Fossil SCM
Improvements to self-register (the /register page) so that it works correctly for users how are already subscribers and enter the subscriber email.
Commit
4c43f2cd43a0dcf40576edf0f5318fc9310d4da49dd19532987e7547bc24fbd1
Parent
b2fca3dd4dc8e15…
1 file changed
+26
-4
+26
-4
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1528,10 +1528,11 @@ | ||
| 1528 | 1528 | char *zCaptcha; |
| 1529 | 1529 | int iErrLine = -1; |
| 1530 | 1530 | const char *zErr = 0; |
| 1531 | 1531 | char *zPerms; /* Permissions for the default user */ |
| 1532 | 1532 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1533 | + int doAlerts = 0; /* True if subscription is wanted too */ | |
| 1533 | 1534 | if( !db_get_boolean("self-register", 0) ){ |
| 1534 | 1535 | style_header("Registration not possible"); |
| 1535 | 1536 | @ <p>This project does not allow user self-registration. Please contact the |
| 1536 | 1537 | @ project administrator to obtain an account.</p> |
| 1537 | 1538 | style_footer(); |
| @@ -1542,10 +1543,11 @@ | ||
| 1542 | 1543 | /* Prompt the user for email alerts if this repository is configured for |
| 1543 | 1544 | ** email alerts and if the default permissions include "7" */ |
| 1544 | 1545 | canDoAlerts = email_tables_exist() && db_int(0, |
| 1545 | 1546 | "SELECT fullcap(%Q) GLOB '*7*'", zPerms |
| 1546 | 1547 | ); |
| 1548 | + doAlerts = canDoAlerts && atoi(PD("alerts","1"))!=0; | |
| 1547 | 1549 | |
| 1548 | 1550 | zUserID = PDT("u",""); |
| 1549 | 1551 | zPasswd = PDT("p",""); |
| 1550 | 1552 | zConfirm = PDT("cp",""); |
| 1551 | 1553 | zEAddr = PDT("ea",""); |
| @@ -1580,13 +1582,22 @@ | ||
| 1580 | 1582 | iErrLine = 5; |
| 1581 | 1583 | zErr = "Passwords do not match"; |
| 1582 | 1584 | }else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zUserID) ){ |
| 1583 | 1585 | iErrLine = 1; |
| 1584 | 1586 | zErr = "This User ID is already taken. Choose something different."; |
| 1585 | - }else if( db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) ){ | |
| 1587 | + }else if( | |
| 1588 | + /* If the email is found anywhere in USER.INFO... */ | |
| 1589 | + db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) | |
| 1590 | + || | |
| 1591 | + /* Or if the email is a verify subscriber email with an associated | |
| 1592 | + ** user... */ | |
| 1593 | + db_exists( | |
| 1594 | + "SELECT 1 FROM subscriber WHERE semail=%Q AND suname IS NOT NULL" | |
| 1595 | + " AND sverified",zEAddr) | |
| 1596 | + ){ | |
| 1586 | 1597 | iErrLine = 3; |
| 1587 | - zErr = "This address is already used."; | |
| 1598 | + zErr = "This email address is already claimed by another user"; | |
| 1588 | 1599 | }else{ |
| 1589 | 1600 | Blob sql; |
| 1590 | 1601 | int uid; |
| 1591 | 1602 | char *zPass = sha1_shared_secret(zPasswd, zUserID, 0); |
| 1592 | 1603 | blob_init(&sql, 0, 0); |
| @@ -1597,11 +1608,11 @@ | ||
| 1597 | 1608 | zUserID, zPass, zPerms, zDName, zEAddr, g.zIpAddr); |
| 1598 | 1609 | fossil_free(zPass); |
| 1599 | 1610 | db_multi_exec("%s", blob_sql_text(&sql)); |
| 1600 | 1611 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID); |
| 1601 | 1612 | login_set_user_cookie(zUserID, uid, NULL); |
| 1602 | - if( canDoAlerts && atoi(PD("alerts","1"))!=0 ){ | |
| 1613 | + if( doAlerts ){ | |
| 1603 | 1614 | /* Also make the new user a subscriber. */ |
| 1604 | 1615 | Blob hdr, body; |
