aboutsummaryrefslogtreecommitdiff
path: root/mod/uservalidationbyemail/start.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/uservalidationbyemail/start.php')
-rw-r--r--mod/uservalidationbyemail/start.php195
1 files changed, 89 insertions, 106 deletions
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index b0f621a84..f44d2ab50 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -7,65 +7,81 @@
* @subpackage UserValidationByEmail
*/
+elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init');
+
function uservalidationbyemail_init() {
- global $CONFIG;
require_once dirname(__FILE__) . '/lib/functions.php';
// Register page handler to validate users
// This doesn't need to be an action because security is handled by the validation codes.
- register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
+ elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
// mark users as unvalidated and disable when they register
- register_plugin_hook('register', 'user', 'uservalidationbyemail_disable_new_user');
+ elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');
// canEdit override to allow not logged in code to disable a user
- register_plugin_hook('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
+ elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
// prevent users from logging in if they aren't validated
- register_plugin_hook('action', 'login', 'uservalidationbyemail_check_login_attempt');
+ register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
// when requesting a new password
- register_plugin_hook('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
+ elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
// prevent the engine from logging in users via login()
- register_elgg_event_handler('login', 'user', 'uservalidationbyemail_check_manual_login');
+ elgg_register_event_handler('login', 'user', 'uservalidationbyemail_check_manual_login');
// make admin users always validated
- register_elgg_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
+ elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
// register Walled Garden public pages
- register_plugin_hook('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
+ elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
// admin interface to manually validate users
- elgg_add_admin_submenu_item('unvalidated', elgg_echo('uservalidationbyemail:admin:unvalidated'), 'users');
+ elgg_register_admin_menu_item('administer', 'unvalidated', 'users');
+
+ elgg_extend_view('css/admin', 'uservalidationbyemail/css');
+ elgg_extend_view('js/elgg', 'uservalidationbyemail/js');
$action_path = dirname(__FILE__) . '/actions';
- register_action('uservalidationbyemail/validate', FALSE, "$action_path/validate.php", TRUE);
- register_action('uservalidationbyemail/resend_validation', FALSE, "$action_path/resend_validation.php", TRUE);
- register_action('uservalidationbyemail/delete', FALSE, "$action_path/delete.php", TRUE);
- register_action('uservalidationbyemail/bulk_action', FALSE, "$action_path/bulk_action.php", TRUE);
+ elgg_register_action('uservalidationbyemail/validate', "$action_path/validate.php", 'admin');
+ elgg_register_action('uservalidationbyemail/resend_validation', "$action_path/resend_validation.php", 'admin');
+ elgg_register_action('uservalidationbyemail/delete', "$action_path/delete.php", 'admin');
+ elgg_register_action('uservalidationbyemail/bulk_action', "$action_path/bulk_action.php", 'admin');
}
/**
* Disables a user upon registration.
*
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $value
- * @param unknown_type $params
+ * @param string $hook
+ * @param string $type
+ * @param bool $value
+ * @param array $params
+ * @return bool
*/
function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
- $user = elgg_get_array_value('user', $params);
+ $user = elgg_extract('user', $params);
// no clue what's going on, so don't react.
if (!$user instanceof ElggUser) {
- return NULL;
+ return;
+ }
+
+ // another plugin is requesting that registration be terminated
+ // no need for uservalidationbyemail
+ if (!$value) {
+ return $value;
+ }
+
+ // has the user already been validated?
+ if (elgg_get_user_validation_status($user->guid) == true) {
+ return $value;
}
// disable user to prevent showing up on the site
- // set context to our canEdit() override works
+ // set context so our canEdit() override works
elgg_push_context('uservalidationbyemail_new_user');
$hidden_entities = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
@@ -77,85 +93,77 @@ function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
$user->disable('uservalidationbyemail_new_user', FALSE);
// set user as unvalidated and send out validation email
- uservalidationbyemail_set_user_validation_status($user->guid, FALSE);
+ elgg_set_user_validation_status($user->guid, FALSE);
uservalidationbyemail_request_validation($user->guid);
elgg_pop_context();
access_show_hidden_entities($hidden_entities);
- return TRUE;
+ return $value;
}
/**
* Override the canEdit() call for if we're in the context of registering a new user.
*
+ * @param string $hook
+ * @param string $type
+ * @param bool $value
+ * @param array $params
+ * @return bool|null
*/
function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) {
// $params['user'] is the user to check permissions for.
// we want the entity to check, which is a user.
- $user = elgg_get_array_value('entity', $params);
+ $user = elgg_extract('entity', $params);
if (!($user instanceof ElggUser)) {
- return NULL;
+ return;
}
$context = elgg_get_context();
- if ($context == 'uservalidationbyemail_new_user' || $context = 'uservalidationbyemail_validate_user') {
+ if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') {
return TRUE;
}
- return NULL;
+ return;
}
/**
- * Checks if a login failed because the user hasn't validated his account.
+ * Checks if an account is validated
*
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $value
- * @param unknown_type $params
+ * @params array $credentials The username and password
+ * @return bool
*/
-function uservalidationbyemail_check_login_attempt($hook, $type, $value, $params) {
- // everything is only stored in the input at this point
- $username = get_input('username');
- $password = get_input("password");
+function uservalidationbyemail_check_auth_attempt($credentials) {
- if (empty($username) || empty($password)) {
- // return true to let the original login action deal with it.
- return TRUE;
+ if (!isset($credentials['username'])) {
+ return;
}
- // see if we need to resolve an email address to a username
- if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
- $username = $users[0]->username;
- }
+ $username = $credentials['username'];
- // See the users exists and isn't validated
+ // See if the user exists and isn't validated
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
$user = get_user_by_username($username);
-
- // only resend validation if the password is correct
- if ($user && authenticate($username, $password) && !$user->validated) {
+ if ($user && isset($user->validated) && !$user->validated) {
// show an error and resend validation email
uservalidationbyemail_request_validation($user->guid);
- // halt action
- $value = FALSE;
+ access_show_hidden_entities($access_status);
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
-
- return $value;
}
/**
* Checks sent passed validation code and user guids and validates the user.
*
* @param array $page
+ * @return bool
*/
function uservalidationbyemail_page_handler($page) {
- global $CONFIG;
if (isset($page[0]) && $page[0] == 'confirm') {
$code = sanitise_string(get_input('c', FALSE));
@@ -167,7 +175,7 @@ function uservalidationbyemail_page_handler($page) {
$user = get_entity($user_guid);
- if (($code) && ($user)) {
+ if ($code && $user) {
if (uservalidationbyemail_validate_email($user_guid, $code)) {
elgg_push_context('uservalidationbyemail_validate_user');
@@ -176,7 +184,11 @@ function uservalidationbyemail_page_handler($page) {
$user->enable();
elgg_pop_context();
- login($user);
+ try {
+ login($user);
+ } catch(LoginException $e){
+ register_error($e->getMessage());
+ }
} else {
register_error(elgg_echo('email:confirm:fail'));
}
@@ -189,84 +201,55 @@ function uservalidationbyemail_page_handler($page) {
register_error(elgg_echo('email:confirm:fail'));
}
- forward();
+ // forward to front page
+ forward('');
}
/**
* Make sure any admin users are automatically validated
*
- * @param unknown_type $event
- * @param unknown_type $type
- * @param unknown_type $object
+ * @param string $event
+ * @param string $type
+ * @param ElggUser $user
*/
function uservalidationbyemail_validate_new_admin_user($event, $type, $user) {
if ($user instanceof ElggUser && !$user->validated) {
- uservalidationbyemail_set_user_validation_status($user->guid, TRUE, 'admin_user');
+ elgg_set_user_validation_status($user->guid, TRUE, 'admin_user');
}
-
- return TRUE;
}
/**
- * Registers public pages to allow in the case Private Network has been enabled.
+ * Registers public pages to allow in the case walled garden has been enabled.
*/
function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) {
- $return_value[] = 'pg/uservalidationbyemail/confirm';
+ $return_value[] = 'uservalidationbyemail/confirm';
return $return_value;
}
/**
* Prevent a manual code login with login().
*
- * @param unknown_type $event
- * @param unknown_type $type
- * @param unknown_type $user
- */
-function uservalidationbyemail_check_manual_login($event, $type, $user) {
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(TRUE);
-
- // @todo register_error()?
- $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL;
-
- access_show_hidden_entities($access_status);
-
- return $return;
-}
-
-/**
- * Deny requests to change password if the account isn't validated.
- *
- * @todo This is needed because changing the password requires the entity to be enabled.
+ * @param string $event
+ * @param string $type
+ * @param ElggUser $user
+ * @return bool
*
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $value
- * @param unknown_type $params
+ * @throws LoginException
*/
-function uservalidationbyemail_check_request_password($hook, $type, $value, $params) {
- $username = get_input('username');
-
- // see if we need to resolve an email address to a username
- if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
- $username = $users[0]->username;
- }
-
- // See the users exists and isn't validated
+function uservalidationbyemail_check_manual_login($event, $type, $user) {
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
- $user = get_user_by_username($username);
-
- // resend validation instead of resetting password
- if ($user && !$user->validated) {
- uservalidationbyemail_request_validation($user->guid);
- $value = FALSE;
+ if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
+ // send new validation email
+ uservalidationbyemail_request_validation($user->getGUID());
+
+ // restore hidden entities settings
+ access_show_hidden_entities($access_status);
+
+ // throw error so we get a nice error message
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
-
- return $value;
}
-
-register_elgg_event_handler('init', 'system', 'uservalidationbyemail_init'); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 20:50:23 +0000