Fixed user account activation with a registration-code

zorgch · Dec 7, 2019 · 8c1d8d5 · 8c1d8d5
1 parent 468ea6d
commit 8c1d8d5
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 24 deletions.
diff --git a/www/includes/strings.array.php b/www/includes/strings.array.php
@@ -65,7 +65,9 @@
 			,'error-userpic-archive' => 'Original Bild konnte nicht archiviert werden.'
 			,'error-userpictn-archive' => 'Thumbnail Bild konnte nicht archiviert werden.'
 			,'account-inactive' => 'Dein Account wurde noch nicht aktiviert'
+			,'account-is-active' => 'Dein Account ist bereits aktiviert!'
 			,'account-activated' => 'Dein Account wurde erfolgreich aktiviert!'
+			,'account-activated-text' => 'Herzlich willkommen - Schön, dass du da bist :)<br>Du kannst dich jetzt mit dem gewählten Username + PW einloggen.'
 			,'authentication-failed' => 'Benutzer/Passwort Kombination falsch!'
 			,'invalid-cookie' => 'Dein Browser-Cookie für den zorg Login wurde kompromittiert! Bitte nochmals neu einloggen.'
 			,'invalid-id' => '<h1>ID is not valid!</h1><p><strong>Please tell us about this via the <a href="bugtracker.php" title="Bugtracker - zorg.ch">Bugtracker</a>.</strong><br>You will contribute making zorg more secure and stable :) Thanks!</p>'

diff --git a/www/includes/usersystem.inc.php b/www/includes/usersystem.inc.php
@@ -127,6 +127,12 @@ class usersystem
 	var $default_z_gremium = ''; // no
 	var $default_firstname = null; // none
 	var $default_lastname = null; // none
+
+	/**
+	 * Object Vars
+	 * @var string (Optional) Error-Message, see: self::activate_user()
+	 */
+	var $error_message;
 
 	/**
 	 * Klassen Konstruktor
@@ -732,32 +738,56 @@ function online_users($pic=FALSE)
 	 * User aktivieren
 	 * Aktiviert einen Useraccount mittels Regcode
 	 *
+	 * @version 2.0
+	 * @since 1.0 Method added
+	 * @since 2.0 <inex> 07.12.2019 Fixed $regcode check and response for profil.php
+	 *
+	 * @see self::$error_message
 	 * @param string $regcode User Registration-Code
-	 * @global	object	$db	Globales Class-Object mit allen MySQL-Methoden
-	 * @return string Error-Message
+	 * @global object $db Globales Class-Object mit allen MySQL-Methoden
+	 * @return bool True/False whether if user could be activated or not
 	 */
-	function activate_user($regcode) {
+	function activate_user($regcode)
+	{
 		global $db;
 
-		$sql = 'SELECT id, '.$this->field_username.'
-				FROM '.$this->table_name.' WHERE '.$this->field_regcode.' = "'.$regcode.'"';
-		$result = $db->query($sql, __FILE__, __LINE__);
-		if($db->num($result)) {
+		$sql = 'SELECT id, username, active FROM user WHERE regcode = "'.$regcode.'"';
+		$result = $db->query($sql, __FILE__, __LINE__, __METHOD__);
+		if($db->num($result))
+		{
+			if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> User regcode: VALID', __FUNCTION__, __LINE__));
 			$rs = $db->fetch($result);
-			$username = $rs[$this->field_username];
-			$result = $db->update($this->table_name, ['id', $rs['id']], [$this->field_user_active => 1], __FILE__, __LINE__, __METHOD__);
-			if ($result === 0 || !$result)
+
+			/** User already activated */
+			if ($rs[$this->field_user_active] == '1')
 			{
-				$error = t('account-activated', 'user');
-				Activities::addActivity($rs['id'], 0, t('activity-newuser', 'user' ), 'u');
-			} else {
-				$error = t('invalid-regcode', 'user');
+				$this->error_message = t('account-is-active', 'user');
+				return false;
+			}
+
+			/** Try activating User */
+			else {
+				$username = $rs[$this->field_username];
+				$user_activated = $db->update($this->table_name, ['id', $rs['id']], [$this->field_user_active => 1], __FILE__, __LINE__, __METHOD__);
+				/** FAILED */
+				if ($user_activated === 0 || !$user_activated)
+				{
+					$this->error_message = t('invalid-regcode', 'user');
+					return false;
+				}
+				/** SUCCESS */
+				else {
+					$this->error_message = t('account-activated', 'user');
+					Activities::addActivity($rs['id'], 0, t('activity-newuser', 'user' ), 'u');
+					return true;
+				}
 			}
 		} else {
+			if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> User regcode: INVALID', __FUNCTION__, __LINE__));
+			$this->error_message = t('invalid-regcode', 'user');
 			$this->logerror(2,0);
-			$error = t('invalid-regcode', 'user');
+			return false;
 		}
-		return $error;
 	}
 
