Merge branch 'master' into quickform

Conflicts:
	data/templates/bookmarks.tpl.php
	data/templates/sidebar.block.search.php
	data/templates/top.inc.php
	doc/developers/TODO
	src/SemanticScuttle/header.php

data/config.default.php

@@ -237,31 +237,6 @@ $adminsAreAdvisedTagsFromOtherAdmins = false;
  */
 $reservedusers  = array('all', 'watchlist');
 
-
-
-
-/***************************************************
- * Anti SPAM measures
- */
-
-/**
- * A question to avoid spam.
- * Shown on user registration page.
- *
- * @var string
- * @see $antispamAnswer
- */
-$antispamQuestion = 'name of this application';
-
-/**
- * The answer to the antispam question
- * Users have to write exactly this string.
- *
- * @var string
- * @see $antispamQuestion
- */
-$antispamAnswer = 'semanticscuttle';
-
 /**
  * Enable or disable user registration
  *

data/templates/login.tpl.php

@@ -14,23 +14,24 @@ if (!$userservice->isSessionStable()) {
 }
 ?>
 
-<form action="<?php echo $formaction; ?>" method="post">
-    <div><input type="hidden" name="query" value="<?php echo $querystring; ?>" /></div>
-    <table>
+<form<?php echo $form['attributes']; ?>>
+<?php echo implode('', $form['hidden']); ?>
+  <table>
     <tr>
-        <th align="left"><label for="username"><?php echo T_('Username'); ?></label></th>
-        <td><input type="text" id="username" name="username" size="20" /></td>
-        <td></td>
+      <th align="left"><?php echo $form['username']['labelhtml']; ?></th>
+      <td><?php echo $form['username']['html']; ?></td>
+      <td></td>
     </tr>
     <tr>
-        <th align="left"><label for="password"><?php echo T_('Password'); ?></label></th>
-        <td><input type="password" id="password" name="password" size="20" /></td>
-        <td><input type="checkbox" name="keeppass" id="keeppass" value="yes" /> <label for="keeppass"><?php echo T_("Don't ask for my password for 2 weeks"); ?>.</label></td>
+      <th align="left"><?php echo $form['password']['labelhtml']; ?></th>
+      <td><?php echo $form['password']['html']; ?></td>
+      <td><?php echo $form['keeploggedin']['html']
+                   . $form['keeploggedin']['labelhtml']; ?></td>
     </tr>
     <tr>
-        <td></td>
-        <td><input type="submit" name="submitted" value="<?php echo T_('Log In'); ?>" /></td>
-        <td></td>
+      <td></td>
+      <td><?php echo $form['submit']['html']; ?></td>
+      <td></td>
     </tr>
     </table>
     <p>&raquo; <a href="<?php echo ROOT ?>password.php"><?php echo T_('Forgotten your password?') ?></a></p>

data/templates/password.tpl.php

@@ -1,26 +1,34 @@
 <?php
 $this->includeTemplate($GLOBALS['top_include']);
+
+if (isset($form)) {
 ?>
 
 <p><?php echo sprintf(T_('If you have forgotten your password, %s can generate a new one. Enter the username and e-mail address of your account into the form below and we will e-mail your new password to you.'), $GLOBALS['sitename']); ?></p>
 
-<form action="<?php echo $formaction; ?>" method="post">
-    <table>
-    <tr>
-        <th align="left"><label for="username"><?php echo T_('Username'); ?></label></th>
-        <td><input type="text" id="username" name="username" size="20" class="required" /></td>
-    </tr>
-    <tr>
-        <th align="left"><label for="email"><?php echo T_('E-mail'); ?></label></th>
-        <td><input type="text" id="email" name="email" size="40" class="required" /></td>
-    </tr>
-    <tr>
-        <td></td>
-        <td><input type="submit" name="submitted" value="<?php echo T_('Generate Password'); ?>" /></td>
-    </tr>
-    </table>
+<form<?php echo $form['attributes']; ?>>
+<?php echo implode('', $form['hidden']); ?>
+ <table>
+  <tr>
+   <th align="left"><?php echo $form['username']['labelhtml']; ?></th>
+   <td><?php echo $form['username']['html']; ?></td>
+  </tr>
+  <tr>
+   <th align="left"><?php echo $form['email']['labelhtml']; ?></th>
+   <td><?php echo $form['email']['html']; ?></td>
+  </tr>
+  <tr>
+   <th align="left"><?php echo $form['captcha']['labelhtml']; ?></th>
+   <td><?php echo $form['captcha']['html']; ?></td>
+  </tr>
+  <tr>
+   <td></td>
+   <td><?php echo $form['submit']['html']; ?></td>
+  </tr>
+ </table>
 </form>
 
 <?php
+}
 $this->includeTemplate($GLOBALS['bottom_include']);
 ?>

data/templates/register.tpl.php

@@ -10,35 +10,36 @@ window.onload = function() {
 
 <p><?php echo sprintf(T_('Sign up here to create a free %s account. All the information requested below is required'), $GLOBALS['sitename']); ?>.</p>
 
