diff --git a/checkin_notes b/checkin_notes
index c92e01d1ee..3f54c968ce 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -25283,3 +25283,16 @@ Janus 24 Feb 2005
user/
account_*_done.php
+David 24 Feb 2005
+ - Finish server-side support for account management.
+ Changed all inputs to GET, all outputs to XML
+ Added get_info and set_info functions
+
+ html/
+ inc/
+ db.inc
+ user/
+ am_create.php
+ am_get_info.php (new)
+ am_query.php
+ am_set_info.php (new)
diff --git a/html/inc/db.inc b/html/inc/db.inc
index 1747dc86ae..3231e79c1f 100644
--- a/html/inc/db.inc
+++ b/html/inc/db.inc
@@ -45,6 +45,16 @@ function lookup_user_id($id) {
return null;
}
+function lookup_user_email_addr($email_addr) {
+ $result = mysql_query("select * from user where email_addr='$email_addr'");
+ if ($result) {
+ $user = mysql_fetch_object($result);
+ mysql_free_result($result);
+ return $user;
+ }
+ return null;
+}
+
function lookup_host($id) {
$result = mysql_query("select * from host where id=$id");
if ($result) {
@@ -95,6 +105,15 @@ function lookup_app($id) {
return null;
}
+function lookup_tentative_user($nonce) {
+ $result = mysql_query("select * from tentative_user where nonce='$nonce'");
+ if ($result) {
+ $tu = mysql_fetch_object($result);
+ mysql_free_result($result);
+ return $tu;
+ }
+ return null;
+}
// apply this to any user-supplied strings used in queries
//
diff --git a/html/user/am_create.php b/html/user/am_create.php
index 4ef2966cdb..a029a7616b 100644
--- a/html/user/am_create.php
+++ b/html/user/am_create.php
@@ -1,17 +1,41 @@
+ $x
+
+";
+ exit();
+}
+
+function error($x) {
+ reply("$x");
+}
+
+function success() {
+ reply("");
+}
if (strlen($nonce)==0) {
- echo "status=".urlencode("no nonce ID");
+ error("missing nonce ID");
}
if (strlen($email_addr)==0) {
- echo "status=".urlencode("no email addr");
+ error("missing email addr");
+}
+
+$config = get_config();
+if (parse_bool($config, "disable_account_creation")) {
+ error("account creation disabled");
}
$result = mysql_query(
@@ -25,9 +49,9 @@ if ($result) {
";
$headers = "";
mail($email_addr, $subject, $body, $headers);
- echo "status=OK";
+ success();
} else {
- echo "status=".urlencode("error");
+ error("database error");
}
?>
diff --git a/html/user/am_get_info.php b/html/user/am_get_info.php
new file mode 100644
index 0000000000..fc6f5c21da
--- /dev/null
+++ b/html/user/am_get_info.php
@@ -0,0 +1,53 @@
+
+ $x
+
+";
+ exit();
+}
+
+function error($x) {
+ reply("$x");
+}
+
+function success($x) {
+ reply("\n$x");
+}
+
+db_init();
+
+$user = lookup_user_auth($auth);
+if (!$user) {
+ error("no such user");
+}
+
+$name = urlencode($user->name);
+$country = urlencode($user->country);
+$postal_code = urlencode($user->postal_code);
+$url = urlencode($user->url);
+
+success(
+"$name
+$country
+$postal_code
+
+$user->global_prefs
+
+
+$user->project_prefs
+
+$url
+$user->send_email
+$user->show_hosts
+");
+
+?>
diff --git a/html/user/am_query.php b/html/user/am_query.php
index ff5369be11..064e8aa1c9 100644
--- a/html/user/am_query.php
+++ b/html/user/am_query.php
@@ -1,20 +1,37 @@
+ $x
+
+";
exit();
}
+function error($x) {
+ reply("$x");
+}
+
+function success($x) {
+ reply("\n$x");
+}
+
+db_init();
+$tuser = lookup_tentative_user($nonce);
+
+if (!$tuser) {
+ error("nonce not found");
+}
+
if (!$tuser->confirmed) {
- echo "status=OK&confirmed=0\n";
- exit();
+ success("0");
}
$user = lookup_user_email_addr($tuser->email_addr);
@@ -29,11 +46,8 @@ if (!$user) {
}
if (!$user) {
- $x = urlencode("couldn't create user record");
- echo "status=$x\n";
- exit();
+ error("couldn't create user record");
}
-
-echo "status=OK&account_key=$user->authenticator\n";
+success("$user->authenticator");
?>
diff --git a/html/user/am_set_info.php b/html/user/am_set_info.php
new file mode 100644
index 0000000000..3d45cbaa25
--- /dev/null
+++ b/html/user/am_set_info.php
@@ -0,0 +1,77 @@
+
+ $x
+
+";
+ exit();
+}
+
+function error($x) {
+ reply("$x");
+}
+
+function success($x) {
+ reply("\n$x");
+}
+
+db_init();
+
+$auth = process_user_text($_GET["account_key"]);
+$user = lookup_user_auth($auth);
+if (!$user) {
+ error("no such user");
+}
+
+$name = process_user_text($_GET["name"]);
+$country = $_GET["country"];
+if ($country && !is_valid_country($country)) {
+ error("invalid country");
+}
+$postal_code = process_user_text($_GET["postal_code"]);
+$global_prefs = process_user_text($_GET["global_prefs"]);
+$project_prefs = process_user_text($_GET["project_prefs"]);
+$url = process_user_text($_GET["url"]);
+$send_email = process_user_text($_GET["send_email"]);
+$show_hosts = process_user_text($_GET["show_hosts"]);
+
+$query = "";
+if ($name) {
+ $query .= " name='$name', ";
+}
+if ($country) {
+ $query .= " country='$country', ";
+}
+if ($postal_code) {
+ $query .= " postal_code='$postal_code', ";
+}
+if ($global_prefs) {
+ $query .= " global_prefs='$global_prefs', ";
+}
+if ($project_prefs) {
+ $query .= " project_prefs='$project_prefs', ";
+}
+if ($url) {
+ $query .= " url='$url', ";
+}
+if ($send_email != null) {
+ $query .= " send_email='$send_email', ";
+}
+if ($show_hosts != null) {
+ $query .= " show_hosts='$show_hosts', ";
+}
+
+$result = mysql_query("update user set $query seti_id=seti_id where id=$user->id");
+if ($result) {
+ success("");
+} else {
+ error("database error");
+}
+
+?>