external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "Several functions added to web/lib/acctfuncs.inc"

Browse source 
This has a couple of bugs I just discovered arrgh. We shall return
This reverts commit 5e7e9f1b21d8803c718ac8551f8e0e25709fcd6f.
This commit is contained in:
Loui Chang 2007-09-30 14:07:20 -04:00 committed by Dan McGee
parent 6b3e902851
commit c404c278cc
1 changed files with 4 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

195
web/lib/acctfuncs.inc
View file

@ -79,7 +79,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
print "<td align='left'>".__("Password").":</td>"; print "<td align='left'>".__("Password").":</td>";
print "<td align='left'><input type='password' size='30' maxlength='32'"; print "<td align='left'><input type='password' size='30' maxlength='32'";
print " name='P' value='".$P."'>"; print " name='P' value='".$P."'>";
if ($A != "UpdateAccount") { if ($TYPE == "new") {
print " (".__("required").")"; print " (".__("required").")";
} }
print "</td></tr>\n"; print "</td></tr>\n";
@ -88,7 +88,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
print "<td align='left'>".__("Re-type password").":</td>"; print "<td align='left'>".__("Re-type password").":</td>";
print "<td align='left'><input type='password' size='30' maxlength='32'"; print "<td align='left'><input type='password' size='30' maxlength='32'";
print " name='C' value='".$C."'>"; print " name='C' value='".$C."'>";
if ($A != "UpdateAccount") { if ($TYPE == "new") {
print " (".__("required").")"; print " (".__("required").")";
} }
print "</td></tr>\n"; print "</td></tr>\n";
@ -108,8 +108,6 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
print "<tr>"; print "<tr>";
print "<td align='left'>".__("Language").":</td>"; print "<td align='left'>".__("Language").":</td>";
print "<td align='left'><select name=L>\n"; print "<td align='left'><select name=L>\n";
reset($SUPPORTED_LANGS);
while (list($code, $lang) = each($SUPPORTED_LANGS)) { while (list($code, $lang) = each($SUPPORTED_LANGS)) {
if ($L == $code) { if ($L == $code) {
print "<option value=".$code." selected> ".$lang."\n"; print "<option value=".$code." selected> ".$lang."\n";
@ -134,7 +132,6 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
print "<tr>"; print "<tr>";
print "<td>&nbsp;</td>"; print "<td>&nbsp;</td>";
print "<td align='left'>"; print "<td align='left'>";
if ($A == "UpdateAccount") { if ($A == "UpdateAccount") {
print "<input type='submit' class='button'"; print "<input type='submit' class='button'";
print " value='".__("Update")."'> &nbsp; "; print " value='".__("Update")."'> &nbsp; ";
@ -178,14 +175,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$dbh = db_connect(); $dbh = db_connect();
$error = ""; $error = "";
if (empty($E) || empty($U)) { if (!isset($E) || !isset($U)) {
$error = __("Missing a required field."); $error = __("Missing a required field.");
} }
if ($TYPE == "new") { if ($TYPE == "new") {
# they need password fields for this type of action # they need password fields for this type of action
# #
if (empty($P) || empty($C)) { if (!isset($P) || !isset($C)) {
$error = __("Missing a required field."); $error = __("Missing a required field.");
} }
} else { } else {
@ -193,22 +189,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing User ID"); $error = __("Missing User ID");
} }
} }
if (!$error && !valid_username($U))
$error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be " . USERNAME_MIN_LEN . "-" . USERNAME_MAX_LEN
. " characters long") . "</li>"
. "<li>" . __("start and end with a letter or number") . "</li>"
. "<li>" . __("can contain only one period, underscore or hyphen.")
. "</li>\n</ul>";
if (!$error && $P && $C && ($P != $C)) { if (!$error && $P && $C && ($P != $C)) {
$error = __("Password fields do not match."); $error = __("Password fields do not match.");
} }
if (!$error && !good_passwd($P))
