1 | <?php |
||||||||
2 | /** |
||||||||
3 | * Email user validation plugin. |
||||||||
4 | * Non-admin accounts are invalid until their email address is confirmed. |
||||||||
5 | * |
||||||||
6 | * @package Elgg.Core.Plugin |
||||||||
7 | * @subpackage UserValidationByEmail |
||||||||
8 | */ |
||||||||
9 | |||||||||
10 | /** |
||||||||
11 | * User validation by email init |
||||||||
12 | * |
||||||||
13 | * @return void |
||||||||
14 | */ |
||||||||
15 | function uservalidationbyemail_init() { |
||||||||
16 | |||||||||
17 | 31 | require_once dirname(__FILE__) . '/lib/functions.php'; |
|||||||
18 | |||||||||
19 | // Register page handler to validate users |
||||||||
20 | // This doesn't need to be an action because security is handled by the validation codes. |
||||||||
21 | 31 | elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler'); |
|||||||
22 | |||||||||
23 | // mark users as unvalidated and disable when they register |
||||||||
24 | 31 | elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user'); |
|||||||
25 | |||||||||
26 | // forward to uservalidationbyemail/emailsent page after register |
||||||||
27 | 31 | elgg_register_plugin_hook_handler('response', 'action:register', 'uservalidationbyemail_after_registration_url'); |
|||||||
28 | |||||||||
29 | // canEdit override to allow not logged in code to disable a user |
||||||||
30 | 31 | elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit'); |
|||||||
31 | |||||||||
32 | // prevent users from logging in if they aren't validated |
||||||||
33 | 31 | register_pam_handler('uservalidationbyemail_check_auth_attempt', "required"); |
|||||||
34 | |||||||||
35 | // prevent the engine from logging in users via login() |
||||||||
36 | 31 | elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login'); |
|||||||
37 | |||||||||
38 | // make admin users always validated |
||||||||
39 | 31 | elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user'); |
|||||||
40 | |||||||||
41 | // register Walled Garden public pages |
||||||||
42 | 31 | elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages'); |
|||||||
43 | |||||||||
44 | // admin interface to manually validate users |
||||||||
45 | 31 | elgg_register_menu_item('page', [ |
|||||||
46 | 31 | 'name' => 'users:unvalidated', |
|||||||
47 | 31 | 'text' => elgg_echo('admin:users:unvalidated'), |
|||||||
48 | 31 | 'href' => 'admin/users/unvalidated', |
|||||||
49 | 31 | 'section' => 'administer', |
|||||||
50 | 31 | 'parent_name' => 'users', |
|||||||
51 | 31 | 'context' => 'admin', |
|||||||
52 | ]); |
||||||||
53 | |||||||||
54 | 31 | elgg_extend_view('admin.css', 'uservalidationbyemail/css'); |
|||||||
55 | 31 | } |
|||||||
56 | |||||||||
57 | /** |
||||||||
58 | * Disables a user upon registration |
||||||||
59 | * |
||||||||
60 | * @param string $hook 'register' |
||||||||
61 | * @param string $type 'user' |
||||||||
62 | * @param bool $value current return value |
||||||||
63 | * @param array $params supplied params |
||||||||
64 | * |
||||||||
65 | * @return void |
||||||||
66 | */ |
||||||||
67 | function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) { |
||||||||
2 ignored issues
–
show
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
68 | |||||||||
69 | $user = elgg_extract('user', $params); |
||||||||
70 | // no clue what's going on, so don't react. |
||||||||
71 | if (!$user instanceof ElggUser) { |
||||||||
72 | return; |
||||||||
73 | } |
||||||||
74 | |||||||||
75 | // another plugin is requesting that registration be terminated |
||||||||
76 | // no need for uservalidationbyemail |
||||||||
77 | if (!$value) { |
||||||||
78 | return; |
||||||||
79 | } |
||||||||
80 | |||||||||
81 | // has the user already been validated? |
||||||||
82 | if ($user->isValidated()) { |
||||||||
83 | return; |
||||||||
84 | } |
||||||||
85 | |||||||||
86 | // disable user to prevent showing up on the site |
||||||||
87 | // set context so our canEdit() override works |
||||||||
88 | elgg_push_context('uservalidationbyemail_new_user'); |
||||||||
89 | $hidden_entities = access_show_hidden_entities(true); |
||||||||
90 | |||||||||
91 | // Don't do a recursive disable. Any entities owned by the user at this point |
||||||||
