Email authentication system. Integrated with PHPMailer.

When enabled, you will send an activation key to registering users, which they need to click to verify that they actually got a real email address, and to activate the account.
2025-10-13 18:04:54 +02:00 · 2014-09-06 23:29:18 +02:00
parent 048794a320
commit 3c8474db34
6 changed files with 187 additions and 28 deletions
--- a/engine/function/mail.php
+++ b/engine/function/mail.php
@@ -0,0 +1,93 @@
+<?php
+class Mail {
+	protected $_config = false;
+
+	/**
+	 * @param  string $file
+	 * @access public
+	 * @return void
+	**/
+	public function __construct($config) {
+		$this->_config = $config;
+	}
+
+	/**
+	 * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!).
+	 *
+	 * @param  integer $span
+	 * @access public
+	 * @return void
+	**/
+	public function sendMail($to, $title, $text, $accname = '') {
+		//SMTP needs accurate times, and the PHP time zone MUST be set
+		//This should be done in your php.ini, but this is how to do it if you don't have access to that
+		//date_default_timezone_set('Etc/UTC');
+
+		require 'PHPMailer/PHPMailerAutoload.php';
+
+		//Create a new PHPMailer instance
+		$mail = new PHPMailer();
+
+		//Tell PHPMailer to use SMTP
+		$mail->isSMTP();
+
+		//Enable SMTP debugging
+		// 0 = off (for production use)
+		// 1 = client messages
+		// 2 = client and server messages
+		$mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0;
+
+		//Ask for HTML-friendly debug output
+		$mail->Debugoutput = 'html';
+
+		//Set the hostname of the mail server
+		$mail->Host = $this->_config['host'];
+
+		//Set the SMTP port number - likely to be 25, 465 or 587
+		$mail->Port = $this->_config['port'];
+
+		//Whether to use SMTP authentication
+		$mail->SMTPAuth = true;
+		$mail->SMTPSecure = $this->_config['securityType'];
+
+		//Username to use for SMTP authentication
+		$mail->Username = $this->_config['username'];
+
+		//Password to use for SMTP authentication
+		$mail->Password = $this->_config['password'];
+
+		//Set who the message is to be sent from
+		$mail->setFrom($this->_config['username'], $this->_config['fromName']);
+
+		//Set who the message is to be sent to
+		$mail->addAddress($to, $accname);
+
+		//Set the subject line
+		$mail->Subject = $title;
+
+		// Body
+		$mail->Body = $text;
+
+		// Convert HTML -> plain for legacy mail recievers
+		// Create new lines instead of <br> html tags.
+		$text = str_replace("<br>", "\n", $text);
+		$text = str_replace("<br\>", "\n", $text);
+		$text = str_replace("<br \>", "\n", $text);
+		// Then get rid of the rest of the html tags.
+		$text = strip_tags($text);
+
+		//Replace the plain text body with one created manually
+		$mail->AltBody = $text;
+
+
+		//send the message, check for errors
+		$status = false;
+		if (!$mail->send()) {
+		    echo "Mailer Error: " . $mail->ErrorInfo;
+		    exit();
+		} else {
+		    $status = true;
+		}
+		return $status;
+	}
+}
--- a/engine/function/users.php
+++ b/engine/function/users.php
@@ -1042,7 +1042,7 @@ function user_character_set_hide($char_id, $value) {
 }

 // CREATE ACCOUNT
-function user_create_account($register_data) {
+function user_create_account($register_data, $maildata) {
 	array_walk($register_data, 'array_sanitize');
 	
 	if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
@@ -1064,10 +1064,25 @@ function user_create_account($register_data) {
 	mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)");
 	
 	$account_id = user_id($register_data['name']);
-	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')");
+	$activeKey = rand(100000000,999999999);
+	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')");
 	
-	//TO-DO: mail server and verification.
-	// http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/
+	if ($maildata['register']) {
+
+		$thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+		$thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey;
+
+		$mailer = new Mail($maildata);
+
+		$title = "Please authenticate your account at $_SERVER[HTTP_HOST].";
+		
+		$body = "<h1>Please click on the following link to authenticate your account:</h1>";
+		$body .= "<p><a href='$thisurl'>$thisurl</a></p>";
+		$body .= "<p>Thank you for registering and enjoy your stay at $maildata[fromName].</p>";
+		$body .= "<hr><p>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
+		
+		$mailer->sendMail($register_data['email'], $title, $body, $register_data['name']);
+	}
 }

 // CREATE CHARACTER
--- a/engine/init.php
+++ b/engine/init.php
@@ -8,7 +8,7 @@ $accQueriesData = array();

 session_start();
 ob_start();
-require 'config.php';
+require_once 'config.php';
 $sessionPrefix = $config['session_prefix'];

 if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
@@ -16,12 +16,13 @@ if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
 	if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.<br>1. Find your php.ini file.<br>2. Uncomment extension=php_curl<br>Restart web server.<br><br><b>If you don't want this then disable zeotss and paypal in config.php.</b>");
 }

-require 'database/connect.php';
-require 'function/general.php';
-require 'function/users.php';
-require 'function/cache.php';
-require 'function/token.php';
-require 'function/itemparser/itemlistparser.php';
+require_once 'database/connect.php';
+require_once 'function/general.php';
+require_once 'function/users.php';
+require_once 'function/cache.php';
+require_once 'function/mail.php';
+require_once 'function/token.php';
+require_once 'function/itemparser/itemlistparser.php';

 if (isset($_SESSION['token'])) {
 	$_SESSION['old_token'] = $_SESSION['token'];