/** * Accept a confirmation code * * Checks the code and confirms the address in the * user record * * @param args $args $_REQUEST array * * @return void */ function handle($args) { parent::handle($args); if (!common_logged_in()) { common_set_returnto($this->selfUrl()); common_redirect(common_local_url('login')); return; } $code = $this->trimmed('code'); if (!$code) { $this->clientError(_('No confirmation code.')); return; } $confirm = Confirm_address::staticGet('code', $code); if (!$confirm) { $this->clientError(_('Confirmation code not found.')); return; } $cur = common_current_user(); if ($cur->id != $confirm->user_id) { $this->clientError(_('That confirmation code is not for you!')); return; } $type = $confirm->address_type; if (!in_array($type, array('email', 'jabber', 'sms'))) { $this->serverError(sprintf(_('Unrecognized address type %s'), $type)); return; } if ($cur->{$type} == $confirm->address) { $this->clientError(_('That address has already been confirmed.')); return; } $cur->query('BEGIN'); $orig_user = clone $cur; $cur->{$type} = $confirm->address; if ($type == 'sms') { $cur->carrier = $confirm->address_extra + 0; $carrier = Sms_carrier::staticGet($cur->carrier); $cur->smsemail = $carrier->toEmailAddress($cur->sms); } $result = $cur->updateKeys($orig_user); if (!$result) { common_log_db_error($cur, 'UPDATE', __FILE__); $this->serverError(_('Couldn\'t update user.')); return; } if ($type == 'email') { $cur->emailChanged(); } $result = $confirm->delete(); if (!$result) { common_log_db_error($confirm, 'DELETE', __FILE__); $this->serverError(_('Couldn\'t delete email confirmation.')); return; } $cur->query('COMMIT'); $this->type = $type; $this->showPage(); }
function checkCode() { $code = $this->trimmed('code'); $confirm = Confirm_address::staticGet('code', $code); if (!$confirm) { // TRANS: Client error displayed when password recovery code is not correct. $this->clientError(_('No such recovery code.')); return; } if ($confirm->address_type != 'recover') { // TRANS: Client error displayed when no proper password recovery code was submitted. $this->clientError(_('Not a recovery code.')); return; } $user = User::staticGet($confirm->user_id); if (!$user) { // TRANS: Server error displayed trying to recover password without providing a user. $this->serverError(_('Recovery code for unknown user.')); return; } $touched = strtotime($confirm->modified); $email = $confirm->address; # Burn this code $result = $confirm->delete(); if (!$result) { common_log_db_error($confirm, 'DELETE', __FILE__); // TRANS: Server error displayed removing a password recovery code from the database. $this->serverError(_('Error with confirmation code.')); return; } # These should be reaped, but for now we just check mod time # Note: it's still deleted; let's avoid a second attempt! if (time() - $touched > MAX_RECOVERY_TIME) { common_log(LOG_WARNING, 'Attempted redemption on recovery code ' . 'that is ' . $touched . ' seconds old. '); // TRANS: Client error displayed trying to recover password with too old a recovery code. $this->clientError(_('This confirmation code is too old. ' . 'Please start again.')); return; } # If we used an outstanding confirmation to send the email, # it's been confirmed at this point. if (!$user->email) { $orig = clone $user; $user->email = $email; $result = $user->updateKeys($orig); if (!$result) { common_log_db_error($user, 'UPDATE', __FILE__); // TRANS: Server error displayed when updating a user's e-mail address in the database fails while recovering a password. $this->serverError(_('Could not update user with confirmed email address.')); return; } } # Success! $this->setTempUser($user); $this->showPasswordForm(); }
function run() { if (!$this->start()) { return false; } $this->log(LOG_INFO, 'checking for queued confirmations'); do { $confirm = $this->next_confirm(); if ($confirm) { $this->log(LOG_INFO, 'Sending confirmation for ' . $confirm->address); $user = User::staticGet($confirm->user_id); if (!$user) { $this->log(LOG_WARNING, 'Confirmation for unknown user ' . $confirm->user_id); continue; } $success = jabber_confirm_address($confirm->code, $user->nickname, $confirm->address); if (!$success) { $this->log(LOG_ERR, 'Confirmation failed for ' . $confirm->address); # Just let the claim age out; hopefully things work then continue; } else { $this->log(LOG_INFO, 'Confirmation sent for ' . $confirm->address); # Mark confirmation sent; need a dupe so we don't have the WHERE clause $dupe = Confirm_address::staticGet('code', $confirm->code); if (!$dupe) { common_log(LOG_WARNING, 'Could not refetch confirm', __FILE__); continue; } $orig = clone $dupe; $dupe->sent = $dupe->claimed; $result = $dupe->update($orig); if (!