From 00a97d43e49ae6b3c697f6867e9e03b871fe2334 Mon Sep 17 00:00:00 2001 From: Znote Date: Tue, 22 Oct 2019 02:05:14 +0200 Subject: [PATCH] Allow users to verify their email in myaccount.php Even if they arent forced to verify email during registration. If they change their email in the settings later, the verification is lost. Todo: Add a reward for first-time verification. --- config.php | 1 + engine/database/connect.php | 3 ++ engine/function/users.php | 2 +- myaccount.php | 68 ++++++++++++++++++++++++++++++++++++- register.php | 7 ++-- settings.php | 3 +- 6 files changed, 78 insertions(+), 6 deletions(-) diff --git a/config.php b/config.php index c388f68..78f6d72 100644 --- a/config.php +++ b/config.php @@ -691,6 +691,7 @@ $config['mailserver'] = array( 'register' => false, // Send activation mail 'accountRecovery' => false, // Recover username or password through mail + 'myaccount_verify_email' => false, // Allow user to verify their email in myaccount page 'host' => "mailserver.znote.eu", // Outgoing mail server host. 'securityType' => 'ssl', // ssl or tls 'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls) diff --git a/engine/database/connect.php b/engine/database/connect.php index 9687502..2396d9b 100644 --- a/engine/database/connect.php +++ b/engine/database/connect.php @@ -13,6 +13,8 @@ if (!function_exists("elapsedTime")) { } } +// ALTER TABLE `znote_accounts` ADD `active_email` TINYINT(4) NOT NULL DEFAULT '0' AFTER `active`; + $install = "

Install:

    @@ -40,6 +42,7 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` ( `points` int(10) DEFAULT 0, `cooldown` int(10) DEFAULT 0, `active` tinyint(4) NOT NULL DEFAULT '0', + `active_email` tinyint(4) NOT NULL DEFAULT '0', `activekey` int(11) NOT NULL DEFAULT '0', `flag` varchar(20) NOT NULL, `secret` char(16) DEFAULT NULL, diff --git a/engine/function/users.php b/engine/function/users.php index 7dcfa3c..47527a3 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -1246,7 +1246,7 @@ function user_create_account($register_data, $maildata) { $account_id = (isset($register_data['name'])) ? user_id($register_data['name']) : user_id($register_data['id']); $activeKey = rand(100000000,999999999); $active = ($maildata['register']) ? 0 : 1; - mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '$activeKey', '$flag')"); + mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `active`, `active_email`, `activekey`, `flag`) VALUES ('$account_id', '$ip', '$created', '$active', '0', '$activeKey', '$flag')"); if ($maildata['register']) { diff --git a/myaccount.php b/myaccount.php index c3f5a43..2b384aa 100644 --- a/myaccount.php +++ b/myaccount.php @@ -16,6 +16,63 @@ if($undelete_id) { // Variable used to check if main page should be rendered after handling POST (Change comment page) $render_page = true; +// Handle GET (verify email) +if (isset($_GET['authenticate']) && $config['mailserver']['myaccount_verify_email']): + // If we need to process email verification + if (isset($_GET['u']) && isset($_GET['k'])) { + // Authenticate user, fetch user id and activation key + $auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false; + $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; + if ($auid !== false && $akey !== false) { + // Find a match + $user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' LIMIT 1;"); + if ($user !== false) { + $user = (int) $user['id']; + $active = (int) $user['active']; + $active_email = (int) $user['active_email']; + // Enable the account to login + if ($active == 0 || $active_email == 0) { + mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;"); + } + echo '

    Congratulations!

    Your email has been verified.

    '; + $user_znote_data['active_email'] = 1; + // Todo: Bonus points as thanks for verifying email + } else { + echo '

    Authentication failed

    Either the activation link is wrong, or your account is already activated.

    '; + } + } else { + echo '

    Authentication failed

    Either the activation link is wrong, or your account is already activated.

    '; + } + } else { // We need to send email verification + $verify_account_id = (int)$session_user_id; + $user = mysql_select_single("SELECT `id`, `activekey`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$verify_account_id}' LIMIT 1;"); + if ($user !== false) { + $thisurl = config('site_url') . "myaccount.php"; + $thisurl .= "?authenticate&u=".$verify_account_id."&k=".$user['activekey']; + + $mailer = new Mail($config['mailserver']); + + $title = "Please authenticate your email at {$_SERVER['HTTP_HOST']}."; + + $body = "

    Please click on the following link to authenticate your account:

    "; + $body .= "

    {$thisurl}

    "; + $body .= "

    Thank you for verifying your email and enjoy your stay at {$config['mailserver']['fromName']}.

    "; + $body .= "

    I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.

    "; + + $user_name = ($config['ServerEngine'] !== 'OTHIRE') ? $user_data['name'] : $user_data['id']; + //echo "

    " . $title . "

    " . $body; + $mailer->sendMail($user_data['email'], $title, $body, $user_name); + ?> +

    Email authentication sent

    +

    We have sent you an email with a verification link to your email address:

    +

    If you can't find the email within 5 minutes, check your junk/trash inbox (spam filter) as it may be mislocated there.

    + Authentication failed

    Failed to verify user when trying to send a verification email.

    '; + } + } +endif; + // Handle POST if (!empty($_POST['selected_character'])) { if (!empty($_POST['action'])) { @@ -251,7 +308,16 @@ if ($render_page) { } else { echo 'You do not have premium account days.'; } - } ?>

    + } + if ($config['mailserver']['myaccount_verify_email']): + ?>
    Email: (Verified).
    Your email is not verified! Please verify it. +

    0) ? (int)$_GET['u'] : false; $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; // Find a match - $user = mysql_select_single("SELECT `id`, `active` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;"); + $user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;"); if ($user !== false) { $user = (int) $user['id']; $active = (int) $user['active']; + $active_email = (int) $user['active_email']; // Enable the account to login - if ($active == 0) { - mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`= $user LIMIT 1;"); + if ($active == 0 || $active_email == 0) { + mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1' WHERE `id`= $user LIMIT 1;"); } echo '

    Congratulations!

    Your account has been created. You may now login to create a character.

    '; } else { diff --git a/settings.php b/settings.php index 15edfb0..99a4e75 100644 --- a/settings.php +++ b/settings.php @@ -35,11 +35,12 @@ if (isset($_GET['success']) === true && empty($_GET['success']) === true) { } else { if (empty($_POST) === false && empty($errors) === true) { $update_data = array( - 'email' => $_POST['new_email'], + 'email' => $_POST['new_email'] ); $update_znote_data = array( 'flag' => getValue($_POST['new_flag']), + 'active_email' => '0' ); user_update_account($update_data);