92 | // are products of plugins that hook into create user and might need |
||||||||
93 | // access to the entities. |
||||||||
94 | // @todo That ^ sounds like a specific case...would be nice to track it down... |
||||||||
95 | $user->disable('uservalidationbyemail_new_user', false); |
||||||||
96 | |||||||||
97 | // set user as unvalidated and send out validation email |
||||||||
98 | $user->setValidationStatus(false); |
||||||||
99 | uservalidationbyemail_request_validation($user->guid); |
||||||||
100 | |||||||||
101 | elgg_pop_context(); |
||||||||
102 | access_show_hidden_entities($hidden_entities); |
||||||||
103 | } |
||||||||
104 | |||||||||
105 | /** |
||||||||
106 | * Override the URL to be forwarded after registration |
||||||||
107 | * |
||||||||
108 | * @param string $hook 'response' |
||||||||
109 | * @param string $type 'action:register' |
||||||||
110 | * @param \Elgg\Http\ResponseBuilder $value Current response |
||||||||
111 | * @param array $params Additional params |
||||||||
112 | * |
||||||||
113 | * @return void|\Elgg\Http\ResponseBuilder |
||||||||
114 | */ |
||||||||
115 | function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) { |
||||||||
3 ignored issues
–
show
The parameter
$hook is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$params is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
116 | $session = elgg_get_session(); |
||||||||
117 | $email = $session->get('emailsent', ''); |
||||||||
118 | if ($email) { |
||||||||
119 | $value->setForwardURL(elgg_normalize_url('uservalidationbyemail/emailsent')); |
||||||||
120 | return $value; |
||||||||
121 | } |
||||||||
122 | } |
||||||||
123 | |||||||||
124 | /** |
||||||||
125 | * Override the canEdit() call for if we're in the context of registering a new user. |
||||||||
126 | * |
||||||||
127 | * @param string $hook 'permissions_check' |
||||||||
128 | * @param string $type 'user' |
||||||||
129 | * @param bool $value current return value |
||||||||
130 | * @param array $params supplied params |
||||||||
131 | * |
||||||||
132 | * @return void|true |
||||||||
133 | */ |
||||||||
134 | function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) { |
||||||||
3 ignored issues
–
show
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$hook is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$value is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
135 | |||||||||
136 | // $params['user'] is the user to check permissions for. |
||||||||
137 | // we want the entity to check, which is a user. |
||||||||
138 | 92 | $user = elgg_extract('entity', $params); |
|||||||
139 | 92 | if (!($user instanceof ElggUser)) { |
|||||||
140 | return; |
||||||||
141 | } |
||||||||
142 | |||||||||
143 | 92 | $context = elgg_get_context(); |
|||||||
144 | 92 | if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') { |
|||||||
145 | return true; |
||||||||
146 | } |
||||||||
147 | 92 | } |
|||||||
148 | |||||||||
149 | /** |
||||||||
150 | * Checks if an account is validated |
||||||||
151 | * |
||||||||
152 | * @param array $credentials The username and password |
||||||||
153 | * |
||||||||
154 | * @return void |
||||||||
155 | */ |
||||||||
156 | function uservalidationbyemail_check_auth_attempt($credentials) { |
||||||||
157 | |||||||||
158 | 9 | if (!isset($credentials['username'])) { |
|||||||
159 | 2 | return; |
|||||||
160 | } |
||||||||
161 | |||||||||
162 | 7 | $username = $credentials['username']; |
|||||||
163 | |||||||||
164 | // See if the user exists and isn't validated |
||||||||
165 | 7 | $access_status = access_show_hidden_entities(true); |
|||||||
166 | |||||||||
167 | // check if logging in with email address |
||||||||
168 | 7 | if (strpos($username, '@') !== false) { |
|||||||
169 | $users = get_user_by_email($username); |
||||||||
170 | if ($users) { |
||||||||
171 | $username = $users[0]->username; |
||||||||
172 | } |
||||||||
173 | } |
||||||||
174 | |||||||||
175 | 7 | $user = get_user_by_username($username); |
|||||||
176 | 7 | if ($user && isset($user->validated) && !$user->validated) { |
|||||||
177 | // show an error and resend validation email |
||||||||
178 | uservalidationbyemail_request_validation($user->guid); |
||||||||
179 | access_show_hidden_entities($access_status); |