$result) { common_log_db_error($dupe, 'UPDATE', __FILE__); # Just let the claim age out; hopefully things work then continue; } $dupe->free(); unset($dupe); } $user->free(); unset($user); $confirm->free(); unset($confirm); $this->idle(0); } else { # $this->clear_old_confirm_claims(); $this->idle(10); } } while (true); if (!$this->finish()) { return false; } return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); $user = common_current_user(); if (!empty($user)) { // TRANS: Client exception thrown when trying to register while already logged in. throw new ClientException(_m('You are already logged in.')); } $this->code = $this->trimmed('code'); $this->confirm = Confirm_address::staticGet('code', $this->code); if (empty($this->confirm)) { // TRANS: Client exception thrown when trying to register with a non-existing confirmation code. throw new ClientException(_m('Confirmation code not found.')); return; } $this->user = User::staticGet('id', $this->confirm->user_id); if (empty($this->user)) { // TRANS: Client exception thrown when trying to register with a confirmation code that is not connected with a user. throw new ServerException(_m('No user for that confirmation code.')); } $type = $this->confirm->address_type; if ($type != 'email') { // TRANS: Client exception thrown when trying to register with a invalid e-mail address. // TRANS: %s is the invalid e-mail address. throw new ServerException(sprintf(_m('Unrecognized address type %s.'), $type)); } if (!empty($this->user->email) && $this->user->email == $confirm->address) { // TRANS: Client error for an already confirmed email/jabber/sms address. throw new ClientException(_m('That address has already been confirmed.')); } if ($this->isPost()) { $this->checkSessionToken(); $password = $this->trimmed('password'); $confirm = $this->trimmed('confirm'); if (strlen($password) < 6) { // TRANS: Client exception thrown when trying to register with too short a password. throw new ClientException(_m('Password too short.')); return; } else { if (0 != strcmp($password, $confirm)) { // TRANS: Client exception thrown when trying to register without providing the same password twice. throw new ClientException(_m('Passwords do not match.')); return; } } $this->password = $password; } return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); $user = common_current_user(); if (!empty($user)) { throw new ClientException(_('You are already logged in.')); } $this->code = $this->trimmed('code'); $this->confirm = Confirm_address::staticGet('code', $this->code); if (empty($this->confirm)) { throw new ClientException(_('Confirmation code not found.')); return; } $this->user = User::staticGet('id', $this->confirm->user_id); if (empty($this->user)) { throw new ServerException(_('No user for that confirmation code.')); } $type = $this->confirm->address_type; if ($type != 'email') { throw new ServerException(sprintf(_('Unrecognized address type %s.'), $type)); } if (!empty($this->user->email) && $this->user->email == $confirm->address) { // TRANS: Client error for an already confirmed email/jabber/sms address. throw new ClientException(_('That address has already been confirmed.')); } if ($this->isPost()) { $this->checkSessionToken(); $password = $this->trimmed('password'); $confirm = $this->trimmed('confirm'); if (strlen($password) < 6) { throw new ClientException(_('Password too short.')); return; } else { if (0 != strcmp($password, $confirm)) { throw new ClientException(_("Passwords don't match.")); return; } } $this->password = $password; } return true; }
/** * Accept a confirmation code * * Checks the code and confirms the address in the * user record * * @param args $args $_REQUEST array * * @return void */ function handle($args) { parent::handle($args); if (!common_logged_in()) { common_set_returnto($this->selfUrl()); common_redirect(common_local_url('login')); return; } $code = $this->trimmed('code'); if (!$code) { // TRANS: Client error displayed when not providing a confirmation code in the contact address confirmation action. $this->clientError(_('No confirmation code.')); return; } $confirm = Confirm_address::staticGet('code', $code); if (!$confirm) { // TRANS: Client error displayed when providing a non-existing confirmation code in the contact address confirmation action. $this->clientError(_('Confirmation code not found.')); return; } $cur = common_current_user(); if ($cur->id != $confirm->user_id) { // TRANS: Client error displayed when not providing a confirmation code for another user in the contact address confirmation action. $this->clientError(_('That confirmation code is not for you!')); return; } $type = $confirm->address_type; $transports = array(); Event::handle('GetImTransports', array(&$transports)); if (!in_array($type, array('email', 'sms')) && !in_array($type, array_keys($transports))) { // TRANS: Server error for an unknown address type, which can be 'email', 'sms', or the name of an IM network (such as 'xmpp' or 'aim') $this->serverError(sprintf(_('Unrecognized address type %s'), $type)); return; } $this->address = $confirm->address; $cur->query('BEGIN'); if (in_array($type, array('email', 'sms'))) { if ($cur->{$type} == $confirm->address) { // TRANS: Client error for an already confirmed email/jabber/sms address. $this->clientError(_('That address has already been confirmed.')); return; } $orig_user = clone $cur; $cur->{$type} = $confirm->address; if ($type == 'sms') { $cur->carrier = $confirm->address_extra + 0; $carrier = Sms_carrier::staticGet($cur->carrier); $cur->smsemail = $carrier->toEmailAddress($cur->sms); } $result = $cur->updateKeys($orig_user); if (!$result) { common_log_db_error($cur, 'UPDATE', __FILE__); // TRANS: Server error displayed when confirming an e-mail address or IM address fails. $this->serverError(_('Could not update user.')); return; } if ($type == 'email') { $cur->emailChanged(); } } else { $user_im_prefs = new User_im_prefs(); $user_im_prefs->transport = $confirm->address_type; $user_im_prefs->user_id = $cur->id; if ($user_im_prefs->find() && $user_im_prefs->fetch()) { if ($user_im_prefs->screenname == $confirm->address) { // TRANS: Client error for an already confirmed IM address. $this->clientError(_('That address has already been confirmed.')); return; } $user_im_prefs->screenname = $confirm->address; $result = $user_im_prefs->update(); if (!$result) { common_log_db_error($user_im_prefs, 'UPDATE', __FILE__); // TRANS: Server error displayed when updating IM preferences fails. $this->serverError(_('Could not update user IM preferences.')); return; } } else { $user_im_prefs = new User_im_prefs(); $user_im_prefs->screenname = $confirm->address; $user_im_prefs->transport = $confirm->address_type; $user_im_prefs->user_id = $cur->id; $result = $user_im_prefs->insert(); if (!$result) { common_log_db_error($user_im_prefs, 'INSERT', __FILE__); // TRANS: Server error displayed when adding IM preferences fails. $this->serverError(_('Could not insert user IM preferences.')); return; } } } $result = $confirm->delete(); if (!$result) { common_log_db_error($confirm, 'DELETE', __FILE__); // TRANS: Server error displayed when an address confirmation code deletion from the // TRANS: database fails in the contact address confirmation action. $this->serverError(_('Could not delete address confirmation.')); return; } $cur->query('COMMIT'); $this->showPage(); }
/** * Accept a confirmation code * * Checks the code and confirms the address in the * user record * * @param args $args $_REQUEST array * * @return void */ function handle($args) { parent::handle($args); if (!common_logged_in()) { common_set_returnto($this->selfUrl()); common_redirect(common_local_url('login')); return; } $code = $this->trimmed('code'); if (!$code) { // TRANS: Client error displayed when not providing a confirmation code in the contact address confirmation action. $this->clientError(_('No confirmation code.')); return; } $confirm = Confirm_address::staticGet('code', $code); if (!$confirm) { // TRANS: Client error displayed when providing a non-existing confirmation code in the contact address confirmation action. $this->clientError(_('Confirmation code not found.')); return; } $cur = common_current_user(); if ($cur->id != $confirm->user_id) { // TRANS: Client error displayed when not providing a confirmation code for another user in the contact address confirmation action. $this->clientError(_('That confirmation code is not for you!')); return; } $type = $confirm->address_type; if (!in_array($type, array('email', 'jabber', 'sms'))) { // TRANS: Server error for a unknow address type %s, which can be 'email', 'jabber', or 'sms'. $this->serverError(sprintf(_('Unrecognized address type %s.'), $type)); return; } if ($cur->{$type} == $confirm->address) { // TRANS: Client error for an already confirmed email/jabber/sms address. $this->clientError(_('That address has already been confirmed.')); return; } $cur->query('BEGIN'); $orig_user = clone $cur; $cur->{$type} = $confirm->address; if ($type == 'sms') { $cur->carrier = $confirm->address_extra + 0; $carrier = Sms_carrier::staticGet($cur->carrier); $cur->smsemail = $carrier->toEmailAddress($cur->sms); } $result = $cur->updateKeys($orig_user); if (!$result) { common_log_db_error($cur, 'UPDATE', __FILE__); // TRANS: Server error displayed when a user update to the database fails in the contact address confirmation action. $this->serverError(_('Could not update user.')); return; } if ($type == 'email') { $cur->emailChanged(); } $result = $confirm->delete(); if (!$result) { common_log_db_error($confirm, 'DELETE', __FILE__); // TRANS: Server error displayed when an address confirmation code deletion from the // TRANS: database fails in the contact address confirmation action. $this->serverError(_('Could not delete address confirmation.')); return; } $cur->query('COMMIT'); $this->type = $type; $this->showPage(); }
