diff options
| author | Mario <mario@mariovavti.com> | 2021-03-20 16:57:11 +0100 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-03-20 16:57:11 +0100 |
| commit | 554745a25a9146a83d5deaaa067b3a8cb4858438 (patch) | |
| tree | e40f369628453b92db1a9053e6c00db1966af758 | |
| parent | 04b96e2cdc2b8b1b9a146dadc2610b17262e0991 (diff) | |
| download | volse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.tar.gz volse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.tar.bz2 volse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.zip | |
air: do not require to verify emailaddress once more after invite code got verified - fixes #1546 but probably still requires some finetuning.
| -rw-r--r-- | Zotlabs/Module/Regate.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Register.php | 54 |
2 files changed, 38 insertions, 21 deletions
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 077e5fd54..0d430d68c 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -61,14 +61,13 @@ class Regate extends \Zotlabs\Web\Controller { // do we have a valid dId2 ? if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') ) { + || ($didx == 'e') || ($didx == 'i')) { // check startup and expiration via [=[register $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); if ( $r && count($r) == 1 ) { $r = $r[0]; // check timeframe if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) ); if ( $re && count($re) == 1 ) { @@ -91,6 +90,8 @@ class Regate extends \Zotlabs\Web\Controller { $acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false); elseif ( $didx == 'e' ) $acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false); + elseif ( $didx == 'i' ) + $acpin = $r['reg_hash']; else $acpin = false; if ( $acpin && ($r['reg_hash'] == $acpin )) { diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c25475550..078902b72 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; +use App; use Zotlabs\Web\Controller; require_once('include/security.php'); @@ -216,7 +217,15 @@ class Register extends Controller { // transit ? // update reg vital 0 off - $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //intval($reg['reg_id']) + //); + + // update DB flags, password + // TODO: what else? + q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + intval($flags), + dbesc(bin2hex($password)), intval($reg['reg_id']) ); @@ -225,8 +234,15 @@ class Register extends Controller { // msg! info($msg . EOL); - $well = true; + // the invitecode has verified us and we have all the info we need + // take the shortcut. + $mod = new Regate(); + $_REQUEST['form_security_token'] = get_form_security_token("regate"); + App::$argc = 2; + App::$argv[0] = 'regate'; + App::$argv[1] = bin2hex($reg['reg_did2']) . 'i'; + return $mod->post(); } else { // msg! @@ -309,7 +325,7 @@ class Register extends Controller { $regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years')); // handle an email request that will be verified or an ivitation associated with an email address - if ( $email > '' && ($email_verify || $icdone) ) { + if ($email > '' && $email_verify) { // enforce in case of icdone $flags |= ACCOUNT_UNVERIFIED; $empin = $pass2 = random_string(24); @@ -354,22 +370,22 @@ class Register extends Controller { } $reg = q("INSERT INTO register (" - . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," - . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" - . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", - intval($flags), - dbesc($didx), - dbesc($did2), - dbesc($pass2), - dbesc($now), - dbesc($regdelay), - dbesc($regexpire), - dbesc($email), - dbesc(bin2hex($password)), - dbesc(substr(get_best_language(),0,2)), - dbesc($ip), - dbesc(json_encode( $reonar )) - ); + . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," + . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" + . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + intval($flags), + dbesc($didx), + dbesc($did2), + dbesc($pass2), + dbesc($now), + dbesc($regdelay), + dbesc($regexpire), + dbesc($email), + dbesc(bin2hex($password)), + dbesc(substr(get_best_language(),0,2)), + dbesc($ip), + dbesc(json_encode( $reonar )) + ); if ($didx == 'a') { |