Merge pull request #473 from pupi1985/patch-82

Let user input a confirmation code manually

qa-include/lang/qa-lang-users.php

@@ -39,8 +39,9 @@
 		'category_level_none' => 'No upgrade',
 		'change_email_link' => ' - ^1change email^2',
 		'change_password' => 'Change Password',
+		'confirm_button' => 'Confirm email address',
 		'confirm_complete' => 'Thank you - your email address has been confirmed',
-		'confirm_emailed' => 'A confirmation link has been emailed to you. Please click the link to confirm your email address.',
+		'confirm_emailed' => 'Please click the link or input the code sent to your email address in order to confirm it.',
 		'confirm_required' => 'To complete your registration, please click the confirmation link that has been emailed to you, or ^1request another^2.',
 		'confirm_title' => 'Email Address Confirmation',
 		'confirm_wrong_log_in' => 'Code not correct - please ^1log in^2 to send a new link',
@@ -111,7 +112,7 @@
 		'remember_label' => 'Remember me on this computer',
 		'remove_avatar' => 'Remove avatar:',
 		'reset_code_another' => 'send another',
-		'reset_code_emailed' => 'You have been emailed your reset code',
+		'reset_code_emailed' => 'You have been emailed your code',
 		'reset_code_label' => 'Code:',
 		'reset_code_wrong' => 'Code not correct',
 		'reset_title' => 'Reset Forgotten Password',

qa-include/pages/confirm.php

@@ -25,88 +25,140 @@ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly
 	exit;
 }
 
-
 //	Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
 
-if (QA_FINAL_EXTERNAL_USERS)
+if (QA_FINAL_EXTERNAL_USERS) {
 	qa_fatal_error('User login is handled by external code');
-
+}
 
 //	Check if we've been asked to send a new link or have a successful email confirmation
 
-$incode = trim(qa_get('c')); // trim to prevent passing in blank values to match uninitiated DB rows
-$inhandle = qa_get('u');
-$loginuserid = qa_get_logged_in_userid();
-$useremailed = false;
-$userconfirmed = false;
+// Fetch the handle from POST or GET
+$handle = qa_post_text('username');
+if (!isset($handle)) {
+	$handle = qa_get('u');
+}
+$handle = trim($handle); // if $handle is null, trim returns an empty string
 
-if (isset($loginuserid) && qa_clicked('dosendconfirm')) { // button clicked to send a link
-	require_once QA_INCLUDE_DIR . 'app/users-edit.php';
+// Fetch the code from POST or GET
+$code = qa_post_text('code');
+if (!isset($code)) {
+	$code = qa_get('c');
+}
+$code = trim($code); // if $code is null, trim returns an empty string
 
-	if (!qa_check_form_security_code('confirm', qa_post_text('code')))
-		$pageerror = qa_lang_html('misc/form_security_again');
+$loggedInUserId = qa_get_logged_in_userid();
+$emailConfirmationSent = false;
+$userConfirmed = false;
 
-	else {
-		qa_send_new_confirm($loginuserid);
-		$useremailed = true;
-	}
+$pageError = null;
+
+if (isset($loggedInUserId) && qa_clicked('dosendconfirm')) { // A logged in user requested to be sent a confirmation link
+	if (!qa_check_form_security_code('confirm', qa_post_text('formcode'))) {
+		$pageError = qa_lang_html('misc/form_security_again');
+	} else {
+		// For qa_send_new_confirm
+		require_once QA_INCLUDE_DIR . 'app/users-edit.php';
 
-} elseif (strlen($incode)) { // non-empty code detected from the URL
+		qa_send_new_confirm($loggedInUserId);
+		$emailConfirmationSent = true;
+	}
+} elseif (strlen($code) > 0) { // If there is a code present in the URL
+	// For qa_db_select_with_pending, qa_db_user_account_selectspec
 	require_once QA_INCLUDE_DIR . 'db/selects.php';
+
+	// For qa_complete_confirm
 	require_once QA_INCLUDE_DIR . 'app/users-edit.php';
 
-	if (!empty($inhandle)) { // match based on code and handle provided on URL
-		$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inhandle, false));
+	if (strlen($handle) > 0) { // If there is a handle present in the URL
+		$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($handle, false));
 
-		if (strtolower(trim(@$userinfo['emailcode'])) == strtolower($incode)) {
-			qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']);
-			$userconfirmed = true;
+		if (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
+			qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
+			$userConfirmed = true;
 		}
 	}
 
-	if ((!$userconfirmed) && isset($loginuserid)) { // as a backup, also match code on URL against logged in user
-		$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($loginuserid, true));
-		$flags = $userinfo['flags'];
-
-		if (($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) && !($flags & QA_USER_FLAGS_MUST_CONFIRM))
-			$userconfirmed = true; // if they confirmed before, just show message as if it happened now
+	if (!$userConfirmed && isset($loggedInUserId)) { // As a backup, also match code on URL against logged in user
+		$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($loggedInUserId, true));
+		$flags = $userInfo['flags'];
 
-		elseif (strtolower(trim($userinfo['emailcode'])) == strtolower($incode)) {
-			qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']);
-			$userconfirmed = true;
+		if (($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) > 0 && ($flags & QA_USER_FLAGS_MUST_CONFIRM) == 0) {
+			$userConfirmed = true; // if they confirmed before, just show message as if it happened now
+		} elseif (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
+			qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
+			$userConfirmed = true;
 		}
 	}
 }
 
-
 //	Prepare content for theme
 
 $qa_content = qa_content_prepare();
 
 $qa_content['title'] = qa_lang_html('users/confirm_title');
-$qa_content['error'] = @$pageerror;
+$qa_content['error'] = $pageError;
 
-if ($useremailed) {
+if ($emailConfirmationSent) {
 	$qa_content['success'] = qa_lang_html('users/confirm_emailed');
 
-} elseif ($userconfirmed) {
+	$email = qa_get_logged_in_email();
+	$handle = qa_get_logged_in_handle();
+
+	$qa_content['form'] = array(
+		'tags' => 'method="post" action="' . qa_self_html() . '"',
+
+		'style' => 'tall',
+
+		'fields' => array(
+			'email' => array(
+				'label' => qa_lang_html('users/email_label'),
+				'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
+						'^1' => '<a href="' . qa_path_html('account') . '">',
+						'^2' => '</a>',
+					)),
+				'type' => 'static',
+			),
+			'code' => array(
+				'label' => qa_lang_html('users/reset_code_label'),
+				'tags' => 'name="code" id="code"',
+				'value' => isset($code) ? qa_html($code) : null,
+				'note' => qa_lang_html('users/reset_code_emailed') . ' - ' .
+					'<a href="' . qa_path_html('confirm') . '">' . qa_lang_html('users/reset_code_another') . '</a>',
+			),
+		),
+
+		'buttons' => array(
+			'confirm' => array( // This button does not actually need a name attribute
+				'label' => qa_lang_html('users/confirm_button'),
+			),
+		),
+
+		'hidden' => array(
+			'formcode' => qa_get_form_security_code('confirm'),
+			'username' => qa_html($handle),
+		),
+	);
+
+	$qa_content['focusid'] = 'code';
+} elseif ($userConfirmed) {
 	$qa_content['success'] = qa_lang_html('users/confirm_complete');
 
-	if (!isset($loginuserid)) {
+	if (!isset($loggedInUserId)) {
 		$qa_content['suggest_next'] = strtr(
 			qa_lang_html('users/log_in_to_access'),
 			array(
-				'^1' => '<a href="' . qa_path_html('login', array('e' => $inhandle)) . '">',
+				'^1' => '<a href="' . qa_path_html('login', array('e' => $handle)) . '">',
 				'^2' => '</a>',
 			)
 		);
 	}
-
-} elseif (isset($loginuserid)) { // if logged in, allow sending a fresh link
+} elseif (isset($loggedInUserId)) { // if logged in, allow sending a fresh link
 	require_once QA_INCLUDE_DIR . 'util/string.php';
 
-	if (strlen($incode))
+	if (strlen($code) > 0) {
 		$qa_content['error'] = qa_lang_html('users/confirm_wrong_resend');
+	}
 
 	$email = qa_get_logged_in_email();
 
@@ -134,7 +186,7 @@ if ($useremailed) {
 		),
 
 		'hidden' => array(
-			'code' => qa_get_form_security_code('confirm'),
+			'formcode' => qa_get_form_security_code('confirm'),
 		),
 	);
 
@@ -142,9 +194,8 @@ if ($useremailed) {
 		$qa_content['error'] = qa_lang_html('users/email_invalid');
 		unset($qa_content['form']['buttons']['send']);
 	}
-
-} else
+} else { // User is not logged in
 	$qa_content['error'] = qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm');
-
+}
 
 return $qa_content;

qa-include/pages/reset.php

@@ -57,7 +57,7 @@ $errors = array();
 $fields = array(
 	'email_handle' => array(
 		'type' => 'static',
-		'label' => qa_opt('allow_login_email_only') ? qa_lang_html('users/email_label') : qa_lang_html('users/email_handle_label'),
+		'label' => qa_lang_html(qa_opt('allow_login_email_only') ? 'users/email_label' : 'users/email_handle_label'),
 		'value' => qa_html($emailHandle),
 	),
 	'code' => array(
@@ -93,11 +93,11 @@ if (strlen($emailHandle) > 0) {
 	if (count($matchingUsers) == 1) {
 		require_once QA_INCLUDE_DIR . 'db/selects.php';
 
-		$userId = $matchingUsers[0];
-		$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($userId, true));
-
 		// strlen() check is vital otherwise we can reset code for most users by entering the empty string
 		if (strlen($code) > 0) {
+			$userId = $matchingUsers[0];
+			$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($userId, true));
+
 			if (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
 				// User input a valid code so no need to ask for it but pass it to the next step
 				unset($fields['code']);
@@ -177,7 +177,7 @@ $qa_content['error'] = isset($errors['page']) ? $errors['page'] : null;
 if (!isset($errors['page'])) {
 	// Using this form action instead of qa_self_html() to get rid of the 's' (success) GET parameter from forgot.php
 	$qa_content['form'] = array(
-		'tags' => 'method="post" action="' . qa_path('reset') . '"',
+		'tags' => 'method="post" action="' . qa_path_html('reset') . '"',
 
 		'style' => 'tall',