Implement user account activation

carlbennett · carlbennett · commit cf3e95be4ff0 · 2019-08-23T03:00:31.000Z
diff --git a/src/controllers/User/Activate.php b/src/controllers/User/Activate.php
@@ -3,6 +3,12 @@
 namespace BNETDocs\Controllers\User;
 
 use \BNETDocs\Models\User\Activate as UserActivateModel;
+
+use \BNETDocs\Libraries\EventTypes;
+use \BNETDocs\Libraries\Exceptions\UserNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\User;
+
 use \CarlBennett\MVC\Libraries\Common;
 use \CarlBennett\MVC\Libraries\Controller;
 use \CarlBennett\MVC\Libraries\Router;
@@ -12,12 +18,42 @@ class Activate extends Controller {
 
   public function &run( Router &$router, View &$view, array &$args ) {
 
+    $data = $router->getRequestQueryArray();
+
     $model = new UserActivateModel();
 
-    $data = $router->getRequestQueryArray();
+    $model->error   = 'INVALID_TOKEN';
+    $model->token   = isset( $data[ 't' ]) ? $data[ 't' ] : null;
+    $model->user_id = isset( $data[ 'u' ]) ? $data[ 'u' ] : null;
+
+    if ( !is_null( $model->user_id )) {
+      $model->user_id = (int) $model->user_id;
+    }
+
+    try {
+      $model->user = new User( $model->user_id );
+    } catch ( UserNotFoundException $ex ) {
+      $model->user = null;
+    }
+
+    if ( $model->user ) {
+      $model->user->invalidateVerificationToken();
+      $user_token = $model->user->getVerificationToken();
 
-    $model->token = isset( $data[ 't' ] ) ? $data[ 't' ] : null;
-    $model->error = 'INVALID_TOKEN';
+      if ( $user_token === $model->token ) {
+        if (!$model->user->setVerified()) {
+          $model->error = 'INTERNAL_ERROR';
+        } else {
+          $model->error = false;
+          Logger::logEvent(
+            EventTypes::USER_VERIFIED,
+            $model->user_id,
+            getenv( 'REMOTE_ADDR' ),
+            json_encode([ 'error' => $model->error ])
+          );
+        }
+      }
+    }
 
     $view->render( $model );
 
diff --git a/src/controllers/User/Register.php b/src/controllers/User/Register.php
@@ -180,6 +180,7 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
 
       $state->mail &= $mail;
       $state->token = ( $user ? $user->getVerificationToken() : null );
+      $state->user_id = $user_id;
 
       try {
         //Server settings
diff --git a/src/libraries/User.php b/src/libraries/User.php
@@ -279,7 +279,7 @@ public static function create(
   public static function createPassword($password, &$hash, &$salt) {
     $pepper = Common::$config->bnetdocs->user_password_pepper;
 
-    $gmp  = gmp_init(microtime(true)*10000);
+    $gmp  = gmp_init(time());
     $gmp  = gmp_mul($gmp, mt_rand());
     $gmp  = gmp_mul($gmp, gmp_random_bits(64));
     $salt = strtoupper(gmp_strval($gmp, 36));
@@ -506,7 +506,7 @@ public function getVerificationToken() {
     $value = Common::$cache->get($key);
 
     if ($value === false) {
-      $gmp = gmp_init(microtime(true)*10000);
+      $gmp = gmp_init(time());
       $gmp = gmp_mul($gmp, mt_rand());
       $gmp = gmp_mul($gmp, gmp_random_bits(64));
 
@@ -684,4 +684,58 @@ public function setAcl($acl, $value) {
     }
   }
 
+  public function setVerified() {
+    $this->invalidateVerificationToken();
+
+    $tz = new DateTimeZone( 'Etc/UTC' );
+    $dt = new DateTime($this->created_datetime);
+    $dt->setTimezone($tz);
+
+    $verified_datetime = $dt;
+    $options_bitmask = $this->options_bitmask | self::OPTION_VERIFIED;
+
+    if ( !isset( Common::$database )) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+
+    $successful = false;
+
+    try {
+
+      $stmt = Common::$database->prepare('
+        UPDATE `users` SET
+          `options_bitmask` = :bits,
+          `verified_datetime` = :dt
+        WHERE `id` = :user_id;
+      ');
+      $stmt->bindParam(
+        ':dt', $verified_datetime->format( 'Y-m-d H:i:s' ), PDO::PARAM_STR
+      );
+      $stmt->bindParam(':bits', $options_bitmask, PDO::PARAM_INT);
+      $stmt->bindParam(':user_id', $this->id, PDO::PARAM_INT);
+      $successful = $stmt->execute();
+      $stmt->closeCursor();
+      if ($successful) {
+        $this->verified_datetime = $verified_datetime;
+        $this->options_bitmask = $options_bitmask;
+        $key = 'bnetdocs-user-' . $this->id;
+        $obj = Common::$cache->get($key);
+        if ($obj !== false) {
+          $obj = unserialize($obj);
+          $obj->verified_datetime = $this->verified_datetime;
+          $obj->options_bitmask = $this->options_bitmask;
+          $obj = serialize($obj);
+          Common::$cache->set($key, $obj, 300);
+        }
+      }
+
+    } catch (PDOException $e) {
+
+      throw new QueryException('Cannot set user as verified', $e);
+
+    } finally {
+      return $successful;
+    }
+  }
+
 }
diff --git a/src/models/User/Activate.php b/src/models/User/Activate.php
@@ -6,7 +6,9 @@
 
 class Activate extends Model {
 
-  public $token;
   public $error;
+  public $token;
+  public $user;
+  public $user_id;
 
 }
diff --git a/src/templates/Email/User/Register.plain.phtml b/src/templates/Email/User/Register.plain.phtml
@@ -1,10 +1,15 @@
-<?php require("./Email/header.plain.inc.phtml"); ?>
+<?php
+namespace BNETDocs\Templates\Email\User;
+use \CarlBennett\MVC\Libraries\Common;
+require("./Email/header.plain.inc.phtml");
+?>
 Welcome to BNETDocs!
 
 Your account requires activation before being able to use this service. Click
 or copy and paste the link below into your browser to activate your account.
 
-https://bnetdocs.org/user/activate?t=<?php echo rawurlencode($this->getContext()->token); ?>
+<?php echo Common::relativeUrlToAbsolute('/user/activate?u=' . rawurlencode($this->getContext()->user_id) . '&t=' . rawurlencode($this->getContext()->token)); ?>
+
 
 Note: This link will only be available for 24 hours after registering. If you
 wait until it expires, you will need to complete a password reset.
diff --git a/src/templates/Email/User/Register.rich.phtml b/src/templates/Email/User/Register.rich.phtml
@@ -1,6 +1,11 @@
-<?php require("./Email/header.rich.inc.phtml"); ?>
+<?php
+namespace BNETDocs\Templates\Email\User;
+use \CarlBennett\MVC\Libraries\Common;
+require("./Email/header.rich.inc.phtml");
+$url = Common::relativeUrlToAbsolute('/user/activate?u=' . rawurlencode($this->getContext()->user_id) . '&t=' . rawurlencode($this->getContext()->token));
+?>
 <p style="font-family:sans-serif;font-weight:bold;">Welcome to BNETDocs!</p>
 <p style="font-family:sans-serif;">Your account requires activation before being able to use this service. Click or copy and paste the link below into your browser to activate your account.</p>
-<p style="font-family:sans-serif;"><a href="https://bnetdocs.org/user/activate?t=<?php echo rawurlencode($this->getContext()->token); ?>" rel="external">https://bnetdocs.org/user/activate?t=<?php echo rawurlencode($this->getContext()->token); ?></a></p>
+<p style="font-family:sans-serif;"><a href="<?=$url?>" rel="external"><?=filter_var($url, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?></a></p>
 <p style="font-family:sans-serif;"><strong>Note:</strong> This link will only be available for 24 hours after registering. If you wait until it expires, you will need to complete a password reset.</p>
 <?php require("./Email/footer.rich.inc.phtml"); ?>
diff --git a/src/templates/User/Activate.phtml b/src/templates/User/Activate.phtml
@@ -13,6 +13,10 @@ switch ( $this->getContext()->error ) {
   case 'INVALID_TOKEN':
     $message = 'The token is expired or invalid and therefore cannot be used.';
     break;
+  case 'INTERNAL_ERROR':
+    $message = 'An internal error occurred while processing your request. '
+      . 'Our staff has been notified of the issue. Try again later.';
+    break;
   default:
     $message = $this->getContext()->error;
 }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,9 @@`
`6`	`6`
`7`	`7`	`class Activate extends Model {`
`8`	`8`
`9`		`- public $token;`
`10`	`9`	`public $error;`
	`10`	`+ public $token;`
	`11`	`+ public $user;`
	`12`	`+ public $user_id;`
`11`	`13`
`12`	`14`	`}`