home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
rtsi.com
/
2014.01.www.rtsi.com.tar
/
www.rtsi.com
/
OS9
/
FAQ
/
discus_admin_1357211388
/
source
/
ui-prfle.pl
< prev
next >
Wrap
Text File
|
2009-11-06
|
17KB
|
453 lines
# FILE: ui-prfle.pl
# DESCRIPTION: User Interface Profile Editor/Manager
#-------------------------------------------------------------------------------
# DISCUS COPYRIGHT NOTICE
#
# Discus is copyright (c) 2002 by DiscusWare, LLC, all rights reserved.
# The use of Discus is governed by the Discus License Agreement which is
# available from the Discus WWW site at:
# http://www.discusware.com/discus/license
#
# Pursuant to the Discus License Agreement, this copyright notice may not be
# removed or altered in any way.
#-------------------------------------------------------------------------------
use strict;
use vars qw($GLOBAL_OPTIONS $PARAMS $DCONF);
###
### user_interface_profile_control
###
### Controls the "Edit Profile" aspect of the user interface as well as the
### appropriate related items when editing one's profile through Administration
###
sub user_interface_profile_control {
my $FORMref = parse_form($ENV{'QUERY_STRING'}, $ENV{'CONTENT_LENGTH'});
dreq("template", "authpass");
uiprfle_login($FORMref) if ! $FORMref->{action};
uiprfle_logout($FORMref) if $FORMref->{action} eq "logout";
if ($FORMref->{action} =~ m%^(edit|del)post%) {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("fcn-edt-PRO");
fcn_edt_main($FORMref);
}
if ($FORMref->{action} =~ m%^rate%) {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("fcn-vote-PRO");
fcn_vote_main($FORMref);
}
if ($FORMref->{action} =~ m|^register|) {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("selfreg-PRO"); self_registration_control($FORMref);
}
if ($FORMref->{action} eq "pict") {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("fcn-prfl-PRO");
enhanced_profile_picture_show($FORMref->{file}, 0);
}
if ($FORMref->{action} eq "view_profile") {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("fcn-prfl-PRO"); enhanced_profile_profile_show($FORMref->{profile}, $FORMref);
}
if ($FORMref->{action} eq "emsel") {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("fcn-prfl-PRO"); email_by_subtopic_select($FORMref);
}
if ($FORMref->{action} =~ m|^forgot|) {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("forgotpw-PRO"); forgotten_password_manager($FORMref);
}
if ($FORMref->{action} eq "profile_activate") {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("suspend-PRO"); suspend_activation($FORMref);
}
if ($FORMref->{action} =~ m|^send|) {
error_message(read_language()->{FEATURE_NOT_SUPPORTED}, read_language()->{FEATURE_NOT_SUPPORTED_DESCR}, 0, 1) if ! $DCONF->{pro};
dreq("pvtmsg-PRO"); private_messaging($FORMref);
}
if ($FORMref->{action} eq 'quick') {
dreq("quickadm-PRO");
quick_admin_handler($FORMref);
}
undef my $result;
if ($FORMref->{username} && ! $FORMref->{password} && $FORMref->{encpass} && $GLOBAL_OPTIONS->{email_edit_profile_link}) {
$result = check_password($FORMref->{username}, undef, undef, { cpwd => $FORMref->{encpass}, rpwd => "x" });
} else {
$result = check_password($FORMref->{username}, $FORMref->{password}, { nocookies => 1 }, $FORMref->{COOKIE});
