Skip to content

Q
question2answer
Commit e449b233 by Scott
Options

Coding style (user pages)

parent b0af268c
Showing with 204 additions and 230 deletions
qa-include/pages/confirm.php
......@@ -20,106 +20,106 @@
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
}
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
if (QA_FINAL_EXTERNAL_USERS)
if (QA_FINAL_EXTERNAL_USERS)
qa_fatal_error('User login is handled by external code');
// Check if we've been asked to send a new link or have a successful email confirmation
$incode=trim(qa_get('c')); // trim to prevent passing in blank values to match uninitiated DB rows
$inhandle=qa_get('u');
$loginuserid=qa_get_logged_in_userid();
$useremailed=false;
$userconfirmed=false;
$incode = trim(qa_get('c')); // trim to prevent passing in blank values to match uninitiated DB rows
$inhandle = qa_get('u');
$loginuserid = qa_get_logged_in_userid();
$useremailed = false;
$userconfirmed = false;
if (isset($loginuserid) && qa_clicked('dosendconfirm')) { // button clicked to send a link
require_once QA_INCLUDE_DIR.'app/users-edit.php';
if (isset($loginuserid) && qa_clicked('dosendconfirm')) { // button clicked to send a link
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
if (!qa_check_form_security_code('confirm', qa_post_text('code')))
$pageerror=qa_lang_html('misc/form_security_again');
$pageerror = qa_lang_html('misc/form_security_again');
else {
qa_send_new_confirm($loginuserid);
$useremailed=true;
$useremailed = true;
}
} elseif (strlen($incode)) { // non-empty code detected from the URL
require_once QA_INCLUDE_DIR.'db/selects.php';
require_once QA_INCLUDE_DIR.'app/users-edit.php';
} elseif (strlen($incode)) { // non-empty code detected from the URL
require_once QA_INCLUDE_DIR . 'db/selects.php';
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
if (!empty($inhandle)) { // match based on code and handle provided on URL
$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inhandle, false));
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inhandle, false));
if (strtolower(trim(@$userinfo['emailcode']))==strtolower($incode)) {
if (strtolower(trim(@$userinfo['emailcode'])) == strtolower($incode)) {
qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']);
$userconfirmed=true;
$userconfirmed = true;
}
}
if ((!$userconfirmed) && isset($loginuserid)) { // as a backup, also match code on URL against logged in user
$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($loginuserid, true));
$flags=$userinfo['flags'];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($loginuserid, true));
$flags = $userinfo['flags'];
if ( ($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) && !($flags & QA_USER_FLAGS_MUST_CONFIRM) )
$userconfirmed=true; // if they confirmed before, just show message as if it happened now
if (($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) && !($flags & QA_USER_FLAGS_MUST_CONFIRM))
$userconfirmed = true; // if they confirmed before, just show message as if it happened now
elseif (strtolower(trim($userinfo['emailcode']))==strtolower($incode)) {
elseif (strtolower(trim($userinfo['emailcode'])) == strtolower($incode)) {
qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']);
$userconfirmed=true;
}
$userconfirmed = true;
}
}
}
// Prepare content for theme
$qa_content=qa_content_prepare();
$qa_content = qa_content_prepare();
$qa_content['title']=qa_lang_html('users/confirm_title');
$qa_content['error']=@$pageerror;
$qa_content['title'] = qa_lang_html('users/confirm_title');
$qa_content['error'] = @$pageerror;
if ($useremailed)
$qa_content['error']=qa_lang_html('users/confirm_emailed'); // not an error, but display it prominently anyway
if ($useremailed) {
$qa_content['error'] = qa_lang_html('users/confirm_emailed'); // not an error, but display it prominently anyway
elseif ($userconfirmed) {
$qa_content['error']=qa_lang_html('users/confirm_complete');
} elseif ($userconfirmed) {
$qa_content['error'] = qa_lang_html('users/confirm_complete');
if (!isset($loginuserid))
$qa_content['suggest_next']=strtr(
if (!isset($loginuserid)) {
$qa_content['suggest_next'] = strtr(
qa_lang_html('users/log_in_to_access'),
array(
'^1' => '<a href="'.qa_path_html('login', array('e' => $inhandle)).'">',
'^1' => '<a href="' . qa_path_html('login', array('e' => $inhandle)) . '">',
'^2' => '</a>',
)
);
}
} elseif (isset($loginuserid)) { // if logged in, allow sending a fresh link