-<form action="<?php echo $formaction; ?>" method="post">
+<form<?php echo $form['attributes']; ?>>
+<?php echo implode('', $form['hidden']); ?>
 <table>
 <tr>
-    <th align="left"><label for="username"><?php echo T_('Username'); ?></label></th>
-    <td><input type="text" id="username" name="username" size="20" class="required" onkeyup="isAvailable(this, '')" /> </td>
+    <th align="left"><?php echo $form['username']['labelhtml']; ?></th>
+    <td><?php echo $form['username']['html']; ?></td>
     <td id="availability"><?php echo '←'.T_(' at least 5 characters, alphanumeric (no spaces, no dots or other special ones)') ?></td>
 </tr>
 <tr>
-    <th align="left"><label for="password"><?php echo T_('Password'); ?></label></th>
-    <td><input type="password" id="password" name="password" size="20" class="required" /></td>
+    <th align="left"><?php echo $form['password']['labelhtml']; ?></th>
+    <td><?php echo $form['password']['html']; ?></td>
     <td></td>
 </tr>
 <tr>
-    <th align="left"><label for="email"><?php echo T_('E-mail'); ?></label></th>
-    <td><input type="text" id="email" name="email" size="40" class="required" /></td>
+    <th align="left"><?php echo $form['email']['labelhtml']; ?></th>
+    <td><?php echo $form['email']['html']; ?></td>
     <td><?php echo '←'.T_(' to send you your password if you forget it')?></td>
 </tr>
 
-<?php if(strlen($antispamQuestion)>0) {?>
+<?php if (isset($form['captcha'])) {?>
 <tr>
-    <th align="left"><label for="antispamAnswer"><?php echo T_('Antispam question'); ?></label></th>
-    <td><input type="text" id="antispamAnswer" name="antispamAnswer" size="40" class="required" value="<?php echo $antispamQuestion; ?>" onfocus="if (this.value == '<?php echo $antispamQuestion; ?>') this.value = '';" onblur="if (this.value == '') this.value = '<?php echo $antispamQuestion; ?>';"/></td>
+    <th align="left"><?php echo $form['captcha']['labelhtml']; ?></th>
+    <td><?php echo $form['captcha']['html']; ?></td>
     <td></td>
 </tr>
 <?php } ?>
 
 <tr>
     <td></td>
-    <td><input type="submit" name="submitted" value="<?php echo T_('Register'); ?>" /></td>
+    <td><?php echo $form['submit']['html']; ?></td>
     <td></td>
 </tr>
 </table>

doc/developers/TODO

@@ -1,10 +1,43 @@
+- Use HTML_QuickForm2 for forms
+  -> easy captcha integration
+  -> cleaner code
+  -> more secure code
+  -> easy to i.e. add richtext fields
+  - forms:
+    - user
+      + login
+      + register
+      + send password -> add captcha
+      - edit profile
+    - bookmark:
+      - edit
+      - common bookmark description
+    - tag
+      - delete tag
+      - edit tag
+      - rename tag
+      - common tag description
+    - tag2tag
+      - add tag2tag
+      - edit tag2tag
+      - delete tag2tag
+    - import
+      - import structure
+      - import delicious
+      - import netscape
+    - watchlist sidebar
+    - search
+      - normal search
+      - gsearch
+
+- openid integration
 - SemanticScuttle_Filter
   -> class with static filter functions to filter
      ids, usernames, passwords, sorting etc.
 - when a user gets deleted from database, he should not be
   logged in anymore (name not shown on top right)
 - Make users inactive by default when registered newly
-  - have to be activated by admins
+  - have to be activated by admins (see #1926991)
 - Add RDFa to user profile page
 - use recaptcha or alike -> quickform
 - tutorial about sidebar
@@ -14,6 +47,7 @@
   - how to optimize DISTINCT bHash
 
 
+
 Tracker items:
 #1908041 - klick counter
   a counter how many people klicked one link
@@ -50,7 +84,7 @@ Tracker items:
   I'l like to propose a function, where 5 (numbers can be selected)of top
   users (or sub admins if they can be created) of the site marks the bookmark
   not applicable to the site, then that bookmark is deleted.
-#2862548 - Disable email TLD verification
+ALREADY FIXED! #2862548 - Disable email TLD verification
   It should be possible to disable the top level domain verification in the
   email verification for new users. Use cases are
   a) new top level domains (TLD) that are created in the future

src/HTML/QuickForm2/Element/Captcha

@@ -0,0 +1 @@
+/home/cweiske/Dev/pear/sandbox/HTML_QuickForm2_Captcha/HTML/QuickForm2/Element/Captcha