}
error_message(read_language()->{PROFILE_AUTHERROR}, read_language()->{PROFILE_AUTHERROR_DESCR_V4}, 0, 1) if (ref $result ne "ARRAY" || scalar @{$result} == 0);
if ($result->[0]->{database} ne "passwd" || $result->[0]->{user} ne $DCONF->{superuser}) {
error_message(read_language()->{PROFILE_EDITING_PROHIBITED}, read_language()->{PROFILE_EDITING_EXPLANATION}, 0, 1) if $result->[0]->{edit} == 0;
}
uiprfle_delete_yourself($result) if $FORMref->{action} eq "delacct";
uiprfle_save_changes($FORMref, $result) if $FORMref->{action} eq "profile_save";
my $cookie_str = "";
if ($DCONF->{pro}) {
dreq("fcn-prfl-PRO");
$result = enhance_result_profile($result);
my $prefstr = join("", grep { length($_) == 1 } keys %{$result->[0]->{enhanced}->{pref}});
if ($prefstr =~ /[ab]/i) {
dreq("authwrap-PRO");
$cookie_str .= create_user_access_cookies($FORMref, {}, $result, $prefstr);
}
}
uiprfle_edit_yourself($FORMref, $result, undef, $cookie_str);
}
###
### email_notification_to_hash
###
### Converts the e-mail notification string (as stored in the file) into a hash
### of topics and/or subtopics for notification
###
sub email_notification_to_hash {
my ($string) = @_;
my $s = {};
my @t = split(/,/, $string);
foreach my $t (@t) {
if ($t eq "0") {
$s->{own_post} = 1;
} elsif ($t eq "00") {
$s->{reply_post} = 1;
} elsif ($t eq "000") {
$s->{format_html} = 1;
} elsif ($t =~ m|^(\d+)/(.*)|) {
my ($topic, $subs) = ($1, $2);
my @u = split(/&/, $subs);
foreach my $u (@u) {
$s->{$topic}->{$u} = 1;
}
} elsif ($t =~ m|^(\d+)$|) {
$s->{$1}->{'*'} = 1;
}
}
return $s;
}
###
### email_notification_hash_to_line
###
### Converts an e-mail notification hash to a line
###
sub email_notification_hash_to_line {
my ($hash) = @_;
my @t = ();
push @t, "0" if $hash->{own_post} == 1;
push @t, "00" if $hash->{reply_post} == 1;
push @t, "000" if $hash->{format_html} == 1;
foreach my $t (keys(%{ $hash })) {
next if $t !~ m|^\d+$|;
if ($hash->{$t}->{'*'}) {
push @t, $t;
} else {
push @t, join("/", $t, join("&", keys(%{ $hash->{$t} })));
}
}
return join(",", @t);
}
###
### uiprfle_save_changes
###
### Saves changes to your profile
###
sub uiprfle_save_changes {
my ($FORMref, $result) = @_;
dreq("fcn-acct");
my $cookie_str = "";
my @rn = ();
if ($DCONF->{pro}) {
dreq("authwrap-PRO", "fcn-prfl-PRO");
my $f = read_profile_fields();
foreach my $ff (@{ $f }) {
if ($ff->{require} && $ff->{descr} ne "") {
my $k = join("", "field", $ff->{var}, "_value");
if ($FORMref->{$k} !~ m|\S|) {
my $l = read_language()->{PROFILE_NOT_FILLED_IN_REQUIRED};
$l =~ s/\\n//g;
$l =~ s/\%fieldname/$ff->{descr}/g;
error_message(read_language()->{PROFEDIT_TITLE}, $l, 0, 1);
}
}
}
enhanced_profile_update($FORMref, $result);
# my ($ckstr, $frcook) = uiprfle_logout($FORMref, 1);
# $cookie_str .= $ckstr;
# $FORMref->{COOKIE} = $frcook;
my $cache = acs_update_account_info(undef, $result, $FORMref);
my $ckstr2 = create_user_access_cookies($FORMref, $cache, $result);
$cookie_str .= $ckstr2;
}
my @rs = @{ $result };
my $is_mod = 0;
$is_mod = 1 if grep { $_->{database} eq "passwd" } @rs;
foreach my $r (@rs) {
my $s = {};
$s->{user} = $r->{user};