require_once QA_INCLUDE_DIR.'util/string.php';
} elseif (isset($loginuserid)) { // if logged in, allow sending a fresh link
require_once QA_INCLUDE_DIR . 'util/string.php';
if (strlen($incode))
$qa_content['error']=qa_lang_html('users/confirm_wrong_resend');
$qa_content['error'] = qa_lang_html('users/confirm_wrong_resend');
$email=qa_get_logged_in_email();
$email = qa_get_logged_in_email();
$qa_content['form']=array(
'tags' => 'method="post" action="'.qa_path_html('confirm').'"',
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_path_html('confirm') . '"',
'style' => 'tall',
'fields' => array(
'email' => array(
'label' => qa_lang_html('users/email_label'),
'value' => qa_html($email).strtr(qa_lang_html('users/change_email_link'), array(
'^1' => '<a href="'.qa_path_html('account').'">',
'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
'^1' => '<a href="' . qa_path_html('account') . '">',
'^2' => '</a>',
)),
'type' => 'static',
......@@ -139,17 +139,12 @@
);
if (!qa_email_validate($email)) {
$qa_content['error']=qa_lang_html('users/email_invalid');
$qa_content['error'] = qa_lang_html('users/email_invalid');
unset($qa_content['form']['buttons']['send']);
}
} else
$qa_content['error']=qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm');
} else
$qa_content['error'] = qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm');
return $qa_content;
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
return $qa_content;
qa-include/pages/login.php
......@@ -20,60 +20,61 @@
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
}
// Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS)
if (QA_FINAL_EXTERNAL_USERS)
qa_fatal_error('User login is handled by external code');
if (qa_is_logged_in())
if (qa_is_logged_in())
qa_redirect('');
// Process submitted form after checking we haven't reached rate limit
$passwordsent=qa_get('ps');
$emailexists=qa_get('ee');
$passwordsent = qa_get('ps');
$emailexists = qa_get('ee');
$inemailhandle=qa_post_text('emailhandle');
$inpassword=qa_post_text('password');
$inremember=qa_post_text('remember');
$inemailhandle = qa_post_text('emailhandle');
$inpassword = qa_post_text('password');
$inremember = qa_post_text('remember');
if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword)) ) {
require_once QA_INCLUDE_DIR.'app/limits.php';
if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) {
require_once QA_INCLUDE_DIR . 'app/limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR.'db/users.php';
require_once QA_INCLUDE_DIR.'db/selects.php';
if (!qa_check_form_security_code('login', qa_post_text('code')))
$pageerror=qa_lang_html('misc/form_security_again');
require_once QA_INCLUDE_DIR . 'db/users.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
if (!qa_check_form_security_code('login', qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
}
else {
qa_limits_increment(null, QA_LIMIT_LOGINS);
$errors=array();
$errors = array();
if (qa_opt('allow_login_email_only') || (strpos($inemailhandle, '@')!==false)) // handles can't contain @ symbols
$matchusers=qa_db_user_find_by_email($inemailhandle);
else
$matchusers=qa_db_user_find_by_handle($inemailhandle);
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers)==1) { // if matches more than one (should be impossible), don't log in
$inuserid=$matchusers[0];
$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
$legacyPassOk = hash_equals(strtolower($userinfo['passcheck']), strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])));
if (QA_PASSWORD_HASH) {
$haspassword = isset($userinfo['passhash']);
$haspasswordold = isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
$passOk = password_verify($inpassword,$userinfo['passhash']);
$passOk = password_verify($inpassword, $userinfo['passhash']);
if (($haspasswordold && $legacyPassOk) || ($haspassword && $passOk)) {
// upgrade password or rehash, when options like the cost parameter changed
......@@ -81,57 +82,60 @@
qa_db_user_set_password($inuserid, $inpassword);
}
} else {
$errors['password']=qa_lang('users/password_wrong');
$errors['password'] = qa_lang('users/password_wrong');
}
} else {
if (!$legacyPassOk) {
$errors['password']=qa_lang('users/password_wrong');
$errors['password'] = qa_lang('users/password_wrong');
}
}
if (!isset($errors['password'])) {
// login and redirect
require_once QA_INCLUDE_DIR.'app/users.php';
require_once QA_INCLUDE_DIR . 'app/users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
$topath=qa_get('to');
$topath = qa_get('to');
if (isset($topath))
qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
qa_redirect_raw(qa_path_to_root() . $topath); // path already provided as URL fragment
elseif ($passwordsent)
qa_redirect('account');
else
qa_redirect('');
}
} else
$errors['emailhandle']=qa_lang('users/user_not_found');
} else {
$errors['emailhandle'] = qa_lang('users/user_not_found');
}
}
} else
$pageerror=qa_lang('users/login_limit');
} else {
$pageerror = qa_lang('users/login_limit');
}
} else
$inemailhandle=qa_get('e');
} else {
$inemailhandle = qa_get('e');
}
// Prepare content for theme
$qa_content=qa_content_prepare();
$qa_content = qa_content_prepare();
$qa_content['title']=qa_lang_html('users/login_title');
$qa_content['title'] = qa_lang_html('users/login_title');
$qa_content['error']=@$pageerror;
$qa_content['error'] = @$pageerror;
if (empty($inemailhandle) || isset($errors['emailhandle']))
$forgotpath=qa_path('forgot');
else
$forgotpath=qa_path('forgot', array('e' => $inemailhandle));
if (empty($inemailhandle) || isset($errors['emailhandle']))
$forgotpath = qa_path('forgot');
else
$forgotpath = qa_path('forgot', array('e' => $inemailhandle));
$forgothtml='<a href="'.qa_html($forgotpath).'">'.qa_lang_html('users/forgot_link').'</a>';
$forgothtml = '<a href="' . qa_html($forgotpath) . '">' . qa_lang_html('users/forgot_link') . '</a>';
$qa_content['form']=array(
'tags' => 'method="post" action="'.qa_self_html().'"',
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_self_html() . '"',
'style' => 'tall',
......@@ -150,7 +154,7 @@
'label' => qa_lang_html('users/password_label'),
'tags' => 'name="password" id="password" dir="auto"',
'value' => qa_html(@$inpassword),
'error' => empty($errors['password']) ? '' : (qa_html(@$errors['password']).' - '.$forgothtml),
'error' => empty($errors['password']) ? '' : (qa_html(@$errors['password']) . ' - ' . $forgothtml),
'note' => $passwordsent ? qa_lang_html('users/password_sent') : $forgothtml,
),
......@@ -172,25 +176,20 @@
'dologin' => '1',
'code' => qa_get_form_security_code('login'),
),
);
);
$loginmodules=qa_load_modules_with('login', 'login_html');
$loginmodules = qa_load_modules_with('login', 'login_html');
foreach ($loginmodules as $module) {
foreach ($loginmodules as $module) {
ob_start();
$module->login_html(qa_opt('site_url').qa_get('to'), 'login');
$html=ob_get_clean();
$module->login_html(qa_opt('site_url') . qa_get('to'), 'login');
$html = ob_get_clean();
if (strlen($html))
@$qa_content['custom'].='<br>'.$html.'<br>';
}
@$qa_content['custom'] .= '<br>' . $html . '<br>';
}
$qa_content['focusid']=(isset($inemailhandle) && !isset($errors['emailhandle'])) ? 'password' : 'emailhandle';
$qa_content['focusid'] = (isset($inemailhandle) && !isset($errors['emailhandle'])) ? 'password' : 'emailhandle';
return $qa_content;
/*
Omit PHP closing tag to help avoid accidental output
*/
return $qa_content;
qa-include/pages/logout.php
......@@ -20,21 +20,16 @@
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
}
if (QA_FINAL_EXTERNAL_USERS)
if (QA_FINAL_EXTERNAL_USERS)
qa_fatal_error('User logout is handled by external code');
if (qa_is_logged_in())
if (qa_is_logged_in())
qa_set_logged_in_user(null);
qa_redirect(''); // back to home page
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
qa_redirect(''); // back to home page
qa-include/pages/register.php
......@@ -20,74 +20,73 @@
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
}
require_once QA_INCLUDE_DIR.'app/captcha.php';
require_once QA_INCLUDE_DIR.'db/users.php';
require_once QA_INCLUDE_DIR . 'app/captcha.php';
require_once QA_INCLUDE_DIR . 'db/users.php';
// Check we're not using single-sign on integration, that we're not logged in, and we're not blocked
if (QA_FINAL_EXTERNAL_USERS)
if (QA_FINAL_EXTERNAL_USERS)
qa_fatal_error('User registration is handled by external code');
if (qa_is_logged_in())
if (qa_is_logged_in())
qa_redirect('');
// Get information about possible additional fields
$show_terms = qa_opt('show_register_terms');
$show_terms = qa_opt('show_register_terms');
$userfields = qa_db_select_with_pending(
$userfields = qa_db_select_with_pending(
qa_db_userfields_selectspec()
);
);
foreach ($userfields as $index => $userfield) {
foreach ($userfields as $index => $userfield) {
