[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Login system completed
From: |
Björn Fischer |
Subject: |
Login system completed |
Date: |
Tue, 27 Apr 2004 11:04:53 +0200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 |
Hi everybody,
I have completed the login system for the LCT and made a patch.
The following features are implemented
For users:
- signup (with name, mailadress, password and comment mailer flag (for
level designers))
- login with email adress and password
- possibility to view a list of registrered users
- possibility to change own data (name, password and comment mailer
flag, NOT email adress)
- possibility to delete own user account
For admin:
- list all registered users with possibility to delete users
- NO possibility to change admin password (I found that unnecessary)
I have even found a way a user can log out by a dirty trick: simply
change your password and you'll be logged off automatically :-)
If you find anything is missing concerning the login system please tell
me. Of course if you find bugs, tell me too :-)
Otherwise I'll see the login system as complete and take care of other
features.
Greetings
Björn
P.S.: Sorry David, the patch got bigger than I wanted... please give me
a feedback if the issue concerning mistype of user still exists.
Index: Pingus/contrib/level_comment_tool/level-cache.inc
===================================================================
--- Pingus/contrib/level_comment_tool/level-cache.inc (revision 2297)
+++ Pingus/contrib/level_comment_tool/level-cache.inc (working copy)
@@ -25,30 +25,13 @@
require_once("xml-search.inc");
-// set some globals for various DBMS
-global $DBMS;
-global $db_handle;
-global $db_tablename;
-global $db_name;
-global $db_host;
-global $db_user;
-global $db_pass;
-
-$DBMS = 'MySQL';
-$db_handle = False;
-$db_tablename = 'lct_cache';
-$db_name = 'pingus';
-$db_host = 'localhost';
-$db_user = 'pingus';
-$db_pass = 'pingus';
-
-function create_table( $tablename )
+// ==================================================================
+// Creates a table if necessary and returns the tablename
+// ==================================================================
+function create_table( $conn, $db, $tablename, $SQL )
{
- global $db_name;
- global $db_handle;
-
$table_exists = False;
- $res = mysql_list_tables( $db_name );
+ $res = mysql_list_tables( $db );
for ($i=0;$i<mysql_num_rows( $res );$i++)
if (mysql_tablename( $res, $i ) == $tablename)
@@ -56,17 +39,17 @@
if (!$table_exists)
{
- $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL ,`Value`
TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
- $res = mysql_query( $SQL, $db_handle );
- if (!$res)
- return False;
- else
- return $tablename;
+ $res = mysql_query( $SQL, $conn );
+ if (!$res)
+ return False;
+ else
+ return $tablename;
}
else
return $tablename;
}
+
function open_cache()
{
global $DBMS;
@@ -100,21 +83,22 @@
//MySQL is used as cache
case "MySQL":
- $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
- if (!$db_handle)
- {
+ $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_handle)
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to
database server ($db_host)!</b></font></p>";
exit;
}
if (! mysql_select_db( $db_name, $db_handle ))
- {
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
exit;
}
+ $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL".
+ " ,`Value` TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
+ $db_tablename = create_table($db_handle, $db_name, $db_tablename,
$SQL);//creates the table if necessary and returns the tablename
- $db_tablename = create_table($db_tablename);//creates the table if
necessary and returns the tablename
-
if (!$db_tablename)
{
echo '<p><font color="red"><b>ERROR: Cannot create cache
table!</b></font></p>';
@@ -352,7 +336,7 @@
"author" => "pingus-level-comment/author",
"email" => "pingus-level-comment/email",
"date" => "pingus-level-comment/date",
- "time" => "pingus-level-comment/time",
+ "time" => "pingus-level-comment/time",
"difficulty" => "pingus-level-comment/difficulty",
"rating" => "pingus-level-comment/rating",
"comment" => "pingus-level-comment/comment",
@@ -366,8 +350,8 @@
$cmt["filename"] = $filename;
// is the time set? (it is not in old comment files)
- if (isset($cmt["time"]))
- $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
+ if (isset($cmt["time"]))
+ $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
else
$res[$cmt["date"] . '-' . substr(md5(implode("", file($filename))),0,8)]
= $cmt;
}
@@ -401,8 +385,8 @@
"username" => "pingus-demo-metafile/username",
"email" => "pingus-demo-metafile/email",
"date" => "pingus-demo-metafile/date",
- "time" => "pingus-demo-metafile/time",
- "demofile" => "pingus-demo-metafile/demofile",
+ "time" => "pingus-demo-metafile/time",
+ "demofile" => "pingus-demo-metafile/demofile",
"levelmd5" => "pingus-demo-metafile/levelmd5"
));
Index: Pingus/contrib/level_comment_tool/login-system.inc
===================================================================
--- Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
+++ Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
@@ -0,0 +1,537 @@
+<?php
+
+// functions concering user signup and login
+// this file needs a working MySQL database with the correct values
+// set in level-cache.inc!!!
