From a14d9d7ed95e0ad85851e423d4d3295b00e35d2b Mon Sep 17 00:00:00 2001 From: "Matteo Nastasi (mop)" Date: Thu, 10 Apr 2014 19:14:09 +0200 Subject: [PATCH] accept guaranty, send email and store it with data to verify address --- TODO.txt | 35 ++++++++---------- sql/sql.d/070-add-mailmgmt.sql | 2 +- web/Obj/brisk.conf-templ.pho | 6 ++-- web/Obj/dbase_base.phh | 37 +++++++++++++++++++ web/Obj/dbase_pgsql.phh | 22 ++++++++++++ web/Obj/mail.phh | 7 ++-- web/index_wr.php | 66 ++++++++++++++++++++++++++-------- 7 files changed, 133 insertions(+), 42 deletions(-) diff --git a/TODO.txt b/TODO.txt index 577cfe4..99e2edc 100644 --- a/TODO.txt +++ b/TODO.txt @@ -31,38 +31,31 @@ DONE . command documentation DONE . manage disagreeding users investigation DONE . self guaranteed - - DONE . userauth command works - DONE . use it by the usermgmt page - . finish to implement the user management system - . email validation - . account expiration . New Users Guarantee Procedure - . Change guarantee workflow - . Db update - . Send email with appropriate headers + . WIP Change guarantee workflow + . DONE Db update + . Send email with appropriate link embedded | V - brisk -> mail-table + DONE brisk -> DONE mail-table | | - V - user | - | V | - click-link -> check with mail-table + DONE user | + | | + V | + DONE click-link -> TODO check with <- ¡WE ARE HERE NOW! + mails-table + and update DB | V - and update DB (needs ad-hoc page) - . Admin panel - . Write automatic procmail filter - . Procmail configuration - . Mail-recipient-side - . Server-side - . Email validation + . WIP Admin panel + + . Email-address expiration check . Account expiration + DONE - CONTINUE FEATURE DONE . replace explicit strings with multilanguage array DONE . add a php downloader with filtering on allowed requests diff --git a/sql/sql.d/070-add-mailmgmt.sql b/sql/sql.d/070-add-mailmgmt.sql index 8f8057a..cef0248 100644 --- a/sql/sql.d/070-add-mailmgmt.sql +++ b/sql/sql.d/070-add-mailmgmt.sql @@ -10,4 +10,4 @@ CREATE TABLE #PFX#mails ( subj text, -- email subject body_txt text, -- email body (text version) body_htm text, -- email body (html version) - refs text); -- email references + hash text); -- reference hash to complete registration diff --git a/web/Obj/brisk.conf-templ.pho b/web/Obj/brisk.conf-templ.pho index a7651a4..a9d26ba 100644 --- a/web/Obj/brisk.conf-templ.pho +++ b/web/Obj/brisk.conf-templ.pho @@ -5,8 +5,10 @@ $G_dbasetype="pgsql"; $G_dbauth = "host=... port=... user=... password=... dbname=... options='--client_encoding=UTF8'"; $G_dbpfx = "bsk_"; -$G_admin_mail = "admin@example.com"; -$G_mail_seed = 281741; +$G_domain = "brisk.example.com"; +$G_webbase = "brisk"; +$G_admin_mail = "admin@$G_domain"; +$G_mail_seed = 281741; $G_lang = "it"; diff --git a/web/Obj/dbase_base.phh b/web/Obj/dbase_base.phh index d587352..b79e176 100644 --- a/web/Obj/dbase_base.phh +++ b/web/Obj/dbase_base.phh @@ -121,4 +121,41 @@ class LoginDBItem { } +define('MAIL_TYP_CHECK', 1); + +class MailDBItem { + var $code; + var $ucode; + var $type; + var $tstamp; + var $subj; + var $body_txt; + var $body_htm; + var $hash; + + function MailDBItem($code, $ucode, $type, $tstamp, $subj, $body_txt, $body_htm, $hash=NULL) + { + $this->code = $code; + $this->ucode = $ucode; + $this->type = $type; + $this->tstamp = $tstamp; + $this->subj = $subj; + $this->body_txt = $body_txt; + $this->body_htm = $body_htm; + $this->hash = $hash; + } + + static function MailDBItemFromRecord($rec) + { + $ret = new MailDBItem($rec->code, $rec->ucode, $rec->type, $rec->tstamp, $rec->subj, + $rec->body_txt, $rec->body_htm, $rec->hash); + + return ($ret); + } + + function store($bdb) + { + return $bdb->mail_add_fromitem($this); + } +} ?