summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/confirmemail.php70
-rw-r--r--actions/register.php30
-rw-r--r--classes/Confirm_email.php23
-rw-r--r--classes/stoica.ini9
-rw-r--r--db/laconica.sql2
-rw-r--r--lib/action.php7
-rw-r--r--lib/common.php1
-rw-r--r--lib/mail.php28
8 files changed, 164 insertions, 6 deletions
diff --git a/actions/confirmemail.php b/actions/confirmemail.php
new file mode 100644
index 000000000..82e3a5537
--- /dev/null
+++ b/actions/confirmemail.php
@@ -0,0 +1,70 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+class ConfirmemailAction extends Action {
+
+ function handle($args) {
+ parent::handle($args);
+ if (!common_logged_in()) {
+ common_set_returnto($this->self_url());
+ common_redirect(common_local_url('login'));
+ return;
+ }
+ $code = $this->trimmed('code');
+ if (!$code) {
+ $this->client_error(_t('No confirmation code.'));
+ return;
+ }
+ $confirm_email = Confirm_email::staticGet('code', $code);
+ if (!$confirm_email) {
+ $this->client_error(_t('Confirmation code not found.'));
+ return;
+ }
+ $cur = common_current_user();
+ if ($cur->id != $confirm_email->user_id) {
+ $this->client_error(_t('That confirmation code is not for you!'));
+ return;
+ }
+ if ($cur->email == $confirm_email->email) {
+ $this->client_error(_t('That email address is already confirmed.'));
+ return;
+ }
+ $cur->query('BEGIN');
+ $orig_user = clone($cur);
+ $cur->email = $confirm_email->email;
+ $result = $cur->update($orig_user);
+ if (!$result) {
+ $this->server_error(_t('Error setting email address.'));
+ return;
+ }
+ $result = $confirm_email->delete();
+ if (!$result) {
+ $this->server_error(_t('Error deleting code.'));
+ return;
+ }
+ $cur->query('COMMIT');
+ common_show_header(_t('Confirm E-mail Address'));
+ common_element('p', NULL,
+ _t('The email address "') . $cur->email .
+ _t('" has been confirmed for your account.'));
+ common_show_footer(_t('Confirm E-mail Address'));
+ }
+}
diff --git a/actions/register.php b/actions/register.php
index cad5c2ed7..d9315b424 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -89,8 +89,11 @@ class RegisterAction extends Action {
}
function register_user($nickname, $password, $email) {
- # TODO: wrap this in a transaction!
+
$profile = new Profile();
+
+ $profile->query('BEGIN');
+
$profile->nickname = $nickname;
$profile->profileurl = common_profile_url($nickname);
$profile->created = DB_DataObject_Cast::dateTime(); # current time
@@ -103,15 +106,34 @@ class RegisterAction extends Action {
$user->id = $id;
$user->nickname = $nickname;
$user->password = common_munge_password($password, $id);
- $user->email = $email;
$user->created = DB_DataObject_Cast::dateTime(); # current time
$user->uri = common_mint_tag('user:'.$id);
$result = $user->insert();
if (!$result) {
- # Try to clean up...
- $profile->delete();
+ return FALSE;
}
+
+ if ($email) {
+ $confirm = new Confirm_email();
+ $confirm->code = common_good_random(16);
+ $confirm->user_id = $user->id;
+ $confirm->email = $email;
+
+ $result = $confirm->insert();
+ if (!$result) {
+ return FALSE;
+ }
+ }
+
+ $profile->query('COMMIT');
+
+ if ($email) {
+ mail_confirm_address($code,
+ $profile->nickname,
+ $email);
+ }
+
return $result;
}
diff --git a/classes/Confirm_email.php b/classes/Confirm_email.php
new file mode 100644
index 000000000..0b13a4669
--- /dev/null
+++ b/classes/Confirm_email.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Table Definition for confirm_email
+ */
+require_once 'DB/DataObject.php';
+
+class Confirm_email extends DB_DataObject
+{
+ ###START_AUTOCODE
+ /* the code below is auto generated do not remove the above tag */
+
+ public $__table = 'confirm_email'; // table name
+ public $code; // varchar(32) primary_key not_null
+ public $user_id; // int(4) not_null
+ public $email; // varchar(255) not_null
+ public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
+
+ /* Static get */
+ function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('Confirm_email',$k,$v); }
+
+ /* the code above is auto generated do not remove the tag below */
+ ###END_AUTOCODE
+}
diff --git a/classes/stoica.ini b/classes/stoica.ini
index ad0925bd9..3745697d5 100644
--- a/classes/stoica.ini
+++ b/classes/stoica.ini
@@ -16,6 +16,15 @@ width = K
height = K
url = U
+[confirm_email]
+code = 130
+user_id = 129
+email = 130
+modified = 384
+
+[confirm_email__keys]
+code = K
+
[consumer]
consumer_key = 130
seed = 130
diff --git a/db/laconica.sql b/db/laconica.sql
index 7935b8b07..0b07148c7 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -145,7 +145,7 @@ create table oid_nonces (
UNIQUE (server_url(255), timestamp, salt)
) ENGINE=InnoDB;
-create table confirmemail (
+create table confirm_email (
code varchar(32) not null primary key comment 'good random code',
user_id integer not null comment 'user who requested confirmation' references user (id),
email varchar(255) not null comment 'email address for password recovery etc.',
diff --git a/lib/action.php b/lib/action.php
index 06d3901d1..81b228312 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -68,4 +68,11 @@ class Action { // lawsuit
common_debug("User error '$code' on '$action': $msg", __FILE__);
common_user_error($msg, $code);
}
+
+ function self_url() {
+ $action = $this->trimmed('action');
+ $args = $this->args;
+ unset($args['action']);
+ return common_local_url($action, $args);
+ }
}
diff --git a/lib/common.php b/lib/common.php
index 7435b0f4a..00f6d68a7 100644
--- a/lib/common.php
+++ b/lib/common.php
@@ -80,3 +80,4 @@ require_once(INSTALLDIR.'/classes/Profile.php');
require_once(INSTALLDIR.'/classes/Remote_profile.php');
require_once(INSTALLDIR.'/classes/Subscription.php');
require_once(INSTALLDIR.'/classes/User.php');
+require_once(INSTALLDIR.'/classes/Confirm_email.php');
diff --git a/lib/mail.php b/lib/mail.php
index 25253fd81..23fd24b25 100644
--- a/lib/mail.php
+++ b/lib/mail.php
@@ -54,4 +54,30 @@ function mail_notify_from() {
return $config['site']['name'] . ' <noreply@'.$config['site']['server'].'>';
}
}
- \ No newline at end of file
+
+# For confirming an email address
+
+function mail_confirm_address($code, $nickname, $address) {
+ $recipients = $address;
+ $headers['From'] = mail_notify_from();
+ $headers['To'] = $nickname . ' <' . $address . '>';
+ $headers['Subject'] = _t('Email address confirmation');
+
+ $body = "Hey, $nickname.";
+ $body .= "\n\n";
+ $body .= 'Someone just entered this email address on ' . common_config('site', 'name') . '.';
+ $body .= "\n\n";
+ $body .= 'If it was you, and you want to confirm your entry, use the URL below:';
+ $body .= "\n\n";
+ $body .= "\t".common_local_url('confirmemail',
+ array('code' => $code));
+ $body .= "\n\n";
+ $body .= 'If not, just ignore this message.';
+ $body .= "\n\n";
+ $body .= 'Thanks for your time, ';
+ $body .= "\n";
+ $body .= common_config('site', 'name');
+ $body .= "\n";
+
+ mail_send($recipients, $headers, $body);
+}