www.gusucode.com > Elgg PHP开源SNS系统 V1.12.5源码程序 > elgg-1.12.5/mod/uservalidationbyemail/start.php
<?php
/**
* Email user validation plugin.
* Non-admin accounts are invalid until their email address is confirmed.
*
* @package Elgg.Core.Plugin
* @subpackage UserValidationByEmail
*/
elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init');
function uservalidationbyemail_init() {
require_once dirname(__FILE__) . '/lib/functions.php';
// Register page handler to validate users
// This doesn't need to be an action because security is handled by the validation codes.
elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
// mark users as unvalidated and disable when they register
elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');
// forward to uservalidationbyemail/emailsent page after register
elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url');
// canEdit override to allow not logged in code to disable a user
elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
// prevent users from logging in if they aren't validated
register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
// when requesting a new password
elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
// prevent the engine from logging in users via login()
elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login');
// make admin users always validated
elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
// register Walled Garden public pages
elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
// admin interface to manually validate users
elgg_register_admin_menu_item('administer', 'unvalidated', 'users');
elgg_extend_view('css/admin', 'uservalidationbyemail/css');
elgg_extend_view('js/elgg', 'uservalidationbyemail/js');
$action_path = dirname(__FILE__) . '/actions';
elgg_register_action('uservalidationbyemail/validate', "$action_path/validate.php", 'admin');
elgg_register_action('uservalidationbyemail/resend_validation', "$action_path/resend_validation.php", 'admin');
elgg_register_action('uservalidationbyemail/delete', "$action_path/delete.php", 'admin');
elgg_register_action('uservalidationbyemail/bulk_action', "$action_path/bulk_action.php", 'admin');
}
/**
* Disables a user upon registration.
*
* @param string $hook
* @param string $type
* @param bool $value
* @param array $params
* @return bool
*/
function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
$user = elgg_extract('user', $params);
// no clue what's going on, so don't react.
if (!$user instanceof ElggUser) {
return;
}
// another plugin is requesting that registration be terminated
// no need for uservalidationbyemail
if (!$value) {
return $value;
}
// has the user already been validated?
if (elgg_get_user_validation_status($user->guid) == true) {
return $value;
}
// disable user to prevent showing up on the site
// set context so our canEdit() override works
elgg_push_context('uservalidationbyemail_new_user');
$hidden_entities = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
// Don't do a recursive disable. Any entities owned by the user at this point
// are products of plugins that hook into create user and might need
// access to the entities.
// @todo That ^ sounds like a specific case...would be nice to track it down...
$user->disable('uservalidationbyemail_new_user', FALSE);
// set user as unvalidated and send out validation email
elgg_set_user_validation_status($user->guid, FALSE);
uservalidationbyemail_request_validation($user->guid);
elgg_pop_context();
access_show_hidden_entities($hidden_entities);
return $value;
}
/**
* Override the URL to be forwarded after registration
*
* @param string $hook
* @param string $type
* @param bool $value
* @param array $params
* @return string
*/
function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) {
$url = elgg_extract('current_url', $params);
if ($url == elgg_get_site_url() . 'action/register') {
$session = elgg_get_session();
$email = $session->get('emailsent', '');
if ($email) {
return elgg_get_site_url() . 'uservalidationbyemail/emailsent';
}
}
}
/**
* Override the canEdit() call for if we're in the context of registering a new user.
*
* @param string $hook
* @param string $type
* @param bool $value
* @param array $params
* @return bool|null
*/
function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) {
// $params['user'] is the user to check permissions for.
// we want the entity to check, which is a user.
$user = elgg_extract('entity', $params);
if (!($user instanceof ElggUser)) {
return;
}
$context = elgg_get_context();
if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') {
return TRUE;
}
return;
}
/**
* Checks if an account is validated
*
* @params array $credentials The username and password
* @return bool
*/
function uservalidationbyemail_check_auth_attempt($credentials) {
if (!isset($credentials['username'])) {
return;
}
$username = $credentials['username'];
// See if the user exists and isn't validated
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
// check if logging in with email address
if (strpos($username, '@') !== false) {
$users = get_user_by_email($username);
if ($users) {
$username = $users[0]->username;
}
}
$user = get_user_by_username($username);
if ($user && isset($user->validated) && !$user->validated) {
// show an error and resend validation email
uservalidationbyemail_request_validation($user->guid);
access_show_hidden_entities($access_status);
throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
}
/**
* Checks sent passed validation code and user guids and validates the user.
*
* @param array $page
* @return bool
*/
function uservalidationbyemail_page_handler($page) {
$valid_pages = array('emailsent', 'confirm');
if (empty($page[0]) || !in_array($page[0], $valid_pages)) {
forward('', '404');
}
// note, safe to include based on input because we validated above.
require dirname(__FILE__) . "/pages/{$page[0]}.php";
return true;
}
/**
* Make sure any admin users are automatically validated
*
* @param string $event
* @param string $type
* @param ElggUser $user
*/
function uservalidationbyemail_validate_new_admin_user($event, $type, $user) {
if ($user instanceof ElggUser && !$user->validated) {
elgg_set_user_validation_status($user->guid, TRUE, 'admin_user');
}
}
/**
* Registers public pages to allow in the case walled garden has been enabled.
*/
function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) {
$return_value[] = 'uservalidationbyemail/confirm';
$return_value[] = 'uservalidationbyemail/emailsent';
return $return_value;
}
/**
* Prevent a manual code login with login().
*
* @param string $event
* @param string $type
* @param ElggUser $user
* @return bool
*
* @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user) {
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
// send new validation email
uservalidationbyemail_request_validation($user->getGUID());
// restore hidden entities settings
access_show_hidden_entities($access_status);
// throw error so we get a nice error message
throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
}