> \ No newline at end of file diff --git a/web/Obj/dbase_pgsql.phh b/web/Obj/dbase_pgsql.phh index 6bdb294..dc9c843 100644 --- a/web/Obj/dbase_pgsql.phh +++ b/web/Obj/dbase_pgsql.phh @@ -185,6 +185,9 @@ class BriskDB return (TRUE); } + /* + to be able to add mail record code into the record itself I must reserve it before. + */ function mail_reserve_code() { GLOBAL $G_dbpfx; @@ -689,6 +692,25 @@ class BriskDB return $ret; } + function mail_add_fromitem($mail) { + GLOBAL $G_dbpfx; + + $usr_sql = sprintf(" +INSERT INTO %smails (code, ucode, type, tstamp, subj, body_txt, body_htm, hash) + VALUES (%d, %d, %d, to_timestamp(%d), '%s', '%s', '%s', '%s') RETURNING *;", + $G_dbpfx, $mail->code, $mail->ucode, $mail->type, $mail->tstamp, + escsql($mail->subj), escsql($mail->body_txt), escsql($mail->body_htm), + ($mail->hash == NULL ? "" : escsql($mail->hash)) + ); + + if (! (($usr_pg = $this->query($usr_sql)) != FALSE && pg_affected_rows($usr_pg) == 1) ) { + return FALSE; + } + $usr_obj = pg_fetch_object($usr_pg, 0); + + return $usr_obj; + } + } // End class BriskDB class LoginDBOld diff --git a/web/Obj/mail.phh b/web/Obj/mail.phh index 9f6bfbf..d0d6ea7 100644 --- a/web/Obj/mail.phh +++ b/web/Obj/mail.phh @@ -8,15 +8,16 @@ $brisk_mail_hp = array( "text_charset" => "utf-8", "eol" => "\n" ); // references: @ -function brisk_mail($to, $subject, $text, $html, $refs) +function brisk_mail($to, $subject, $text, $html) { GLOBAL $brisk_mail_hp, $G_admin_mail; $hdrs = array( 'From' => $G_admin_mail, - 'Subject' => $subject, - 'References' => $refs + 'Subject' => $subject ); + // if ($refs != Null) + // $hdrs['References'] = $refs; $mime = new Mail_mime($brisk_mail_hp); diff --git a/web/index_wr.php b/web/index_wr.php index 61bd7b6..c1bcaa2 100644 --- a/web/index_wr.php +++ b/web/index_wr.php @@ -70,25 +70,25 @@ $mlang_indwr = array( 'btn_backtotab' => array( 'it' => 'Torna ai tavoli.', 'en' => ' before you can sit down again. If you don\'t leave the table and you have a login with a password, authenticating with this one you will access'), 'nu_msubj' => array( 'it' => 'Brisk: verifica email', 'en' => 'Brisk: email verification'), + // %s(guar) %s(login) %s(baseurl) %d(code) %s(hash) 'nu_mtext' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk. -L\' utente \'%s\' ha garantito per te -con accesso \'%s\' e password \'%s\', -vai al link: %s/mailmgr.php?id=%s +L\' utente \'%s\' ha garantito per te col nickname \'%s\', +vai al link: %s/mailmgr.php?code=%d&hash=%s per confermare il tuo indirizzo di posta elettronica. -Una volta verificato ti sarà possibile accedere al sito. +Ciò è necessario per ottenere la password. Saluti e buone partite, mop.', - 'en' => 'EN mtext %s %s %s'), + 'en' => 'EN mtext [%s] [%s] [%s] [%d] [%s]'), 'nu_mhtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.

