123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 |
- <?php
- /**
- * Email user validation plugin.
- * Non-admin accounts are invalid until their email address is confirmed.
- *
- * @package Elgg.Core.Plugin
- * @subpackage UserValidationByEmail
- */
- elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init');
- function uservalidationbyemail_init() {
- require_once dirname(__FILE__) . '/lib/functions.php';
- // Register page handler to validate users
- // This doesn't need to be an action because security is handled by the validation codes.
- elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
- // mark users as unvalidated and disable when they register
- elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');
- // forward to uservalidationbyemail/emailsent page after register
- elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url');
- // canEdit override to allow not logged in code to disable a user
- elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
- // prevent users from logging in if they aren't validated
- register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
- // when requesting a new password
- elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
- // prevent the engine from logging in users via login()
- elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login');
- // make admin users always validated
- elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
- // register Walled Garden public pages
- elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
- // admin interface to manually validate users
- elgg_register_admin_menu_item('administer', 'unvalidated', 'users');
- elgg_extend_view('css/admin', 'uservalidationbyemail/css');
- elgg_extend_view('js/elgg', 'uservalidationbyemail/js');
- $action_path = dirname(__FILE__) . '/actions';
- elgg_register_action('uservalidationbyemail/validate', "$action_path/validate.php", 'admin');
- elgg_register_action('uservalidationbyemail/resend_validation', "$action_path/resend_validation.php", 'admin');
- elgg_register_action('uservalidationbyemail/delete', "$action_path/delete.php", 'admin');
- elgg_register_action('uservalidationbyemail/bulk_action', "$action_path/bulk_action.php", 'admin');
- }
- /**
- * Disables a user upon registration.
- *
- * @param string $hook
- * @param string $type
- * @param bool $value
- * @param array $params
- * @return bool
- */
- function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
- $user = elgg_extract('user', $params);
- // no clue what's going on, so don't react.
- if (!$user instanceof ElggUser) {
- return;
- }
- // another plugin is requesting that registration be terminated
- // no need for uservalidationbyemail
- if (!$value) {
- return $value;
- }
- // has the user already been validated?
- if (elgg_get_user_validation_status($user->guid) == true) {
- return $value;
- }
- // disable user to prevent showing up on the site
- // set context so our canEdit() override works
- elgg_push_context('uservalidationbyemail_new_user');
- $hidden_entities = access_get_show_hidden_status();
- access_show_hidden_entities(TRUE);
- // Don't do a recursive disable. Any entities owned by the user at this point
- // are products of plugins that hook into create user and might need
- // access to the entities.
- // @todo That ^ sounds like a specific case...would be nice to track it down...
- $user->disable('uservalidationbyemail_new_user', FALSE);
- // set user as unvalidated and send out validation email
- elgg_set_user_validation_status($user->guid, FALSE);
- uservalidationbyemail_request_validation($user->guid);
- elgg_pop_context();
- access_show_hidden_entities($hidden_entities);
- return $value;
- }
- /**
- * Override the URL to be forwarded after registration
- *
- * @param string $hook
- * @param string $type
- * @param bool $value
- * @param array $params
- * @return string
- */
- function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) {
- $url = elgg_extract('current_url', $params);
- if ($url == elgg_get_site_url() . 'action/register') {
- $session = elgg_get_session();
- $email = $session->get('emailsent', '');
- if ($email) {
- return elgg_get_site_url() . 'uservalidationbyemail/emailsent';
- }
- }
- }
- /**
- * Override the canEdit() call for if we're in the context of registering a new user.
- *
- * @param string $hook
- * @param string $type
- * @param bool $value
- * @param array $params
- * @return bool|null
- */
- function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) {
- // $params['user'] is the user to check permissions for.
- // we want the entity to check, which is a user.
- $user = elgg_extract('entity', $params);
- if (!($user instanceof ElggUser)) {
- return;
- }
- $context = elgg_get_context();
- if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') {
- return TRUE;
- }
- return;
- }
- /**
- * Checks if an account is validated
- *
- * @params array $credentials The username and password
- * @return bool
- */
- function uservalidationbyemail_check_auth_attempt($credentials) {
- if (!isset($credentials['username'])) {
- return;
- }
- $username = $credentials['username'];
- // See if the user exists and isn't validated
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(TRUE);
- // check if logging in with email address
- if (strpos($username, '@') !== false) {
- $users = get_user_by_email($username);
- if ($users) {
- $username = $users[0]->username;
- }
- }
- $user = get_user_by_username($username);
- if ($user && isset($user->validated) && !$user->validated) {
- // show an error and resend validation email
- uservalidationbyemail_request_validation($user->guid);
- access_show_hidden_entities($access_status);
- throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
- }
- access_show_hidden_entities($access_status);
- }
- /**
- * Checks sent passed validation code and user guids and validates the user.
- *
- * @param array $page
- * @return bool
- */
- function uservalidationbyemail_page_handler($page) {
- $valid_pages = array('emailsent', 'confirm');
- if (empty($page[0]) || !in_array($page[0], $valid_pages)) {
- forward('', '404');
- }
- // note, safe to include based on input because we validated above.
- require dirname(__FILE__) . "/pages/{$page[0]}.php";
- return true;
- }
- /**
- * Make sure any admin users are automatically validated
- *
- * @param string $event
- * @param string $type
- * @param ElggUser $user
- */
- function uservalidationbyemail_validate_new_admin_user($event, $type, $user) {
- if ($user instanceof ElggUser && !$user->validated) {
- elgg_set_user_validation_status($user->guid, TRUE, 'admin_user');
- }
- }
- /**
- * Registers public pages to allow in the case walled garden has been enabled.
- */
- function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) {
- $return_value[] = 'uservalidationbyemail/confirm';
- $return_value[] = 'uservalidationbyemail/emailsent';
- return $return_value;
- }
- /**
- * Prevent a manual code login with login().
- *
- * @param string $event
- * @param string $type
- * @param ElggUser $user
- * @return bool
- *
- * @throws LoginException
- */
- function uservalidationbyemail_check_manual_login($event, $type, $user) {
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(TRUE);
- if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
- // send new validation email
- uservalidationbyemail_request_validation($user->getGUID());
-
- // restore hidden entities settings
- access_show_hidden_entities($access_status);
-
- // throw error so we get a nice error message
- throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
- }
- access_show_hidden_entities($access_status);
- }
|