Skip to content
GitLab
Commit 558558e6 authored by Benjamin Sonntag's avatar Benjamin Sonntag
Browse files

separating more code (css/post action management)

parent 2868a390
Hide whitespace changes
Inline Side-by-side
.gitignore 0 → 100644
View file @ 558558e6
my/config.php
my/create.php
View file @ 558558e6
<?php
require_once("config.php");
session_start();
$debug=false;
$fields=array("login","pass1","pass2","email","url","cap");
$found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array();
$info=array();
if ($found==6 && $_POST["url"]=="") {
if ($_SESSION["captcha"]!=$_POST["cap"]) {
$error[]=_("The captcha is incorrect, please try again");
}
if (!csrf_check($_POST["csrf"])) {
$error[]=_("The captcha is incorrect, please try again (2)");
}
$login=fixlogin($_POST["login"]);
if ($login!=$_POST["login"] || strlen($login)<3 || strlen($login)>80) {
$error[]=_("The login must be between 3 and 80 characters long, and must not contains special characters (unicode and accents authorized though)");
}
$pass=fixlogin($_POST["pass1"]);
if ($_POST["pass1"]!=$_POST["pass2"] || $pass!=$_POST["pass1"]) {
$error[]=_("Your passwords are not the same, or contains special characters (unicode and accents authorized though), please try again");
}
if (count($error)==0) {
sleep(5); // Let create some artificial waiting for the one who want to create many accounts ...
// Try to create the account.
$already=@mysql_fetch_assoc(mysql_query("SELECT id FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@$domain")."';"));
if ($already) {
$error[]=_("This account already exist, or is disabled. You can't create that login now, please find another one!");
}
if (count($error)==0) {
mysql_query("INSERT INTO accounts SET jabberid='".addslashes($_POST["login"]."@$domain")."', createdate=NOW(), email='".hashmail(trim($_POST["email"]))."', ack=0;");
// Connect to the telnet console of prosody.
$f=fsockopen("localhost",5582,$errno,$errstr,5);
if (!$f) {
$error[]=_("Can't connect to jabber server");
mysql_query("DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@$domain")."';");
} else {
for($i=0;$i<12;$i++) {
$s=fgets($f,1024);
if ($debug) echo ":".$s.":<br>";
}
fputs($f,"user:create(\"".$login."@$domain\",\"".$password."\")\n");
$s=fgets($f,1024);
if ($debug) echo ":".$s.":<br>";
if (trim($s)=="| OK: User created") {
mysql_query("UPDATE accounts SET ack=1 WHERE jabberid='".addslashes($_POST["login"]."@$domain")."';");
$info[]=_("Your account has been created successfully. You can use it immediately.");
unset($_POST);
unset($_REQUEST);
} else {
if ($debug) { $s=fgets($f,1024); echo ":".$s.":<br>"; }
mysql_query("DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@$domain")."';");
$error[]=_("An error occurred trying to create your account, please try again later");
// TODO : send an email to us ;)
}
fclose($f);
}
}
}
}
require_once("docreate.php");
require_once("header.php");
require_once("css.php");
?>
<style type="text/css">
.error {
color: #F00;
background-color: #FEE;
padding: 10px;
margin: 10px;
border: 2px solid #F00;
}
.info {
color: #090;
background-color: #EFE;
padding: 10px;
margin: 10px;
border: 2px solid #090;
}
sup {
color:red; font-size: 0.6em
}
.wichtig { display: none }
.btn {
padding: 6px 10px; background: #497ed5; color: white; font-weight: bold;
}
</style>
<p>
<b><?php __("Menu:"); ?></b>
<?php __("Create an account"); ?> -
<a href="lost.php"><?php __("I lost my password"); ?></a> -
<a href="disabled.php"><?php __("My account is disabled"); ?></a>
<a href="recover.php"><?php __("My account is disabled"); ?></a>
</p>
