<?php
require_once "../Plans.php";
$subject_name = $_POST['username'];
require "auth.php";
?>
<html>
<body>
<?php
require "dbfunctions.php";
$dbh = db_connect();
if ($subject_name) {
if (isvaliduser($dbh, $subject_name)) {
$info = get_items($dbh, "userid,email", "accounts", "username", $subject_name);
$subject_id = $info[0][0];
$email = $info[0][1];
if (!$password) {
srand(time());
$password = rand(0, 999999);
}
User::changePassword($subject_name, $password);
echo "<form action=\"email.php\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"email\" value=\"" . $email . "\">";
echo "<input type=\"hidden\" name=\"username\" value=\"" . $subject_name . "\">";
echo "<input type=\"hidden\" name=\"password\" value=\"" . $password . "\">";
echo "<input type=\"hidden\" name=\"whatoperation\" \nvalue=\"changepassword\">";
echo "<input type=\"submit\" value=\"Send Email\"></form>";
} else {
echo $subject_name . "does not exist.";
}
<?php
require_once "../Plans.php";
$deleted_name = $_POST['username'];
require "auth.php";
?>
<html>
<body>
<?php
require "dbfunctions.php";
$dbh = db_connect();
if ($deleted_name) {
if (isvaliduser($dbh, $deleted_name)) {
$deleted_id = get_item($dbh, "userid", "accounts", "username", $deleted_name);
delete_item($dbh, "accounts", "userid", $deleted_id);
delete_item($dbh, "autofinger", "owner", $deleted_id);
delete_item($dbh, "autofinger", "interest", $deleted_id);
delete_item($dbh, "display", "userid", $deleted_id);
delete_item($dbh, "blocks", "blocking_user_id", $deleted_id);
delete_item($dbh, "blocks", "blocked_user_id", $deleted_id);
delete_item($dbh, "opt_links", "userid", $deleted_id);
delete_item($dbh, "plans", "user_id", $deleted_id);
echo "Account deleted";
} else {
echo $deleted_name . " does not exist.";
}
}
//if no username
?>
<form action="deleteuser.php" method="POST">
require_once 'Plans.php';
new SessionBroker();
require 'functions-main.php';
require "syntax-classes.php";
$idcookie = User::id();
$dbh = db_connect();
$page = new PlansPage('Plan', 'readplan', PLANSVNAME, 'read.php');
$searchnum = isset($_GET['searchnum']) ? $_GET['searchnum'] : false;
$searchname = isset($_GET['searchname']) ? $_GET['searchname'] : false;
if (User::logged_in()) {
populate_page($page, $dbh, $idcookie);
} else {
populate_guest_page($page);
}
if (!$searchnum) {
if (isvaliduser($dbh, $searchname)) {
$searchnum = get_item($mydbh, "userid", "accounts", "username", $searchname);
} else {
if ($searchname) {
$searchname = htmlentities($searchname);
if ($idcookie) {
//if a searchname has been given, but there is no user with that exact name, search the usernames to see which if any users have that string in their username
$partial_list = partial_search($dbh, "userid,username", "accounts", "username", $searchname, "username");
$part_count = count($partial_list);
if ($part_count == 0) {
$nouser = new AlertText("User <b>{$searchname}</b> does not exist and there are no names with the term in them.", 'No such user');
$page->append($nouser);
} else {
$nouser = new AlertText("User <b>{$searchname}</b> does not exist.<br>However there are <b>{$part_count}</b> names with {$searchname} in them.<br>These names are:", 'No such user');
$page->append($nouser);
$namelist = new WidgetList('partial_name_matches', true);
/**
* Return a users's plan, either complete, partial, or only the remaining text
*/
function doReadTask()
{
global $log;
$response = array("message" => "", "success" => false);
$searchname = $_POST['username'];
$read_link = $_POST['readlinkreplacement'];
$limit_size = $_POST['limitsize'];
$partial = $_POST['partial'];
/*
* These two are used to define how much of a plan to return if the client
* requested a limited plan. The wiggle length is how much over the max length
* a plan can be before it gets returned. This way, if the user is prompted to
* download more or shown how much data is remaining it will be signifigant,
* instead of say, 2kb.
