logintoboggan.validation.inc 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. <?php
  2. /**
  3. * @file
  4. * Validation functions for LoginToboggan module.
  5. /**
  6. /**
  7. * Menu callback; validate the e-mail address as a one time URL, and redirects
  8. * to the user page on success.
  9. */
  10. function logintoboggan_validate_email($account, $timestamp, $hashed_pass, $action = 'login') {
  11. global $user;
  12. // Test here for a valid pre-auth -- if the pre-auth is set to the auth user, we
  13. // handle things a bit differently.
  14. $validating_id = logintoboggan_validating_id();
  15. $pre_auth = !variable_get('user_email_verification', TRUE) && $validating_id != DRUPAL_AUTHENTICATED_RID;
  16. // No time out for first time login.
  17. // This conditional checks that:
  18. // - the user is still in the pre-auth role or didn't set
  19. // their own password.
  20. // - the hashed password is correct.
  21. if (((variable_get('user_email_verification', TRUE) && empty($account->login)) || ($pre_auth && array_key_exists($validating_id, $account->roles))) && $hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail)) {
  22. watchdog('user', 'E-mail validation URL used for %name with timestamp @timestamp.', array('%name' => $account->name, '@timestamp' => $timestamp));
  23. _logintoboggan_process_validation($account);
  24. // Where do we redirect after confirming the account?
  25. $redirect = _logintoboggan_process_redirect(variable_get('logintoboggan_redirect_on_confirm', ''), $account);
  26. switch ($action) {
  27. // Proceed with normal user login, as long as it's open registration and their
  28. // account hasn't been blocked.
  29. case 'login':
  30. // Only show the validated message if there's a valid pre-auth role.
  31. if ($pre_auth) {
  32. drupal_set_message(t('You have successfully validated your e-mail address.'));
  33. }
  34. if (!$account->status) {
  35. drupal_set_message(t('Your account is currently blocked -- login cancelled.'), 'error');
  36. drupal_goto('');
  37. }
  38. else {
  39. $edit = array();
  40. $redirect = logintoboggan_process_login($account, $edit, $redirect);
  41. call_user_func_array('drupal_goto', $redirect);
  42. }
  43. break;
  44. // Admin validation.
  45. case 'admin':
  46. if ($pre_auth) {
  47. // Mail the user, letting them know their account now has auth user perms.
  48. _user_mail_notify('status_activated', $account);
  49. }
  50. drupal_set_message(t('You have successfully validated %user.', array('%user' => $account->name)));
  51. drupal_goto("user/$account->uid/edit");
  52. break;
  53. // Catch all.
  54. default:
  55. drupal_set_message(t('You have successfully validated %user.', array('%user' => $account->name)));
  56. drupal_goto('');
  57. break;
  58. }
  59. }
  60. else {
  61. $message = t("Sorry, you can only use your validation link once for security reasons.");
  62. // No one currently logged in, go straight to user login page.
  63. if (empty($user->uid)) {
  64. $message .= t(" Please log in with your username and password instead now.");
  65. $goto = 'user/login';
  66. }
  67. else {
  68. $goto = 'user';
  69. }
  70. drupal_set_message($message, 'error');
  71. drupal_goto($goto);
  72. }
  73. }
  74. /**
  75. * Re-sends validation e-mail to user specified by $uid.
  76. */
  77. function logintoboggan_resend_validation($account) {
  78. $account->password = t('If required, you may reset your password from: !url', array('!url' => url('user/password', array('absolute' => TRUE))));
  79. _user_mail_notify('register_no_approval_required', $account);
  80. // Notify admin or user that e-mail was sent and return to user edit form.
  81. if (user_access('administer users')) {
  82. drupal_set_message(t("A validation e-mail has been sent to the user's e-mail address."));
  83. }
  84. else {
  85. drupal_set_message(t('A validation e-mail has been sent to your e-mail address. You will need to follow the instructions in that message in order to gain full access to the site.'));
  86. }
  87. drupal_goto('user/'. $account->uid .'/edit');
  88. }