pingus-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Login system completed


From: Björn Fischer
Subject: Login system completed
Date: Tue, 27 Apr 2004 11:04:53 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Hi everybody,
I have completed the login system for the LCT and made a patch.

The following features are implemented
For users:
- signup (with name, mailadress, password and comment mailer flag (for level designers))
- login with email adress and password
- possibility to view a list of registrered users
- possibility to change own data (name, password and comment mailer flag, NOT email adress)
- possibility to delete own user account

For admin:
- list all registered users with possibility to delete users
- NO possibility to change admin password (I found that unnecessary)

I have even found a way a user can log out by a dirty trick: simply change your password and you'll be logged off automatically :-)

If you find anything is missing concerning the login system please tell me. Of course if you find bugs, tell me too :-) Otherwise I'll see the login system as complete and take care of other features.

Greetings

Björn

P.S.: Sorry David, the patch got bigger than I wanted... please give me a feedback if the issue concerning mistype of user still exists.


Index: Pingus/contrib/level_comment_tool/level-cache.inc
===================================================================
--- Pingus/contrib/level_comment_tool/level-cache.inc   (revision 2297)
+++ Pingus/contrib/level_comment_tool/level-cache.inc   (working copy)
@@ -25,30 +25,13 @@
 
 require_once("xml-search.inc");
 
-// set some globals for various DBMS
-global $DBMS;
-global $db_handle;
-global $db_tablename;
-global $db_name;
-global $db_host;
-global $db_user;
-global $db_pass;
-
-$DBMS = 'MySQL';
-$db_handle = False;
-$db_tablename = 'lct_cache';
-$db_name = 'pingus';
-$db_host = 'localhost';
-$db_user = 'pingus';
-$db_pass = 'pingus';
-
-function create_table( $tablename )
+// ==================================================================
+// Creates a table if necessary and returns the tablename
+// ==================================================================
+function create_table( $conn, $db, $tablename, $SQL )
 {
-  global $db_name;
-  global $db_handle;
-
   $table_exists = False;
-  $res = mysql_list_tables( $db_name );
+  $res = mysql_list_tables( $db );
 
   for ($i=0;$i<mysql_num_rows( $res );$i++)
     if (mysql_tablename( $res, $i ) == $tablename)
@@ -56,17 +39,17 @@
 
   if (!$table_exists)
   {
-    $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL ,`Value` 
TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
-    $res = mysql_query( $SQL, $db_handle );
-       if (!$res)
-         return False;
-       else
-         return $tablename;
+    $res = mysql_query( $SQL, $conn );
+    if (!$res)
+      return False;
+    else
+      return $tablename;
   }
   else
     return $tablename;
 }
 
+
 function open_cache()
 {
   global $DBMS;
@@ -100,21 +83,22 @@
 
       //MySQL is used as cache
       case "MySQL":
-               $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
-               if (!$db_handle)
-               {
+       $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
+       if (!$db_handle)
+       {
           echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to 
database server ($db_host)!</b></font></p>";
           exit;
         }
 
         if (! mysql_select_db( $db_name, $db_handle ))
-               {
+       {
           echo "<p><font color=\"red\"><b>ERROR: Cannot select database 
'$db_name'!</b></font></p>";
           exit;
         }
+       $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL".
+              " ,`Value` TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
+        $db_tablename = create_table($db_handle, $db_name, $db_tablename, 
$SQL);//creates the table if necessary and returns the tablename
 
-        $db_tablename = create_table($db_tablename);//creates the table if 
necessary and returns the tablename
-
         if (!$db_tablename)
         {
           echo '<p><font color="red"><b>ERROR: Cannot create cache 
table!</b></font></p>';
@@ -352,7 +336,7 @@
       "author" => "pingus-level-comment/author",
       "email" => "pingus-level-comment/email",
       "date" => "pingus-level-comment/date",
-         "time" => "pingus-level-comment/time",
+      "time" => "pingus-level-comment/time",
       "difficulty" => "pingus-level-comment/difficulty",
       "rating" => "pingus-level-comment/rating",
       "comment" => "pingus-level-comment/comment",
@@ -366,8 +350,8 @@
     $cmt["filename"] = $filename;
 
     // is the time set? (it is not in old comment files)
-       if (isset($cmt["time"]))
-         $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
+    if (isset($cmt["time"]))
+      $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
     else
       $res[$cmt["date"] . '-' . substr(md5(implode("", file($filename))),0,8)] 
= $cmt;
   }
@@ -401,8 +385,8 @@
       "username" => "pingus-demo-metafile/username",
       "email" => "pingus-demo-metafile/email",
       "date" => "pingus-demo-metafile/date",
-         "time" => "pingus-demo-metafile/time",
-         "demofile" => "pingus-demo-metafile/demofile",
+      "time" => "pingus-demo-metafile/time",
+      "demofile" => "pingus-demo-metafile/demofile",
       "levelmd5" => "pingus-demo-metafile/levelmd5"
     ));
 
