diff --git a/language/english.php b/language/english.php index 84cbce721..d004b6070 100644 --- a/language/english.php +++ b/language/english.php @@ -449,7 +449,14 @@ 'tfa_download' => 'Download Backup Codes', 'tfa_new_backup_code' => 'Generate a new set of backup codes', 'tfa_generate_confirm' => 'Go ahead?', - 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.' + 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.', + 'new_email' => 'New Email', + 'set_new_email' => 'Set New Email', + 'confirm_new_email' => 'Confirm new email', + 'enter_new_email' => 'Enter New Email', + 'desc_new_email_status' => 'You are required to enter a new email address for your account. You can enter a new email for your account below. Please note you will not be able to do anything with your account until your email is updated and verified.', + 'email_msg_email_status_1' => "You have updated your email address for your account \"%s\" on {$_CONF['site_name']}, <{$_CONF['site_url']}>.\n\nPlease click on the following link to verify this email address:\n\n", + 'email_msg_email_status_2' => "If you do not verify this email address and you log into your account you will be required to enter a new email address and go through this email verification process again.\n\n" ); ############################################################################### @@ -1469,10 +1476,10 @@ 20 => '', 21 => 'The user has been successfully saved.', 22 => 'The user has been successfully deleted.', - 23 => '', - 24 => '', - 25 => '', - 26 => '', + 23 => 'Your passwords must match, please try again.', + 24 => 'Your emails must match, please try again.', + 25 => 'You have not entered a valid email address, please try again.', + 26 => 'That email address is already being used by an account, please try again.', 27 => 'Message successfully sent.', 28 => 'The plugin has been successfully saved', 29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged', @@ -1576,7 +1583,9 @@ 153 => 'You last emailed an article %1$d seconds ago. This site requires at least %2$d seconds between emailing articles.', 400 => 'Not all required fields have been passed validation', // Error codes in the 400 range reserved for CUSTOM membership 401 => 'Please enter Fullname', - 500 => 'The Data, Template, Resource, and File Manager Cache has been successfully cleared.' + 501 => 'A verification message has been sent to your email address. Please click on the link in the email to confirm your email address and update your account. If you log into your account again before you verify your email address you will be asked again for a email address.Please note you have now been successfully logged out so you can complete this verification.', + 502 => 'Your request for a new email has expired. Please try again below.', + 503 => 'Your email has been successfully verified. Please login now.' ); ############################################################################### @@ -2111,6 +2120,7 @@ 'hide_author_exclusion' => "Allow Hide Author", 'show_fullname' => "Show Fullname", 'show_servicename' => "Show Service Name", + 'require_user_email' => "Require User Email", 'custom_registration' => "Enable Custom Registration", 'user_login_method' => "User Login Method", 'facebook_login' => "Enable OAuth Login Method Facebook", diff --git a/language/english_utf-8.php b/language/english_utf-8.php index 9ef53e622..1bafcb704 100644 --- a/language/english_utf-8.php +++ b/language/english_utf-8.php @@ -449,7 +449,14 @@ 'tfa_download' => 'Download Backup Codes', 'tfa_new_backup_code' => 'Generate a new set of backup codes', 'tfa_generate_confirm' => 'Go ahead?', - 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.' + 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.', + 'new_email' => 'New Email', + 'set_new_email' => 'Set New Email', + 'confirm_new_email' => 'Confirm new email', + 'enter_new_email' => 'Enter New Email', + 'desc_new_email_status' => 'You are required to enter a new email address for your account. You can enter a new email for your account below. Please note you will not be able to do anything with your account until your email is updated and verified.', + 'email_msg_email_status_1' => "You have updated your email address for your account \"%s\" on {$_CONF['site_name']}, <{$_CONF['site_url']}>.