diff --git a/config.php b/config.php index e4f38d8..ef38167 100644 --- a/config.php +++ b/config.php @@ -374,6 +374,23 @@ $config['api'] = array( 'debug' => false, ); + + // Email Server configurations (SMTP) + /* Download PHPMailer: https://github.com/PHPMailer/PHPMailer/archive/master.zip + Extract to Znote AAC directory (where this config.php file is located) + Rename the folder to "PHPMailer". Then configure this with your SMTP mail settings from your email provider. + */ + $config['mailserver'] = array( + 'register' => false, // Send activation mail + 'accountRecovery' => false, // Recover username or password through mail + 'host' => "mailserver.znote.eu", // Outgoing mail server host. + 'securityType' => 'ssl', // ssl or tls + 'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls) + 'username' => 'noreply@znote.eu', // Likely the email address + 'password' => 'emailpassword', // The password. + 'debug' => false, // Enable debugging if you have problems and are looking for errors. + 'fromName' => $config['site_title'], + ); // Use Znote's External Open Tibia Services Server // Currently in Alpha and is pretty useless, but will contain paypal blacklist etc in future. // You can use the official server: http://zeotss.znote.eu/ diff --git a/engine/function/mail.php b/engine/function/mail.php new file mode 100644 index 0000000..83ed5fa --- /dev/null +++ b/engine/function/mail.php @@ -0,0 +1,93 @@ +_config = $config; + } + + /** + * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!). + * + * @param integer $span + * @access public + * @return void + **/ + public function sendMail($to, $title, $text, $accname = '') { + //SMTP needs accurate times, and the PHP time zone MUST be set + //This should be done in your php.ini, but this is how to do it if you don't have access to that + //date_default_timezone_set('Etc/UTC'); + + require 'PHPMailer/PHPMailerAutoload.php'; + + //Create a new PHPMailer instance + $mail = new PHPMailer(); + + //Tell PHPMailer to use SMTP + $mail->isSMTP(); + + //Enable SMTP debugging + // 0 = off (for production use) + // 1 = client messages + // 2 = client and server messages + $mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0; + + //Ask for HTML-friendly debug output + $mail->Debugoutput = 'html'; + + //Set the hostname of the mail server + $mail->Host = $this->_config['host']; + + //Set the SMTP port number - likely to be 25, 465 or 587 + $mail->Port = $this->_config['port']; + + //Whether to use SMTP authentication + $mail->SMTPAuth = true; + $mail->SMTPSecure = $this->_config['securityType']; + + //Username to use for SMTP authentication + $mail->Username = $this->_config['username']; + + //Password to use for SMTP authentication + $mail->Password = $this->_config['password']; + + //Set who the message is to be sent from + $mail->setFrom($this->_config['username'], $this->_config['fromName']); + + //Set who the message is to be sent to + $mail->addAddress($to, $accname); + + //Set the subject line + $mail->Subject = $title; + + // Body + $mail->Body = $text; + + // Convert HTML -> plain for legacy mail recievers + // Create new lines instead of
html tags. + $text = str_replace("
", "\n", $text); + $text = str_replace("", "\n", $text); + $text = str_replace("
", "\n", $text); + // Then get rid of the rest of the html tags. + $text = strip_tags($text); + + //Replace the plain text body with one created manually + $mail->AltBody = $text; + + + //send the message, check for errors + $status = false; + if (!$mail->send()) { + echo "Mailer Error: " . $mail->ErrorInfo; + exit(); + } else { + $status = true; + } + return $status; + } +} \ No newline at end of file diff --git a/engine/function/users.php b/engine/function/users.php index 1e30a31..26f4408 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -1042,7 +1042,7 @@ function user_character_set_hide($char_id, $value) { } // CREATE ACCOUNT -function user_create_account($register_data) { +function user_create_account($register_data, $maildata) { array_walk($register_data, 'array_sanitize'); if (config('TFSVersion') == 'TFS_03' && config('salt') === true) { @@ -1064,10 +1064,25 @@ function user_create_account($register_data) { mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)"); $account_id = user_id($register_data['name']); - mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')"); + $activeKey = rand(100000000,999999999); + mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')"); - //TO-DO: mail server and verification. - // http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/ + if ($maildata['register']) { + + $thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + $thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey; + + $mailer = new Mail($maildata); + + $title = "Please authenticate your account at $_SERVER[HTTP_HOST]."; + + $body = "

Please click on the following link to authenticate your account:

"; + $body .= "

$thisurl

"; + $body .= "

Thank you for registering and enjoy your stay at $maildata[fromName].

"; + $body .= "

I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.

"; + + $mailer->sendMail($register_data['email'], $title, $body, $register_data['name']); + } } // CREATE CHARACTER diff --git a/engine/init.php b/engine/init.php index 202c44c..5efad58 100644 --- a/engine/init.php +++ b/engine/init.php @@ -8,7 +8,7 @@ $accQueriesData = array(); session_start(); ob_start(); -require 'config.php'; +require_once 'config.php'; $sessionPrefix = $config['session_prefix']; if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) { @@ -16,12 +16,13 @@ if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) { if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.
1. Find your php.ini file.
2. Uncomment extension=php_curl
Restart web server.

If you don't want this then disable zeotss and paypal in config.php."); } -require 'database/connect.php'; -require 'function/general.php'; -require 'function/users.php'; -require 'function/cache.php'; -require 'function/token.php'; -require 'function/itemparser/itemlistparser.php'; +require_once 'database/connect.php'; +require_once 'function/general.php'; +require_once 'function/users.php'; +require_once 'function/cache.php'; +require_once 'function/mail.php'; +require_once 'function/token.php'; +require_once 'function/itemparser/itemlistparser.php'; if (isset($_SESSION['token'])) { $_SESSION['old_token'] = $_SESSION['token']; diff --git a/login.php b/login.php index 9a7dd99..3d09cd2 100644 --- a/login.php +++ b/login.php @@ -30,20 +30,33 @@ if (empty($_POST) === false) { if ($login === false) { $errors[] = 'Username and password combination is wrong.'; } else { - setSession('user_id', $login); - - // if IP is not set (etc acc created before Znote AAC was in use) - $znote_data = user_znote_account_data($login); - if ($znote_data['ip'] == 0) { - $update_data = array( - 'ip' => ip2long(getIP()), - ); - user_update_znote_account($update_data); - } - - // Send them to myaccount.php - header('Location: myaccount.php'); - exit(); + // Check if user have access to login + $status = false; + if ($config['mailserver']['register']) { + $authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;"); + if ($authenticate !== false) { + $status = true; + } else { + $errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account."; + } + } else $status = true; + + if ($status) { + setSession('user_id', $login); + + // if IP is not set (etc acc created before Znote AAC was in use) + $znote_data = user_znote_account_data($login); + if ($znote_data['ip'] == 0) { + $update_data = array( + 'ip' => ip2long(getIP()), + ); + user_update_znote_account($update_data); + } + + // Send them to myaccount.php + header('Location: myaccount.php'); + exit(); + } } } } else { diff --git a/register.php b/register.php index 4072c97..6286972 100644 --- a/register.php +++ b/register.php @@ -82,7 +82,27 @@ if (empty($_POST) === false) {

Register Account

+

Email authentication required

+

We have sent you an email with an activation link to your submitted email address.

+

If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.

+ 0) ? (int)$_GET['u'] : false; + $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; + // Find a match + $user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;"); + if ($user !== false) { + $user = $user['id']; + // Enable the account to login + mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;"); + echo '

Congratulations!

Your account has been created. You may now login to create a character.

'; + } else { + echo '

Authentication failed

Either the activation link is wrong, or your account is already activated.

'; + } } else { if (empty($_POST) === false && empty($errors) === true) { if ($config['log_ip']) { @@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) { 'created' => time() ); - user_create_account($register_data); - header('Location: register.php?success'); + user_create_account($register_data, $config['mailserver']); + if (!$config['mailserver']['debug']) header('Location: register.php?success'); exit(); //End register