Index: Pingus/contrib/level_comment_tool/login-system.inc
===================================================================
--- Pingus/contrib/level_comment_tool/login-system.inc  (revision 0)
+++ Pingus/contrib/level_comment_tool/login-system.inc  (revision 0)
@@ -0,0 +1,537 @@
+<?php
+
+// functions concering user signup and login
+// this file needs a working MySQL database with the correct values
+// set in level-cache.inc!!!
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without 
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, 
this
+//   list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products 
derived
+//   from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+// ==================================================================
+// opens database connection
+// ==================================================================
+function open_db()
+{
+  global $db_conn;
+  global $db_name;
+  global $db_host;
+  global $db_user;
+  global $db_pass;
+  
+  $db_conn = mysql_connect( $db_host, $db_user, $db_pass );
+  if (!$db_conn)
+  {
+    echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to database 
server ($db_host)!</b></font></p>";
+    exit;
+  }
+
+  if (! mysql_select_db( $db_name, $db_conn ))
+  {
+    echo "<p><font color=\"red\"><b>ERROR: Cannot select database 
'$db_name'!</b></font></p>";
+    exit;
+  }
+}
+
+// ==================================================================
+// closes database connection
+// ==================================================================
+function close_db()
+{
+  global $db_conn;
+  
+  if ($db_conn !== False)
+  {
+    mysql_close($db_conn);
+    $db_conn = False;
+  }
+}
+
+// ==================================================================
+// saves the dataset of a user
+// ==================================================================
+function save_user_data( $name, $email, $com_mailer, $update )
+{
+  global $db_conn;
+  global $db_usertablename;
+  global $db_name;
+  
+  if ($com_mailer == "on")
+    $com_mailer = 1;
+  else
+    $com_mailer = 0;
+  
+  open_db();
+  $SQL = "CREATE TABLE `$db_usertablename` (`ID` INT NOT NULL AUTO_INCREMENT 
,`Name` VARCHAR( 100 ) NOT NULL ,".
+         "`eMail` VARCHAR( 100 ) NOT NULL ,`commentmailer` TINYINT( 1 ) NOT 
NULL ,PRIMARY KEY ( `ID` ) ,".
+         "UNIQUE (`eMail`));";
+  $db_usertablename = create_table( $db_conn, $db_name, $db_usertablename, 
$SQL );
+  
+  if ($update)
+    $SQL = "UPDATE $db_usertablename SET 
`Name`='$name',`commentmailer`=$com_mailer".
+           " WHERE `eMail`='$email'";
+  else  
+    $SQL = "INSERT INTO $db_usertablename (`Name`,`eMail`,`commentmailer`)".
+         " VALUES ('$name','$email',$com_mailer)";
+         
+  if (!mysql_query( $SQL, $db_conn ))
+  {
+    echo '<p><font color="red"><b>ERROR: Cannot save user 
data!</b></font></p>';
+    close_db();
+    return False;
+  }
+  else
+  {
+    close_db();
+    return True;
+  }
+}
+
+// ==================================================================
+// loads user data from database
+// ==================================================================
+function get_user_data( $u_email )
+{
+  global $db_conn;
+  global $db_usertablename;
+  $ret = Array();
+  
+  open_db();
+  
+  $SQL = "SELECT * FROM $db_usertablename WHERE 
eMail='".strtolower($u_email)."'";
+  $succ = mysql_query( $SQL, $db_conn );
+  if (!$succ)
+  {
+    echo "<p><font color='red'><b>ERROR: Cannot find data for user 
$u_email!</b></font></p>";
+    exit;
+  }
+  
+  list( ,$name,$email,$com_mailer ) = mysql_fetch_row( $succ );
+  $ret["name"] = htmlspecialchars($name);
+  $ret["email"] = htmlspecialchars($email);
+  $ret["com_mailer"] = htmlspecialchars($com_mailer);
+  
+  close_db();
+  
+  return $ret;
+}
+
+// ==================================================================
+// Detetes users data from the table
+// ==================================================================
+function del_user_data( $u_email )
+{
+  global $db_conn;
+  global $db_usertablename;
+  
+  open_db();
+  $SQL = "DELETE FROM $db_usertablename WHERE 
eMail='".strtolower($u_email)."'";
+  $succ = mysql_query( $SQL, $db_conn );  
+  close_db();
+  
+  if ($succ)
+    return True;
+  else
+    return False;
+}
+
+// ==================================================================
+// Show a signup form
+// ==================================================================
+function show_signup_form()
+{
+  $params = "?" . get_params();
+    
+  echo '<script language = "JavaScript">'."\n".
+       '<!--'."\n".
+       'function TestError()'."\n".
+       '{'."\n".
+       '  var f = document.Signup;'."\n".
+       '  var errors = "";'."\n".
+       '  var i;'."\n".
+       '  var IsError = false;'."\n\n".
+       '  if ((f.elements["username"].value == "") || 
(f.elements["username"].value == null))'."\n".
+       '  {'."\n".
+       '    errors += "Please enter your Name!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  } '."\n\n".
+       '  if ((f.elements["email"].value == "") || (f.elements["email"].value 
== null))'."\n".
+       '  {'."\n".
+       '    errors += "Please enter your email adress!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  } '."\n\n".
+       '  if ((f.elements["pass"].value == "") || (f.elements["pass"].value == 
null))'."\n".
+       '  {'."\n".
+       '    errors += "Please choose a password!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  } '."\n\n".
+       '  if ((f.elements["pass2"].value == "") || (f.elements["pass2"].value 
== null))'."\n".
+       '  {'."\n".
+       '    errors += "Please retype your password!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  }'."\n\n".
+       '  if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+       '  {'."\n".
+       '    errors += "The passwords do not match, please retype 
them!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  }'."\n\n".
+       '  if ((f.elements["email"].value.indexOf("@") == -1) || 
(f.elements["email"].value.length < 3))'."\n".
+       '  {'."\n".
+       '    errors += "Please enter a valid email adress!\n";'."\n".
+       '    IsError = true;'."\n".
+       '  }  '."\n\n".
+       '  if (IsError==true)'."\n".
+       '  {'."\n".
+       '    alert(errors);'."\n".
+       '    return false;'."\n".
+       '  } '."\n".
+       '  return true;'."\n".
+       '}'."\n".
+       '--></script>'."\n\n";
+    
+  echo "<H2>Pingus level comment database - user signup</H2>".
+       "Please keep the following in mind:".
+       "<UL><LI>enter your real name and a valid eMail adress</LI>".
+       "<LI>please remember your password since there is no possibility to 
mail it to you yet</LI>".
+       "<LI>after signup your login name is the entered mail adress<LI>".
+       "</UL>By activating the checkbox you can".
+       " activate the comment mailer, that means you will receive comments 
about your own levels".
+       " by eMail (this is only important for level designers).<br><br>\n";
+  
+  echo '<form enctype="multipart/form-data"  name="Signup" 
action="'.$PHP_SELF.$params.'" method="POST" onsubmit="return 
TestError()">'."\n".
+       '<input type="hidden" name="usersignedup" value="1">'."\n".
+       '<table>'."\n".
+       ' <tr>'."\n".
+       '  <td>Your name</td>'."\n".
+       '  <td><input type="text" name="username"></td>'."\n".
+       ' </tr>'."\n".
+       ' <tr>'."\n".
+       '  <td>Your email</td>'."\n".
+       '  <td><input type="text" name="email"></td>'."\n".
+       ' </tr>'."\n".
+       ' <tr>'."\n".
+       '  <td>Comment mailer</td>'."\n".
+       '  <td><input type="checkbox" name="commentmailer"></td>'."\n".
+       ' </tr>'."\n".
+       ' <tr>'."\n".
+       '  <td>Pick a password</td>'."\n".
+       '  <td><input type="password" name="pass"></td>'."\n".
+       ' </tr>'."\n".
+       ' <tr>'."\n".
+       '  <td>Retype password</td>'."\n".
+       '  <td><input type="password" name="pass2"></td>'."\n".
+       ' </tr>'."\n".
+       ' <tr>'."\n".
+       '  <td colspan="2"><input type="submit" value="signup now"></td>'."\n".
+       ' </tr>'."\n".
+       '</table>'."\n".
+       '</form>'."\n";
+}
+
+// ==================================================================
+// Save singed up user data
+// ==================================================================
+function signup_user()
+{
+  global $DBMS;
+  global $db_usertablename;
+  global $db_conn;
+  global $db_name;
+  
+  if (!isset( $_POST["usersignedup"] ))
+    exit;
+    
+  if ($DBMS != "MySQL")
+  {
+    echo "<p><font color='red'><b>ERROR: MySQL support necessary. Signup not 
possible!</b></font></p>";
+    exit;
+  }
+  
+  $u_name = $_POST["username"];
+  $u_email = strtolower($_POST["email"]);
+  $u_com_mailer = $_POST["commentmailer"];
+  $u_pass = $_POST["pass"];
+  
+  // look if user already exists
+  $pass_arr = load_htpasswd();
+  while (list($u, $p) = each($pass_arr))
+  {
+    if ($u_email == $u)
+    {
+      echo '<p><font color="red"><b>ERROR: This mailadress already has a user 
account!</b></font></p>';
+      return False;
+    }  
+  }
+  
+  if (save_user_data( $u_name, $u_email, $u_com_mailer, False ))
+  {
+    $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+    save_htpasswd( $pass_arr );
+    echo '<p><font color="green"><b>Your data has been saved. You can now 
login via the link on the right.<br>'.
+         'Please remember that your eMail adress is used as login 
name<br></b></font></p>';
+  }  
+}
+
+// ==================================================================
+// Show list of users (with delete link for admin)
+// ==================================================================
+function show_user_list( $is_admin )
+{
+  $params = get_params();
+  
+  echo "<H2>Pingus level comment tool - user list</H2>\n";
+  echo "<table border='1' cellpadding='10'>\n";
+  echo "  <tr>\n";
+  echo "    <th>\n";
+  echo "      Name\n";
+  echo "    </th>\n";
+  echo "    <th>\n";
+  echo "      eMail\n";
+  echo "    </th>\n";
+  echo "    <th>\n";
+  echo "      Comment mailer\n";
+  echo "    </th>\n";
+  if ( $is_admin )
+  {
+    echo "    <th>\n";
+    echo "      Delete\n";
+    echo "    </th>\n";
+  }
+  echo "  </tr>\n";
+  
+  $htpasswd = load_htpasswd();
+  while (list($u,$p) = each($htpasswd))
+  {
+    if ( $u != "admin" )
+    {
+      $u_data = get_user_data( $u );
+      echo "  <tr>\n";
+      echo "    <td>\n";
+      echo "      ".htmlentities($u_data["name"])."\n";
+      echo "    </td>\n";
+      echo "    <td>\n";
+      echo "      ".$u_data["email"]."\n";
+      echo "    </td>\n";
+      echo "    <td align='center'>\n";
+      echo ($u_data["com_mailer"]==1)?"yes":"no";
+      echo "\n";
+      echo "    </td>\n";
+      if ( $is_admin )
+      {
+        echo "    <td>\n";  
+?>      
+        <form enctype="multipart/form-data"  name="DeleteUser" 
+              action="<? echo "$PHP_SELF?$params"; ?>" method="POST" 
+              onsubmit="return confirm('Do you really want to delete user <? 
echo $u_data["email"]; ?>?')">
+          <input type="hidden" name="deluser" value="1">
+          <input type="hidden" name="user_email" value="<? echo 
$u_data["email"]; ?>">
+          <input type="submit" value="delete">
+        </form>   
+        
+<?
+        echo "    </td>\n";
+      }  
+      echo "  </tr>\n";
+    }  
+  } //end while
+  echo "</table>\n";
+}
+
+// ==================================================================
+// Delete userdata from database
+// ==================================================================
+function delete_user( $u_email )
+{
+  $htpasswd = load_htpasswd();
+  $new_htpasswd = array_flip( $htpasswd );
+  
+  $index = array_search( strtolower($u_email), $new_htpasswd );
+  if (!$index)
+  { 
+    echo "<p><font color='red'><b>ERROR: User $u_email not found in 
.htpasswd!</b></font></p>";
+  }
+  else
+  {
+    $new_htpasswd = array_diff( $new_htpasswd, array( $index => 
strtolower($u_email)) ); 
+    if (!del_user_data( $u_email ))
+      echo "<p><font color='red'><b>ERROR: User $u_email not found in 
database!</b></font></p>";
+    else  
+    {
+      $htpasswd = array_flip( $new_htpasswd );
+      save_htpasswd( $htpasswd );
+      echo "<p><font color='green'><b>User deleted 
successfully!</b></font></p>";
+    }  
+  }
+}
+
+// ==================================================================
+// Show form to change user's data
+// ==================================================================
+function show_change_form( $u_email )
+{
+    $params = "?" . get_params();
+    $user_data = get_user_data( $u_email );
+    
+    echo '<script language = "JavaScript">'."\n".
+         '<!--'."\n".
+         'function TestError()'."\n".
+         '{'."\n".
+         '  var f = document.Changeuser;'."\n".
+         '  var errors = "";'."\n".
+         '  var i;'."\n".
+         '  var IsError = false;'."\n\n".
+         '  if ((f.elements["username"].value == "") || 
(f.elements["username"].value == null))'."\n".
+         '  {'."\n".
+         '    errors += "Please enter your Name!\n";'."\n".
+         '    IsError = true;'."\n".
+         '  } '."\n\n".
+         '  if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+         '  {'."\n".
+         '    errors += "The passwords do not match, please retype 
them!\n";'."\n".
+         '    IsError = true;'."\n".
+         '  }'."\n\n".
+         '  if ((f.elements["email"].value.indexOf("@") == -1) || 
(f.elements["email"].value.length < 3))'."\n".
+         '  {'."\n".
+         '    errors += "Please enter a valid email adress!\n";'."\n".
+         '    IsError = true;'."\n".
+         '  }  '."\n\n".   
+         '  if (IsError==true)'."\n".
+         '  {'."\n".
+         '    alert(errors);'."\n".
+         '    return false;'."\n".
+         '  } '."\n".
+         '  return true;'."\n".
+         '}'."\n".
+         '--></script>'."\n\n";
+      
+    echo "<H2>Change data for user ".$user_data["name"]."</H2>".
+         "Please keep the following in mind:".
+         "<UL><LI>enter your real name and a valid eMail adress</LI>".
+         "<LI>please remember your password since there is no possibility to 
mail it to you yet</LI>".
+         "<LI>always log in using your email adress as username<LI>".
+         "</UL>By activating the checkbox you can".
+         " activate the comment mailer, that means you will receive comments 
about your own levels".
+         " by eMail (this is only important for level designers).<br><br>\n";
+    
+    echo '<form enctype="multipart/form-data"  name="Changeuser" 
action="'.$PHP_SELF.$params.'" method="POST" onsubmit="return 
TestError()">'."\n".
+         '<input type="hidden" name="savechangeddata" value="1">'."\n".
+         '<input type="hidden" name="email" 
value="'.$user_data["email"].'">'."\n".
+         '<table>'."\n".
+         ' <tr>'."\n".
+         '  <td>Your name</td>'."\n".
+         '  <td><input type="text" name="username" 
value="'.$user_data["name"].'"></td>'."\n".
+         ' </tr>'."\n".
+         ' <tr>'."\n".
+         '  <td>Comment mailer</td>'."\n";
+    if ( $user_data["com_mailer"] == 1 )
+      echo '  <td><input type="checkbox" name="commentmailer" 
checked></td>'."\n";
+    else  
+      echo '  <td><input type="checkbox" name="commentmailer"></td>'."\n";
+    
+    echo ' </tr>'."\n".
+         ' <tr>'."\n".
+         '  <td>New password</td>'."\n".
+         '  <td><input type="password" name="pass"></td>'."\n".
+         ' </tr>'."\n".
+         ' <tr>'."\n".
+         '  <td>Retype password</td>'."\n".
+         '  <td><input type="password" name="pass2"></td>'."\n".
+         ' </tr>'."\n".
+         ' <tr>'."\n".
+         '  <td colspan="2"><input type="submit" value="update my 
data"></td>'."\n".
+         ' </tr>'."\n".
+         '</table>'."\n".
+         '</form>'."\n".
+         '<br>'."\n";
+    
+    echo '<form enctype="multipart/form-data"  name="Deluser" 
action="'.$PHP_SELF.$params.'" method="POST">'."\n".
+         '<input type="hidden" name="deleteuser" value="1">'."\n".
+         '<input type="hidden" name="email" 
value="'.$user_data["email"].'">'."\n".
+         '<table>'."\n".
+         ' <tr>'."\n".
+        "  <td><input style=\"background-color:#FF0000\" type=\"submit\" 
value=\"DELETE ACCOUNT!!!\"".
+               " onclick=\"return confirm('Do you really want to delete your 
user account?\\nThis will ".
+               "not be reverseable!');\"></td>"."\n".
+         ' </tr>'."\n".
+         '</table>'."\n".
+         '</form>'."\n";
+}
+
+// ==================================================================
+// Save changed user data
+// ==================================================================
+function change_user_data()
+{
+  global $DBMS;
+  global $db_usertablename;
+  global $db_conn;
+  global $db_name;
+
+  if (!isset( $_POST["savechangeddata"] ) && !isset( $_POST["deleteuser"] ))
+    exit;
+    
+  if ($DBMS != "MySQL")
+  {
+    echo "<p><font color='red'><b>ERROR: MySQL support necessary. Signup not 
possible!</b></font></p>";
+    exit;
+  }
+  
+  if (isset( $_POST["savechangeddata"] ))
+  {
+    $u_name = $_POST["username"];
+    $u_email = strtolower($_POST["email"]);
+    $u_com_mailer = $_POST["commentmailer"];
+    $u_pass = $_POST["pass"]; 
+  
+    $pass_arr = load_htpasswd();
+    $user_found = False;
+    while (list($u, $p) = each($pass_arr))
+    {
+      if ($u_email == $u)
+      {
+        $user_found = True;
+      }  
+    }
+  
+    if (!$user_found)
+    {
+      echo "<p><font color='red'><b>ERROR: User not found in 
.htpasswd!</b></font></p>";
+      exit;
+    }  
+  
+    if (save_user_data( $u_name, $u_email, $u_com_mailer, True))
+    {
+      if (strlen($u_pass) > 0)
+      {
+        $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+        save_htpasswd( $pass_arr );
+      }  
+      echo '<p><font color="green"><b>Your data has been 
updated.<br></b></font></p>';
+    }  
+  }
+  else
+    delete_user( strtolower($_POST["email"]) );  
+}
+
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/database.inc
===================================================================
--- Pingus/contrib/level_comment_tool/database.inc      (revision 0)
+++ Pingus/contrib/level_comment_tool/database.inc      (revision 0)
@@ -0,0 +1,50 @@
+<?
+// variables and functions used for database acces
+// this file is being imported in index.php as the first file, so all other
+// .inc files can use its functionality.
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without 
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, 
this
+//   list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products 
derived
+//   from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+// set some globals for various DBMS
+global $DBMS;
+global $db_handle;
+global $db_tablename;
+global $db_name;
+global $db_host;
+global $db_user;
+global $db_pass;
+global $db_conn;          //used in login-system.inc
+global $db_usertablename; //used in login-system.inc
+
+$DBMS = 'MySQL';
+$db_handle = False;
+$db_tablename = 'lct_cache';
+$db_name = 'pingus';
+$db_host = 'localhost';
+$db_user = 'root';
+$db_pass = '';
+$db_conn = False;
+$db_usertablename = "lct_users";
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/index.php
===================================================================
--- Pingus/contrib/level_comment_tool/index.php (revision 2297)
+++ Pingus/contrib/level_comment_tool/index.php (working copy)
@@ -23,20 +23,47 @@
 // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+require_once("database.inc");
 require_once("xml-search.inc");
 require_once("level-cache.inc");
 require_once("mail-settings.inc");
 require_once("htpasswd.inc");
+require_once("login-system.inc");
 
 // ==================================================================
-// Admin login.
+// Returns the get-parameters (like cathegory, level and others)
 // ==================================================================
+function get_params()
+{ 
+  $params = "";
+  if (isset( $_GET["c"] ))
+    $params .= 'c='.urlencode($_GET["c"]).'&';
+  if (isset( $_GET["l"] ))
+    $params .= 'l='.urlencode($_GET["l"]).'&';
+  if (isset( $_GET["o"] ))
+    $params .= 'o='.urlencode($_GET["o"]).'&';  
+  if (isset( $_GET["showthumbs"] ))
+    $params .= 'showthumbs='.urlencode($_GET["showthumbs"]).'&';  
+  
+  return $params;
+}  
 
+// ==================================================================
+// User/Admin login or signup new user
+// ==================================================================
 $htpasswd = load_htpasswd();
 $is_admin = False;
-if ( isset($_SERVER['PHP_AUTH_PW']))
-  $is_admin = test_htpasswd( $htpasswd,  "admin", $_SERVER['PHP_AUTH_PW'] );
-
+$is_user = False;
+$user_data = Array();
+if ( isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER']))
+  if ($_SERVER['PHP_AUTH_USER'] == "admin")
+    $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
+  else
+  {
+    $is_user = test_htpasswd( $htpasswd, 
strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] );
+    $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+  }  
+ 
 if ( isset($_GET["adminlogin"]))
 {
   if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -48,11 +75,11 @@
   }
   else
   {
-    if ( !isset($_SERVER['PHP_AUTH_PW']) ||
-      !test_htpasswd( $htpasswd,  "admin", $_SERVER['PHP_AUTH_PW'] ))
+    if ( !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
     {
+      header('WWW-Authenticate: Basic realm="Pingus Comment Tool Admin"');
       header('HTTP/1.0 401 Unauthorized');
-      echo 'Wrong password. Hit Back.';
+      echo 'Cancelled. Hit Back.';
       exit;
     }
     else
@@ -60,6 +87,33 @@
   }
 }
 
+if ( isset($_GET["userlogin"]))
+{
+  if (!isset($_SERVER['PHP_AUTH_USER']))
+  {
+    header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Cancelled. Hit Back.';
+    exit;
+  }
+  else
+  {
+    if ( !test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']), 
$_SERVER['PHP_AUTH_PW'] ))
+    {
+      header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+      header('HTTP/1.0 401 Unauthorized');
+      echo 'Cancelled. Hit Back.';
+      exit;
+    }
+    else
+    {
+      $is_user = True;
+      $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+    }  
+  }  
+}
+
+
 // ==================================================================
 // Thumbnail magick with cookies etc.
 // ==================================================================
@@ -83,15 +137,93 @@
   <body>
 
     <h1>Pingus level comment database</h1>
+    
+ <?  
+// ==================================================================
+// Show login and signup link
+// ================================================================== 
+    $params = get_params();
+      
+    if (!$is_user && !$is_admin) 
+    {    
+ ?>   
+    <div align="right">
+      <table border="0" align="right" cellspacing="10">
+        <tr>
+          <td>
+            <a href="<? echo "$PHP_SELF?$params"."userlogin=1" ?>">Login</a>
+          </td>
+          <td>
+            <a href="<? echo "$PHP_SELF?$params"."signup=1" ?>">Signup</a>
+          </td>
+        </tr>
+      </table>  
+    </div>  
+ <? }
+    else
+    {
+ ?>
+    <div align="right">
+      <table border="0" align="right" cellspacing="10">
+        <tr>
+          <td align="right">
+           <a href="<? echo "$PHP_SELF?$params"."changeuser=1\">";
+                       echo ($is_admin) ? 'admin' : $user_data["name"]; ?></a> 
is logged in<br>
+           <? echo "<a href='$PHP_SELF?$params";
+              echo (isset($_GET["listusers"])) ? "'>Show comments" : 
"listusers=1'>List users";
+              echo "</a>"; ?>
+         </td>
+       </tr>
+      </table> 
+    </div>  
+ <?   
+    }
+ ?>   
     <div class="mainbody">
 
 <?
+// ==================================================================
+// Signup for new user or change user settings
+// ==================================================================
+if (isset( $_GET["signup"] ))
+{
+  show_signup_form();
+  exit;
+}
+if (isset( $_POST["usersignedup"] ))
+{
+  signup_user();
+}
+if (isset( $_GET["changeuser"] ) && $is_user)
+{
+  show_change_form( $user_data["email"] );
+  exit;
+}  
+if ((isset( $_POST["savechangeddata"] ) || isset( $_POST["deleteuser"])) && 
$is_user)
+{
+  change_user_data();
+}  
 
-$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
 
 // ==================================================================
+// Show list of users or delete user (for admin only)
+// ==================================================================
+if (isset( $_GET["listusers"] ))
+{
+  show_user_list( $is_admin );
+  exit;
+}
+if (isset( $_POST["deluser"] ) && $is_admin)
+{
+  delete_user( $_POST["user_email"] );
+  show_user_list( $is_admin );
+  exit;
+}  
+
+// ==================================================================
 // Read cathegory and level names from filesystem
 // ==================================================================
+$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
 $cathegories = Array();
 $dir = dir("data/levels");
 while ($file = $dir->read())
@@ -129,8 +261,7 @@
     $showCath = '&c=' . $_GET["c"];
 
   if ( $show_thumbs )
-       print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide 
thumbnails]</a></br>";
-
+    print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide 
thumbnails]</a></br>";
   else
     print "<a href='$PHP_SELF?showthumbs=1$showCath'>[show 
thumbnails]</a></br>";
 
@@ -327,10 +458,12 @@
 
       if ( !is_dir("comments/$c/$l"))
       {
-        mkdir("comments/$c",0777);
-        mkdir("comments/$c/$l",0777);
-        chmod("comments/$c",0777);
-        chmod("comments/$c/$l",0777);
+        @mkdir("comments/$c",0775);
+        @mkdir("comments/$c/$l",0775);
+        chmod("comments/$c",0775);
+        chgrp("comments/$c","pingus");
+        chmod("comments/$c/$l",0775);
+        chgrp("comments/$c/$l","pingus");
         if ( !is_dir("comments/$c/$l"))
         {
           print ("<strong>ERROR: 'comments/$c/$l/' does not exist and ".
@@ -367,7 +500,8 @@
           exit;
         }
         fclose($fp);
-        chmod($filename, 0777);
+        chmod($filename, 0775);
+        chgrp($filename,"pingus");
 
         // Send email-notification
         if ( $mail_notify_enabled )
@@ -404,7 +538,7 @@
     // ==================================================================
     // Delete comment
     // ==================================================================
-    if ( $is_admin && isset($_GET["delcomment"]))
+    if ( ($is_admin || $is_user) && isset($_GET["delcomment"]))
     {
       sandbox_check($_GET["delcomment"], "comments/" );
       unlink($_GET["delcomment"]);
@@ -413,8 +547,32 @@
       @rmdir("comments/$c");
       print "<p><strong>Deleted '" . htmlentities($_GET["delcomment"]) . 
"'</strong></p>";
     }
+    
+    // ==================================================================
+    // Delete demo file and metafile
+    // ==================================================================
+    if ( ($is_admin || $is_user) && isset($_GET["deldemo"]))
+    {
+      sandbox_check($_GET["deldemo"], "comments/" );
+      
+      $demos = parse_level_demos( $c, $l );
+      while( list(,$cmt) = each($demos))
+      {
+        if ($_GET["deldemo"] == $cmt["filename"])
+        {
+          //delete demofile and metafile
+          unlink( "comments/$c/$l/demos/".$cmt["demofile"] );
+          unlink( $_GET["deldemo"] );
+        }
+      }  
+      // Also try to remove the directories but don't mind if it fails:
+      @rmdir("comments/$c/$l/demos");
+      @rmdir("comments/$c/$l");
+      @rmdir("comments/$c");
+      print "<p><strong>Deleted '" . htmlentities($_GET["deldemo"]) . 
"'</strong></p>";
+    }
 
-       // ==================================================================
+    // ==================================================================
     // Save uploaded Demofile
     // ==================================================================
     if ( $_POST["adddemo"] == 1)
@@ -422,12 +580,16 @@
       //create directory if necessary
       if ( !is_dir("comments/$c/$l/demos"))
       {
-        mkdir("comments/$c", 0777);
-        mkdir("comments/$c/$l", 0777);
-        mkdir("comments/$c/$l/demos", 0777);
-        chmod("comments/$c",0777);
-        chmod("comments/$c/$l",0777);
-        chmod("comments/$c/$l/demos",0777);
+        @mkdir("comments/$c", 0777);
+        @mkdir("comments/$c/$l", 0777);
+        @mkdir("comments/$c/$l/demos", 0777);
+        chmod("comments/$c",0775);
+        chgrp("comments/$c","pingus");
+        chmod("comments/$c/$l",0775);
+        chgrp("comments/$c/$l","pingus");
+        chmod("comments/$c/$l/demos",0775);
+        chgrp("comments/$c/$l/demos","pingus");
+        
         if ( !is_dir("comments/$c/$l/demos")) 
         {
           print ("<strong>ERROR: 'comments/$c/$l/demos' does not exist and ".
@@ -443,7 +605,8 @@
       {
         if (move_uploaded_file($_FILES['demofile']['tmp_name'], $uploaddir. 
'/' . $_FILES['demofile']['name']))
         {
-          chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0777 );
+          chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0775 );
+          chgrp( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 
"pingus" );
           print("<strong>File uploaded successfully</strong><hr/>");
           $str = '<' . '?xml version="1.0"  encoding="ISO-8859-1"?' . ">\n" .
                 "<pingus-demo-metafile>\n".
@@ -470,7 +633,8 @@
               exit;
             }
             fclose($fp);
-            chmod($filename, 0777);
+            chmod($filename, 0775);
+            chgrp($filename, "pingus");
          }
        }  
         else
@@ -510,7 +674,7 @@
         $rating = intval($cmt["rating"]);
         $leveldata["avgrating"] += $rating;
 
-        if ( $is_admin )
+        if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]) )
           $del_link = " <a href='$PHP_SELF?c=" . htmlentities($c) .
             "&l=" . htmlentities($l) . "&delcomment=" . 
htmlentities($cmt["filename"]) . "'>[del]</a>\n";
         $str =
@@ -536,18 +700,21 @@
     if ( count($demos) > 0 )
     {
       $showDemos = True;
-
+      $del_link="";
       while( list(,$cmt) = each($demos))
       {
         $leveldata["totaldemos"]++;
         
+        if ( $is_admin ||  ($is_user && $user_data["email"] == $cmt["email"]))
+                 $del_link = " - <a href='$PHP_SELF?c=" . 
htmlentities($c)."&l=" . htmlentities($l) .
+                 "&deldemo=" . htmlentities($cmt["filename"]) . 
"'>[del]</a>\n";
         $str =
           "<p class='message'><strong>From:</strong> " . 
htmlentities($cmt["username"]) .
           " &lt;" . str_replace("@", "<b><small>PingusNoSpam</small></b>@", 
htmlentities($cmt["email"])) .
           "&gt;<br><strong>Date: </strong> " . htmlentities($cmt["date"]) . 
           ", <strong>Time: </strong> " . htmlentities($cmt["time"]) . 
"<br/>\n" .
           "<b>Demofile: </b><a href='comments/$c/$l/demos/" . $cmt["demofile"] 
. "'>" .
-          $cmt["demofile"] . "</a><br/>\n" .
+          $cmt["demofile"] . "</a>$del_link<br/>\n" .
           "</p>\n";
                  
         if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5))
@@ -585,6 +752,17 @@
     $levelmd5 = $curlevelmd5;
     if ( isset( $_GET["levelmd5"] ))
       $levelmd5 = $_GET["levelmd5"];
+    
+    if ($is_user)
+    {
+      $input_name = '<input type="text" name="author" value="' . 
$user_data["name"] . '">';
+      $input_mail = '<input type="text" name="email" value="' . 
$user_data["email"] . '">';
+    }
+    else
+    {
+      $input_name = '<input type="text" name="author">';
+      $input_mail = '<input type="text" name="email">';
+    }  
 ?>
     <hr/>
     <table width="100%">
@@ -599,11 +777,11 @@
             <table>
               <tr>
                 <td>Your name</td>
-                <td><input type="text" name="author"></td>
+                <td><? echo ($input_name); ?></td>
               </tr>
               <tr>
                 <td>Your email</td>
-                <td><input type="text" name="email"></td>
+                <td><? echo ($input_mail); ?></td>
               </tr>
               <tr>
                 <td>Difficulty</td>
@@ -641,6 +819,9 @@
           </form>
         </td>
         <td width="50%" valign="top">
+       <? if ($is_user || $is_admin)
+          {
+       ?>
           <p><em><strong>Upload a demofile:</strong></em></p>
           <form enctype="multipart/form-data"  name="UploadDemo" action="<? 
echo $PHP_SELF . "?c=" . urlencode($c) . "&l=" . urlencode($l); ?>" 
method="POST">
             <input type="hidden" name="adddemo" value="1">
@@ -650,11 +831,15 @@
             <table>
               <tr>
                 <td>Your name</td>
-                <td><input type="text" name="username"></td>
+                <td><input type="text" name="username"<? if ($is_user)
+                                                           echo ' 
value="'.$user_data["name"].'"'?>>
+                </td>
               </tr>
               <tr>
                 <td>Your email</td>
-                <td><input type="text" name="email"></td>
+                <td><input type="text" name="email"<? if ($is_user)
+                                                        echo ' 
value="'.$user_data["email"].'"' ?>>
+                </td>
               </tr>
               <tr>
                 <td>Demofile</td>
@@ -669,14 +854,19 @@
               </tr>
             </table>
           </form>
+       <? }
+       ?>
         </td>
       </tr>
     </table>      
           
 <?
     print "<p><a href='$PHP_SELF?c=" . urlencode($c) . "'>Back to level 
list</a></p>";
-    if ( !$is_admin )
-      print "<div align='right'><a href='$PHP_SELF?adminlogin=1'><small>admin 
login</small></a></div>";
+    if ( !$is_admin && !$is_user)
+    {
+      $params = get_params(); 
+      print "<div align='right'><a 
href='$PHP_SELF?$params"."adminlogin=1'><small>admin login</small></a></div>";
+    }  
   }
 }
 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]