aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-07-03 18:29:32 -0700
committerfriendica <info@friendica.com>2014-07-03 18:29:32 -0700
commit5ed9444beea56c8d4559a01434406f8de8588c57 (patch)
tree8747ae03cbf52f3518f1d6f6d1b91281747d18bf
parent23409984c40f3d6fe527c35f1c78f42494503955 (diff)
downloadvolse-hubzilla-5ed9444beea56c8d4559a01434406f8de8588c57.tar.gz
volse-hubzilla-5ed9444beea56c8d4559a01434406f8de8588c57.tar.bz2
volse-hubzilla-5ed9444beea56c8d4559a01434406f8de8588c57.zip
some initial work towards email address verification
-rw-r--r--include/account.php84
-rw-r--r--mod/regver.php24
-rw-r--r--view/en/register_verify_member.tpl25
3 files changed, 133 insertions, 0 deletions
diff --git a/include/account.php b/include/account.php
index 1206223d9..edfd1bf05 100644
--- a/include/account.php
+++ b/include/account.php
@@ -221,6 +221,45 @@ function create_account($arr) {
+function verify_email_address($arr) {
+
+ $hash = random_string();
+
+ $r = q("INSERT INTO register ( hash, created, uid, password, language ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
+ dbesc($hash),
+ dbesc(datetime_convert()),
+ intval($arr['account']['account_id']),
+ dbesc('verify'),
+ dbesc($arr['account']['account_language'])
+ );
+
+ $email_msg = replace_macros(get_intltext_template('register_verify_member.tpl'), array(
+ '$sitename' => get_config('system','sitename'),
+ '$siteurl' => z_root(),
+ '$email' => $arr['email'],
+ '$uid' => $arr['account']['account_id'],
+ '$hash' => $hash,
+ '$details' => $details
+ ));
+
+ $res = mail($arr['email'], email_header_encode(sprintf( t('Registration confirmation for %s'), get_config('system','sitename'))),
+ $email_msg,
+ 'From: ' . 'Administrator' . '@' . get_app()->get_hostname() . "\n"
+ . 'Content-type: text/plain; charset=UTF-8' . "\n"
+ . 'Content-transfer-encoding: 8bit'
+ );
+
+ if($res)
+ $delivered ++;
+ else
+ logger('send_reg_approval_email: failed to ' . $admin['email'] . 'account_id: ' . $arr['account']['account_id']);
+
+
+}
+
+
+
+
function send_reg_approval_email($arr) {
$r = q("select * from account where account_roles & " . intval(ACCOUNT_ROLE_ADMIN));
@@ -403,6 +442,51 @@ function user_deny($hash) {
}
+function user_approve($hash) {
+
+ $a = get_app();
+
+ $ret = array('success' => false);
+
+ $register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = 'verify' LIMIT 1",
+ dbesc($hash)
+ );
+
+ if(! $register)
+ return $ret;
+
+ $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1",
+ intval($register[0]['uid'])
+ );
+
+ if(! $account)
+ return $ret;
+
+ $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1",
+ dbesc($register[0]['hash'])
+ );
+
+ $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
+ intval(ACCOUNT_BLOCKED),
+ intval(ACCOUNT_BLOCKED),
+ intval($register[0]['uid'])
+ );
+ $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
+ intval(ACCOUNT_PENDING),
+ intval(ACCOUNT_PENDING),
+ intval($register[0]['uid'])
+ );
+
+ info( t('Account approved.') . EOL );
+ return true;
+
+}
+
+
+
+
+
+
/**
* @function downgrade_accounts()
* Checks for accounts that have past their expiration date.
diff --git a/mod/regver.php b/mod/regver.php
new file mode 100644
index 000000000..988fa8c0d
--- /dev/null
+++ b/mod/regver.php
@@ -0,0 +1,24 @@
+<?php
+
+require_once('include/account.php');
+
+function regver_content(&$a) {
+
+ global $lang;
+
+ $_SESSION['return_url'] = $a->cmd;
+
+ if(argc() != 3)
+ killme();
+
+ $cmd = argv(1);
+ $hash = argv(2);
+
+ if($cmd === 'deny') {
+ if (!user_deny($hash)) killme();
+ }
+
+ if($cmd === 'allow') {
+ if (!user_approve($hash)) killme();
+ }
+}
diff --git a/view/en/register_verify_member.tpl b/view/en/register_verify_member.tpl
new file mode 100644
index 000000000..d1e34be67
--- /dev/null
+++ b/view/en/register_verify_member.tpl
@@ -0,0 +1,25 @@
+
+Thank you for registering at {{$sitename}}.
+
+Your login details are as follows:
+
+Site Location: {{$siteurl}}
+Login Name: {{$email}}
+
+Login with the password you chose at registration.
+
+We need to verify your email address in order to give you full access.
+
+If you registered this account, please visit the following link:
+
+{{$siteurl}}/regver/allow/{{$hash}}
+
+
+To deny the request and remove the account, please visit:
+
+
+{{$siteurl}}/regver/deny/{{$hash}}
+
+
+Thank you.
+