if (!($userfield['flags'] & QA_FIELD_FLAGS_ON_REGISTER))
unset($userfields[$index]);
}
}
// Check we haven't suspended registration, and this IP isn't blocked
if (qa_opt('suspend_register_users')) {
if (qa_opt('suspend_register_users')) {
$qa_content = qa_content_prepare();
$qa_content['error'] = qa_lang_html('users/register_suspended');
return $qa_content;
}
}
if (qa_user_permit_error()) {
if (qa_user_permit_error()) {
$qa_content = qa_content_prepare();
$qa_content['error'] = qa_lang_html('users/no_permission');
return $qa_content;
}
}
// Process submitted form
if (qa_clicked('doregister')) {
require_once QA_INCLUDE_DIR.'app/limits.php';
if (qa_clicked('doregister')) {
require_once QA_INCLUDE_DIR . 'app/limits.php';
if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) {
require_once QA_INCLUDE_DIR.'app/users-edit.php';
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$interms = (int) qa_post_text('terms');
$interms = (int)qa_post_text('terms');
$inprofile = array();
foreach ($userfields as $userfield)
$inprofile[$userfield['fieldid']] = qa_post_text('field_'.$userfield['fieldid']);
$inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']);
if (!qa_check_form_security_code('register', qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
}
else {
} else {
// core validation
$errors = array_merge(
qa_handle_email_filter($inhandle, $inemail),
......@@ -122,28 +121,27 @@
$topath = qa_get('to');
if (isset($topath))
qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
qa_redirect_raw(qa_path_to_root() . $topath); // path already provided as URL fragment
else
qa_redirect('');
}
}
}
else
} else
$pageerror = qa_lang('users/register_limit');
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('users/register_title');
$qa_content['title'] = qa_lang_html('users/register_title');
$qa_content['error'] = @$pageerror;
$qa_content['error'] = @$pageerror;
$qa_content['form'] = array(
'tags' => 'method="post" action="'.qa_self_html().'"',
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_self_html() . '"',
'style' => 'tall',
......@@ -183,18 +181,18 @@
'doregister' => '1',
'code' => qa_get_form_security_code('register'),
),
);
);
// prepend custom message
$custom = qa_opt('show_custom_register') ? trim(qa_opt('custom_register')) : '';
if (strlen($custom)) {
// prepend custom message
$custom = qa_opt('show_custom_register') ? trim(qa_opt('custom_register')) : '';
if (strlen($custom)) {
array_unshift($qa_content['form']['fields'], array(
'type' => 'custom',
'note' => $custom,
));
}
}
foreach ($userfields as $userfield) {
foreach ($userfields as $userfield) {
$value = @$inprofile[$userfield['fieldid']];
$label = trim(qa_user_userfield_label($userfield), ':');
......@@ -203,18 +201,18 @@
$qa_content['form']['fields'][$userfield['title']] = array(
'label' => qa_html($label),
'tags' => 'name="field_'.$userfield['fieldid'].'"',
'tags' => 'name="field_' . $userfield['fieldid'] . '"',
'value' => qa_html($value),
'error' => qa_html(@$errors[$userfield['fieldid']]),
'rows' => ($userfield['flags'] & QA_FIELD_FLAGS_MULTI_LINE) ? 8 : null,
);
}
}
if (qa_opt('captcha_on_register'))
if (qa_opt('captcha_on_register'))
qa_set_up_captcha_field($qa_content, $qa_content['form']['fields'], @$errors);
// show T&Cs checkbox
if ($show_terms) {
// show T&Cs checkbox
if ($show_terms) {
$qa_content['form']['fields']['terms'] = array(
'type' => 'checkbox',
'label' => trim(qa_opt('register_terms')),
......@@ -222,28 +220,23 @@
'value' => qa_html(@$interms),
'error' => qa_html(@$errors['terms']),
);
}
}
$loginmodules = qa_load_modules_with('login', 'login_html');
$loginmodules = qa_load_modules_with('login', 'login_html');
foreach ($loginmodules as $module) {
foreach ($loginmodules as $module) {
ob_start();
$module->login_html(qa_opt('site_url').qa_get('to'), 'register');
$module->login_html(qa_opt('site_url') . qa_get('to'), 'register');
$html = ob_get_clean();
if (strlen($html))
@$qa_content['custom'] .= '<br>'.$html.'<br>';
}
@$qa_content['custom'] .= '<br>' . $html . '<br>';
}
// prioritize 'handle' for keyboard focus
$qa_content['focusid'] = isset($errors['handle']) ? 'handle'
// prioritize 'handle' for keyboard focus
$qa_content['focusid'] = isset($errors['handle']) ? 'handle'
: (isset($errors['password']) ? 'password'
: (isset($errors['email']) ? 'email' : 'handle'));
return $qa_content;
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