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice,
this
+// list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products
derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+// ==================================================================
+// opens database connection
+// ==================================================================
+function open_db()
+{
+ global $db_conn;
+ global $db_name;
+ global $db_host;
+ global $db_user;
+ global $db_pass;
+
+ $db_conn = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_conn)
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to database
server ($db_host)!</b></font></p>";
+ exit;
+ }
+
+ if (! mysql_select_db( $db_name, $db_conn ))
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
+ exit;
+ }
+}
+
+// ==================================================================
+// closes database connection
+// ==================================================================
+function close_db()
+{
+ global $db_conn;
+
+ if ($db_conn !== False)
+ {
+ mysql_close($db_conn);
+ $db_conn = False;
+ }
+}
+
+// ==================================================================
+// saves the dataset of a user
+// ==================================================================
+function save_user_data( $name, $email, $com_mailer, $update )
+{
+ global $db_conn;
+ global $db_usertablename;
+ global $db_name;
+
+ if ($com_mailer == "on")
+ $com_mailer = 1;
+ else
+ $com_mailer = 0;
+
+ open_db();
+ $SQL = "CREATE TABLE `$db_usertablename` (`ID` INT NOT NULL AUTO_INCREMENT
,`Name` VARCHAR( 100 ) NOT NULL ,".
+ "`eMail` VARCHAR( 100 ) NOT NULL ,`commentmailer` TINYINT( 1 ) NOT
NULL ,PRIMARY KEY ( `ID` ) ,".
+ "UNIQUE (`eMail`));";
+ $db_usertablename = create_table( $db_conn, $db_name, $db_usertablename,
$SQL );
+
+ if ($update)
+ $SQL = "UPDATE $db_usertablename SET
`Name`='$name',`commentmailer`=$com_mailer".
+ " WHERE `eMail`='$email'";
+ else
+ $SQL = "INSERT INTO $db_usertablename (`Name`,`eMail`,`commentmailer`)".
+ " VALUES ('$name','$email',$com_mailer)";
+
+ if (!mysql_query( $SQL, $db_conn ))
+ {
+ echo '<p><font color="red"><b>ERROR: Cannot save user
data!</b></font></p>';
+ close_db();
+ return False;
+ }
+ else
+ {
+ close_db();
+ return True;
+ }
+}
+
+// ==================================================================
+// loads user data from database
+// ==================================================================
+function get_user_data( $u_email )
+{
+ global $db_conn;
+ global $db_usertablename;
+ $ret = Array();
+
+ open_db();
+
+ $SQL = "SELECT * FROM $db_usertablename WHERE
eMail='".strtolower($u_email)."'";
+ $succ = mysql_query( $SQL, $db_conn );
+ if (!$succ)
+ {
+ echo "<p><font color='red'><b>ERROR: Cannot find data for user
$u_email!</b></font></p>";
+ exit;
+ }
+
+ list( ,$name,$email,$com_mailer ) = mysql_fetch_row( $succ );
+ $ret["name"] = htmlspecialchars($name);
+ $ret["email"] = htmlspecialchars($email);
+ $ret["com_mailer"] = htmlspecialchars($com_mailer);
+
+ close_db();
+
+ return $ret;
+}
+
+// ==================================================================
+// Detetes users data from the table
+// ==================================================================
+function del_user_data( $u_email )
+{
+ global $db_conn;
+ global $db_usertablename;
+
+ open_db();
+ $SQL = "DELETE FROM $db_usertablename WHERE
eMail='".strtolower($u_email)."'";
+ $succ = mysql_query( $SQL, $db_conn );
+ close_db();
+
+ if ($succ)
+ return True;
+ else
+ return False;
+}
+
+// ==================================================================
+// Show a signup form
+// ==================================================================
+function show_signup_form()
+{
+ $params = "?" . get_params();
+
+ echo '<script language = "JavaScript">'."\n".
