<?php require_once "../Plans.php"; $subject_name = $_POST['username']; require "auth.php"; ?> <html> <body> <?php require "dbfunctions.php"; $dbh = db_connect(); if ($subject_name) { if (isvaliduser($dbh, $subject_name)) { $info = get_items($dbh, "userid,email", "accounts", "username", $subject_name); $subject_id = $info[0][0]; $email = $info[0][1]; if (!$password) { srand(time()); $password = rand(0, 999999); } User::changePassword($subject_name, $password); echo "<form action=\"email.php\" method=\"POST\">"; echo "<input type=\"hidden\" name=\"email\" value=\"" . $email . "\">"; echo "<input type=\"hidden\" name=\"username\" value=\"" . $subject_name . "\">"; echo "<input type=\"hidden\" name=\"password\" value=\"" . $password . "\">"; echo "<input type=\"hidden\" name=\"whatoperation\" \nvalue=\"changepassword\">"; echo "<input type=\"submit\" value=\"Send Email\"></form>"; } else { echo $subject_name . "does not exist."; }
<?php require_once "../Plans.php"; $deleted_name = $_POST['username']; require "auth.php"; ?> <html> <body> <?php require "dbfunctions.php"; $dbh = db_connect(); if ($deleted_name) { if (isvaliduser($dbh, $deleted_name)) { $deleted_id = get_item($dbh, "userid", "accounts", "username", $deleted_name); delete_item($dbh, "accounts", "userid", $deleted_id); delete_item($dbh, "autofinger", "owner", $deleted_id); delete_item($dbh, "autofinger", "interest", $deleted_id); delete_item($dbh, "display", "userid", $deleted_id); delete_item($dbh, "blocks", "blocking_user_id", $deleted_id); delete_item($dbh, "blocks", "blocked_user_id", $deleted_id); delete_item($dbh, "opt_links", "userid", $deleted_id); delete_item($dbh, "plans", "user_id", $deleted_id); echo "Account deleted"; } else { echo $deleted_name . " does not exist."; } } //if no username ?> <form action="deleteuser.php" method="POST">
require_once 'Plans.php'; new SessionBroker(); require 'functions-main.php'; require "syntax-classes.php"; $idcookie = User::id(); $dbh = db_connect(); $page = new PlansPage('Plan', 'readplan', PLANSVNAME, 'read.php'); $searchnum = isset($_GET['searchnum']) ? $_GET['searchnum'] : false; $searchname = isset($_GET['searchname']) ? $_GET['searchname'] : false; if (User::logged_in()) { populate_page($page, $dbh, $idcookie); } else { populate_guest_page($page); } if (!$searchnum) { if (isvaliduser($dbh, $searchname)) { $searchnum = get_item($mydbh, "userid", "accounts", "username", $searchname); } else { if ($searchname) { $searchname = htmlentities($searchname); if ($idcookie) { //if a searchname has been given, but there is no user with that exact name, search the usernames to see which if any users have that string in their username $partial_list = partial_search($dbh, "userid,username", "accounts", "username", $searchname, "username"); $part_count = count($partial_list); if ($part_count == 0) { $nouser = new AlertText("User <b>{$searchname}</b> does not exist and there are no names with the term in them.", 'No such user'); $page->append($nouser); } else { $nouser = new AlertText("User <b>{$searchname}</b> does not exist.<br>However there are <b>{$part_count}</b> names with {$searchname} in them.<br>These names are:", 'No such user'); $page->append($nouser); $namelist = new WidgetList('partial_name_matches', true);
/** * Return a users's plan, either complete, partial, or only the remaining text */ function doReadTask() { global $log; $response = array("message" => "", "success" => false); $searchname = $_POST['username']; $read_link = $_POST['readlinkreplacement']; $limit_size = $_POST['limitsize']; $partial = $_POST['partial']; /* * These two are used to define how much of a plan to return if the client * requested a limited plan. The wiggle length is how much over the max length * a plan can be before it gets returned. This way, if the user is prompted to * download more or shown how much data is remaining it will be signifigant, * instead of say, 2kb. */ $MAX_PLAN_LEN = 10240; $WIGGLE_PLAN_LEN = 2048; if (!User::logged_in()) { $response['message'] = 'login required'; } else { $idcookie = User::id(); $mydbh = db_connect(); $dbh = $mydbh; $searchnum = get_item($mydbh, "userid", "accounts", "username", $searchname); if (!isvaliduser($dbh, $searchname)) { $response['message'] = 'invalid user name'; } else { if (Block::isBlocking($searchnum, $idcookie)) { $response['message'] = 'blocked'; } else { $my_result = mysql_query("Select priority From autofinger where\n \t\t\towner = '{$idcookie}' and interest = '{$searchnum}'"); $onlist = mysql_fetch_array($my_result); if ($onlist) { update_read($dbh, $idcookie, $searchnum); //mark as having been read } $response_info = array(); $q = Doctrine_Query::create()->from('Accounts a')->leftJoin('a.Plan p')->where('a.userid = ?', $searchnum); $user = $q->fetchOne(); $response_info['username'] = $user->username; if ($user->login == '0000-00-00 00:00:00') { $response_info['last_login'] = ""; } else { $response_info['last_login'] = date('n/j/y, g:i A', strtotime($user->login)); } if ($user->changed == '0000-00-00 00:00:00') { $response_info['last_updated'] = ""; } else { $response_info['last_updated'] = date('n/j/y, g:i A', strtotime($user->changed)); } $response_info['pseudo'] = $user->pseudo == null ? "" : $user->pseudo; if ($read_link) { //NOTE: If the planlove link ever changes, you may want to look at this pattern.... $search = '/read\\.php\\?searchname=([\\w]*)[^"|\']*/i'; //We expect the read_link to have {username} in it somewhere, which we'll swap in for the username $replace = str_replace('{username}', '\\1', $read_link); $user->Plan->plan = preg_replace($search, $replace, $user->Plan->plan); } if ($limit_size) { //they requested a partial plan $width = strlen($user->Plan->plan); //we're preparing for multi byte characters if ($width > $MAX_PLAN_LEN) { $width_remaining = $width - $MAX_PLAN_LEN; if ($width_remaining > $WIGGLE_PLAN_LEN) { $response_info['partial'] = true; $response_info['plan'] = mb_strimwidth($user->Plan->plan, 0, $MAX_PLAN_LEN); $response_info['remaining'] = $width_remaining; } else { $response_info['plan'] = $user->Plan->plan; } } else { $response_info['partial'] = false; $response_info['plan'] = $user->Plan->plan; } $log->addToLog("PLAN WIDTH: " . strlen($user->Plan->plan)); } else { if ($partial) { //they requested only the last part of the plan $response_info['remainingplan'] = mb_substr($user->Plan->plan, $MAX_PLAN_LEN); } else { $response_info['partial'] = false; $response_info['plan'] = $user->Plan->plan; } } $response['plandata'] = $response_info; $response['success'] = true; } } } return $response; }
function blogger_deletePost($m) { $appkey = $m->getParam(0); // discarded $postid = $m->getParam(1); $username = $m->getParam(2); $password = $m->getParam(3); unset($appkey); // this is just to drive the point home that we aren't using appkey. // i suppose we could log the appkeys just for the heck of it. $postid = $postid->scalarval(); $username = $username->scalarval(); $password = $password->scalarval(); if (isvaliduser($username, $password)) { parse_str(readuser($username), $userinfo); } $plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$username}/plan"; if (file_exists("{$plan_dir}/plan.{$postid}.txt")) { unlink("{$plan_dir}/plan.{$postid}.txt"); } if (file_exists("{$plan_dir}/plan.{$postid}.txt.p")) { unlink("{$plan_dir}/plan.{$postid}.txt.p"); } // if we generated an error, create an error return response if ($err) { return new xmlrpcresp(0, $xmlrpcerruser, $err); } else { // otherwise, we create the right response return new xmlrpcresp(TRUE, 'boolean'); } }
<?php require_once "../Plans.php"; $added_name = $_POST['username']; require "auth.php"; require "../functions-kommand.php"; ?> <html> <body> <?php require "dbfunctions.php"; $dbh = db_connect(); if ($added_name) { if (isvaliduser($dbh, $added_name)) { echo "User already exists."; } else { $type = $_POST['type']; $password = $_POST['password']; $email = $_POST['email']; $perms = $_POST['perms']; $gradyear = $_POST['gradyear']; if ($type == "other") { $type = $_POST['other']; } $results = insert_user($added_name, $password, $gradyear, $email, $type, $perms); $password = $results[0]; $email = $results[1]; echo "Account created for " . $added_name . " with password " . $password . ", email " . $email . ", and graduation year " . $gradyear . ".<br>"; ?> <form action="email.php" method="POST"> <input type="hidden" name="username" value="<?php