src/HTML/QuickForm2/Element/Captcha.php

@@ -0,0 +1 @@
+/home/cweiske/Dev/pear/sandbox/HTML_QuickForm2_Captcha/HTML/QuickForm2/Element/Captcha.php

src/HTML/QuickForm2/Element/NumeralCaptcha.php

@@ -0,0 +1 @@
+/home/cweiske/Dev/pear/sandbox/HTML_QuickForm2_Captcha/HTML/QuickForm2/Element/NumeralCaptcha.php

src/HTML/QuickForm2/Element/ReCaptcha.php

@@ -0,0 +1 @@
+/home/cweiske/Dev/pear/sandbox/HTML_QuickForm2_Captcha/HTML/QuickForm2/Element/ReCaptcha.php

src/SemanticScuttle/QuickForm2/Renderer/CoolArray.php

@@ -0,0 +1,89 @@
+<?php
+require_once 'HTML/QuickForm2/Renderer/Array.php';
+
+/**
+ * Custom HTML_QuickForm2 renderer allowing easy access
+ * to elements by their ID
+ *
+ * FIXME
+ */
+class SemanticScuttle_QuickForm2_Renderer_CoolArray
+    extends HTML_QuickForm2_Renderer_Array
+    implements ArrayAccess
+{
+    protected $ids = array();
+
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Overwrite parent method to create ID index
+     */
+    public function pushScalar(array $element)
+    {
+        parent::pushScalar($element);
+        $id   = $element['id']; 
+        $cont =& $this->containers[
+            count($this->containers) - 1
+        ];
+        $this->ids[$id] =& $cont[count($cont) - 1];
+    }
+
+
+
+   /**
+    * Creates an array with fields that are common to all elements.
+    * This method here also creates html labels.
+    *
+    * @param HTML_QuickForm2_Node $element Element being rendered
+    *
+    * @return array Array of attributes
+    */
+    public function buildCommonFields(HTML_QuickForm2_Node $element)
+    {
+        $ary = parent::buildCommonFields($element);
+        if (isset($ary['label'])) {
+            //FIXME: error class
+            //FIXME: htmlspecialchars()?
+            $ary['labelhtml'] = '<label for="' . $ary['id'] . '">'
+                . $ary['label'] . '</label>';
+        }
+        return $ary;
+    }
+
+
+
+    public function offsetSet($offset, $value)
+    {
+        $this->ids[$offset] = $value;
+    }
+
+    public function offsetExists($offset)
+    {
+        if (isset($this->array[$offset])) {
+            return true; 
+        }
+        return isset($this->ids[$offset]);
+    }
+
+    public function offsetUnset($offset)
+    {
+        unset($this->ids[$offset]);
+    }
+
+    public function offsetGet($offset)
+    {
+        if (isset($this->array[$offset])) {
+            return $this->array[$offset];
+        }
+        return isset($this->ids[$offset])
+            ? $this->ids[$offset]
+            : null;
+    }
+
+}
+
+?>

src/SemanticScuttle/Service/User.php

@@ -188,7 +188,15 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
         return sprintf($this->profileurl, urlencode($id), urlencode($username));
     }
 
-    function getUserByUsername($username) {
+    /**
+     * Fetches a user by the given user name
+     *
+     * @param string $username Nickname of the user
+     *
+     * @return array Database row or boolean false on error
+     */
+    public function getUserByUsername($username)
+    {
         return $this->_getuser($this->getFieldName('username'), $username);
     }
 
@@ -307,14 +315,54 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
         return $currentObjectUser;
     }
 
-    function existsUserWithUsername($username) {
-        if($this->getUserByUsername($username) != '') {
+
+
+    /**
+     * Checks if the user with the given username exists
+     * in database.
+     *
+     * @param string $username Nickname of user
+     *
+     * @return boolean True if it exists, false if not
+     */
+    public function existsUserWithUsername($username)
+    {
+        if ($this->getUserByUsername($username) != '') {
             return true;
         } else {
             return false;
         }
     }
 
+
+
+    /**
+     * Checks if the given username and email combination is
+     * valid (user with nickname and email address exists).
+     * Used on forgot-password page.
+     *
+     * @param string $username Nickname of user
+     * @param string $email    Email address of user
+     *
+     * @return boolean True if a user with both nickname and
+     *                 email address exists, false if not.
+     */
+    public function userEmailCombinationValid($username, $email)
+    {
+        $user = $this->getUserByUsername($username);
+        if ($user === false) {
+            //user does not exist
+            return false;
+        } else if ($user['email'] != $email) {
+            //email wrong
+            return false;
+        }
+
+        return true;
+    }
+
+
+
     function existsUser($id) {
         if($this->getUser($id) != '') {
             return true;
@@ -729,7 +777,17 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
         }
     }
 
-    function isReserved($username) {
+    /**
+     * Checks if the given user name is one of the reserved ones
+     *
+     * @param string $username Username to check
+     *
+     * @return boolean True when it is reserved
+     *
+     * @uses $GLOBALS['reservedusers']
+     */
+    public function isReserved($username)
+    {
         if (in_array($username, $GLOBALS['reservedusers'])) {
             return true;
         } else {
@@ -737,7 +795,20 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
         }
     }
 
-    function isValidUsername($username) {
+    /**
+     * Check if the given username is valid syntactically.
+     * This function does not check if the username is already
+     * in use or reserved.
+     *
+     * @param string $username Name to check
+     *
+     * @return boolean True if the username is valid
+     *
+     * @see isReserved()
+     * @see existsUserWithUsername()
+     */
+    public function isValidUsername($username)
+    {
         if (strlen($username) < 4) {
             return false;
         }elseif (strlen($username) > 24) {

tests/UserTest.php

@@ -105,6 +105,73 @@ class UserTest extends TestBase
 
 
 
+    /**
+     * Test userEmailCombinationValid() with valid user
+     * and valid email address.
+     *
+     * @return void
+     */
+    public function testUserEmailCombinationValid()
+    {
+        $this->us->deleteAll();
+
+        $uid   = $this->addUser();
+        $user  = $this->us->getUser($uid);
+        $email = $user['email'];
+        $name  = $user['username'];
+        $this->assertTrue(
+            $this->us->userEmailCombinationValid(
+                $name, $email
+            )
+        );
+    }
+
+
+
+    /**
+     * Test userEmailCombinationValid() with valid user and invalid email.
+     *
+     * @return void
+     */
+    public function testUserEmailCombinationValidInvalidEmail()
+    {
+        $this->us->deleteAll();
+
+        $uid   = $this->addUser();
+        $user  = $this->us->getUser($uid);
+        $email = $user['email'];
+        $name  = $user['username'];
+        $this->assertFalse(
+            $this->us->userEmailCombinationValid(
+                $name, 'not-' . $email
+            )
+        );
+    }
+
+
+
+    /**
+     * Test userEmailCombinationValid() with invalid user and invalid email.
+     *
+     * @return void
+     */
+    public function testUserEmailCombinationValidBothInvalid()
+    {
+        $this->us->deleteAll();
+
+        $uid   = $this->addUser();
+        $user  = $this->us->getUser($uid);
+        $email = $user['email'];
+        $name  = $user['username'];
+        $this->assertFalse(
+            $this->us->userEmailCombinationValid(
+                'not-' . $name, 'not-' . $email
+            )
+        );
+    }
+
+
+
     /**
      * Test login() function with invalid creditentials
      *

www/login.php

@@ -1,62 +1,138 @@
 <?php
-/***************************************************************************
-Copyright (C) 2004 - 2006 Scuttle project
-http://sourceforge.net/projects/scuttle/
-http://scuttle.org/
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-***************************************************************************/
-
+/**
+ * SemanticScuttle - your social bookmark manager.
+ * User login form.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @author   Eric Dane <ericdane@users.sourceforge.net>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
 require_once 'www-header.php';
 
-
-/* Service creation: only useful services are created */
-// No specific services
-
-
-/* Managing all possible inputs */
-isset($_POST['keeppass']) ? define('POST_KEEPPASS', $_POST['keeppass']): define('POST_KEEPPASS', '');
-isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
-isset($_POST['username']) ? define('POST_USERNAME', $_POST['username']): define('POST_USERNAME', '');
-isset($_POST['password']) ? define('POST_PASSWORD', $_POST['password']): define('POST_PASSWORD', '');
-isset($_POST['query']) ? define('POST_QUERY', $_POST['query']): define('POST_QUERY', '');
-
-$keeppass = (POST_KEEPPASS=='yes')?true:false;
-
-$login = false;
-if (POST_SUBMITTED!='' && POST_USERNAME!='' && POST_PASSWORD!='') {
-    $posteduser = trim(utf8_strtolower(POST_USERNAME));
-    $login = $userservice->login($posteduser, POST_PASSWORD, $keeppass); 
-    if ($login) {
-        if (POST_QUERY)
-            header('Location: '. createURL('bookmarks', $posteduser .'?'. POST_QUERY));
-        else
-            header('Location: '. createURL('bookmarks', $posteduser));
-    } else {
-        $tplVars['error'] = T_('The details you have entered are incorrect. Please try again.');
-    }
+if ($userservice->isLoggedOn()) {
+    //no need to log in when the user is already logged in
+    $user = $userservice->getCurrentUser();
+    header(
+        'Location: '
+        . createURL('bookmarks', $user['username'])
+    );
+    exit();
 }
-if (!$login) { 
-    if ($userservice->isLoggedOn()) {
-        $cUser = $userservice->getCurrentObjectUser();
-        header('Location: '. createURL('bookmarks', strtolower($cUser->getUsername())));
-    }
 