$s->{fullname} = $GLOBAL_OPTIONS->{name_length_limit} ? substr($FORMref->{fullname}, 0, $GLOBAL_OPTIONS->{name_length_limit_number}) : $FORMref->{fullname};
if (($GLOBAL_OPTIONS->{pwchange} || $is_mod) && $FORMref->{new_pass_1} ne "") {
my ($pw1, $pw2) = prepare_userpass_p($FORMref->{new_pass_1}, $FORMref->{new_pass_2});
if ($pw1 ne $pw2 || length($pw1) < 1) {
error_message(read_language()->{PROFILE_CHPASS_ERROR}, read_language()->{PROFILE_CHPASS_ERROR_MATCH});
}
$s->{new_password} = $pw1;
$FORMref->{password} = $pw1;
}
if (! $DCONF->{pro} || $GLOBAL_OPTIONS->{emchange} == 1 || $r->{database} eq "passwd") {
$s->{email} = $FORMref->{email};
} elsif ($DCONF->{pro} && $FORMref->{email} ne $r->{email} && $GLOBAL_OPTIONS->{emchange} == 2) {
my ($act_key, $force_pass) = email_change_effect($FORMref->{password}, $FORMref->{email}, $r->{pass}, $s->{new_password}, $r->{user});
$s->{force_pass} = $force_pass;
$s->{email} = $FORMref->{email};
$FORMref->{activ8} = 1;
} elsif ($DCONF->{pro} && $FORMref->{force_resend_key}) {
my ($act_key, $force_pass) = email_change_effect($FORMref->{password}, $r->{email}, $r->{pass}, $s->{new_password}, $r->{user});
$s->{force_pass} = $force_pass;
$FORMref->{activ8} = 1;
} elsif ($DCONF->{pro} && $FORMref->{email_activation}) {
my $force_pass = email_change_activate($r->{pass}, $s->{new_password}, $FORMref->{email_activation});
$s->{force_pass} = $force_pass;
} else {
$s->{email} = $r->{email};
}
if ($FORMref->{email_included} == 1) {
my $h = {}; my $rr = {};
my @r = split(/,/, $FORMref->{bysub});
foreach my $_r (@r) {
if ($_r =~ m|^(\d+):(.*)|) {
my ($topic, $splits) = ($1, $2);
my @sp = split(/&/, $splits);
foreach my $sp (@sp) {
$rr->{$topic}->{$sp} = 1;
}
}
}
my @s = split(/,/, $FORMref->{notify});
foreach my $s (@s) {
if ($s =~ m|^0+$|) {
$h->{own_post} = 1 if $s eq "0";
$h->{reply_post} = 1 if $s eq "00";
$h->{format_html} = 1 if $s eq "000";
} elsif (defined $rr->{$s}) {
$h->{$s} = $rr->{$s};
} else {
$h->{$s}->{'*'} = 1 if ! defined $rr->{$s};
}
}
if ($DCONF->{pro}) {
dreq("fcn-prfl-PRO");
($h, $cookie_str) = notification_simple_prune($h, $FORMref, undef, $result);
}
$s->{notify} = email_notification_hash_to_line($h);
}
if ($r->{database} eq "passwd" && $r->{user} eq $DCONF->{superuser} && defined $FORMref->{cmonth}) {
my $k = eval '
use Time::Local;
my $x = timelocal(0,0,12,$FORMref->{cday},$FORMref->{cmonth},$FORMref->{cyear});
$x;
';
if ($@ eq "" && $k > 0) {
$s->{ctime} = $k;
}
}
my ($success, $failure) = update_account($s, $r->{database}, undef);
my $Z = \%{$r}; $Z = hash_merge($Z, $s, 1);
push @rn, $Z;
$r = $success->[0] if ref $success eq "ARRAY" && ref $success->[0] eq "HASH";
if (ref $r eq "HASH" && $r->{database} eq "passwd" && $FORMref->{new_pass_1} ne "") {
$cookie_str .= cookie_string_format("pass", crypt($r->{pass}, "cookie"));
}
if ($DCONF->{pro} && ref $r eq "HASH") {
dreq("fcn-prfl-PRO", "authwrap-PRO");
my $l = enhance_result_profile($r);
my $prefstr = join("", grep { length($_) == 1 } keys %{$l->[0]->{enhanced}->{pref}});
if ($prefstr =~ /[ab]/i) {
dreq("authwrap-PRO");
$cookie_str .= create_user_access_cookies($FORMref, {}, [$Z], $prefstr);
} elsif ($prefstr !~ /[ab]/i && $FORMref->{COOKIE}->{user} ne "") {
$cookie_str .= uiprfle_logout($FORMref, 3);
}
}
}