<h1><?php __("Account creation on our Jabber server"); ?></h1>
......@@ -118,7 +35,7 @@ if (count($info)) {
<input type="hidden" name="csrf" value="<?php echo csrf_gen(); ?>" />
<table style="width: 700px">
<tr><th style="width: 200px"><?php __("Login"); ?><sup>*</sup> <br /><i><small><?php __("3 characters or more"); ?></small></i></th>
<td><input type="text" name="login" id="login" value="<?php eher("login"); ?>" style="width: 200px" />@$domain</td></tr>
<td><input type="text" name="login" id="login" value="<?php eher("login"); ?>" style="width: 200px" />@<?php echo $domain; ?></td></tr>
<tr><th><?php __("Password"); ?><sup>*</sup></th>
<td><input type="password" name="pass1" id="pass1" value="<?php eher("pass1"); ?>" style="width: 200px"/></td></tr>
......@@ -143,13 +60,11 @@ if (count($info)) {
</form>
<p>&nbsp;</p>
<p><i><?php __("Please note that:"); ?></i>
<p><i><?php __("Please note that:"); ?></i></p>
<ul>
<li><?php __("Any account unused for 6 months will be disabled, and this login will not be allowed as registration for 6 more months. During that time, you will be allowed to recover that account if we have an email address for this account. After that, any disabled account will be permanently destroyed and the login will be available again for other users"); ?></li>
<li><?php __("We don't store your password or email in cleartext, but only a hashed version. We don't verify your email address, so write it down properly. We will only use it to send you a recover link if you lose your password."); ?></li>
</ul>
</p>
<?php
require_once("footer.php");
......
my/css.php 0 → 100644
View file @ 558558e6
<style type="text/css">
.error {
color: #F00;
background-color: #FEE;
padding: 10px;
margin: 10px;
border: 2px solid #F00;
}
.info {
color: #090;
background-color: #EFE;
padding: 10px;
margin: 10px;
border: 2px solid #090;
}
sup {
color:red; font-size: 0.6em
}
.wichtig { display: none }
.btn {
padding: 6px 10px; background: #497ed5; color: white; font-weight: bold;
}
</style>
my/docreate.php 0 → 100644
View file @ 558558e6
<?php
require_once("config.php");
$debug=false;
$fields=array("login","pass1","pass2","email","url","cap");
$found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array();
$info=array();
if ($found==6 && $_POST["url"]=="") {
if ($_SESSION["captcha"]!=$_POST["cap"]) {
$error[]=_("The captcha is incorrect, please try again");
}
if (!csrf_check($_POST["csrf"])) {
$error[]=_("The captcha is incorrect, please try again (2)");
}
$login=fixlogin($_POST["login"]);
if ($login!=$_POST["login"] || strlen($login)<3 || strlen($login)>80) {
$error[]=_("The login must be between 3 and 80 characters long, and must not contains special characters (unicode and accents authorized though)");
}
$pass=fixlogin($_POST["pass1"]);
if ($_POST["pass1"]!=$_POST["pass2"] || $pass!=$_POST["pass1"]) {
$error[]=_("Your passwords are not the same, or contains special characters (unicode and accents authorized though), please try again");
}
if (count($error)==0) {
sleep(5); // Let create some artificial waiting for the one who want to create many accounts ...
// Try to create the account.
$already=@mysql_fetch_assoc(mysql_query("SELECT id FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';"));
if ($already) {
$error[]=_("This account already exist, or is disabled. You can't create that login now, please find another one!");
}
if (count($error)==0) {
mysql_query("INSERT INTO accounts SET jabberid='".addslashes($_POST["login"]."@".$domain)."', createdate=NOW(), email='".hashmail(trim($_POST["email"]))."', ack=0;");
// Connect to the telnet console of prosody.
$f=fsockopen("localhost",5582,$errno,$errstr,5);
if (!$f) {
$error[]=_("Can't connect to jabber server");
mysql_query("DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
} else {
for($i=0;$i<12;$i++) {
$s=fgets($f,1024);
if ($debug) echo ":".$s.":<br>";
}
fputs($f,'user:create("'.$login.'@'.$domain.'","'.$password."\")\n");
$s=fgets($f,1024);
if ($debug) echo ":".$s.":<br>";
if (trim($s)=="| OK: User created") {
mysql_query("UPDATE accounts SET ack=1 WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
$info[]=_("Your account has been created successfully. You can use it immediately.");
unset($_POST);
unset($_REQUEST);
} else {
if ($debug) { $s=fgets($f,1024); echo ":".$s.":<br>"; }
mysql_query("DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
$error[]=_("An error occurred trying to create your account, please try again later");
// TODO : send an email to us ;)
}
fclose($f);
}
}
}
}
my/dolost.php 0 → 100644
View file @ 558558e6
<?php
require_once("config.php");
$debug=false;
$fields=array("email","login","csrf","cap","url");
$found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array();
$info=array();
if ($found==5 && $_POST["url"]=="") {
if ($_SESSION["captcha"]!=$_POST["cap"]) {
$error[]=_("The captcha is incorrect, please try again");
}
if (!csrf_check($_POST["csrf"])) {
$error[]=_("The captcha is incorrect, please try again (2)");
}
$login=fixlogin($_POST["login"]);
if ($login!=$_POST["login"] || strlen($login)<3 || strlen($login)>80) {
$error[]=_("The login must be between 3 and 80 characters long, and must not contains special characters (unicode and accents authorized though)");
}
if (count($error)==0) {
sleep(5); // Let create some artificial waiting for the one who want to restore many accounts ...
// Does it exist?
$already=@mysql_fetch_assoc(mysql_query("SELECT id FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@jabber.lqdn.fr")."';"));
if (!$already) {
$error[]=sprintf(_("This account doesn't exist, or have been permanently destroyed. <a href=\"%s\">Click here to create a new account with this login</a>."),"create.php");
}
if ($already["disabledate"]!="0000-00-00 00:00:00") {
$error[]=sprintf(_("This account have been disabled. <a href=\"%s\">Click here to restore it</a>."),"recover.php");
}
if ($already["email"]!=hashmail($_POST["email"],$already["email"])) {
$error[]=_("This account's email address is not the one you entered. Please try again with another email address.");
}
if (count($error)==0) {
} // still no error ?
} // no error ?
} // isset ?
my/footer.php
View file @ 558558e6
</article> <!-- .et_pb_post --> </div> <!-- #left-area --> <div id="sidebar"> <div id="search-2" class="et_pb_widget widget_search"><form role="search" method="get" id="searchform" class="searchform" action="https://jabber.lqdn.fr/"> <div> <label class="screen-reader-text" for="s">Search for:</label> <input type="text" value="" name="s" id="s" /> <input type="submit" id="searchsubmit" value="Search" /> </div> </form></div> <!-- end .et_pb_widget --> <div id="recent-posts-2" class="et_pb_widget widget_recent_entries"> <h4 class="widgettitle">Recent Posts</h4> <ul> <li> <a href="https://jabber.lqdn.fr/?p=37">Bienvenue sur jabber.lqdn.fr</a> </li> </ul> </div> <!-- end .et_pb_widget --><div id="archives-2" class="et_pb_widget widget_archive"><h4 class="widgettitle">Archives</h4> <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value="">Select Month</option> <option value='https://jabber.lqdn.fr/?m=201408'> August 2014 </option> </select></div> <!-- end .et_pb_widget --><div id="categories-2" class="et_pb_widget widget_categories"><h4 class="widgettitle">Categories</h4><select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="4">fr&nbsp;&nbsp;(1)</option></select><script type='text/javascript'>/* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "https://jabber.lqdn.fr/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange;/* ]]> */</script></div> <!-- end .et_pb_widget --> </div> <!-- end #sidebar --> </div> <!-- #content-area --> </div> <!-- .container --> </div> <!-- #main-content --> <footer id="main-footer"> <div id="footer-bottom"> <div class="container clearfix"> <p id="footer-info"></p> </div> <!-- .container --> </div> </footer> <!-- #main-footer --> </div> <!-- #et-main-area --> </div> <!-- #page-container --> <script type='text/javascript' src='https://jabber.lqdn.fr/wp-includes/js/comment-reply.min.js?ver=3.9.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/jquery.fitvids.js?ver=2.1.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/waypoints.min.js?ver=2.1.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/jquery.magnific-popup.js?ver=2.1.2'></script><script type='text/javascript'>/* <![CDATA[ */var et_custom = {"ajaxurl":"https:\/\/jabber.lqdn.fr\/wp-admin\/admin-ajax.php","images_uri":"https:\/\/jabber.lqdn.fr\/wp-content\/themes\/Divi\/images","et_load_nonce":"ce86d314f9","subscription_failed":"Please, check the fields below to make sure you entered the correct information.","fill":"Fill","field":"field","invalid":"Invalid email","captcha":"Captcha","prev":"Prev","next":"Next"};/* ]]> */</script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/custom.js?ver=2.1.2'></script></body></html>
<!-- .et_pb_post --> </div> <!-- #left-area --> <div id="sidebar"> <div id="search-2" class="et_pb_widget widget_search"><form role="search" method="get" id="searchform" class="searchform" action="https://jabber.lqdn.fr/"> <div> <label class="screen-reader-text" for="s">Search for:</label> <input type="text" value="" name="s" id="s" /> <input type="submit" id="searchsubmit" value="Search" /> </div> </form></div> <!-- end .et_pb_widget --> <div id="recent-posts-2" class="et_pb_widget widget_recent_entries"> <h4 class="widgettitle">Recent Posts</h4> <ul> <li> <a href="https://jabber.lqdn.fr/?p=37">Bienvenue sur jabber.lqdn.fr</a> </li> </ul> </div> <!-- end .et_pb_widget --><div id="archives-2" class="et_pb_widget widget_archive"><h4 class="widgettitle">Archives</h4> <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value="">Select Month</option> <option value='https://jabber.lqdn.fr/?m=201408'> August 2014 </option> </select></div> <!-- end .et_pb_widget --><div id="categories-2" class="et_pb_widget widget_categories"><h4 class="widgettitle">Categories</h4><select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="4">fr&nbsp;&nbsp;(1)</option></select><script type='text/javascript'>/* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "https://jabber.lqdn.fr/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange;/* ]]> */</script></div> <!-- end .et_pb_widget --> </div> <!-- end #sidebar --> </div> <!-- #content-area --> </div> <!-- .container --> </div> <!-- #main-content --> <footer id="main-footer"> <div id="footer-bottom"> <div class="container clearfix"> <p id="footer-info"></p> </div> <!-- .container --> </div> </footer> <!-- #main-footer --> </div> <!-- #et-main-area --> </div> <!-- #page-container --> <script type='text/javascript' src='https://jabber.lqdn.fr/wp-includes/js/comment-reply.min.js?ver=3.9.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/jquery.fitvids.js?ver=2.1.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/waypoints.min.js?ver=2.1.2'></script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/jquery.magnific-popup.js?ver=2.1.2'></script><script type='text/javascript'>/* <![CDATA[ */var et_custom = {"ajaxurl":"https:\/\/jabber.lqdn.fr\/wp-admin\/admin-ajax.php","images_uri":"https:\/\/jabber.lqdn.fr\/wp-content\/themes\/Divi\/images","et_load_nonce":"ce86d314f9","subscription_failed":"Please, check the fields below to make sure you entered the correct information.","fill":"Fill","field":"field","invalid":"Invalid email","captcha":"Captcha","prev":"Prev","next":"Next"};/* ]]> */</script><script type='text/javascript' src='https://jabber.lqdn.fr/wp-content/themes/Divi/js/custom.js?ver=2.1.2'></script></body></html>
......
