We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 8629c6e5 authored by jurgbohn's avatar jurgbohn

Email-verification on registration

parent 11fbe9ae
......@@ -63,8 +63,13 @@ if (isset($_POST['install'])) {
userlevel INTEGER DEFAULT 0,
webid_uri VARCHAR(255),
avatar_uri VARCHAR(255),
active integer DEFAULT 1,
location_uri VARCHAR(255) REFERENCES Places(location_uri));");
$mdb2->query("CREATE TABLE AccountActivation(
username VARCHAR(64),
authcode VARCHAR(32))");
$res = $mdb2->query("CREATE TABLE Auth (
token VARCHAR(32) PRIMARY KEY,
sk VARCHAR(32),
......
......@@ -46,7 +46,7 @@ if(isset($_POST['login'])) {
if(empty($errors)) {
$res = $mdb2->query('SELECT username FROM Users WHERE '
. ' lower(username) = ' . $mdb2->quote(strtolower($username), 'text')
. ' AND password = ' . $mdb2->quote(md5($password), 'text'));
. ' AND password = ' . $mdb2->quote(md5($password), 'text') . ' AND active = 1');
if(!$res->numRows()) {
$errors .= 'Invalid username or password.';
} else {
......
......@@ -32,6 +32,29 @@ if(!$res->numRows()) {
} else {
$invalid_authcode = false;
}*/
function sendEmail($text, $email) {
$headers = 'From: Libre.fm Account Activation <account@libre.fm>';
$subject = 'Libre.fm Account Activation - Action needed!';
mail($email, $subject, $text, $headers);
}
if(isset($_GET['auth'])) {
$authcode = $_GET['auth'];
$res = $mdb2->query("SELECT * FROM AccountActivation WHERE authcode = " . $mdb2->quote($authcode, 'text'));
if (PEAR::isError($res) || !$res->numRows()) {
$errors = "Unknown activationcode.";
$smarty->assign('errors', $errors);
$smarty->display('error.tpl');
die();
}
$row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
$sql = "UPDATE Users SET active = 1 WHERE username = " . $row['username'];
$res = $mdb2->exec($sql);
$smarty->assign('activated', true);
$smarty->display('register.tpl');
die();
}
if(isset($_POST['register'])) {
......@@ -72,14 +95,14 @@ if(isset($_POST['register'])) {
if(empty($errors)) {
// Create the user
$sql = "INSERT INTO Users (username, password, email, fullname, bio, location, created) VALUES ("
$sql = "INSERT INTO Users (username, password, email, fullname, bio, location, created, active) VALUES ("
. $mdb2->quote($username, "text") . ", "
. $mdb2->quote(md5($password), "text") . ", "
. $mdb2->quote($email, "text") . ", "
. $mdb2->quote($fullname, "text") . ", "
. $mdb2->quote($bio, "text") . ", "
. $mdb2->quote($location, "text") . ", "
. time() . ")";
. time() . ", 0)";
$insert = $mdb2->exec($sql);
if (PEAR::isError($insert)) {
reportError("Create user, insert, register.php", $sql);
......@@ -88,6 +111,27 @@ if(isset($_POST['register'])) {
$smarty->display('error.tpl');
die();
}
$code = md5($username . time());
$sql = "INSERT INTO AccountActivation (username, authcode) VALUES("
. $mdb2->quote($username, 'text') . ", "
. $mdb2->quote($code, 'text') . ")";
$res = $mdb2->exec($sql);
if (PEAR::isError($res)) {
reportError("AccountActivation, insert, register.php", $sql);
$errors .= "An error occurred.";
$smarty->assign('error', $errors);
$smarty->display('error.tpl');
die();
}
$url = $base_url . "/register.php?auth=" . $code;
$content = "Hi!\n\nSomeone from the IP-address " . $_SERVER['REMOTE_ADDR'] . " registered an account "
. "@ http://alpha.libre.fm. If this was you, please visit the webpage specified below to activate "
. "your account. If not, please disregard this email.\n\n" . $url . "\n\n- The Libre.fm Team";
sendEmail($content, $email);
// Remove auth code and set their username as the invitee
//$mdb2->query("UPDATE Invitations SET code = NULL, invitee = " . $mdb2->quote($username, "text") . " WHERE code = " . $mdb2->quote($authcode, "text"));
//$removesql = "DELETE FROM Invitation_Request WHERE email=" . $mdb2->quote($email, 'text');
......
......@@ -2,8 +2,13 @@
<h2>Register</h2>
{if isset($activated)}
<h2>Your account has been activated! You may now login!</h2>
{/if}
{if isset($registered) }
<h2>You're now registered with libre.fm!</h2>
<h2>You're now registered with libre.fm! An email has been sent to the email address you
provided. Please follow the link in the email to activate your account!</h2>
<ul>
<li><a href="http://ideas.libre.fm/index.php/Using_turtle">Find out how to start sending us your listening habits</a></li>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment