[Scoop-checkins] scoop/struct/patch-files/current patch-11-SignupWithPass.sql README

[scoop at lithium.sabren.com]

Update of /cvs/scoop/scoop/struct/patch-files/current
In directory lithium.sabren.com:/tmp/cvs-serv16309/struct/patch-files/current

Modified Files:
	README 
Added Files:
	patch-11-SignupWithPass.sql 
Log Message:
Omnibus AZ patch:

* Adds new signup method where user chooses their own password. This has worked a lot better than the old way for us, and is much easier 
for inexperienced users. For people upgrading, you'll need to edit a bunch of user-related blocks, most notably changing new_user_email 
and adding a box call to new_user_html. Some instructions are with the control var "signup_with_password"

* Adds flexible date formatting with the vars date_format_default, date_format_short, and date_format_wmd

* Adds user signup IP tracking. Very handy for tracking down dupe accounts and persistent trolls. 



Index: README
===================================================================
RCS file: /cvs/scoop/scoop/struct/patch-files/current/README,v
retrieving revision 1.101
retrieving revision 1.102
diff -C2 -d -r1.101 -r1.102
*** README	25 Jan 2005 15:22:21 -0000	1.101
--- README	25 Jan 2005 17:15:27 -0000	1.102
***************
*** 56,59 ****
--- 56,65 ----
          easier.
  
+ Jan 25 12:11 patch-11-SignupWithPass.sql
+         Mainly adds a new signup mehtod where the user chooses their own password.
+         Works a lot more smoothly than the old way. If you install fresh, it's the default.
+         If not, you need to edit a bunch of Accounts blocks and turn on 
+         "signup_with_password" var. This patch also adds CT's iplookup tools, and
+         flexible date formatting.
  
  Any problems, email scoop-help at lists.kuro5hin.org (don't forget to join!)

--- NEW FILE: patch-11-SignupWithPass.sql ---
ALTER TABLE users ADD COLUMN creation_passwd varchar(50) default NULL;

INSERT INTO vars VALUES ('signup_with_password','0','Collect a user\'s desired password on signup? If set to 1, the signup form will also include a password field. The initial account email will send a link which includes a key rather than a random password. This link will take a user directly to their prefs page (logging them in and activating the account) without the user needing to explicitly log in, and will also enable the password they chose on signup for future logins.\r\n<p>\r\nThis should actually be more secure than the random password method, since if the initial email is intercepted, the attacker still won\'t know the actual account password, and thus will be unable to hijack the account. It should also be easier for users to deal with.\r\n<p>\r\nIf you are upgrading from an older version of Scoop, and wish to enable this feature, you\'ll want to edit several of the blocks in the Accounts category, to remove the references to changing your password. You\'ll also !
 need to add the box \"signup_password\" to the block new_user_html, and replace the username and password lines in the new_user_email block with the link \"|url|/activate/|pass|\".\r\n','bool','Security');
INSERT INTO vars VALUES ('date_format_default','%a %b %d, %Y at %r |zone|','<p>This var can be used to change the formatting style of default dates, such as those displayed in story and comment info. If you\'re happy with the way Scoop does them, then leave this blank. If you want to change them, you may put in a formatting template here which uses the date formatting strings of your database. The formatting codes for mysql are all described here: <a href=\"http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html\">http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html</a> (scroll down to the DATE_FORMAT() function). For Postgres, prehaps someone could add a link here to those codes.</p>\r\n\r\n<p>For example, the Scoop default formatting template for mysql would be: \"%a %b %D, %Y at %r |zone|\" (or %T instead of %r if you have \"time_24h_format\" set). Note that this will override time_24h_format if you change it -- Scoop will just use whatever you put here.<!
 /p>\r\n\r\n<p><b>Special keys:</b></p>\r\n<ul>\r\n<li>|zone|: will be replaced by the user\'s time zone code as a string.\r\n</ul>','text','General');
INSERT INTO vars VALUES ('date_format_short','','<p>This var can be used to change the formatting style of short dates, such as those displayed in search results, the admin story list, and a couple other places. If you\'re happy with the way Scoop does them, then leave this blank. If you want to change them, you may put in a formatting template here which uses the date formatting strings of your database. The formatting codes for mysql are all described here: <a href=\"http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html\">http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html</a> (scroll down to the DATE_FORMAT() function).</p>\r\n\r\n<p>For example, the Scoop default formatting template for mysql would be: \"%m/%d/%Y %r |zone|\" (or %T instead of %r if you have \"time_24h_format\" set).</p>\r\n\r\n<p><b>Special keys:</b></p>\r\n<ul>\r\n<li>|zone|: will be replaced by the user\'s time zone code as a string.\r\n</ul>','text','General');
INSERT INTO vars VALUES ('date_format_wmd','','<p>This var can be used to change the formatting style of \"week month day\" dates, such as those produced by the \"titlesonly\" mode of getstories(). To be honest, I\'m not sure where these are used. If you\'re happy with the way Scoop does them, then leave this blank. If you want to change them, you may put in a formatting template here which uses the date formatting strings of your database. The formatting codes for mysql are all described here: <a href=\"http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html\">http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html</a> (scroll down to the DATE_FORMAT() function).</p>\r\n\r\n<p>For example, the Scoop default formatting template for mysql would be: \"%W %M %D\".</p>\r\n\r\n<p><b>Special keys:</b></p>\r\n<ul>\r\n<li>|zone|: will be replaced by the user\'s time zone code as a string.\r\n</ul>','text','General');

