UserSpice 4.1.1

mudmin · May 26, 2016 · de328635fc99392bc161a4a46f3ab7f7104ae903 · de32863
1 parent aa73adf
commit de328635fc99392bc161a4a46f3ab7f7104ae903
diff --git a/install/install/includes/sql.sql b/install/install/includes/sql.sql
@@ -45,7 +45,7 @@ CREATE TABLE `email` (
 --
 
 INSERT INTO `email` (`id`, `website_name`, `smtp_server`, `smtp_port`, `email_login`, `email_pass`, `from_name`, `from_email`, `transport`, `verify_url`, `email_act`) VALUES
-(1, 'User Spice', 'mail.userspice.com', 587, 'noreply@userspice.com', 'password', 'Your Name', 'noreply@userspice.com', 'Swift_SmtpTransport', 'localhost/us4/users/verify.php', 0);
+(1, 'User Spice', 'mail.userspice.com', 587, 'noreply@userspice.com', 'password', 'Your Name', 'noreply@userspice.com', 'tls', 'http://localhost/us4/', 0);
 
 -- --------------------------------------------------------
 

diff --git a/users/email_settings.php b/users/email_settings.php
@@ -29,6 +29,9 @@
 $query = $db->query("SELECT * FROM email");
 $results = $query->first();
 
+$urlProtocol=isset($_SERVER['HTTPS']) ? 'https://' : 'http://';
+
+
 if(!empty($_POST)){
   $token = $_POST['csrf'];
 	if(!Token::check($token)){
@@ -124,7 +127,9 @@
 
 <h1>Setup your email server</h1>
 <p>
-  These settings control all things email-related for the server including emailing your users and verifying the user's email address.
+  These settings control all things email-related for the server including emailing your users and verifying the user's email address. 
+  You must obtain and verify all settings below for YOUR email server or hosting provider. Encryption with TLS is STRONGLY recommended, 
+  followed by SSL. No encryption is like shouting your login credentials out into a crowded field and is not supported for now.
 </p>
 </p>It is <strong>HIGHLY</strong> recommended that you test your email settings before turning on the feature to require new users to verify their email<br>
   <a href="email_test.php" class="btn btn-danger">Test Your Settings</a><br><br>
@@ -152,12 +157,14 @@
   <input required size='50' class='form-control' type='text' name='from_email' value='<?=$results->from_email?>' />
 
 <label>Transport (Experimental):</label>
-  <input required size='50' class='form-control' type='text' name='transport' value='<?=$results->transport?>' />
+<select class="form-control" name="transport">
+	<option value="tls" <?php if($results->transport=='tls') echo 'selected="selected"'; ?> >TLS (encrypted)</option>
+	<option value="ssl" <?php if($results->transport=='ssl') echo 'selected="selected"'; ?> >SSL (encrypted, but weak)</option>
+</select>  
 
-<label>URL of YOUR verify.php file: (VERY Important). <?="Default location would be: ".$_SERVER['HTTP_HOST'].$us_url_root.'users/verify.php'?></label>
+<label>Root URL of your UserSpice install including http or https protocol (VERY Important) <br/><div class="text-muted"> <?="Default location would be: ".$urlProtocol.$_SERVER['HTTP_HOST'].$us_url_root?></div></label>
   <input required  size='50' class='form-control' type='text' name='verify_url' value='<?=$results->verify_url?>' />
 
-
 <label>Require User to Verify Their Email?:</label>
 <input type="radio" name="email_act" value="1" <?php echo ($results->email_act==1)?'checked':''; ?> size="25">Yes</input>
 <input type="radio" name="email_act" value="0" <?php echo ($results->email_act==0)?'checked':''; ?> size="25">No</input>

diff --git a/users/helpers/helpers.php b/users/helpers/helpers.php
@@ -117,7 +117,7 @@ function email($to,$subject,$body,$attachment=false){
 	$mail->SMTPAuth = true;                               // Enable SMTP authentication
 	$mail->Username = $smtp_username;                 // SMTP username
 	$mail->Password = $smtp_password;                           // SMTP password
-	$mail->SMTPSecure = 'tls';                            // Enable TLS encryption, `ssl` also accepted
+	$mail->SMTPSecure = $smtp_transport;                            // Enable TLS encryption, `ssl` also accepted
 	$mail->Port = $smtp_port;                                    // TCP port to connect to
 
