New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email change notification #2500
Email change notification #2500
Conversation
…hema.sql for user
…r email address in the system.
Conflicts: html/user/edit_email_action.php
…r_change_time to the user table
…notification Conflicts: html/ops/db_update.php
…rom an email link.
Prevented user on change email form page to actually do anything if within 7 days of previous email change. Added more text to email about recovering email address.
…ncryption. Also, fixed the logout issue when recovering your email address.
… within 7 days of being changed
…t previuos email address isn't in the 7 day change period
…be logged in when trying to reset email address.
Moved edit_email_action to fix time of email change not being passed to next function. Added check for previous email address still within 7 days for create_account.php call.
…d along to email change function
html/inc/email.inc
Outdated
if (function_exists("make_php_mailer")) { | ||
require_once("../inc/phpmailer/class.phpmailer.php"); | ||
require_once("../inc/PHPMailer/src/PHPMailer.php"); | ||
require_once("../inc/PHPMailer/src/SMTP.php"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update https://boinc.berkeley.edu/trac/wiki/ServerIntro#PHPMailer so that has the correct changes so that projects know what to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated the instructions to point to 6.0.x PHPMailer and commited a code change to allow for both options, this way it won't break older version of PHPMailer. 4aa5acb
… as well as the latest 6.0.x version.
Although I reviewed and approved this change, since I collaborated with Keith on this and we work on the same team I think that others should do reviews and merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trying to revoke approval since I don't want it showing up that I approved (I do but since I was involved closely on this I shouldn't be the approver).
…_notification Conflicts: html/user/am_set_info.php html/user/edit_email_form.php html/user/recover_email.php
…g with changing the email address.
…s changed within 7 days.
…at is not allowed int the default schema definition.
@brevilo @davidpanderson @TheAspens @JuhaSointusalo I have incorporated all the changes as well as fixed a few bugs from merging of code. I have tested it locally, let me know your thoughts. Thanks, |
html/inc/email.inc
Outdated
@@ -86,6 +99,36 @@ For further information and assistance with ".PROJECT.", visit | |||
return send_email($user, $subject, $body); | |||
} | |||
|
|||
function send_changed_email($user) { | |||
$body_new = ""; | |||
$body_old = ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really a minor issue but Scrutinizer is flagging these as major issue. The variables are not used before they are overwritten. You could remove them from here.
html/user/am_set_info.php
Outdated
// | ||
$tmpuser = BoincUser::lookup_prev_email_addr($email_addr); | ||
if ($tmpuser) { | ||
xml_error(ERR_BAD_EMAIL_ADDR, "Email address is already in use"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This and the above should probably be ERR_DB_NOT_UNIQUE
to match creating accounts.
html/user/edit_email_form.php
Outdated
form_submit(tra("Change email address")); | ||
form_end(); | ||
if ($user->email_addr_change_time + 604800 > time()) { | ||
echo tra("Email address was changed within the past 7 days. Please look for an email to $user->previous_email_addr to verify this change."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The word "verify" feels wrong to me. You can't verify the change but revert it with the email sent to the previous email address.
html/user/recover_email.php
Outdated
// You should have received a copy of the GNU Lesser General Public License | ||
// along with BOINC. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
// ADD COMMENT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed this one.
…red later with string value in inc/email.inc
@JuhaSointusalo Please take another look. I think I incorporated your suggestions completely. Thanks, |
I haven't tested this so I don't formally stamp this Approved but it looks ok to me. |
…e_time to be indexed per davids suggestion.
@davidpanderson Can you take a look at the pull request. I have made the change to the indexes to help when doing a query. I have also change the order of a query to use the indexes first. Thanks, |
html/ops/db_update.php
Outdated
@@ -1107,6 +1107,7 @@ function update_4_19_2018() { | |||
add column previous_email_addr varchar(254) not null default '', | |||
add column email_addr_change_time double not null default 0 | |||
"); | |||
do_query("alter table user add index user_email_time (email_addr_change_time)"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs a semi-colon at the end doesn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where are you thinking the semicolon goes, there is one after the do_query close bracket? From previous examples of do_query, a semicolon is not needed before the end quotes. Note, you should be able to see similar update query in function update_5_12_2004.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok - I was under the impression that mysql required a semi-colon at the end of statements, but if you've tested it and it works then clearly it is fine. I retract my question.
@brevilo and @davidpanderson - can either of you guys complete the review for this? Thanks! |
The new user fields also should be added to DB_USER::db_parse() and DB_USER::db_print() (in db/boinc_db.cpp), even if they aren't used in the C++ code. Otherwise if someone adds a field to user that IS used from C++, confusion will result. |
@davidpanderson I need to run my tests again to make sure this change didn't break anything. I should have that done today and I'll send you a message on here. Thanks, -Keith |
@davidpanderson My local tests succeeded. You can merge when ready. Thanks for the feedback from everyone on this ticket! |
Sorry for being too late this time. David fixed the Thanks everyone! |
When changing an email, use receives notification at new and old email address. Add checks for previous email address. Also add check for boincuser_delete account to terms of use form. Matches UX from upstream: BOINC#2451 Resolves: https://dev.gridrepublic.org/browse/DBOINCP-436 Also see: * BOINC#2500 * https://boinc.berkeley.edu/trac/wiki/EmailChangeNotification
This is to address the Email Change Notification for BOINC. Please view this issue with more information: #2451