From bf0be3ddb7226f428a3cc00a87c5a64f2113c00b Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@controlyourself.ca>
Date: Fri, 20 Jun 2008 01:15:36 -0400
Subject: confirm email addresses

darcs-hash:20080620051536-5ed1f-231e427832dd20c861eb7a6dc1171315e90f455b.gz
---
 actions/confirmemail.php | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
 actions/register.php     | 30 ++++++++++++++++++---
 2 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 actions/confirmemail.php

(limited to 'actions')

diff --git a/actions/confirmemail.php b/actions/confirmemail.php
new file mode 100644
index 000000000..82e3a5537
--- /dev/null
+++ b/actions/confirmemail.php
@@ -0,0 +1,70 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+class ConfirmemailAction extends Action {
+
+	function handle($args) {
+		parent::handle($args);
+		if (!common_logged_in()) {
+			common_set_returnto($this->self_url());
+			common_redirect(common_local_url('login'));
+			return;
+		}
+		$code = $this->trimmed('code');
+		if (!$code) {
+			$this->client_error(_t('No confirmation code.'));
+			return;
+		}
+		$confirm_email = Confirm_email::staticGet('code', $code);
+		if (!$confirm_email) {
+			$this->client_error(_t('Confirmation code not found.'));
+			return;
+		}
+		$cur = common_current_user();
+		if ($cur->id != $confirm_email->user_id) {
+			$this->client_error(_t('That confirmation code is not for you!'));
+			return;
+		}
+		if ($cur->email == $confirm_email->email) {
+			$this->client_error(_t('That email address is already confirmed.'));
+			return;
+		}
+		$cur->query('BEGIN');
+		$orig_user = clone($cur);
+		$cur->email = $confirm_email->email;
+		$result = $cur->update($orig_user);
+		if (!$result) {
+			$this->server_error(_t('Error setting email address.'));
+			return;
+		}
+		$result = $confirm_email->delete();
+		if (!$result) {
+			$this->server_error(_t('Error deleting code.'));
+			return;
+		}
+		$cur->query('COMMIT');
+		common_show_header(_t('Confirm E-mail Address'));
+		common_element('p', NULL,
+					   _t('The email address "') . $cur->email . 
+					   _t('" has been confirmed for your account.'));
+		common_show_footer(_t('Confirm E-mail Address'));
+	}
+}
diff --git a/actions/register.php b/actions/register.php
index cad5c2ed7..d9315b424 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -89,8 +89,11 @@ class RegisterAction extends Action {
 	}
 
 	function register_user($nickname, $password, $email) {
-		# TODO: wrap this in a transaction!
+		
 		$profile = new Profile();
+		
+		$profile->query('BEGIN');
+		
 		$profile->nickname = $nickname;
 		$profile->profileurl = common_profile_url($nickname);
 		$profile->created = DB_DataObject_Cast::dateTime(); # current time
@@ -103,15 +106,34 @@ class RegisterAction extends Action {
 		$user->id = $id;
 		$user->nickname = $nickname;
 		$user->password = common_munge_password($password, $id);
-		$user->email = $email;
 		$user->created =  DB_DataObject_Cast::dateTime(); # current time
 		$user->uri = common_mint_tag('user:'.$id);
 		
 		$result = $user->insert();
 		if (!$result) {
-			# Try to clean up...
-			$profile->delete();
+			return FALSE;
 		}
+
+		if ($email) {
+			$confirm = new Confirm_email();
+			$confirm->code = common_good_random(16);
+			$confirm->user_id = $user->id;
+			$confirm->email = $email;
+			
+			$result = $confirm->insert();
+			if (!$result) {
+				return FALSE;
+			}
+		}
+		
+		$profile->query('COMMIT');
+
+		if ($email) {
+			mail_confirm_address($code,
+								 $profile->nickname,
+								 $email);
+		}
+		
 		return $result;
 	}
 
-- 
cgit v1.2.3-54-g00ecf