 	$mail->setFrom($from, $from_name);

diff --git a/users/includes/user_spice_ver.php b/users/includes/user_spice_ver.php
@@ -1,3 +1,3 @@
 <?php
-$user_spice_ver="Version 4.1.0";
+$user_spice_ver="Version 4.1.1";
 ?>
diff --git a/users/views/_email_template_forgot_password.php b/users/views/_email_template_forgot_password.php
@@ -1,21 +1,7 @@
 <?php
-$abs_us_root=$_SERVER['DOCUMENT_ROOT'];
-
-$self_path=explode("/", $_SERVER['PHP_SELF']);
-$self_path_length=count($self_path);
-$file_found=FALSE;
-
-for($i = 1; $i < $self_path_length; $i++){
-	array_splice($self_path, $self_path_length-$i, $i);
-	$us_url_root=implode("/",$self_path)."/";
-
-	if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
-		$file_found=TRUE;
-		break;
-	}else{
-		$file_found=FALSE;
-	}
-}
+$db = DB::getInstance();
+$query = $db->query("SELECT * FROM email");
+$results = $query->first();
 ?>
 <!DOCTYPE html>
 <html>
@@ -26,7 +12,7 @@
     <p>Hello <?=$fname;?>,</p>
     <p>You are receiving this email because a request was made to reset your password. If this was not you, you may disgard this email.</p>
     <p>If this was you, click the link below to continue with the password reset process.</p>
-    <p><a href="<?=$_SERVER['HTTP_HOST'].$us_url_root?>users/forgot_password_reset.php?email=<?=$email;?>&vericode=<?=$vericode;?>&reset=1">Reset Password</a></p>
+    <p><a href="<?=$results->verify_url?>users/forgot_password_reset.php?email=<?=$email;?>&vericode=<?=$vericode;?>&reset=1">Reset Password</a></p>
     <p>Sincerely,</p>
     <p>-The Team-</p>
   </body>

diff --git a/users/views/_email_template_verify.php b/users/views/_email_template_verify.php
@@ -12,7 +12,7 @@
   <body>
     <p>Congratulations <?=$fname;?>,</p>
     <p>Thanks for signing up Please click the link below to verify your email address.</p>
-    <p><a href="<?=$results->verify_url?>?email=<?=$email;?>&vericode=<?=$vericode;?>">Verify Your Email</a></p>
+    <p><a href="<?=$results->verify_url?>users/verify.php?email=<?=$email;?>&vericode=<?=$vericode;?>">Verify Your Email</a></p>
     <p>Once you verify your email address you will be ready to login!</p>
     <p>See you soon!</p>
   </body>

diff --git a/users/views/_join.php b/users/views/_join.php
@@ -34,37 +34,29 @@
 		<label for="username">Choose a Username</label>
 		<input  class="form-control" type="text" name="username" id="username" placeholder="Username" value="<?php if (!$form_valid && !empty($_POST)){ echo $username;} ?>" required autofocus>
 		<p class="help-block">No Spaces or Special Characters - Min 5 characters</p>
-	</div>
-	<div class="form-group">
+
 		<label for="fname">First Name</label>
 		<input type="text" class="form-control" id="fname" name="fname" placeholder="First Name" value="<?php if (!$form_valid && !empty($_POST)){ echo $fname;} ?>" required>
-	</div>
-	<div class="form-group">
+
 		<label for="lname">Last Name</label>
 		<input type="text" class="form-control" id="lname" name="lname" placeholder="Last Name" value="<?php if (!$form_valid && !empty($_POST)){ echo $lname;} ?>" required>
-	</div>
-	<div class="form-group">
+
 		<label for="email">Email Address</label>
 		<input  class="form-control" type="text" name="email" id="email" placeholder="Email Address" value="<?php if (!$form_valid && !empty($_POST)){ echo $email;} ?>" required >
-	</div>
-	<div class="form-group">
+
 		<label for="company">Company Name</label>
 		<input type="text" class="form-control" id="company" name="company" placeholder="Company Name" value="<?php if (!$form_valid && !empty($_POST)){ echo $company;} ?>">
-	</div>
-	<div class="form-group">
+
 		<label for="password">Choose a Password</label>
 		<input  class="form-control" type="password" name="password" id="password" placeholder="Password" required aria-describedby="passwordhelp">
 		<span class="help-block" id="passwordhelp">Must be at least 6 characters</span>
-	</div>
-	<div class="form-group">
+
 		<label for="confirm">Confirm Password</label>
 		<input  type="password" id="confirm" name="confirm" class="form-control" placeholder="Confirm Password" required >
-	</div>
-	<div class="form-group">
+
 		<label for="confirm">Registration User Terms and Conditions</label>
-		<textarea id="agreement" name="agreement" rows="5" class="form-control" disabled ><?php require '../usersc/includes/user_agreement.php'; ?></textarea>
-	</div>
-	<div class="form-group">
+		<textarea id="agreement" name="agreement" rows="5" class="form-control" disabled ><?php require $abs_us_root.$us_url_root.'usersc/includes/user_agreement.php'; ?></textarea>
+
 		<label for="confirm">Check box to agree to terms</label>
 		<input type="checkbox" id="agreement_checkbox" name="agreement_checkbox" class="form-control">
 	</div>