Changeset 149
- Timestamp:
- 20/07/05 18:31:22 (3 years ago)
- Files:
-
- admin.lib.php (modified) (5 diffs)
- admin.php (modified) (1 diff)
- blog.lib.php (modified) (2 diffs)
- blog.sql (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r148 r149 189 189 echo "</div>\n"; 190 190 echo "</div>\n"; 191 echo "<div>\n"._("Not got an account?")."<br /><a href=\"{$this->adminPath}signup\">"._("Sign Up Here!")."</a></div>"; 191 192 } 192 193 … … 765 766 //sanitise username 766 767 if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) { 767 if (safeuname($ username)) {768 if (safeuname($_POST['username'])) { 768 769 $username = addslashes(trim(strip_tags($_POST['username']))); 769 770 } … … 774 775 $this->inputError = _("No Username Provided"); 775 776 } 776 777 777 //sanitise name 778 778 if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) { … … 793 793 $this->inputError = _("No Description Provided"); 794 794 } 795 //check the user doesn't already exist 796 $sql = db_query("SELECT username from users where username = '".$username."';"); 797 $sqlNum = db_num_rows($sql); 798 if ($sqlNum != 0) { 799 $this->inputError = _("Username already in use!"); 800 } 801 //check there is a system user with this name (ie if they are a sucs member) 802 if(!posix_getpwnam($username)) { 803 $this->inputError = _("You need to be a SUCS member to sign up for a blog here!"); 804 } 805 //if we dont have any errors 795 806 if (!$this->inputError) { 796 //check the user doesnt already exist 797 $sql = db_query("SELECT username from users where username = '".$username."';"); 798 $sqlNum = db_num_rows($sql); 799 if ($sqlNum != 0) { 800 error(1,_("Username already in use!")); 801 } 802 //check there is a system user with this name (so we can check if they are a sucs member) 803 if(!posix_getpwnam($username)) { 804 error(1,_("You need to be a SUCS member to sign up for a blog here!")); 805 } 806 //do our stuff 807 $sql = ("INSERT into USERS (username,password,name,title,description) VALUES ('{$username}','{$password}','{$name}','{$title}','{$description}');"); 808 if (!db_query($query)) { 809 error(2,_("Database Insertion failed.")); 807 //encrypt the password 808 $cryptPassword = crypt($password); 809 //add to the database 810 $sql = ("INSERT into USERS (username,password,name,title,description) VALUES ('{$username}','{$cryptPassword}','{$name}','{$title}','{$description}');"); 811 //error if that failed 812 if (!db_query($sql)) { 813 error(2,_("Database Insertion failed - ").db_error(db_query($sql))); 810 814 } 815 //else mail the password to the user and report sucsess 811 816 else { 812 817 mail( 813 818 "{$username}@sucs.org", 814 819 _("Blog Password"), 815 _(" You Blog Password is : ").$password."\n"._("Please login and change it at").$_SERVER["SERVER_NAME"].$this->adminPath,820 _("Welcome to SUCS Blogs")."\n\n"._("The multi-user web log system created by SUCS members for SUCS members.")."\n\n"._("You Blog Password is : ").$password."\n"._("Please login and change it at ")."http://".$_SERVER["SERVER_NAME"].$this->adminPath, 816 821 "From: \"Blog Admin\" <blogadmin@sucs.org>" 817 822 ); 818 823 echo _("Account Added!<br />Your password has been sent to your SUCS email account"); 819 824 } 820 } 825 } 826 //return to the form 821 827 else { 822 error(4,$this->inputError);828 $this->addUserForm(); 823 829 } 824 830 } … … 831 837 echo "<div class=\"errorinfo\">"._("Error")." : " . $this->inputError . "</div>\n"; 832 838 } 833 elseif (isset($_POST['submit'])) { 834 echo "<p>New user added.