INSERT INTO box VALUES ('activate','','return qq{You\'re already logged in! Your account is confirmed and active. Click <a href=\"%%rootdir%%/\">here</a> to go to the home page.} if ($S->{UID} > 0);\r\n\r\nmy $key = $S->cgi->param(\'key\');\r\nreturn \'Error: No key provided.\' unless $key;\r\n\r\nmy $q_key = $S->dbh->quote($key);\r\nmy ($rv, $sth) = $S->db_select({\r\n	WHAT => \'uid, nickname, creation_passwd\',\r\n	FROM => \'users\',\r\n	WHERE => qq{passwd = $q_key}\r\n});	\r\n\r\nmy ($uid, $nick, $pass) = $sth->fetchrow();\r\n$sth->finish();\r\n\r\nmy $help = $S->{UI}->{VARS}->{local_email};\r\n\r\nreturn qq{I\'m sorry, I can\'t find that key. Your account is probably already confirmed -- try logging in <a href=\"%%rootdir%%/login\">here</a> using the nickname and password you chose when you signed up. If that works, you\'re all set. If not, please email <a href=\"mailto:$help\">$help</a> for help.} unless ($uid && $nick && $pass);\r\n\r\nmy ($rv, $sth) = $S->db_update({\!
 r\n	WHAT => \'users\',\r\n	SET => qq{passwd = newpasswd, creation_passwd = \"\", newpasswd = \"\"},\r\n	WHERE => qq{uid = $uid}\r\n});\r\n$sth->finish();	\r\n	\r\n$S->{PARAMS}->{\'uname\'} = $nick;\r\n$S->{PARAMS}->{\'pass\'} = $pass;\r\n\r\n$S->_check_user();\r\n\r\nmy $urlnick = $S->urlify($nick);\r\n\r\nmy $url = $S->{UI}->{VARS}->{site_url} . \"/\" .\r\n          $S->{UI}->{VARS}->{rootdir} . \"user/$urlnick/prefs?firstlogin=1\";\r\n\r\n$S->{APACHE}->headers_out->{\'Location\'} = $url;\r\n$S->{HEADERS_ONLY}=1;	  \r\n\r\nreturn;','The code to activate a new user\'s account when they click the emailed link.','empty_box',0);
INSERT INTO box VALUES ('signup_password','','return \'\' unless $S->{UI}->{VARS}->{\'signup_with_password\'};\r\n\r\nreturn qq{\r\n<TR><TD class=\"smalltext\">\r\n<b>Please choose a password:</b>\r\n</TD>\r\n<TD>\r\n<INPUT TYPE=\"password\" NAME=\"pass1\" VALUE=\"%%pass1%%\" SIZE=30>\r\n</TD>\r\n</TR>\r\n<TR><TD class=\"smalltext\">\r\n<b>Type password again:</b>\r\n</TD>\r\n<TD>\r\n<INPUT TYPE=\"password\" NAME=\"pass2\" VALUE=\"%%pass2%%\" SIZE=30>\r\n</TD>\r\n</TR>};\r\n\r\n\r\n','Generate the new user password form, if desired','empty_box',0);
INSERT INTO box VALUES ('iplookup','','my $content;\r\nmy $ip = $S->cgi->param(\'iplook\');\r\n\r\n$content = \"<table><tr><td><b>Users created from IP address $ip:</b></td></tr>\";\r\n\r\n# Get list of users created from this IP address\r\nmy ($rv, $sth) = $S->db_select({\r\n   WHAT => \'nickname, perm_group\',\r\n   FROM => \'users\',\r\n   WHERE => qq~creation_ip = \'$ip\'~\r\n   });\r\n\r\nwhile (my $user = $sth->fetchrow_hashref()){\r\n    $content .= qq~\r\n        <tr><td><a href=\"/user/$user->{\'nickname\'}\">$user->{\'nickname\'}</A> </td><td>$user->{\'perm_group\'}</td></tr>~;\r\n    }\r\n$sth->finish;\r\n\r\n# figure out the basic subnet\r\nmy @net = split(/\\./, $ip);\r\nmy $sub = $net[0] . \".\" . $net[1] . \".\" . $net[2] . \".\";\r\n\r\n$content .= qq~<tr><td><b>Users created from ${sub}*:</b></td></tr>~;\r\n\r\n($rv, $sth) = $S->db_select({\r\n   WHAT => \'nickname, perm_group\',\r\n   FROM => \'users\',\r\n   WHERE => qq~creation_ip like \'${sub}%\'~\r\n   !
 });\r\n\r\nwhile (my $user = $sth->fetchrow_hashref()){\r\n    $content .= qq~\r\n        <tr><td><a href=\"/user/$user->{\'nickname\'}\">$user->{\'nickname\'}</A> </td><td>$user->{\'perm_group\'}</td></tr>~;\r\n    }\r\n$sth->finish;\r\n\r\n# comments, if we\'re keeping track of that sort\r\n# of thing\r\nif($S->{UI}->{VARS}->{\'comment_ip_log\'}){\r\n    $content .= \"<tr><td><b>Users who have posted from $ip:</b></td></tr>\";\r\n    ($rv, $sth) = $S->db_select({\r\n        WHAT => \'comments.commentip, users.nickname, users.perm_group\',\r\n        FROM => \'comments left join users on comments.uid = users.uid\',\r\n        WHERE => qq~commentip = \'$ip\'~,\r\n        GROUP_BY => \'comments.uid\'\r\n        });\r\n    while (my $c = $sth->fetchrow_hashref()){\r\n        $content .= qq~<tr><td><a href=\"/user/$c->{\'nickname\'}\">$c->{\'nickname\'}</a></td><td>$c->{\'perm_group\'}</td></tr>~;\r\n        }\r\n    $sth->finish;\r\n    $content .= \"<tr><td><b>Users who have!
  posted from ${sub}*:</b></td></tr>\";\r\n    ($rv, $sth) = $S->db_sel
ect({\r\n        WHAT => \'comments.commentip, users.nickname, users.perm_group\',\r\n        FROM => \'comments left join users on comments.uid = users.uid\',\r\n        WHERE => qq~commentip like \'${sub}%\'~,\r\n        GROUP_BY => \'comments.uid\'\r\n        });\r\n    while (my $c = $sth->fetchrow_hashref()){\r\n        $content .= qq~<tr><td><a href=\"/user/$c->{\'nickname\'}\">$c->{\'nickname\'}</a></td><td>$c->{\'perm_group\'}</td></tr>~;\r\n        }\r\n    $sth->finish;\r\n    }\r\n\r\n$content .= \"</table>\";\r\n\r\n# get the whois info. NOTE: for this to work\r\n# right, you need to have the whois command \r\n# installed. Normally, this shouldn\'t be a\r\n# problem\r\n$content .= \"<P><b>WHOIS info for $ip</b><P>\";\r\nmy $whois = `/usr/bin/whois $ip`;\r\n# sigh, gotta format it right\r\n#my @z = split /\\n/, $whois;\r\n#while (my $line = @z){\r\n#    $content .= \"$line<br>\";\r\n#    }\r\n$content .= \"<pre>$whois</pre>\";\r\n\r\nreturn $content;','','empty_bo!
 x',0);

INSERT INTO ops VALUES ('activate','default_template','activate',1,1,'','','/key/','');
INSERT INTO ops VALUES ('iplookup','default_template','iplookup',1,1,'edit_user','','/iplook/','');