mirror of https://github.com/BOINC/boinc.git
email address update
svn path=/trunk/boinc/; revision=946
This commit is contained in:
parent
bc26be32cc
commit
a16c91e272
|
@ -3308,3 +3308,31 @@ David Feb 18 2003
|
|||
server_types.C
|
||||
test/
|
||||
test.inc
|
||||
|
||||
David Feb 19 2003
|
||||
- Added scheme for verified user update of email address
|
||||
When user updates email address, their email address in the DB
|
||||
is set to a "munged" form that includes a random string,
|
||||
and an email is sent to the new address that includes a
|
||||
URL that they must visit to verify the change.
|
||||
- The same mechanism is used on account creation;
|
||||
the email DB field is initially set to a munged form.
|
||||
This prevents hackers from adding entries to the DB
|
||||
with other peoples' email addresses.
|
||||
- Separate logic for update email address from update other user info;
|
||||
remove combinatorial logic (?) for update other user info
|
||||
|
||||
configure (removed; generated from configure.in by autoconf)
|
||||
db/
|
||||
db.h
|
||||
html_user/
|
||||
create_account_action.php
|
||||
create_account_form.php
|
||||
edit_action.php (removed)
|
||||
edit_email_action.php (new)
|
||||
edit_email_form.php (new)
|
||||
edit_user_info.php (removed)
|
||||
edit_user_info_form.php (new)
|
||||
login_action.php
|
||||
user.inc
|
||||
util.inc
|
||||
|
|
2
db/db.h
2
db/db.h
|
@ -92,7 +92,7 @@ struct APP_VERSION {
|
|||
int min_core_version; // min core version this will run with
|
||||
int max_core_version; // if <>0, max core version this will run with
|
||||
|
||||
// the following defined for core client
|
||||
// the following defined for core client app
|
||||
//
|
||||
char message[256]; // if we get a request from this version,
|
||||
// send this message
|
||||
|
|
|
@ -4,7 +4,7 @@ include_once("util.inc");
|
|||
|
||||
function show_error($str) {
|
||||
page_head("Create account: error");
|
||||
echo $str;
|
||||
echo "$str<br>\n";
|
||||
echo mysql_error();
|
||||
echo "<p>Click your browser's <b>Back</b> button to try again.\n<p>\n";
|
||||
page_tail();
|
||||
|
@ -15,8 +15,8 @@ function show_error($str) {
|
|||
db_init();
|
||||
|
||||
$new_email_addr = $HTTP_POST_VARS["new_email_addr"];
|
||||
if (strlen($new_email_addr) == 0) {
|
||||
show_error("Email address missing");
|
||||
if (!is_valid_email_addr($new_email_addr)) {
|
||||
show_error("Invalid email address");
|
||||
}
|
||||
$query = "select * from user where email_addr='$new_email_addr'";
|
||||
$result = mysql_query($query);
|
||||
|
@ -39,10 +39,11 @@ function show_error($str) {
|
|||
}
|
||||
|
||||
$authenticator = random_string();
|
||||
$munged_email_addr = munge_email_addr($new_email_addr, $authenticator);
|
||||
$query = sprintf(
|
||||
"insert into user (create_time, email_addr, name, web_password, authenticator, country, postal_code, total_credit, expavg_credit, expavg_time, teamid, venue) values(%d, '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 0, 0, 'home')",
|
||||
"insert into user (create_time, email_addr, name, web_password, authenticator, country, postal_code, total_credit, expavg_credit, expavg_time, teamid, venue) values(%d, '%s', '%s', '%s', '%s', '%s', '%s', 0, 0, 0, 0, 'home')",
|
||||
time(),
|
||||
$new_email_addr,
|
||||
$munged_email_addr,
|
||||
$HTTP_POST_VARS["new_name"],
|
||||
$HTTP_POST_VARS["new_password"],
|
||||
$authenticator,
|
||||
|
|
|
@ -23,7 +23,7 @@ Use your real name or a nickname.
|
|||
<tr><td align=right>
|
||||
<b>Email address:</b>
|
||||
<br><font size=-1>
|
||||
Must be a valid address.
|
||||
Must be a valid address of the form name@domain.