my/functions.php
View file @ 558558e6
<?php
// automatic session starting (for csrf/captcha management)
session_start();
function __($str) { echo _($str); }
......
my/lost.php
View file @ 558558e6
<?php
require_once("config.php");
session_start();
$debug=false;
if (isset($_POST["email"]) && isset($_POST["login"]) && isset($_POST["csrf"]) && isset($_POST["captcha"])
) {
if ($_SESSION["captcha"]!=$_POST["cap"]) {
$error[]=_("The captcha is incorrect, please try again");
}
if (!csrf_check($_POST["csrf"])) {
$error[]=_("The captcha is incorrect, please try again (2)");
}
$login=fixlogin($_POST["login"]);
if ($login!=$_POST["login"] || strlen($login)<3 || strlen($login)>80) {
$error[]=_("The login must be between 3 and 80 characters long, and must not contains special characters (unicode and accents authorized though)");
}
if (count($error)==0) {
sleep(5); // Let create some artificial waiting for the one who want to restore many accounts ...
// Try to create the account.
$already=@mysql_fetch_assoc(mysql_query("SELECT id FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@jabber.lqdn.fr")."';"));
if (!$already) {
$error[]=_("This account doesn't exist, or have been permanently destroyed. You can't restore that login now. You'd better create a new account altogether");
}
if (count($error)==0) {
} // still no error ?
} // no error ?
} // isset ?
require_once("dolost.php");
require_once("header.php");
require_once("css.php");
?>
<style type="text/css">
.error {
color: #F00;
background-color: #FEE;
padding: 10px;
margin: 10px;
border: 2px solid #F00;
}
.info {
color: #090;
background-color: #EFE;
padding: 10px;
margin: 10px;
border: 2px solid #090;
}
sup {
color:red; font-size: 0.6em
}
.wichtig { display: none }
.btn {
padding: 6px 10px; background: #497ed5; color: white; font-weight: bold;
}
</style>
<p>
<b><?php __("Menu:"); ?></b>
<a href="create.php"><?php __("Create an account"); ?></a> -
<?php __("I lost my password"); ?> -
<a href="disabled.php"><?php __("My account is disabled"); ?></a>
<a href="recover.php"><?php __("My account is disabled"); ?></a>
</p>
<h1><?php __("I lost my password on this Jabber server"); ?></h1>
<h1><?php __("You lost your password on this Jabber server"); ?></h1>
<?php
if (count($error)) {
......@@ -82,8 +34,8 @@ if (count($info)) {
<form method="post" action="lost.php">
<input type="hidden" name="csrf" value="<?php echo csrf_gen(); ?>" />
<table style="width: 700px">
<tr><th style="width: 200px"><?php __("Login"); ?><sup>*</sup> <br /><i><small><?php __("3 characters or more"); ?></small></i></th>
<td><input type="text" name="login" id="login" value="<?php eher("login"); ?>" style="width: 200px" />@jabber.lqdn.fr</td></tr>
<tr><th style="width: 250px"><?php __("Login"); ?><sup>*</sup> <br /><i><small><?php __("3 characters or more"); ?></small></i></th>
<td style="width: 450px"><input type="text" name="login" id="login" value="<?php eher("login"); ?>" style="width: 200px" />@<?php echo $domain; ?></td></tr>
<tr><th><?php __("Your email address"); ?></th>
<td><input type="text" name="email" id="email" value="<?php eher("email"); ?>" style="width: 300px"/></td></tr>
......@@ -94,7 +46,6 @@ if (count($info)) {
<br />
<input type="text" name="cap" id="cap" value="" style="width: 200px"/>
</td></tr>
</table>
<div class="wichtig">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment