Gravatar and prevent reg on failed username in login

2026-01-25 15:38:56 +00:00 · 2012-06-26 23:44:45 +01:00 · 2012-06-26 23:44:45 +01:00 · a80e8f599e
commit a80e8f599e
parent 24e6dd4e5f
3 changed files with 21 additions and 7 deletions
--- a/php/app.php
+++ b/php/app.php
@ -48,6 +48,7 @@ if ($session) {
 }

 $home = isset($session['user']) ? $session['user']['name'] : '';
+$email = isset($session['user']) ? $session['user']['email'] : '';
 $csrf = isset($_COOKIE['_csrf']) ? $_COOKIE['_csrf'] : md5(rand());

 if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD'))) {
@ -150,14 +151,16 @@ if (!$action) {
    $key  = $_POST['key'];
    $name = $_POST['name'];
    $email = $_POST['email'];
+    // TODO allow email to be used as the lookup key
    $sql = sprintf('select * from ownership where name="%s"', mysql_real_escape_string($name));
    $result = mysql_query($sql);
    $ok = false;
    $created = false;
+    $rows_affected = mysql_num_rows($result);

    header('content-type: application/json');

-    if (!mysql_num_rows($result)) {
+    if (!$rows_affected && strlen($email)) {
      // store and okay (note "key" is a reserved word - typical!)
      $key = $bcrypt->hash($key);
      $sql = sprintf('insert into ownership (`name`, `key`, `email`, `last_login`, `created`, `updated`) values ("%s", "%s", "%s", NOW(), NOW(), NOW())', mysql_real_escape_string($name), mysql_real_escape_string($key), mysql_real_escape_string($email));
@ -167,12 +170,16 @@ if (!$action) {
        $created = true;
        // echo json_encode(array('ok' => true, 'created' => true));
      } else {
-        echo json_encode(array('ok' => false, 'error' => mysql_error()));
+        echo json_encode(array('ok' => false, 'message' => 'Sorry, I couldn\'t find your account. Can you double check?'));
+
+        // echo json_encode(array('ok' => false, 'error' => mysql_error()));
      }
+    // } else if (!strlen($email)) {
+    //     echo json_encode(array('ok' => false, 'message' => 'ok2 Sorry, I couldn\'t find your account. Can you double check?'));
    } else {
      // check key
      $row = mysql_fetch_object($result);
-
+      $email = $row->email;
      $hashed  = $row->key;
      $created = date_parse($row->created);
      if (!$created || $created['warning_count']) {
@ -182,7 +189,7 @@ if (!$action) {
          if (!mysql_query($sql)) {
            echo json_encode(array('ok' => false, 'error' => mysql_error()));
            exit;
-          }
+          } 
        }
      }

@ -201,6 +208,7 @@ if (!$action) {
    if ($ok) {
      $data = json_encode(array('user' => array(
        'name' => $name,
+        'email' => $email,
        'lastLogin' => time()
      )));
      $hash = session_hash($data);
--- a/php/index.php
+++ b/php/index.php
@ -30,6 +30,11 @@ $list_history = ob_get_clean();

 $code_id_domain = preg_replace('/https?:\/\//', '', $code_id_path);

+$gravatar = '';
+if ($email) {
+  $gravatar = 'http://www.gravatar.com/avatar/' . md5(strtolower(trim($email))) . '?s=28';
+}
+
 $view = file_get_contents('../views/index.html');
 $mustache = new Mustache;
 echo $mustache->render($view, array(
@ -37,6 +42,7 @@ echo $mustache->render($view, array(
  'root' => ROOT,
  'version' => VERSION,
  'home' => $home,
+  'gravatar' => $gravatar,
  'revision' => $revision,
  'code_id' => $code_id,
  'url' =>  $_SERVER['REQUEST_URI'],
--- a/views/index.html
+++ b/views/index.html
@ -47,9 +47,9 @@
        {{#home}}
        <div class="menu">
          <div class="group">
-            <a href="#" class="button homebtn">{{home}}</a><a href="#homemenu" class="button button-dropdown"><span class="icon icon-chevron-down"></span></a>
+            <a href="#" class="button homebtn">{{#gravatar}}<img class="avatar" src="{{gravatar}}">{{/gravatar}}{{home}}</a><a href="#homemenu" class="button button-dropdown button-dropdown-arrow"><span class="icon icon-chevron-down"></span></a>
          </div>
-          <div class="dropdown" id="homemenu">
+          <div class="dropdown dd-right" id="homemenu">
            <div class="dropdownmenu">
              <form action="{{root}}/logout" method="POST">
                <input type="hidden" name="_csrf" value="{{token}}" />
@ -78,7 +78,7 @@
                </div>
                <div>
                  <input type=submit value="Log in">
-                  <a id="lostpass" href="#">Lost password?</a>
+                  <!--<a id="lostpass" href="#">Lost password?</a>-->
                </div>
              </form>
            </div>