From 1a1f50c83244ae2808cc9126296c8918bd0516a4 Mon Sep 17 00:00:00 2001 From: "Matteo Nastasi (mop)" Date: Wed, 26 Mar 2014 07:49:39 +0100 Subject: [PATCH] new users management (incomplete) --- INSTALL.sh | 14 +++- TODO.txt | 26 +++++++- doc/ARCHITECTURE.txt | 30 ++++++++- web/Obj/brisk.conf-templ.pho | 3 + web/Obj/brisk.phh | 2 +- web/Obj/dbase_pgsql.phh | 64 ++++++++++++++++++ web/Obj/user.phh | 10 ++- web/index_wr.php | 123 +++++++++++++++++++++++++++-------- web/spush/brisk-spush.php | 1 + 9 files changed, 238 insertions(+), 35 deletions(-) diff --git a/INSTALL.sh b/INSTALL.sh index 2e934fe..cef7ff5 100755 --- a/INSTALL.sh +++ b/INSTALL.sh @@ -22,7 +22,7 @@ legal_path="/home/nastasi/brisk-priv/brisk" prefix_path="/brisk/" brisk_conf="brisk_spu.conf.pho" web_only="FALSE" - +test_add="FALSE" # # functions function usage () { @@ -30,7 +30,7 @@ function usage () { echo "$1 -h" echo "$1 chk - run lintian on all ph* files." echo "$1 pkg - build brisk packages." - echo "$1 [-W] [-n 3|5] [-c 3|8] [-t <(n>=4)>] [-T ] [-A ] [-a ] [-f ] [-p ] [-U ] [-u ] [-d ] [-w ] [-k ] [-l ] [-y ] [-P ]" + echo "$1 [-W] [-n 3|5] [-c 3|8] [-t <(n>=4)>] [-T ] [-A ] [-a ] [-f ] [-p ] [-U ] [-u ] [-d ] [-w ] [-k ] [-l ] [-y ] [-P ] [-x]" echo " -h this help" echo " -f use this config file" echo " -p save preferences in the file" @@ -50,6 +50,7 @@ function usage () { echo " -C config filename - def. \"$brisk_conf\"" echo " -U unix socket path - def. \"$usock_path\"" echo " -u system user to run brisk dae - def. \"$sys_user\"" + echo " -x copy tests as normal php - def. \"$test_add\"" echo } @@ -161,6 +162,7 @@ while [ $# -gt 0 ]; do -u*) sys_user="$(get_param "-u" "$1" "$2")"; sh=$?;; system) action=system;; -W) web_only="TRUE";; + -x) test_add="TRUE";; -h) usage $0; exit 0;; *) usage $0; exit 1;; esac @@ -194,6 +196,7 @@ echo " brisk_conf: \"$brisk_conf\"" echo " usock_path: \"$usock_path\"" echo " sys_user: \"$sys_user\"" echo " web_only: \"$web_only\"" +echo " test_add: \"$test_add\"" if [ ! -z "$outconf" ]; then ( @@ -216,6 +219,7 @@ if [ ! -z "$outconf" ]; then echo "usock_path=\"$usock_path\"" echo "sys_user=\"$sys_user\"" echo "web_only=\"$web_only\"" + echo "test_add=\"$test_add\"" ) > "$outconf" fi @@ -339,6 +343,12 @@ done for i in $(find web -name '.htaccess' -o -name '*.php' -o -name '*.phh' -o -name '*.pho' -o -name '*.css' -o -name '*.js' -o -name '*.mp3' -o -name '*.swf' -o -name 'terms-of-service*' | sed 's/^....//g'); do install -m 644 "web/$i" "${web_path}__/$i" done +if [ "$test_add" = "TRUE" ]; then + for i in $(find webtest -name '.htaccess' -o -name '*.php' -o -name '*.phh' -o -name '*.pho' -o -name '*.css' -o -name '*.js' -o -name '*.mp3' -o -name '*.swf' -o -name 'terms-of-service*' | sed 's/^........