aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-07-09 21:10:56 -0700
committerfriendica <info@friendica.com>2014-07-09 21:10:56 -0700
commitfa706c8e860d4057f401b3ca0dff04fb8aa47363 (patch)
tree780ae79755a79d2bc33ca3b042884b4eac30296c /include
parentc59cd91836ce4f487b84fbfb2d155385de63791e (diff)
downloadvolse-hubzilla-fa706c8e860d4057f401b3ca0dff04fb8aa47363.tar.gz
volse-hubzilla-fa706c8e860d4057f401b3ca0dff04fb8aa47363.tar.bz2
volse-hubzilla-fa706c8e860d4057f401b3ca0dff04fb8aa47363.zip
finish implementing email verification. Currently it only applies if REGISTER_OPEN is in effect.
Diffstat (limited to 'include')
-rw-r--r--include/account.php9
-rw-r--r--include/auth.php7
2 files changed, 14 insertions, 2 deletions
diff --git a/include/account.php b/include/account.php
index edfd1bf05..138db3290 100644
--- a/include/account.php
+++ b/include/account.php
@@ -254,6 +254,7 @@ function verify_email_address($arr) {
else
logger('send_reg_approval_email: failed to ' . $admin['email'] . 'account_id: ' . $arr['account']['account_id']);
+ return $res;
}
@@ -476,8 +477,14 @@ function user_approve($hash) {
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
);
+ $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
+ intval(ACCOUNT_UNVERIFIED),
+ intval(ACCOUNT_UNVERIFIED),
+ intval($register[0]['uid'])
+ );
- info( t('Account approved.') . EOL );
+ info( t('Account verified. Please login.') . EOL );
+
return true;
}
diff --git a/include/auth.php b/include/auth.php
index e8f13d0fb..0baa80c2a 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -35,13 +35,18 @@ function nuke_session() {
function account_verify_password($email,$pass) {
+ $email_verify = get_config('system','verify_email');
+
+ if($email_verify && $record['account_flags'] & ACCOUNT_UNVERIFIED)
+ return null;
+
$r = q("select * from account where account_email = '%s'",
dbesc($email)
);
if(! ($r && count($r)))
return null;
foreach($r as $record) {
- if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+ if(($record['account_flags'] == ACCOUNT_OK)
&& (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
logger('password verified for ' . $email);
return $record;