diff --git a/account.php b/account.php
index 4a5f96d7e2ccc10dba3576158ecfc25b35cf14ee..acab3bed62343c4ce5d0cc4e8f5247ec79af2e8b 100644
--- a/account.php
+++ b/account.php
@@ -27,7 +27,8 @@ if (!$cfg || !$cfg->isClientRegistrationEnabled()) {
}
elseif ($thisclient) {
- $inc = 'profile.inc.php';
+ $inc = isset($_GET['confirmed'])
+ ? 'registration.confirmed.inc.php' : 'profile.inc.php';
$user = User::lookup($thisclient->getId());
}
@@ -61,6 +62,7 @@ elseif ($_POST) {
switch ($_POST['do']) {
case 'create':
$inc = 'register.confirm.inc.php';
+ $acct->sendResetEmail('registration-client');
}
}
diff --git a/include/class.auth.php b/include/class.auth.php
index d326ce685348f617b95854ca15a77eb43de89053..0912239241c5dfb14771ffc77530123909459d94 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -871,4 +871,39 @@ class ClientPasswordResetTokenBackend extends UserAuthenticationBackend {
}
}
UserAuthenticationBackend::register('ClientPasswordResetTokenBackend');
+
+class ClientAcctConfirmationTokenBackend extends UserAuthenticationBackend {
+ static $id = "confirm.client";
+
+ function supportsAuthentication() {
+ return false;
+ }
+
+ function signOn($errors=array()) {
+ global $ost;
+
+ if (!isset($_GET['token']))
+ return false;
+ elseif (!($_config = new Config('pwreset')))
+ return false;
+ elseif (!($id = $_config->get($_GET['token'])))
+ return false;
+ elseif (!($acct = ClientAccount::lookup(array('user_id'=>$id)))
+ || !$acct->getId()
+ || $id != $acct->getUserId()
+ || !($client = new ClientSession(new EndUser($acct->getUser()))))
+ return false;
+ else
+ return $client;
+ }
+
+ protected function validate($authkey) {
+ if (!($acct = ClientAccount::lookupByUsername($authkey)))
+ return;
+
+ if (($client = new ClientSession(new EndUser($acct->getUser()))) && $client->getId())
+ return $client;
+ }
+}
+UserAuthenticationBackend::register('ClientAcctConfirmationTokenBackend');
?>
diff --git a/include/class.client.php b/include/class.client.php
index c5ea785cd15cd144493ea5129de84b57a906627f..105eba9cc3eb314c9cfc55544c952e4c7259d29b 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -321,38 +321,59 @@ class ClientAccount extends ClientAccountModel {
return (bool) $this->get('passwd');
}
- function sendResetEmail() {
+ function sendResetEmail($template='pwreset-client') {
global $ost, $cfg;
- $tpl= $ost->getConfig()->getDefaultTemplate();
-
$token = Misc::randCode(48); // 290-bits
- if (!($template = $tpl->getMsgTemplate('staff.pwreset')))
+
+ $email = $cfg->getDefaultEmail();
+ $content = Page::lookup(Page::getIdByType($template));
+
+ if (!$email || !$content)
return new Error('Unable to retrieve password reset email template');
$vars = array(
'url' => $ost->getConfig()->getBaseUrl(),
'token' => $token,
- 'client' => $this,
- 'reset_link' => sprintf(
+ 'recipient' => $this->getUser(),
+ 'link' => sprintf(
"%s/pwreset.php?token=%s",
$ost->getConfig()->getBaseUrl(),
$token),
);
-
- if(!($email=$cfg->getAlertEmail()))
- $email = $cfg->getDefaultEmail();
+ $vars['reset_link'] = &$vars['link'];
$info = array('email' => $email, 'vars' => &$vars, 'log'=>true);
Signal::send('auth.pwreset.email', $this, $info);
- $msg = $ost->replaceTemplateVariables($template->asArray(), $vars);
+ $msg = $ost->replaceTemplateVariables(array(
+ 'subj' => $content->getName(),
+ 'body' => $content->getBody(),
+ ), $vars);
$_config = new Config('pwreset');
$_config->set($vars['token'], $this->user->getId());
$email->send($this->user->default_email->get('address'),
- $msg['subj'], $msg['body']);