+ '<!--'."\n".
+ 'function TestError()'."\n".
+ '{'."\n".
+ ' var f = document.Signup;'."\n".
+ ' var errors = "";'."\n".
+ ' var i;'."\n".
+ ' var IsError = false;'."\n\n".
+ ' if ((f.elements["username"].value == "") ||
(f.elements["username"].value == null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your Name!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["email"].value == "") || (f.elements["email"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass"].value == "") || (f.elements["pass"].value ==
null))'."\n".
+ ' {'."\n".
+ ' errors += "Please choose a password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass2"].value == "") || (f.elements["pass2"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please retype your password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+ ' {'."\n".
+ ' errors += "The passwords do not match, please retype
them!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if ((f.elements["email"].value.indexOf("@") == -1) ||
(f.elements["email"].value.length < 3))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter a valid email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if (IsError==true)'."\n".
+ ' {'."\n".
+ ' alert(errors);'."\n".
+ ' return false;'."\n".
+ ' } '."\n".
+ ' return true;'."\n".
+ '}'."\n".
+ '--></script>'."\n\n";
+
+ echo "<H2>Pingus level comment database - user signup</H2>".
+ "Please keep the following in mind:".
+ "<UL><LI>enter your real name and a valid eMail adress</LI>".
+ "<LI>please remember your password since there is no possibility to
mail it to you yet</LI>".
+ "<LI>after signup your login name is the entered mail adress<LI>".
+ "</UL>By activating the checkbox you can".
+ " activate the comment mailer, that means you will receive comments
about your own levels".
+ " by eMail (this is only important for level designers).<br><br>\n";
+
+ echo '<form enctype="multipart/form-data" name="Signup"
action="'.$PHP_SELF.$params.'" method="POST" onsubmit="return
TestError()">'."\n".
+ '<input type="hidden" name="usersignedup" value="1">'."\n".
+ '<table>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your name</td>'."\n".
+ ' <td><input type="text" name="username"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your email</td>'."\n".
+ ' <td><input type="text" name="email"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Comment mailer</td>'."\n".
+ ' <td><input type="checkbox" name="commentmailer"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Pick a password</td>'."\n".
+ ' <td><input type="password" name="pass"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Retype password</td>'."\n".
+ ' <td><input type="password" name="pass2"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td colspan="2"><input type="submit" value="signup now"></td>'."\n".
+ ' </tr>'."\n".
+ '</table>'."\n".
+ '</form>'."\n";
+}
+
+// ==================================================================
+// Save singed up user data
+// ==================================================================
+function signup_user()
+{
+ global $DBMS;
+ global $db_usertablename;
+ global $db_conn;
+ global $db_name;
+
+ if (!isset( $_POST["usersignedup"] ))
+ exit;
+
+ if ($DBMS != "MySQL")
+ {
+ echo "<p><font color='red'><b>ERROR: MySQL support necessary. Signup not
possible!</b></font></p>";
+ exit;
+ }
+
+ $u_name = $_POST["username"];
+ $u_email = strtolower($_POST["email"]);
+ $u_com_mailer = $_POST["commentmailer"];
+ $u_pass = $_POST["pass"];
+
+ // look if user already exists
+ $pass_arr = load_htpasswd();
+ while (list($u, $p) = each($pass_arr))
+ {
+ if ($u_email == $u)
+ {
+ echo '<p><font color="red"><b>ERROR: This mailadress already has a user
account!</b></font></p>';
+ return False;
+ }
+ }
+
+ if (save_user_data( $u_name, $u_email, $u_com_mailer, False ))
+ {
+ $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+ save_htpasswd( $pass_arr );
+ echo '<p><font color="green"><b>Your data has been saved. You can now
login via the link on the right.<br>'.
+ 'Please remember that your eMail adress is used as login
name<br></b></font></p>';
+ }
+}
+
+// ==================================================================
+// Show list of users (with delete link for admin)
+// ==================================================================
+function show_user_list( $is_admin )
+{
+ $params = get_params();
+
+ echo "<H2>Pingus level comment tool - user list</H2>\n";
+ echo "<table border='1' cellpadding='10'>\n";
+ echo " <tr>\n";
+ echo " <th>\n";
+ echo " Name\n";
+ echo " </th>\n";
+ echo " <th>\n";
+ echo " eMail\n";
+ echo " </th>\n";
+ echo " <th>\n";
+ echo " Comment mailer\n";
+ echo " </th>\n";
+ if ( $is_admin )
+ {
+ echo " <th>\n";
+ echo " Delete\n";
+ echo " </th>\n";
+ }
+ echo " </tr>\n";
+
+ $htpasswd = load_htpasswd();
+ while (list($u,$p) = each($htpasswd))
+ {
+ if ( $u != "admin" )
+ {
+ $u_data = get_user_data( $u );
+ echo " <tr>\n";
+ echo " <td>\n";
+ echo " ".htmlentities($u_data["name"])."\n";
+ echo " </td>\n";
+ echo " <td>\n";
+ echo " ".$u_data["email"]."\n";
+ echo " </td>\n";
+ echo " <td align='center'>\n";
+ echo ($u_data["com_mailer"]==1)?"yes":"no";
+ echo "\n";
+ echo " </td>\n";
+ if ( $is_admin )
+ {
+ echo " <td>\n";
+?>
+ <form enctype="multipart/form-data" name="DeleteUser"
+ action="<? echo "$PHP_SELF?$params"; ?>" method="POST"
+ onsubmit="return confirm('Do you really want to delete user <?
echo $u_data["email"]; ?>?')">
+ <input type="hidden" name="deluser" value="1">
+ <input type="hidden" name="user_email" value="<? echo
$u_data["email"]; ?>">
+ <input type="submit" value="delete">
+ </form>
+
+<?
+ echo " </td>\n";
+ }
+ echo " </tr>\n";
+ }
+ } //end while
+ echo "</table>\n";
+}
+
+// ==================================================================
+// Delete userdata from database
+// ==================================================================
+function delete_user( $u_email )
+{
+ $htpasswd = load_htpasswd();
+ $new_htpasswd = array_flip( $htpasswd );
+
+ $index = array_search( strtolower($u_email), $new_htpasswd );
+ if (!$index)
+ {
+ echo "<p><font color='red'><b>ERROR: User $u_email not found in
.htpasswd!</b></font></p>";
+ }
+ else
+ {
+ $new_htpasswd = array_diff( $new_htpasswd, array( $index =>
strtolower($u_email)) );
+ if (!del_user_data( $u_email ))
+ echo "<p><font color='red'><b>ERROR: User $u_email not found in
database!</b></font></p>";
+ else
+ {
+ $htpasswd = array_flip( $new_htpasswd );
+ save_htpasswd( $htpasswd );
+ echo "<p><font color='green'><b>User deleted
successfully!</b></font></p>";
+ }
+ }
+}
+
+// ==================================================================
+// Show form to change user's data
+// ==================================================================
+function show_change_form( $u_email )
+{
+ $params = "?" . get_params();
+ $user_data = get_user_data( $u_email );
+
+ echo '<script language = "JavaScript">'."\n".
+ '<!--'."\n".
+ 'function TestError()'."\n".
+ '{'."\n".
+ ' var f = document.Changeuser;'."\n".
+ ' var errors = "";'."\n".
+ ' var i;'."\n".
+ ' var IsError = false;'."\n\n".
+ ' if ((f.elements["username"].value == "") ||
(f.elements["username"].value == null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your Name!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+ ' {'."\n".
+ ' errors += "The passwords do not match, please retype
them!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if ((f.elements["email"].value.indexOf("@") == -1) ||
(f.elements["email"].value.length < 3))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter a valid email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if (IsError==true)'."\n".
+ ' {'."\n".
+ ' alert(errors);'."\n".
+ ' return false;'."\n".
+ ' } '."\n".
+ ' return true;'."\n".
+ '}'."\n".
+ '--></script>'."\n\n";
+
+ echo "<H2>Change data for user ".$user_data["name"]."</H2>".
+ "Please keep the following in mind:".
+ "<UL><LI>enter your real name and a valid eMail adress</LI>".
+ "<LI>please remember your password since there is no possibility to
mail it to you yet</LI>".
+ "<LI>always log in using your email adress as username<LI>".
+ "</UL>By activating the checkbox you can".
+ " activate the comment mailer, that means you will receive comments
about your own levels".
+ " by eMail (this is only important for level designers).<br><br>\n";
+
+ echo '<form enctype="multipart/form-data" name="Changeuser"
action="'.$PHP_SELF.$params.'" method="POST" onsubmit="return
TestError()">'."\n".
+ '<input type="hidden" name="savechangeddata" value="1">'."\n".
+ '<input type="hidden" name="email"
value="'.$user_data["email"].'">'."\n".
+ '<table>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your name</td>'."\n".
+ ' <td><input type="text" name="username"
value="'.$user_data["name"].'"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Comment mailer</td>'."\n";
+ if ( $user_data["com_mailer"] == 1 )
+ echo ' <td><input type="checkbox" name="commentmailer"
checked></td>'."\n";
+ else
+ echo ' <td><input type="checkbox" name="commentmailer"></td>'."\n";
+
+ echo ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>New password</td>'."\n".
+ ' <td><input type="password" name="pass"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Retype password</td>'."\n".
+ ' <td><input type="password" name="pass2"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td colspan="2"><input type="submit" value="update my
data"></td>'."\n".
+ ' </tr>'."\n".
+ '</table>'."\n".
+ '</form>'."\n".
+ '<br>'."\n";
+
+ echo '<form enctype="multipart/form-data" name="Deluser"
action="'.$PHP_SELF.$params.'" method="POST">'."\n".
+ '<input type="hidden" name="deleteuser" value="1">'."\n".
+ '<input type="hidden" name="email"
value="'.$user_data["email"].'">'."\n".
+ '<table>'."\n".
+ ' <tr>'."\n".
+ " <td><input style=\"background-color:#FF0000\" type=\"submit\"
value=\"DELETE ACCOUNT!!!\"".
+ " onclick=\"return confirm('Do you really want to delete your
user account?\\nThis will ".
+ "not be reverseable!');\"></td>"."\n".
+ ' </tr>'."\n".
+ '</table>'."\n".
+ '</form>'."\n";
+}
+
+// ==================================================================
+// Save changed user data
+// ==================================================================
+function change_user_data()
+{
+ global $DBMS;
+ global $db_usertablename;
+ global $db_conn;
+ global $db_name;
+
+ if (!isset( $_POST["savechangeddata"] ) && !isset( $_POST["deleteuser"] ))
+ exit;
+
+ if ($DBMS != "MySQL")
+ {
+ echo "<p><font color='red'><b>ERROR: MySQL support necessary. Signup not
possible!</b></font></p>";
+ exit;
+ }
+
+ if (isset( $_POST["savechangeddata"] ))
+ {
+ $u_name = $_POST["username"];
+ $u_email = strtolower($_POST["email"]);
+ $u_com_mailer = $_POST["commentmailer"];
+ $u_pass = $_POST["pass"];
+
+ $pass_arr = load_htpasswd();
+ $user_found = False;
+ while (list($u, $p) = each($pass_arr))
+ {
+ if ($u_email == $u)
+ {
+ $user_found = True;
+ }
+ }
+
+ if (!$user_found)
+ {
+ echo "<p><font color='red'><b>ERROR: User not found in
.htpasswd!</b></font></p>";
+ exit;
+ }
+
+ if (save_user_data( $u_name, $u_email, $u_com_mailer, True))
+ {
+ if (strlen($u_pass) > 0)
+ {
+ $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+ save_htpasswd( $pass_arr );
+ }
+ echo '<p><font color="green"><b>Your data has been
updated.<br></b></font></p>';
+ }
+ }
+ else
+ delete_user( strtolower($_POST["email"]) );
+}
+
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/database.inc
===================================================================
--- Pingus/contrib/level_comment_tool/database.inc (revision 0)
+++ Pingus/contrib/level_comment_tool/database.inc (revision 0)
@@ -0,0 +1,50 @@
+<?
