Things done *with* the user {{{ private function login() { global $page; global $database; global $config; global $user; $name = $_POST['user']; $pass = $_POST['pass']; $addr = $_SERVER['REMOTE_ADDR']; $hash = md5( strtolower($name) . $pass ); $duser = $database->get_user_by_name_and_hash($name, $hash); if(!is_null($duser)) { $user = $duser; setcookie( "shm_user", $name, time()+60*60*24*365, "/" ); setcookie( "shm_session", md5($hash.$addr), time()+60*60*24*$config->get_int('login_memory'), "/" ); $page->set_mode("redirect"); $page->set_redirect(make_link("user")); } else { $page->set_title("Permission Denied"); $page->set_heading("Permission Denied"); $page->add_block(new NavBlock()); $page->add_block(new Block("Error", "No user with those details was found")); } } private function create_user_wrapper() { global $page; global $database; global $config; if(!$config->get_bool("login_signup_enabled")) { $page->set_title("Signups Disabled"); $page->set_heading("Signups Disabled"); $page->add_block(new NavBlock()); $page->add_block(new Block("Signups Disabled", "The board admin has disabled the ability to create new accounts~")); } else if(isset($_POST['name']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { $name = trim($_POST['name']); $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $page->set_title("Error"); $page->set_heading("Error"); $page->add_block(new NavBlock()); if(strlen($name) < 1) { $page->add_block(new Block("Error", "Username must be at least 1 character")); } else if($pass1 != $pass2) { $page->add_block(new Block("Error", "Passwords don't match")); } else if($database->db->GetRow("SELECT * FROM users WHERE name = ?", array($name))) { $page->add_block(new Block("Error", "That username is already taken")); } else { $addr = $_SERVER['REMOTE_ADDR']; $hash = md5( strtolower($name) . $pass1 ); $email = isset($_POST['email']) ? $_POST['email'] : null; // FIXME: send_event() $database->Execute( "INSERT INTO users (name, pass, joindate, email) VALUES (?, ?, now(), ?)", array($name, $hash, $email)); setcookie("shm_user", $name, time()+60*60*24*365, '/'); setcookie("shm_session", md5($hash.$addr), time()+60*60*24*$config->get_int('login_memory'), '/'); $page->set_mode("redirect"); $page->set_redirect(make_link("user")); } } else { $page->set_title("Create Account"); $page->set_heading("Create Account"); $page->add_block(new NavBlock()); $page->add_block(new Block("Signup", $this->build_signup_form())); } } //}}} // Things done *to* the user {{{ private function change_password_wrapper() { global $user; global $page; global $database; $page->set_title("Error"); $page->set_heading("Error"); $page->add_block(new NavBlock()); if($user->is_anonymous()) { $page->add_block(new Block("Error", "You aren't logged in")); } else if(isset($_POST['id']) && isset($_POST['name']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { $name = $_POST['name']; $id = $_POST['id']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; if((!$user->is_admin()) && ($name != $user->name)) { $page->add_block(new Block("Error", "You need to be an admin to change other people's passwords")); } else if($pass1 != $pass2) { $page->add_block(new Block("Error", "Passwords don't match")); } else { global $config; $addr = $_SERVER['REMOTE_ADDR']; $hash = md5( strtolower($name) . $pass1 ); // FIXME: send_event() // FIXME: $duser->set_pass(); $database->Execute( "UPDATE users SET pass = ? WHERE id = ?", array($hash, $id)); if($id == $user->id) { setcookie("shm_user", $name, time()+60*60*24*365, '/'); setcookie("shm_session", md5($hash.$addr), time()+60*60*24*$config->get_int('login_memory'), '/'); $page->set_mode("redirect"); $page->set_redirect(make_link("user")); } else { $page->set_mode("redirect"); $page->set_redirect(make_link("user/{$user->name}")); } } } } private function set_more_wrapper() { global $page; global $user; global $database; $page->set_title("Error"); $page->set_heading("Error"); $page->add_block(new NavBlock()); if(!$user->is_admin()) { $page->add_block(new Block("Not Admin", "Only admins can edit accounts")); } else if(!isset($_POST['id']) || !is_numeric($_POST['id'])) { $page->add_block(new Block("No ID Specified", "You need to specify the account number to edit")); } else { $admin = (isset($_POST['admin']) && ($_POST['admin'] == "on")); $enabled = (isset($_POST['enabled']) && ($_POST['enabled'] == "on")); $duser = $database->get_user_by_id($_POST['id']); $duser->set_admin($admin); $duser->set_enabled($enabled); $page->set_mode("redirect"); if($duser->id == $user->id) { $page->set_redirect(make_link("user")); } else { $page->set_redirect(make_link("user/{$duser->name}")); } } } // }}} // HTML building {{{ private function build_signup_form() { global $config; $tac = $config->get_string("login_tac"); if(empty($tac)) { $html = ""; } else { $html = "

$tac

"; } $html .= "
Name
Password
Repeat Password
Email (Optional)
"; return $html; } private function build_user_page($duser) { global $page; global $user; if(!is_null($duser)) { $page->set_title("{$duser->name}'s Page"); $page->set_heading("{$duser->name}'s Page"); $page->add_block(new NavBlock()); $page->add_block(new Block("Stats", $this->build_stats($duser))); if(!$user->is_anonymous()) { if($user->id == $duser->id || $user->is_admin()) { $page->add_block(new Block("Options", $this->build_options($duser), "main", 0)); } if($user->is_admin()) { $page->add_block(new Block("More Options", $this->build_more_options($duser))); $page->add_block(new Block("IP List", $this->build_ip_list($duser))); } } } else { $page->set_title("No Such User"); $page->set_heading("No Such User"); $page->add_block(new NavBlock()); $page->add_block(new Block("No User By That ID", "If you typed the ID by hand, try again; if you came from a link on this ". "site, it might be bug report time...")); } } private function build_stats($duser) { global $database; global $config; $i_days_old = int_escape($duser->get_days_old()); $h_join_date = html_escape($duser->join_date); $i_image_count = int_escape($duser->get_image_count()); $i_comment_count = int_escape($duser->get_comment_count()); $i_days_old2 = ($i_days_old == 0) ? 1 : $i_days_old; $h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2)); $h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2)); $u_name = url_escape($duser->name); $images_link = make_link("index", "search=poster%3D$u_name"); return " Join date: $h_join_date ($i_days_old days old)
Images uploaded: $i_image_count ($h_image_rate / day)
Comments made: $i_comment_count ($h_comment_rate / day) "; } private function build_options($duser) { global $database; global $config; $html = ""; $html .= "
Change Password
Password
Repeat Password
"; return $html; } private function build_more_options($duser) { global $database; global $config; $i_user_id = int_escape($duser->id); $h_is_admin = $duser->is_admin() ? " checked" : ""; $h_is_enabled = $duser->is_enabled() ? " checked" : ""; $html = "
Admin:
Enabled:

"; return $html; } private function build_ip_list($duser) { global $database; global $config; $html = ""; $html .= ""; $html .= "
Uploaded from: "; $rows = $database->db->GetAll(" SELECT owner_ip, COUNT(images.id) AS count FROM images WHERE owner_id=? GROUP BY owner_ip ORDER BY posted DESC", array($duser->id), true); foreach($rows as $row) { $ip = $row['owner_ip']; $count = $row['count']; $html .= "
$ip ($count)"; } $html .= "		Commented from:"; $rows = $database->db->GetAll(" SELECT owner_ip, COUNT(comments.id) AS count FROM comments WHERE owner_id=? GROUP BY owner_ip ORDER BY posted DESC", array($duser->id), true); foreach($rows as $row) { $ip = $row['owner_ip']; $count = $row['count']; $html .= "
$ip ($count)"; } $html .= "
(Most recent at top)
"; return $html; } private function build_links_block() { global $user; $ubbe = new UserBlockBuildingEvent($user); send_event($ubbe); $h_name = html_escape($user->name); $html = "Logged in as $h_name
"; ksort($ubbe->parts); $html .= join("\n
", $ubbe->parts); return $html; } private function build_login_block() { global $config; $html = "
Name
Password
"; if($config->get_bool("login_signup_enabled")) { $html .= "Create Account"; } return $html; } // }}} } add_event_listener(new UserPage()); ?>