+ Format::striptags($msg['subj']), $msg['body']);
+ }
+
+ function confirm() {
+ $this->_setStatus(self::CONFIRMED);
+ return $this->save();
+ }
+
+ function isConfirmed() {
+ return $this->_getStatus(self::CONFIRMED);
+ }
+
+ function lock() {
+ $this->_setStatus(self::LOCKED);
+ $this->save();
+ }
+
+ function isLocked() {
+ return $this->_getStatus(self::LOCKED);
}
function forcePasswdReset() {
@@ -360,6 +381,10 @@ class ClientAccount extends ClientAccountModel {
return $this->save();
}
+ function isPasswdResetForced() {
+ return $this->_getStatus(self::PASSWD_RESET_REQUIRED);
+ }
+
function _getStatus($flag) {
return 0 !== ($this->get('status') & $flag);
}
@@ -372,10 +397,6 @@ class ClientAccount extends ClientAccountModel {
return $this->set('status', $this->get('status') | $flag);
}
- function isPasswdResetForced() {
- return $this->_getStatus(self::PASSWD_RESET_REQUIRED);
- }
-
function cancelResetTokens() {
// TODO: Drop password-reset tokens from the config table for
// this user id
diff --git a/include/client/register.confirmed.inc.php b/include/client/register.confirmed.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..047bdcb6d89cb905dcbd00c40b8dd8ae9b84fde6
--- /dev/null
+++ b/include/client/register.confirmed.inc.php
@@ -0,0 +1,9 @@
+<h1>Account Registration</h1>
+<p>
+<strong>Thanks for registering for an account.</strong>
+</p>
+<p>
+You've confirmed your email address and successfully activated your account.
+You may proceed to check on previously opened tickets or open a new ticket.
+</p>
+<p><em>Your friendly support center</em></p>
diff --git a/include/staff/templates/content-manage.tmpl.php b/include/staff/templates/content-manage.tmpl.php
index f3498670ba0cd26a535b98385eda8ff50f765755..d2a546cd0367b02b9c4defb3f63c8531200972c8 100644
--- a/include/staff/templates/content-manage.tmpl.php
+++ b/include/staff/templates/content-manage.tmpl.php
@@ -4,10 +4,13 @@
<form method="post" action="#content/<?php echo $content->getId(); ?>">
<input type="text" style="width: 100%; font-size: 14pt" name="name" value="<?php
echo Format::htmlchars($content->getName()); ?>" />
- <div style="margin-top: 5px"></div>
+ <div style="margin-top: 5px">
<textarea class="richtext no-bar" name="body"><?php
echo Format::viewableImages($content->getBody());
?></textarea>
+ </div>
+ <div id="msg_info" style="margin-top:7px"><?php
+echo $content->getNotes(); ?></div>
<hr/>
<p class="full-width">
<span class="buttons" style="float:left">
diff --git a/pwreset.php b/pwreset.php
index 615cbbee95b12566da0311abda30f4a92cdfc61a..429b43f59f4d3f9477f865528b8ed764a38e5a98 100644
--- a/pwreset.php
+++ b/pwreset.php
@@ -27,8 +27,6 @@ if($_POST) {
$banner = 'Unable to verify username '
.Format::htmlchars($_POST['userid']);
break;
- case 'create_account':
- break;
case 'reset':
$inc = 'pwreset.login.php';
$errors = array();
@@ -45,8 +43,20 @@ elseif ($_GET['token']) {
$banner = 'Re-enter your username or email';
$_config = new Config('pwreset');
if (($id = $_config->get($_GET['token']))
- && ($acct = ClientAccount::lookup(array('user_id'=>$id))))
- $inc = 'pwreset.login.php';
+ && ($acct = ClientAccount::lookup(array('user_id'=>$id)))) {
+ if (!$acct->isConfirmed()) {
+ $inc = 'register.confirmed.inc.php';
+ $acct->confirm();
+ // TODO: Log the user in
+ if ($client = UserAuthenticationBackend::processSignOn($errors)) {
+ $acct->cancelResetTokens();
+ Http::redirect('account.php?confirmed');
+ }
+ }
+ else {
+ $inc = 'pwreset.login.php';
+ }
+ }
elseif ($id && ($user = User::lookup($id)))
$inc = 'pwreset.create.php';
else