From 106cdff81cb1cd42de2bc38ea81d0b37bd301f1f Mon Sep 17 00:00:00 2001 From: "Matteo Nastasi (mop)" Date: Thu, 22 May 2014 07:30:37 +0200 Subject: [PATCH] complete registration flow (submit, mail verification, admin approvation) --- web/Obj/singlemsg.phh | 169 +++++++++++++++++++++ web/Obj/user.phh | 5 +- web/index_wr.php | 26 ++-- web/mailmgr.php | 89 +++++++++++ web/usermgmt.php | 51 +++++-- web/mailcheck.php => webtest/singlemsg.php | 15 +- 6 files changed, 325 insertions(+), 30 deletions(-) create mode 100644 web/Obj/singlemsg.phh create mode 100644 web/mailmgr.php rename web/mailcheck.php => webtest/singlemsg.php (78%) diff --git a/web/Obj/singlemsg.phh b/web/Obj/singlemsg.phh new file mode 100644 index 0000000..e49ef87 --- /dev/null +++ b/web/Obj/singlemsg.phh @@ -0,0 +1,169 @@ + array('it' => 'briscola chiamata in salsa ajax', + 'en' => 'declaration briscola in ajax sauce (Beta)'), + 'content' => array('it' => 'C\'è qualche problema sul server.

Tra qualche istante questa pagina proverà a riconnettersi automaticamente.

Ci dispiace del disagio.', + 'en' => 'EN E\' occorso qualche problema sul server.
Questa pagina proverà automaticamente a riconnettersi tra qualche istante.
Ci dispiace per il disagio.' ) ); + +function singlemsg($title, $msg, $redir_url=FALSE) { + GLOBAL $mlang_singlemsg, $G_is_local, $G_lang, $_SERVER; + + $host = $_SERVER['HTTP_HOST']; + $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); + + mt_srand(make_seed()); + if ($redir_url) { + // $redir_url = "http://$host$uri/"; + $redir_rnd = rand(15, 25); + $redir_meta = sprintf('', $redir_rnd, $redir_url); + } + else { + $redir_meta = ""; + } +?> + + + <?php echo $title; ?> + + + + + + + + + + + + + + + + + + + + + +'; + $banner_top_right = carousel_top(); + } + else { + $banner_top_left = carousel_top(); + $banner_top_right = ' +'; + } + } + else { // !$G_is_local + $banner_top_left = carousel_top(); + $banner_top_right = carousel_top(); + } + + $brisk_header_form = '
+ +'; + + printf($brisk_header_form); +?> + +
+
+ +
+ +
+
+
+
+
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/web/Obj/user.phh b/web/Obj/user.phh index e34f827..22f8f01 100644 --- a/web/Obj/user.phh +++ b/web/Obj/user.phh @@ -64,12 +64,13 @@ define('USER_FLAG_TY_ADMIN', 0x400000); // done define('USER_FLAG_TY_DISABLE', 0x800000); // done // ... reasons for disabling account ... +define('USER_DIS_REA_NONE', 0); define('USER_DIS_REA_INVMAIL', 1); define('USER_DIS_REA_LICENCE', 2); define('USER_DIS_REA_BANNED', 3); define('USER_DIS_REA_MALICIOUS', 4); -define('USER_DIS_REA_NU_MAILED', 5); -define('USER_DIS_REA_NU_TOBECHK', 6); +define('USER_DIS_REA_NU_MAILED', 5); // new user: mail sent to be confirmed +define('USER_DIS_REA_NU_TOBECHK', 6); // new user: name verification diff --git a/web/index_wr.php b/web/index_wr.php index c1bcaa2..76ffb7c 100644 --- a/web/index_wr.php +++ b/web/index_wr.php @@ -75,19 +75,19 @@ $mlang_indwr = array( 'btn_backtotab' => array( 'it' => 'Torna ai tavoli.', 'Ciao, sono l\' amministratore del sito di Brisk. L\' utente \'%s\' ha garantito per te col nickname \'%s\', -vai al link: %s/mailmgr.php?code=%d&hash=%s +vai al link: %s per confermare il tuo indirizzo di posta elettronica. Ciò è necessario per ottenere la password. Saluti e buone partite, mop.', - 'en' => 'EN mtext [%s] [%s] [%s] [%d] [%s]'), + 'en' => 'EN mtext [%s] [%s] [%s]'), 'nu_mhtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.

L\' utente \'%s\' ha garantito per te col nickname \'%s\',
-clicca qui per confermare il tuo indirizzo di posta elettronica.

+clicca qui per confermare il tuo indirizzo di posta elettronica.

Ciò è necessario per ottenere la password.

Saluti e buone partite, mop.
', - 'en' => 'EN mhtml [%s] [%s] [%s] [%d] [%s]'), + 'en' => 'EN mhtml [%s] [%s] [%s]'), 'nu_gtext' => array( 'it' => 'Ciao %s, sono l\' amministratore del sito di Brisk. @@ -346,14 +346,9 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) $bdb->transaction('BEGIN'); $is_trans = TRUE; // insert the new user disabled with reason NU_MAILED - /* - * FIXME: password management - */ - $the_pass = "LA PASSWORD"; - - if (($usr_obj = $bdb->user_add($cli_name, $the_pass, $cli_email, + if (($usr_obj = $bdb->user_add($cli_name, 'THE_PASS', $cli_email, USER_FLAG_TY_DISABLE, - USER_DIS_REA_NU_TOBECHK, $user->code)) == FALSE) { + USER_DIS_REA_NU_MAILED, $user->code)) == FALSE) { fprintf(STDERR, "ERROR: user_add FAILED\n"); break; } @@ -361,14 +356,15 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) fprintf(STDERR, "ERROR: mail reserve code FAILED\n"); break; } - $hash = md5($curtime . $G_alarm_passwd . $cli_name . $the_pass . $cli_email); + $hash = md5($curtime . $G_alarm_passwd . $cli_name . $cli_email); - $confirm_page = sprintf("http://%s/%s/mailcheck.php", $G_domain, $G_webbase); + $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s", + $G_domain, $G_webbase, $mail_code, $hash); $subj = $mlang_indwr['nu_msubj'][$G_lang]; $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang], - $user->name, $cli_name, $confirm_page, $mail_code, $hash); + $user->name, $cli_name, $confirm_page); $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang], - $user->name, $cli_name, $confirm_page, $mail_code, $hash); + $user->name, $cli_name, $confirm_page); $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK, $curtime, $subj, $body_txt, $body_htm, $hash); diff --git a/web/mailmgr.php b/web/mailmgr.php new file mode 100644 index 0000000..91d73c7 --- /dev/null +++ b/web/mailmgr.php @@ -0,0 +1,89 @@ +"; + echo "code: $f_code
"; + echo "hash: $f_hash
"; */ + + if ($f_act == "checkmail") { + $errcode = 10000; + do { + if (($bdb = BriskDB::create()) == FALSE) { + log_crit("stat-day: database connection failed"); + $errcode = 10001; + break; + } + $bdb->transaction('BEGIN'); + + if (($mai = $bdb->mail_check($f_code, MAILMGR_CHECKMAIL, $f_hash)) == FALSE) { + $errcode = 10002; + break; + } + + if (($bdb->user_update_flag_ty($mai->ucode, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK)) == FALSE) { + $errcode = 10003; + break; + } + + if (($mai = $bdb->mail_delete($f_code)) == FALSE) { + $errcode = 10004; + break; + } + $bdb->transaction('COMMIT'); + + singlemsg("Verifica della e-mail andata a buon fine.", "Verifica della e-mail andata a buon fine."); + $errcode = 0; + } while (FALSE); + if ($errcode) { + singlemsg("E' occorso un errore durante la verifica della e-mail.", + sprintf("E' occorso un errore durante la verifica della e-mail.

Codice d'errore: %d.
", $errcode)); + $bdb->transaction('ROLLBACK'); + } + } + + exit; +} + +main(); +?> \ No newline at end of file diff --git a/web/usermgmt.php b/web/usermgmt.php index 22256a7..2629fb8 100644 --- a/web/usermgmt.php +++ b/web/usermgmt.php @@ -24,20 +24,29 @@ $G_base = ""; -$mlang_stat_day = array( 'normal match'=> array( 'it' => 'Partite normali', - 'en' => 'Normal matches' ), - 'special match' => array( 'it' => 'Partite speciali', - 'en' => 'Special matches'), +$mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.', + 'en' => 'Brisk: credentials.'), + 'nu_ptext' => array( 'it' => +'Ciao, sono l\' amministratore del sito di Brisk. + +La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito +d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'. + +Benvenuto e buone partite, mop.', + 'en' => 'EN ptext [%s] [%s]'), + 'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.

+La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.
+Benvenuto e buone partite, mop.
', + 'en' => 'EN phtml [%s] [%s]') + ); - 'info_total'=> array( 'it' => 'totali', - 'en' => 'En totali') - ); ini_set("max_execution_time", "240"); require_once($G_base."Obj/brisk.phh"); require_once($G_base."Obj/user.phh"); require_once($G_base."Obj/auth.phh"); +require_once($G_base."Obj/mail.phh"); require_once($G_base."Obj/dbase_${G_dbasetype}.phh"); require_once($G_base."briskin5/Obj/briskin5.phh"); require_once($G_base."briskin5/Obj/placing.phh"); @@ -84,7 +93,7 @@ function check_auth() } function main() { - GLOBAL $G_dbpfx, $G_alarm_passwd, $f_mailusers, $sess, $_POST, $_SERVER; + GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $mlang_umgmt, $f_mailusers, $sess, $_POST, $_SERVER; if (check_auth() == FALSE) { echo "Authentication failed"; @@ -132,8 +141,32 @@ SELECT usr.*, guar.login AS guar_login printf("KEY: %s: %s %s
\n", $id, $value, $usr_obj->login); // change state + $passwd = passwd_gen(); + + if (($bdb->user_update_passwd($usr_obj->code, $passwd)) == FALSE) { + echo "fail 1.5
"; + break; + } + + if (($bdb->user_update_flag_ty($usr_obj->code, + USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK, + USER_FLAG_TY_NORM, USER_DIS_REA_NU_NONE)) == FALSE) { + echo "fail 2
"; + break; + } + // send mail - // populate + $subj = $mlang_umgmt['nu_psubj'][$G_lang]; + $body_txt = sprintf($mlang_umgmt['nu_ptext'][$G_lang], + $usr_obj->login, $passwd); + $body_htm = sprintf($mlang_umgmt['nu_phtml'][$G_lang], + $usr_obj->login, $passwd); + + if (brisk_mail($usr_obj->email, $subj, $body_txt, $body_htm) == FALSE) { + // mail error + fprintf(STDERR, "ERROR: mail send FAILED\n"); + break; + } } exit; } diff --git a/web/mailcheck.php b/webtest/singlemsg.php similarity index 78% rename from web/mailcheck.php rename to webtest/singlemsg.php index a5b1352..3f9e132 100644 --- a/web/mailcheck.php +++ b/webtest/singlemsg.php @@ -1,6 +1,6 @@ "; -echo "hash: $hash
"; +$G_base = ""; + +require_once("Obj/brisk.phh"); +require_once("Obj/user.phh"); +require_once("Obj/auth.phh"); +require_once("Obj/dbase_${G_dbasetype}.phh"); +require_once("Obj/singlemsg.phh"); + + +singlemsg("Ci siamo title", "Ci siamo fun"); -exit; ?> \ No newline at end of file -- 2.17.1