reSIProcate/repro  9694
emailactivationnotice.php
Go to the documentation of this file.
00001 <?php
00002 /*
00003 System:  Repro
00004 File:    emailactivationnotice.php
00005 Purpose: validate the information entered in the account setup screen, create
00006                  an account based on this, and email an activation code to the user.
00007 Author:  S. Chanin
00008 */
00009 
00010 require('reprofunctions.php');
00011 
00012 // edit checks on values entered
00013 $error="";
00014 
00015 // pull out the post variables
00016 $username=$_POST['username'];
00017 $password=$_POST['password'];
00018 $password2=$_POST['password2'];
00019 $fullname=$_POST['fullname'];
00020 $domain=$_POST['domain'];
00021 $email=$_POST['email'];
00022 $email2=$_POST['email2'];
00023 $userkey=$_POST['userkey'];
00024 $keyvalue=$_POST['keyvalue'];
00025 
00026 // ensure that all required values have been filled in
00027 if (empty($username)) {
00028     $error = $error . "Username must be non-blank.<br />"; }
00029 if (empty($password)) {
00030         $error = $error . "Password must be non-blank.<br />"; }
00031 if (empty($password2)) {
00032         $error = $error . "Retyped Password must be non-blank.<br />"; }
00033 if (empty($fullname)) {
00034         $error = $error . "Full Name must be non-blank.<br />"; }
00035 if (empty($email)) {
00036         $error = $error . "Email must be non-blank.<br />"; }
00037 if (empty($email2)) {
00038         $error = $error . "Retyped Email must be non-blank.<br />"; }
00039 
00040 // ensure that double entered values match
00041 if ($password != $password2) {
00042         $error = $error . "Values entered for passord do not match.<br />"; }
00043 if ($email != $email2) {
00044         $error = $error . "Values entered for email address do not match.<br />"; }
00045 
00046 // ensure that the CAPTCHA key was correctly read and reentered
00047 if (md5($userkey) != $keyvalue) {
00048         $error = $error . "Security key does not match.<br />"; }
00049 
00050 // validate that username isn't already in use
00051 if (usernameInUse($username) == "Y") {
00052         $error = $error . "That username is already in use.<br />";     
00053 }
00054 
00055 // verify that they have passed the automated turing test
00056 // verify the email address passes a sniff test
00057 
00058 if (!empty($error)) {
00059         header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00060                         dirname($_SERVER['PHP_SELF']) . 
00061                         "/createaccount.php?username=$username&fullname=$fullname&email=$email&email2=$email2&error=" . urlencode($error));
00062                 exit;
00063 }
00064 
00065 //create an activation code
00066 /* there may be a better way to do this.  My thought is that md5 gives me a
00067 string that is pretty random and long enough that it is essentially impossible
00068 to guess.  By seeding it with microtime and username the key should be different
00069 for each user it would take a couple of thousand guesses to get a match if you
00070 tried to brute force create every possible activationKey for the time around
00071 when the attackers account was created.
00072 */
00073 $activationCode = md5(microtime() . $username);
00074 
00075 // create the actual account
00076 $encryptedPassword = createPassword($username,$password);
00077 
00078 if (!createAccount($username,$encryptedPassword,$fullname,$domain,$email,$activationCode)) {
00079         // oops ... got an error creating the account
00080         $error = $error . "Error while creating account.";
00081         header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00082                         dirname($_SERVER['PHP_SELF']) . 
00083                         "/createaccount.php?username=$username&fullname=$fullname&email=$email&email2=$email2&error=" . urlencode($error));
00084                 exit;
00085 }
00086 
00087 // create a default resource
00088 $defaultAOR = $username . '@' . $domain;
00089 if (!createResource($username,$defaultAOR,'N','','')) {
00090         // oops ... got an error creating the default resource
00091         $error = $error . "Error while creating account (default resource).";
00092         header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00093                         dirname($_SERVER['PHP_SELF']) . 
00094                         "/createaccount.php?username=$username&fullname=$fullname&email=$email&email2=$email2&error=" . urlencode($error));
00095                 exit;
00096 }
00097 
00098 // email the activation notice
00099 // create activation link
00100 $link = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) .
00101         "/activateaccount.php?user=$username&code=$activationCode";
00102 
00103 // subject
00104 $subject = "$provider Activation Notice";
00105 
00106 // message
00107 $message = '
00108 <html>
00109 <head>
00110   <title>' . $provider . ' Activation Notice</title>
00111 </head>
00112 <body>
00113 <h1>Welcome to '. $provider . 
00114 '</h1>
00115 
00116 <p>This email address has recently been used to create a new 
00117 account at ' . $provider . '</p><br />
00118 <p>In order to ensure this account was actually requested by you, 
00119 we send an email to the address provided and ask that you confirm the
00120 new account request by clicking the link below:</p>
00121 <br />' . $link . '<br />
00122 If you do not click this link, the account will not be activated.
00123 <br />
00124 <br />
00125 Sincerely,<br />' . $provider . 
00126 '</body>
00127 </html>
00128 ';
00129 
00130 // To send HTML mail, the Content-type header must be set
00131 $headers  = 'MIME-Version: 1.0' . "\r\n";
00132 $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
00133 
00134 // Additional headers
00135 $headers .= "From: $providerEmail". "\r\n";
00136 
00137 // Mail it
00138 if (!mail($email, $subject, $message, $headers)) {
00139         // mail returned an error
00140         $error = $error . "Error while emailing activation notice.";
00141         header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00142                         dirname($_SERVER['PHP_SELF']) . 
00143                         "/createaccount.php?username=$username&fullname=$fullname&email=$email&email2=$email2&error=" . urlencode($error));
00144                 exit;
00145 }
00146 ?>
00147 
00148 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00149 
00150 <html>
00151 <head>
00152 <link rel="stylesheet" type="text/css" href="repro_style.css" />
00153 <title>Activation Notice</title>
00154 </head>
00155 
00156 <body>
00157 <h1 class="title">Repro</h1>
00158 <h1>Activation Notice</h1>
00159 <hr />
00160 <p>Congratulatins <?php echo $fullname ?> and welcome to <?php echo $provider ?>.
00161 Your account has been established on our server.  In order to ensure all
00162 the information provided is correct, we have sent an email with an activation
00163 link to the address you provided in the signup process.</p>
00164 
00165 <p>Please read that message and click the link provided, or follow the 
00166 instructions in the email for manual activiation.</p>
00167 
00168 <hr />
00169 <p>Since I don't have an SMTP server running on this machine, I can't send out messages.
00170 As a result, I can't test that the above email code actually works.</p>
00171 
00172 <p>So for this version, here is the same link to click that is in the email.  Clicking
00173 this link will activate your account.</p>
00174 
00175 <a href="<?php echo $link ?>">Click here to activate</a>
00176 <br />
00177 Or copy the following link into your browser: <br />
00178 <?php echo $link ?>
00179 
00180 <br /><hr />
00181 <a href="index.php">Return to Welcome Page</a>
00182 <br />
00183 
00184 </body>
00185 </html>
Generated on Sun May 20 2012 02:14:56 for reSIProcate/repro by   doxygen 1.7.5.1