*/
$MAX_PLAN_LEN = 10240;
$WIGGLE_PLAN_LEN = 2048;
if (!User::logged_in()) {
$response['message'] = 'login required';
} else {
$idcookie = User::id();
$mydbh = db_connect();
$dbh = $mydbh;
$searchnum = get_item($mydbh, "userid", "accounts", "username", $searchname);
if (!isvaliduser($dbh, $searchname)) {
$response['message'] = 'invalid user name';
} else {
if (Block::isBlocking($searchnum, $idcookie)) {
$response['message'] = 'blocked';
} else {
$my_result = mysql_query("Select priority From autofinger where\n \t\t\towner = '{$idcookie}' and interest = '{$searchnum}'");
$onlist = mysql_fetch_array($my_result);
if ($onlist) {
update_read($dbh, $idcookie, $searchnum);
//mark as having been read
}
$response_info = array();
$q = Doctrine_Query::create()->from('Accounts a')->leftJoin('a.Plan p')->where('a.userid = ?', $searchnum);
$user = $q->fetchOne();
$response_info['username'] = $user->username;
if ($user->login == '0000-00-00 00:00:00') {
$response_info['last_login'] = "";
} else {
$response_info['last_login'] = date('n/j/y, g:i A', strtotime($user->login));
}
if ($user->changed == '0000-00-00 00:00:00') {
$response_info['last_updated'] = "";
} else {
$response_info['last_updated'] = date('n/j/y, g:i A', strtotime($user->changed));
}
$response_info['pseudo'] = $user->pseudo == null ? "" : $user->pseudo;
if ($read_link) {
//NOTE: If the planlove link ever changes, you may want to look at this pattern....
$search = '/read\\.php\\?searchname=([\\w]*)[^"|\']*/i';
//We expect the read_link to have {username} in it somewhere, which we'll swap in for the username
$replace = str_replace('{username}', '\\1', $read_link);
$user->Plan->plan = preg_replace($search, $replace, $user->Plan->plan);
}
if ($limit_size) {
//they requested a partial plan
$width = strlen($user->Plan->plan);
//we're preparing for multi byte characters
if ($width > $MAX_PLAN_LEN) {
$width_remaining = $width - $MAX_PLAN_LEN;
if ($width_remaining > $WIGGLE_PLAN_LEN) {
$response_info['partial'] = true;
$response_info['plan'] = mb_strimwidth($user->Plan->plan, 0, $MAX_PLAN_LEN);
$response_info['remaining'] = $width_remaining;
} else {
$response_info['plan'] = $user->Plan->plan;
}
} else {
$response_info['partial'] = false;
$response_info['plan'] = $user->Plan->plan;
}
$log->addToLog("PLAN WIDTH: " . strlen($user->Plan->plan));
} else {
if ($partial) {
//they requested only the last part of the plan
$response_info['remainingplan'] = mb_substr($user->Plan->plan, $MAX_PLAN_LEN);
} else {
$response_info['partial'] = false;
$response_info['plan'] = $user->Plan->plan;
}
}
$response['plandata'] = $response_info;
$response['success'] = true;
}
}
}
return $response;
}
function blogger_deletePost($m)
{
$appkey = $m->getParam(0);
// discarded
$postid = $m->getParam(1);
$username = $m->getParam(2);
$password = $m->getParam(3);
unset($appkey);
// this is just to drive the point home that we aren't using appkey.
// i suppose we could log the appkeys just for the heck of it.
$postid = $postid->scalarval();
$username = $username->scalarval();
$password = $password->scalarval();
if (isvaliduser($username, $password)) {
parse_str(readuser($username), $userinfo);
}
$plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$username}/plan";
if (file_exists("{$plan_dir}/plan.{$postid}.txt")) {
unlink("{$plan_dir}/plan.{$postid}.txt");
}
if (file_exists("{$plan_dir}/plan.{$postid}.txt.p")) {
unlink("{$plan_dir}/plan.{$postid}.txt.p");
}
// if we generated an error, create an error return response
if ($err) {
return new xmlrpcresp(0, $xmlrpcerruser, $err);
} else {
// otherwise, we create the right response
return new xmlrpcresp(TRUE, 'boolean');
}
}
<?php
require_once "../Plans.php";
$added_name = $_POST['username'];
require "auth.php";
require "../functions-kommand.php";
?>
<html>
<body>
<?php
require "dbfunctions.php";
$dbh = db_connect();
if ($added_name) {
if (isvaliduser($dbh, $added_name)) {
echo "User already exists.";
} else {
$type = $_POST['type'];
$password = $_POST['password'];
$email = $_POST['email'];
$perms = $_POST['perms'];
$gradyear = $_POST['gradyear'];
if ($type == "other") {
$type = $_POST['other'];
}
$results = insert_user($added_name, $password, $gradyear, $email, $type, $perms);
$password = $results[0];
$email = $results[1];
echo "Account created for " . $added_name . " with password " . $password . ", email " . $email . ", and graduation year " . $gradyear . ".<br>";
?>
<form action="email.php" method="POST">
<input type="hidden" name="username" value="<?php
