function Q_notice_delete() { if (!isset($_REQUEST['key'])) { throw new Q_Exception_RequiredField(array('field' => 'key'), 'key'); } Q::$cache['notice_deleted'] = Q_Response::removeNotice($_REQUEST['key']); }
function Users_activate_post() { Q_Valid::nonce(true); $email = $mobile = $type = $user = null; extract(Users::$cache, EXTR_IF_EXISTS); if (isset($_REQUEST['passphrase'])) { if (empty($_REQUEST['passphrase'])) { throw new Q_Exception("You can't set a blank passphrase.", 'passphrase'); } $isHashed = !empty($_REQUEST['isHashed']); if ($isHashed and $isHashed !== 'true' and intval($_REQUEST['isHashed']) > 1) { // this will let us introduce other values for isHashed in the future throw new Q_Exception("Please set isHashed to 0 or 1", 'isHashed'); } // Save the pass phrase even if there may be a problem adding an email later. // At least the user will be able to log in. $user->passphraseHash = $user->computePassphraseHash($_REQUEST['passphrase'], $isHashed); Q_Response::setNotice("Users/activate/passphrase", "Your pass phrase has been saved.", true); // Log the user in, since they were able to set the passphrase Users::setLoggedInUser($user); // This also saves the user. if (empty($user->passphraseHash)) { throw new Q_Exception("Please set a pass phrase on your account", 'passphrase', true); } } if ($type) { if ($type == 'email address') { $user->setEmailAddress($email->address); // may throw exception } else { if ($type == 'mobile number') { $user->setMobileNumber($mobile->number); // may throw exception } } // Log the user in, since they have just added an email to their account Users::setLoggedInUser($user); // This also saves the user. Q_Response::removeNotice('Users/activate/objects'); Q_Response::setNotice("Users/activate/activated", "Your {$type} has been activated.", true); } Users::$cache['passphrase_set'] = true; Users::$cache['success'] = true; }
function Users_activate_objects_mobile($mobileNumber, &$mobile) { Q_Response::removeNotice('Users/activate/objects'); $mobile = new Users_Mobile(); if (!Q_Valid::phone($mobileNumber, $normalized)) { return; } $mobile->number = $normalized; if (!$mobile->retrieve()) { throw new Q_Exception_MissingRow(array('table' => 'mobile phone', 'criteria' => "number {$normalized}")); } $user = Users::loggedInUser(); if ($user) { if ($user->id != $mobile->userId) { throw new Q_Exception("You are logged in as a different user. Please log out and click the link again."); } } else { $user = new Users_User(); $user->id = $mobile->userId; if (!$user->retrieve()) { throw new Q_Exception_MissingRow(array('table' => 'user', 'criteria' => 'id = ' . $user->id)); } } if ($mobile->activationCode != $_REQUEST['code']) { throw new Q_Exception("The activation code does not match. Did you get a newer message?", 'code'); } $timestamp = Users_Mobile::db()->getCurrentTimestamp(); if ($timestamp > Users_Mobile::db()->fromDateTime($mobile->activationCodeExpires)) { throw new Q_Exception("Activation code expired"); } if (Q_Request::method() !== 'POST' and empty($_REQUEST['p']) and isset($user->mobileNumber) and $user->mobileNumber == $mobile->number) { $displayName = Streams::displayName($user); Q_Response::setNotice('Users/activate/objects', "{$normalized} has already been activated for {$displayName}", true); return $user; } return $user; }
/** * Starts the process of adding a mobile to a saved user object. * Also modifies and saves this user object back to the database. * @method addMobile * @param {string} $mobileNumber * The mobile number to add. * @param {string} [$activationMessageView=null] * The view to use for the body of the activation message to send. * @param {array} [$fields=array()] * An array of additional fields to pass to the mobile view. * @param {array} $options=array() * Array of options. Can include:<br/> * "delay" => A delay, in milliseconds, to wait until sending email. Only works if Node server is listening. * @return {boolean} * Returns true on success. * Returns false if this mobile number is already verified for this user. * @throws {Q_Exception_WrongValue} * If the mobile number is in an invalid format, this is thrown. * @throws {Users_Exception_AlreadyVerified} * If the mobile number already exists and has been verified for * another user, then this exception is thrown. */ function addMobile($mobileNumber, $activationMessageView = null, $fields = array(), $options = array()) { if (!Q_Valid::phone($mobileNumber, $normalized)) { throw new Q_Exception_WrongValue(array('field' => 'Mobile phone', 'range' => 'a valid number'), 'mobileNumber'); } $mobile = new Users_Mobile(); $mobile->number = $normalized; if ($mobile->retrieve('*', array('ignoreCache' => true)) and $mobile->state !== 'unverified') { if ($mobile->userId === $this->id) { $mobile->set('user', $this); return $mobile; } // Otherwise, say it's verified for another user, // even if it unsubscribed or was suspended. throw new Users_Exception_AlreadyVerified(array('key' => 'mobile number', 'userId' => $mobile->userId), 'mobileNumber'); } $user = $this; // If we are here, then the mobile record either // doesn't exist, or hasn't been verified yet. // In either event, update the record in the database, // and re-send the mobile. $minutes = Q_Config::get('Users', 'activation', 'expires', 60 * 24 * 7); $mobile->state = 'unverified'; $mobile->userId = $this->id; $mobile->activationCode = strtolower(Q_Utils::unique(7)); $mobile->activationCodeExpires = new Db_Expression("CURRENT_TIMESTAMP + INTERVAL {$minutes} MINUTE"); $number = $mobile->number; if (substr($number, 0, 2) == '+1') { $number = substr($number, 2); } $mobile->authCode = md5(microtime() + mt_rand()); $link = 'Users/activate?code=' . urlencode($mobile->activationCode) . ' mobileNumber=' . urlencode($number); /** * @event Users/addIdentifier {before} * @param {string} user * @param {string} mobile */ Q::event('Users/addIdentifier', compact('user', 'mobile', 'link'), 'before'); $mobile->save(); $this->mobileNumberPending = $normalized; $this->save(); if (!isset($activationMessageView)) { $activationMessageView = Q_Config::get('Users', 'transactional', 'activation', 'sms', 'Users/sms/activation.php'); } $fields2 = array_merge($fields, array('user' => $this, 'mobile' => $mobile, 'app' => Q_Config::expect('Q', 'app'), 'baseUrl' => Q_Request::baseUrl(), 'link' => $link)); $mobile->sendMessage($activationMessageView, $fields2, $options); Q_Response::removeNotice('Users/mobile'); /** * @event Users/addIdentifier {after} * @param {string} user * @param {string} mobile */ Q::event('Users/addIdentifier', compact('user', 'mobile', 'link'), 'after'); }