aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-20 16:57:11 +0100
committerMario <mario@mariovavti.com>2021-03-20 16:57:11 +0100
commit554745a25a9146a83d5deaaa067b3a8cb4858438 (patch)
treee40f369628453b92db1a9053e6c00db1966af758 /Zotlabs
parent04b96e2cdc2b8b1b9a146dadc2610b17262e0991 (diff)
downloadvolse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.tar.gz
volse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.tar.bz2
volse-hubzilla-554745a25a9146a83d5deaaa067b3a8cb4858438.zip
air: do not require to verify emailaddress once more after invite code got verified - fixes #1546 but probably still requires some finetuning.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Regate.php5
-rw-r--r--Zotlabs/Module/Register.php54
2 files changed, 38 insertions, 21 deletions
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php
index 077e5fd54..0d430d68c 100644
--- a/Zotlabs/Module/Regate.php
+++ b/Zotlabs/Module/Regate.php
@@ -61,14 +61,13 @@ class Regate extends \Zotlabs\Web\Controller {
// do we have a valid dId2 ?
if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2))
- || ($didx == 'e') ) {
+ || ($didx == 'e') || ($didx == 'i')) {
// check startup and expiration via [=[register
$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) );
if ( $r && count($r) == 1 ) {
$r = $r[0];
// check timeframe
if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) {
-
if ( isset($_POST['resend']) && $didx == 'e' ) {
$re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) );
if ( $re && count($re) == 1 ) {
@@ -91,6 +90,8 @@ class Regate extends \Zotlabs\Web\Controller {
$acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false);
elseif ( $didx == 'e' )
$acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false);
+ elseif ( $didx == 'i' )
+ $acpin = $r['reg_hash'];
else $acpin = false;
if ( $acpin && ($r['reg_hash'] == $acpin )) {
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index c25475550..078902b72 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Module;
+use App;
use Zotlabs\Web\Controller;
require_once('include/security.php');
@@ -216,7 +217,15 @@ class Register extends Controller {
// transit ?
// update reg vital 0 off
- $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ",
+ //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ",
+ //intval($reg['reg_id'])
+ //);
+
+ // update DB flags, password
+ // TODO: what else?
+ q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'",
+ intval($flags),
+ dbesc(bin2hex($password)),
intval($reg['reg_id'])
);
@@ -225,8 +234,15 @@ class Register extends Controller {
// msg!
info($msg . EOL);
- $well = true;
+ // the invitecode has verified us and we have all the info we need
+ // take the shortcut.
+ $mod = new Regate();
+ $_REQUEST['form_security_token'] = get_form_security_token("regate");
+ App::$argc = 2;
+ App::$argv[0] = 'regate';
+ App::$argv[1] = bin2hex($reg['reg_did2']) . 'i';
+ return $mod->post();
} else {
// msg!
@@ -309,7 +325,7 @@ class Register extends Controller {
$regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years'));
// handle an email request that will be verified or an ivitation associated with an email address
- if ( $email > '' && ($email_verify || $icdone) ) {
+ if ($email > '' && $email_verify) {
// enforce in case of icdone
$flags |= ACCOUNT_UNVERIFIED;
$empin = $pass2 = random_string(24);
@@ -354,22 +370,22 @@ class Register extends Controller {
}
$reg = q("INSERT INTO register ("
- . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,"
- . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)"
- . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
- intval($flags),
- dbesc($didx),
- dbesc($did2),
- dbesc($pass2),
- dbesc($now),
- dbesc($regdelay),
- dbesc($regexpire),
- dbesc($email),
- dbesc(bin2hex($password)),
- dbesc(substr(get_best_language(),0,2)),
- dbesc($ip),
- dbesc(json_encode( $reonar ))
- );
+ . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,"
+ . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)"
+ . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+ intval($flags),
+ dbesc($didx),
+ dbesc($did2),
+ dbesc($pass2),
+ dbesc($now),
+ dbesc($regdelay),
+ dbesc($regexpire),
+ dbesc($email),
+ dbesc(bin2hex($password)),
+ dbesc(substr(get_best_language(),0,2)),
+ dbesc($ip),
+ dbesc(json_encode( $reonar ))
+ );
if ($didx == 'a') {