| Index: trunk/extensions/ConfirmAccount/ConfirmAccount_body.php |
| — | — | @@ -265,8 +265,14 @@ |
| 266 | 266 | } |
| 267 | 267 | # Insert into pending requests... |
| 268 | 268 | $dbw->begin(); |
| | 269 | + |
| | 270 | + $expires = null; // passed by reference |
| | 271 | + $token = $this->getConfirmationToken( $u, $expires ); |
| | 272 | + |
| | 273 | + $acr_id = $dbw->nextSequenceValue( 'account_requests_acr_id_seq' ); |
| 269 | 274 | $dbw->insert( 'account_requests', |
| 270 | 275 | array( |
| | 276 | + 'acr_id' => $acr_id, |
| 271 | 277 | 'acr_name' => $u->mName, |
| 272 | 278 | 'acr_email' => $u->mEmail, |
| 273 | 279 | 'acr_real_name' => $u->mRealName, |
| — | — | @@ -276,15 +282,17 @@ |
| 277 | 283 | 'acr_urls' => $this->mUrls, |
| 278 | 284 | 'acr_filename' => isset($this->mSrcName) ? $this->mSrcName : null, |
| 279 | 285 | 'acr_storage_key' => isset($key) ? $key : null, |
| | 286 | + 'acr_comment' => '', |
| | 287 | + 'acr_email_token' => md5($token), |
| | 288 | + 'acr_email_token_expires' => $dbw->timestamp( $expires ), |
| 280 | 289 | 'acr_ip' => wfGetIP() // Possible use for spam blocking |
| 281 | 290 | ), |
| 282 | 291 | __METHOD__ |
| 283 | 292 | ); |
| 284 | 293 | # Send confirmation, required! |
| 285 | | - $result = $this->sendConfirmationMail( $u ); |
| | 294 | + $result = $this->sendConfirmationMail( $u, $token, $expires ); |
| 286 | 295 | if( WikiError::isError( $result ) ) { |
| 287 | 296 | $dbw->rollback(); // Nevermind |
| 288 | | - $transaction->rollback(); |
| 289 | 297 | $error = wfMsg( 'mailerror', htmlspecialchars( $result->getMessage() ) ); |
| 290 | 298 | $this->showForm( $error ); |
| 291 | 299 | return false; |
| — | — | @@ -458,7 +466,7 @@ |
| 459 | 467 | function requestFromEmailToken( $code ) { |
| 460 | 468 | $dbr = wfGetDB( DB_SLAVE ); |
| 461 | 469 | $reqID = $dbr->selectField( 'account_requests', 'acr_name', |
| 462 | | - array( 'acr_email_token' => md5( $code ), |
| | 470 | + array( 'acr_email_token' => md5($code), |
| 463 | 471 | 'acr_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ), |
| 464 | 472 | ) |
| 465 | 473 | ); |
| — | — | @@ -468,7 +476,7 @@ |
| 469 | 477 | /** |
| 470 | 478 | * Flag a user's email as confirmed in the db |
| 471 | 479 | * |
| 472 | | - * @param Sring $name |
| | 480 | + * @param sring $name |
| 473 | 481 | */ |
| 474 | 482 | function confirmEmail( $name ) { |
| 475 | 483 | $dbw = wfGetDB( DB_MASTER ); |
| — | — | @@ -483,12 +491,13 @@ |
| 484 | 492 | * mail to the user's given address. |
| 485 | 493 | * |
| 486 | 494 | * @param User $user |
| | 495 | + * @param string $token |
| | 496 | + * @param string $expiration |
| 487 | 497 | * @return mixed True on success, a WikiError object on failure. |
| 488 | 498 | */ |
| 489 | | - function sendConfirmationMail( $user ) { |
| | 499 | + function sendConfirmationMail( $user, $token, $expiration ) { |
| 490 | 500 | global $wgContLang; |
| 491 | | - $expiration = null; // gets passed-by-ref and defined in next line. |
| 492 | | - $url = $this->confirmationTokenUrl( $user, $expiration ); |
| | 501 | + $url = $this->confirmationTokenUrl( $token ); |
| 493 | 502 | return $user->sendMail( wfMsg( 'requestaccount-email-subj' ), |
| 494 | 503 | wfMsg( 'requestaccount-email-body', |
| 495 | 504 | wfGetIP(), |
| — | — | @@ -500,12 +509,11 @@ |
| 501 | 510 | /** |
| 502 | 511 | * Generate and store a new e-mail confirmation token, and return |
| 503 | 512 | * the URL the user can use to confirm. |
| 504 | | - * @param User $user |
| | 513 | + * @param string $token |
| 505 | 514 | * @return string |
| 506 | 515 | * @private |
| 507 | 516 | */ |
| 508 | | - function confirmationTokenUrl( $user, &$expiration ) { |
| 509 | | - $token = $this->confirmationToken( $user, $expiration ); |
| | 517 | + function confirmationTokenUrl( $token ) { |
| 510 | 518 | $title = Title::makeTitle( NS_SPECIAL, 'RequestAccount' ); |
| 511 | 519 | return $title->getFullUrl( 'action=confirmemail&wpEmailToken='.$token ); |
| 512 | 520 | } |
| — | — | @@ -514,24 +522,16 @@ |
| 515 | 523 | * Generate, store, and return a new e-mail confirmation code. |
| 516 | 524 | * A hash (unsalted since it's used as a key) is stored. |
| 517 | 525 | * @param User $user |
| | 526 | + * @param string $expiration |
| 518 | 527 | * @return string |
| 519 | 528 | * @private |
| 520 | 529 | */ |
| 521 | | - function confirmationToken( $user, &$expiration ) { |
| 522 | | - $now = time(); |
| 523 | | - $expires = $now + 7 * 24 * 60 * 60; |
| | 530 | + function getConfirmationToken( $user, &$expiration ) { |
| | 531 | + $expires = time() + 7 * 24 * 60 * 60; |
| 524 | 532 | $expiration = wfTimestamp( TS_MW, $expires ); |
| 525 | 533 | |
| 526 | 534 | $token = $user->generateToken( $user->getName() . $user->getEmail() . $expires ); |
| 527 | | - $hash = md5( $token ); |
| 528 | 535 | |
| 529 | | - $dbw = wfGetDB( DB_MASTER ); |
| 530 | | - $dbw->update( 'account_requests', |
| 531 | | - array( 'acr_email_token' => $hash, |
| 532 | | - 'acr_email_token_expires' => $dbw->timestamp( $expires ) ), |
| 533 | | - array( 'acr_name' => $user->getName() ), |
| 534 | | - __METHOD__ ); |
| 535 | | - |
| 536 | 536 | return $token; |
| 537 | 537 | } |
| 538 | 538 | |
| — | — | @@ -562,7 +562,7 @@ |
| 563 | 563 | $this->mUsername = $wgRequest->getText( 'wpNewName' ); |
| 564 | 564 | # For viewing rejects |
| 565 | 565 | $this->showRejects = $wgRequest->getBool( 'wpShowRejects' ); |
| 566 | | - |
| | 566 | + |
| 567 | 567 | $this->submitType = $wgRequest->getVal( 'wpSubmitType' ); |
| 568 | 568 | $this->reason = $wgRequest->getText( 'wpReason' ); |
| 569 | 569 | |
| — | — | @@ -754,7 +754,6 @@ |
| 755 | 755 | if( $msg ) { |
| 756 | 756 | $wgOut->addHTML( '<div class="errorbox">' . $msg . '</div><div class="visualClear"></div>' ); |
| 757 | 757 | } |
| 758 | | - |
| 759 | 758 | $row = $this->getRequest(); |
| 760 | 759 | if( !$row || $row->acr_rejected && !$this->showRejects ) { |
| 761 | 760 | $wgOut->addHTML( wfMsgHtml('confirmaccount-badid') ); |
| — | — | @@ -807,10 +806,11 @@ |
| 808 | 807 | |
| 809 | 808 | $form .= '<fieldset>'; |
| 810 | 809 | $form .= '<legend>' . wfMsgHtml('requestaccount-legend3') . '</legend>'; |
| 811 | | - $form .= '<p>'.wfMsgHtml('confirmaccount-attach') . ' ' . |
| 812 | | - $this->skin->makeKnownLinkObj( $wgTitle, htmlspecialchars($row->acr_filename), |
| | 810 | + if( $row->acr_filename ) { |
| | 811 | + $form .= '<p>'.wfMsgHtml('confirmaccount-attach') . ' ' . |
| | 812 | + $this->skin->makeKnownLinkObj( $wgTitle, htmlspecialchars($row->acr_filename), |
| 813 | 813 | 'file=' . $row->acr_storage_key ); |
| 814 | | - |
| | 814 | + } |
| 815 | 815 | $form .= "<p>".wfMsgHtml('confirmaccount-notes')."</p>\n"; |
| 816 | 816 | $form .= "<p><textarea tabindex='1' readonly name='wpNotes' id='wpNotes' rows='3' cols='80' style='width:100%'>" . |
| 817 | 817 | htmlspecialchars($row->acr_notes) . |