Add account registration and email address confirmation

2010-09-27 19:13:56 +00:00 · 2010-09-27 19:13:56 +00:00 · 64a0432c55
commit 64a0432c55
parent c009ef1e3a
7 changed files with 329 additions and 15 deletions
--- a/account.inc.php
+++ b/account.inc.php
@ -45,13 +45,6 @@ function account_valid_password($pass)
 	return true;
 }

-/* A more strict version of isEmailAddress() */
-function account_valid_email($str)
-{
-	$x = eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
-	return ($x == 1) ? true : false;
-}
-
 /* Duplicate of common.inc.php:generatePassword, which will be deleted 
 * eventually when ALL users are handled through this file */
 function account_generate_password($pwlen=8)
@ -126,7 +119,7 @@ function account_load_by_username($username)
 }


-function account_create($username)
+function account_create($username,$password=NULL)
 {
 	global $config;

@ -149,16 +142,30 @@ function account_create($username)

 	$accounts_id = mysql_insert_id();

-	account_set_password($accounts_id, NULL);
+	account_set_password($accounts_id, $password);
+	account_set_email($accounts_id, $email);

 	$a = account_load($accounts_id);
+
 	return $a;
 }

+function account_set_email($accounts_id,$email) {
+	global $config;
+	//we dont actually set the email until its confirmed, we only set the pending email :p
+	if(isEmailAddress($email)) {
+			$code=generatePassword(24);
+		    mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'");
+
+			$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
+			$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
+			$urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code;
+			$link=$urlmain."/".$urlemailconfirm;
+
+			email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link));
+	}
+}

 /*
-	if(user_valid_email($username)) {
-		    mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
-		}
 */
 ?>
--- a/common.inc.functions.php
+++ b/common.inc.functions.php
@ -280,7 +280,7 @@ function outputStatus($status) {

 //returns true if its a valid email address, false if its not
 function isEmailAddress($str) {
-	if(eregi('^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str))
+	if(preg_match('/^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$/', $str))
 		return true;
 	else
 		return false;
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@ -1 +1 @@
-207
+208
--- a/db/db.update.208.sql
+++ b/db/db.update.208.sql
@ -0,0 +1,12 @@
+ALTER TABLE `accounts` ADD `pendingemailcode` VARCHAR( 32 ) NULL DEFAULT NULL AFTER `pendingemail`;
+INSERT INTO `emails` ( `val` , `name` , `description` , `from` , `subject` , `body` , `bodyhtml` , `type` , `fundraising_campaigns_id` , `lastsent`) VALUES ( 'account_email_confirmation', 'Email Address Confirmation', 'Gets sent when someone adds or changes their email address to allow the user to confirm the email address is valid', NULL , 'Email Authorization - [FAIRNAME]', 
+'We have received a request to add or change the email address on
+your account. Before any emails will be sent to you from 
+[FAIRNAME] you need to 
+click the link below to validate your email address. 
+
+Email Address: [EMAIL] 
+
+[EMAILCONFIRMATIONLINK]
+
+Thank You', '', 'system', NULL , NULL);
--- a/emailconfirmation.php
+++ b/emailconfirmation.php
@ -0,0 +1,40 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2010 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ include "common.inc.php";
+ send_header("Email Confirmation",null,"communication");
+
+ $id=intval($_GET['i']);
+ $email=mysql_real_escape_string(trim($_GET['e']));
+ $code=mysql_real_escape_string(trim($_GET['c']));
+
+ $q=mysql_query("SELECT * FROM accounts WHERE pendingemail='$email' AND id='$id' AND pendingemailcode='$code'");
+ if(mysql_num_rows($q)==1) {
+	 echo happy(i18n("Thank you for validating your email address"));
+	 mysql_query("UPDATE accounts SET email=pendingemail, pendingemail=NULL, pendingemailcode=NULL WHERE id='$id'");
+ } else {
+	 echo error(i18n("An error occured validating your email address"));
+ }
+
+ send_footer();
+?>
--- a/register.php
+++ b/register.php
@ -0,0 +1,255 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2010 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+require_once("common.inc.php");
+require_once("account.inc.php");
+
+/* Make sure the user is not logged in.  */
+if(isset($_SESSION['accounts_id'])) {
+	message_push(error(i18n("You are already logged in")));
+ 	header("location: {$config['SFIABDIRECTORY']}/index.php");
+ 	exit;
+}
+
+function check_username($username) {
+	$u = mysql_real_escape_string($username);
+	$q = mysql_query("SELECT id FROM accounts WHERE username='$u' AND deleted='no'");
+	if(mysql_num_rows($q)) 
+		return false;
+	else
+		return true;
+}
+
+switch($_GET['action']) {
+case 'check_username':
+	$x = check_username($_GET['username']);
+	echo json_encode(array('valid' => $x));
+	exit;
+
+case 'save':
+	$email = trim($_POST['email']);
+	$pass = trim($_POST['pass1']);
+	$username_link = ($_POST['username_link'] == 'yes') ? true : false;
+	$username = $username_link ? $email : trim($_POST['username']);
+	$a=account_create($username,$pass);
+	if($email) {
+		account_set_email($a['id'],$email);
+	}
+	exit;
+	echo json_encode($a);
+ }
+
+ send_header("Account Registration",
+                  array("Account Registration" => "register.php")
+				  ,"change_password"
+);
+
+?>
+<div id="account-register-status"></div>
+<div id="account-register">
+<?
+ echo i18n("In order to participate as any role (student participant, judge, volunteer, etc) you must first have an account.  Use the form below to create your account.  If you already have an account,  please use the login box at the top to access your account");
+
+ $username_link = 'checked="checked"';
+?>
+<h3><?=i18n("Account/Login Information")?></h3>
+<br />
+
+<form class="editor" name="account" id="accountform">
+<table width="90%">
+<tr>
+	<td style="text-align: left" colspan="2"><b>Email</b><hr /></td>
+</tr><tr>
+	<td><label for="email"><?=i18n('Email')?>:</label></td>
+	<td><input id="email" name="email" type="text" size="30" value="<?=$email?>"></td>
+</tr><tr>
+	<td></td><td>
+	<div style="font-size: 0.75em;"><?=i18n('Enter your email address.  A confirmation email will be sent to this email to validate it.')?></div>
+	<br />
+	</td>
+</tr><tr>
+	<td style="text-align: left" colspan="2"><b>Username</b><hr /></td>
+</tr><tr>
+	<td><?=i18n('Username')?>:</td>
+	<td><input id="username" name=username type="text" size="20" value="<?=$username?>"><br />
+		<input id="username_link" <?=$username_link?> type="checkbox" name="username_link" value="yes" />
+			<?=i18n('Use the email address as the login username')?><br />
+	</td>
+</tr><tr>
+	<td colspan="2">
+	<br />
+	</td>
+</tr><tr>
+	<td style="text-align: left" colspan="2"><b>Password</b><hr /></td>
+</tr><tr>
+	<td><label for="pass1"><?=i18n('Choose Password')?>:</label></td>