-    $tplVars['subtitle']    = T_('Log In');
-    $tplVars['formaction']  = createURL('login');
-    $tplVars['querystring'] = filter($_SERVER['QUERY_STRING']);
-    $templateservice->loadTemplate('login.tpl', $tplVars);
+require_once 'HTML/QuickForm2.php';
+require_once 'SemanticScuttle/QuickForm2/Renderer/CoolArray.php';
+
+//do not append '-0' to IDs
+HTML_Common2::setOption('id_force_append_index', false);
+
+$login = new HTML_QuickForm2(
+    'login', 'post',
+    array('action' => createURL('login')),
+    true
+);
+$login->addElement(
+    'hidden', 'querystring',
+    array(
+        'value' => $_SERVER['QUERY_STRING']
+    )
+);
+
+$user = $login->addElement(
+    'text', 'username',
+    array(
+        'size'    => 20,
+        'class'   => 'required'
+    )
+)->setLabel(T_('Username'));
+$user->addRule(
+    'required',
+    T_('Please enter your username')
+);
+$user->addRule(
+    'callback',
+    T_('This username is not valid (too short, too long, forbidden characters...), please make another choice.'),
+    array($userservice, 'isValidUsername')
+);
+
+$login->addElement(
+    'password', 'password',
+    array(
+        'size'  => 20,
+        'class' => 'required'
+    )
+)
+->setLabel(T_('Password'))
+->addRule(
+    'required',
+    T_('Please enter your password')
+);
+
+$login->addElement(
+    'checkbox', 'keeploggedin'
+)->setLabel(T_('Don\'t ask for my password for 2 weeks'));
+
+$login->addElement(
+    'submit', 'submit',
+    array('value' => T_('Log In'))
+);
+
+
+$tplVars['error'] = '';
+if ($login->validate()) {
+    $arValues = $login->getValue();
+    if (!isset($arValues['keeploggedin'])) {
+        $arValues['keeploggedin'] = false;
+    }
+    $bLoginOk = $userservice->login(
+        $arValues['username'],
+        $arValues['password'],
+        (bool)$arValues['keeploggedin']
+    );
+    if ($bLoginOk) {
+        if ($arValues['querystring'] != '') {
+            //append old query string
+            header(
+                'Location: '
+                . createURL('bookmarks', $arValues['username'])
+                . '?' . $arValues['querystring']
+            );
+        } else {
+            header(
+                'Location: '
+                . createURL('bookmarks', $arValues['username'])
+            );
+        }
+        exit();
+    }
+    $tplVars['error'] = T_('The details you have entered are incorrect. Please try again.');
 }
+
+
+HTML_QuickForm2_Renderer::register(
+    'coolarray',
+    'SemanticScuttle_QuickForm2_Renderer_CoolArray'
+);
+//$renderer = HTML_QuickForm2_Renderer::factory('coolarray')
+$renderer = new SemanticScuttle_QuickForm2_Renderer_CoolArray();
+$renderer->setOption(
+    array(
+        'group_hiddens' => true,
+        'group_errors'  => true
+    )
+);
+
+$tplVars['form']     = $login->render($renderer);
+$tplVars['loadjs']   = true;
+$tplVars['subtitle'] = T_('Register');
+$tplVars['error']   .= implode(
+    '<br/>', array_unique($tplVars['form']['errors'])
+);
+$templateservice->loadTemplate('login.tpl', $tplVars);
+
 ?>

www/password.php

@@ -1,78 +1,191 @@
 <?php
-/***************************************************************************
- Copyright (C) 2005 Scuttle project
- https://sourceforge.net/projects/scuttle/
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- ***************************************************************************/
-
+/**
+ * SemanticScuttle - your social bookmark manager.
+ * User password reset form.
+ *
+ * PHP version 5.
+ *
+ * @category  Bookmarking
+ * @package   SemanticScuttle
+ * @author    Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @author    Eric Dane <ericdane@users.sourceforge.net>
+ * @author    Marcus Campbell <marcus.campbell@gmail.com>
+ * @license   GPL http://www.gnu.org/licenses/gpl.html
+ * @link      http://sourceforge.net/projects/semanticscuttle
+ */
 require_once 'www-header.php';
 
-/* Service creation: only useful services are created */
-// No specific services
+require_once 'HTML/QuickForm2.php';
+require_once 'SemanticScuttle/QuickForm2/Renderer/CoolArray.php';
+require_once 'HTML/QuickForm2/Element/NumeralCaptcha.php';
 
-/* Managing all possible inputs */
-isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
-isset($_POST['username']) ? define('POST_USERNAME', $_POST['username']): define('POST_USERNAME', '');
-isset($_POST['email']) ? define('POST_EMAIL', $_POST['email']): define('POST_EMAIL', '');
 
-// IF SUBMITTED
-if (POST_SUBMITTED != '') {
 
-	// NO USERNAME
-	if (!POST_USERNAME) {
-		$tplVars['error'] = T_('You must enter your username.');
+//we register a strange name here so we can change the class
+// itself easily
+HTML_QuickForm2_Factory::registerElement(
+    'sc-captcha',
+    'HTML_QuickForm2_Element_NumeralCaptcha'
+);
 
-		// NO E-MAIL
-	} elseif (!POST_EMAIL) {
-		$tplVars['error'] = T_('You must enter your <abbr title="electronic mail">e-mail</abbr> address.');
+//do not append '-0' to IDs
+HTML_Common2::setOption('id_force_append_index', false);
 
-		// USERNAME AND E-MAIL
-	} else {
+$form = new HTML_QuickForm2(
+    'registration', 'post',
+    array('action' => createURL('password')),
+    true
+);
 
-		// NO MATCH
-		$userinfo = $userservice->getObjectUserByUsername(POST_USERNAME);
-		if ($userinfo == NULL) {
-			$tplVars['error'] = T_('No matches found for that username.');
+$user = $form->addElement(
+    'text', 'username',
+    array(
+        'size'    => 20,
+        'class'   => 'required'
+    )
+)->setLabel(T_('Username'));
+$user->addRule(
+    'required',
+    T_('You <em>must</em> enter a username, password and e-mail address.')
+);
+$user->addRule(
+    'callback',
+    T_('This username is not valid (too short, too long, forbidden characters...), please make another choice.'),
+    array($userservice, 'isValidUsername')
+);
+$user->addRule(
+    'notcallback',
+    T_('This username has been reserved, please make another choice.'),
+    array($userservice, 'isReserved')
+);
+$user->addRule(
+    'callback',
+    T_('No matches found for that username.'),
+    array($userservice, 'existsUserWithUsername')
+);
+$form->addRule(
+    'callback',
+    T_('No matches found for that combination of username and <abbr title="electronic mail">e-mail</abbr> address.'),
+    'checkUserEmailCombination'
+);
 
-		} elseif (POST_EMAIL != $userinfo->getEmail()) {
-			$tplVars['error'] = T_('No matches found for that combination of username and <abbr title="electronic mail">e-mail</abbr> address.');
 
-			// MATCH
-		} else {
+$email = $form->addElement(
+    'text', 'email',
+    array(
+        'size'  => 40,
+        'class' => 'required'
+    )
+)->setLabel(T_('E-mail'));
+$email->addRule(
+    'required',
+    T_('You <em>must</em> enter a username, password and e-mail address.')
+);
+$email->addRule(
+    'callback',
+    T_('E-mail address is not valid. Please try again.'),
+    array($userservice, 'isValidEmail')
+);
 
-			// GENERATE AND STORE PASSWORD
-			$password = $userservice->generatePassword($userinfo->getId());
-			if (!($password = $userservice->generatePassword($userinfo->getId()))) {
-				$tplVars['error'] = T_('There was an error while generating your new password. Please try again.');
 
-			} else {
-				// SEND E-MAIL
-				$message = T_('Your new password is:') ."\n". $password ."\n\n". T_('To keep your bookmarks secure, you should change this password in your profile the next time you log in.');
-				$message = wordwrap($message, 70);
-				$headers = 'From: '. $adminemail;
-				$mail = mail(POST_EMAIL, sprintf(T_('%s Account Information'), $sitename), $message);
+$captcha = $form->addElement(
+    'sc-captcha', 'captcha',
+    array(
+        'size' => 40
+    ),
+    array(
+        'captchaSolutionWrong'
+            => T_('Antispam answer is not valid. Please try again.')
+    )
+)
+->setLabel(T_('Antispam question'));
 
-				$tplVars['msg'] = sprintf(T_('New password generated and sent to %s'), POST_EMAIL);
-			}
-		}
-	}
+
+$form->addElement(
+    'submit', 'submit',
+    array('value' => T_('Generate Password'))
+);
+
+/**
+ * Checks if the user and email combination exists in the database.
+ *
+ * @param array $arValues Key-value array of form values
+ *
+ * @return boolean True if it exists, false if not
+ */
+function checkUserEmailCombination($arValues)
+{
+    //FIXME: remove this once HTML_QuickForm2 calls form rules
+    // only after element rules match
+    // http://pear.php.net/bugs/17576
+    if (trim($arValues['username']) == ''
+        || trim($arValues['email']) == ''
+    ) {
+        return false;
+    }
+
+    $userservice = SemanticScuttle_Service_Factory::get('User');
+    return $userservice->userEmailCombinationValid(
+        $arValues['username'], $arValues['email']
+    );
 }
 
-$templatename = 'password.tpl';
+
+
+$tplVars['error'] = '';
+if ($form->validate()) {
+    $arValues = $form->getValue();
+    $arUser   = $userservice->getUserByUsername($arValues['username']);
+    $password = $userservice->generatePassword($arUser['uId']);
+    if ($password === false) {
+        $tplVars['error'] = T_('There was an error while generating your new password. Please try again.');
+    } else {
+        //change password and send email out
+        $message = T_('Your new password is:')
+            . "\n" . $password . "\n\n"
+            . T_('To keep your bookmarks secure, you should change this password in your profile the next time you log in.');
+        $message = wordwrap($message, 70);
+        $headers = 'From: '. $adminemail;
+        $mail    = mail(
+            $arValues['email'],
+            sprintf(T_('%s Account Information'), $sitename),
+            $message
+        );
+        $tplVars['msg'] = sprintf(
+            T_('New password generated and sent to %s'),
+            $arValues['email']
+        );
+        $captcha->clearCaptchaSession();
+    }
+} else {
+    HTML_QuickForm2_Renderer::register(
+        'coolarray',
+        'SemanticScuttle_QuickForm2_Renderer_CoolArray'
+    );
+    //$renderer = HTML_QuickForm2_Renderer::factory('coolarray')
+    $renderer = new SemanticScuttle_QuickForm2_Renderer_CoolArray();
+    $renderer->setOption(
+        array(
+            'group_hiddens' => true,
+            'group_errors'  => true
+        )
+    );
+
+    $tplVars['form']     = $form->render($renderer);
+    //fscking form error is not in form|errors
+    $tplVars['error']   .= implode(
+        '<br/>',
+        array_unique(
+            array_merge(
+                $tplVars['form']['errors'],
+                array($form->getError())
+            )
+        )
+    );
+}
+
+$tplVars['loadjs']   = true;
 $tplVars['subtitle'] = T_('Forgotten Password');
-$tplVars['formaction']  = createURL('password');
-$templateservice->loadTemplate($templatename, $tplVars);
+$templateservice->loadTemplate('password.tpl', $tplVars);
 ?>

www/register.php

@@ -1,24 +1,20 @@
 <?php
-/***************************************************************************
-Copyright (C) 2004 - 2006 Marcus Campbell
-http://sourceforge.net/projects/scuttle/
-http://scuttle.org/
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-***************************************************************************/
-
+/**
+ * SemanticScuttle - your social bookmark manager.
+ * New user registration form.
+ *
+ * PHP version 5.
+ *
+ * @category  Bookmarking
+ * @package   SemanticScuttle
+ * @author    Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @author    Eric Dane <ericdane@users.sourceforge.net>
+ * @author    Marcus Campbell <marcus.campbell@gmail.com>
+ * @copyright 2004-2006 Marcus Campbell
+ * @license   GPL http://www.gnu.org/licenses/gpl.html
+ * @link      http://sourceforge.net/projects/semanticscuttle
+ */
 require_once 'www-header.php';
 
 if (!$GLOBALS['enableRegistration']) {
@@ -27,60 +23,135 @@ if (!$GLOBALS['enableRegistration']) {
     exit(1);
 }
 
-/* Service creation: only useful services are created */
-// No specific services
+require_once 'HTML/QuickForm2.php';
+require_once 'SemanticScuttle/QuickForm2/Renderer/CoolArray.php';
+require_once 'HTML/QuickForm2/Element/NumeralCaptcha.php';
 
-/* Managing all possible inputs */
-isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
-isset($_POST['username']) ? define('POST_USERNAME', $_POST['username']): define('POST_USERNAME', '');
-isset($_POST['password']) ? define('POST_PASS', $_POST['password']): define('POST_PASS', '');
-isset($_POST['email']) ? define('POST_MAIL', $_POST['email']): define('POST_MAIL', '');
-isset($_POST['antispamAnswer']) ? define('POST_ANTISPAMANSWER', $_POST['antispamAnswer']): define('POST_ANTISPAMANSWER', '');
+//we register a strange name here so we can change the class
+// itself easily
+HTML_QuickForm2_Factory::registerElement(
+    'sc-captcha',
+    'HTML_QuickForm2_Element_NumeralCaptcha'
+);
+
+//do not append '-0' to IDs
+HTML_Common2::setOption('id_force_append_index', false);
+
+$form = new HTML_QuickForm2(
+    'registration', 'post',
+    array('action' => createURL('register')),
+    true
+);
+
+$user = $form->addElement(
+    'text', 'username',
+    array(
+        'size'    => 20,
+        'onkeyup' => 'isAvailable(this, "")',
+        'class'   => 'required'
+    )
+)->setLabel(T_('Username'));
+$user->addRule(
+    'required',
+    T_('You <em>must</em> enter a username, password and e-mail address.')
+);
+$user->addRule(
+    'callback',
+    T_('This username is not valid (too short, too long, forbidden characters...), please make another choice.'),
+    array($userservice, 'isValidUsername')
+);
+$user->addRule(
+    'notcallback',
+    T_('This username has been reserved, please make another choice.'),
+    array($userservice, 'isReserved')
+);
+$user->addRule(
+    'notcallback',
+    T_('This username already exists, please make another choice.'),
+    array($userservice, 'existsUserWithUsername')
+);
+
+$form->addElement(
+    'password', 'password',
+    array(
+        'size'  => 20,
+        'class' => 'required'
+    )
+)
+->setLabel(T_('Password'))
+->addRule(
+    'required',
+    T_('You <em>must</em> enter a username, password and e-mail address.')
+);
+
+$email = $form->addElement(
+    'text', 'email',
+    array(
+        'size'  => 40,
+        'class' => 'required'
+    )
+)->setLabel(T_('E-mail'));
+$email->addRule(
+    'required',
+    T_('You <em>must</em> enter a username, password and e-mail address.')
+);
+$email->addRule(
+    'callback',
+    T_('E-mail address is not valid. Please try again.'),
+    array($userservice, 'isValidEmail')
+);
+
+$captcha = $form->addElement(
+    'sc-captcha', 'captcha',
+    array(
+        'size' => 40
+    ),
+    array(
+        'captchaSolutionWrong'
+            => T_('Antispam answer is not valid. Please try again.')
+    )
+)
+->setLabel(T_('Antispam question'));
+
+$form->addElement(
+    'submit', 'submit',
+    array('value' => T_('Register'))
+);
 
 
-if (POST_SUBMITTED != '') {
-    $posteduser = trim(utf8_strtolower(POST_USERNAME));
+$tplVars['error'] = '';
+if ($form->validate()) {
+    $arValues = $form->getValue();
 
-    // Check if form is incomplete
-    if (!($posteduser) || POST_PASS == '' || POST_MAIL == '') {    	
-        $tplVars['error'] = T_('You <em>must</em> enter a username, password and e-mail address.');
-
-    // Check if username is reserved
-    } elseif ($userservice->isReserved($posteduser)) {
-        $tplVars['error'] = T_('This username has been reserved, please make another choice.');
-
-    // Check if username already exists
-    } elseif ($userservice->getUserByUsername($posteduser)) {
-        $tplVars['error'] = T_('This username already exists, please make another choice.');
-        
-    // Check if username is valid (length, authorized characters)
-    } elseif (!$userservice->isValidUsername($posteduser)) {
-        $tplVars['error'] = T_('This username is not valid (too short, too long, forbidden characters...), please make another choice.');        
-    
-    // Check if e-mail address is valid
-    } elseif (!$userservice->isValidEmail(POST_MAIL)) {
-        $tplVars['error'] = T_('E-mail address is not valid. Please try again.');
-
-    // Check if antispam answer is valid (doesn't take into account spaces and uppercase)
-    } elseif (strcasecmp(str_replace(' ', '', POST_ANTISPAMANSWER), str_replace(' ', '', $GLOBALS['antispamAnswer'])) != 0) {
-        $tplVars['error'] = T_('Antispam answer is not valid. Please try again.');
-
-    // Register details
-    } elseif ($userservice->addUser($posteduser, POST_PASS, POST_MAIL) !== false) {
-        // Log in with new username
-        $login = $userservice->login($posteduser, POST_PASS);
-        if ($login) {
-            header('Location: '. createURL('bookmarks', $posteduser));
-        }
-        $tplVars['msg'] = T_('You have successfully registered. Enjoy!');
-    } else {
-        $tplVars['error'] = T_('Registration failed. Please try again.');
+    $bOk = $userservice->addUser(
+        $arValues['username'], $arValues['password'], $arValues['email']
+    );
+    if ($bOk) {
+        $captcha->clearCaptchaSession();
+        header('Location: '. createURL('bookmarks', $arValues['username']));
+        exit();
     }
+    $tplVars['error'] .= T_('Registration failed. Please try again.');
 }
 
-$tplVars['antispamQuestion'] = $GLOBALS['antispamQuestion'];
-$tplVars['loadjs']      = true;
-$tplVars['subtitle']    = T_('Register');
-$tplVars['formaction']  = createURL('register');
+HTML_QuickForm2_Renderer::register(
+    'coolarray',
+    'SemanticScuttle_QuickForm2_Renderer_CoolArray'
+);
+//$renderer = HTML_QuickForm2_Renderer::factory('coolarray')
+$renderer = new SemanticScuttle_QuickForm2_Renderer_CoolArray();
+$renderer->setOption(
+    array(
+        'group_hiddens' => true,
+        'group_errors'  => true
+    )
+);
+
+$tplVars['form']     = $form->render($renderer);
+$tplVars['loadjs']   = true;
+$tplVars['subtitle'] = T_('Register');
+$tplVars['error']   .= implode(
+    '<br/>', array_unique($tplVars['form']['errors'])
+);
 $templateservice->loadTemplate('register.tpl', $tplVars);
 ?>

www/scuttle.css

@@ -541,6 +541,9 @@ form th {
 form table {
 	margin: 0 1em;
 }
+form input.inacttext {
+    color: #888;
+}
 h3 {
 	background: #DDD;
 	color: #555;