} else { $success = "create"; } } else { $success = "create"; } /* HACK: Workaround lame template engine */ $_domain = $tpl->get_var("DOMAIN"); unset($tpl->varkeys["DOMAIN"]); unset($tpl->varvals["DOMAIN"]); $tpl->set_var("DOMAIN", $_domain); $user->setcookie(); break; case "ChangeEmail": $old_email = $user->email; $user->email($pending['data']); if (!$user->update()) { $error = "dup_email"; $tpl->set_var("EMAIL", $pending['data']); } else { $tpl->set_var("OLD_EMAIL", $old_email); $tpl->set_var("EMAIL", $user->email); $success = "email"; } break; case "ForgotPassword": /* * Some users for some reason try to get a new password even if the * message specifically says the account needs to be validated. * Silently fix them up since this does validate that their email * address works.
$name = preg_replace("/</", "<", $name); $name = preg_replace("/>/", ">", $name); if (empty($name)) { $error .= "Name is required\n"; } else { /* FIXME: More error codes (empty shortname, etc) */ if (!$user->name($name)) { $error .= "Name '{$name}' is invalid\n"; } } /* We do some sanitizing of the email address first */ $email = trim($email); if (empty($email)) { $error .= "Email address is required\n"; } else { if (!$user->email($email)) { $error .= "Email address '{$email}' is invalid\n"; } } if (isset($_POST['password1'])) { $password1 = $_POST['password2']; } else { $password1 = ""; } if (isset($_POST['password2'])) { $password2 = $_POST['password2']; } else { $password2 = ""; } if (empty($password1) || empty($password2)) { $error .= "Please fill in both passwords\n";