Board owners can now change their usernames and set recovery email during creation process and while logged in.

2015-05-06 19:27:27 +08:00 · 2015-05-06 19:27:27 +08:00 · 92168dd21e
commit 92168dd21e
parent b96b33e548
8 changed files with 83 additions and 27 deletions
--- a/create.php
+++ b/create.php
@ -21,6 +21,7 @@ $title = $_POST['title'];
 $subtitle = $_POST['subtitle'];
 $username = $_POST['username'];
 $password = $_POST['password'];
+$email = $_POST['email'];

 $resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query([
 	'mode' => 'check',
@ -39,6 +40,8 @@ if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username))
 	error(_('Invalid username'));
 if ($resp !== '1')
 	error($config['error']['captcha']);
+if (!filter_var($email, FILTER_VALIDATE_EMAIL))
+	$email = '';

 foreach (listBoards() as $i => $board) {
 	if ($board['uri'] == $uri)
@ -66,12 +69,13 @@ error(_('The username you\'ve tried to enter already exists!'));
 $salt = generate_salt();
 $password = hash('sha256', $salt . sha1($password));

-$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)');
+$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards, :email)');
 $query->bindValue(':username', $username);
 $query->bindValue(':password', $password);
 $query->bindValue(':salt', $salt);
 $query->bindValue(':type', 20);
 $query->bindValue(':boards', $uri);
+$query->bindValue(':email', $email);
 $query->execute() or error(db_error($query));
 		
 $query = prepare('INSERT INTO ``boards`` (`uri`, `title`, `subtitle`) VALUES (:uri, :title, :subtitle)');
--- a/inc/config.php
+++ b/inc/config.php
@ -1530,7 +1530,7 @@
 	// Edit any users' login information
 	$config['mod']['editusers'] = ADMIN;
 	// Change user's own password
-	$config['mod']['change_password'] = JANITOR;
+	$config['mod']['edit_profile'] = JANITOR;
 	// Delete a user
 	$config['mod']['deleteusers'] = ADMIN;
 	// Create a user
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@ -1914,11 +1914,11 @@ function mod_deletebyip($boardName, $post, $global = false) {
 function mod_user($uid) {
 	global $config, $mod;
 	
-	if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
+	if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['edit_profile']) && $uid == $mod['id']))
 		error($config['error']['noaccess']);

 	if (in_array($mod['boards'][0], array('infinity', 'z')))
-		error('This board has password changing disabled.');
+		error('This board has profile changing disabled.');
 	
 	$query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id');
 	$query->bindValue(':id', $uid);
@ -1997,8 +1997,8 @@ function mod_user($uid) {
 		return;
 	}
 	
-	if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
-		if ($_POST['password'] != '') {
+	if (hasPermission($config['mod']['edit_profile']) && $uid == $mod['id']) {
+		if (isset($_POST['password']) && $_POST['password'] != '') {
 			$salt = generate_salt();
 			$password = hash('sha256', $salt . sha1($_POST['password']));

@ -2013,13 +2013,50 @@ function mod_user($uid) {
 			login($user['username'], $_POST['password']);
 			setCookies();
 		}
+
+		if (isset($_POST['username']) && $user['username'] !== $_POST['username']) {
+			if ($_POST['username'] == '')
+				error(sprintf($config['error']['required'], 'username'));
+
+			if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $_POST['username']))
+				error(_('Invalid username'));
+			
+			$query = prepare('SELECT `username` FROM ``mods``');
+			$query->execute() or error(db_error($query));
+			$users = $query->fetchAll(PDO::FETCH_ASSOC);
+
+			foreach ($users as $i => $v) {
+				if (strtolower($_POST['username']) == strtolower($v['username'])) {
+					error(_('Refusing to change your username because another user is already using it.'));
+				}
+			}
+
+			$query = prepare('UPDATE ``mods`` SET `username` = :username WHERE `id` = :id');
+			$query->bindValue(':id', $uid);
+			$query->bindValue(':username', $_POST['username']);
+			$query->execute() or error(db_error($query));
 		
