-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email change notification #2500
Changes from 41 commits
2b16e60
23a9b2b
8956751
cc38a9d
863cf3d
a2a78a6
db4e020
36a8b1f
a1b03c8
dbafb59
c516ed3
fa4603f
6602dcf
50a8756
79b169c
09c54fb
389ede3
c226ee7
4785a05
69f78a6
3011ccf
aaf866e
7916631
93d6e0b
7c9b4ad
4aa5acb
d0fcd1e
e874a86
2905e50
cbcbb5e
6964382
7749c64
94a6687
5cead5f
387d596
8c9626f
e82a698
9cd7d63
0d78176
4168861
fecbfa3
12a3933
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,6 +21,7 @@ | |
require_once("../inc/team.inc"); | ||
require_once("../inc/email.inc"); | ||
require_once("../inc/password_compat/password.inc"); | ||
require_once("../inc/user_util.inc"); | ||
|
||
// do a very cursory check that the given text is valid; | ||
// for now, just make sure it has the given start and end tags, | ||
|
@@ -111,7 +112,24 @@ function success($x) { | |
$send_email = BoincDb::escape_string($send_email); | ||
$show_hosts = BoincDb::escape_string($show_hosts); | ||
$venue = BoincDb::escape_string($venue); | ||
if ($email_addr) { | ||
$send_changed_email_to_user = false; | ||
$email_addr = strtolower($email_addr); | ||
if ($email_addr && $email_addr != $user->email_addr) { | ||
$tmpuser = BoincUser::lookup_email_addr($email_addr); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't know how typical it would be but if AM includes email address even when it has not changed then this code bombs out when it previously didn't. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So, I think what the option you're asking for is. If email_addr does not equal the same as the user of the auth_token, return an error. if it is the same email_addr for the user with auth, then set email_addr to null for local usage since that is the trigger below in the code. Does that sound reasonable? |
||
if ($tmpuser) { | ||
xml_error(ERR_DB_NOT_UNIQUE, "There's already an account with that email address."); | ||
} | ||
|
||
//check if the email address is included in previous_email_addr window. | ||
// | ||
$tmpuser = BoincUser::lookup_prev_email_addr($email_addr); | ||
if ($tmpuser) { | ||
xml_error(ERR_DB_NOT_UNIQUE, "Email address is already in use"); | ||
} | ||
if ($user->email_addr_change_time + 604800 > time()) { | ||
xml_error(ERR_BAD_EMAIL_ADDR, "Email address was changed within the past 7 days, please look for an email to $user->previous_email_addr if this email change is incorrect."); | ||
} | ||
|
||
if (!is_valid_email_addr($email_addr)) { | ||
xml_error(ERR_BAD_EMAIL_ADDR, "Invalid email address"); | ||
} | ||
|
@@ -172,9 +190,20 @@ function success($x) { | |
if ($venue) { | ||
$query .= " venue='$venue', "; | ||
} | ||
if ($email_addr && $email_addr!=$user->email_addr) { | ||
$old_email_addr = $user->email_addr; | ||
$query .= " email_addr='$email_addr', "; | ||
|
||
// Check to see if email_addr is different then what user->email-addr has | ||
// If it is different, then update the database and trigger sending an | ||
// email to the user that the email address has been changed. | ||
// | ||
if ($email_addr && $email_addr != $user->email_addr) { | ||
$user->previous_email_addr = $user->email_addr; | ||
$user->email_addr_change_time = time(); | ||
$user->email_addr = $email_addr; | ||
$query .= " email_addr='$user->email_addr', "; | ||
if ($user->previous_email_addr) { | ||
$query .= " previous_email_addr='$user->previous_email_addr', email_addr_change_time=$user->email_addr_change_time, "; | ||
$send_changed_email_to_user = true; | ||
} | ||
} | ||
if ($password_hash) { | ||
$database_passwd_hash = password_hash($password_hash, PASSWORD_DEFAULT); | ||
|
@@ -188,6 +217,9 @@ function success($x) { | |
$query = "$query seti_id=seti_id"; | ||
$result = $user->update($query); | ||
if ($result) { | ||
if ($send_changed_email_to_user) { | ||
send_changed_email($user); | ||
} | ||
success(""); | ||
} else { | ||
xml_error(-1, "database error: ".BoincDb::error()); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs a semi-colon at the end doesn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where are you thinking the semicolon goes, there is one after the do_query close bracket? From previous examples of do_query, a semicolon is not needed before the end quotes. Note, you should be able to see similar update query in function update_5_12_2004.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok - I was under the impression that mysql required a semi-colon at the end of statements, but if you've tested it and it works then clearly it is fine. I retract my question.