From bf0be3ddb7226f428a3cc00a87c5a64f2113c00b Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 20 Jun 2008 01:15:36 -0400 Subject: confirm email addresses darcs-hash:20080620051536-5ed1f-231e427832dd20c861eb7a6dc1171315e90f455b.gz --- actions/confirmemail.php | 70 +++++++++++++++++++++++++++++++++++++++++++++++ actions/register.php | 30 +++++++++++++++++--- classes/Confirm_email.php | 23 ++++++++++++++++ classes/stoica.ini | 9 ++++++ db/laconica.sql | 2 +- lib/action.php | 7 +++++ lib/common.php | 1 + lib/mail.php | 28 ++++++++++++++++++- 8 files changed, 164 insertions(+), 6 deletions(-) create mode 100644 actions/confirmemail.php create mode 100644 classes/Confirm_email.php diff --git a/actions/confirmemail.php b/actions/confirmemail.php new file mode 100644 index 000000000..82e3a5537 --- /dev/null +++ b/actions/confirmemail.php @@ -0,0 +1,70 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +class ConfirmemailAction extends Action { + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_set_returnto($this->self_url()); + common_redirect(common_local_url('login')); + return; + } + $code = $this->trimmed('code'); + if (!$code) { + $this->client_error(_t('No confirmation code.')); + return; + } + $confirm_email = Confirm_email::staticGet('code', $code); + if (!$confirm_email) { + $this->client_error(_t('Confirmation code not found.')); + return; + } + $cur = common_current_user(); + if ($cur->id != $confirm_email->user_id) { + $this->client_error(_t('That confirmation code is not for you!')); + return; + } + if ($cur->email == $confirm_email->email) { + $this->client_error(_t('That email address is already confirmed.')); + return; + } + $cur->query('BEGIN'); + $orig_user = clone($cur); + $cur->email = $confirm_email->email; + $result = $cur->update($orig_user); + if (!$result) { + $this->server_error(_t('Error setting email address.')); + return; + } + $result = $confirm_email->delete(); + if (!$result) { + $this->server_error(_t('Error deleting code.')); + return; + } + $cur->query('COMMIT'); + common_show_header(_t('Confirm E-mail Address')); + common_element('p', NULL, + _t('The email address "') . $cur->email . + _t('" has been confirmed for your account.')); + common_show_footer(_t('Confirm E-mail Address')); + } +} diff --git a/actions/register.php b/actions/register.php index cad5c2ed7..d9315b424 100644 --- a/actions/register.php +++ b/actions/register.php @@ -89,8 +89,11 @@ class RegisterAction extends Action { } function register_user($nickname, $password, $email) { - # TODO: wrap this in a transaction! + $profile = new Profile(); + + $profile->query('BEGIN'); + $profile->nickname = $nickname; $profile->profileurl = common_profile_url($nickname); $profile->created = DB_DataObject_Cast::dateTime(); # current time @@ -103,15 +106,34 @@ class RegisterAction extends Action { $user->id = $id; $user->nickname = $nickname; $user->password = common_munge_password($password, $id); - $user->email = $email; $user->created = DB_DataObject_Cast::dateTime(); # current time $user->uri = common_mint_tag('user:'.$id); $result = $user->insert(); if (!$result) { - # Try to clean up... - $profile->delete(); + return FALSE; } + + if ($email) { + $confirm = new Confirm_email(); + $confirm->code = common_good_random(16); + $confirm->user_id = $user->id; + $confirm->email = $email; + + $result = $confirm->insert(); + if (!$result) { + return FALSE; + } + } + + $profile->query('COMMIT'); + + if ($email) { + mail_confirm_address($code, + $profile->nickname, + $email); + } + return $result; } diff --git a/classes/Confirm_email.php b/classes/Confirm_email.php new file mode 100644 index 000000000..0b13a4669 --- /dev/null +++ b/classes/Confirm_email.php @@ -0,0 +1,23 @@ +trimmed('action'); + $args = $this->args; + unset($args['action']); + return common_local_url($action, $args); + } } diff --git a/lib/common.php b/lib/common.php index 7435b0f4a..00f6d68a7 100644 --- a/lib/common.php +++ b/lib/common.php @@ -80,3 +80,4 @@ require_once(INSTALLDIR.'/classes/Profile.php'); require_once(INSTALLDIR.'/classes/Remote_profile.php'); require_once(INSTALLDIR.'/classes/Subscription.php'); require_once(INSTALLDIR.'/classes/User.php'); +require_once(INSTALLDIR.'/classes/Confirm_email.php'); diff --git a/lib/mail.php b/lib/mail.php index 25253fd81..23fd24b25 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -54,4 +54,30 @@ function mail_notify_from() { return $config['site']['name'] . ' '; } } - \ No newline at end of file + +# For confirming an email address + +function mail_confirm_address($code, $nickname, $address) { + $recipients = $address; + $headers['From'] = mail_notify_from(); + $headers['To'] = $nickname . ' <' . $address . '>'; + $headers['Subject'] = _t('Email address confirmation'); + + $body = "Hey, $nickname."; + $body .= "\n\n"; + $body .= 'Someone just entered this email address on ' . common_config('site', 'name') . '.'; + $body .= "\n\n"; + $body .= 'If it was you, and you want to confirm your entry, use the URL below:'; + $body .= "\n\n"; + $body .= "\t".common_local_url('confirmemail', + array('code' => $code)); + $body .= "\n\n"; + $body .= 'If not, just ignore this message.'; + $body .= "\n\n"; + $body .= 'Thanks for your time, '; + $body .= "\n"; + $body .= common_config('site', 'name'); + $body .= "\n"; + + mail_send($recipients, $headers, $body); +} -- cgit v1.2.3-54-g00ecf