return $qa_content;
qa-include/pages/reset.php
......@@ -20,79 +20,80 @@
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
}
// Check we're not using single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS)
if (QA_FINAL_EXTERNAL_USERS)
qa_fatal_error('User login is handled by external code');
if (qa_is_logged_in())
if (qa_is_logged_in())
qa_redirect('');
// Process incoming form
if (qa_clicked('doreset')) {
require_once QA_INCLUDE_DIR.'app/users-edit.php';
require_once QA_INCLUDE_DIR.'db/users.php';
if (qa_clicked('doreset')) {
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
require_once QA_INCLUDE_DIR . 'db/users.php';
$inemailhandle=qa_post_text('emailhandle');
$incode=trim(qa_post_text('code')); // trim to prevent passing in blank values to match uninitiated DB rows
$inemailhandle = qa_post_text('emailhandle');
$incode = trim(qa_post_text('code')); // trim to prevent passing in blank values to match uninitiated DB rows
$errors=array();
$errors = array();
if (!qa_check_form_security_code('reset', qa_post_text('formcode')))
$errors['page']=qa_lang_html('misc/form_security_again');
$errors['page'] = qa_lang_html('misc/form_security_again');
else {
if (qa_opt('allow_login_email_only') || (strpos($inemailhandle, '@')!==false)) // handles can't contain @ symbols
$matchusers=qa_db_user_find_by_email($inemailhandle);
if (qa_opt('allow_login_email_only') || (strpos($inemailhandle, '@') !== false)) // handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
else
$matchusers=qa_db_user_find_by_handle($inemailhandle);
$matchusers = qa_db_user_find_by_handle($inemailhandle);
if (count($matchusers)==1) { // if match more than one (should be impossible), consider it a non-match
require_once QA_INCLUDE_DIR.'db/selects.php';
if (count($matchusers) == 1) { // if match more than one (should be impossible), consider it a non-match
require_once QA_INCLUDE_DIR . 'db/selects.php';
$inuserid=$matchusers[0];
$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
if (strlen($incode) && (strtolower(trim($userinfo['emailcode'])) == strtolower($incode))) {
if (strlen($incode) && strtolower(trim($userinfo['emailcode'])) == strtolower($incode)) {
qa_complete_reset_user($inuserid);
qa_redirect('login', array('e' => $inemailhandle, 'ps' => '1')); // redirect to login page
} else
$errors['code']=qa_lang('users/reset_code_wrong');
} else
$errors['emailhandle']=qa_lang('users/user_not_found');
} else {
$errors['code'] = qa_lang('users/reset_code_wrong');
}
} else {
$inemailhandle=qa_get('e');
$incode=qa_get('c');
$errors['emailhandle'] = qa_lang('users/user_not_found');
}
}
} else {
$inemailhandle = qa_get('e');
$incode = qa_get('c');
}
// Prepare content for theme
$qa_content=qa_content_prepare();
$qa_content = qa_content_prepare();
$qa_content['title']=qa_lang_html('users/reset_title');
$qa_content['error']=@$errors['page'];
$qa_content['title'] = qa_lang_html('users/reset_title');
$qa_content['error'] = @$errors['page'];
if (empty($inemailhandle) || isset($errors['emailhandle']))
$forgotpath=qa_path('forgot');
else
$forgotpath=qa_path('forgot', array('e' => $inemailhandle));
if (empty($inemailhandle) || isset($errors['emailhandle']))
$forgotpath = qa_path('forgot');
else
$forgotpath = qa_path('forgot', array('e' => $inemailhandle));
$qa_content['form']=array(
'tags' => 'method="post" action="'.qa_self_html().'"',
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_self_html() . '"',
'style' => 'tall',
......@@ -111,8 +112,8 @@
'tags' => 'name="code" id="code"',
'value' => qa_html(@$incode),
'error' => qa_html(@$errors['code']),
'note' => qa_lang_html('users/reset_code_emailed').' - '.
'<a href="'.qa_html($forgotpath).'">'.qa_lang_html('users/reset_code_another').'</a>',
'note' => qa_lang_html('users/reset_code_emailed') . ' - ' .
'<a href="' . qa_html($forgotpath) . '">' . qa_lang_html('users/reset_code_another') . '</a>',
),
),
......@@ -126,14 +127,9 @@
'doreset' => '1',
'formcode' => qa_get_form_security_code('reset'),
),
);
$qa_content['focusid']=(isset($errors['emailhandle']) || !strlen(@$inemailhandle)) ? 'emailhandle' : 'code';
);
return $qa_content;
$qa_content['focusid'] = (isset($errors['emailhandle']) || !strlen(@$inemailhandle)) ? 'emailhandle' : 'code';
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
return $qa_content;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment