From 5ed9444beea56c8d4559a01434406f8de8588c57 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 3 Jul 2014 18:29:32 -0700 Subject: [PATCH] some initial work towards email address verification --- include/account.php | 84 ++++++++++++++++++++++++++++++ mod/regver.php | 24 +++++++++ view/en/register_verify_member.tpl | 25 +++++++++ 3 files changed, 133 insertions(+) create mode 100644 mod/regver.php create mode 100644 view/en/register_verify_member.tpl diff --git a/include/account.php b/include/account.php index 1206223d9..edfd1bf05 100644 --- a/include/account.php +++ b/include/account.php @@ -221,6 +221,45 @@ function create_account($arr) { +function verify_email_address($arr) { + + $hash = random_string(); + + $r = q("INSERT INTO register ( hash, created, uid, password, language ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", + dbesc($hash), + dbesc(datetime_convert()), + intval($arr['account']['account_id']), + dbesc('verify'), + dbesc($arr['account']['account_language']) + ); + + $email_msg = replace_macros(get_intltext_template('register_verify_member.tpl'), array( + '$sitename' => get_config('system','sitename'), + '$siteurl' => z_root(), + '$email' => $arr['email'], + '$uid' => $arr['account']['account_id'], + '$hash' => $hash, + '$details' => $details + )); + + $res = mail($arr['email'], email_header_encode(sprintf( t('Registration confirmation for %s'), get_config('system','sitename'))), + $email_msg, + 'From: ' . 'Administrator' . '@' . get_app()->get_hostname() . "\n" + . 'Content-type: text/plain; charset=UTF-8' . "\n" + . 'Content-transfer-encoding: 8bit' + ); + + if($res) + $delivered ++; + else + logger('send_reg_approval_email: failed to ' . $admin['email'] . 'account_id: ' . $arr['account']['account_id']); + + +} + + + + function send_reg_approval_email($arr) { $r = q("select * from account where account_roles & " . intval(ACCOUNT_ROLE_ADMIN)); @@ -403,6 +442,51 @@ function user_deny($hash) { } +function user_approve($hash) { + + $a = get_app(); + + $ret = array('success' => false); + + $register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = 'verify' LIMIT 1", + dbesc($hash) + ); + + if(! $register) + return $ret; + + $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", + intval($register[0]['uid']) + ); + + if(! $account) + return $ret; + + $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1", + dbesc($register[0]['hash']) + ); + + $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + intval(ACCOUNT_BLOCKED), + intval(ACCOUNT_BLOCKED), + intval($register[0]['uid']) + ); + $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + intval(ACCOUNT_PENDING), + intval(ACCOUNT_PENDING), + intval($register[0]['uid']) + ); + + info( t('Account approved.') . EOL ); + return true; + +} + + + + + + /** * @function downgrade_accounts() * Checks for accounts that have past their expiration date. diff --git a/mod/regver.php b/mod/regver.php new file mode 100644 index 000000000..988fa8c0d --- /dev/null +++ b/mod/regver.php @@ -0,0 +1,24 @@ +cmd; + + if(argc() != 3) + killme(); + + $cmd = argv(1); + $hash = argv(2); + + if($cmd === 'deny') { + if (!user_deny($hash)) killme(); + } + + if($cmd === 'allow') { + if (!user_approve($hash)) killme(); + } +} diff --git a/view/en/register_verify_member.tpl b/view/en/register_verify_member.tpl new file mode 100644 index 000000000..d1e34be67 --- /dev/null +++ b/view/en/register_verify_member.tpl @@ -0,0 +1,25 @@ + +Thank you for registering at {{$sitename}}. + +Your login details are as follows: + +Site Location: {{$siteurl}} +Login Name: {{$email}} + +Login with the password you chose at registration. + +We need to verify your email address in order to give you full access. + +If you registered this account, please visit the following link: + +{{$siteurl}}/regver/allow/{{$hash}} + + +To deny the request and remove the account, please visit: + + +{{$siteurl}}/regver/deny/{{$hash}} + + +Thank you. +