uiprfle_edit_yourself($FORMref, \@rn, { saved => 1 }, $cookie_str);
}
###
### uiprfle_delete_yourself
###
### Handles deleting of your own profile (i.e., commit suicide)
###
sub uiprfle_delete_yourself {
my ($result) = @_;
error_message("Permission Denied", "You cannot delete your own account on this board.", 0, 1) if ! $GLOBAL_OPTIONS->{user_selfdel};
foreach my $r (@{ $result }) {
error_message("Permission Denied", "The superuser account cannot be deleted.", 0, 1) if $r->{user} eq $DCONF->{superuser} && $r->{database} eq "passwd";
}
dreq("fcn-acct");
dreq("fcn-prfl-PRO") if $DCONF->{pro};
my $succ_total = 0;
foreach my $r (@{ $result }) {
my ($success, $failure) = delete_account({$r->{user} => 1}, undef, $r->{database});
$succ_total += 1 if $success;
if ($DCONF->{pro}) {
delete_enhanced_profile_record({$r->{user} => 1}, $r->{database});
}
}
if ($succ_total == scalar(@{ $result })) {
screen_out("acctdel", {}, undef);
} else {
error_message(read_language()->{PROFILE_DELETE_FAILED}, read_language()->{PROFILE_DELETE_FAILED_EXPLANATION}, 0, 1);
}
}
###
### profile_editor_email_notification_freeware
###
### Sets up Discus freeware e-mail notification fields
###
sub profile_editor_email_notification_freeware {
my ($subst, $FORMref, $cookie_str, $current, $h) = @_;
my $notify = email_notification_to_hash($h->{notify});
my $topic_list = board_topics();
my @f2 = ();
foreach my $topic (@{ $topic_list }) {
next if $topic->{type} != 1;
my $sel = 0;
$sel = 1 if defined $notify->{$topic->{number}};
push @f2, { number => $topic->{number}, name => $topic->{name}, sel => $sel };
}
$subst->{notify_topics} = \@f2;
$subst->{notify} = $notify;
return ($subst, $cookie_str);
}
###
### uiprfle_edit_yourself
###
### Allows you to edit your own profile
###
sub uiprfle_edit_yourself {
my ($FORMref, $result, $stuff, $cookie_str) = @_;
maintenance_mode_error() if ($GLOBAL_OPTIONS->{maintenance} && ($result->[0]->{user} ne $DCONF->{superuser} || $result->[0]->{database} ne "passwd"));
my $subst = {};
my $in_cookie_str = "";
my $current = undef;
my $h = $result->[0];
$subst->{general}->{account_type} = $result->[0]->{database} eq "passwd" ? "moderator" : "user";
$subst->{general}->{allow_edit_posts} = 1;
$subst->{general}->{allow_delete_posts} = 1;
$subst->{general}->{changed_email} = $h->{changed_email};
$subst->{general}->{spell_checking_enabled} = (-e "$DCONF->{admin_dir}/msg_index/wordlist.txt") * $GLOBAL_OPTIONS->{spell_check};
if ($FORMref->{activ8}) {
$subst->{general}->{username} = $h->{user};
$subst->{general}->{password} = $FORMref->{password};
screen_out("chgd_eml", $subst);
}
$subst->{stuff} = $stuff;
my @m = ();
$subst->{messages} = \@m;
if ($DCONF->{pro}) {
dreq("fcn-prfl-PRO", "authwrap-PRO");
($subst, $in_cookie_str) = profile_editor_variables($subst, $FORMref, $cookie_str, $current, $h, $result);
} else {
($subst, $in_cookie_str) = profile_editor_email_notification_freeware($subst, $FORMref, $cookie_str, $current, $h);
}
$cookie_str .= $in_cookie_str;
my @l = localtime($h->{ctime} + $GLOBAL_OPTIONS->{'timezone'}*3600);
$subst->{creation}->{month} = $l[4];
$subst->{creation}->{day} = $l[3];
$subst->{creation}->{year} = 1900 + $l[5];
$subst->{creation}->{curryear} = 1900 + (localtime(time))[5];
