arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Add account registration and email address confirmation

Browse Source
This commit is contained in:
james 2010-09-27 19:13:56 +00:00
parent c009ef1e3a
commit 64a0432c55
7 changed files with 329 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
account.inc.php
View File

@ -45,13 +45,6 @@ function account_valid_password($pass)
return true; return true;
} }
/* A more strict version of isEmailAddress() */
function account_valid_email($str)
{
$x = eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
return ($x == 1) ? true : false;
}
/* Duplicate of common.inc.php:generatePassword, which will be deleted /* Duplicate of common.inc.php:generatePassword, which will be deleted
* eventually when ALL users are handled through this file */ * eventually when ALL users are handled through this file */
function account_generate_password($pwlen=8) function account_generate_password($pwlen=8)
@ -126,7 +119,7 @@ function account_load_by_username($username)
} }
function account_create($username) function account_create($username,$password=NULL)
{ {
global $config; global $config;
@ -149,16 +142,30 @@ function account_create($username)
$accounts_id = mysql_insert_id(); $accounts_id = mysql_insert_id();
account_set_password($accounts_id, NULL); account_set_password($accounts_id, $password);
account_set_email($accounts_id, $email);
$a = account_load($accounts_id); $a = account_load($accounts_id);
return $a; return $a;
} }
function account_set_email($accounts_id,$email) {
global $config;
//we dont actually set the email until its confirmed, we only set the pending email :p
if(isEmailAddress($email)) {
$code=generatePassword(24);
mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'");
$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
$urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code;
$link=$urlmain."/".$urlemailconfirm;
email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link));
}
}
/* /*
if(user_valid_email($username)) {
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
}
*/ */
?> ?>

2
common.inc.functions.php
View File

@ -280,7 +280,7 @@ function outputStatus($status) {
//returns true if its a valid email address, false if its not //returns true if its a valid email address, false if its not
function isEmailAddress($str) { function isEmailAddress($str) {
if(eregi('^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str)) if(preg_match('/^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$/', $str))
return true; return true;
else else
return false; return false;

2
db/db.code.version.txt
View File

@ -1 +1 @@
207 208

12
db/db.update.208.sql Normal file
View File

@ -0,0 +1,12 @@
ALTER TABLE `accounts` ADD `pendingemailcode` VARCHAR( 32 ) NULL DEFAULT NULL AFTER `pendingemail`;
INSERT INTO `emails` ( `val` , `name` , `description` , `from` , `subject` , `body` , `bodyhtml` , `type` , `fundraising_campaigns_id` , `lastsent`) VALUES ( 'account_email_confirmation', 'Email Address Confirmation', 'Gets sent when someone adds or changes their email address to allow the user to confirm the email address is valid', NULL , 'Email Authorization - [FAIRNAME]',
'We have received a request to add or change the email address on
your account. Before any emails will be sent to you from
[FAIRNAME] you need to
click the link below to validate your email address.
Email Address: [EMAIL]
[EMAILCONFIRMATIONLINK]
Thank You', '', 'system', NULL , NULL);

40
emailconfirmation.php Normal file
View File

@ -0,0 +1,40 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2010 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
send_header("Email Confirmation",null,"communication");
$id=intval($_GET['i']);
$email=mysql_real_escape_string(trim($_GET['e']));
$code=mysql_real_escape_string(trim($_GET['c']));
$q=mysql_query("SELECT * FROM accounts WHERE pendingemail='$email' AND id='$id' AND pendingemailcode='$code'");
if(mysql_num_rows($q)==1) {
echo happy(i18n("Thank you for validating your email address"));
mysql_query("UPDATE accounts SET email=pendingemail, pendingemail=NULL, pendingemailcode=NULL WHERE id='$id'");
} else {
echo error(i18n("An error occured validating your email address"));
}
send_footer();
?>

255
register.php Normal file
View File

@ -0,0 +1,255 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2010 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("account.inc.php");
/* Make sure the user is not logged in. */
if(isset($_SESSION['accounts_id'])) {
message_push(error(i18n("You are already logged in")));
header("location: {$config['SFIABDIRECTORY']}/index.php");
exit;
}
function check_username($username) {
$u = mysql_real_escape_string($username);
$q = mysql_query("SELECT id FROM accounts WHERE username='$u' AND deleted='no'");
if(mysql_num_rows($q))
return false;
else
return true;
}
switch($_GET['action']) {
case 'check_username':
$x = check_username($_GET['username']);
echo json_encode(array('valid' => $x));
exit;
case 'save':
$email = trim($_POST['email']);
$pass = trim($_POST['pass1']);
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
$username = $username_link ? $email : trim($_POST['username']);
$a=account_create($username,$pass);
if($email) {
account_set_email($a['id'],$email);
}
exit;
echo json_encode($a);
}
send_header("Account Registration",
array("Account Registration" => "register.php")
,"change_password"
);
?>
<div id="account-register-status"></div>
<div id="account-register">
<?
echo i18n("In order to participate as any role (student participant, judge, volunteer, etc) you must first have an account. Use the form below to create your account. If you already have an account, please use the login box at the top to access your account");
$username_link = 'checked="checked"';
?>
<h3><?=i18n("Account/Login Information")?></h3>
<br />
<form class="editor" name="account" id="accountform">
<table width="90%">
<tr>
<td style="text-align: left" colspan="2"><b>Email</b><hr /></td>
</tr><tr>
<td><label for="email"><?=i18n('Email')?>:</label></td>
<td><input id="email" name="email" type="text" size="30" value="<?=$email?>"></td>
</tr><tr>
<td></td><td>
<div style="font-size: 0.75em;"><?=i18n('Enter your email address. A confirmation email will be sent to this email to validate it.')?></div>
<br />
</td>
</tr><tr>
<td style="text-align: left" colspan="2"><b>Username</b><hr /></td>
</tr><tr>
<td><?=i18n('Username')?>:</td>
<td><input id="username" name=username type="text" size="20" value="<?=$username?>"><br />
<input id="username_link" <?=$username_link?> type="checkbox" name="username_link" value="yes" />
<?=i18n('Use the email address as the login username')?><br />
</td>
</tr><tr>
<td colspan="2">
<br />
</td>
</tr><tr>
<td style="text-align: left" colspan="2"><b>Password</b><hr /></td>
</tr><tr>
<td><label for="pass1"><?=i18n('Choose Password')?>:</label></td>
<td><input id="pass1" name="pass1" type="password" size="20" value=""></td>
</tr><tr>
<td><label for="pass2"><?=i18n('Confirm Password')?>:</label></td>
<td><input id="pass2" name="pass2" type="password" size="20" value=""></td>
</tr><tr>
<td></td><td>
<div style="font-size: 0.75em;"><?=i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')?></div>
</td>
</tr></table>
<br />
<br />
<input type="submit" value="<?=i18n("Register")?>" />
</form>
<br />
</div>
<script type="text/javascript">
var username_valid = true;
var username_checking = true;
var check_username_time = false;
function username_changed()
{
username_checking = false;
username_valid = true;
/* Immediately go to checking... */
$("#accountform").validate().element( "#username" );
$("#accountform").validate().element( "#email" );
if(check_username_time != false)
clearTimeout(check_username_time);
check_username_time = setTimeout(function() {
var username = $("#username").val();
username_checking = false;
$.getJSON("<?=$config['SFIABDIRECTORY']?>/register.php?action=check_username&username="+username,
function(json){
username_valid = (json.valid == 1) ? true : false;
username_checking = true;
$("#accountform").validate().element( "#username" );
$("#accountform").validate().element( "#email" );
});
}, 500);
}
function email_changed() {
if($("#username_link").is(":checked")) {
$("#username").val($('#email').val());
username_changed();
}
}
$.validator.addMethod("username_in_use",function(value, element) {
if(element.id == 'username') {
return username_valid;
} else {
if($("#username_link").is(":checked"))
return username_valid;
else
return true;
}
});
$.validator.addMethod("checking",function(value, element) {
return username_checking;
});
$(document).ready(function() {
$("#accountform").validate({
rules: {
email: {
required: true,
email: true,
username_in_use: true,
},
username: {
// required: "#username_link:checked",
username_in_use: true,
checking: true,
minlength: 4
},
pass1: {
<?=$validator_passreq?>
minlength: 6,
maxlength: 32
},
pass2: {
<?=$validator_passreq?>
minlength: 6,
maxlength: 32,
equalTo: "#pass1"
}
},
messages: {
email: {
required: "Please enter an email address",
email: "Please enter a valid email address",
username_in_use: "Email aready in use as a username, use a different email, or uncheck the username box below"
},
username: {
required: "Please enter a username",
minlength: "Your username must consist of at least 2 characters",
username_in_use: "Username is already in use, please choose a different one",
checking: "Checking..."
},
pass1: {
required: "Please enter a password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long"
},
pass2: {
required: "Please confirm the password",
minlength: "Your password must be at least 6 characters long",
maxlength: "Your password must be at most 32 characters long",
equalTo: "Please enter the same password as above"
}
},
submitHandler: function() {
$.post("register.php?action=save", $("#accountform").serializeArray(),function() {
$("#account-register").hide();
$("#account-register-status").addClass("happy");
$("#account-register-status").show();
$("#account-register-status").html("<?=i18n("Your account has been created. You can now login above")?>");
});
}
});
/* Code to disable the username box, only included if the password hasn't expired */
var username_link = $("#username_link").is(":checked");
$("#username").attr("disabled", username_link);
$("#username_link").click(function() {
$("#username").attr("disabled", this.checked);
email_changed();
username_changed();
});
$("#email").change(email_changed);
$("#email").keyup(email_changed);
$("#username").change(username_changed);
$("#username").keyup(username_changed);
});
</script>
<?
send_footer();
?>

2
schoolteams.php
View File

@ -95,7 +95,7 @@ function draw_page(){
} }
</script> </script>
<?php <?php
echo '<div id="teamaccordion" style="width:40em; visibility: hidden; margin-left: 250px; ">'; echo '<div id="teamaccordion" style="width:40em; visibility: hidden; ">';
$teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $schoolid . " AND conferences_id = " . $conference['id']); $teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $schoolid . " AND conferences_id = " . $conference['id']);
while($teamList && $team = mysql_fetch_array($teamList)){ while($teamList && $team = mysql_fetch_array($teamList)){
echo '<h3 id="teamHeader_' . $team['id'] . '"><a href="#">' . $team['name'] . "</a></h3>\n"; echo '<h3 id="teamHeader_' . $team['id'] . '"><a href="#">' . $team['name'] . "</a></h3>\n";