From bf0be3ddb7226f428a3cc00a87c5a64f2113c00b Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@controlyourself.ca>
Date: Fri, 20 Jun 2008 01:15:36 -0400
Subject: [PATCH] confirm email addresses

darcs-hash:20080620051536-5ed1f-231e427832dd20c861eb7a6dc1171315e90f455b.gz
---
 actions/confirmemail.php  | 70 +++++++++++++++++++++++++++++++++++++++
 actions/register.php      | 30 ++++++++++++++---
 classes/Confirm_email.php | 23 +++++++++++++
 classes/stoica.ini        |  9 +++++
 db/laconica.sql           |  2 +-
 lib/action.php            |  7 ++++
 lib/common.php            |  1 +
 lib/mail.php              | 28 +++++++++++++++-
 8 files changed, 164 insertions(+), 6 deletions(-)
 create mode 100644 actions/confirmemail.php
 create mode 100644 classes/Confirm_email.php

diff --git a/actions/confirmemail.php b/actions/confirmemail.php
new file mode 100644
index 0000000000..82e3a55378
--- /dev/null
+++ b/actions/confirmemail.php
@@ -0,0 +1,70 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+class ConfirmemailAction extends Action {
+
+	function handle($args) {
+		parent::handle($args);
+		if (!common_logged_in()) {
+			common_set_returnto($this->self_url());
+			common_redirect(common_local_url('login'));
+			return;
+		}
+		$code = $this->trimmed('code');
+		if (!$code) {
+			$this->client_error(_t('No confirmation code.'));
+			return;
+		}
+		$confirm_email = Confirm_email::staticGet('code', $code);
+		if (!$confirm_email) {
+			$this->client_error(_t('Confirmation code not found.'));
+			return;
+		}
+		$cur = common_current_user();
+		if ($cur->id != $confirm_email->user_id) {
+			$this->client_error(_t('That confirmation code is not for you!'));
+			return;
+		}
+		if ($cur->email == $confirm_email->email) {
+			$this->client_error(_t('That email address is already confirmed.'));
+			return;
+		}
+		$cur->query('BEGIN');
+		$orig_user = clone($cur);
+		$cur->email = $confirm_email->email;
+		$result = $cur->update($orig_user);
+		if (!$result) {
+			$this->server_error(_t('Error setting email address.'));
+			return;
+		}
+		$result = $confirm_email->delete();
+		if (!$result) {
+			$this->server_error(_t('Error deleting code.'));
+			return;
+		}
+		$cur->query('COMMIT');
+		common_show_header(_t('Confirm E-mail Address'));
+		common_element('p', NULL,
+					   _t('The email address "') . $cur->email . 
+					   _t('" has been confirmed for your account.'));
+		common_show_footer(_t('Confirm E-mail Address'));
+	}
+}
diff --git a/actions/register.php b/actions/register.php
index cad5c2ed70..d9315b4244 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -89,8 +89,11 @@ class RegisterAction extends Action {
 	}
 
 	function register_user($nickname, $password, $email) {
-		# TODO: wrap this in a transaction!
+		
 		$profile = new Profile();
+		
+		$profile->query('BEGIN');
+		
 		$profile->nickname = $nickname;
 		$profile->profileurl = common_profile_url($nickname);
 		$profile->created = DB_DataObject_Cast::dateTime(); # current time
@@ -103,15 +106,34 @@ class RegisterAction extends Action {
 		$user->id = $id;
 		$user->nickname = $nickname;
 		$user->password = common_munge_password($password, $id);
-		$user->email = $email;
 		$user->created =  DB_DataObject_Cast::dateTime(); # current time
 		$user->uri = common_mint_tag('user:'.$id);
 		
 		$result = $user->insert();
 		if (!$result) {
-			# Try to clean up...
-			$profile->delete();
+			return FALSE;
 		}
+
+		if ($email) {
+			$confirm = new Confirm_email();
+			$confirm->code = common_good_random(16);
+			$confirm->user_id = $user->id;
+			$confirm->email = $email;
+			
+			$result = $confirm->insert();
+			if (!$result) {
+				return FALSE;
+			}
+		}
+		
+		$profile->query('COMMIT');
+
+		if ($email) {
+			mail_confirm_address($code,
+								 $profile->nickname,
+								 $email);
+		}
+		
 		return $result;
 	}
 
diff --git a/classes/Confirm_email.php b/classes/Confirm_email.php
new file mode 100644
index 0000000000..0b13a46690
--- /dev/null
+++ b/classes/Confirm_email.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Table Definition for confirm_email
+ */
+require_once 'DB/DataObject.php';
+
+class Confirm_email extends DB_DataObject 
+{
+    ###START_AUTOCODE
+    /* the code below is auto generated do not remove the above tag */
+
+    public $__table = 'confirm_email';                   // table name
+    public $code;                            // varchar(32)  primary_key not_null
+    public $user_id;                         // int(4)   not_null
+    public $email;                           // varchar(255)   not_null
+    public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
+
+    /* Static get */
+    function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('Confirm_email',$k,$v); }
+
+    /* the code above is auto generated do not remove the tag below */
+    ###END_AUTOCODE
+}
diff --git a/classes/stoica.ini b/classes/stoica.ini
index ad0925bd92..3745697d52 100644
--- a/classes/stoica.ini
+++ b/classes/stoica.ini
@@ -16,6 +16,15 @@ width = K
 height = K
 url = U
 
+[confirm_email]
+code = 130
+user_id = 129
+email = 130
+modified = 384
+
+[confirm_email__keys]
+code = K
+
 [consumer]
 consumer_key = 130
 seed = 130
diff --git a/db/laconica.sql b/db/laconica.sql
index 7935b8b071..0b07148c7e 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -145,7 +145,7 @@ create table oid_nonces (
     UNIQUE (server_url(255), timestamp, salt)
 ) ENGINE=InnoDB;
 
-create table confirmemail (
+create table confirm_email (
     code varchar(32) not null primary key comment 'good random code',
     user_id integer not null comment 'user who requested confirmation' references user (id),
     email varchar(255) not null comment 'email address for password recovery etc.',
diff --git a/lib/action.php b/lib/action.php
index 06d3901d14..81b2283124 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -68,4 +68,11 @@ class Action { // lawsuit
 		common_debug("User error '$code' on '$action': $msg", __FILE__);
 		common_user_error($msg, $code);
 	}
+	
+	function self_url() {
+		$action = $this->trimmed('action');
+		$args = $this->args;
+		unset($args['action']);
+		return common_local_url($action, $args);
+	}
 }
diff --git a/lib/common.php b/lib/common.php
index 7435b0f4ab..00f6d68a7f 100644
--- a/lib/common.php
+++ b/lib/common.php
@@ -80,3 +80,4 @@ require_once(INSTALLDIR.'/classes/Profile.php');
 require_once(INSTALLDIR.'/classes/Remote_profile.php');
 require_once(INSTALLDIR.'/classes/Subscription.php');
 require_once(INSTALLDIR.'/classes/User.php');
+require_once(INSTALLDIR.'/classes/Confirm_email.php');
diff --git a/lib/mail.php b/lib/mail.php
index 25253fd816..23fd24b258 100644
--- a/lib/mail.php
+++ b/lib/mail.php
@@ -54,4 +54,30 @@ function mail_notify_from() {
 		return $config['site']['name'] . ' <noreply@'.$config['site']['server'].'>';
 	}
 }
- 
\ No newline at end of file
+
+# For confirming an email address
+
+function mail_confirm_address($code, $nickname, $address) {
+	$recipients = $address;
+	$headers['From'] = mail_notify_from();
+	$headers['To'] = $nickname . ' <' . $address . '>';
+	$headers['Subject'] = _t('Email address confirmation');
+
+	$body = "Hey, $nickname.";
+	$body .= "\n\n";
+	$body .= 'Someone just entered this email address on ' . common_config('site', 'name') . '.';
+	$body .= "\n\n";
+	$body .= 'If it was you, and you want to confirm your entry, use the URL below:';
+	$body .= "\n\n";
+	$body .= "\t".common_local_url('confirmemail',
+								   array('code' => $code));
+	$body .= "\n\n";
+	$body .= 'If not, just ignore this message.';
+	$body .= "\n\n";
+	$body .= 'Thanks for your time, ';
+	$body .= "\n";
+	$body .= common_config('site', 'name');
+	$body .= "\n";
+	
+	mail_send($recipients, $headers, $body);
+}