Email change notification #2500
Conversation
…hema.sql for user
…r email address in the system.
Conflicts: html/user/edit_email_action.php
…r_change_time to the user table
…notification Conflicts: html/ops/db_update.php
…rom an email link.
Prevented user on change email form page to actually do anything if within 7 days of previous email change. Added more text to email about recovering email address.
…ncryption. Also, fixed the logout issue when recovering your email address.
… within 7 days of being changed
…t previuos email address isn't in the 7 day change period
…be logged in when trying to reset email address.
Moved edit_email_action to fix time of email change not being passed to next function. Added check for previous email address still within 7 days for create_account.php call.
…d along to email change function
html/inc/email.inc
Outdated
| if (function_exists("make_php_mailer")) { | ||
| require_once("../inc/phpmailer/class.phpmailer.php"); | ||
| require_once("../inc/PHPMailer/src/PHPMailer.php"); | ||
| require_once("../inc/PHPMailer/src/SMTP.php"); |
There was a problem hiding this comment.
Please update https://boinc.berkeley.edu/trac/wiki/ServerIntro#PHPMailer so that has the correct changes so that projects know what to do.
There was a problem hiding this comment.
I have updated the instructions to point to 6.0.x PHPMailer and commited a code change to allow for both options, this way it won't break older version of PHPMailer. 4aa5acb
… as well as the latest 6.0.x version.
|
Although I reviewed and approved this change, since I collaborated with Keith on this and we work on the same team I think that others should do reviews and merge. |
…_notification Conflicts: html/user/am_set_info.php html/user/edit_email_form.php html/user/recover_email.php
…g with changing the email address.
…s changed within 7 days.
…at is not allowed int the default schema definition.
|
@brevilo @davidpanderson @TheAspens @JuhaSointusalo I have incorporated all the changes as well as fixed a few bugs from merging of code. I have tested it locally, let me know your thoughts. Thanks, |
html/inc/email.inc
Outdated
| @@ -86,6 +99,36 @@ For further information and assistance with ".PROJECT.", visit | |||
| return send_email($user, $subject, $body); | |||
| } | |||
|
|
|||
| function send_changed_email($user) { | |||
| $body_new = ""; | |||
| $body_old = ""; | |||
There was a problem hiding this comment.
This is really a minor issue but Scrutinizer is flagging these as major issue. The variables are not used before they are overwritten. You could remove them from here.
html/user/am_set_info.php
Outdated
| // | ||
| $tmpuser = BoincUser::lookup_prev_email_addr($email_addr); | ||
| if ($tmpuser) { | ||
| xml_error(ERR_BAD_EMAIL_ADDR, "Email address is already in use"); |
There was a problem hiding this comment.
This and the above should probably be ERR_DB_NOT_UNIQUE to match creating accounts.
html/user/edit_email_form.php
Outdated
| form_submit(tra("Change email address")); | ||
| form_end(); | ||
| if ($user->email_addr_change_time + 604800 > time()) { | ||
| echo tra("Email address was changed within the past 7 days. Please look for an email to $user->previous_email_addr to verify this change."); |
There was a problem hiding this comment.
The word "verify" feels wrong to me. You can't verify the change but revert it with the email sent to the previous email address.
html/user/recover_email.php
Outdated
| // You should have received a copy of the GNU Lesser General Public License | ||
| // along with BOINC. If not, see <http://www.gnu.org/licenses/>. | ||
|
|
||
| // ADD COMMENT |
…red later with string value in inc/email.inc
|
@JuhaSointusalo Please take another look. I think I incorporated your suggestions completely. Thanks, |
|
I haven't tested this so I don't formally stamp this Approved but it looks ok to me. |
…e_time to be indexed per davids suggestion.
|
@davidpanderson Can you take a look at the pull request. I have made the change to the indexes to help when doing a query. I have also change the order of a query to use the indexes first. Thanks, |
html/ops/db_update.php
Outdated
| @@ -1107,6 +1107,7 @@ function update_4_19_2018() { | |||
| add column previous_email_addr varchar(254) not null default '', | |||
| add column email_addr_change_time double not null default 0 | |||
| "); | |||
| do_query("alter table user add index user_email_time (email_addr_change_time)"); | |||
There was a problem hiding this comment.
I think this needs a semi-colon at the end doesn't it?
There was a problem hiding this comment.
Where are you thinking the semicolon goes, there is one after the do_query close bracket? From previous examples of do_query, a semicolon is not needed before the end quotes. Note, you should be able to see similar update query in function update_5_12_2004.
There was a problem hiding this comment.
Ok - I was under the impression that mysql required a semi-colon at the end of statements, but if you've tested it and it works then clearly it is fine. I retract my question.
|
@brevilo and @davidpanderson - can either of you guys complete the review for this? Thanks! |
|
The new user fields also should be added to DB_USER::db_parse() and DB_USER::db_print() (in db/boinc_db.cpp), even if they aren't used in the C++ code. Otherwise if someone adds a field to user that IS used from C++, confusion will result. |
|
@davidpanderson I need to run my tests again to make sure this change didn't break anything. I should have that done today and I'll send you a message on here. Thanks, -Keith |
|
@davidpanderson My local tests succeeded. You can merge when ready. Thanks for the feedback from everyone on this ticket! |
|
Sorry for being too late this time. David fixed the Thanks everyone! |
When changing an email, use receives notification at new and old email address. Add checks for previous email address. Also add check for boincuser_delete account to terms of use form. Matches UX from upstream: BOINC#2451 Resolves: https://dev.gridrepublic.org/browse/DBOINCP-436 Also see: * BOINC#2500 * https://boinc.berkeley.edu/trac/wiki/EmailChangeNotification
This is to address the Email Change Notification for BOINC. Please view this issue with more information: #2451