||||||||
180 | throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); |
||||||||
181 | } |
||||||||
182 | |||||||||
183 | 7 | access_show_hidden_entities($access_status); |
|||||||
184 | 7 | } |
|||||||
185 | |||||||||
186 | /** |
||||||||
187 | * Checks sent passed validation code and user guids and validates the user. |
||||||||
188 | * |
||||||||
189 | * @param array $page URL segments |
||||||||
190 | * |
||||||||
191 | * @return bool |
||||||||
192 | */ |
||||||||
193 | function uservalidationbyemail_page_handler($page) { |
||||||||
194 | |||||||||
195 | switch ($page[0]) { |
||||||||
196 | case 'confirm': |
||||||||
197 | echo elgg_view_resource("uservalidationbyemail/confirm"); |
||||||||
198 | return true; |
||||||||
199 | case 'emailsent': |
||||||||
200 | echo elgg_view_resource("uservalidationbyemail/emailsent"); |
||||||||
201 | return true; |
||||||||
202 | default: |
||||||||
203 | forward('', '404'); |
||||||||
204 | return false; |
||||||||
205 | } |
||||||||
206 | } |
||||||||
207 | |||||||||
208 | /** |
||||||||
209 | * Make sure any admin users are automatically validated |
||||||||
210 | * |
||||||||
211 | * @param string $event 'make_admin' |
||||||||
212 | * @param string $type 'user' |
||||||||
213 | * @param ElggUser $user the user |
||||||||
214 | * |
||||||||
215 | * @return void |
||||||||
216 | */ |
||||||||
217 | function uservalidationbyemail_validate_new_admin_user($event, $type, $user) { |
||||||||
2 ignored issues
–
show
The parameter
$event is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
218 | 6 | if ($user instanceof ElggUser && !$user->isValidated()) { |
|||||||
219 | 6 | $user->setValidationStatus(true, 'admin_user'); |
|||||||
220 | } |
||||||||
221 | 6 | } |
|||||||
222 | |||||||||
223 | /** |
||||||||
224 | * Registers public pages to allow in the case walled garden has been enabled |
||||||||
225 | * |
||||||||
226 | * @param string $hook 'public_pages' |
||||||||
227 | * @param string $type 'walled_garden' |
||||||||
228 | * @param array $return_value current return value |
||||||||
229 | * @param mixed $params supplied params |
||||||||
230 | * |
||||||||
231 | * @return array |
||||||||
232 | */ |
||||||||
233 | function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) { |
||||||||
3 ignored issues
–
show
The parameter
$params is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$hook is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
234 | $return_value[] = 'uservalidationbyemail/confirm'; |
||||||||
235 | $return_value[] = 'uservalidationbyemail/emailsent'; |
||||||||
236 | return $return_value; |
||||||||
237 | } |
||||||||
238 | |||||||||
239 | /** |
||||||||
240 | * Prevent a manual code login with login() |
||||||||
241 | * |
||||||||
242 | * @param string $event 'login:before' |
||||||||
243 | * @param string $type 'user' |
||||||||
244 | * @param ElggUser $user the user |
||||||||
245 | * |
||||||||
246 | * @return void |
||||||||
247 | * |
||||||||
248 | * @throws LoginException |
||||||||
249 | */ |
||||||||
250 | function uservalidationbyemail_check_manual_login($event, $type, $user) { |
||||||||
2 ignored issues
–
show
The parameter
$event is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
The parameter
$type is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||||||
251 | |||||||||
252 | 5 | $access_status = access_show_hidden_entities(true); |
|||||||
253 | |||||||||
254 | 5 | if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) { |
|||||||
255 | // send new validation email |
||||||||
256 | uservalidationbyemail_request_validation($user->getGUID()); |
||||||||
257 | |||||||||
258 | // restore hidden entities settings |
||||||||
259 | access_show_hidden_entities($access_status); |
||||||||
260 | |||||||||
261 | // throw error so we get a nice error message |
||||||||
262 | throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); |
||||||||
263 | } |
||||||||
264 | |||||||||
265 | 5 | access_show_hidden_entities($access_status); |
|||||||
266 | 5 | } |
|||||||
267 | |||||||||
268 | return function() { |
||||||||
269 | 18 | elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init'); |
|||||||
270 | }; |
||||||||
271 |
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.