Permalink
Browse files

Fixed: Weird user login/validation issues

This supposedly fixes the reported login issues. If email activation is set required, the registered user goes under the Guest group until validates/approved.
  • Loading branch information...
xhezairi committed Oct 8, 2012
1 parent 5fd1521 commit 02463ef78a0062cfe26c75f4f07a120c8f04cca1
Showing with 20 additions and 19 deletions.
  1. +15 −12 includes/controller/Main.php
  2. +3 −4 includes/model/User.php
  3. +2 −3 install.php
@@ -498,7 +498,7 @@ public function register() {
elseif (count(User::find(array("where" => array("login" => $_POST['login'])))))
Flash::warning(__("That username is already in use."));
- if (empty($_POST['password1']) and empty($_POST['password2']))
+ if (empty($_POST['password1']))
Flash::warning(__("Password cannot be blank."));
elseif ($_POST['password1'] != $_POST['password2'])
Flash::warning(__("Passwords do not match."));
@@ -512,14 +512,12 @@ public function register() {
if ($config->email_activation) {
$to = $_POST['email'];
$subject = _f($config->name." Registration Pending");
- $message = _f("Hello, ".$_POST['login'].".\n\nYou are receiving this message because you recently registered at ".$config->chyrp_url."\nTo complete your registration, go to ".$config->chyrp_url."/?action=validate&login=".fix($_POST['login'])."&token=");
+ $message = _f("Hello, ".fix($_POST['login']).".\n\nYou are receiving this message because you recently registered at ".$config->chyrp_url."\nTo complete your registration, go to ".$config->chyrp_url."/?action=validate&login=".fix($_POST['login'])."&token=".sha1($_POST['login'].$_POST['email']));
$headers = "From:".$config->email."\r\n" .
"Reply-To:".$config->email. "\r\n" .
"X-Mailer: PHP/".phpversion() ;
- $user = User::add($_POST['login'], $_POST['password1'], $_POST['email']);
- $message .= md5($_POST['email'] . $user->id);
-
+ $user = User::add($_POST['login'], $_POST['password1'], $_POST['email'], "", "", 5);
$sent = email($to, $subject, $message, $headers);
if ($sent)
@@ -540,31 +538,36 @@ public function register() {
$this->display("forms/user/register", array(), __("Register"));
}
- /**
+
+ /**
* Function: validate
* Approves a user registration for a given email.
*/
public function validate() {
if (logged_in())
error(__("Error"), __("You're already logged in."));
- if (!$_GET['token'])
+ if (empty($_GET['token']))
error(__("Error"), __("No token found."));
- $user = new User(array("login" => fix($_GET['login'])));
+ $user = new User(array("login" => strip_tags($_GET['login'])));
if ($user->no_results)
Flash::warning(__("A user with that email doesn't seem to exist in our database."), "/");
- if (md5($user->email . $user->id) != $_GET['token'])
- error(__("Error"), __("Token invalid."));
+ if (sha1($user->login.$user->email) !== $_GET['token'])
+ error(__("Error"), __("Invalid token."));
+
+ if ($user->is_approved != 1 or $user->group_id != 5) {
+ SQL::current()->update("users",
+ array("login" => $user->login),
+ array("is_approved" => 1, "group_id" => 2));
- if (!$user->is_approved == 1) {
- SQL::current()->update("users", array("email" => $user->email), array("is_approved" => 1));
Flash::notice(__("Your account is now active. Welcome aboard!"), "/?action=login");
} else
Flash::notice(__("Your account has already been activated."), "/");
}
+
/**
* Function: login
* Process logging in. If the username and password are incorrect or if the user is already logged in, it will error.
View
@@ -46,8 +46,7 @@ static function find($options = array(), $options_for_object = array()) {
* @true@ or @false@
*/
static function authenticate($login, $password) {
- $sql = SQL::current();
- $check = new self(array("login" => $login, "is_approved" => 1));
+ $check = new self(array("login" => $login));
if ($check->no_results)
return false;
@@ -60,7 +59,7 @@ static function authenticate($login, $password) {
# it on authentication to the new hashing scheme.
$check->update(null, self::hashPassword($password));
return true;
- } elseif ($sql->adapter == "mysql") {
+ } elseif (SQL::current()->adapter == "mysql") {
# Some imports might use MySQL password hashing (such as MovableType 3).
# Try those too, and update the user if they match.
if ($password == $check->password) {
@@ -110,7 +109,7 @@ static function add($login,
if (empty($group))
$group_id = $config->default_group;
else
- $group_id = ($group instanceof Group) ? $group->id : $group;
+ $group_id = ($group instanceof Group) ? $group->id : $group ;
$new_values = array("login" => strip_tags($login),
"password" => ($hash_password ? self::hashPassword($password) : $password),
View
@@ -217,7 +217,7 @@
email VARCHAR(128) DEFAULT '',
website VARCHAR(128) DEFAULT '',
group_id INTEGER DEFAULT 0,
- is_approved int(2) DEFAULT 1,
+ is_approved INTEGER DEFAULT 0,
joined_at DATETIME DEFAULT NULL,
UNIQUE (login)
) DEFAULT CHARSET=utf8");
@@ -342,10 +342,9 @@
"email" => $_POST['email'],
"website" => $config->url,
"group_id" => $group_id["admin"],
+ "is_approved" => 1,
"joined_at" => datetime()));
- $user_id = $sql->latest("users");
- $_SESSION['user_id'] = $user_id;
$installed = true;
}
}

0 comments on commit 02463ef

Please sign in to comment.