} else {
$success = "create";
}
} else {
$success = "create";
}
/* HACK: Workaround lame template engine */
$_domain = $tpl->get_var("DOMAIN");
unset($tpl->varkeys["DOMAIN"]);
unset($tpl->varvals["DOMAIN"]);
$tpl->set_var("DOMAIN", $_domain);
$user->setcookie();
break;
case "ChangeEmail":
$old_email = $user->email;
$user->email($pending['data']);
if (!$user->update()) {
$error = "dup_email";
$tpl->set_var("EMAIL", $pending['data']);
} else {
$tpl->set_var("OLD_EMAIL", $old_email);
$tpl->set_var("EMAIL", $user->email);
$success = "email";
}
break;
case "ForgotPassword":
/*
* Some users for some reason try to get a new password even if the
* message specifically says the account needs to be validated.
* Silently fix them up since this does validate that their email
* address works.
$name = preg_replace("/</", "<", $name);
$name = preg_replace("/>/", ">", $name);
if (empty($name)) {
$error .= "Name is required\n";
} else {
/* FIXME: More error codes (empty shortname, etc) */
if (!$user->name($name)) {
$error .= "Name '{$name}' is invalid\n";
}
}
/* We do some sanitizing of the email address first */
$email = trim($email);
if (empty($email)) {
$error .= "Email address is required\n";
} else {
if (!$user->email($email)) {
$error .= "Email address '{$email}' is invalid\n";
}
}
if (isset($_POST['password1'])) {
$password1 = $_POST['password2'];
} else {
$password1 = "";
}
if (isset($_POST['password2'])) {
$password2 = $_POST['password2'];
} else {
$password2 = "";
}
if (empty($password1) || empty($password2)) {
$error .= "Please fill in both passwords\n";
