<?php /* Question2Answer by Gideon Greenspan and contributors http://www.question2answer.org/ File: qa-include/qa-page-confirm.php Description: Controller for email confirmation page (can also request a new code) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser header('Location: ../'); exit; } // Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked if (QA_FINAL_EXTERNAL_USERS) qa_fatal_error('User login is handled by external code'); // Check if we've been asked to send a new link or have a successful email confirmation $incode=trim(qa_get('c')); // trim to prevent passing in blank values to match uninitiated DB rows $inhandle=qa_get('u'); $loginuserid=qa_get_logged_in_userid(); $useremailed=false; $userconfirmed=false; if (isset($loginuserid) && qa_clicked('dosendconfirm')) { // button clicked to send a link require_once QA_INCLUDE_DIR.'app/users-edit.php'; if (!qa_check_form_security_code('confirm', qa_post_text('code'))) $pageerror=qa_lang_html('misc/form_security_again'); else { qa_send_new_confirm($loginuserid); $useremailed=true; } } elseif (strlen($incode)) { // non-empty code detected from the URL require_once QA_INCLUDE_DIR.'db/selects.php'; require_once QA_INCLUDE_DIR.'app/users-edit.php'; if (!empty($inhandle)) { // match based on code and handle provided on URL $userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inhandle, false)); if (strtolower(trim(@$userinfo['emailcode']))==strtolower($incode)) { qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']); $userconfirmed=true; } } if ((!$userconfirmed) && isset($loginuserid)) { // as a backup, also match code on URL against logged in user $userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($loginuserid, true)); $flags=$userinfo['flags']; if ( ($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) && !($flags & QA_USER_FLAGS_MUST_CONFIRM) ) $userconfirmed=true; // if they confirmed before, just show message as if it happened now elseif (strtolower(trim($userinfo['emailcode']))==strtolower($incode)) { qa_complete_confirm($userinfo['userid'], $userinfo['email'], $userinfo['handle']); $userconfirmed=true; } } } // Prepare content for theme $qa_content=qa_content_prepare(); $qa_content['title']=qa_lang_html('users/confirm_title'); $qa_content['error']=@$pageerror; if ($useremailed) $qa_content['error']=qa_lang_html('users/confirm_emailed'); // not an error, but display it prominently anyway elseif ($userconfirmed) { $qa_content['error']=qa_lang_html('users/confirm_complete'); if (!isset($loginuserid)) $qa_content['suggest_next']=strtr( qa_lang_html('users/log_in_to_access'), array( '^1' => '<a href="'.qa_path_html('login', array('e' => $inhandle)).'">', '^2' => '</a>', ) ); } elseif (isset($loginuserid)) { // if logged in, allow sending a fresh link require_once QA_INCLUDE_DIR.'util/string.php'; if (strlen($incode)) $qa_content['error']=qa_lang_html('users/confirm_wrong_resend'); $email=qa_get_logged_in_email(); $qa_content['form']=array( 'tags' => 'method="post" action="'.qa_path_html('confirm').'"', 'style' => 'tall', 'fields' => array( 'email' => array( 'label' => qa_lang_html('users/email_label'), 'value' => qa_html($email).strtr(qa_lang_html('users/change_email_link'), array( '^1' => '<a href="'.qa_path_html('account').'">', '^2' => '</a>', )), 'type' => 'static', ), ), 'buttons' => array( 'send' => array( 'tags' => 'name="dosendconfirm"', 'label' => qa_lang_html('users/send_confirm_button'), ), ), 'hidden' => array( 'code' => qa_get_form_security_code('confirm'), ), ); if (!qa_email_validate($email)) { $qa_content['error']=qa_lang_html('users/email_invalid'); unset($qa_content['form']['buttons']['send']); } } else $qa_content['error']=qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm'); return $qa_content; /* Omit PHP closing tag to help avoid accidental output */