From: paulr <me@pjr.cc>
Date: Sun, 6 Nov 2011 14:54:06 +0000 (+1100)
Subject: Added some form validation bits, with the ability to return posts back
X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=commitdiff_plain;h=5a23c888fac7fa841467950e23e123afa1352024

Added some form validation bits, with the ability to return posts back
to whence they came

Added an awesome star i made in gimp in 10 seconds to point out faulty
form values.
---

diff --git a/gwvplib/gwvpdatabase.php b/gwvplib/gwvpdatabase.php
index 7338e68..172ffbb 100644
--- a/gwvplib/gwvpdatabase.php
+++ b/gwvplib/gwvpdatabase.php
@@ -19,7 +19,7 @@ function gwvp_dbCreateSQLiteStructure($dbloc)
 	    "user_username" TEXT,
 	    "user_email" TEXT,
 	    "user_desc" TEXT,
-	    "user_status" INTEGER
+	    "user_status" TEXT
 		)';
 
 	$groupsql = '
@@ -79,6 +79,51 @@ function gwvp_dbCreateSQLiteStructure($dbloc)
 	$DB_CONNECTION->query($groupmemsql);
 }
 
+function gwvp_GetUserStatus($userid)
+{
+	$conn = gwvp_ConnectDB();
+	
+	$sql = "select user_status from users where users_id='$userid'";
+	
+	$res = $conn->query($sql);
+	
+	$return = null;
+	foreach($res as $val) {
+		$spl = explode(";", $val);
+		
+		$return["statusid"] = $spl[0];
+		$return["extstatus"] = $spl[1];
+	}
+	
+}
+
+function gwvp_SetUserStatus($userid, $status, $extendedstatus=null)
+{
+	/*
+	 * user statues
+	 * 0 - all good
+	 * 1 - locked
+	 * 2 - password locked
+	 * 3 - awaiting registration completion
+	 * 4 - awaiting password reset
+	 * where use status = 3,4 the key for unlock is set as the extended status
+	 * i.e. if a user goes thru registration, when the validation email gets to
+	 * them they'll have a key in their email (128 or 256 bit), thats what
+	 * the extended status field is used for
+	 */
+	
+	$conn = gwvp_ConnectDB();
+	
+	if($extendedstatus != null) {
+		$sql = "update users set user_status='$status;$extendedstatus' where users_id='$userid'";
+	} else {
+		$sql = "update users set user_status='$status;0' where users_id='$userid'";
+	}
+	
+	return $conn->query($sql);
+	
+}
+
 function gwvp_forceDisconnect()
 {
 	
@@ -426,7 +471,7 @@ function gwvp_getGroupId($groupname)
 	return $return;
 }
 
-function gwvp_getGroup($gid)
+function gwvp_getGroup($gid = null, $gname = null)
 {
 	/* 
 	 * 	$groupsql = '
@@ -440,7 +485,11 @@ function gwvp_getGroup($gid)
 	 */
 	$conn = gwvp_ConnectDB();
 	
-	$sql = "select * from groups where groups_id='$gid'";
+	if($gid != null) {
+		$sql = "select * from groups where groups_id='$gid'";
+	} else if ($gname != null) {
+		$sql = "select * from groups where groups_name='$gname'";
+	} else return false;
 	
 	$res = $conn->query($sql);
 	$return = false;
diff --git a/gwvplib/gwvpinputcheck.php b/gwvplib/gwvpinputcheck.php
index 59de285..5b16154 100644
--- a/gwvplib/gwvpinputcheck.php
+++ b/gwvplib/gwvpinputcheck.php
@@ -9,4 +9,16 @@ function gwvp_checkEmail($email)
 	else return true;
 }
 
+// TODO: need to write this
+function gwvp_stripDescription($desc)
+{
+	// this doesnt work yet
+	//$match = preg_replace("/^[a-zA-Z0-9\+]+@[a-zA-Z0-9\.]+$/", $email);
+	
+	//if($match != 1) return false;
+	//else return true;
+	
+	return $desc;
+}
+
 ?>
\ No newline at end of file
diff --git a/gwvplib/gwvpuseradmin.php b/gwvplib/gwvpuseradmin.php
index 1d7e86d..19f4c71 100644
--- a/gwvplib/gwvpuseradmin.php
+++ b/gwvplib/gwvpuseradmin.php
@@ -56,6 +56,51 @@ function gwvp_AddUserPage()
 	$username = $_REQUEST["username"];
 	$desc = $_REQUEST["desc"];
 	
+	// now for some validation
+	$sendback = false;
+	$message = "";
+	if(!gwvp_checkEmail($email)) {
+		$sendback = true;
+		$message .= "EMail address invalid. ";
+	}
+	
+	// function gwvp_getUser($username=null, $email=null, $id=null)
+	if(gwvp_getUser(null, $email, null)!=null) {
+		$staremail = true;
+		$sendback = true;
+		$message .= "EMail address already registered. ";
+	}
+	
+	if(gwvp_getUser($username)!= null) {
+		$starusername = true;
+		$sendback = true;
+		$message .= "Username already exists. ";
+	}
+	
+	if($pass1 != $pass2) {
+		$starpass = true;
+		$sendback = true;
+		$message .= "Passwords dont match. ";
+	}
+	
+	// otherwise, its all good, proceed with user creation
+	if($sendback) {
+		$_SESSION["sendback_owner"] = "users";
+		$sb["email"] = $email;
+		if($staremail) $sb["emailstar"] = true;
+		$sb["fullname"] = $fullname;
+		$sb["username"] = $username;
+		if($starusername) $sb["usernamestar"] = true;
+		$sb["desc"] = $desc;
+		if($starpass) $sb["passwordstar"] = true;
+		
+		$_SESSION["sendback"] = true;
+		$_SESSION["sendback_data"] = base64_encode(serialize($sb));
+		gwvp_SendMessage("error", "$message");
+		header("Location: $BASE_URL/admin/users");
+		return;
+	}
+	
 	// TODO: we need to do alot of checking here - that can come later
 	if(gwvp_createUser($email, $fullname, $pass1, $username, $desc, 0)) {
 		gwvp_SendMessage("info", "user $username, $fullname ($email) created");
@@ -89,11 +134,42 @@ function gwvp_AddGroupPage()
 	 */
 	global $BASE_URL;
 	
+	/*
+	 * 				$presetname = " value=\"".$data["groupname"]."\"";
+				$presetdesc = " value=\"".$data["groupdesc"]."\"";
+				$presetgroupadmin = " ".$data["admingroup"]."\"";
+				$presetowner = " value=\"".$data["groupowner"]."\"";
+
+	 */
+	
 	$gname = $_REQUEST["groupname"];
 	$isadmin = isset($_REQUEST["admingroup"]);
 	$gdesc = $_REQUEST["groupdesc"];
 	$owner = $_REQUEST["groupowner"];
 	
+	//gwvp_getGroup($gid = null, $gname = null)
+	if($isadmin) error_log("admin true");
+	else error_log("admin not true");
+	
+	if(gwvp_getGroup(null, $gname)) {
+		$_SESSION["sendback_owner"] = "groups";
+		$_SESSION["sendback"] = true;
+		
+		$data["groupname"] = $gname;
+		$data["groupdesc"] = $gdesc;
+		$data["groupowner"] = $owner;
+		if($isadmin) $data["admingroup"] = "checked";
+		//else $data["admingroup"] = "";
+		$data["groupnamestar"] = true;
+		
+		gwvp_SendMessage("error", "Group name in use");
+		
+		$_SESSION["sendback_data"] = base64_encode(serialize($data));
+		
+		header("Location: $BASE_URL/admin/users");
+		return;
+	}
+	
 	// gwvp_createGroup($group_name, $is_admin, $owner_id)
 	gwvp_createGroup("$gname", $gdesc, $isadmin, $owner);
 	// we also need to add the owner to the group
@@ -309,6 +385,45 @@ function gwvp_UserAdminPageBody()
 	
 	// admin only bit
 	if($LOGIN_TYPE == "admin") {
+		$data = null;
+		
+		$staremail = "";
+		$starpass = "";
+		$starusername = "";
+		$presetemail = "";
+		$presetfullname = "";
+		$presetdesc = "";
+		$presetusername = "";
+		
+		if(isset($_SESSION["sendback_owner"])) {
+			if($_SESSION["sendback_owner"] == "users") {
+				/*
+				 * 		$sb["email"] = $email;
+			if($staremail) $sb["emailstar"] = true;
+			$sb["fullname"] = $fullname;
+			$sb["username"] = $username;
+			if($starusername) $sb["usernamestar"] = true;
+			$sb["desc"] = $desc;
+			if($starpass) $sb["passwordstar"] = true;
+	
+				 */
+				$data = unserialize(base64_decode($_SESSION["sendback_data"]));
+				
+				$presetemail = " value=\"".$data["email"]."\"";
+				$presetfullname = " value=\"".$data["fullname"]."\"";
+				$presetusername = " value=\"".$data["username"]."\"";
+				$presetdesc = " value=\"".$data["desc"]."\"";
+				
+				if(isset($data["emailstar"])) $staremail = "<img src=\"$BASE_URL/images/star.jpg\">";
+				if(isset($data["usernamestar"])) $starusername = "<img src=\"$BASE_URL/images/star.jpg\">";
+				if(isset($data["passwordstar"])) $starpass = "<img src=\"$BASE_URL/images/star.jpg\">";
+				
+				unset($_SESSION["sendback"]);
+				unset($_SESSION["sendback_data"]);
+				unset($_SESSION["sendback_owner"]);
+			}
+		}
+		
 		echo "<tr><td valign=\"top\"><h3>Create User</h3></td><td><h3>Create Group</h3></td></tr>";
 		
 		// create user bit
@@ -316,31 +431,68 @@ function gwvp_UserAdminPageBody()
 		
 		echo "<form method=\"post\" action=\"$BASE_URL/admin/users/adduser\">";
 		echo "<table>";
-		echo "<tr><td>EMail</td><td><input type=\"text\" name=\"email\"></td>";
-		echo "<td>Full Name</td><td><input type=\"text\" name=\"fullname\"></td></tr>";
-		echo "<tr><td>Password</td><td><input type=\"text\" name=\"pass1\"></td>";
-		echo "<td>Password Confirm</td><td><input type=\"text\" name=\"pass2\"></td></tr>";
-		echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td>";
-		echo "<td>Description</td><td><input type=\"text\" name=\"desc\"></td></tr>";
+		echo "<tr><td>EMail</td><td><input type=\"text\" name=\"email\"$presetemail>$staremail</td>";
+		echo "<td>Full Name</td><td><input type=\"text\" name=\"fullname\"$presetfullname></td></tr>";
+		echo "<tr><td>Password</td><td><input type=\"text\" name=\"pass1\">$starpass</td>";
+		echo "<td>Password Confirm</td><td><input type=\"text\" name=\"pass2\">$starpass</td></tr>";
+		echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"$presetusername>$starusername</td>";
+		echo "<td>Description</td><td><input type=\"text\" name=\"desc\"$presetdesc></td></tr>";
 		echo "<tr><td><input type=\"submit\" name=\"Create\" value=\"Create\" class=\"buttons\"></td></tr>";
 		echo "</table>";
 		echo "</form>";
 		
 		echo "</td><td valign=\"top\">";
 		
+		$stargroupname = "";
+		$presetname = "";
+		$presetgroupadmin = "";
+		$presetowner = -1;
+		
+		if(isset($_SESSION["sendback_owner"])) {
+			if($_SESSION["sendback_owner"] == "groups") {
+				/*
+				 * 		$sb["email"] = $email;
+			if($staremail) $sb["emailstar"] = true;
+			$sb["fullname"] = $fullname;
+			$sb["username"] = $username;
+			if($starusername) $sb["usernamestar"] = true;
+			$sb["desc"] = $desc;
+			if($starpass) $sb["passwordstar"] = true;
+	
+				 */
+				$data = unserialize(base64_decode($_SESSION["sendback_data"]));
+				
+				$presetname = " value=\"".$data["groupname"]."\"";
+				$presetdesc = " value=\"".$data["groupdesc"]."\"";
+				$presetgroupadmin = " ".$data["admingroup"];
+				$presetowner = $data["groupowner"];
+				
+				if(isset($data["groupnamestar"])) $stargroupname = "<img src=\"$BASE_URL/images/star.jpg\">";
+				
+				unset($_SESSION["sendback"]);
+				unset($_SESSION["sendback_data"]);
+				unset($_SESSION["sendback_owner"]);
+			}
+		}
+		
 		// Create group
 		echo "<form method=\"post\" action=\"$BASE_URL/admin/users/addgroup\">";
 		echo "<table>";
-		echo "<tr><td>Group Name</td><td><input type=\"text\" name=\"groupname\"><td></tr>";
-		echo "<tr><td>Group Description</td><td><input type=\"text\" name=\"groupdesc\"><td></tr>";
-		echo "<tr><td>Admin Group?</td><td><input type=\"checkbox\" name=\"admingroup\" class=\"mycheckbox\"></td></tr>";
+		echo "<tr><td>Group Name</td><td><input type=\"text\" name=\"groupname\"$presetname>$stargroupname<td></tr>";
+		echo "<tr><td>Group Description</td><td><input type=\"text\" name=\"groupdesc\"$presetdesc><td></tr>";
+		echo "<tr><td>Admin Group?</td><td><input type=\"checkbox\" name=\"admingroup\" class=\"mycheckbox\"$presetgroupadmin></td></tr>";
 		echo "<tr><td>Owner</td><td><div><select class=\"myselect\" name=\"groupowner\">";
 		foreach($users as $u_users) {
 			$uid = $u_users["id"];
 			$email = $u_users["email"];
 			$username = $u_users["username"];
 			$fullname = $u_users["fullname"];
-			echo "<option value=\"$uid\">$username, $fullname ($email)</option>";
+			if($presetowner == $uid) {
+				echo "<option value=\"$uid\" selected>$username, $fullname ($email)</option>";
+			} else {
+				echo "<option value=\"$uid\">$username, $fullname ($email)</option>";
+			}
+			
 		}
 		echo "</select></div></td></tr>";
 		
diff --git a/www/images/star.jpg b/www/images/star.jpg
new file mode 100644
index 0000000..8bb9bcd
Binary files /dev/null and b/www/images/star.jpg differ