- web: fixed screwed-up UOTD logic.

The meaning of the <screen_profiles> config flag is:
    If set:
        profiles must be screened by admins before their photo is shown.
        When this is done, profile.verification is set to 1
        (and they become eligible to be UOTD)
    If not set:
        profile photos are always shown.
        Profiles must be screened by admins before
        they are eligible for UOTD.
        When this is done, profile.verification is set to 1
    So default_uotd_candidates_query() is the same in either case.
- web: fix profile_screen_form.php
    (admin page for screening profiles)
- web: make a copy of login_action.php in ops/

svn path=/trunk/boinc/; revision=14561

checkin_notes

@@ -554,3 +554,27 @@ David  Jan 15 2008
         AccountInfoPage.cpp
     lib/
         diagnostics_win.cpp
+
+David  Jan 15 2008
+    - web: fixed screwed-up UOTD logic.
+        The meaning of the <screen_profiles> config flag is:
+        If set:
+            profiles must be screened by admins before their photo is shown.
+            When this is done, profile.verification is set to 1
+            (and they become eligible to be UOTD)
+        If not set:
+            profile photos are always shown.
+            Profiles must be screened by admins before
+            they are eligible for UOTD.
+            When this is done, profile.verification is set to 1
+        So default_uotd_candidates_query() is the same in either case.
+    - web: fix profile_screen_form.php
+        (admin page for screening profiles)
+    - web: make a copy of login_action.php in ops/
+
+    html/
+        inc/
+            uotd.inc
+        ops/
+            login_action.php (new)
+            profile_screen_form.php

html/inc/uotd.inc

@@ -18,6 +18,7 @@ function uotd_thumbnail($profile, $user) {
 //
 function show_uotd($profile) {
     $user = lookup_user_id($profile->userid);
+    echo uotd_thumbnail($profile, $user);
     echo user_links($user, true)."<br>";
     echo sub_sentence(output_transform(strip_tags($profile->response1)), ' ', 150, true);
 }
@@ -103,23 +104,16 @@ function select_uotd() {
     generate_uotd_gadget($profile, $user);
 }
 
-// This is the default policy for choosing the UOTD on any BOINC project.
+// This query defines the set of users eligible to be UOTD.
 // To override this with your own policy, create a similar function in
 // your own project.inc called uotd_candidates_query()
 //
 function default_uotd_candidates_query(){
-    if (profile_screening()) {
+    $query = "SELECT * FROM profile,user WHERE profile.userid=user.id ";
-        $query = "SELECT * FROM profile,user WHERE profile.userid=user.id ";
+    $query .= " AND verification=1 ";
-        $query .= " AND verification=1 ";
+    $query .= " AND expavg_credit>1 ";
-        $query .= " AND expavg_credit>1 ";
+    $query .= " AND uotd_time IS NULL ";
-        $query .= " AND uotd_time IS NULL ";
+    $query .= "ORDER BY RAND()";
-        $query .= "ORDER BY RAND()";
-    } else {
-        $query = "SELECT * FROM profile,user WHERE profile.userid=user.id ";
-        $query .= "AND expavg_credit>1 ";
-        $query .= "AND uotd_time IS NULL ";
-        $query .= "ORDER BY RAND()";
-    }
     return $query;
 }
 

html/ops/login_action.php

@@ -0,0 +1,105 @@
+<?php
+require_once("../inc/boinc_db.inc");
+require_once("../inc/util.inc");
+require_once("../inc/email.inc");
+require_once("../inc/user.inc");
+
+init_session();
+
+// check for email/password case
+//
+$email_addr = strtolower(process_user_text(post_str("email_addr", true)));
+$passwd = stripslashes(post_str("passwd", true));
+
+if ($email_addr && $passwd) {
+    $user = lookup_user_email_addr($email_addr);
+    if (!$user) {
+        error_page("No account found with email address $email_addr");
+    }
+	if (substr($user->authenticator, 0, 1) == 'x'){
+		//User has been bad so we are going to take away ability to post for awhile.
+		error_page("This account has been administratively disabled.");
+	}
+    $passwd_hash = md5($passwd.$email_addr);
+    if ($passwd_hash != $user->passwd_hash) {
+        page_head("Login failed");
+        echo "Login failed: Wrong password for $email_addr.
+            <br>Use your browser's Back button to try again.
+            <p>
+            If you've forgotten your password, you can either
+            <ul>
+            <li> <a href=edit_passwd_form.php>Change your password</a>
+                (requires account key).
+                <p>
+                or
+            <li> <a href=get_passwd.php>Have your account key emailed to you</a>.
+            </ul>
+        ";
+        page_tail();
+        exit();
+    }
+    $authenticator = $user->authenticator;
+    $_SESSION["authenticator"] = $authenticator;
+    $next_url = $_POST["next_url"];
+    if (strlen($next_url) == 0) $next_url = "home.php";
+    Header("Location: $next_url");
+    if ($_POST['send_cookie']) {
+        setcookie('auth', $authenticator, time()+3600*24*365);
+    }
+    exit();
+}
+
+// check for time/id/hash case.
+
+$id = get_int('id', true);
+$t = get_int('t', true);
+$h = get_str('h', true);
+if ($id && $t && $h) {
+    $user = BoincUser::lookup_id($id);
+    if (!$user) error_page("no such user");
+    $x = $id.$user->authenticator.$t;
+    $x = md5($x);
+    $x = substr($x, 0, 16);
+    if ($x != $h) error_page("bad hash");
+    if (time() - $t > 86400) {
+        error_page("Link has expired;
+            go <a href=get_passwd.php>here</a> to
+            get a new login link by email."
+        );
+    }
+    $_SESSION["authenticator"] = $user->authenticator;
+    Header("Location: home.php");
+    setcookie('auth', $authenticator, time()+3600*24*365);
+    exit();
+}
+
+// check for account key case.
+// see if key is in URL; if not then check for POST data
+//
+$authenticator = process_user_text(get_str("key", true));
+if (!$authenticator) {
+   $authenticator = process_user_text(post_str("authenticator", true));
+}
+if (!$authenticator) {
+    error_page("You must supply an account key");
+}
+
+if (substr($user->authenticator, 0, 1) == 'x'){
+	//User has been bad so we are going to take away ability to post for awhile.
+	error_page("This account has been administratively disabled.");
+}
+$user = lookup_user_auth($authenticator);
+if (!$user) {
+    page_head("Login failed");
+    echo "No such account.";
+    page_tail();
+} else {
+    $_SESSION["authenticator"] = $authenticator;
+    $next_url = $_POST["next_url"];
+    if (strlen($next_url) == 0) $next_url = "home.php";
+    Header("Location: $next_url");
+    if ($_POST['send_cookie']) {
+        setcookie('auth', $authenticator, time()+3600*24*365);
+    }
+}
+?>

html/ops/profile_screen_form.php

@@ -1,5 +1,4 @@
 <?php
-$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 require_once("../inc/forum.inc");
 require_once("../inc/text_transform.inc");
@@ -9,6 +8,8 @@ require_once("../project/project.inc");
 
 db_init();
 
+$logged_in_user = get_logged_in_user();
+
 function buttons($i) {
     echo "
         <input type=\"radio\" name=\"user$i\" value=\"0\"> skip <br>
@@ -55,7 +56,7 @@ while ($profile = mysql_fetch_object($result)) {
         <br>Name: $profile->name
         <br>
     ";
-    show_profile($profile, true);
+    show_profile($profile, $logged_in_user, true);
     echo "<hr></td></tr>\n";
     echo "<input type=\"hidden\" name=\"userid$n\" value=\"$profile->userid\">\n";
     $n++;
@@ -77,4 +78,5 @@ echo "
 ";
 
 admin_page_tail();
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>