$error = __("Your password must be at least " . PASSWD_MIN_LEN
. " characters.");
if (!$error && !valid_email($E)) { if (!$error && !valid_email($E)) {
$error = __("The email address is invalid."); $error = __("The email address is invalid.");
} }
@ -595,175 +578,5 @@ function display_account_info($U="",$T="",
return; return;
} }
/*
* Returns SID (Session ID) and error (error message) in an array
* SID of 0 means login failed.
* There should be a better way of doing this...I think
*/
function try_login() {
$login_error = "";
$new_sid = "";
$userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
$userID = valid_user($_REQUEST['user']);
if ( user_suspended( $userID ) ) {
$login_error = "Account Suspended.";
}
elseif ( $userID && isset($_REQUEST['passwd'])
&& valid_passwd($userID, $_REQUEST['passwd']) ) {
$logged_in = 0;
$num_tries = 0;
# Account looks good. Generate a SID and store it.
#
$dbh = db_connect();
while (!$logged_in && $num_tries < 5) {
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = db_query($q, $dbh);
# Query will fail if $new_sid is not unique
#
if ($result) {
$logged_in = 1;
break;
}
$num_tries++;
}
if ($logged_in) {
# set our SID cookie
setcookie("AURSID", $new_sid, 0, "/");
# header("Location: /index.php");
header("Location: " . $_SERVER['PHP_SELF']);
$login_error = "";
}
else {
$login_error = "Error trying to generate session id.";
}
}
else {
$login_error = "Bad username or password.";
}
}
return array('SID' => $new_sid, 'error' => $login_error);
}
/*
* Only checks if the name itself is valid
* Longer or equal to USERNAME_MIN_LEN
* Shorter or equal to USERNAME_MAX_LEN
* Starts and ends with a letter or number
* Contains at most ONE dot, hyphen, or underscore
* Returns the username if it is valid
* Returns nothing if it isn't valid
*/
function valid_username( $user )
{
#Is it non-empty?
if (!empty($user)) {
#Is username at not too short or too long?
if ( strlen($user) >= USERNAME_MIN_LEN &&
strlen($user) <= USERNAME_MAX_LEN ) {
$user = strtolower($user);
#Does username:
# start and end with a letter or number
# contain only letters and numbers,
# and at most has one dash, period, or underscore
if ( preg_match("/^[a-z0-9]+[.-_]?[a-z0-9]+$/", $user) ) {
#All is good return the username
return $user;
}
}
}
return;
}
/*
* Checks if the username is valid and if it exists in the database
* Returns the username ID or nothing
*/
function valid_user( $user )
{
/* if ( $user = valid_username($user) ) { */
if ( $user ) {
$dbh = db_connect();
/* $q = "SELECT ID FROM Users WHERE Username = '$user'"; */
$q = "SELECT ID FROM Users WHERE Username = '"
. mysql_real_escape_string($user). "'";
$result = mysql_fetch_row(db_query($q, $dbh));
#Is the username in the database?
if ($result[0]) {
return $result[0];
}
}
return;
}
function good_passwd( $passwd )
{
if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
return true;
}
return false;
}
/* Verifies that the password is correct for the userID specified.
* Returns true or false
*/
function valid_passwd( $userID, $passwd )
{
if ( good_passwd($passwd) ) {
$dbh = db_connect();
$q = "SELECT ID FROM Users".
" WHERE ID = '$userID'" .
" AND Passwd = '" . md5($passwd) . "'";
$result = mysql_fetch_row(db_query($q, $dbh));
if ($result[0]) {
#is it the right password?
return true;
}
}
return false;
}
/*
* Is the user account suspended?
*/
function user_suspended( $id )
{
$dbh = db_connect();
$q = "SELECT Suspended FROM Users WHERE ID = '$id'";
$result = mysql_fetch_row(db_query($q, $dbh));
if ($result[0] == 1 ) {
return true;
}
return false;
}
/*
* This should be expanded to return something
* TODO: Handle orphaning of user's packages
*/
function user_delete( $id )
{
$dbh = db_connect();
$q = "DELETE FROM Users WHERE ID = '$id'";
$result = mysql_fetch_row(db_query($q, $dbh));
}
# vim: ts=2 sw=2 noet ft=php # vim: ts=2 sw=2 noet ft=php
?> ?>