accept guaranty, send email and store it with data to verify address

diff --git a/TODO.txt b/TODO.txt
index 577cfe4..99e2edc 100644 (file)
--- a/TODO.txt
+++ b/TODO.txt
@@ -31,38 +31,31 @@
        DONE . command documentation
        DONE . manage disagreeding users investigation
        DONE . self guaranteed
-
-     DONE . userauth command works
-     DONE . use it by the usermgmt page
-     . finish to implement the user management system
-     . email validation
-     . account expiration
      . New Users Guarantee Procedure
-       . Change guarantee workflow
-       . Db update
-       . Send email with appropriate headers
+       . WIP Change guarantee workflow
+       . DONE Db update
+       . Send email with appropriate link embedded
            |
            V
-         brisk   ->      mail-table
+      DONE brisk   ->  DONE mail-table
            |                 |
-           V
-          user               |
-           |
            V                 |
-      click-link -> check with mail-table
+       DONE user             |
+           |                 |
+           V                 |
+    DONE click-link -> TODO check with     <- ¡WE ARE HERE NOW!
+                         mails-table
+                        and update DB
                              |
                              V
-                         and update DB
                       (needs ad-hoc page)
 
-       . Admin panel
-       . Write automatic procmail filter
-         . Procmail configuration
-         . Mail-recipient-side
-         . Server-side
-     . Email validation
+       . WIP Admin panel
+
+     . Email-address expiration check
      . Account expiration
 
+
    DONE - CONTINUE FEATURE
      DONE . replace explicit strings with multilanguage array
      DONE . add a php downloader with filtering on allowed requests

diff --git a/sql/sql.d/070-add-mailmgmt.sql b/sql/sql.d/070-add-mailmgmt.sql
index 8f8057a..cef0248 100644 (file)
--- a/sql/sql.d/070-add-mailmgmt.sql
+++ b/sql/sql.d/070-add-mailmgmt.sql
@@ -10,4 +10,4 @@ CREATE TABLE #PFX#mails (
        subj       text,                              -- email subject
        body_txt   text,                              -- email body (text version)
        body_htm   text,                              -- email body (html version)
-       refs       text);                             -- email references
+       hash       text);                             -- reference hash to complete registration

diff --git a/web/Obj/brisk.conf-templ.pho b/web/Obj/brisk.conf-templ.pho
index a7651a4..a9d26ba 100644 (file)
--- a/web/Obj/brisk.conf-templ.pho
+++ b/web/Obj/brisk.conf-templ.pho
@@ -5,8 +5,10 @@ $G_dbasetype="pgsql";
 $G_dbauth = "host=... port=... user=... password=... dbname=... options='--client_encoding=UTF8'";
 $G_dbpfx = "bsk_";
 
-$G_admin_mail = "admin@example.com";
-$G_mail_seed = 281741;
+$G_domain     = "brisk.example.com";
+$G_webbase    = "brisk";
+$G_admin_mail = "admin@$G_domain";
+$G_mail_seed  = 281741;
 
 $G_lang = "it";
 

diff --git a/web/Obj/dbase_base.phh b/web/Obj/dbase_base.phh
index d587352..b79e176 100644 (file)
--- a/web/Obj/dbase_base.phh
+++ b/web/Obj/dbase_base.phh
@@ -121,4 +121,41 @@ class LoginDBItem {
 
 }
 
+define('MAIL_TYP_CHECK', 1);
+
+class MailDBItem {
+    var $code;
+    var $ucode;
+    var $type;
+    var $tstamp;
+    var $subj;
+    var $body_txt;
+    var $body_htm;
+    var $hash;
+
+    function MailDBItem($code, $ucode, $type, $tstamp, $subj, $body_txt, $body_htm, $hash=NULL)
+    {
+        $this->code = $code;
+        $this->ucode = $ucode;
+        $this->type = $type;
+        $this->tstamp = $tstamp;
+        $this->subj = $subj;
+        $this->body_txt = $body_txt;
+        $this->body_htm = $body_htm;
+        $this->hash = $hash;
+    }
+
+    static function MailDBItemFromRecord($rec)
+    {
+        $ret = new MailDBItem($rec->code, $rec->ucode, $rec->type, $rec->tstamp, $rec->subj,
+                              $rec->body_txt, $rec->body_htm, $rec->hash);
+
+        return ($ret);
+    }
+
+    function store($bdb)
+    {
+        return $bdb->mail_add_fromitem($this);
+    }
+}
 ?>
\ No newline at end of file

diff --git a/web/Obj/dbase_pgsql.phh b/web/Obj/dbase_pgsql.phh
index 6bdb294..dc9c843 100644 (file)
--- a/web/Obj/dbase_pgsql.phh
+++ b/web/Obj/dbase_pgsql.phh
@@ -185,6 +185,9 @@ class BriskDB
         return (TRUE);
     }
 
+    /*
+      to be able to add mail record code into the record itself I must reserve it before.
+     */
     function mail_reserve_code() {
         GLOBAL $G_dbpfx;
 
@@ -689,6 +692,25 @@ class BriskDB
         return $ret;
     }
 
+    function mail_add_fromitem($mail) {
+        GLOBAL $G_dbpfx;
+
+        $usr_sql = sprintf("
+INSERT INTO %smails (code, ucode, type, tstamp, subj, body_txt, body_htm, hash)
+            VALUES (%d, %d, %d, to_timestamp(%d), '%s', '%s', '%s', '%s') RETURNING *;",
+                           $G_dbpfx, $mail->code, $mail->ucode, $mail->type, $mail->tstamp,
+                           escsql($mail->subj), escsql($mail->body_txt), escsql($mail->body_htm),
+                           ($mail->hash == NULL ? "" : escsql($mail->hash))
+                           );
+
+        if (! (($usr_pg  = $this->query($usr_sql)) != FALSE && pg_affected_rows($usr_pg) == 1) ) {
+            return FALSE;
+        }
+        $usr_obj = pg_fetch_object($usr_pg, 0);
+
+        return $usr_obj;
+    }
+
 } // End class BriskDB
 
 class LoginDBOld

diff --git a/web/Obj/mail.phh b/web/Obj/mail.phh
index 9f6bfbf..d0d6ea7 100644 (file)
--- a/web/Obj/mail.phh
+++ b/web/Obj/mail.phh
@@ -8,15 +8,16 @@ $brisk_mail_hp = array( "text_charset"  => "utf-8",
                         "eol" => "\n" );
 
 // references: <alfanum-8-chars>@<domain>
-function brisk_mail($to, $subject, $text, $html, $refs)
+function brisk_mail($to, $subject, $text, $html)
 {
     GLOBAL $brisk_mail_hp, $G_admin_mail;
 
     $hdrs = array(
               'From'    => $G_admin_mail,
-              'Subject' => $subject,
-              'References' => $refs
+              'Subject' => $subject
               );
+    // if ($refs != Null)
+    //    $hdrs['References'] = $refs;
 
     $mime = new Mail_mime($brisk_mail_hp);
 

diff --git a/web/index_wr.php b/web/index_wr.php
index 61bd7b6..c1bcaa2 100644 (file)
--- a/web/index_wr.php
+++ b/web/index_wr.php
@@ -70,25 +70,25 @@ $mlang_indwr = array( 'btn_backtotab' => array( 'it' => 'Torna ai tavoli.',
                                            'en' => ' before you can sit down again. If you don\'t leave the table and you have a login with a password, authenticating with this one you will access'),
                       'nu_msubj' => array( 'it' => 'Brisk: verifica email',
                                            'en' => 'Brisk: email verification'),
+                      // %s(guar) %s(login) %s(baseurl) %d(code) %s(hash)
                       'nu_mtext' => array( 'it' =>
 'Ciao, sono l\' amministratore del sito di Brisk.
 
-L\' utente \'%s\' ha garantito per te
-con accesso \'%s\' e password \'%s\',
-vai al link: %s/mailmgr.php?id=%s
+L\' utente \'%s\' ha garantito per te col nickname \'%s\',
+vai al link: %s/mailmgr.php?code=%d&hash=%s
 per confermare il tuo indirizzo di posta elettronica.
 
-Una volta verificato ti sarà possibile accedere al sito.
+Ciò è necessario per ottenere la password.
 
 Saluti e buone partite, mop.',
-                                           'en' => 'EN mtext %s %s %s'),
+                                           'en' => 'EN mtext [%s] [%s] [%s] [%d] [%s]'),
                       'nu_mhtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.<br><br>
-L\' utente \'%s\' ha garantito per te<br>
-con accesso \'%s\' e password \'%s\'<br>
-<a href="%s/mailmgr.php?id=%s">clicca qui</a> per confermare il tuo indirizzo di posta elettronica.<br><br>
-Una volta verificato ti sarà possibile accedere al sito.<br><br>
+L\' utente \'%s\' ha garantito per te col nickname \'%s\',<br>
+<a href="%s/mailmgr.php?code=%d&hash=%s">clicca qui</a> per confermare il tuo indirizzo di posta elettronica.<br><br>
+Ciò è necessario per ottenere la password.<br><br>
 Saluti e buone partite, mop.<br>',
-                                           'en' => 'EN mhtml %s %s %s %s'),
+                                           'en' => 'EN mhtml [%s] [%s] [%s] [%d] [%s]'),
+
                       'nu_gtext' => array( 'it' =>
 'Ciao %s, sono l\' amministratore del sito di Brisk.
 
