Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Q
question2answer
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
outils
question2answer
Commits
78912dcf
Commit
78912dcf
authored
Nov 30, 2016
by
Scott
Committed by
GitHub
Nov 30, 2016
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #473 from pupi1985/patch-82
Let user input a confirmation code manually
parents
eb036870
f1e0bce5
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
103 additions
and
51 deletions
+103
-51
qa-lang-users.php
qa-include/lang/qa-lang-users.php
+3
-2
confirm.php
qa-include/pages/confirm.php
+95
-44
reset.php
qa-include/pages/reset.php
+5
-5
No files found.
qa-include/lang/qa-lang-users.php
View file @
78912dcf
...
@@ -39,8 +39,9 @@
...
@@ -39,8 +39,9 @@
'category_level_none'
=>
'No upgrade'
,
'category_level_none'
=>
'No upgrade'
,
'change_email_link'
=>
' - ^1change email^2'
,
'change_email_link'
=>
' - ^1change email^2'
,
'change_password'
=>
'Change Password'
,
'change_password'
=>
'Change Password'
,
'confirm_button'
=>
'Confirm email address'
,
'confirm_complete'
=>
'Thank you - your email address has been confirmed'
,
'confirm_complete'
=>
'Thank you - your email address has been confirmed'
,
'confirm_emailed'
=>
'
A confirmation link has been emailed to you. Please click the link to confirm your email address
.'
,
'confirm_emailed'
=>
'
Please click the link or input the code sent to your email address in order to confirm it
.'
,
'confirm_required'
=>
'To complete your registration, please click the confirmation link that has been emailed to you, or ^1request another^2.'
,
'confirm_required'
=>
'To complete your registration, please click the confirmation link that has been emailed to you, or ^1request another^2.'
,
'confirm_title'
=>
'Email Address Confirmation'
,
'confirm_title'
=>
'Email Address Confirmation'
,
'confirm_wrong_log_in'
=>
'Code not correct - please ^1log in^2 to send a new link'
,
'confirm_wrong_log_in'
=>
'Code not correct - please ^1log in^2 to send a new link'
,
...
@@ -111,7 +112,7 @@
...
@@ -111,7 +112,7 @@
'remember_label'
=>
'Remember me on this computer'
,
'remember_label'
=>
'Remember me on this computer'
,
'remove_avatar'
=>
'Remove avatar:'
,
'remove_avatar'
=>
'Remove avatar:'
,
'reset_code_another'
=>
'send another'
,
'reset_code_another'
=>
'send another'
,
'reset_code_emailed'
=>
'You have been emailed your
reset
code'
,
'reset_code_emailed'
=>
'You have been emailed your code'
,
'reset_code_label'
=>
'Code:'
,
'reset_code_label'
=>
'Code:'
,
'reset_code_wrong'
=>
'Code not correct'
,
'reset_code_wrong'
=>
'Code not correct'
,
'reset_title'
=>
'Reset Forgotten Password'
,
'reset_title'
=>
'Reset Forgotten Password'
,
...
...
qa-include/pages/confirm.php
View file @
78912dcf
...
@@ -25,88 +25,140 @@ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly
...
@@ -25,88 +25,140 @@ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly
exit
;
exit
;
}
}
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
{
qa_fatal_error
(
'User login is handled by external code'
);
qa_fatal_error
(
'User login is handled by external code'
);
}
// Check if we've been asked to send a new link or have a successful email confirmation
// Check if we've been asked to send a new link or have a successful email confirmation
$incode
=
trim
(
qa_get
(
'c'
));
// trim to prevent passing in blank values to match uninitiated DB rows
// Fetch the handle from POST or GET
$inhandle
=
qa_get
(
'u'
);
$handle
=
qa_post_text
(
'username'
);
$loginuserid
=
qa_get_logged_in_userid
();
if
(
!
