Implements FS#42343. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- schema/aur-schema.sql | 1 + upgrading/4.1.0.txt | 7 +++++++ web/html/account.php | 19 ++++++++++--------- web/html/register.php | 6 +++--- web/lib/acctfuncs.inc.php | 11 +++++++++-- web/template/account_details.php | 12 +++++++++++- web/template/account_edit_form.php | 5 +++++ 7 files changed, 46 insertions(+), 15 deletions(-) diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 2c45a97..53dc468 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -26,6 +26,7 @@ CREATE TABLE Users ( Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0, Username VARCHAR(32) NOT NULL, Email VARCHAR(64) NOT NULL, + HideEmail TINYINT UNSIGNED NOT NULL DEFAULT 0, Passwd CHAR(32) NOT NULL, Salt CHAR(32) NOT NULL DEFAULT '', ResetKey CHAR(32) NOT NULL DEFAULT '', diff --git a/upgrading/4.1.0.txt b/upgrading/4.1.0.txt index 439562f..26f9f65 100644 --- a/upgrading/4.1.0.txt +++ b/upgrading/4.1.0.txt @@ -17,3 +17,10 @@ ALTER TABLE PackageBases ADD COLUMN FlaggerComment VARCHAR(255) NOT NULL, ADD FOREIGN KEY (FlaggerUID) REFERENCES Users(ID) ON DELETE SET NULL; ---- + +3. Add field to store the state of a user's email address: + +---- +ALTER TABLE Users + ADD COLUMN HideEmail TINYINT UNSIGNED NOT NULL DEFAULT 0; +---- diff --git a/web/html/account.php b/web/html/account.php index adc2542..b2886fc 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -32,10 +32,10 @@ if ($action == "UpdateAccount") { list($success, $update_account_message) = process_account_form( "edit", "UpdateAccount", in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("P"), in_request("C"), - in_request("R"), in_request("L"), in_request("I"), - in_request("K"), in_request("PK"), in_request("J"), - in_request("ID"), $row["Username"]); + in_request("E"), in_request("H"), in_request("P"), + in_request("C"), in_request("R"), in_request("L"), + in_request("I"), in_request("K"), in_request("PK"), + in_request("J"), in_request("ID"), $row["Username"]); } } @@ -79,8 +79,8 @@ if (isset($_COOKIE["AURSID"])) { if (can_edit_account($row)) { display_account_form("UpdateAccount", $row["Username"], $row["AccountTypeID"], $row["Suspended"], $row["Email"], - "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["PGPKey"], $PK, + $row["HideEmail"], "", "", $row["RealName"], + $row["LangPreference"], $row["IRCNick"], $row["PGPKey"], $PK, $row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]); } else { print __("You do not have permission to edit this account."); @@ -115,9 +115,10 @@ if (isset($_COOKIE["AURSID"])) { if (!$success) { display_account_form("UpdateAccount", in_request("U"), in_request("T"), - in_request("S"), in_request("E"), in_request("P"), in_request("C"), - in_request("R"), in_request("L"), in_request("I"), in_request("K"), - in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]); + in_request("S"), in_request("E"), in_request("H"), in_request("P"), + in_request("C"), in_request("R"), in_request("L"), in_request("I"), + in_request("K"), in_request("PK"), in_request("J"), in_request("ID"), + $row["Username"]); } } else { diff --git a/web/html/register.php b/web/html/register.php index 9c5c1cc..f8400a3 100644 --- a/web/html/register.php +++ b/web/html/register.php @@ -21,7 +21,7 @@ echo '<h2>' . __('Register') . '</h2>'; if (in_request("Action") == "NewAccount") { list($success, $message) = process_account_form( "new", "NewAccount", in_request("U"), 1, 0, - in_request("E"), '', '', in_request("R"), + in_request("E"), in_request("H"), '', '', in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK")); @@ -29,13 +29,13 @@ if (in_request("Action") == "NewAccount") { if (!$success) { display_account_form("NewAccount", in_request("U"), 1, 0, - in_request("E"), '', '', in_request("R"), + in_request("E"), in_request("H"), '', '', in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK")); } } else { print '<p>' . __("Use this form to create an account.") . '</p>'; - display_account_form("NewAccount", "", "", "", "", "", "", "", $LANG); + display_account_form("NewAccount", "", "", "", "", "", "", "", "", $LANG); } echo '</div>'; diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 756c847..a200998 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -47,6 +47,7 @@ function html_format_pgp_fingerprint($fingerprint) { * @param string $T The account type of the displayed user * @param string $S Whether the displayed user has a suspended account * @param string $E The e-mail address of the displayed user + * @param string $H Whether the e-mail address of the displayed user is hidden * @param string $P The password value of the displayed user * @param string $C The confirmed password value of the displayed user * @param string $R The real name of the displayed user @@ -60,7 +61,7 @@ function html_format_pgp_fingerprint($fingerprint) { * * @return void */ -function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="", +function display_account_form($A,$U="",$T="",$S="",$E="",$H="",$P="",$C="",$R="", $L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") { global $SUPPORTED_LANGS; @@ -78,6 +79,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="", * @param string $T The account type for the user * @param string $S Whether or not the account is suspended * @param string $E The e-mail address for the user + * @param string $H Whether or not the e-mail address should be hidden * @param string $P The password for the user * @param string $C The confirmed password for the user * @param string $R The real name of the user @@ -91,7 +93,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="", * * @return array Boolean indicating success and message to be printed */ -function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="", +function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C="", $R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") { global $SUPPORTED_LANGS; @@ -324,6 +326,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="", $q.= ", Suspended = 0"; } $q.= ", Email = " . $dbh->quote($E); + if ($H) { + $q.= ", HideEmail = 1"; + } else { + $q.= ", HideEmail = 0"; + } if ($P) { $salt = generate_salt(); $hash = salted_hash($P, $salt); diff --git a/web/template/account_details.php b/web/template/account_details.php index 9282b2c..59a6a63 100644 --- a/web/template/account_details.php +++ b/web/template/account_details.php @@ -25,7 +25,17 @@ </tr> <tr> <th><?= __("Email Address") . ":" ?></th> - <td><a href="mailto:<?= htmlspecialchars($row["Email"], ENT_QUOTES) ?>"><?= htmlspecialchars($row["Email"], ENT_QUOTES) ?></a></td> + <td> + <?php + if ($row["HideEmail"] == 1 && !has_credential(CRED_ACCOUNT_SEARCH)): + print "<em>" . __("hidden") . "</em>"; + else: + ?> + <a href="mailto:<?= htmlspecialchars($row["Email"], ENT_QUOTES) ?>"><?= htmlspecialchars($row["Email"], ENT_QUOTES) ?></a> + <?php + endif; + ?> + </td> </tr> <tr> <th><?= __("Real Name") . ":" ?></th> diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index 83aedb0..16655c0 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -76,6 +76,11 @@ <em><?= __("Please ensure you correctly entered your email address, otherwise you will be locked out.") ?></em> </p> + <p> + <label for="id_hide"><?= __("Hide Email Address") ?>:</label> + <input type="checkbox" name="H" id="id_hide" <?= $H ? 'checked="checked"' : '' ?> /> + </p> + <?php if ($A == "UpdateAccount"): ?> <p> <label for="id_passwd1"><?= __("Password") ?>:</label> -- 2.5.2