-		if (hasPermission($config['mod']['manageusers']))
-			header('Location: ?/users', true, $config['redirect_http']);
-		else
-			header('Location: ?/', true, $config['redirect_http']);
+			modLog('Renamed user "' . utf8tohtml($user['username']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['username']) . '"');
+		}
+	
+		if (isset($_POST['email']) && $user['email'] !== $_POST['email'] && (empty($_POST['email']) || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))) {
+			// account was renamed
+			$query = prepare('UPDATE ``mods`` SET `email` = :email WHERE `id` = :id');
+			$query->bindValue(':id', $uid);
+			$query->bindValue(':email', $_POST['email']);
+			$query->execute() or error(db_error($query));
 		
-		return;
+			modLog('Changed user\'s email "' . utf8tohtml($user['email']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['email']) . '"');
+		}
+		
+		if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+			if (hasPermission($config['mod']['manageusers']))
+				header('Location: ?/users', true, $config['redirect_http']);
+			else
+				header('Location: ?/', true, $config['redirect_http']);
+			
+			return;
+		}
 	}
 	
 	if (hasPermission($config['mod']['modlog'])) {
@ -2032,21 +2069,18 @@ function mod_user($uid) {
 	}
 	
 	if ($mod['type'] >= ADMIN){
-	$boards = listBoards();
+		$boards = listBoards();
 	} else {
-	$boards2 = explode(',', $user['boards']);
-	
-	foreach($boards2 as $string){
-		
-		$boards[] = array("uri"=>$string, "title"=>"MY BOARD");
-		
-	}
-	
+		$boards2 = explode(',', $user['boards']);

+		foreach ($boards2 as $string){
+			$boards[] = array("uri"=>$string, "title" => _("My board"));
+		}
 	}
+
 	$user['boards'] = explode(',', $user['boards']);
 	
-	mod_page(_('Edit user'), 'mod/user.html', array(
+	mod_page(_('Edit user profile'), 'mod/user.html', array(
 		'user' => $user,
 		'logs' => $log,
 		'boards' => $boards,
@ -2114,7 +2148,7 @@ function mod_users() {
 	if (!hasPermission($config['mod']['manageusers']))
 		error($config['error']['noaccess']);
 	
-	$query = query("SELECT ``m``.`id`, ``m``.`username`, ``m``.`boards`, ``m``.`type`, 
+	$query = query("SELECT ``m``.`id`, ``m``.`username`, ``m``.`boards`, ``m``.`type`, ``m``.`email`, 
 	``ml``.`time` last, ``ml``.`text` action
 	FROM ``mods`` AS m
 	LEFT JOIN (
@ -2125,7 +2159,7 @@ function mod_users() {
 	        FROM ``modlogs``
 	        GROUP BY `mod`   
 	    ) AS ml2 USING (`mod`, time)
-	) AS ml ON m.id = ml.`mod` ORDER BY ``m``.`type` DESC;") or error(db_error());
+	) AS ml ON m.id = ml.`mod` GROUP BY ``m``.`id` ORDER BY ``m``.`type` DESC;") or error(db_error());
 	$users = $query->fetchAll(PDO::FETCH_ASSOC);
 	