</p>\n"; 835 } 836 echo "<h2>"._("Add User")."</h2>\n"; 839 echo "<h2>"._("Register for a Blog")."</h2>\n"; 837 840 echo "<form action=\"".$this->adminPath."adduser\" method=\"post\" id=\"adduserform\">\n"; 838 841 echo "<p>\n"; 839 echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\" 22\" maxlength=\"50\" tabindex=\"1\" />\n";842 echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n"; 840 843 echo "<label for=\"username\">"._("Username")."</label>\n"; 844 echo "</p>\n"; 845 echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['name'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n"; 846 echo "<label for=\"name\">"._("Real name")."</label>\n"; 847 echo "</p>\n"; 848 echo "<p>\n"; 849 echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['title'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n"; 850 echo "<label for=\"title\">"._("Title")."</label>\n"; 851 echo "</p>\n"; 852 echo "<p>\n"; 853 echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['description'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"4\" />\n"; 854 echo "<label for=\"title\">"._("Description")."</label>\n"; 855 echo "</p>\n"; 856 echo "<p>\n"; 857 echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\""._("Sign Up")."\" />\n"; 858 echo "</p>\n"; 859 echo "</form>\n"; 860 echo "<p>"._("You need to be a member of ")."<a href=\"http://sucs.org/\">SUCS</a>"._(" to register")."<br />"._("The normal ")."<a href=\"http://sucs.org/info/conditions.php\">"._("Terms and Conditions")."</a>"._(" apply")."</p>\n"; 861 echo "</div>\n"; 841 862 } 842 863 } admin.php
r141 r149 108 108 } 109 109 } 110 //else offer login box111 110 else { 112 echo "<div class=\"login\"><h3>"._("Not logged in")."</h3>\n"; 113 $admin->printLoginForm(); 111 //run appropriate functions 112 switch (array_shift($request)) { 113 case "signup": 114 echo "<div class=\"login\"><h3><a href=\"{$admin->adminPath}\">"._("Not logged in")."</a></h3>\n"; 115 $admin->addUserForm(); 116 break; 117 case "adduser": 118 echo "<div class=\"login\"><h3><a href=\"{$admin->adminPath}\">"._("Not logged in")."</a></h3>\n"; 119 $admin->addUser(); 120 break; 121 //or offer login box 122 default: 123 echo "<div class=\"login\"><h3>"._("Not logged in")."</h3>\n"; 124 $admin->printLoginForm(); 125 } 114 126 } 115 127 blog.lib.php
r140 r149 501 501 echo "<p>"._("Welcome to SUCS Blogs - The multi-user web log system created by SUCS members for SUCS members.")."</p>\n"; 502 502 echo "<p>"._("Browse the blogs below or use the links on the left to navigate the site. Happy blogging!")."</p>\n"; 503 echo "<p>"._("Want to join the ranks of SUCS bloggers? - ")."<a href=\"{$this->adminPath}signup\">"._("Start a Blog!")."</a></p>\n"; 503 504 echo "</div>\n"; 504 505 echo "<div id=\"listofblogs\">\n"; … … 555 556 echo "<ul class=\"side-menu\">\n"; 556 557 echo "<li><a href=\"{$this->adminPath}\">"._("Blog admin")."</a></li>\n"; 558 echo "<li><a href=\"{$this->adminPath}signup\">"._("Start a Blog")."</a></li>\n"; 557 559 echo "</ul>\n"; 558 560 } blog.sql
r136 r149 10 10 CREATE TABLE users ( 11 11 id serial NOT NULL PRIMARY KEY, 12 username text NOT NULL ,12 username text NOT NULL UNIQUE, 13 13 password text NOT NULL, 14 14 type integer DEFAULT 1, … … 31 31 user_id integer REFERENCES users ON DELETE CASCADE NOT NULL 32 32 ); 33 CREATE UNIQUE INDEX entries_shortsubject_key ON entries (shortsubject, user_id); 33 34 34 35 CREATE TABLE comments ( … … 48 49 name text 49 50 ); 51 CREATE UNIQUE INDEX entries_shortsubject_key ON entries (email, user_id);
