/**
* Accept a confirmation code
*
* Checks the code and confirms the address in the
* user record
*
* @param args $args $_REQUEST array
*
* @return void
*/
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
common_set_returnto($this->selfUrl());
common_redirect(common_local_url('login'));
return;
}
$code = $this->trimmed('code');
if (!$code) {
$this->clientError(_('No confirmation code.'));
return;
}
$confirm = Confirm_address::staticGet('code', $code);
if (!$confirm) {
$this->clientError(_('Confirmation code not found.'));
return;
}
$cur = common_current_user();
if ($cur->id != $confirm->user_id) {
$this->clientError(_('That confirmation code is not for you!'));
return;
}
$type = $confirm->address_type;
if (!in_array($type, array('email', 'jabber', 'sms'))) {
$this->serverError(sprintf(_('Unrecognized address type %s'), $type));
return;
}
if ($cur->{$type} == $confirm->address) {
$this->clientError(_('That address has already been confirmed.'));
return;
}
$cur->query('BEGIN');
$orig_user = clone $cur;
$cur->{$type} = $confirm->address;
if ($type == 'sms') {
$cur->carrier = $confirm->address_extra + 0;
$carrier = Sms_carrier::staticGet($cur->carrier);
$cur->smsemail = $carrier->toEmailAddress($cur->sms);
}
$result = $cur->updateKeys($orig_user);
if (!$result) {
common_log_db_error($cur, 'UPDATE', __FILE__);
$this->serverError(_('Couldn\'t update user.'));
return;
}
if ($type == 'email') {
$cur->emailChanged();
}
$result = $confirm->delete();
if (!$result) {
common_log_db_error($confirm, 'DELETE', __FILE__);
$this->serverError(_('Couldn\'t delete email confirmation.'));
return;
}
$cur->query('COMMIT');
$this->type = $type;
$this->showPage();
}
function checkCode()
{
$code = $this->trimmed('code');
$confirm = Confirm_address::staticGet('code', $code);
if (!$confirm) {
// TRANS: Client error displayed when password recovery code is not correct.
$this->clientError(_('No such recovery code.'));
return;
}
if ($confirm->address_type != 'recover') {
// TRANS: Client error displayed when no proper password recovery code was submitted.
$this->clientError(_('Not a recovery code.'));
return;
}
$user = User::staticGet($confirm->user_id);
if (!$user) {
// TRANS: Server error displayed trying to recover password without providing a user.
$this->serverError(_('Recovery code for unknown user.'));
return;
}
$touched = strtotime($confirm->modified);
$email = $confirm->address;
# Burn this code
$result = $confirm->delete();
if (!$result) {
common_log_db_error($confirm, 'DELETE', __FILE__);
// TRANS: Server error displayed removing a password recovery code from the database.
$this->serverError(_('Error with confirmation code.'));
return;
}
# These should be reaped, but for now we just check mod time
# Note: it's still deleted; let's avoid a second attempt!
if (time() - $touched > MAX_RECOVERY_TIME) {
common_log(LOG_WARNING, 'Attempted redemption on recovery code ' . 'that is ' . $touched . ' seconds old. ');
// TRANS: Client error displayed trying to recover password with too old a recovery code.
$this->clientError(_('This confirmation code is too old. ' . 'Please start again.'));
return;
}
# If we used an outstanding confirmation to send the email,
# it's been confirmed at this point.
if (!$user->email) {
$orig = clone $user;
$user->email = $email;
$result = $user->updateKeys($orig);
if (!$result) {
common_log_db_error($user, 'UPDATE', __FILE__);
// TRANS: Server error displayed when updating a user's e-mail address in the database fails while recovering a password.
$this->serverError(_('Could not update user with confirmed email address.'));
return;
}
}
# Success!
$this->setTempUser($user);
$this->showPasswordForm();
}
function run()
{
if (!$this->start()) {
return false;
}
$this->log(LOG_INFO, 'checking for queued confirmations');
do {
$confirm = $this->next_confirm();
if ($confirm) {
$this->log(LOG_INFO, 'Sending confirmation for ' . $confirm->address);
$user = User::staticGet($confirm->user_id);
if (!$user) {
$this->log(LOG_WARNING, 'Confirmation for unknown user ' . $confirm->user_id);
continue;
}
$success = jabber_confirm_address($confirm->code, $user->nickname, $confirm->address);
if (!$success) {
$this->log(LOG_ERR, 'Confirmation failed for ' . $confirm->address);
# Just let the claim age out; hopefully things work then
continue;
} else {
$this->log(LOG_INFO, 'Confirmation sent for ' . $confirm->address);
# Mark confirmation sent; need a dupe so we don't have the WHERE clause
$dupe = Confirm_address::staticGet('code', $confirm->code);
if (!$dupe) {
common_log(LOG_WARNING, 'Could not refetch confirm', __FILE__);
continue;
}
$orig = clone $dupe;
$dupe->sent = $dupe->claimed;
$result = $dupe->update($orig);
if (!$result) {
common_log_db_error($dupe, 'UPDATE', __FILE__);
# Just let the claim age out; hopefully things work then
continue;
}
$dupe->free();
unset($dupe);
}
$user->free();
unset($user);
$confirm->free();
unset($confirm);
$this->idle(0);
} else {
# $this->clear_old_confirm_claims();
$this->idle(10);
}
} while (true);
if (!$this->finish()) {
return false;
}
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
$user = common_current_user();
if (!empty($user)) {
// TRANS: Client exception thrown when trying to register while already logged in.
throw new ClientException(_m('You are already logged in.'));
}
$this->code = $this->trimmed('code');
$this->confirm = Confirm_address::staticGet('code', $this->code);
if (empty($this->confirm)) {
// TRANS: Client exception thrown when trying to register with a non-existing confirmation code.
throw new ClientException(_m('Confirmation code not found.'));
return;
}
$this->user = User::staticGet('id', $this->confirm->user_id);
if (empty($this->user)) {
// TRANS: Client exception thrown when trying to register with a confirmation code that is not connected with a user.
throw new ServerException(_m('No user for that confirmation code.'));
}
$type = $this->confirm->address_type;
if ($type != 'email') {
// TRANS: Client exception thrown when trying to register with a invalid e-mail address.
// TRANS: %s is the invalid e-mail address.
throw new ServerException(sprintf(_m('Unrecognized address type %s.'), $type));
}
if (!empty($this->user->email) && $this->user->email == $confirm->address) {
// TRANS: Client error for an already confirmed email/jabber/sms address.
throw new ClientException(_m('That address has already been confirmed.'));
}
if ($this->isPost()) {
$this->checkSessionToken();
$password = $this->trimmed('password');
$confirm = $this->trimmed('confirm');
if (strlen($password) < 6) {
// TRANS: Client exception thrown when trying to register with too short a password.
throw new ClientException(_m('Password too short.'));
return;
} else {
if (0 != strcmp($password, $confirm)) {
// TRANS: Client exception thrown when trying to register without providing the same password twice.
throw new ClientException(_m('Passwords do not match.'));
return;
}
}
$this->password = $password;
}
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
$user = common_current_user();
if (!empty($user)) {
throw new ClientException(_('You are already logged in.'));
}
$this->code = $this->trimmed('code');
$this->confirm = Confirm_address::staticGet('code', $this->code);
if (empty($this->confirm)) {
throw new ClientException(_('Confirmation code not found.'));
return;
}
$this->user = User::staticGet('id', $this->confirm->user_id);
if (empty($this->user)) {
throw new ServerException(_('No user for that confirmation code.'));
}
$type = $this->confirm->address_type;
if ($type != 'email') {
throw new ServerException(sprintf(_('Unrecognized address type %s.'), $type));
}
if (!empty($this->user->email) && $this->user->email == $confirm->address) {
// TRANS: Client error for an already confirmed email/jabber/sms address.
throw new ClientException(_('That address has already been confirmed.'));
}
if ($this->isPost()) {
$this->checkSessionToken();
$password = $this->trimmed('password');
$confirm = $this->trimmed('confirm');
if (strlen($password) < 6) {
throw new ClientException(_('Password too short.'));
return;
} else {
if (0 != strcmp($password, $confirm)) {
throw new ClientException(_("Passwords don't match."));
return;
}
}
$this->password = $password;
}
return true;
}
/**
* Accept a confirmation code
*
* Checks the code and confirms the address in the
* user record
*
* @param args $args $_REQUEST array
*
* @return void
*/
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
common_set_returnto($this->selfUrl());
common_redirect(common_local_url('login'));
return;
}
$code = $this->trimmed('code');
if (!$code) {
// TRANS: Client error displayed when not providing a confirmation code in the contact address confirmation action.
$this->clientError(_('No confirmation code.'));
return;
}
$confirm = Confirm_address::staticGet('code', $code);
if (!$confirm) {
// TRANS: Client error displayed when providing a non-existing confirmation code in the contact address confirmation action.
$this->clientError(_('Confirmation code not found.'));
return;
}
$cur = common_current_user();
if ($cur->id != $confirm->user_id) {
// TRANS: Client error displayed when not providing a confirmation code for another user in the contact address confirmation action.
$this->clientError(_('That confirmation code is not for you!'));
return;
}
$type = $confirm->address_type;
$transports = array();
Event::handle('GetImTransports', array(&$transports));
if (!in_array($type, array('email', 'sms')) && !in_array($type, array_keys($transports))) {
// TRANS: Server error for an unknown address type, which can be 'email', 'sms', or the name of an IM network (such as 'xmpp' or 'aim')
$this->serverError(sprintf(_('Unrecognized address type %s'), $type));
return;
}
$this->address = $confirm->address;
$cur->query('BEGIN');
if (in_array($type, array('email', 'sms'))) {
if ($cur->{$type} == $confirm->address) {
// TRANS: Client error for an already confirmed email/jabber/sms address.
$this->clientError(_('That address has already been confirmed.'));
return;
}
$orig_user = clone $cur;
$cur->{$type} = $confirm->address;
if ($type == 'sms') {
$cur->carrier = $confirm->address_extra + 0;
$carrier = Sms_carrier::staticGet($cur->carrier);
$cur->smsemail = $carrier->toEmailAddress($cur->sms);
}
$result = $cur->updateKeys($orig_user);
if (!$result) {
common_log_db_error($cur, 'UPDATE', __FILE__);
// TRANS: Server error displayed when confirming an e-mail address or IM address fails.
$this->serverError(_('Could not update user.'));
return;
}
if ($type == 'email') {
$cur->emailChanged();
}
} else {
$user_im_prefs = new User_im_prefs();
$user_im_prefs->transport = $confirm->address_type;
$user_im_prefs->user_id = $cur->id;
if ($user_im_prefs->find() && $user_im_prefs->fetch()) {
if ($user_im_prefs->screenname == $confirm->address) {
// TRANS: Client error for an already confirmed IM address.
$this->clientError(_('That address has already been confirmed.'));
return;
}
$user_im_prefs->screenname = $confirm->address;
$result = $user_im_prefs->update();
if (!$result) {
common_log_db_error($user_im_prefs, 'UPDATE', __FILE__);
// TRANS: Server error displayed when updating IM preferences fails.
$this->serverError(_('Could not update user IM preferences.'));
return;
}
} else {
$user_im_prefs = new User_im_prefs();
$user_im_prefs->screenname = $confirm->address;
$user_im_prefs->transport = $confirm->address_type;
$user_im_prefs->user_id = $cur->id;
$result = $user_im_prefs->insert();
if (!$result) {
common_log_db_error($user_im_prefs, 'INSERT', __FILE__);
// TRANS: Server error displayed when adding IM preferences fails.
$this->serverError(_('Could not insert user IM preferences.'));
return;
}
}
}
$result = $confirm->delete();
if (!$result) {
common_log_db_error($confirm, 'DELETE', __FILE__);
// TRANS: Server error displayed when an address confirmation code deletion from the
// TRANS: database fails in the contact address confirmation action.
$this->serverError(_('Could not delete address confirmation.'));
return;
}
$cur->query('COMMIT');
$this->showPage();
}
/**
* Accept a confirmation code
*
* Checks the code and confirms the address in the
* user record
*
* @param args $args $_REQUEST array
*
* @return void
*/
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
common_set_returnto($this->selfUrl());
common_redirect(common_local_url('login'));
return;
}
$code = $this->trimmed('code');
if (!$code) {
// TRANS: Client error displayed when not providing a confirmation code in the contact address confirmation action.
$this->clientError(_('No confirmation code.'));
return;
}
$confirm = Confirm_address::staticGet('code', $code);
if (!$confirm) {
// TRANS: Client error displayed when providing a non-existing confirmation code in the contact address confirmation action.
$this->clientError(_('Confirmation code not found.'));
return;
}
$cur = common_current_user();
if ($cur->id != $confirm->user_id) {
// TRANS: Client error displayed when not providing a confirmation code for another user in the contact address confirmation action.
$this->clientError(_('That confirmation code is not for you!'));
return;
}
$type = $confirm->address_type;
if (!in_array($type, array('email', 'jabber', 'sms'))) {
// TRANS: Server error for a unknow address type %s, which can be 'email', 'jabber', or 'sms'.
$this->serverError(sprintf(_('Unrecognized address type %s.'), $type));
return;
}
if ($cur->{$type} == $confirm->address) {
// TRANS: Client error for an already confirmed email/jabber/sms address.
$this->clientError(_('That address has already been confirmed.'));
return;
}
$cur->query('BEGIN');
$orig_user = clone $cur;
$cur->{$type} = $confirm->address;
if ($type == 'sms') {
$cur->carrier = $confirm->address_extra + 0;
$carrier = Sms_carrier::staticGet($cur->carrier);
$cur->smsemail = $carrier->toEmailAddress($cur->sms);
}
$result = $cur->updateKeys($orig_user);
if (!$result) {
common_log_db_error($cur, 'UPDATE', __FILE__);
// TRANS: Server error displayed when a user update to the database fails in the contact address confirmation action.
$this->serverError(_('Could not update user.'));
return;
}
if ($type == 'email') {
$cur->emailChanged();
}
$result = $confirm->delete();
if (!$result) {
common_log_db_error($confirm, 'DELETE', __FILE__);
// TRANS: Server error displayed when an address confirmation code deletion from the
// TRANS: database fails in the contact address confirmation action.
$this->serverError(_('Could not delete address confirmation.'));
return;
}
$cur->query('COMMIT');
$this->type = $type;
$this->showPage();
}
function recoverPassword()
{
$nore = $this->trimmed('nicknameoremail');
if (!$nore) {
$this->showForm(_('Enter a nickname or email address.'));
return;
}
$user = User::staticGet('email', common_canonical_email($nore));
if (!$user) {
$user = User::staticGet('nickname', common_canonical_nickname($nore));
}
# See if it's an unconfirmed email address
if (!$user) {
$confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore));
if ($confirm_email && $confirm_email->address_type == 'email') {
$user = User::staticGet($confirm_email->user_id);
}
}
if (!$user) {
$this->showForm(_('No user with that email address or username.'));
return;
}
# Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) {
$confirm_email = Confirm_address::staticGet('user_id', $user->id);
if ($confirm_email && $confirm_email->address_type != 'email') {
# Skip non-email confirmations
$confirm_email = null;
}
}
if (!$user->email && !$confirm_email) {
$this->clientError(_('No registered email address for that user.'));
return;
}
# Success! We have a valid user and a confirmed or unconfirmed email address
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
$confirm->address = isset($user->email) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
$this->serverError(_('Error saving address confirmation.'));
return;
}
$body = "Hey, {$user->nickname}.";
$body .= "\n\n";
$body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.';
$body .= "\n\n";
$body .= 'If it was you, and you want to confirm, use the URL below:';
$body .= "\n\n";
$body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code));
$body .= "\n\n";
$body .= 'If not, just ignore this message.';
$body .= "\n\n";
$body .= 'Thanks for your time, ';
$body .= "\n";
$body .= common_config('site', 'name');
$body .= "\n";
mail_to_user($user, _('Password recovery requested'), $body, $confirm->address);
$this->mode = 'sent';
$this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.');
$this->success = true;
$this->showPage();
}
function prepare($argarray)
{
parent::prepare($argarray);
if (common_config('site', 'closed')) {
// TRANS: Client exception trown when registration by e-mail is not allowed.
throw new ClientException(_m('Registration not allowed.'), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
$this->email = $this->trimmed('email');
if (!empty($this->email)) {
if (common_config('site', 'inviteonly')) {
// TRANS: Client exception trown when trying to register without an invitation.
throw new ClientException(_m('Sorry, only invited people can register.'), 403);
}
$this->email = common_canonical_email($this->email);
$this->state = self::NEWEMAIL;
} else {
$this->state = self::SETPASSWORD;
$this->code = $this->trimmed('code');
if (empty($this->code)) {
// TRANS: Client exception thrown when no confirmation code was provided.
throw new ClientException(_m('No confirmation code.'));
}
$this->invitation = Invitation::staticGet('code', $this->code);
if (!empty($this->invitation)) {
if (!empty($this->invitation->registered_user_id)) {
// TRANS: Client exception trown when using an invitation multiple times.
throw new ClientException(_m('Invitation already used.'), 403);
}
} else {
$this->confirmation = Confirm_address::staticGet('code', $this->code);
if (empty($this->confirmation)) {
// TRANS: Client exception thrown when given confirmation code was not issued.
throw new ClientException(_m('No such confirmation code.'), 403);
}
}
$this->password1 = $this->trimmed('password1');
$this->password2 = $this->trimmed('password2');
$this->tos = $this->boolean('tos');
}
} else {
// GET
$this->code = $this->trimmed('code');
if (empty($this->code)) {
if (common_config('site', 'inviteonly')) {
// TRANS: Client exception trown when trying to register without an invitation.
throw new ClientException(_m('Sorry, only invited people can register.'), 403);
}
$this->state = self::NEWREGISTER;
} else {
$this->invitation = Invitation::staticGet('code', $this->code);
if (!empty($this->invitation)) {
if (!empty($this->invitation->registered_user_id)) {
// TRANS: Client exception trown when using an invitation multiple times.
throw new ClientException(_m('Invitation already used.'), 403);
}
$this->state = self::CONFIRMINVITE;
} else {
$this->state = self::CONFIRMREGISTER;
$this->confirmation = Confirm_address::staticGet('code', $this->code);
if (empty($this->confirmation)) {
// TRANS: Client exception thrown when given confirmation code was not issued.
throw new ClientException(_m('No such confirmation code.'), 405);
}
}
}
}
return true;
}