-L\' utente \'%s\' ha garantito per te
-con accesso \'%s\' e password \'%s\'
-clicca qui per confermare il tuo indirizzo di posta elettronica.

-Una volta verificato ti sarà possibile accedere al sito.

+L\' utente \'%s\' ha garantito per te col nickname \'%s\',
+clicca qui per confermare il tuo indirizzo di posta elettronica.

+Ciò è necessario per ottenere la password.

Saluti e buone partite, mop.
', - 'en' => 'EN mhtml %s %s %s %s'), + 'en' => 'EN mhtml [%s] [%s] [%s] [%d] [%s]'), + 'nu_gtext' => array( 'it' => 'Ciao %s, sono l\' amministratore del sito di Brisk. @@ -100,7 +100,7 @@ di quelli che hai autenticato verranno segnati come molestatori verrà sospeso anche il tuo accesso. Grazie dell\' impegno, mop.', - 'en' => ''), + 'en' => 'EN nu_gtext [%s][%s]'), 'nu_ghtml' => array( 'it' => 'Ciao %s, sono l\' amministratore del sito di Brisk.

@@ -110,7 +110,7 @@ Ti ricordo che i login vanno dati a persone di fiducia, se 3 di quelli che hai autenticato verranno segnati come molestatori verrà sospeso anche il tuo accesso.

Grazie dell\' impegno, mop.', - 'en' => '') + 'en' => 'EN nu_ghtml [%s][%s]') ); define('LICMGR_CHO_ACCEPT', 0); @@ -119,8 +119,9 @@ define('LICMGR_CHO_AFTER', 2); function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) { - GLOBAL $G_shutdown, $G_black_list, $G_lang, $G_room_help, $G_room_about; - GLOBAL $G_mail_seed, $G_mail_domain, $G_room_passwdhowto, $mlang_indwr; + GLOBAL $G_domain, $G_webbase, $G_mail_domain, $G_mail_seed; + GLOBAL $G_shutdown, $G_alarm_passwd, $G_black_list, $G_lang, $G_room_help, $G_room_about; + GLOBAL $G_room_passwdhowto, $mlang_indwr; GLOBAL $G_tos_vers; $remote_addr = addrtoipv4($remote_addr_full); @@ -342,20 +343,55 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) ); break; } + $bdb->transaction('BEGIN'); + $is_trans = TRUE; // insert the new user disabled with reason NU_MAILED + /* + * FIXME: password management + */ + $the_pass = "LA PASSWORD"; + if (($usr_obj = $bdb->user_add($cli_name, $the_pass, $cli_email, USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_TOBECHK, $user->code)) == FALSE) { - fprintf(STDERR, "user_add FAILED\n"); + fprintf(STDERR, "ERROR: user_add FAILED\n"); break; } + if (($mail_code = $bdb->mail_reserve_code()) == FALSE) { + fprintf(STDERR, "ERROR: mail reserve code FAILED\n"); + break; + } + $hash = md5($curtime . $G_alarm_passwd . $cli_name . $the_pass . $cli_email); + + $confirm_page = sprintf("http://%s/%s/mailcheck.php", $G_domain, $G_webbase); + $subj = $mlang_indwr['nu_msubj'][$G_lang]; + $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang], + $user->name, $cli_name, $confirm_page, $mail_code, $hash); + $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang], + $user->name, $cli_name, $confirm_page, $mail_code, $hash); + $mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK, + $curtime, $subj, $body_txt, $body_htm, $hash); + + if (brisk_mail($cli_email, $subj, $body_txt, $body_htm) == FALSE) { + // mail error + fprintf(STDERR, "ERROR: mail send FAILED\n"); + break; + } + // save the mail + if ($mail_item->store($bdb) == FALSE) { + // store mail error + fprintf(STDERR, "ERROR: store mail FAILED\n"); + break; + } $user->comm[$user->step % COMM_N] = "gst.st = ".($user->step+1)."; "; /* MLANG: "
Il nominativo è stato inoltrato all\'amministratore.

Nell\'arco di pochi giorni vi verrà

notificata l\'avvenuta registrazione." */ $user->comm[$user->step % COMM_N] .= show_notify($mlang_indwr['warrrepl'][$G_lang], 0, $mlang_indwr['btn_close'][$G_lang], 400, 150); $user->step_inc(); echo "1"; + $bdb->transaction('COMMIT'); } while(FALSE); + $bdb->transaction('ROLLBACK'); } } -- 2.17.1