//g'); do + install -m 644 "webtest/$i" "${web_path}__/$i" + done +fi + chmod 755 "${web_path}__/spush/brisk-spush.php" prefix_path_len=$(echo -n "$prefix_path" | wc -c) diff --git a/TODO.txt b/TODO.txt index 96c8c24..577cfe4 100644 --- a/TODO.txt +++ b/TODO.txt @@ -37,7 +37,31 @@ . finish to implement the user management system . email validation . account expiration - + . New Users Guarantee Procedure + . Change guarantee workflow + . Db update + . Send email with appropriate headers + | + V + brisk -> mail-table + | | + V + user | + | + V | + click-link -> check with mail-table + | + V + and update DB + (needs ad-hoc page) + + . Admin panel + . Write automatic procmail filter + . Procmail configuration + . Mail-recipient-side + . Server-side + . Email validation + . Account expiration DONE - CONTINUE FEATURE DONE . replace explicit strings with multilanguage array diff --git a/doc/ARCHITECTURE.txt b/doc/ARCHITECTURE.txt index da2fc8f..a28d91a 100644 --- a/doc/ARCHITECTURE.txt +++ b/doc/ARCHITECTURE.txt @@ -56,7 +56,7 @@ index.php: --- CLI ------------ POST index.php with passid_private field equal to calcMD5(tokens[1]+calcMD5(form.elements['passid'].value)) - + add_user -> validate_name, login_verify ===== Game Lifecycle ===== @@ -82,3 +82,31 @@ $ret = $user->maincheck($old_stat, $old_subst, $old_step, $this->rd_stat, $this- $splashdate, $table_idx, $table_token)) $user->rd_transp->chunk($this->rd_scristp++, $ret); + +===== New users workflow ===== + +status | | DB | +---------- |------+--------------------+ +unknown | + V + brisk -> mail-table +MAILED | | + V | + user | + | | + V | + mailbox | + | | + V | + procmail | + | | + V | + check with mail-table | + and update DB <----+ + (needs ad-hoc page) +TOBECHK | + V + authorize +normal | + V + diff --git a/web/Obj/brisk.conf-templ.pho b/web/Obj/brisk.conf-templ.pho index 3789529..a7651a4 100644 --- a/web/Obj/brisk.conf-templ.pho +++ b/web/Obj/brisk.conf-templ.pho @@ -5,6 +5,9 @@ $G_dbasetype="pgsql"; $G_dbauth = "host=... port=... user=... password=... dbname=... options='--client_encoding=UTF8'"; $G_dbpfx = "bsk_"; +$G_admin_mail = "admin@example.com"; +$G_mail_seed = 281741; + $G_lang = "it"; $G_crypt_key = "cryptkey"; diff --git a/web/Obj/brisk.phh b/web/Obj/brisk.phh index db2c747..18a85e2 100644 --- a/web/Obj/brisk.phh +++ b/web/Obj/brisk.phh @@ -2186,7 +2186,7 @@ class Brisk $brisk = @shm_get_var($shm, $tok); // CHECKED BELOW log_only("bri == ".($brisk == FALSE ? "FALSE" : "TRUE")." bri === ".($brisk === FALSE ? "FALSE" : "TRUE")." bri isset ".(isset($brisk) ? "TRUE" : "FALSE")); - if (isset($brisk)) + if (isset($brisk)) log_only("bri count ".count($brisk)); if ($brisk == FALSE) { diff --git a/web/Obj/dbase_pgsql.phh b/web/Obj/dbase_pgsql.phh index 5f0511e..096ac12 100644 --- a/web/Obj/dbase_pgsql.phh +++ b/web/Obj/dbase_pgsql.phh @@ -157,6 +157,70 @@ class BriskDB return ($user_obj); } + function user_add($login, $pass, $email, $type, $disa_reas, $guar_code) { + GLOBAL $G_dbpfx; + + $usr_sql = sprintf("INSERT INTO %susers (login, pass, email, type, disa_reas, guar_code) + VALUES ('%s', '%s', '%s', %d, %d, %d) RETURNING *;", + $G_dbpfx, escsql(strtolower($login)), escsql($pass), escsql($email), + $type, $disa_reas, $guar_code); + + if ( ! (($usr_pg = $this->query($usr_sql)) != FALSE && pg_affected_rows($usr_pg) == 1) ) { + return FALSE; + } + $usr_obj = pg_fetch_object($usr_pg, 0); + + return $usr_obj; + } + + function transaction($cmd) { + if ($cmd != "BEGIN" && $cmd != "COMMIT" && $cmd != "ROLLBACK") + return FALSE; + + $trans_sql = sprintf("%s;", $cmd); + if (($trans_pg = $this->query($trans_sql)) == FALSE) { + return FALSE; + } + + return (TRUE); + } + + function mail_reserve_code() { + GLOBAL $G_dbpfx; + + $mail_sql = sprintf("SELECT nextval('%smails_code_seq'::regclass) AS nextval;", $G_dbpfx); + if (($mail_pg = $this->query($mail_sql)) == FALSE) { + return FALSE; + } + if (pg_numrows($mail_pg) != 1) + return FALSE; + + $mail_obj = pg_fetch_object($mail_pg, 0); + + return ($mail_obj->nextval); + } + + function check_record_by_login_or_email($login, $email) { + GLOBAL $G_dbpfx; + + $arr_fie = array('login', 'email'); + $arr_val = array($login, $email); + + for ($i = 0 ; $i < 2 ; $i++) { + $user_sql = sprintf("SELECT * FROM %susers WHERE %s = lower('%s');", + $G_dbpfx, $arr_fie[$i], escsql($arr_val[$i])); + if (($user_pg = $this->query($user_sql)) == FALSE) { + fprintf(STDERR, "QUERY [%s]_ FALSE", $user_sql); + return (3); + } + if (pg_numrows($user_pg) == 1) { + return ($i + 1); + } + } + + return (0); + } + function getrecord_bycode($code) { GLOBAL $G_dbpfx; diff --git a/web/Obj/user.phh b/web/Obj/user.phh index 3e6c4a1..e34f827 100644 --- a/web/Obj/user.phh +++ b/web/Obj/user.phh @@ -64,10 +64,14 @@ define('USER_FLAG_TY_ADMIN', 0x400000); // done define('USER_FLAG_TY_DISABLE', 0x800000); // done // ... reasons for disabling account ... -define('USER_DIS_REA_INVMAIL', 1); -define('USER_DIS_REA_LICENCE', 2); -define('USER_DIS_REA_BANNED', 3); +define('USER_DIS_REA_INVMAIL', 1); +define('USER_DIS_REA_LICENCE', 2); +define('USER_DIS_REA_BANNED', 3); define('USER_DIS_REA_MALICIOUS', 4); +define('USER_DIS_REA_NU_MAILED', 5); +define('USER_DIS_REA_NU_TOBECHK', 6); + + // 240 is the right value, 600 is for fwrite error test define('RD_ENDTIME_DELTA', 240); diff --git a/web/index_wr.php b/web/index_wr.php index 4f1fae3..f206b90 100644 --- a/web/index_wr.php +++ b/web/index_wr.php @@ -2,7 +2,7 @@ /* * brisk - index_wr.php * - * Copyright (C) 2006-2012 Matteo Nastasi + * Copyright (C) 2006-2014 Matteo Nastasi * mailto: nastasi@alternativeoutput.it * matteo.nastasi@milug.org * web: http://www.alternativeoutput.it @@ -22,16 +22,6 @@ * */ -// require_once("Obj/brisk.phh"); -// require_once("Obj/auth.phh"); -// require_once("Obj/proxyscan.phh"); - -// Use of proxies isn't allowed. -// if (is_proxy()) { -// sleep(5); -// exit; -// } - $mlang_indwr = array( 'btn_backtotab' => array( 'it' => 'Torna ai tavoli.', 'en' => 'Back to tables.' ), 'warrrepl' => array( 'it' => '
Il nominativo è stato inoltrato all\'amministratore.

Nell\'arco di pochi giorni verrà

notificata al garantito l\'avvenuta registrazione.', @@ -77,7 +67,50 @@ $mlang_indwr = array( 'btn_backtotab' => array( 'it' => 'Torna ai tavoli.', 'badsit_a' => array( 'it' => '
Tu o qualcuno col tuo stesso indirizzo IP si è alzato da un tavolo senza il consenso degli altri giocatori.

Dovrai aspettare ancora ', 'en' => '
You or someone with your same IP address is standing up from a table without the permission of the other players

You will wait '), 'badsit_b' => array( 'it' => ' prima di poterti sedere nuovamente.

Se non sei stato tu ad alzarti e possiedi un login con password, autenticandoti con quello, potrai accedere.', - 'en' => ' before you can sit down again. If you don\'t leave the table and you have a login with a password, authenticating with this one you will access') + 'en' => ' before you can sit down again. If you don\'t leave the table and you have a login with a password, authenticating with this one you will access'), + 'nu_msubj' => array( 'it' => 'Brisk: verifica email', + 'en' => 'Brisk: email verification'), + 'nu_mtext' => array( 'it' => +'Ciao, sono l\' amministratore del sito di Brisk. + +L\' utente \'%s\' ha garantito per te +con accesso \'%s\' e password \'%s\', +vai al link: %s/mailmgr.php?id=%s +per confermare il tuo indirizzo di posta elettronica. + +Una volta verificato ti sarà possibile accedere al sito. + +Saluti e buone partite, mop.', + 'en' => 'EN mtext %s %s %s'), + 'nu_mhtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.

+L\' utente \'%s\' ha garantito per te
+con accesso \'%s\' e password \'%s\'
+clicca qui per confermare il tuo indirizzo di posta elettronica.

+Una volta verificato ti sarà possibile accedere al sito.

+Saluti e buone partite, mop.
', + 'en' => 'EN mhtml %s %s %s %s'), + 'nu_gtext' => array( 'it' => +'Ciao %s, sono l\' amministratore del sito di Brisk. + +Ti volevo avvisare che ho attivato i login di \'%s\' che hai +garantito. + +Ti ricordo che i login vanno dati a persone di fiducia, se 3 +di quelli che hai autenticato verranno segnati come molestatori +verrà sospeso anche il tuo accesso. + +Grazie dell\' impegno, mop.', + 'en' => ''), + + 'nu_ghtml' => array( 'it' => +'Ciao %s, sono l\' amministratore del sito di Brisk.

+Ti volevo avvisare che ho attivato i login di \'%s\' che hai +garantito.

+Ti ricordo che i login vanno dati a persone di fiducia, se 3 +di quelli che hai autenticato verranno segnati come molestatori +verrà sospeso anche il tuo accesso.

+Grazie dell\' impegno, mop.', + 'en' => '') ); define('LICMGR_CHO_ACCEPT', 0); @@ -86,7 +119,8 @@ define('LICMGR_CHO_AFTER', 2); function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) { - GLOBAL $G_shutdown, $G_black_list, $G_lang, $G_room_help, $G_room_about, $G_room_passwdhowto, $mlang_indwr; + GLOBAL $G_shutdown, $G_black_list, $G_lang, $G_room_help, $G_room_about; + GLOBAL $G_mail_seed, $G_mail_domain, $G_room_passwdhowto, $mlang_indwr; GLOBAL $G_tos_vers; $remote_addr = addrtoipv4($remote_addr_full); @@ -271,22 +305,57 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) log_wr("INFO:SKIP:argz == warranty name: [".$cli_name."] AUTH: ".($user->flags & USER_FLAG_AUTH)); if ($user->flags & USER_FLAG_AUTH) { - if (($wa_lock = Warrant::lock_data(TRUE)) != FALSE) { - if (($fp = @fopen(LEGAL_PATH."/warrant.txt", 'a')) != FALSE) { - /* Unix time | session | nickname | IP | where was | mesg */ - fwrite($fp, sprintf("%ld|%s|%s|%s|\n", $curtime, xcapelt($user->name), xcapelt(urldecode($cli_name)), xcapelt(urldecode($cli_email)))); - fclose($fp); + if (0 == 1) { + if (($wa_lock = Warrant::lock_data(TRUE)) != FALSE) { + if (($fp = @fopen(LEGAL_PATH."/warrant.txt", 'a')) != FALSE) { + /* Unix time | session | nickname | IP | where was | mesg */ + fwrite($fp, sprintf("%ld|%s|%s|%s|\n", $curtime, xcapelt($user->name), xcapelt(urldecode($cli_name)), xcapelt(urldecode($cli_email)))); + fclose($fp); + } + Warrant::unlock_data($wa_lock); + $user->comm[$user->step % COMM_N] = "gst.st = ".($user->step+1)."; "; + /* MLANG: "
Il nominativo è stato inoltrato all\'amministratore.