 	/**

diff --git a/www/models/profile.php b/www/models/profile.php
@@ -119,9 +119,9 @@ public function showLogin(&$smarty)
 	 *
 	 * @param object $smarty Smarty Class-Object
 	 */
-	public function showActivation(&$smarty)
+	public function showActivation(&$smarty, $message = null)
 	{
-		$this->page_title = 'Account bestätigen';
+		$this->page_title = (empty($message) ? 'Account bestätigen' : $message);
 		$this->page_link = '/profil.php?do=anmeldung';
 
 		$this->assign_model_to_smarty($smarty);

diff --git a/www/profil.php b/www/profil.php
@@ -221,7 +221,7 @@
  *
  * @TODO separate code & view by moving the HTML-parts to a Smarty-Template
  */
-if (!$user->is_loggedin() && $doAction === 'anmeldung')
+if (!$user->is_loggedin() && $doAction === 'anmeldung' || !empty($userRegcode))
 {
 	/**
 	 * Registrationsformular anzeigen
@@ -269,7 +269,7 @@
 					if (!isset($registerError) || empty($registerError))
 					{
 						$createUserResult = $user->create_newuser(htmlentities($_POST['new_username']), $_POST['new_password'], $_POST['new_password2'], $_POST['new_email']);
-						if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> create_newuser() Result: %s', __FILE__, __LINE__, (is_bool($createUserResult)?'true':$createUserResult)));
+						if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> create_newuser() Result: %s', __FILE__, __LINE__, (is_bool($createUserResult)?'true':$createUserResult)));
 						if (is_bool($createUserResult) && $createUserResult===true) {
 							$error = t('account-confirmation', 'user');
 							$smarty->assign('error', ['type' => 'success', 'dismissable' => 'true', 'title' => $error]);
@@ -377,11 +377,13 @@
 	 */
 	elseif (!empty($userRegcode))
 	{
-		$new_user = $user->activate_user($userRegcode);
-		$model->showActivation($smarty, $new_user);
-		$smarty->assign('error', ['type' => 'success', 'dismissable' => 'true', 'title' => t('newpass-confirmation', 'user'), 'message' => t('newpass-confirmation-text', 'user')]);
+		if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $userRegcode: %s', __FILE__, __LINE__, $userRegcode));
+		$user_activation_result = $user->activate_user($userRegcode);
+		$model->showActivation($smarty, $user->error_message);
+		if ($user_activation_result === true) $smarty->assign('error', ['type' => 'success', 'dismissable' => 'false', 'title' => t('account-activated', 'user'), 'message' => t('account-activated-text', 'user')]);
+		else $smarty->assign('error', ['type' => 'warn', 'dismissable' => 'false', 'title' => $user->error_message]);
 		$smarty->display('file:layout/head.tpl');
-		echo '<b>'.$new_user.'</b>';
+		//if ($user_activation_result === true) $smarty->display('file:layout/partials/loginform.tpl'); => Form Redirect-Error
 	}
 
 	$smarty->display('file:layout/footer.tpl');