@@ -100,7 +100,7 @@ di quelli che hai autenticato verranno segnati come molestatori
 verrà sospeso anche il tuo accesso.
 
 Grazie dell\' impegno, mop.',
-                                           'en' => ''),
+                                           'en' => 'EN nu_gtext [%s][%s]'),
 
                       'nu_ghtml' => array( 'it' =>
 'Ciao %s, sono l\' amministratore del sito di Brisk.<br><br>
@@ -110,7 +110,7 @@ Ti ricordo che i login vanno dati a persone di fiducia, se 3
 di quelli che hai autenticato verranno segnati come molestatori
 verrà sospeso anche il tuo accesso.<br><br>
 Grazie dell\' impegno, mop.',
-                                           'en' => '')
+                                           'en' => 'EN nu_ghtml [%s][%s]')
                       );
 
 define('LICMGR_CHO_ACCEPT', 0);
@@ -119,8 +119,9 @@ define('LICMGR_CHO_AFTER',  2);
 
 function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie)
 {
-    GLOBAL $G_shutdown, $G_black_list, $G_lang, $G_room_help, $G_room_about;
-    GLOBAL $G_mail_seed, $G_mail_domain, $G_room_passwdhowto, $mlang_indwr;
+    GLOBAL $G_domain, $G_webbase, $G_mail_domain, $G_mail_seed;
+    GLOBAL $G_shutdown, $G_alarm_passwd, $G_black_list, $G_lang, $G_room_help, $G_room_about;
+    GLOBAL $G_room_passwdhowto, $mlang_indwr;
     GLOBAL $G_tos_vers;
     $remote_addr = addrtoipv4($remote_addr_full);
 
@@ -342,20 +343,55 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie)
                                                 );
                         break;
                     }
+                    $bdb->transaction('BEGIN');
+                    $is_trans = TRUE;
                     //   insert the new user disabled with reason NU_MAILED
+                    /*
+                     *  FIXME: password management
+                     */
+                    $the_pass = "LA PASSWORD";
+
                     if (($usr_obj = $bdb->user_add($cli_name, $the_pass, $cli_email, 
                                                    USER_FLAG_TY_DISABLE,
                                                    USER_DIS_REA_NU_TOBECHK, $user->code)) == FALSE) {
-                        fprintf(STDERR, "user_add FAILED\n");
+                        fprintf(STDERR, "ERROR: user_add FAILED\n");
                         break;
                     }
+                    if (($mail_code = $bdb->mail_reserve_code()) == FALSE) {
+                        fprintf(STDERR, "ERROR: mail reserve code FAILED\n");
+                        break;
+                    }
+                    $hash = md5($curtime . $G_alarm_passwd . $cli_name . $the_pass . $cli_email);
+
+                    $confirm_page = sprintf("http://%s/%s/mailcheck.php", $G_domain, $G_webbase);
+                    $subj = $mlang_indwr['nu_msubj'][$G_lang];
+                    $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
+                                        $user->name, $cli_name, $confirm_page, $mail_code, $hash);
+                    $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
+                                        $user->name, $cli_name, $confirm_page, $mail_code, $hash);
 
+                    $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
+                                                $curtime, $subj, $body_txt, $body_htm, $hash);
+
+                    if (brisk_mail($cli_email, $subj, $body_txt, $body_htm) == FALSE) {
+                        // mail error
+                        fprintf(STDERR, "ERROR: mail send FAILED\n");
+                        break;
+                    }
+                    // save the mail
+                    if ($mail_item->store($bdb) == FALSE) {
+                        // store mail error
+                        fprintf(STDERR, "ERROR: store mail FAILED\n");
+                        break;
+                    }
                     $user->comm[$user->step % COMM_N] = "gst.st = ".($user->step+1)."; ";
                     /* MLANG: "<br>Il nominativo &egrave; stato inoltrato all\'amministratore.<br><br>Nell\'arco di pochi giorni vi verr&agrave;<br><br>notificata l\'avvenuta registrazione." */
                     $user->comm[$user->step % COMM_N] .=  show_notify($mlang_indwr['warrrepl'][$G_lang], 0, $mlang_indwr['btn_close'][$G_lang], 400, 150);
                     $user->step_inc();
                     echo "1";
+                    $bdb->transaction('COMMIT');
                 } while(FALSE);
+                $bdb->transaction('ROLLBACK');
             }
             
         }