+// variables and functions used for database acces
+// this file is being imported in index.php as the first file, so all other
+// .inc files can use its functionality.
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice,
this
+// list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products
derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+// set some globals for various DBMS
+global $DBMS;
+global $db_handle;
+global $db_tablename;
+global $db_name;
+global $db_host;
+global $db_user;
+global $db_pass;
+global $db_conn; //used in login-system.inc
+global $db_usertablename; //used in login-system.inc
+
+$DBMS = 'MySQL';
+$db_handle = False;
+$db_tablename = 'lct_cache';
+$db_name = 'pingus';
+$db_host = 'localhost';
+$db_user = 'root';
+$db_pass = '';
+$db_conn = False;
+$db_usertablename = "lct_users";
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/index.php
===================================================================
--- Pingus/contrib/level_comment_tool/index.php (revision 2297)
+++ Pingus/contrib/level_comment_tool/index.php (working copy)
@@ -23,20 +23,47 @@
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+require_once("database.inc");
require_once("xml-search.inc");
require_once("level-cache.inc");
require_once("mail-settings.inc");
require_once("htpasswd.inc");
+require_once("login-system.inc");
// ==================================================================
-// Admin login.
+// Returns the get-parameters (like cathegory, level and others)
// ==================================================================
+function get_params()
+{
+ $params = "";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.urlencode($_GET["c"]).'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.urlencode($_GET["l"]).'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.urlencode($_GET["o"]).'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.urlencode($_GET["showthumbs"]).'&';
+
+ return $params;
+}
+// ==================================================================
+// User/Admin login or signup new user
+// ==================================================================
$htpasswd = load_htpasswd();
$is_admin = False;
-if ( isset($_SERVER['PHP_AUTH_PW']))
- $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
-
+$is_user = False;
+$user_data = Array();
+if ( isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER']))
+ if ($_SERVER['PHP_AUTH_USER'] == "admin")
+ $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
+ else
+ {
+ $is_user = test_htpasswd( $htpasswd,
strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] );
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+
if ( isset($_GET["adminlogin"]))
{
if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -48,11 +75,11 @@
}
else
{
- if ( !isset($_SERVER['PHP_AUTH_PW']) ||
- !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
+ if ( !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
{
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool Admin"');
header('HTTP/1.0 401 Unauthorized');
- echo 'Wrong password. Hit Back.';
+ echo 'Cancelled. Hit Back.';
exit;
}
else
@@ -60,6 +87,33 @@
}
}
+if ( isset($_GET["userlogin"]))
+{
+ if (!isset($_SERVER['PHP_AUTH_USER']))
+ {
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Cancelled. Hit Back.';
+ exit;
+ }
+ else
+ {
+ if ( !test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']),
$_SERVER['PHP_AUTH_PW'] ))
+ {
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Cancelled. Hit Back.';
+ exit;
+ }
+ else
+ {
+ $is_user = True;
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+ }
+}
+
+
// ==================================================================
// Thumbnail magick with cookies etc.
// ==================================================================
@@ -83,15 +137,93 @@
<body>
<h1>Pingus level comment database</h1>
+
+ <?
+// ==================================================================
+// Show login and signup link
+// ==================================================================
+ $params = get_params();
+
+ if (!$is_user && !$is_admin)
+ {
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."userlogin=1" ?>">Login</a>
+ </td>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."signup=1" ?>">Signup</a>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <? }
+ else
+ {
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td align="right">
+ <a href="<? echo "$PHP_SELF?$params"."changeuser=1\">";
+ echo ($is_admin) ? 'admin' : $user_data["name"]; ?></a>
is logged in<br>
+ <? echo "<a href='$PHP_SELF?$params";
+ echo (isset($_GET["listusers"])) ? "'>Show comments" :
"listusers=1'>List users";
+ echo "</a>"; ?>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <?
+ }
+ ?>
<div class="mainbody">
<?
+// ==================================================================
+// Signup for new user or change user settings
+// ==================================================================
+if (isset( $_GET["signup"] ))
+{
+ show_signup_form();
+ exit;
+}
+if (isset( $_POST["usersignedup"] ))
+{
+ signup_user();
+}
+if (isset( $_GET["changeuser"] ) && $is_user)
+{
+ show_change_form( $user_data["email"] );
+ exit;
+}
+if ((isset( $_POST["savechangeddata"] ) || isset( $_POST["deleteuser"])) &&
$is_user)
+{
+ change_user_data();
+}
-$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
// ==================================================================
+// Show list of users or delete user (for admin only)
+// ==================================================================
+if (isset( $_GET["listusers"] ))
+{
+ show_user_list( $is_admin );
+ exit;
+}
+if (isset( $_POST["deluser"] ) && $is_admin)
+{
+ delete_user( $_POST["user_email"] );
+ show_user_list( $is_admin );
+ exit;
+}
+
+// ==================================================================
// Read cathegory and level names from filesystem
// ==================================================================
+$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
$cathegories = Array();
$dir = dir("data/levels");
while ($file = $dir->read())
@@ -129,8 +261,7 @@
$showCath = '&c=' . $_GET["c"];
if ( $show_thumbs )
- print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
-
+ print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
else
print "<a href='$PHP_SELF?showthumbs=1$showCath'>[show
thumbnails]</a></br>";
@@ -327,10 +458,12 @@
if ( !is_dir("comments/$c/$l"))
{
- mkdir("comments/$c",0777);
- mkdir("comments/$c/$l",0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
+ @mkdir("comments/$c",0775);
+ @mkdir("comments/$c/$l",0775);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
if ( !is_dir("comments/$c/$l"))
{
print ("<strong>ERROR: 'comments/$c/$l/' does not exist and ".
@@ -367,7 +500,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename,"pingus");
// Send email-notification
if ( $mail_notify_enabled )
@@ -404,7 +538,7 @@
// ==================================================================
// Delete comment
// ==================================================================
- if ( $is_admin && isset($_GET["delcomment"]))
+ if ( ($is_admin || $is_user) && isset($_GET["delcomment"]))
{
sandbox_check($_GET["delcomment"], "comments/" );
unlink($_GET["delcomment"]);
@@ -413,8 +547,32 @@
@rmdir("comments/$c");
print "<p><strong>Deleted '" . htmlentities($_GET["delcomment"]) .
"'</strong></p>";
}
+
+ // ==================================================================
+ // Delete demo file and metafile
+ // ==================================================================
+ if ( ($is_admin || $is_user) && isset($_GET["deldemo"]))
+ {
+ sandbox_check($_GET["deldemo"], "comments/" );
+
+ $demos = parse_level_demos( $c, $l );
+ while( list(,$cmt) = each($demos))
+ {
+ if ($_GET["deldemo"] == $cmt["filename"])
+ {
+ //delete demofile and metafile
+ unlink( "comments/$c/$l/demos/".$cmt["demofile"] );
+ unlink( $_GET["deldemo"] );
+ }
+ }
+ // Also try to remove the directories but don't mind if it fails:
+ @rmdir("comments/$c/$l/demos");
+ @rmdir("comments/$c/$l");
+ @rmdir("comments/$c");
+ print "<p><strong>Deleted '" . htmlentities($_GET["deldemo"]) .
"'</strong></p>";
+ }
- // ==================================================================
+ // ==================================================================
// Save uploaded Demofile
// ==================================================================
if ( $_POST["adddemo"] == 1)
@@ -422,12 +580,16 @@
//create directory if necessary
if ( !is_dir("comments/$c/$l/demos"))
{
- mkdir("comments/$c", 0777);
- mkdir("comments/$c/$l", 0777);
- mkdir("comments/$c/$l/demos", 0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
- chmod("comments/$c/$l/demos",0777);
+ @mkdir("comments/$c", 0777);
+ @mkdir("comments/$c/$l", 0777);
+ @mkdir("comments/$c/$l/demos", 0777);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
+ chmod("comments/$c/$l/demos",0775);
+ chgrp("comments/$c/$l/demos","pingus");
+
if ( !is_dir("comments/$c/$l/demos"))
{
print ("<strong>ERROR: 'comments/$c/$l/demos' does not exist and ".
@@ -443,7 +605,8 @@
{
if (move_uploaded_file($_FILES['demofile']['tmp_name'], $uploaddir.