isset
(
$handle
))
{
$useremailed
=
false
;
$handle
=
qa_get
(
'u'
);
$userconfirmed
=
false
;
}
$handle
=
trim
(
$handle
);
// if $handle is null, trim returns an empty string
if
(
isset
(
$loginuserid
)
&&
qa_clicked
(
'dosendconfirm'
))
{
// button clicked to send a link
// Fetch the code from POST or GET
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
$code
=
qa_post_text
(
'code'
);
if
(
!
isset
(
$code
))
{
$code
=
qa_get
(
'c'
);
}
$code
=
trim
(
$code
);
// if $code is null, trim returns an empty string
if
(
!
qa_check_form_security_code
(
'confirm'
,
qa_post_text
(
'code'
)))
$loggedInUserId
=
qa_get_logged_in_userid
();
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
$emailConfirmationSent
=
false
;
$userConfirmed
=
false
;
else
{
$pageError
=
null
;
qa_send_new_confirm
(
$loginuserid
);
$useremailed
=
true
;
if
(
isset
(
$loggedInUserId
)
&&
qa_clicked
(
'dosendconfirm'
))
{
// A logged in user requested to be sent a confirmation link
}
if
(
!
qa_check_form_security_code
(
'confirm'
,
qa_post_text
(
'formcode'
)))
{
$pageError
=
qa_lang_html
(
'misc/form_security_again'
);
}
else
{
// For qa_send_new_confirm
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
}
elseif
(
strlen
(
$incode
))
{
// non-empty code detected from the URL
qa_send_new_confirm
(
$loggedInUserId
);
$emailConfirmationSent
=
true
;
}
}
elseif
(
strlen
(
$code
)
>
0
)
{
// If there is a code present in the URL
// For qa_db_select_with_pending, qa_db_user_account_selectspec
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
// For qa_complete_confirm
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
if
(
!
empty
(
$inhandle
))
{
// match based on code and handle provided on
URL
if
(
strlen
(
$handle
)
>
0
)
{
// If there is a handle present in the
URL
$user
info
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$in
handle
,
false
));
$user
Info
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$
handle
,
false
));
if
(
strtolower
(
trim
(
@
$userinfo
[
'emailcode'
]))
==
strtolower
(
$in
code
))
{
if
(
strtolower
(
trim
(
$userInfo
[
'emailcode'
]))
==
strtolower
(
$
code
))
{
qa_complete_confirm
(
$user
info
[
'userid'
],
$userinfo
[
'email'
],
$useri
nfo
[
'handle'
]);
qa_complete_confirm
(
$user
Info
[
'userid'
],
$userInfo
[
'email'
],
$userI
nfo
[
'handle'
]);
$user
c
onfirmed
=
true
;
$user
C
onfirmed
=
true
;
}
}
}
}
if
((
!
$userconfirmed
)
&&
isset
(
$loginuserid
))
{
// as a backup, also match code on URL against logged in user
if
(
!
$userConfirmed
&&
isset
(
$loggedInUserId
))
{
// As a backup, also match code on URL against logged in user
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$loginuserid
,
true
));
$userInfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$loggedInUserId
,
true
));
$flags
=
$userinfo
[
'flags'
];
$flags
=
$userInfo
[
'flags'
];
if
((
$flags
&
QA_USER_FLAGS_EMAIL_CONFIRMED
)
&&
!
(
$flags
&
QA_USER_FLAGS_MUST_CONFIRM
))
$userconfirmed
=
true
;
// if they confirmed before, just show message as if it happened now
elseif
(
strtolower
(
trim
(
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
if
((
$flags
&
QA_USER_FLAGS_EMAIL_CONFIRMED
)
>
0
&&
(
$flags
&
QA_USER_FLAGS_MUST_CONFIRM
)
==
0
)
{
qa_complete_confirm
(
$userinfo
[
'userid'
],
$userinfo
[
'email'
],
$userinfo
[
'handle'
]);
$userConfirmed
=
true
;
// if they confirmed before, just show message as if it happened now
$userconfirmed
=
true
;
}
elseif
(
strtolower
(
trim
(
$userInfo
[
'emailcode'
]))
==
strtolower
(
$code
))
{
qa_complete_confirm
(
$userInfo
[
'userid'
],
$userInfo
[
'email'
],
$userInfo
[
'handle'
]);
$userConfirmed
=
true
;
}
}
}
}
}
}
// Prepare content for theme
// Prepare content for theme
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/confirm_title'
);
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/confirm_title'
);
$qa_content
[
'error'
]
=
@
$pagee
rror
;
$qa_content
[
'error'
]
=
$pageE
rror
;
if
(
$
useremailed
)
{
if
(
$
emailConfirmationSent
)
{
$qa_content
[
'success'
]
=
qa_lang_html
(
'users/confirm_emailed'
);
$qa_content
[
'success'
]
=
qa_lang_html
(
'users/confirm_emailed'
);
}
elseif
(
$userconfirmed
)
{
$email
=
qa_get_logged_in_email
();
$handle
=
qa_get_logged_in_handle
();
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'style'
=>
'tall'
,
'fields'
=>
array
(
'email'
=>
array
(
'label'
=>
qa_lang_html
(
'users/email_label'
),
'value'
=>
qa_html
(
$email
)
.
strtr
(
qa_lang_html
(
'users/change_email_link'
),
array
(
'^1'
=>
'<a href="'
.
qa_path_html
(
'account'
)
.
'">'
,
'^2'
=>
'</a>'
,
)),
'type'
=>
'static'
,
),
'code'
=>
array
(
'label'
=>
qa_lang_html
(
'users/reset_code_label'
),
'tags'
=>
'name="code" id="code"'
,
'value'
=>
isset
(
$code
)
?
qa_html
(
$code
)
:
null
,
'note'
=>
qa_lang_html
(
'users/reset_code_emailed'
)
.
' - '
.
'<a href="'
.
qa_path_html
(
'confirm'
)
.
'">'
.
qa_lang_html
(
'users/reset_code_another'
)
.
'</a>'
,
),
),
'buttons'
=>
array
(
'confirm'
=>
array
(
// This button does not actually need a name attribute
'label'
=>
qa_lang_html
(
'users/confirm_button'
),
),
),
'hidden'
=>
array
(
'formcode'
=>
qa_get_form_security_code
(
'confirm'
),
'username'
=>
qa_html
(
$handle
),
),
);
$qa_content
[
'focusid'
]
=
'code'
;
}
elseif
(
$userConfirmed
)
{
$qa_content
[
'success'
]
=
qa_lang_html
(
'users/confirm_complete'
);
$qa_content
[
'success'
]
=
qa_lang_html
(
'users/confirm_complete'
);
if
(
!
isset
(
$log
inuseri
d
))
{
if
(
!
isset
(
$log
gedInUserI
d
))
{
$qa_content
[
'suggest_next'
]
=
strtr
(
$qa_content
[
'suggest_next'
]
=
strtr
(
qa_lang_html
(
'users/log_in_to_access'
),
qa_lang_html
(
'users/log_in_to_access'
),
array
(
array
(
'^1'
=>
'<a href="'
.
qa_path_html
(
'login'
,
array
(
'e'
=>
$
in
handle
))
.
'">'
,
'^1'
=>
'<a href="'
.
qa_path_html
(
'login'
,
array
(
'e'
=>
$handle
))
.
'">'
,
'^2'
=>
'</a>'
,
'^2'
=>
'</a>'
,
)
)
);
);
}
}
}
elseif
(
isset
(
$loggedInUserId
))
{
// if logged in, allow sending a fresh link
}
elseif
(
isset
(
$loginuserid
))
{
// if logged in, allow sending a fresh link
require_once
QA_INCLUDE_DIR
.
'util/string.php'
;
require_once
QA_INCLUDE_DIR
.
'util/string.php'
;
if
(
strlen
(
$
incode
))
if
(
strlen
(
$
code
)
>
0
)
{
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_wrong_resend'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_wrong_resend'
);
}
$email
=
qa_get_logged_in_email
();
$email
=
qa_get_logged_in_email
();
...
@@ -134,7 +186,7 @@ if ($useremailed) {
...
@@ -134,7 +186,7 @@ if ($useremailed) {
),
),
'hidden'
=>
array
(
'hidden'
=>
array
(
'code'
=>
qa_get_form_security_code
(
'confirm'
),
'
form
code'
=>
qa_get_form_security_code
(
'confirm'
),
),
),
);
);
...
@@ -142,9 +194,8 @@ if ($useremailed) {
...
@@ -142,9 +194,8 @@ if ($useremailed) {
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/email_invalid'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/email_invalid'
);
unset
(
$qa_content
[
'form'
][
'buttons'
][
'send'
]);
unset
(
$qa_content
[
'form'
][
'buttons'
][
'send'
]);
}
}
}
else
{
// User is not logged in
}
else
$qa_content
[
'error'
]
=
qa_insert_login_links
(
qa_lang_html
(
'users/confirm_wrong_log_in'
),
'confirm'
);
$qa_content
[
'error'
]
=
qa_insert_login_links
(
qa_lang_html
(
'users/confirm_wrong_log_in'
),
'confirm'
);
}
return
$qa_content
;
return
$qa_content
;
qa-include/pages/reset.php
View file @
78912dcf
...
@@ -57,7 +57,7 @@ $errors = array();
...
@@ -57,7 +57,7 @@ $errors = array();
$fields
=
array
(
$fields
=
array
(
'email_handle'
=>
array
(
'email_handle'
=>
array
(
'type'
=>
'static'
,
'type'
=>
'static'
,
'label'
=>
qa_
opt
(
'allow_login_email_only'
)
?
qa_lang_html
(
'users/email_label'
)
:
qa_lang_html
(
'users/email_handle_label'
),
'label'
=>
qa_
lang_html
(
qa_opt
(
'allow_login_email_only'
)
?
'users/email_label'
:
'users/email_handle_label'
),
'value'
=>
qa_html
(
$emailHandle
),
'value'
=>
qa_html
(
$emailHandle
),
),
),
'code'
=>
array
(
'code'
=>
array
(
...
@@ -93,11 +93,11 @@ if (strlen($emailHandle) > 0) {
...
@@ -93,11 +93,11 @@ if (strlen($emailHandle) > 0) {
if
(
count
(
$matchingUsers
)
==
1
)
{
if
(
count
(
$matchingUsers
)
==
1
)
{
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
$userId
=
$matchingUsers
[
0
];
$userInfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$userId
,
true
));
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
if
(
strlen
(
$code
)
>
0
)
{
if
(
strlen
(
$code
)
>
0
)
{
$userId
=
$matchingUsers
[
0
];
$userInfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$userId
,
true
));
if
(
strtolower
(
trim
(
$userInfo
[
'emailcode'
]))
==
strtolower
(
$code
))
{
if
(
strtolower
(
trim
(
$userInfo
[
'emailcode'
]))
==
strtolower
(
$code
))
{
// User input a valid code so no need to ask for it but pass it to the next step
// User input a valid code so no need to ask for it but pass it to the next step
unset
(
$fields
[
'code'
]);
unset
(
$fields
[
'code'
]);
...
@@ -177,7 +177,7 @@ $qa_content['error'] = isset($errors['page']) ? $errors['page'] : null;
...
@@ -177,7 +177,7 @@ $qa_content['error'] = isset($errors['page']) ? $errors['page'] : null;
if
(
!
isset
(
$errors
[
'page'
]))
{
if
(
!
isset
(
$errors
[
'page'
]))
{
// Using this form action instead of qa_self_html() to get rid of the 's' (success) GET parameter from forgot.php
// Using this form action instead of qa_self_html() to get rid of the 's' (success) GET parameter from forgot.php
$qa_content
[
'form'
]
=
array
(
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_path
(
'reset'
)
.
'"'
,
'tags'
=>
'method="post" action="'
.
qa_path
_html
(
'reset'
)
.
'"'
,
'style'
=>
'tall'
,
'style'
=>
'tall'
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment