mirror of
https://github.com/Znote/ZnoteAAC.git
synced 2025-04-29 18:59:21 +02:00
Email authentication system. Integrated with PHPMailer.
When enabled, you will send an activation key to registering users, which they need to click to verify that they actually got a real email address, and to activate the account.
This commit is contained in:
Stefan Brannfjell
parent
048794a320
commit
3c8474db34
17
config.php
17
config.php
@ -374,6 +374,23 @@
|
||||
$config['api'] = array(
|
||||
'debug' => false,
|
||||
);
|
||||
|
||||
// Email Server configurations (SMTP)
|
||||
/* Download PHPMailer: https://github.com/PHPMailer/PHPMailer/archive/master.zip
|
||||
Extract to Znote AAC directory (where this config.php file is located)
|
||||
Rename the folder to "PHPMailer". Then configure this with your SMTP mail settings from your email provider.
|
||||
*/
|
||||
$config['mailserver'] = array(
|
||||
'register' => false, // Send activation mail
|
||||
'accountRecovery' => false, // Recover username or password through mail
|
||||
'host' => "mailserver.znote.eu", // Outgoing mail server host.
|
||||
'securityType' => 'ssl', // ssl or tls
|
||||
'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls)
|
||||
'username' => 'noreply@znote.eu', // Likely the email address
|
||||
'password' => 'emailpassword', // The password.
|
||||
'debug' => false, // Enable debugging if you have problems and are looking for errors.
|
||||
'fromName' => $config['site_title'],
|
||||
);
|
||||
// Use Znote's External Open Tibia Services Server
|
||||
// Currently in Alpha and is pretty useless, but will contain paypal blacklist etc in future.
|
||||
// You can use the official server: http://zeotss.znote.eu/
|
||||
|
||||
93
engine/function/mail.php
Normal file
93
engine/function/mail.php
Normal file
@ -0,0 +1,93 @@
|
||||
<?php
|
||||
class Mail {
|
||||
protected $_config = false;
|
||||
|
||||
/**
|
||||
* @param string $file
|
||||
* @access public
|
||||
* @return void
|
||||
**/
|
||||
public function __construct($config) {
|
||||
$this->_config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!).
|
||||
*
|
||||
* @param integer $span
|
||||
* @access public
|
||||
* @return void
|
||||
**/
|
||||
public function sendMail($to, $title, $text, $accname = '') {
|
||||
//SMTP needs accurate times, and the PHP time zone MUST be set
|
||||
//This should be done in your php.ini, but this is how to do it if you don't have access to that
|
||||
//date_default_timezone_set('Etc/UTC');
|
||||
|
||||
require 'PHPMailer/PHPMailerAutoload.php';
|
||||
|
||||
//Create a new PHPMailer instance
|
||||
$mail = new PHPMailer();
|
||||
|
||||
//Tell PHPMailer to use SMTP
|
||||
$mail->isSMTP();
|
||||
|
||||
//Enable SMTP debugging
|
||||
// 0 = off (for production use)
|
||||
// 1 = client messages
|
||||
// 2 = client and server messages
|
||||
$mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0;
|
||||
|
||||
//Ask for HTML-friendly debug output
|
||||
$mail->Debugoutput = 'html';
|
||||
|
||||
//Set the hostname of the mail server
|
||||
$mail->Host = $this->_config['host'];
|
||||
|
||||
//Set the SMTP port number - likely to be 25, 465 or 587
|
||||
$mail->Port = $this->_config['port'];
|
||||
|
||||
//Whether to use SMTP authentication
|
||||
$mail->SMTPAuth = true;
|
||||
$mail->SMTPSecure = $this->_config['securityType'];
|
||||
|
||||
//Username to use for SMTP authentication
|
||||
$mail->Username = $this->_config['username'];
|
||||
|
||||
//Password to use for SMTP authentication
|
||||
$mail->Password = $this->_config['password'];
|
||||
|
||||
//Set who the message is to be sent from
|
||||
$mail->setFrom($this->_config['username'], $this->_config['fromName']);
|
||||
|
||||
//Set who the message is to be sent to
|
||||
$mail->addAddress($to, $accname);
|
||||
|
||||
//Set the subject line
|
||||
$mail->Subject = $title;
|
||||
|
||||
// Body
|
||||
$mail->Body = $text;
|
||||
|
||||
// Convert HTML -> plain for legacy mail recievers
|
||||
// Create new lines instead of <br> html tags.
|
||||
$text = str_replace("<br>", "\n", $text);
|
||||
$text = str_replace("<br\>", "\n", $text);
|
||||
$text = str_replace("<br \>", "\n", $text);
|
||||
// Then get rid of the rest of the html tags.
|
||||
$text = strip_tags($text);
|
||||
|
||||
//Replace the plain text body with one created manually
|
||||
$mail->AltBody = $text;
|
||||
|
||||
|
||||
//send the message, check for errors
|
||||
$status = false;
|
||||
if (!$mail->send()) {
|
||||
echo "Mailer Error: " . $mail->ErrorInfo;
|
||||
exit();
|
||||
} else {
|
||||
$status = true;
|
||||
}
|
||||
return $status;
|
||||
}
|
||||
}
|
||||
@ -1042,7 +1042,7 @@ function user_character_set_hide($char_id, $value) {
|
||||
}
|
||||
|
||||
// CREATE ACCOUNT
|
||||
function user_create_account($register_data) {
|
||||
function user_create_account($register_data, $maildata) {
|
||||
array_walk($register_data, 'array_sanitize');
|
||||
|
||||
if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
|
||||
@ -1064,10 +1064,25 @@ function user_create_account($register_data) {
|
||||
mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)");
|
||||
|
||||
$account_id = user_id($register_data['name']);
|
||||
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')");
|
||||
$activeKey = rand(100000000,999999999);
|
||||
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')");
|
||||
|
||||
//TO-DO: mail server and verification.
|
||||
// http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/
|
||||
if ($maildata['register']) {
|
||||
|
||||
$thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
||||
$thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey;
|
||||
|
||||
$mailer = new Mail($maildata);
|
||||
|
||||
$title = "Please authenticate your account at $_SERVER[HTTP_HOST].";
|
||||
|
||||
$body = "<h1>Please click on the following link to authenticate your account:</h1>";
|
||||
$body .= "<p><a href='$thisurl'>$thisurl</a></p>";
|
||||
$body .= "<p>Thank you for registering and enjoy your stay at $maildata[fromName].</p>";
|
||||
$body .= "<hr><p>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
|
||||
|
||||
$mailer->sendMail($register_data['email'], $title, $body, $register_data['name']);
|
||||
}
|
||||
}
|
||||
|
||||
// CREATE CHARACTER
|
||||
|
||||
@ -8,7 +8,7 @@ $accQueriesData = array();
|
||||
|
||||
session_start();
|
||||
ob_start();
|
||||
require 'config.php';
|
||||
require_once 'config.php';
|
||||
$sessionPrefix = $config['session_prefix'];
|
||||
|
||||
if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
|
||||
@ -16,12 +16,13 @@ if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
|
||||
if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.<br>1. Find your php.ini file.<br>2. Uncomment extension=php_curl<br>Restart web server.<br><br><b>If you don't want this then disable zeotss and paypal in config.php.</b>");
|
||||
}
|
||||
|
||||
require 'database/connect.php';
|
||||
require 'function/general.php';
|
||||
require 'function/users.php';
|
||||
require 'function/cache.php';
|
||||
require 'function/token.php';
|
||||
require 'function/itemparser/itemlistparser.php';
|
||||
require_once 'database/connect.php';
|
||||
require_once 'function/general.php';
|
||||
require_once 'function/users.php';
|
||||
require_once 'function/cache.php';
|
||||
require_once 'function/mail.php';
|
||||
require_once 'function/token.php';
|
||||
require_once 'function/itemparser/itemlistparser.php';
|
||||
|
||||
if (isset($_SESSION['token'])) {
|
||||
$_SESSION['old_token'] = $_SESSION['token'];
|
||||
|
||||
41
login.php
41
login.php
@ -30,20 +30,33 @@ if (empty($_POST) === false) {
|
||||
if ($login === false) {
|
||||
$errors[] = 'Username and password combination is wrong.';
|
||||
} else {
|
||||
setSession('user_id', $login);
|
||||
|
||||
// if IP is not set (etc acc created before Znote AAC was in use)
|
||||
$znote_data = user_znote_account_data($login);
|
||||
if ($znote_data['ip'] == 0) {
|
||||
$update_data = array(
|
||||
'ip' => ip2long(getIP()),
|
||||
);
|
||||
user_update_znote_account($update_data);
|
||||
}
|
||||
|
||||
// Send them to myaccount.php
|
||||
header('Location: myaccount.php');
|
||||
exit();
|
||||
// Check if user have access to login
|
||||
$status = false;
|
||||
if ($config['mailserver']['register']) {
|
||||
$authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;");
|
||||
if ($authenticate !== false) {
|
||||
$status = true;
|
||||
} else {
|
||||
$errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
|
||||
}
|
||||
} else $status = true;
|
||||
|
||||
if ($status) {
|
||||
setSession('user_id', $login);
|
||||
|
||||
// if IP is not set (etc acc created before Znote AAC was in use)
|
||||
$znote_data = user_znote_account_data($login);
|
||||
if ($znote_data['ip'] == 0) {
|
||||
$update_data = array(
|
||||
'ip' => ip2long(getIP()),
|
||||
);
|
||||
user_update_znote_account($update_data);
|
||||
}
|
||||
|
||||
// Send them to myaccount.php
|
||||
header('Location: myaccount.php');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
||||
26
register.php
26
register.php
@ -82,7 +82,27 @@ if (empty($_POST) === false) {
|
||||
<h1>Register Account</h1>
|
||||
<?php
|
||||
if (isset($_GET['success']) && empty($_GET['success'])) {
|
||||
echo 'Congratulations! Your account has been created. You may now login to create a character.';
|
||||
if ($config['mailserver']) {
|
||||
?>
|
||||
<h1>Email authentication required</h1>
|
||||
<p>We have sent you an email with an activation link to your submitted email address.</p>
|
||||
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
|
||||
<?php
|
||||
} else echo 'Congratulations! Your account has been created. You may now login to create a character.';
|
||||
} elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
|
||||
// Authenticate user, fetch user id and activation key
|
||||
$auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
|
||||
$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
|
||||
// Find a match
|
||||
$user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;");
|
||||
if ($user !== false) {
|
||||
$user = $user['id'];
|
||||
// Enable the account to login
|
||||
mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;");
|
||||
echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
|
||||
} else {
|
||||
echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
|
||||
}
|
||||
} else {
|
||||
if (empty($_POST) === false && empty($errors) === true) {
|
||||
if ($config['log_ip']) {
|
||||
@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
|
||||
'created' => time()
|
||||
);
|
||||
|
||||
user_create_account($register_data);
|
||||
header('Location: register.php?success');
|
||||
user_create_account($register_data, $config['mailserver']);
|
||||
if (!$config['mailserver']['debug']) header('Location: register.php?success');
|
||||
exit();
|
||||
//End register
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user