Allow users to verify their email in myaccount.php

Even if they arent forced to verify email during registration. If they change their email in the settings later, the verification is lost. Todo: Add a reward for first-time verification.
2025-04-29 18:59:21 +02:00 · 2019-10-22 02:05:14 +02:00 · 2019-10-22 02:05:14 +02:00 · 00a97d43e4
commit 00a97d43e4
parent 44dd48b17e
6 changed files with 78 additions and 6 deletions
--- a/config.php
+++ b/config.php
@ -691,6 +691,7 @@
 	$config['mailserver'] = array(
 		'register' => false, // Send activation mail
 		'accountRecovery' => false, // Recover username or password through mail
+		'myaccount_verify_email' => false, // Allow user to verify their email in myaccount page
 		'host' => "mailserver.znote.eu", // Outgoing mail server host.
 		'securityType' => 'ssl', // ssl or tls
 		'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls)
--- a/engine/database/connect.php
+++ b/engine/database/connect.php
@ -13,6 +13,8 @@ if (!function_exists("elapsedTime")) {
  }
 }

+// ALTER TABLE `znote_accounts` ADD `active_email` TINYINT(4) NOT NULL DEFAULT '0' AFTER `active`;
+
 $install = "
 <h2>Install:</h2>
 <ol>
@ -40,6 +42,7 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` (
  `points` int(10) DEFAULT 0,
  `cooldown` int(10) DEFAULT 0,
  `active` tinyint(4) NOT NULL DEFAULT '0',
+  `active_email` tinyint(4) NOT NULL DEFAULT '0',
  `activekey` int(11) NOT NULL DEFAULT '0',
  `flag` varchar(20) NOT NULL,
  `secret` char(16) DEFAULT NULL,
--- a/engine/function/users.php
+++ b/engine/function/users.php
@ -1246,7 +1246,7 @@ function user_create_account($register_data, $maildata) {
 	$account_id = (isset($register_data['name'])) ? user_id($register_data['name']) : user_id($register_data['id']);
 	$activeKey = rand(100000000,999999999);
 	$active = ($maildata['register']) ? 0 : 1;
-	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '$activeKey', '$flag')");
+	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `active_email`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '0', '$activeKey', '$flag')");
 	
 	if ($maildata['register']) {

--- a/myaccount.php
+++ b/myaccount.php
@ -16,6 +16,63 @@ if($undelete_id) {
 // Variable used to check if main page should be rendered after handling POST (Change comment page)
 $render_page = true;

+// Handle GET (verify email)
+if (isset($_GET['authenticate']) && $config['mailserver']['myaccount_verify_email']):
+	// If we need to process email verification
+	if (isset($_GET['u']) && isset($_GET['k'])) {
+		// Authenticate user, fetch user id and activation key
+		$auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
+		$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
+		if ($auid !== false && $akey !== false) {
+			// Find a match
+			$user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' LIMIT 1;");
+			if ($user !== false) {
+				$user = (int) $user['id'];
+				$active = (int) $user['active'];
+				$active_email = (int) $user['active_email'];
+				// Enable the account to login
+				if ($active == 0 || $active_email == 0) {
+					mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;");
+				}
+				echo '<h1>Congratulations!</h1> <p>Your email has been verified.</p>';
+				$user_znote_data['active_email'] = 1;
+				// Todo: Bonus points as thanks for verifying email
+			} else {
+				echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
+			}
+		} else {
+			echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
+		}
+	} else { // We need to send email verification
+		$verify_account_id = (int)$session_user_id;
+		$user = mysql_select_single("SELECT `id`, `activekey`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$verify_account_id}' LIMIT 1;");
+		if ($user !== false) {
+			$thisurl = config('site_url') . "myaccount.php";
+			$thisurl .= "?authenticate&u=".$verify_account_id."&k=".$user['activekey'];
+
+			$mailer = new Mail($config['mailserver']);
+
+			$title = "Please authenticate your email at {$_SERVER['HTTP_HOST']}.";
+			
+			$body = "<h1>Please click on the following link to authenticate your account:</h1>";
+			$body .= "<p><a href='{$thisurl}'>{$thisurl}</a></p>";
+			$body .= "<p>Thank you for verifying your email and enjoy your stay at {$config['mailserver']['fromName']}.</p>";
+			$body .= "<hr><p>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
+			
+			$user_name = ($config['ServerEngine'] !== 'OTHIRE') ? $user_data['name'] : $user_data['id'];
+			//echo "<h1>" . $title . "<h1>" . $body;
+			$mailer->sendMail($user_data['email'], $title, $body, $user_name);
+			?>
+			<h1>Email authentication sent</h1>
+			<p>We have sent you an email with a verification link to your email address: <strong><?php echo $user_data['email']; ?></strong></p>
+			<p>If you can't find the email within 5 minutes, check your <strong>junk/trash inbox (spam filter)</strong> as it may be mislocated there.</p>
+			<?php
+		} else {
+			echo '<h1>Authentication failed</h1> <p>Failed to verify user when trying to send a verification email.</p>';
+		}
+	}
+endif;
+
 // Handle POST
 if (!empty($_POST['selected_character'])) {
 	if (!empty($_POST['action'])) {
@ -251,7 +308,16 @@ if ($render_page) {
 				} else {
 					echo 'You do not have premium account days.';
 				}				
-			} ?></p>
+			} 
+			if ($config['mailserver']['myaccount_verify_email']): 
+				?><br>Email: <?php echo $user_data['email'];
+				if ($user_znote_data['active_email'] == 1) {
+					?> (Verified).<?php
+				} else {
+					?><br><strong>Your email is not verified! <a href="?authenticate">Please verify it</a>.</strong><?php
+				}
+			endif; ?>
+		</p>
 		<?php
 		if ($config['ServerEngine'] === 'TFS_10' && $config['twoFactorAuthenticator']) {

--- a/register.php
+++ b/register.php
@ -105,13 +105,14 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 	$auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
 	$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
 	// Find a match
-	$user = mysql_select_single("SELECT `id`, `active` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;");
+	$user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;");
 	if ($user !== false) {
 		$user = (int) $user['id'];
 		$active = (int) $user['active'];
+		$active_email = (int) $user['active_email'];
 		// Enable the account to login
-		if ($active == 0) {
-			mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`= $user LIMIT 1;");
+		if ($active == 0 || $active_email == 0) {
+			mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;");
 		}
 		echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
 	} else {
--- a/settings.php
+++ b/settings.php
@ -35,11 +35,12 @@ if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
 } else {
 	if (empty($_POST) === false && empty($errors) === true) {
 		$update_data = array(
-			'email' => $_POST['new_email'],
+			'email' => $_POST['new_email']
 		);

 		$update_znote_data = array(
 			'flag' => getValue($_POST['new_flag']),
+			'active_email' => '0'
 		);

 		user_update_account($update_data);