|
||||
</font>
|
||||
</td><td>
|
||||
<input name=new_email_addr size=50>
|
||||
|
|
|
@ -1,115 +0,0 @@
|
|||
<?php
|
||||
|
||||
require_once("util.inc");
|
||||
require_once("user.inc");
|
||||
require_once("db.inc");
|
||||
require_once("edit.inc");
|
||||
|
||||
$authenticator = init_session();
|
||||
db_init();
|
||||
$user = get_user_from_auth($authenticator);
|
||||
require_login($user);
|
||||
|
||||
page_head("Updating User Account");
|
||||
$my_email = $HTTP_POST_VARS["my_email"];
|
||||
$my_name = $HTTP_POST_VARS["my_name"];
|
||||
$my_country = $HTTP_POST_VARS["my_country"];
|
||||
$my_zip = $HTTP_POST_VARS["my_zip"];
|
||||
|
||||
// TODO: we need to keep track of whether email addresses
|
||||
// have been verified or not (i.e. whether we ever got back
|
||||
// the authenticator, either via web or from core client)
|
||||
// The right was to do this is to add a "email_verified"
|
||||
// flag to the user structure.
|
||||
// Also, email need not be unique.
|
||||
|
||||
if (strlen($my_email)) {
|
||||
$query = sprintf("select * from user where email_addr='%s'", $my_email);
|
||||
$result = mysql_query($query);
|
||||
if ($result) {
|
||||
$old = mysql_fetch_object($result);
|
||||
mysql_free_result($result);
|
||||
}
|
||||
|
||||
if ($old) {
|
||||
$email_ok = EMAIL_EXISTS;
|
||||
} else {
|
||||
srand((double)microtime*1000000);
|
||||
$new_pass = rand();
|
||||
$query = sprintf("update user set email_addr='%s', web_password ='%s' where id=%d", $my_email, $new_pass, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if ($result) {
|
||||
$email_ok = EMAIL_UPDATED;
|
||||
mail($my_email, "NEW PASSWORD", "Your new temporary password is ".$new_pass.".\n\n"
|
||||
."You must use it as your password to access your account the next time you login."
|
||||
." Thereafter, you can change your password by clicking on the CHANGE PASSWORD link in your"
|
||||
." Project User Page and use the changed password as your new permanent password.\n"
|
||||
);
|
||||
} else {
|
||||
$email_ok = EMAIL_FAIL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (strlen($my_name) && strlen($my_country) && strlen($my_zip)) {
|
||||
$query = sprintf("update user set name='%s', country='%s', postal_code=%d where id=%d", $my_name, $my_country, $my_zip, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
} else if (strlen($my_name) && strlen($my_country)) {
|
||||
$query = sprintf("update user set name='%s', country='%s' where id=%d", $my_name, $my_country, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
} else if (strlen($my_country) && strlen($my_zip)) {
|
||||
$query = sprintf("update user set country='%s', postal_code='%s' where id=%d", $my_country, $my_zip, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
} else if (strlen($my_name) && strlen($my_zip)) {
|
||||
$query = sprintf("update user set name='%s', postal_code=%d where id=%d", $my_name, $my_zip, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
} else if (strlen($my_name)) {
|
||||
$query = sprintf("update user set name='%s' where id=%d", $my_name, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
|
||||
} else if (strlen($my_country)) {
|
||||
$query = sprintf("update user set country='%s' where id=%d", $my_country, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
|
||||
} else if (strlen($my_zip)) {
|
||||
$query = sprintf("update user set postal_code='%s' where id=%d", $my_zip, $user->id);
|
||||
$result = mysql_query($query);
|
||||
if($result) {
|
||||
print_update_ok($email_ok);
|
||||
} else {
|
||||
print_update_fail($email_ok);
|
||||
}
|
||||
}
|
||||
page_tail();
|
||||
|
||||
?>
|
|
@ -0,0 +1,65 @@
|
|||
<?php
|
||||
|
||||
require_once("util.inc");
|
||||
require_once("user.inc");
|
||||
require_once("db.inc");
|
||||
|
||||
function send_verify_email($user, $email_addr, $key) {
|
||||
mail(
|
||||
$email_addr,
|
||||
PROJECT." account email change",
|
||||
"You have asked that the email address of your PROJECT account
|
||||
be changed to $email_addr.