Nell\'arco di pochi giorni vi verrà

notificata l\'avvenuta registrazione." */ + $user->comm[$user->step % COMM_N] .= show_notify($mlang_indwr['warrrepl'][$G_lang], 0, $mlang_indwr['btn_close'][$G_lang], 400, 150); + $user->step_inc(); + echo "1"; } - Warrant::unlock_data($wa_lock); - $user->comm[$user->step % COMM_N] = "gst.st = ".($user->step+1)."; "; - /* MLANG: "
Il nominativo è stato inoltrato all\'amministratore.

Nell\'arco di pochi giorni vi verrà

notificata l\'avvenuta registrazione." */ - $user->comm[$user->step % COMM_N] .= show_notify($mlang_indwr['warrrepl'][$G_lang], 0, $mlang_indwr['btn_close'][$G_lang], 400, 150); - $user->step_inc(); - echo "1"; - } + else { + /* MLANG: "E\' occorso un errore durante il salvataggio, riprova o contatta l\'amministratore." */ + $mesg_to_user = sprintf('chatt_sub("%s", [2, "%s"],"%s");', $dt, NICKSERV, $mlang_indwr['commerr'][$G_lang]); + } + } // 0 == 1 else { - /* MLANG: "E\' occorso un errore durante il salvataggio, riprova o contatta l\'amministratore." */ - $mesg_to_user = sprintf('chatt_sub("%s", [2, "%s"],"%s");', $dt, NICKSERV, $mlang_indwr['commerr'][$G_lang]); + // check existence of username or email + $is_trans = FALSE; + do { + if (($bdb = BriskDB::create()) == FALSE) + break; + + $cli_name = urldecode($cli_name); + $cli_email = urldecode($cli_email); + + // check for already used fields + if (($idret = $bdb->check_record_by_login_or_email($cli_name, $cli_email)) != 0) { + $mesg_to_user = sprintf('chatt_sub("%s", [2, "%s"],"%s");', $dt, NICKSERV, + ($idret == 1 ? "login già in uso" : + ($idret == 2 ? "email già utilizzata" : "errore sconosciuto")) + ); + break; + } + // insert the new user disabled with reason NU_MAILED + if (($usr_obj = $bdb->user_add($cli_name, $the_pass, $cli_email, + USER_FLAG_TY_DISABLE, + USER_DIS_REA_NU_TOBECHK, $user->code)) == FALSE) { + fprintf(STDERR, "user_add FAILED\n"); + break; + } + + $user->comm[$user->step % COMM_N] = "gst.st = ".($user->step+1)."; "; + /* MLANG: "
Il nominativo è stato inoltrato all\'amministratore.

Nell\'arco di pochi giorni vi verrà

notificata l\'avvenuta registrazione." */ + $user->comm[$user->step % COMM_N] .= show_notify($mlang_indwr['warrrepl'][$G_lang], 0, $mlang_indwr['btn_close'][$G_lang], 400, 150); + $user->step_inc(); + echo "1"; + } while(FALSE); } } diff --git a/web/spush/brisk-spush.php b/web/spush/brisk-spush.php index 7756764..5a318dc 100755 --- a/web/spush/brisk-spush.php +++ b/web/spush/brisk-spush.php @@ -31,6 +31,7 @@ require_once($G_base."Obj/user.phh"); require_once($G_base."Obj/brisk.phh"); require_once($G_base."Obj/auth.phh"); require_once($G_base."Obj/zlibstream.phh"); +require_once($G_base."Obj/mail.phh"); // require_once("../Obj/proxyscan.phh"); require_once($G_base."index.php"); require_once($G_base."index_wr.php"); -- 2.17.1