'/' . $_FILES['demofile']['name']))
{
- chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0777 );
+ chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0775 );
+ chgrp( "comments/$c/$l/demos/" . $_FILES['demofile']['name'],
"pingus" );
print("<strong>File uploaded successfully</strong><hr/>");
$str = '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . ">\n" .
"<pingus-demo-metafile>\n".
@@ -470,7 +633,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename, "pingus");
}
}
else
@@ -510,7 +674,7 @@
$rating = intval($cmt["rating"]);
$leveldata["avgrating"] += $rating;
- if ( $is_admin )
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]) )
$del_link = " <a href='$PHP_SELF?c=" . htmlentities($c) .
"&l=" . htmlentities($l) . "&delcomment=" .
htmlentities($cmt["filename"]) . "'>[del]</a>\n";
$str =
@@ -536,18 +700,21 @@
if ( count($demos) > 0 )
{
$showDemos = True;
-
+ $del_link="";
while( list(,$cmt) = each($demos))
{
$leveldata["totaldemos"]++;
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]))
+ $del_link = " - <a href='$PHP_SELF?c=" .
htmlentities($c)."&l=" . htmlentities($l) .
+ "&deldemo=" . htmlentities($cmt["filename"]) .
"'>[del]</a>\n";
$str =
"<p class='message'><strong>From:</strong> " .
htmlentities($cmt["username"]) .
" <" . str_replace("@", "<b><small>PingusNoSpam</small></b>@",
htmlentities($cmt["email"])) .
"><br><strong>Date: </strong> " . htmlentities($cmt["date"]) .
", <strong>Time: </strong> " . htmlentities($cmt["time"]) .
"<br/>\n" .
"<b>Demofile: </b><a href='comments/$c/$l/demos/" . $cmt["demofile"]
. "'>" .
- $cmt["demofile"] . "</a><br/>\n" .
+ $cmt["demofile"] . "</a>$del_link<br/>\n" .
"</p>\n";
if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5))
@@ -585,6 +752,17 @@
$levelmd5 = $curlevelmd5;
if ( isset( $_GET["levelmd5"] ))
$levelmd5 = $_GET["levelmd5"];
+
+ if ($is_user)
+ {
+ $input_name = '<input type="text" name="author" value="' .
$user_data["name"] . '">';
+ $input_mail = '<input type="text" name="email" value="' .
$user_data["email"] . '">';
+ }
+ else
+ {
+ $input_name = '<input type="text" name="author">';
+ $input_mail = '<input type="text" name="email">';
+ }
?>
<hr/>
<table width="100%">
@@ -599,11 +777,11 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="author"></td>
+ <td><? echo ($input_name); ?></td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><? echo ($input_mail); ?></td>
</tr>
<tr>
<td>Difficulty</td>
@@ -641,6 +819,9 @@
</form>
</td>
<td width="50%" valign="top">
+ <? if ($is_user || $is_admin)
+ {
+ ?>
<p><em><strong>Upload a demofile:</strong></em></p>
<form enctype="multipart/form-data" name="UploadDemo" action="<?
echo $PHP_SELF . "?c=" . urlencode($c) . "&l=" . urlencode($l); ?>"
method="POST">
<input type="hidden" name="adddemo" value="1">
@@ -650,11 +831,15 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="username"></td>
+ <td><input type="text" name="username"<? if ($is_user)
+ echo '
value="'.$user_data["name"].'"'?>>
+ </td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><input type="text" name="email"<? if ($is_user)
+ echo '
value="'.$user_data["email"].'"' ?>>
+ </td>
</tr>
<tr>
<td>Demofile</td>
@@ -669,14 +854,19 @@
</tr>
</table>
</form>
+ <? }
+ ?>
</td>
</tr>
</table>
<?
print "<p><a href='$PHP_SELF?c=" . urlencode($c) . "'>Back to level
list</a></p>";
- if ( !$is_admin )
- print "<div align='right'><a href='$PHP_SELF?adminlogin=1'><small>admin
login</small></a></div>";
+ if ( !$is_admin && !$is_user)
+ {
+ $params = get_params();
+ print "<div align='right'><a
href='$PHP_SELF?$params"."adminlogin=1'><small>admin login</small></a></div>";
+ }
}
}
- Login system completed,
Björn Fischer <=