diff --git a/checkin_notes b/checkin_notes index e4cb9d17a8..3379cd9755 100644 --- a/checkin_notes +++ b/checkin_notes @@ -554,3 +554,27 @@ David Jan 15 2008 AccountInfoPage.cpp lib/ diagnostics_win.cpp + +David Jan 15 2008 + - web: fixed screwed-up UOTD logic. + The meaning of the config flag is: + If set: + profiles must be screened by admins before their photo is shown. + When this is done, profile.verification is set to 1 + (and they become eligible to be UOTD) + If not set: + profile photos are always shown. + Profiles must be screened by admins before + they are eligible for UOTD. + When this is done, profile.verification is set to 1 + So default_uotd_candidates_query() is the same in either case. + - web: fix profile_screen_form.php + (admin page for screening profiles) + - web: make a copy of login_action.php in ops/ + + html/ + inc/ + uotd.inc + ops/ + login_action.php (new) + profile_screen_form.php diff --git a/html/inc/uotd.inc b/html/inc/uotd.inc index b78344a77a..6413749a3e 100644 --- a/html/inc/uotd.inc +++ b/html/inc/uotd.inc @@ -18,6 +18,7 @@ function uotd_thumbnail($profile, $user) { // function show_uotd($profile) { $user = lookup_user_id($profile->userid); + echo uotd_thumbnail($profile, $user); echo user_links($user, true)."
"; echo sub_sentence(output_transform(strip_tags($profile->response1)), ' ', 150, true); } @@ -103,23 +104,16 @@ function select_uotd() { generate_uotd_gadget($profile, $user); } -// This is the default policy for choosing the UOTD on any BOINC project. +// This query defines the set of users eligible to be UOTD. // To override this with your own policy, create a similar function in // your own project.inc called uotd_candidates_query() // function default_uotd_candidates_query(){ - if (profile_screening()) { - $query = "SELECT * FROM profile,user WHERE profile.userid=user.id "; - $query .= " AND verification=1 "; - $query .= " AND expavg_credit>1 "; - $query .= " AND uotd_time IS NULL "; - $query .= "ORDER BY RAND()"; - } else { - $query = "SELECT * FROM profile,user WHERE profile.userid=user.id "; - $query .= "AND expavg_credit>1 "; - $query .= "AND uotd_time IS NULL "; - $query .= "ORDER BY RAND()"; - } + $query = "SELECT * FROM profile,user WHERE profile.userid=user.id "; + $query .= " AND verification=1 "; + $query .= " AND expavg_credit>1 "; + $query .= " AND uotd_time IS NULL "; + $query .= "ORDER BY RAND()"; return $query; } diff --git a/html/ops/login_action.php b/html/ops/login_action.php new file mode 100644 index 0000000000..7e571d3956 --- /dev/null +++ b/html/ops/login_action.php @@ -0,0 +1,105 @@ +authenticator, 0, 1) == 'x'){ + //User has been bad so we are going to take away ability to post for awhile. + error_page("This account has been administratively disabled."); + } + $passwd_hash = md5($passwd.$email_addr); + if ($passwd_hash != $user->passwd_hash) { + page_head("Login failed"); + echo "Login failed: Wrong password for $email_addr. +
Use your browser's Back button to try again. +

+ If you've forgotten your password, you can either +

+ "; + page_tail(); + exit(); + } + $authenticator = $user->authenticator; + $_SESSION["authenticator"] = $authenticator; + $next_url = $_POST["next_url"]; + if (strlen($next_url) == 0) $next_url = "home.php"; + Header("Location: $next_url"); + if ($_POST['send_cookie']) { + setcookie('auth', $authenticator, time()+3600*24*365); + } + exit(); +} + +// check for time/id/hash case. + +$id = get_int('id', true); +$t = get_int('t', true); +$h = get_str('h', true); +if ($id && $t && $h) { + $user = BoincUser::lookup_id($id); + if (!$user) error_page("no such user"); + $x = $id.$user->authenticator.$t; + $x = md5($x); + $x = substr($x, 0, 16); + if ($x != $h) error_page("bad hash"); + if (time() - $t > 86400) { + error_page("Link has expired; + go here to + get a new login link by email." + ); + } + $_SESSION["authenticator"] = $user->authenticator; + Header("Location: home.php"); + setcookie('auth', $authenticator, time()+3600*24*365); + exit(); +} + +// check for account key case. +// see if key is in URL; if not then check for POST data +// +$authenticator = process_user_text(get_str("key", true)); +if (!$authenticator) { + $authenticator = process_user_text(post_str("authenticator", true)); +} +if (!$authenticator) { + error_page("You must supply an account key"); +} + +if (substr($user->authenticator, 0, 1) == 'x'){ + //User has been bad so we are going to take away ability to post for awhile. + error_page("This account has been administratively disabled."); +} +$user = lookup_user_auth($authenticator); +if (!$user) { + page_head("Login failed"); + echo "No such account."; + page_tail(); +} else { + $_SESSION["authenticator"] = $authenticator; + $next_url = $_POST["next_url"]; + if (strlen($next_url) == 0) $next_url = "home.php"; + Header("Location: $next_url"); + if ($_POST['send_cookie']) { + setcookie('auth', $authenticator, time()+3600*24*365); + } +} +?> diff --git a/html/ops/profile_screen_form.php b/html/ops/profile_screen_form.php index 956504b0cb..9491b80628 100644 --- a/html/ops/profile_screen_form.php +++ b/html/ops/profile_screen_form.php @@ -1,5 +1,4 @@ skip
@@ -55,7 +56,7 @@ while ($profile = mysql_fetch_object($result)) {
Name: $profile->name
"; - show_profile($profile, true); + show_profile($profile, $logged_in_user, true); echo "
\n"; echo "userid\">\n"; $n++; @@ -77,4 +78,5 @@ echo " "; admin_page_tail(); +$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit ?>