function recoverPassword() { $nore = $this->trimmed('nicknameoremail'); if (!$nore) { $this->showForm(_('Enter a nickname or email address.')); return; } $user = User::staticGet('email', common_canonical_email($nore)); if (!$user) { $user = User::staticGet('nickname', common_canonical_nickname($nore)); } # See if it's an unconfirmed email address if (!$user) { $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); if ($confirm_email && $confirm_email->address_type == 'email') { $user = User::staticGet($confirm_email->user_id); } } if (!$user) { $this->showForm(_('No user with that email address or username.')); return; } # Try to get an unconfirmed email address if they used a user name if (!$user->email && !$confirm_email) { $confirm_email = Confirm_address::staticGet('user_id', $user->id); if ($confirm_email && $confirm_email->address_type != 'email') { # Skip non-email confirmations $confirm_email = null; } } if (!$user->email && !$confirm_email) { $this->clientError(_('No registered email address for that user.')); return; } # Success! We have a valid user and a confirmed or unconfirmed email address $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; $confirm->address = isset($user->email) ? $user->email : $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); $this->serverError(_('Error saving address confirmation.')); return; } $body = "Hey, {$user->nickname}."; $body .= "\n\n"; $body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.'; $body .= "\n\n"; $body .= 'If it was you, and you want to confirm, use the URL below:'; $body .= "\n\n"; $body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code)); $body .= "\n\n"; $body .= 'If not, just ignore this message.'; $body .= "\n\n"; $body .= 'Thanks for your time, '; $body .= "\n"; $body .= common_config('site', 'name'); $body .= "\n"; mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); $this->mode = 'sent'; $this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.'); $this->success = true; $this->showPage(); }
function prepare($argarray) { parent::prepare($argarray); if (common_config('site', 'closed')) { // TRANS: Client exception trown when registration by e-mail is not allowed. throw new ClientException(_m('Registration not allowed.'), 403); } if ($this->isPost()) { $this->checkSessionToken(); $this->email = $this->trimmed('email'); if (!empty($this->email)) { if (common_config('site', 'inviteonly')) { // TRANS: Client exception trown when trying to register without an invitation. throw new ClientException(_m('Sorry, only invited people can register.'), 403); } $this->email = common_canonical_email($this->email); $this->state = self::NEWEMAIL; } else { $this->state = self::SETPASSWORD; $this->code = $this->trimmed('code'); if (empty($this->code)) { // TRANS: Client exception thrown when no confirmation code was provided. throw new ClientException(_m('No confirmation code.')); } $this->invitation = Invitation::staticGet('code', $this->code); if (!empty($this->invitation)) { if (!empty($this->invitation->registered_user_id)) { // TRANS: Client exception trown when using an invitation multiple times. throw new ClientException(_m('Invitation already used.'), 403); } } else { $this->confirmation = Confirm_address::staticGet('code', $this->code); if (empty($this->confirmation)) { // TRANS: Client exception thrown when given confirmation code was not issued. throw new ClientException(_m('No such confirmation code.'), 403); } } $this->password1 = $this->trimmed('password1'); $this->password2 = $this->trimmed('password2'); $this->tos = $this->boolean('tos'); } } else { // GET $this->code = $this->trimmed('code'); if (empty($this->code)) { if (common_config('site', 'inviteonly')) { // TRANS: Client exception trown when trying to register without an invitation. throw new ClientException(_m('Sorry, only invited people can register.'), 403); } $this->state = self::NEWREGISTER; } else { $this->invitation = Invitation::staticGet('code', $this->code); if (!empty($this->invitation)) { if (!empty($this->invitation->registered_user_id)) { // TRANS: Client exception trown when using an invitation multiple times. throw new ClientException(_m('Invitation already used.'), 403); } $this->state = self::CONFIRMINVITE; } else { $this->state = self::CONFIRMREGISTER; $this->confirmation = Confirm_address::staticGet('code', $this->code); if (empty($this->confirmation)) { // TRANS: Client exception thrown when given confirmation code was not issued. throw new ClientException(_m('No such confirmation code.'), 405); } } } } return true; }