mirror of https://github.com/BOINC/boinc.git
Allow invitation codes for create-account RPCs only
If you define INVITE_CODES_RPC, create-account RPCs must include a matching invitation code. Record this code in user.signature to keep track of where the RPCs are coming from.
This commit is contained in:
parent
ba3702e8c8
commit
6948c2d4f1
|
@ -202,9 +202,7 @@ struct USER {
|
||||||
int seti_last_result_time; // time of last result (UNIX)
|
int seti_last_result_time; // time of last result (UNIX)
|
||||||
double seti_total_cpu; // number of CPU seconds
|
double seti_total_cpu; // number of CPU seconds
|
||||||
char signature[256];
|
char signature[256];
|
||||||
// deprecated as of 9/2004 - may be used as temp
|
// stores invite code, if any, for users created via RPC
|
||||||
// currently used to store a nonce ID while email address
|
|
||||||
// is being verified.
|
|
||||||
bool has_profile;
|
bool has_profile;
|
||||||
char cross_project_id[256];
|
char cross_project_id[256];
|
||||||
// the "internal" cross-project ID;
|
// the "internal" cross-project ID;
|
||||||
|
|
|
@ -121,7 +121,7 @@ create table user (
|
||||||
seti_total_cpu double not null,
|
seti_total_cpu double not null,
|
||||||
|
|
||||||
signature varchar(254),
|
signature varchar(254),
|
||||||
-- deprecated
|
-- stores invite code, if any, for users created via RPC
|
||||||
has_profile smallint not null,
|
has_profile smallint not null,
|
||||||
cross_project_id varchar(254) not null,
|
cross_project_id varchar(254) not null,
|
||||||
passwd_hash varchar(254) not null,
|
passwd_hash varchar(254) not null,
|
||||||
|
|
|
@ -44,12 +44,19 @@ if (parse_bool($config, "disable_account_creation_rpc")) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (defined('INVITE_CODES_RPC')) {
|
||||||
|
$invite_code = get_str("invite_code");
|
||||||
|
if (!preg_match(INVITE_CODES_RPC, $invite_code)) {
|
||||||
|
xml_error(-1, "Invalid invitation code");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
if (defined('INVITE_CODES')) {
|
if (defined('INVITE_CODES')) {
|
||||||
$invite_code = get_str("invite_code");
|
$invite_code = get_str("invite_code");
|
||||||
if (!preg_match(INVITE_CODES, $invite_code)) {
|
if (!preg_match(INVITE_CODES, $invite_code)) {
|
||||||
xml_error(-1, "Invalid invitation code");
|
xml_error(-1, "Invalid invitation code");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$email_addr = get_str("email_addr");
|
$email_addr = get_str("email_addr");
|
||||||
$email_addr = strtolower($email_addr);
|
$email_addr = strtolower($email_addr);
|
||||||
|
@ -129,7 +136,13 @@ if ($user) {
|
||||||
xml_error(ERR_DB_NOT_UNIQUE);
|
xml_error(ERR_DB_NOT_UNIQUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (defined('INVITE_CODES')) {
|
|
||||||
|
if (defined('INVITE_CODES_RPC')) {
|
||||||
|
// record the invite code
|
||||||
|
//
|
||||||
|
$r = BoincDb::escape_string($invite_code);
|
||||||
|
$user->update("signature='$r'");
|
||||||
|
} else if (defined('INVITE_CODES')) {
|
||||||
error_log("Account for '$email_addr' created using invitation code '$invite_code'");
|
error_log("Account for '$email_addr' created using invitation code '$invite_code'");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,12 +19,12 @@
|
||||||
require_once("../inc/boinc_db.inc");
|
require_once("../inc/boinc_db.inc");
|
||||||
require_once("../inc/util.inc");
|
require_once("../inc/util.inc");
|
||||||
require_once("../inc/email.inc");
|
require_once("../inc/email.inc");
|
||||||
|
require_once("../inc/account.inc");
|
||||||
|
|
||||||
function send_validate_email() {
|
function send_validate_email() {
|
||||||
global $master_url;
|
global $master_url;
|
||||||
$user = get_logged_in_user();
|
$user = get_logged_in_user();
|
||||||
$x2 = uniqid(rand(), true);
|
$x2 = make_login_token($user);
|
||||||
$user->update("signature='$x2'");
|
|
||||||
send_email(
|
send_email(
|
||||||
$user,
|
$user,
|
||||||
tra("Validate BOINC email address"),
|
tra("Validate BOINC email address"),
|
||||||
|
@ -44,7 +44,7 @@ function validate() {
|
||||||
error_page(tra("No such user."));
|
error_page(tra("No such user."));
|
||||||
}
|
}
|
||||||
|
|
||||||
$x2 = $user->signature;
|
$x2 = $user->login_token;
|
||||||
if ($x2 != $x) {
|
if ($x2 != $x) {
|
||||||
error_page(tra("Error in URL data - can't validate email address"));
|
error_page(tra("Error in URL data - can't validate email address"));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue