<?php
/*
Question2Answer by Gideon Greenspan and contributors
http://www.question2answer.org/
Description: Controller for email confirmation page (can also request a new code)
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
header('Location: ../../');
exit;
}
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
if (QA_FINAL_EXTERNAL_USERS) {
qa_fatal_error('User login is handled by external code');
}
// Check if we've been asked to send a new link or have a successful email confirmation
// Fetch the handle from POST or GET
$handle = qa_post_text('username');
if (!isset($handle)) {
$handle = qa_get('u');
}
$handle = trim($handle); // if $handle is null, trim returns an empty string
// Fetch the code from POST or GET
$code = qa_post_text('code');
if (!isset($code)) {
$code = qa_get('c');
}
$code = trim($code); // if $code is null, trim returns an empty string
$loggedInUserId = qa_get_logged_in_userid();
$emailConfirmationSent = false;
$userConfirmed = false;
$pageError = null;
if (isset($loggedInUserId) && qa_clicked('dosendconfirm')) { // A logged in user requested to be sent a confirmation link
if (!qa_check_form_security_code('confirm', qa_post_text('formcode'))) {
$pageError = qa_lang_html('misc/form_security_again');
} else {
// For qa_send_new_confirm
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
qa_send_new_confirm($loggedInUserId);
$emailConfirmationSent = true;
}
} elseif (strlen($code) > 0) { // If there is a code present in the URL
// For qa_db_select_with_pending, qa_db_user_account_selectspec
require_once QA_INCLUDE_DIR . 'db/selects.php';
// For qa_complete_confirm
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
if (strlen($handle) > 0) { // If there is a handle present in the URL
$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($handle, false));
if (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
$userConfirmed = true;
}
}
if (!$userConfirmed && isset($loggedInUserId)) { // As a backup, also match code on URL against logged in user
$userInfo = qa_db_select_with_pending(qa_db_user_account_selectspec($loggedInUserId, true));
$flags = $userInfo['flags'];
if (($flags & QA_USER_FLAGS_EMAIL_CONFIRMED) > 0 && ($flags & QA_USER_FLAGS_MUST_CONFIRM) == 0) {
$userConfirmed = true; // if they confirmed before, just show message as if it happened now
} elseif (strtolower(trim($userInfo['emailcode'])) == strtolower($code)) {
qa_complete_confirm($userInfo['userid'], $userInfo['email'], $userInfo['handle']);
$userConfirmed = true;
}
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('users/confirm_title');
$qa_content['error'] = $pageError;
if ($emailConfirmationSent) {
$qa_content['success'] = qa_lang_html('users/confirm_emailed');
$email = qa_get_logged_in_email();
$handle = qa_get_logged_in_handle();
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_self_html() . '"',
'style' => 'tall',
'fields' => array(
'email' => array(
'label' => qa_lang_html('users/email_label'),
'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
'^1' => '<a href="' . qa_path_html('account') . '">',
'^2' => '</a>',
)),
'type' => 'static',
),
'code' => array(
'label' => qa_lang_html('users/email_code_label'),
'tags' => 'name="code" id="code"',
'value' => isset($code) ? qa_html($code) : null,
'note' => qa_lang_html('users/email_code_emailed') . ' - ' .
'<a href="' . qa_path_html('confirm') . '">' . qa_lang_html('users/email_code_another') . '</a>',
),
),
'buttons' => array(
'confirm' => array( // This button does not actually need a name attribute
'label' => qa_lang_html('users/confirm_button'),
),
),
'hidden' => array(
'formcode' => qa_get_form_security_code('confirm'),
'username' => qa_html($handle),
),
);
$qa_content['focusid'] = 'code';
} elseif ($userConfirmed) {
$qa_content['success'] = qa_lang_html('users/confirm_complete');
if (!isset($loggedInUserId)) {
$qa_content['suggest_next'] = strtr(
qa_lang_html('users/log_in_to_access'),
array(
'^1' => '<a href="' . qa_path_html('login', array('e' => $handle)) . '">',
'^2' => '</a>',
)
);
}
} elseif (isset($loggedInUserId)) { // if logged in, allow sending a fresh link
require_once QA_INCLUDE_DIR . 'util/string.php';
if (strlen($code) > 0) {
$qa_content['error'] = qa_lang_html('users/confirm_wrong_resend');
}
$email = qa_get_logged_in_email();
$qa_content['form'] = array(
'tags' => 'method="post" action="' . qa_path_html('confirm') . '"',
'style' => 'tall',
'fields' => array(
'email' => array(
'label' => qa_lang_html('users/email_label'),
'value' => qa_html($email) . strtr(qa_lang_html('users/change_email_link'), array(
'^1' => '<a href="' . qa_path_html('account') . '">',
'^2' => '</a>',
)),
'type' => 'static',
),
),
'buttons' => array(
'send' => array(
'tags' => 'name="dosendconfirm"',
'label' => qa_lang_html('users/send_confirm_button'),
),
),
'hidden' => array(
'formcode' => qa_get_form_security_code('confirm'),
),
);
if (!qa_email_validate($email)) {
$qa_content['error'] = qa_lang_html('users/email_invalid');
unset($qa_content['form']['buttons']['send']);
}
} else { // User is not logged in
$qa_content['error'] = qa_insert_login_links(qa_lang_html('users/confirm_wrong_log_in'), 'confirm');
}
return $qa_content;