|
||||
To confirm this change, please visit the following URL:
|
||||
".MASTER_URL."/confirm_email_change.php?id=$user->id&str=$key"
|
||||
);
|
||||
}
|
||||
|
||||
$authenticator = init_session();
|
||||
db_init();
|
||||
$user = get_user_from_auth($authenticator);
|
||||
require_login($user);
|
||||
|
||||
$email_addr = $HTTP_POST_VARS["email_addr"];
|
||||
|
||||
page_head("Edit email address");
|
||||
if ($email_addr == "Verification pending") {
|
||||
echo "You previously requested an email address change.
|
||||
An email was sent to the new address,
|
||||
containing a URL that you must visit to verify the new address.
|
||||
";
|
||||
} else if (!is_valid_email_addr($email_addr)) {
|
||||
echo "Invalid email address requested";
|
||||
} else if ($email_addr == $user->email_addr) {
|
||||
echo "No change requested";
|
||||
} else {
|
||||
$existing = null;
|
||||
$result = mysql_query("select * from user where email_addr='$email_addr'");
|
||||
if ($result) {
|
||||
$existing = mysql_fetch_object($result);
|
||||
mysql_free_result($result);
|
||||
}
|
||||
if ($existing) {
|
||||
echo "There's already an account with that email address";
|
||||
} else {
|
||||
$x = random_string();
|
||||
$y = munge_email_addr($email_addr, $x);
|
||||
$result = mysql_query("update user set email_addr='$y' where id=$user->id");
|
||||
if ($result) {
|
||||
send_verify_email($user, $email_addr, $x);
|
||||
echo "
|
||||
An email has been sent to $email_addr,
|
||||
containing a URL that you must visit to verify the address.
|
||||
";
|
||||
} else {
|
||||
echo "
|
||||
We can't update your email address
|
||||
due to a database problem. Please try again later.
|
||||
";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
page_tail();
|
||||
|
||||
?>
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
require_once("edit.inc");
|
||||
require_once("util.inc");
|
||||
|
||||
db_init();
|
||||
$authenticator = init_session();
|
||||
$user = get_user_from_auth($authenticator);
|
||||
require_login($user);
|
||||
|
||||
page_head("Edit email address");
|
||||
|
||||
if (is_valid_email_addr($user->email_addr)) {
|
||||
$email_text = $user->email_addr;
|
||||
} else {
|
||||
$email_text = "Verification pending";
|
||||
}
|
||||
|
||||
echo "<form method=post action=edit_email_action.php>\n
|
||||
".TABLE2."\n
|
||||
<tr><td align=right><b>Email address</b>
|
||||
<br><font size=-1>Must be a valid address of the form 'name@domain'</font></b></td>\n
|
||||
<td><input name=email_addr size=50 value='$email_text'></td></tr>
|
||||
<tr><td><br></td><td><input type=submit value='OK'>\n
|
||||
</table>\n
|
||||
</form>";
|
||||
page_tail();
|
||||
|
||||
?>
|
|
@ -9,18 +9,17 @@ $user = get_user_from_auth($authenticator);
|
|||
require_login($user);
|
||||
|
||||
page_head("Edit user information");
|
||||
echo "<form method=post action=edit_action.php>\n
|
||||
|
||||
echo "<form method=post action=edit_user_info_action.php>\n
|
||||
".TABLE2."\n
|
||||
<tr><td align=right><b>User name</b></td>\n
|
||||
<td><input name=my_name type=text size=30 value='$user->name'></td></tr>
|
||||
<tr><td align=right><b>Email address</b></td>\n
|
||||
<td><input name=my_email type=text size=50 value='$user->email_addr'></td></tr>
|
||||
<td><input name=user_name size=30 value='$user->name'></td></tr>
|
||||
<tr><td align=right><b>Country:</b></font></td>
|
||||
<td><select name=my_country>";
|
||||
<td><select name=country>";
|
||||
print_country_select($user->country);
|
||||
echo "</select></td></tr>
|
||||
<tr><td align=right><b>Postal (ZIP) code</b></td>
|
||||
<td><input name=my_zip type=text size=20 value='$user->postal_code'></td></tr>
|
||||
<td><input name=postal_code size=20 value='$user->postal_code'></td></tr>
|
||||
<tr><td><br></td><td><input type=submit value='OK'>\n
|
||||
</table>\n
|
||||
</form>";
|
|
@ -33,6 +33,9 @@
|
|||
// echo "Bad password.";
|
||||
// }
|
||||
} else {
|
||||
if (split_munged_email_addr($user->email_addr, $authenticator, $email)) {
|
||||
mysql_query("update user set email_addr='$email' where id=$user->id");
|
||||
}
|
||||
$_SESSION["authenticator"] = $user->authenticator;
|
||||
$next_url = $HTTP_POST_VARS["next_url"];
|
||||
Header("Location: $next_url");
|
||||
|
|
|
@ -17,19 +17,25 @@ function show_user_stats($user) {
|
|||
echo "</table>\n";
|
||||
}
|
||||
|
||||
function edit_link() {
|
||||
return "<br><font size=-1><a href=edit_user_info_form.php>edit</a></font>";
|
||||
}
|
||||
function edit_email_link() {
|
||||
return "<br><font size=-1><a href=edit_email_form.php>edit</a></font>";
|
||||
}
|
||||
|
||||
function show_user_profile($user) {
|
||||
if (is_valid_email_addr($user->email_addr)) {
|
||||
$email_text = $user->email_addr;
|
||||
} else {
|
||||
$email_text = "Verification pending";
|
||||
}
|
||||
echo TABLE2."\n";
|
||||
echo "<tr>".TD2.LG_FONT."<b>User information</b></font></td></tr>\n";
|
||||
row("<b>name</b>", $user->name);
|
||||
row("<b>email address</b>", $user->email_addr);
|
||||
row("<b>country</b>", $user->country);
|
||||
row("<b>postal (ZIP) code</b>", $user->postal_code);
|
||||
echo "<tr><td align=right><a href=edit_user_info.php>Edit user information</a></td>\n";
|
||||
if (1) {
|
||||
echo "<td><br></td></tr>\n";
|
||||
} else {
|
||||
echo "<td align=center><a href=change_password.php>Change Password</a></td></tr>\n";
|
||||
}
|
||||
row("<b>name</b>", $user->name.edit_link());
|
||||
row("<b>email address</b>", $email_text.edit_email_link());
|
||||
row("<b>country</b>", $user->country.edit_link());
|
||||
row("<b>postal (ZIP) code</b>", $user->postal_code.edit_link());
|
||||
echo "</table>\n";
|
||||
}
|
||||
|
||||
|
|
|
@ -29,9 +29,11 @@ function send_auth_email($email_addr, $auth) {
|
|||
mail($email_addr, PROJECT." new account confirmation",
|
||||
"This email confirms the creation of your ".PROJECT." account.
|
||||
".PROJECT." URL: ".MASTER_URL."
|
||||
|
||||
Your account key: $auth\n
|
||||
Please save this email, as you will need the account key
|
||||
to access your account on the ".PROJECT." web site."
|
||||
|
||||
Please save this email.
|
||||
You will need your account key to log in to the ".PROJECT." web site."
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -223,13 +225,20 @@ function is_valid_email_addr($addr) {
|
|||
}
|
||||
|
||||
function munge_email_addr($email, $string) {
|
||||
return "@$email_$string";
|
||||
return "@".$email."_".$string;
|
||||
}
|
||||
|
||||
// if email_addr is of the form @X_Y, split out the X and return true.
|
||||
// otherwise return false
|
||||
//
|
||||
function split_munged_email_addr($addr, $string, &$email) {
|
||||
if (substr($addr, 0, 1) != "@") return false;
|
||||
$x = strrchr($addr, "_");
|
||||
if (!$x) return false;
|
||||
$y = substr($x, 1);
|
||||
if ($y != $string) return false;
|
||||
$email = substr($addr, 1, strlen($addr)-strlen($x)-1);
|
||||
return true;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue