aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php2
-rw-r--r--include/account.php9
-rw-r--r--include/auth.php13
-rw-r--r--install/update.php10
-rw-r--r--mod/register.php23
-rw-r--r--version.inc2
6 files changed, 50 insertions, 9 deletions
diff --git a/boot.php b/boot.php
index 54ef9486e..c3ea2a854 100755
--- a/boot.php
+++ b/boot.php
@@ -47,7 +47,7 @@ define ( 'RED_PLATFORM', 'Red Matrix' );
define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R');
define ( 'ZOT_REVISION', 1 );
-define ( 'DB_UPDATE_VERSION', 1115 );
+define ( 'DB_UPDATE_VERSION', 1116 );
define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
diff --git a/include/account.php b/include/account.php
index edfd1bf05..138db3290 100644
--- a/include/account.php
+++ b/include/account.php
@@ -254,6 +254,7 @@ function verify_email_address($arr) {
else
logger('send_reg_approval_email: failed to ' . $admin['email'] . 'account_id: ' . $arr['account']['account_id']);
+ return $res;
}
@@ -476,8 +477,14 @@ function user_approve($hash) {
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
);
+ $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
+ intval(ACCOUNT_UNVERIFIED),
+ intval(ACCOUNT_UNVERIFIED),
+ intval($register[0]['uid'])
+ );
- info( t('Account approved.') . EOL );
+ info( t('Account verified. Please login.') . EOL );
+
return true;
}
diff --git a/include/auth.php b/include/auth.php
index e8f13d0fb..8e02b7b4f 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -35,13 +35,24 @@ function nuke_session() {
function account_verify_password($email,$pass) {
+ $email_verify = get_config('system','verify_email');
+ $register_policy = get_config('system','register_policy');
+
+ // Currently we only verify email address if there is an open registration policy.
+ // This isn't because of any policy - it's because the workflow gets too complicated if
+ // you have to verify the email and then go through the account approval workflow before
+ // letting them login.
+
+ if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
+ return null;
+
$r = q("select * from account where account_email = '%s'",
dbesc($email)
);
if(! ($r && count($r)))
return null;
foreach($r as $record) {
- if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+ if(($record['account_flags'] == ACCOUNT_OK)
&& (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
logger('password verified for ' . $email);
return $record;
diff --git a/install/update.php b/install/update.php
index bdf84144c..60e8497dc 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1115 );
+define( 'UPDATE_VERSION' , 1116 );
/**
*
@@ -1291,3 +1291,11 @@ ADD INDEX ( `target_id` )");
return UPDATE_FAILED;
}
+function update_r1115() {
+
+ // Introducing email verification. Mark all existing accounts as verified or they
+ // won't be able to login.
+
+ $r = q("update account set account_flags = (account_flags ^ 1) where (account_flags & 1) ");
+ return UPDATE_SUCCESS;
+} \ No newline at end of file
diff --git a/mod/register.php b/mod/register.php
index 990cce2ed..954a32fbf 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -52,14 +52,17 @@ function register_post(&$a) {
$policy = get_config('system','register_policy');
+ $email_verify = get_config('system','verify_email');
+
+
switch($policy) {
case REGISTER_OPEN:
- $flags = ACCOUNT_UNVERIFIED;
+ $flags = ACCOUNT_OK;
break;
case REGISTER_APPROVE:
- $flags = ACCOUNT_UNVERIFIED | ACCOUNT_BLOCKED | ACCOUNT_PENDING;
+ $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING;
break;
default:
@@ -68,10 +71,13 @@ function register_post(&$a) {
notice( t('Permission denied.') . EOL );
return;
}
- $flags = ACCOUNT_UNVERIFIED | ACCOUNT_BLOCKED;
+ $flags = ACCOUNT_BLOCKED;
break;
}
+ if($email_verify && $policy == REGISTER_OPEN)
+ $flags = $flags | ACCOUNT_UNVERIFIED;
+
if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) {
notice( t('Passwords do not match.') . EOL);
@@ -100,7 +106,12 @@ function register_post(&$a) {
}
if($policy == REGISTER_OPEN ) {
- $res = send_verification_email($result['email'],$result['password']);
+ if($email_verify) {
+ $res = verify_email_address($result);
+ }
+ else {
+ $res = send_verification_email($result['email'],$result['password']);
+ }
if($res) {
info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ;
}
@@ -116,6 +127,10 @@ function register_post(&$a) {
goaway(z_root());
}
+ if($email_verify) {
+ goaway(z_root());
+ }
+
authenticate_success($result['account'],true,false,true);
if(! strlen($next_page = get_config('system','workflow_register_next')))
diff --git a/version.inc b/version.inc
index 17865e58f..f9ffd667f 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-07-07.729
+2014-07-10.732