+	<td><input id="pass1" name="pass1" type="password" size="20" value=""></td>
+ </tr><tr>
+	<td><label for="pass2"><?=i18n('Confirm Password')?>:</label></td>
+	<td><input id="pass2" name="pass2" type="password" size="20" value=""></td>
+ </tr><tr>
+	<td></td><td>
+	<div style="font-size: 0.75em;"><?=i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')?></div>
+	</td>
+ </tr></table>
+ <br />
+ <br />
+ <input type="submit" value="<?=i18n("Register")?>" />
+  </form>
+<br />
+</div>
+
+<script type="text/javascript">
+var username_valid = true;
+var username_checking = true;
+var check_username_time = false;
+
+function username_changed()
+{
+	username_checking = false;
+	username_valid = true;
+
+	/* Immediately go to checking... */
+	$("#accountform").validate().element( "#username" );
+	$("#accountform").validate().element( "#email" );
+
+	if(check_username_time != false)
+		clearTimeout(check_username_time);
+	check_username_time = setTimeout(function() {
+				var username = $("#username").val();
+				username_checking = false;
+				$.getJSON("<?=$config['SFIABDIRECTORY']?>/register.php?action=check_username&username="+username,
+					function(json){
+						username_valid = (json.valid == 1) ? true : false;
+						username_checking = true;
+						$("#accountform").validate().element( "#username" );
+						$("#accountform").validate().element( "#email" );
+					});
+				}, 500);
+	
+}
+
+function email_changed() {
+	if($("#username_link").is(":checked")) {
+		$("#username").val($('#email').val());
+		username_changed();
+	}
+} 
+
+
+$.validator.addMethod("username_in_use",function(value, element) {
+			if(element.id == 'username') {
+				return username_valid;
+			} else {
+				if($("#username_link").is(":checked"))
+					return username_valid;
+				else
+					return true;
+			}
+		});
+
+$.validator.addMethod("checking",function(value, element) {
+			return username_checking;
+		});
+
+$(document).ready(function() {
+	$("#accountform").validate({
+		rules: {
+			email: {
+				required: true,
+				email: true, 
+				username_in_use: true,
+			},
+			username: {
+//				required: "#username_link:checked",
+				username_in_use: true,
+				checking: true,
+				minlength: 4
+			},
+			pass1: {
+				<?=$validator_passreq?>
+				minlength: 6,
+				maxlength: 32
+			},
+			pass2: {
+				<?=$validator_passreq?>
+				minlength: 6,
+				maxlength: 32,
+				equalTo: "#pass1"
+			}
+		},
+		messages: {
+			email: { 
+				required: "Please enter an email address",
+				email: "Please enter a valid email address",
+				username_in_use: "Email aready in use as a username, use a different email, or uncheck the username box below"
+			},
+			username: {
+				required: "Please enter a username",
+				minlength: "Your username must consist of at least 2 characters",
+				username_in_use: "Username is already in use, please choose a different one",
+				checking: "Checking..."
+			},
+			pass1: {
+				required: "Please enter a password",
+				minlength: "Your password must be at least 6 characters long",
+				maxlength: "Your password must be at most 32 characters long"
+			},
+			pass2: {
+				required: "Please confirm the password",
+				minlength: "Your password must be at least 6 characters long",
+				maxlength: "Your password must be at most 32 characters long",
+				equalTo: "Please enter the same password as above"
+			}
+		},
+		submitHandler: function() { 
+			$.post("register.php?action=save", $("#accountform").serializeArray(),function() {
+			$("#account-register").hide();
+			$("#account-register-status").addClass("happy");
+			$("#account-register-status").show();
+			$("#account-register-status").html("<?=i18n("Your account has been created.  You can now login above")?>");
+
+			});
+		}
+	});
+
+	/* Code to disable the username box, only included if the password hasn't expired */
+	var username_link = $("#username_link").is(":checked");
+	$("#username").attr("disabled", username_link);
+	$("#username_link").click(function() {
+		$("#username").attr("disabled", this.checked);
+		email_changed();
+		username_changed();
+	});
+	$("#email").change(email_changed);
+	$("#email").keyup(email_changed);
+	$("#username").change(username_changed);
+	$("#username").keyup(username_changed);
+
+
+});
+</script>
+
+<?
+send_footer();
+?>
--- a/schoolteams.php
+++ b/schoolteams.php
@ -95,7 +95,7 @@ function draw_page(){
 		}
 	</script>
 <?php
-	echo '<div id="teamaccordion" style="width:40em; visibility: hidden; margin-left: 250px; ">';
+	echo '<div id="teamaccordion" style="width:40em; visibility: hidden; ">';
 	$teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $schoolid . " AND conferences_id = " . $conference['id']);
 	while($teamList && $team = mysql_fetch_array($teamList)){
 		echo '<h3 id="teamHeader_' . $team['id'] . '"><a href="#">' . $team['name'] . "</a></h3>\n";