confirm.php 6.22 KB
Newer Older
Scott committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
<?php
/*
	Question2Answer by Gideon Greenspan and contributors
	http://www.question2answer.org/

	File: qa-include/qa-page-confirm.php
	Description: Controller for email confirmation page (can also request a new code)


	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	More about this license: http://www.question2answer.org/license.php
*/

Scott committed
23 24 25 26
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
	header('Location: ../');
	exit;
}
Scott committed
27 28 29

//	Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked

30
if (QA_FINAL_EXTERNAL_USERS) {
Scott committed
31
	qa_fatal_error('User login is handled by external code');
32
}
Scott committed
33 34 35

//	Check if we've been asked to send a new link or have a successful email confirmation

36 37 38 39 40 41 42 43 44 45 46 47 48 49
// Fetch the handle from POST or GET
$handle = qa_post_text('username');
if (!isset($handle)) {
	$handle = qa_get('u');
}
$handle = trim($handle); // if $handle is null, trim returns an empty string

// Fetch the code from POST or GET
$code = qa_post_text('code');
if (!isset($code)) {
	$code = qa_get('c');
}
$code = trim($code); // if $code is null, trim returns an empty string

50 51 52
$loggedInUserId = qa_get_logged_in_userid();
$emailConfirmationSent = false;
$userConfirmed = false;
Scott committed
53

54 55
$pageError = null;

56 57
if (isset($loggedInUserId) && qa_clicked('dosendconfirm')) { // A logged in user requested to be sent a confirmation link
	if (!qa_check_form_security_code('confirm', qa_post_text('formcode'))) {
58
		$pageError = qa_lang_html('misc/form_security_again');
59 60 61
	} else {
		// For qa_send_new_confirm
		require_once QA_INCLUDE_DIR . 'app/users-edit.php';
Scott committed
62

63 64
		qa_send_new_confirm($loggedInUserId);
		$emailConfirmationSent = true;
Scott committed
65
	}
66 67
} elseif (strlen($code) > 0) { // If there is a code present in the URL
	// For qa_db_select_with_pending, qa_db_user_account_selectspec
Scott committed
68
	require_once QA_INCLUDE_DIR . 'db/selects.php';
69 70

	// For qa_complete_confirm
Scott committed
71
	require_once QA_INCLUDE_DIR . 'app/users-edit.php';
Scott committed
72

73 74
	if (strlen($handle) > 0) { // If there is a handle present in the URL
		$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($handle, false));
Scott committed
75

76 77 78
		if (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
			qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
			$userConfirmed = true;
Scott committed
79
		}
Scott committed
80
	}
Scott committed
81

82 83 84
	if (!$userConfirmed && isset($loggedInUserId)) { // As a backup, also match code on URL against logged in user
		$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($loggedInUserId, true));
		$flags = $userInfo['flags'];
Scott committed
85

86 87 88 89 90
		if (($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) > 0 && ($flags & QA_USER_FLAGS_MUST_CONFIRM) == 0) {
			$userConfirmed = true; // if they confirmed before, just show message as if it happened now
		} elseif (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
			qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
			$userConfirmed = true;
Scott committed
91 92
		}
	}
Scott committed
93
}
Scott committed
94 95 96

//	Prepare content for theme

Scott committed
97
$qa_content = qa_content_prepare();
Scott committed
98

Scott committed
99
$qa_content['title'] = qa_lang_html('users/confirm_title');
100
$qa_content['error'] = $pageError;
Scott committed
101

102
if ($emailConfirmationSent) {
103
	$qa_content['success'] = qa_lang_html('users/confirm_emailed');
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122

	$email = qa_get_logged_in_email();
	$handle = qa_get_logged_in_handle();

	$qa_content['form'] = array(
		'tags' => 'method="post" action="' . qa_self_html() . '"',

		'style' => 'tall',

		'fields' => array(
			'email' => array(
				'label' => qa_lang_html('users/email_label'),
				'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
						'^1' => '<a href="' . qa_path_html('account') . '">',
						'^2' => '</a>',
					)),
				'type' => 'static',
			),
			'code' => array(
123
				'label' => qa_lang_html('users/email_code_label'),
124 125
				'tags' => 'name="code" id="code"',
				'value' => isset($code) ? qa_html($code) : null,
126 127
				'note' => qa_lang_html('users/email_code_emailed') . ' - ' .
					'<a href="' . qa_path_html('confirm') . '">' . qa_lang_html('users/email_code_another') . '</a>',
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
			),
		),

		'buttons' => array(
			'confirm' => array( // This button does not actually need a name attribute
				'label' => qa_lang_html('users/confirm_button'),
			),
		),

		'hidden' => array(
			'formcode' => qa_get_form_security_code('confirm'),
			'username' => qa_html($handle),
		),
	);

	$qa_content['focusid'] = 'code';
144
} elseif ($userConfirmed) {
145
	$qa_content['success'] = qa_lang_html('users/confirm_complete');
Scott committed
146

147
	if (!isset($loggedInUserId)) {
Scott committed
148 149 150
		$qa_content['suggest_next'] = strtr(
			qa_lang_html('users/log_in_to_access'),
			array(
151
				'^1' => '<a href="' . qa_path_html('login', array('e' => $handle)) . '">',
Scott committed
152 153 154 155
				'^2' => '</a>',
			)
		);
	}
156
} elseif (isset($loggedInUserId)) { // if logged in, allow sending a fresh link
Scott committed
157
	require_once QA_INCLUDE_DIR . 'util/string.php';
Scott committed
158

159
	if (strlen($code) > 0) {
Scott committed
160
		$qa_content['error'] = qa_lang_html('users/confirm_wrong_resend');
161
	}
Scott committed
162

Scott committed
163
	$email = qa_get_logged_in_email();
Scott committed
164

Scott committed
165 166
	$qa_content['form'] = array(
		'tags' => 'method="post" action="' . qa_path_html('confirm') . '"',
Scott committed
167

Scott committed
168
		'style' => 'tall',
Scott committed
169

Scott committed
170 171 172 173 174
		'fields' => array(
			'email' => array(
				'label' => qa_lang_html('users/email_label'),
				'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
						'^1' => '<a href="' . qa_path_html('account') . '">',
Scott committed
175 176
						'^2' => '</a>',
					)),
Scott committed
177
				'type' => 'static',
Scott committed
178
			),
Scott committed
179
		),
Scott committed
180

Scott committed
181 182 183 184
		'buttons' => array(
			'send' => array(
				'tags' => 'name="dosendconfirm"',
				'label' => qa_lang_html('users/send_confirm_button'),
Scott committed
185
			),
Scott committed
186
		),
Scott committed
187

Scott committed
188
		'hidden' => array(
189
			'formcode' => qa_get_form_security_code('confirm'),
Scott committed
190 191
		),
	);
Scott committed
192

Scott committed
193 194 195 196
	if (!qa_email_validate($email)) {
		$qa_content['error'] = qa_lang_html('users/email_invalid');
		unset($qa_content['form']['buttons']['send']);
	}
197
} else { // User is not logged in
Scott committed
198
	$qa_content['error'] = qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm');
199
}
Scott committed
200

Scott committed
201
return $qa_content;