boinc/html/user/validate_email_addr.php

<?php

require_once("../inc/boinc_db.inc");
require_once("../inc/util.inc");
require_once("../inc/email.inc");

function send_validate_email() {
    global $master_url;
    $user = get_logged_in_user();
    $x2 = md5($user->email_addr.$user->authenticator);
    send_email(
        $user,
        "Validate BOINC email address",
        "Please visit the following link to validate the email address\n"
        ."of your ".PROJECT." account:\n"
        .$master_url."validate_email_addr.php?validate=1&u=$user->id&x=$x2"
    );
    page_head("Validate email sent");
    echo "
        An email has been sent to $user->email_addr.
        Visit the link it contains to validate your email address.
    ";
    page_tail();
}

function validate() {
    $x = get_str("x");
    $u = get_int("u");
    $user = lookup_user_id($u);
    if (!$user) {
        error_page("No such user.\n");
    }

    $x2 = md5($user->email_addr.$user->authenticator);
    if ($x2 != $x) {
        error_page("Error in URL data - can't validate email address");
    }

    $result = $user->update("email_validated=1");
    if (!$result) {
        error_page("Database update failed - please try again later.");
    }

    page_head("Validate email address");
    echo "
        The email address of your account has been validated.
    ";
    page_tail();
}

if ($_GET['validate']) {
    validate();
} else {
    send_validate_email();
}

?>
- user web: add "team search" page, which does a multi-criteria search (keywords, country, type). Have the new-user scenario route the user through this page. Also, link to it rather than team.php for existing users. - user web: use cookies rather than URLs to identify new users, and show "Welcome to X" when they reach their user page. - user web: don't show user intermediate page for join/quit team. Just take them to their user page. svn path=/trunk/boinc/; revision=13731 2007-10-02 03:19:03 +00:00			`<?php`

- user web: update other code to use new-style DB interfaces svn path=/trunk/boinc/; revision=14164 2007-11-12 22:28:17 +00:00			`require_once("../inc/boinc_db.inc");`
- user web: add "team search" page, which does a multi-criteria search (keywords, country, type). Have the new-user scenario route the user through this page. Also, link to it rather than team.php for existing users. - user web: use cookies rather than URLs to identify new users, and show "Welcome to X" when they reach their user page. - user web: don't show user intermediate page for join/quit team. Just take them to their user page. svn path=/trunk/boinc/; revision=13731 2007-10-02 03:19:03 +00:00			`require_once("../inc/util.inc");`
			`require_once("../inc/email.inc");`

			`function send_validate_email() {`
			`global $master_url;`
			`$user = get_logged_in_user();`
			`$x2 = md5($user->email_addr.$user->authenticator);`
			`send_email(`
			`$user,`
			`"Validate BOINC email address",`
			`"Please visit the following link to validate the email address\n"`
			`."of your ".PROJECT." account:\n"`
			`.$master_url."validate_email_addr.php?validate=1&u=$user->id&x=$x2"`
			`);`
			`page_head("Validate email sent");`
			`echo "`
			`An email has been sent to $user->email_addr.`
			`Visit the link it contains to validate your email address.`
			`";`
			`page_tail();`
			`}`

			`function validate() {`
- web: cleaned up logic of string processing. There are two aspects: 1) undoing magic quotes (if it's being used). This must be done for all GET and POST string inputs. It is now done automatically by get_str() and post_str(). The places that refer to $_GET and $_POST directly must do it themselves using undo_magic_quotes(). 2) Escaping user-supplied strings before using them in DB queries. This is done by process_user_text() (which should be renamed db_escape_string()). The new principle: call process_user_text() in the function that does the DB query (not at any higher level). svn path=/trunk/boinc/; revision=15389 2008-06-11 19:36:10 +00:00			`$x = get_str("x");`
			`$u = get_int("u");`
- user web: add "team search" page, which does a multi-criteria search (keywords, country, type). Have the new-user scenario route the user through this page. Also, link to it rather than team.php for existing users. - user web: use cookies rather than URLs to identify new users, and show "Welcome to X" when they reach their user page. - user web: don't show user intermediate page for join/quit team. Just take them to their user page. svn path=/trunk/boinc/; revision=13731 2007-10-02 03:19:03 +00:00			`$user = lookup_user_id($u);`
			`if (!$user) {`
			`error_page("No such user.\n");`
			`}`

			`$x2 = md5($user->email_addr.$user->authenticator);`
			`if ($x2 != $x) {`
			`error_page("Error in URL data - can't validate email address");`
			`}`

- user web: update other code to use new-style DB interfaces svn path=/trunk/boinc/; revision=14164 2007-11-12 22:28:17 +00:00			`$result = $user->update("email_validated=1");`
- user web: add "team search" page, which does a multi-criteria search (keywords, country, type). Have the new-user scenario route the user through this page. Also, link to it rather than team.php for existing users. - user web: use cookies rather than URLs to identify new users, and show "Welcome to X" when they reach their user page. - user web: don't show user intermediate page for join/quit team. Just take them to their user page. svn path=/trunk/boinc/; revision=13731 2007-10-02 03:19:03 +00:00			`if (!$result) {`
			`error_page("Database update failed - please try again later.");`
			`}`

			`page_head("Validate email address");`
			`echo "`
			`The email address of your account has been validated.`
			`";`
			`page_tail();`
			`}`

			`if ($_GET['validate']) {`
			`validate();`
			`} else {`
			`send_validate_email();`
			`}`

			`?>`