$subst->{general}->{groups} = $result->[0]->{groups};
my @grps = map { { group => $_ } } grep { /\S/ } split(/\//, $result->[0]->{groups});
$subst->{groups} = \@grps;
$subst->{general}->{editing} = 0;
$subst->{general}->{username} = $h->{user};
$subst->{general}->{password} = $FORMref->{password};
$subst->{general}->{encpass} = $FORMref->{encpass};
$subst->{general}->{action} = "profile_save";
$subst->{general}->{action_url} = join("/", $DCONF->{script_url}, "board-profile.$DCONF->{cgi_extension}");
$subst->{general}->{is_superuser} = 1 if $h->{database} eq "passwd" && $h->{user} eq $DCONF->{superuser};
$subst->{ffield}->{fullname} = $h->{fullname};
$subst->{ffield}->{email} = $h->{email};
$subst->{general}->{email_notification} = 0;
if ($GLOBAL_OPTIONS->{email}) {
if ($GLOBAL_OPTIONS->{send_mail_only_admins} == 0) {
$subst->{general}->{email_notification} = 1;
} else {
foreach my $r (@{ $result }) {
$subst->{general}->{email_notification} = 1 if $r->{database} eq "passwd";
}
}
}
if ($GLOBAL_OPTIONS->{emchange} == 0 && $DCONF->{pro}) {
$subst->{general}->{prevent_change_email} = 1 if $h->{database} eq "users";
}
$subst->{general}->{adminprog} = 1 if $FORMref->{adminprog} == 1;
screen_out("profile", $subst, $cookie_str);
}
###
### uiprfle_logout
###
### Clears cookies to log someone out
###
sub uiprfle_logout {
my ($FORMref, $cancel) = @_;
my $cookie_out = "";
my %formrefcookie = %{ $FORMref->{COOKIE} };
foreach my $cookie (keys(%{$FORMref->{COOKIE}})) {
next if $cookie =~ m%^(lastvisit|offset|lastsession)$%;
next if $cookie =~ m%^(uid|admuser|pass)$% && $cancel == 3;
$cookie_out .= cookie_string_format($cookie, "undef", "Wednesday, 16-Aug-2000 00:00:00 GMT");
$formrefcookie{$cookie} = undef;
}
return ($cookie_out, \%formrefcookie) if $cancel == 1;
if ($FORMref->{COOKIE}->{uid} && $DCONF->{pro}) {
dreq("authwrap-PRO");
acs_delete_token($FORMref->{COOKIE}->{uid});
}
return $cookie_out if $cancel >= 2;
$FORMref->{COOKIE} = \%formrefcookie;
dreq("ui-main");
user_interface_main_control($FORMref, $cookie_out);
}
###
### uiprfle_login
###
### Presents the traditional "Log In" screen for the profile editor
###
sub uiprfle_login {
my ($FORMref, $messagecode, $arg) = @_;
my $subst = {};
$subst->{fill}->{user} = (defined $FORMref->{COOKIE}->{"user$DCONF->{COOKIE_ID}"} ? $FORMref->{COOKIE}->{"user$DCONF->{COOKIE_ID}"} : (defined $FORMref->{COOKIE}->{"admuser$DCONF->{COOKIE_ID}"} ? $FORMref->{COOKIE}->{"admuser$DCONF->{COOKIE_ID}"} : ""));
foreach my $c (keys(%{ $FORMref->{COOKIE} })) {
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^user|;
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^cpwd|;
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^rpwd|;
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^pass|;
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^admuser|;
$subst->{fill}->{is_logged_in} = 1 if $c =~ m|^uid|;
}
$subst->{general}->{messagecode} = $messagecode->{code};
$subst->{editor} = $messagecode;
$subst->{arg} = $arg;
$subst->{general}->{authentication_error} = defined $messagecode->{autherr} ? 0 + $messagecode->{autherr} : $FORMref->{username} ne "" || $FORMref->{password} ne "" ? 1 : 0;
screen_out("usrlogin", $subst);
}
1;