 	foreach ($users as &$user) {
--- a/install.sql
+++ b/install.sql
@ -138,6 +138,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
  `salt` char(32) CHARACTER SET ascii NOT NULL,
  `type` smallint(2) NOT NULL,
  `boards` text CHARACTER SET utf8 NOT NULL,
+  `email` varchar(1024) DEFAULT '',
  PRIMARY KEY (`id`),
  UNIQUE KEY `id` (`id`,`username`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
--- a/templates/8chan/create.html
+++ b/templates/8chan/create.html
@ -7,6 +7,7 @@
 <tr><th>Subtitle</th><td><input name="subtitle" type="text"> <span class="unimportant">{% trans %}(must be < 200 chars){% endtrans %}</td></tr>
 <tr><th>{% trans %}Username{% endtrans %}</th><td><input name="username" type="text"> <span class="unimportant">{% trans %}(must contain only alphanumeric, periods and underscores){% endtrans %}</span></td></tr>
 <tr><th>{% trans %}Password{% endtrans %}</th><td><input name="password" type="text" value="{{ password }}" readonly> <span class="unimportant">{% trans %}(write this down){% endtrans %}</span></td></tr>
+<tr><th>{% trans %}Email{% endtrans %}</th><td><input name="email" type="text" value=""> <span class="unimportant">{% trans %}(optional, for board recovery){% endtrans %}</span></td></tr>
 <tr><th>{% trans %}CAPTCHA{% endtrans %}</th><td>{{ captcha['html'] }}<br/>
 <input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text">
 <input class="captcha_cookie" name="captcha_cookie" type="hidden" autocomplete="off" value="{{ captcha['cookie']|e }}"><br/></td></tr>
--- a/templates/mod/dashboard.html
+++ b/templates/mod/dashboard.html
@ -66,7 +66,7 @@
 		{% if mod|hasPermission(config.mod.manageusers) %}
 			<li><a href="?/users">{% trans 'Manage users' %}</a></li>
 		{% elseif mod|hasPermission(config.mod.change_password) %}
-			<li><a href="?/users/{{ mod.id }}">{% trans 'Change password' %}</a></li>
+			<li><a href="?/users/{{ mod.id }}">{% trans 'Edit profile' %}</a> <span class="unimportant hint">(username, email, password)</span></li>
 		{% endif %}
 		{% if mod|hasPermission(config.mod.themes) %}
 			<li><a href="?/themes">{% trans 'Manage themes' %}</a></li>
--- a/templates/mod/user.html
+++ b/templates/mod/user.html
@ -8,9 +8,9 @@
 	<input type="hidden" name="token" value="{{ token }}">
 	<table>
 		<tr>
-			<th>{% trans 'Username' %}</th>
+			<th>{% trans 'Username' %}<br/>{% if not mod|hasPermission(config.mod.editusers) %}<small style="font-weight:normal">({% trans 'warning: changing your username<br/>will log you out and change all occurrences<br/>of your old username to the new one in<br/>your board\'s logs' %}){% endif %}</th>
 			<td>
-				{% if new or mod|hasPermission(config.mod.editusers) %}
+				{% if new or mod|hasPermission(config.mod.edit_profile) %}
 					<input size="20" maxlength="30" type="text" name="username" value="{{ user.username|e }}" autocomplete="off">
 				{% else %}
 					{{ user.username|e }}
@ -20,13 +20,23 @@
 		<tr>
 			<th>{% trans 'Password' %}{% if not new %} <small style="font-weight:normal">({% trans 'new; optional' %})</small>{% endif %}</th>
 			<td>
-				{% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.change_password) and user.id == mod.id)) %}
+				{% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.edit_profile) and user.id == mod.id)) %}
 					<input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off">
 				{% else %}
 					-
 				{% endif %}
 			</td>
 		</tr>
+		<tr>
+			<th>{% trans 'Email' %}<br/> <small style="font-weight:normal">({% trans 'if you forget your board password<br/>email admin@8chan.co from this<br/>address to request a reset; optional' %})</small></th>
+			<td>
+				{% if new or (mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.edit_profile) and user.id == mod.id)) %}
+					<input size="20" maxlength="1024" type="text" name="email" value="{{ user.email|e }}" autocomplete="off">
+				{% else %}
+					-
+				{% endif %}
+			</td>
+		</tr>
 		{% if new %}
 			<tr>
 				<th>{% trans 'Group' %}</th>
@ -42,6 +52,7 @@
 				</td>
 			</tr>
 		{% endif %}
+		{% if mod|hasPermission(config.mod.editusers) %}
 		<tr>
 			<th>{% trans 'Boards' %}</th>
 			<td>
@ -73,6 +84,7 @@
 				</ul>
 			</td>
 		</tr>
+		{% endif %}
 	</table>
 	
 	<ul style="padding:0;text-align:center;list-style:none">
--- a/templates/mod/users.html
+++ b/templates/mod/users.html
@ -3,6 +3,7 @@
 		<th>{% trans 'ID' %}</th>
 		<th>{% trans 'Username' %}</th>
 		<th>{% trans 'Type' %}</th>
+		<th>{% trans 'Email' %}</th>
 		<th>{% trans 'Boards' %}</th>
 		{% if mod|hasPermission(config.mod.modlog) %}
 			<th>{% trans 'Last action' %}</th>
@ -27,6 +28,9 @@
 					<em>{% trans 'Unknown' %}</em> ({{ user.type }})
 				{% endif %}
 			</td>
+			<td>
+				{{ user.email|e }}
+			</td>
 			<td>
 				{% if user.boards == '' %}
 					<em>{% trans 'none' %}</em>