@@ -40,6 +42,7 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` (
`points` int(10) DEFAULT 0,
`cooldown` int(10) DEFAULT 0,
`active` tinyint(4) NOT NULL DEFAULT '0',
+ `active_email` tinyint(4) NOT NULL DEFAULT '0',
`activekey` int(11) NOT NULL DEFAULT '0',
`flag` varchar(20) NOT NULL,
`secret` char(16) DEFAULT NULL,
diff --git a/engine/function/users.php b/engine/function/users.php
index 7dcfa3c..47527a3 100644
--- a/engine/function/users.php
+++ b/engine/function/users.php
@@ -1246,7 +1246,7 @@ function user_create_account($register_data, $maildata) {
$account_id = (isset($register_data['name'])) ? user_id($register_data['name']) : user_id($register_data['id']);
$activeKey = rand(100000000,999999999);
$active = ($maildata['register']) ? 0 : 1;
- mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '$activeKey', '$flag')");
+ mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `active_email`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '0', '$activeKey', '$flag')");
if ($maildata['register']) {
diff --git a/myaccount.php b/myaccount.php
index c3f5a43..2b384aa 100644
--- a/myaccount.php
+++ b/myaccount.php
@@ -16,6 +16,63 @@ if($undelete_id) {
// Variable used to check if main page should be rendered after handling POST (Change comment page)
$render_page = true;
+// Handle GET (verify email)
+if (isset($_GET['authenticate']) && $config['mailserver']['myaccount_verify_email']):
+ // If we need to process email verification
+ if (isset($_GET['u']) && isset($_GET['k'])) {
+ // Authenticate user, fetch user id and activation key
+ $auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
+ $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
+ if ($auid !== false && $akey !== false) {
+ // Find a match
+ $user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' LIMIT 1;");
+ if ($user !== false) {
+ $user = (int) $user['id'];
+ $active = (int) $user['active'];
+ $active_email = (int) $user['active_email'];
+ // Enable the account to login
+ if ($active == 0 || $active_email == 0) {
+ mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;");
+ }
+ echo 'Congratulations!
Your email has been verified.
';
+ $user_znote_data['active_email'] = 1;
+ // Todo: Bonus points as thanks for verifying email
+ } else {
+ echo 'Authentication failed
Either the activation link is wrong, or your account is already activated.
';
+ }
+ } else {
+ echo 'Authentication failed
Either the activation link is wrong, or your account is already activated.
';
+ }
+ } else { // We need to send email verification
+ $verify_account_id = (int)$session_user_id;
+ $user = mysql_select_single("SELECT `id`, `activekey`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$verify_account_id}' LIMIT 1;");
+ if ($user !== false) {
+ $thisurl = config('site_url') . "myaccount.php";
+ $thisurl .= "?authenticate&u=".$verify_account_id."&k=".$user['activekey'];
+
+ $mailer = new Mail($config['mailserver']);
+
+ $title = "Please authenticate your email at {$_SERVER['HTTP_HOST']}.";
+
+ $body = "Please click on the following link to authenticate your account:
";
+ $body .= "{$thisurl}
";
+ $body .= "Thank you for verifying your email and enjoy your stay at {$config['mailserver']['fromName']}.
";
+ $body .= "
I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.
";
+
+ $user_name = ($config['ServerEngine'] !== 'OTHIRE') ? $user_data['name'] : $user_data['id'];
+ //echo "" . $title . "" . $body;
+ $mailer->sendMail($user_data['email'], $title, $body, $user_name);
+ ?>
+ Email authentication sent
+
We have sent you an email with a verification link to your email address:
+ If you can't find the email within 5 minutes, check your junk/trash inbox (spam filter) as it may be mislocated there.
+ Authentication failed Failed to verify user when trying to send a verification email.
';
+ }
+ }
+endif;
+
// Handle POST
if (!empty($_POST['selected_character'])) {
if (!empty($_POST['action'])) {
@@ -251,7 +308,16 @@ if ($render_page) {
} else {
echo 'You do not have premium account days.';
}
- } ?>
+ }
+ if ($config['mailserver']['myaccount_verify_email']):
+ ?>
Email: (Verified).
Your email is not verified! Please verify it.
+
0) ? (int)$_GET['u'] : false;
$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
// Find a match
- $user = mysql_select_single("SELECT `id`, `active` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;");
+ $user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;");
if ($user !== false) {
$user = (int) $user['id'];
$active = (int) $user['active'];
+ $active_email = (int) $user['active_email'];
// Enable the account to login
- if ($active == 0) {
- mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`= $user LIMIT 1;");
+ if ($active == 0 || $active_email == 0) {
+ mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;");
}
echo 'Congratulations!
Your account has been created. You may now login to create a character.
';
} else {
diff --git a/settings.php b/settings.php
index 15edfb0..99a4e75 100644
--- a/settings.php
+++ b/settings.php
@@ -35,11 +35,12 @@ if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
} else {
if (empty($_POST) === false && empty($errors) === true) {
$update_data = array(
- 'email' => $_POST['new_email'],
+ 'email' => $_POST['new_email']
);
$update_znote_data = array(
'flag' => getValue($_POST['new_flag']),
+ 'active_email' => '0'
);
user_update_account($update_data);