Working user settings, combinations of enabling/disabling both the pu…

…blic api and user signups

admin/login.php

@@ -86,9 +86,12 @@
 	(!isset($fname) || $fname == "") || 
 	(!isset($lname) || $lname == "") || 
 	(!isset($password) || $password == "") ||
-	(!filter_var($email, FILTER_VALIDATE_EMAIL))) {
+	(!filter_var($email, FILTER_VALIDATE_EMAIL)) || 
+	(user_sett('signup') == false)) {
 		if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
 			$_ERROR[] = "Please enter a valid email.<br />";
+		} elseif (user_sett('signup') == false) {
+			$_ERROR[] = "User sign up has been disabled the the site adminsitrator, please try again later.<br />";
 		} else {
 			$_ERROR[] = "Please complete the whole form.<br />";
 		}
@@ -147,6 +150,12 @@
 </div>
 <div id="register">
 <h2>Create an account</h2>
+<?php
+if (user_sett('signup') == false) {
+	$_ERROR[] = "User sign up has been disabled the the site adminsitrator, please try again later.<br />";
+	print_errors();
+} else {
+?>
 <form method="post" action="admin/login.php">
 <?php
 if (isset($_POST['form']) && $_POST['form'] == "register") {
@@ -178,6 +187,7 @@
 </tr>
 </table>
 </form>
+<?php } ?>
 </div>
 <br clear="all">
 <?php

admin/site.php

@@ -27,12 +27,16 @@
 	$data = mysql_real_escape_string(trim($_POST['data']));
 	if (in_array($form, array('theme_path','phurl_version', 'phurl_numericalversion'))) {
 		$_ERROR[] = "The options you tried to edit is restricted on this panel. If you need to edit one of these, please do it manually.<br />";
-	} elseif (!in_array($form, array('shortcode_type', 'site_url', 'site_title', 'site_slogan', 'api_limit'))) {
+	} elseif (!in_array($form, array('shortcode_type', 'site_url', 'site_title', 'site_slogan', 'api_limit', 'pr_email', 'user_sett'))) {
 		$_ERROR[] = "The option you tried to edit is unknown.<br />";
 	} elseif ($data == $options[$form]) {
 		$_ERROR[] = "No changes were made<br />";
 	} elseif ($form == "shortcode_type" && $data != "r" && $data != "c") {
 		$_ERROR[] = "Not a valid shortcode type<br />";
+	} elseif ($form == "pr_email" && !filter_var($data, FILTER_VALIDATE_EMAIL)) {
+		$_ERROR[] = "Not a valid email!<br />";
+	} elseif ($form == "user_sett" && !in_array($data, array('00', '01', '10', '11'))) {
+		$_ERROR[] = "Unknown user setting.<br />";
 	}
 	if (count($_ERROR) == 0) {
 		$db_result = mysql_query("UPDATE ".DB_PREFIX."options SET value='".$data."' WHERE ".DB_PREFIX."options.option='".$form."'") or die(mysql_error());
@@ -44,7 +48,7 @@
 <div id="panel">
 <h3>Site admin</h3>
 <?php
-$updateurl = "http://liveupdate.hencogroup.co.uk/os/phurl/latest.txt";
+/*$updateurl = "http://liveupdate.hencogroup.co.uk/os/phurl/latest.txt";
 $fh = fopen($updateurl, 'r');
 $version = fread($fh, 3);
 fclose($fh);
@@ -54,7 +58,7 @@
 } 
 elseif ($version < $current && $version !== $current) {
 echo "<center><p style=\"color:blue;\">It seems you are running a prerelease version of Phurl. Expect Bugs!</p></center><hr/>";
-}
+}*/
 print_errors();
 ?>
 <form method="post" action="admin/site.php">
@@ -106,6 +110,43 @@
 </form>
 <br />
 
+<form method="post" action="admin/site.php">
+Password reset From email: <input type="text" name="data" value="<?php echo $options['pr_email']; ?>" size="32"><br />
+<input type="submit" name="submit" value="Update">
+<input type="hidden" name="form" value="pr_email">
+<?php
+$site_host = $options['site_url'];
+$site_host = str_replace("http://", "", $site_host);
+$site_host = str_replace("https://", "", $site_host);
+?>
+<small>Must be a valid email, default is no-reply@<?php echo $site_host; ?></small>
+</form>
+<br />
+
+<form method="post" action="admin/site.php">
+User settings: 
+<select name="data">
+<?php
+$userSett = array(
+'11'=>'User sign up and public api enabled',
+'10'=>'User sign up enabled, public api disabled',
+'01'=>'User sign up disabled, public api enabled',
+'00'=>'User sign up and public api disabled',);
+foreach ($userSett as $value => $name) {
+	$selected = "";
+	if ($value == $options['user_sett']) {
+		$selected = "selected=\"selected\" ";
+	}
+	echo "<option value=\"".$value."\"".$selected.">".$name."</option>\n";
+}
+?>
+</select><br />
+<input type="submit" name="submit" value="Update">
+<input type="hidden" name="form" value="user_sett">
+</form>
+<br />
+
+
 </div>
 <?php
 if (file_exists("../".get_phurl_option('theme_path') . "footer.php")) {

api/create.php

@@ -67,7 +67,9 @@
 
 	$db_result = mysql_query("SELECT id,apiKey FROM ".DB_PREFIX."users WHERE suspended='0'");
 	while ($db_row = mysql_fetch_assoc($db_result)) {
-	        $validApiKey[$db_row['apiKey']] = 1;
+		if (user_sett('api') == true || (user_sett('api') == false && $db_row['id'] != '1')) {
+	        	$validApiKey[$db_row['apiKey']] = 1;
+		}
 	}
 
     if (strlen($url) == 0) {

api/stats.php

@@ -38,7 +38,9 @@
 
 	$db_result = mysql_query("SELECT id,apiKey FROM ".DB_PREFIX."users WHERE suspended='0'");
 	while ($db_row = mysql_fetch_assoc($db_result)) {
-	        $validApiKey[$db_row['apiKey']] = 1;
+		if (user_sett('api') == true || (user_sett('api') == false && $db_row['id'] != '1')) {
+	        	$validApiKey[$db_row['apiKey']] = 1;
+		}
 	}
 
     if (!isset($validApiKey[$apiKey]) || $validApiKey[$apiKey] != 1) {

includes/functions.php

@@ -366,5 +366,19 @@ function passwordSalt ($custom) {
 	}
 	return $salt;
 }
+function user_sett($type) {
+	$setting = get_phurl_option('user_sett');
+	if ($type == 'api') {
+		$setting = substr($setting, -1);
+	} elseif ($type == 'signup') {
+		$setting = substr($setting, 0, 1);
+	} 
+	if ($setting == 1) {
+		return true;
+	} elseif ($setting == 0) {
+		return false;
+	}
+}
+
 
 ?>

password_reset.php

@@ -134,7 +134,8 @@
 ?>
 <h4>Step 4:</h4>
 Your password has been reset.<br />
-You can now login with the password sent to you in the first email.
+You can now login with the password sent to you in the first email.<br />
+We recommend that you change your password  after you have logged in.
 <?php
 if (file_exists(get_phurl_option('theme_path') . "footer.php")) {
 	include (get_phurl_option('theme_path') . "footer.php");