\n\nPlease click on the following link to verify this email address:\n\n", + 'email_msg_email_status_2' => "If you do not verify this email address and you log into your account you will be required to enter a new email address and go through this email verification process again.\n\n" ); ############################################################################### @@ -1470,10 +1477,10 @@ 20 => '', 21 => 'The user has been successfully saved.', 22 => 'The user has been successfully deleted.', - 23 => '', - 24 => '', - 25 => '', - 26 => '', + 23 => 'Your passwords must match, please try again.', + 24 => 'Your emails must match, please try again.', + 25 => 'You have not entered a valid email address, please try again.', + 26 => 'That email address is already being used by an account, please try again.', 27 => 'Message successfully sent.', 28 => 'The plugin has been successfully saved', 29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged.', @@ -1577,7 +1584,10 @@ 153 => 'You last emailed an article %1$d seconds ago. This site requires at least %2$d seconds between emailing articles.', 400 => 'Not all required fields have been passed validation', // Error codes in the 400 range reserved for CUSTOM membership 401 => 'Please enter Fullname', - 500 => 'The Data, Template, Resource, and File Manager Cache has been successfully cleared.' + 500 => 'The Data, Template, Resource, and File Manager Cache has been successfully cleared.', + 501 => 'A verification message has been sent to your email address. Please click on the link in the email to confirm your email address and update your account. If you log into your account again before you verify your email address you will be asked again for a email address.Please note you have now been successfully logged out so you can complete this verification.', + 502 => 'Your request for a new email has expired. Please try again below.', + 503 => 'Your email has been successfully verified. Please login now.' ); ############################################################################### @@ -2112,6 +2122,7 @@ 'hide_author_exclusion' => "Allow Hide Author", 'show_fullname' => "Show Fullname", 'show_servicename' => "Show Service Name", + 'require_user_email' => "Require User Email", 'custom_registration' => "Enable Custom Registration", 'user_login_method' => "User Login Method", 'facebook_login' => "Enable OAuth Login Method Facebook", diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php index 9b6d07298..65a975f9f 100644 --- a/language/japanese_utf-8.php +++ b/language/japanese_utf-8.php @@ -457,7 +457,14 @@ 'tfa_download' => 'バックアップコードをダウンロード', 'tfa_new_backup_code' => 'バックアップコードを生成し直す', 'tfa_generate_confirm' => '実行してもよいですか?', - 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.' + 'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. Please note you will not be able to do anything with your account until your password is updated.', + 'new_email' => 'New Email', + 'set_new_email' => 'Set New Email', + 'confirm_new_email' => 'Confirm new email', + 'enter_new_email' => 'Enter New Email', + 'desc_new_email_status' => 'You are required to enter a new email address for your account. You can enter a new email for your account below. Please note you will not be able to do anything with your account until your email is updated and verified.', + 'email_msg_email_status_1' => "You have updated your email address for your account \"%s\" on {$_CONF['site_name']}, <{$_CONF['site_url']}>.\n\nPlease click on the following link to verify this email address:\n\n", + 'email_msg_email_status_2' => "If you do not verify this email address and you log into your account you will be required to enter a new email address and go through this email verification process again.\n\n" ); ############################################################################### @@ -1471,10 +1478,10 @@ 20 => '', 21 => 'ユーザー情報を保存しました。', 22 => 'ユーザー情報を削除しました。', - 23 => '', - 24 => '', - 25 => '', - 26 => '', + 23 => 'Your passwords must match, please try again.', + 24 => 'Your emails must match, please try again.', + 25 => 'You have not entered a valid email address, please try again.', + 26 => 'That email address is already being used by an account, please try again.', 27 => 'メッセージを送信しました。', 28 => 'プラグインを保存しました', 29 => 'あなたはこの管理ページにアクセスできません。権限のない機能へのアクセスはすべて記録しています。', @@ -1578,7 +1585,10 @@ 153 => 'あなたは %1$d 秒前に友だちに記事を送信しています。次に送信する前に %2$d 秒以上あけてください。', 400 => '検証に通っていない必須のフィールドがあります。', 401 => '氏名を入力してください。', - 500 => 'データ、テンプレート、リソース、ファイルマネージャーのキャッシュファイルを削除しました。' + 500 => 'データ、テンプレート、リソース、ファイルマネージャーのキャッシュファイルを削除しました。', + 501 => 'A verification message has been sent to your email address. Please click on the link in the email to confirm your email address and update your account. If you log into your account again before you verify your email address you will be asked again for a email address.Please note you have now been successfully logged out so you can complete this verification.', + 502 => 'Your request for a new email has expired. Please try again below.', + 503 => 'Your email has been successfully verified. Please login now.' ); ############################################################################### @@ -2118,6 +2128,7 @@ 'hide_author_exclusion' => '所有者の非表示を許可する', 'show_fullname' => 'ユーザー名の代わりに氏名を表示する', 'show_servicename' => 'サービス名を表示する', + 'require_user_email' => "Require User Email", 'custom_registration' => 'カスタム登録を有効にする', 'user_login_method' => 'ログイン方法', 'facebook_login' => 'FacebookのOAuthを有効にする', diff --git a/public_html/admin/configuration_validation.php b/public_html/admin/configuration_validation.php index b8ce2eab6..98bd3cf7f 100644 --- a/public_html/admin/configuration_validation.php +++ b/public_html/admin/configuration_validation.php @@ -308,6 +308,7 @@ $_CONF_VALIDATE['Core']['hide_author_exclusion'] = array('rule' => 'boolean'); $_CONF_VALIDATE['Core']['show_fullname'] = array('rule' => 'boolean'); $_CONF_VALIDATE['Core']['show_servicename'] = array('rule' => 'boolean'); +$_CONF_VALIDATE['Core']['require_user_email'] = array('rule' => 'boolean'); $_CONF_VALIDATE['Core']['custom_registration'] = array('rule' => 'boolean'); $_CONF_VALIDATE['Core']['user_login_method[standard]'] = array('rule' => 'boolean'); $_CONF_VALIDATE['Core']['user_login_method[openid]'] = array('rule' => 'boolean'); diff --git a/public_html/admin/install/config-install.php b/public_html/admin/install/config-install.php index 060dee551..56014fedf 100644 --- a/public_html/admin/install/config-install.php +++ b/public_html/admin/install/config-install.php @@ -227,6 +227,7 @@ function install_config() $c->add('allow_account_delete',0,'select',4,16,0,270,TRUE, $me, 16); $c->add('hide_author_exclusion',0,'select',4,16,0,280,TRUE, $me, 16); $c->add('show_fullname',0,'select',4,16,0,290,TRUE, $me, 16); + $c->add('require_user_email',1,'select',4,16,0,295,TRUE, $me, 16); $c->add('show_servicename',TRUE,'select',4,16,1,300,TRUE, $me, 16); $c->add('custom_registration',FALSE,'select',4,16,1,310,TRUE, $me, 16); $c->add('user_login_method',array('standard' => true, 'openid' => false, '3rdparty' => false, 'oauth' => false),'@select',4,16,1,320,TRUE, $me, 16); diff --git a/public_html/admin/install/devel-db-update.php b/public_html/admin/install/devel-db-update.php index 3c15d0fc5..c4755f38f 100644 --- a/public_html/admin/install/devel-db-update.php +++ b/public_html/admin/install/devel-db-update.php @@ -107,6 +107,9 @@ function update_DatabaseFor220() PRIMARY KEY (code) ) ENGINE=MyISAM "; + + // Add column to confirm new email address + $_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `emailconfirmid` VARCHAR(16) NULL DEFAULT NULL AFTER `pwrequestid`"; // Add theme admin $result = DB_query("SELECT * FROM {$_TABLES['groups']} WHERE grp_name='Theme Admin'"); diff --git a/public_html/docs/english/config.html b/public_html/docs/english/config.html index 84b3246b2..adc09e852 100644 --- a/public_html/docs/english/config.html +++ b/public_html/docs/english/config.html @@ -807,6 +807,13 @@

Users and Submissions: Users

Whether to display a user's full name (= 1) or only their username (= 0). For users that haven't entered their full name, Geeklog will always display the username. + + require_user_email + true + If set to true, users will be required to add an email address to their account and need to verify it + before they can continue to use the website while logged in. This affects remote accounts as some + may not return an email address to Geeklog when the account is created due to permissions from the + remote service. show_servicename true diff --git a/public_html/docs/japanese/config.html b/public_html/docs/japanese/config.html index a5b394f9c..a9459b21d 100644 --- a/public_html/docs/japanese/config.html +++ b/public_html/docs/japanese/config.html @@ -744,6 +744,13 @@

ユーザーと投稿: ユーザー

ユーザー名の代わりに氏名を表示する(show_fullname) いいえ 「はい」にするとユーザーのフルネームを表示し、「いいえ」にするとユーザー名しか表示しません。フルネームを入力していない場合は常にユーザー名が表示されます。 + + require_user_email + true + If set to true, users will be required to add an email address to their account and need to verify it + before they can continue to use the website while logged in. This affects remote accounts as some + may not return an email address to Geeklog when the account is created due to permissions from the + remote service. サービス名を表示する(show_servicename) はい diff --git a/public_html/layout/denim/users/newemail.thtml b/public_html/layout/denim/users/newemail.thtml new file mode 100644 index 000000000..9644b3fa4 --- /dev/null +++ b/public_html/layout/denim/users/newemail.thtml @@ -0,0 +1,33 @@ +{# begin {templatelocation} #} + +
+
+ {lang_setnewemail} + +

{lang_explain}

+ +
+
{lang_username}
+
{user_name}
+ +
+
+ +
+
+
+ + {captcha} + +
    +
  • + + + + +
    • +
+
+
+ +{# end {templatelocation} #} \ No newline at end of file diff --git a/public_html/layout/modern_curve/users/newemail.thtml b/public_html/layout/modern_curve/users/newemail.thtml new file mode 100644 index 000000000..9644b3fa4 --- /dev/null +++ b/public_html/layout/modern_curve/users/newemail.thtml @@ -0,0 +1,33 @@ +{# begin {templatelocation} #} + +
+
+ {lang_setnewemail} + +

{lang_explain}

+ +
+
{lang_username}
+
{user_name}
+ +
+
+ +
+
+
+ + {captcha} + +
    +
  • + + + + +
    • +
+
+
+ +{# end {templatelocation} #} \ No newline at end of file diff --git a/public_html/lib-common.php b/public_html/lib-common.php index 2036ebf9a..987fa8425 100644 --- a/public_html/lib-common.php +++ b/public_html/lib-common.php @@ -3468,11 +3468,16 @@ function COM_mail($to, $subject, $message, $from = '', $html = false, $priority // Need to check email address to ensure they are not from account that have a status of locked or new email. If so we need to remove them so no email sent // Email addresses without accounts are not affected - $email = key($to); + if (is_array($to)) { + $email = key($to); + } else { + $email = $to; + } + // If no status exists then assume no user account and email is being sent to someone else (which is fine and should be sent like to new users) $status = DB_getItem($_TABLES['users'], 'status', "email = '$email'"); - if ($status == USER_ACCOUNT_DISABLED || $status == USER_ACCOUNT_LOCKED || $status == USER_ACCOUNT_NEW_EMAIL) { + if (!empty($status) && ($status == USER_ACCOUNT_DISABLED || $status == USER_ACCOUNT_LOCKED || $status == USER_ACCOUNT_NEW_EMAIL)) { return false; } else { return Geeklog\Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments); diff --git a/public_html/users.php b/public_html/users.php index 3c0ac2e81..2ec095c9c 100644 --- a/public_html/users.php +++ b/public_html/users.php @@ -112,7 +112,7 @@ function USER_requestPassword($username) $A = DB_fetchArray($result); if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) { COM_redirect($_CONF['site_url'] . '/index.php?msg=48'); - } elseif (($_CONF['usersubmission'] == 0) && ($A['status'] != USER_ACCOUNT_ACTIVE || $A['status'] != USER_ACCOUNT_AWAITING_APPROVAL)) { + } elseif (($_CONF['usersubmission'] == 0) && ($A['status'] != USER_ACCOUNT_ACTIVE && $A['status'] != USER_ACCOUNT_AWAITING_APPROVAL)) { // Don't send password for these accounts with statuses of Locked, Disabled, New Email, New Password COM_redirect($_CONF['site_url'] . '/index.php?msg=47'); } @@ -149,6 +149,38 @@ function USER_requestPassword($username) return $retval; } +/** + * Display a form where the user can enter a new email address. + * + * @return string new email form + */ +function USER_newEmailForm() +{ + global $_CONF, $_TABLES, $LANG04, $_USER; + + $emailForm = COM_newTemplate($_CONF['path_layout'] . 'users'); + $emailForm->set_file(array('newemail' => 'newemail.thtml')); + + $uid = $_USER['uid']; + $emailForm->set_var('user_id', $uid); + $emailForm->set_var('user_name', DB_getItem($_TABLES['users'], 'username', "uid = '{$uid}'")); + + + $emailForm->set_var('lang_explain', $LANG04['desc_new_email_status']); + $emailForm->set_var('mode', 'setnewemailstatus'); + + $emailForm->set_var('lang_username', $LANG04[2]); + $emailForm->set_var('lang_newemail', $LANG04['new_email']); + $emailForm->set_var('lang_newemail_conf', $LANG04['confirm_new_email']); + $emailForm->set_var('lang_setnewemail', $LANG04['set_new_email']); + + $retval = COM_startBlock($LANG04['enter_new_email']) + . $emailForm->finish($emailForm->parse('output', 'newemail')) + . COM_endBlock(); + + return $retval; +} + /** * Display a form where the user can enter a new password. * @@ -187,6 +219,63 @@ function USER_newPasswordForm($uid, $requestId = "") return $retval; } +/** + * User required to confirm new email address - send email with a link and confirm id + * + * @return string form or meta redirect + */ +function USER_emailConfirmation($email) +{ + global $_CONF, $_TABLES, $LANG04, $_USER; + + $retval = ''; + + $uid = $_USER['uid']; + + if ($uid > 1) { + $result = DB_query("SELECT uid,email,emailconfirmid,status FROM {$_TABLES['users']} WHERE uid = $uid"); + $numRows = DB_numRows($result); + if ($numRows == 1) { + $A = DB_fetchArray($result); + if ($A['status'] != USER_ACCOUNT_NEW_EMAIL) { + COM_redirect($_CONF['site_url'] . '/index.php?msg=30'); + } + $emailconfirmid = substr(md5(uniqid(rand(), 1)), 1, 16); + DB_change($_TABLES['users'], 'emailconfirmid', "$emailconfirmid", 'uid', $uid); + + $mailtext = sprintf($LANG04['email_msg_email_status_1'], $_USER['username']); + $mailtext .= $_CONF['site_url'] . '/users.php?mode=newemailstatus&uid=' . $uid . '&ecid=' . $emailconfirmid . "\n\n"; + $mailtext .= $LANG04['email_msg_email_status_2']; + $mailtext .= "{$_CONF['site_name']}\n"; + $mailtext .= "{$_CONF['site_url']}\n"; + + $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; + if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { + $mailfrom = $_CONF['noreply_mail']; + $mailtext .= LB . LB . $LANG04[159]; + } else { + $mailfrom = $_CONF['site_mail']; + } + if (COM_mail($email, $subject, $mailtext, $mailfrom)) { + $redirect = $_CONF['site_url'] . "/users.php?mode=logout&msg=501"; + } else { + // problem sending the email + $redirect = $_CONF['site_url'] . "/users.php?mode=newemailstatus&msg=85"; + } + + // Update new email after so it doesn't affect com_mail status check + DB_change($_TABLES['users'], 'email', "$email", 'uid', $uid); + + // Email sent so to confirm new email address so now logoff and tell user go check inbox + COM_redirect($redirect); + } else { + $retval = COM_createHTMLDocument(USER_defaultForm($LANG04[17]), array('pagetitle' => $LANG04[17])); + } + } + + return $retval; +} + /** * Creates a user * Creates a user with the give username and email address @@ -880,7 +969,13 @@ function USER_tryTwoFactorAuth() SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); - COM_redirect($_CONF['site_url'] . '/index.php?msg=8'); + + $msg = (int) Geeklog\Input::fGet('msg', 0); + if ($msg == 0) { + $msg = 8; + } + + COM_redirect($_CONF['site_url'] . "/index.php?msg=$msg"); break; case 'profile': @@ -995,6 +1090,38 @@ function USER_tryTwoFactorAuth() } break; + case 'newpwdstatus': + if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) { + $msg = (int) Geeklog\Input::fRequest('msg', 0); + if ($msg > 0) { + $display .= COM_showMessage($msg); + } + + $display .= USER_newPasswordForm($_USER['uid']); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92])); + } else { + // this request doesn't make sense - ignore it + COM_redirect($_CONF['site_url'] . '/index.php'); + } + break; + + case 'setnewpwdstatus': + if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) { + if ((empty($_POST['passwd'])) || ($_POST['passwd'] != $_POST['passwd_conf'])) { + COM_redirect($_CONF['site_url'] . '/users.php?mode=newpwdstatus&msg=23'); + } else { + SEC_updateUserPassword(Geeklog\Input::post('passwd'), $_USER['uid']); + DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $uid); + DB_delete($_TABLES['sessions'], 'uid', $_USER['uid']); + COM_redirect($_CONF['site_url'] . '/users.php?msg=53'); + } + } else { + // this request doesn't make sense - ignore it + COM_redirect($_CONF['site_url'] . '/index.php'); + } + + break; + case 'emailpasswd': if ($_CONF['passwordspeedlimit'] == 0) { $_CONF['passwordspeedlimit'] = 300; // 5 minutes @@ -1021,33 +1148,55 @@ function USER_tryTwoFactorAuth() } } break; + + case 'newemailstatus': + $uid = (int) Geeklog\Input::fGet('uid', 0); + $ecid = Geeklog\Input::fGet('ecid'); + if (!empty($uid) && ($uid > 0) && !empty($ecid) && (strlen($ecid) === 16)) { + $valid = DB_count($_TABLES['users'], array('uid', 'emailconfirmid'), array($uid, $ecid)); + if ($valid == 1) { + //SEC_updateUserPassword(Geeklog\Input::post('passwd'), $uid); - case 'newpwdstatus': - if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) { - $display .= USER_newPasswordForm($_USER['uid']); - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92])); + DB_delete($_TABLES['sessions'], 'uid', $uid); + DB_change($_TABLES['users'], 'emailconfirmid', "NULL", 'uid', $uid); + DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $uid); + + COM_redirect($_CONF['site_url'] . '/users.php?msg=503'); + } + } elseif (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_EMAIL)) { + $msg = (int) Geeklog\Input::fRequest('msg', 0); + if ($msg > 0) { + $display .= COM_showMessage($msg); + } + + $display .= USER_newEmailForm(); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04['new_email'])); } else { // this request doesn't make sense - ignore it COM_redirect($_CONF['site_url'] . '/index.php'); } break; - - case 'setnewpwdstatus': - if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) { - if ((empty($_POST['passwd'])) || ($_POST['passwd'] != $_POST['passwd_conf'])) { - COM_redirect($_CONF['site_url'] . '/users.php?mode=newpwdstatus'); + + case 'setnewemailstatus': + if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_EMAIL)) { + $email = trim(Geeklog\Input::fPost('email')); + $email_conf = trim(Geeklog\Input::fPost('email_conf')); + if ($email != $email_conf) { + COM_redirect($_CONF['site_url'] . '/users.php?mode=newemailstatus&msg=24'); + } elseif (empty($email) || !COM_isEmail($email)) { + COM_redirect($_CONF['site_url'] . '/users.php?mode=newemailstatus&msg=25'); + } elseif (USER_emailMatches($email, $_CONF['disallow_domains'])) { + COM_redirect($_CONF['site_url'] . '/users.php?mode=newemailstatus&msg=26'); } else { - SEC_updateUserPassword(Geeklog\Input::post('passwd'), $_USER['uid']); - DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $uid); - DB_delete($_TABLES['sessions'], 'uid', $_USER['uid']); - COM_redirect($_CONF['site_url'] . '/users.php?msg=53'); + // Send out confirmation email of new address + USER_emailConfirmation($email); } } else { // this request doesn't make sense - ignore it COM_redirect($_CONF['site_url'] . '/index.php'); } - break; + break; case 'new': if ($_CONF['disable_new_user_registration']) { @@ -1209,6 +1358,7 @@ function USER_tryTwoFactorAuth() } DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); + //DB_change($_TABLES['users'], 'emailconfirmid', "NULL", 'uid', $uid); $_USER = SESS_getUserDataFromId($uid); if (isset($_CONF['enable_twofactorauth']) && $_CONF['enable_twofactorauth'] && diff --git a/sql/mysql_tableanddata.php b/sql/mysql_tableanddata.php index ebd79deef..a51f13850 100644 --- a/sql/mysql_tableanddata.php +++ b/sql/mysql_tableanddata.php @@ -493,6 +493,7 @@ theme varchar(64) default NULL, language varchar(64) default NULL, pwrequestid varchar(16) default NULL, + emailconfirmid varchar(16) default NULL, status smallint(5) unsigned NOT NULL default '1', num_reminders tinyint(1) NOT NULL default 0, invalidlogins SMALLINT NOT NULL DEFAULT '0', diff --git a/sql/pgsql_tableanddata.php b/sql/pgsql_tableanddata.php index dc96aa3c6..bb94c907c 100644 --- a/sql/pgsql_tableanddata.php +++ b/sql/pgsql_tableanddata.php @@ -492,6 +492,7 @@ theme varchar(64) default NULL, language varchar(64) default NULL, pwrequestid varchar(16) default NULL, + emailconfirmid varchar(16) default NULL, status smallint NOT NULL default '1', num_reminders smallint NOT NULL default 0, invalidlogins SMALLINT NOT NULL DEFAULT '0', diff --git a/sql/updates/mysql_2.1.3_to_2.2.0.php b/sql/updates/mysql_2.1.3_to_2.2.0.php index a76a1e754..f23afb7e5 100644 --- a/sql/updates/mysql_2.1.3_to_2.2.0.php +++ b/sql/updates/mysql_2.1.3_to_2.2.0.php @@ -39,6 +39,9 @@ ) ENGINE=MyISAM "; +// Add column to confirm new email address +$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `emailconfirmid` VARCHAR(16) NULL DEFAULT NULL AFTER `pwrequestid`"; + /** * Upgrade Messages */ @@ -91,6 +94,9 @@ function update_ConfValuesFor220() // Add a config option to decide whether to globally allow two factor auth $c->add('enable_twofactorauth',0,'select',4,18,0,1730,TRUE, $me, 18); + + // Config option to force email to be required (used for all remote account types as some may not return email address) + $c->add('require_user_email',1,'select',4,16,0,295,TRUE, $me, 16); return true; } diff --git a/sql/updates/pgsql_2.1.3_to_2.2.0.php b/sql/updates/pgsql_2.1.3_to_2.2.0.php index 6747910c3..011b6f7e8 100644 --- a/sql/updates/pgsql_2.1.3_to_2.2.0.php +++ b/sql/updates/pgsql_2.1.3_to_2.2.0.php @@ -39,6 +39,9 @@ ) "; +// Add column to confirm new email address +$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `emailconfirmid` VARCHAR(16) NULL DEFAULT NULL AFTER `pwrequestid`"; + /** * Upgrade Messages */ @@ -91,6 +94,9 @@ function update_ConfValuesFor220() // Add a config option to decide whether to globally allow two factor auth $c->add('enable_twofactorauth',0,'select',4,18,0,1730,TRUE, $me, 18); + + // Config option to force email to be required (used for all remote account types as some may not return email address) + $c->add('require_user_email',1,'select',4,16,0,295,TRUE, $me, 16); return true; } diff --git a/system/lib-sessions.php b/system/lib-sessions.php index 00db64f80..934046101 100644 --- a/system/lib-sessions.php +++ b/system/lib-sessions.php @@ -214,13 +214,20 @@ function SESS_sessionCheck() // Check to see if user status is set to something we have to redirect the user too if ($_USER['uid'] > 1) { + // Check if user has email account and if required + if ($_CONF['require_user_email'] && empty($_USER['email'])) { + $needEmail = true; + } else { + $needEmail = false; + } + if ($_USER['status'] == USER_ACCOUNT_LOCKED) { // Account is locked so user shouldn't be logged in COM_redirect($_CONF['site_url'] . '/users.php?mode=logout'); - } elseif ($status == USER_ACCOUNT_NEW_EMAIL || $status == USER_ACCOUNT_NEW_PASSWORD) { + } elseif ($needEmail || $_USER['status'] == USER_ACCOUNT_NEW_EMAIL || $_USER['status'] == USER_ACCOUNT_NEW_PASSWORD) { // Account requires additional info so get it if ($_SERVER['PHP_SELF'] != '/users.php') { - if ($status == USER_ACCOUNT_NEW_EMAIL) { + if ($needEmail || $_USER['status'] == USER_ACCOUNT_NEW_EMAIL) { COM_redirect($_CONF['site_url'] . '/users.php?mode=newemailstatus'); } elseif ($status == USER_ACCOUNT_NEW_PASSWORD) { COM_redirect($_CONF['site_url'] . '/users.php?mode=newpwdstatus'); @@ -229,7 +236,6 @@ function SESS_sessionCheck() } } - } /**