| 1605 | 1616 | EmailSender *pSender; |
| 1606 | 1617 | sqlite3_int64 id; /* New subscriber Id */ |
| 1607 | 1618 | const char *zCode; /* New subscriber code (in hex) */ |
| @@ -1615,19 +1626,28 @@ | ||
| 1615 | 1626 | if( g.perm.RdWiki ) ssub[nsub++] = 'w'; |
| 1616 | 1627 | ssub[nsub] = 0; |
| 1617 | 1628 | db_multi_exec( |
| 1618 | 1629 | "INSERT INTO subscriber(semail,suname," |
| 1619 | 1630 | " sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)" |
| 1620 | - "VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)", | |
| 1631 | + " VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)" | |
| 1632 | + " ON CONFLICT(semail) DO UPDATE" | |
| 1633 | + " SET suname=excluded.suname", | |
| 1621 | 1634 | /* semail */ zEAddr, |
| 1622 | 1635 | /* suname */ zUserID, |
| 1623 | 1636 | /* sverified */ 0, |
| 1624 | 1637 | /* sdigest */ 0, |
| 1625 | 1638 | /* ssub */ ssub, |
| 1626 | 1639 | /* smip */ g.zIpAddr |
| 1627 | 1640 | ); |
| 1628 | 1641 | id = db_last_insert_rowid(); |
| 1642 | + if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q" | |
| 1643 | + " AND sverified", zEAddr) ){ | |
| 1644 | + /* This the case where the user was formerly a verified subscriber | |
| 1645 | + ** and here they have also registered as a user as well. It is | |
| 1646 | + ** not necessary to repeat the verfication step */ | |
| 1647 | + redirect_to_g(); | |
| 1648 | + } | |
| 1629 | 1649 | zCode = db_text(0, |
| 1630 | 1650 | "SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld", |
| 1631 | 1651 | id); |
| 1632 | 1652 | /* A verification email */ |
| 1633 | 1653 | pSender = email_sender_new(0,0); |
| @@ -1706,10 +1726,12 @@ | ||
| 1706 | 1726 | @ <tr> |
| 1707 | 1727 | @ <td class="form_label" align="right">Password:</td> |
| 1708 | 1728 | @ <td><input type="password" name="p" value="%h(zPasswd)" size="30"></td> |
| 1709 | 1729 | if( iErrLine==4 ){ |
| 1710 | 1730 | @ <td><span class='loginError'>← %h(zErr)</span></td> |
| 1731 | + }else{ | |
| 1732 | + @ <td>← Must be at least 6 characters</td> | |
| 1711 | 1733 | } |
| 1712 | 1734 | @ </tr> |
| 1713 | 1735 | @ <tr> |
| 1714 | 1736 | @ <td class="form_label" align="right">Confirm password:</td> |
| 1715 | 1737 | @ <td><input type="password" name="cp" value="%h(zConfirm)" size="30"></td> |
| 1716 | 1738 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1528,10 +1528,11 @@ | |
| 1528 | char *zCaptcha; |
| 1529 | int iErrLine = -1; |
| 1530 | const char *zErr = 0; |
| 1531 | char *zPerms; /* Permissions for the default user */ |
| 1532 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1533 | if( !db_get_boolean("self-register", 0) ){ |
| 1534 | style_header("Registration not possible"); |
| 1535 | @ <p>This project does not allow user self-registration. Please contact the |
| 1536 | @ project administrator to obtain an account.</p> |
| 1537 | style_footer(); |
| @@ -1542,10 +1543,11 @@ | |
| 1542 | /* Prompt the user for email alerts if this repository is configured for |
| 1543 | ** email alerts and if the default permissions include "7" */ |
| 1544 | canDoAlerts = email_tables_exist() && db_int(0, |
| 1545 | "SELECT fullcap(%Q) GLOB '*7*'", zPerms |
| 1546 | ); |
| 1547 | |
| 1548 | zUserID = PDT("u",""); |
| 1549 | zPasswd = PDT("p",""); |
| 1550 | zConfirm = PDT("cp",""); |
| 1551 | zEAddr = PDT("ea",""); |
| @@ -1580,13 +1582,22 @@ | |
| 1580 | iErrLine = 5; |
| 1581 | zErr = "Passwords do not match"; |
| 1582 | }else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zUserID) ){ |
| 1583 | iErrLine = 1; |
| 1584 | zErr = "This User ID is already taken. Choose something different."; |
| 1585 | }else if( db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) ){ |
| 1586 | iErrLine = 3; |
| 1587 | zErr = "This address is already used."; |
| 1588 | }else{ |
| 1589 | Blob sql; |
| 1590 | int uid; |
| 1591 | char *zPass = sha1_shared_secret(zPasswd, zUserID, 0); |
| 1592 | blob_init(&sql, 0, 0); |
| @@ -1597,11 +1608,11 @@ | |
| 1597 | zUserID, zPass, zPerms, zDName, zEAddr, g.zIpAddr); |
| 1598 | fossil_free(zPass); |
| 1599 | db_multi_exec("%s", blob_sql_text(&sql)); |
| 1600 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID); |
| 1601 | login_set_user_cookie(zUserID, uid, NULL); |
| 1602 | if( canDoAlerts && atoi(PD("alerts","1"))!=0 ){ |
| 1603 | /* Also make the new user a subscriber. */ |
| 1604 | Blob hdr, body; |
| 1605 | EmailSender *pSender; |
| 1606 | sqlite3_int64 id; /* New subscriber Id */ |
| 1607 | const char *zCode; /* New subscriber code (in hex) */ |
| @@ -1615,19 +1626,28 @@ | |
| 1615 | if( g.perm.RdWiki ) ssub[nsub++] = 'w'; |
| 1616 | ssub[nsub] = 0; |
| 1617 | db_multi_exec( |
| 1618 | "INSERT INTO subscriber(semail,suname," |
| 1619 | " sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)" |
| 1620 | "VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)", |
| 1621 | /* semail */ zEAddr, |
| 1622 | /* suname */ zUserID, |
| 1623 | /* sverified */ 0, |
| 1624 | /* sdigest */ 0, |
| 1625 | /* ssub */ ssub, |
| 1626 | /* smip */ g.zIpAddr |
| 1627 | ); |
| 1628 | id = db_last_insert_rowid(); |
| 1629 | zCode = db_text(0, |
| 1630 | "SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld", |
| 1631 | id); |
| 1632 | /* A verification email */ |
| 1633 | pSender = email_sender_new(0,0); |
| @@ -1706,10 +1726,12 @@ | |
| 1706 | @ <tr> |
| 1707 | @ <td class="form_label" align="right">Password:</td> |
| 1708 | @ <td><input type="password" name="p" value="%h(zPasswd)" size="30"></td> |
| 1709 | if( iErrLine==4 ){ |
| 1710 | @ <td><span class='loginError'>← %h(zErr)</span></td> |
| 1711 | } |
| 1712 | @ </tr> |
| 1713 | @ <tr> |
| 1714 | @ <td class="form_label" align="right">Confirm password:</td> |
| 1715 | @ <td><input type="password" name="cp" value="%h(zConfirm)" size="30"></td> |
| 1716 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1528,10 +1528,11 @@ | |
| 1528 | char *zCaptcha; |
| 1529 | int iErrLine = -1; |
| 1530 | const char *zErr = 0; |
| 1531 | char *zPerms; /* Permissions for the default user */ |
| 1532 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1533 | int doAlerts = 0; /* True if subscription is wanted too */ |
| 1534 | if( !db_get_boolean("self-register", 0) ){ |
| 1535 | style_header("Registration not possible"); |
| 1536 | @ <p>This project does not allow user self-registration. Please contact the |
| 1537 | @ project administrator to obtain an account.</p> |
| 1538 | style_footer(); |
| @@ -1542,10 +1543,11 @@ | |
| 1543 | /* Prompt the user for email alerts if this repository is configured for |
| 1544 | ** email alerts and if the default permissions include "7" */ |
| 1545 | canDoAlerts = email_tables_exist() && db_int(0, |
| 1546 | "SELECT fullcap(%Q) GLOB '*7*'", zPerms |
| 1547 | ); |
| 1548 | doAlerts = canDoAlerts && atoi(PD("alerts","1"))!=0; |
| 1549 | |
| 1550 | zUserID = PDT("u",""); |
| 1551 | zPasswd = PDT("p",""); |
| 1552 | zConfirm = PDT("cp",""); |
| 1553 | zEAddr = PDT("ea",""); |
| @@ -1580,13 +1582,22 @@ | |
| 1582 | iErrLine = 5; |
| 1583 | zErr = "Passwords do not match"; |
| 1584 | }else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zUserID) ){ |
| 1585 | iErrLine = 1; |
| 1586 | zErr = "This User ID is already taken. Choose something different."; |
| 1587 | }else if( |
| 1588 | /* If the email is found anywhere in USER.INFO... */ |
| 1589 | db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) |
| 1590 | || |
| 1591 | /* Or if the email is a verify subscriber email with an associated |
| 1592 | ** user... */ |
| 1593 | db_exists( |
| 1594 | "SELECT 1 FROM subscriber WHERE semail=%Q AND suname IS NOT NULL" |
| 1595 | " AND sverified",zEAddr) |
| 1596 | ){ |
| 1597 | iErrLine = 3; |
| 1598 | zErr = "This email address is already claimed by another user"; |
| 1599 | }else{ |
| 1600 | Blob sql; |
| 1601 | int uid; |
| 1602 | char *zPass = sha1_shared_secret(zPasswd, zUserID, 0); |
| 1603 | blob_init(&sql, 0, 0); |
| @@ -1597,11 +1608,11 @@ | |
| 1608 | zUserID, zPass, zPerms, zDName, zEAddr, g.zIpAddr); |
| 1609 | fossil_free(zPass); |
| 1610 | db_multi_exec("%s", blob_sql_text(&sql)); |
| 1611 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID); |
| 1612 | login_set_user_cookie(zUserID, uid, NULL); |
| 1613 | if( doAlerts ){ |
| 1614 | /* Also make the new user a subscriber. */ |
| 1615 | Blob hdr, body; |
| 1616 | EmailSender *pSender; |
| 1617 | sqlite3_int64 id; /* New subscriber Id */ |
| 1618 | const char *zCode; /* New subscriber code (in hex) */ |
| @@ -1615,19 +1626,28 @@ | |
| 1626 | if( g.perm.RdWiki ) ssub[nsub++] = 'w'; |
| 1627 | ssub[nsub] = 0; |
| 1628 | db_multi_exec( |
| 1629 | "INSERT INTO subscriber(semail,suname," |
| 1630 | " sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)" |
| 1631 | " VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)" |
| 1632 | " ON CONFLICT(semail) DO UPDATE" |
| 1633 | " SET suname=excluded.suname", |
| 1634 | /* semail */ zEAddr, |
| 1635 | /* suname */ zUserID, |
| 1636 | /* sverified */ 0, |
| 1637 | /* sdigest */ 0, |
| 1638 | /* ssub */ ssub, |
| 1639 | /* smip */ g.zIpAddr |
| 1640 | ); |
| 1641 | id = db_last_insert_rowid(); |
| 1642 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q" |
| 1643 | " AND sverified", zEAddr) ){ |
| 1644 | /* This the case where the user was formerly a verified subscriber |
| 1645 | ** and here they have also registered as a user as well. It is |
| 1646 | ** not necessary to repeat the verfication step */ |
| 1647 | redirect_to_g(); |
| 1648 | } |
| 1649 | zCode = db_text(0, |
| 1650 | "SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld", |
| 1651 | id); |
| 1652 | /* A verification email */ |
| 1653 | pSender = email_sender_new(0,0); |
| @@ -1706,10 +1726,12 @@ | |
| 1726 | @ <tr> |
| 1727 | @ <td class="form_label" align="right">Password:</td> |
| 1728 | @ <td><input type="password" name="p" value="%h(zPasswd)" size="30"></td> |
| 1729 | if( iErrLine==4 ){ |
| 1730 | @ <td><span class='loginError'>← %h(zErr)</span></td> |
| 1731 | }else{ |
| 1732 | @ <td>← Must be at least 6 characters</td> |
| 1733 | } |
| 1734 | @ </tr> |
| 1735 | @ <tr> |
| 1736 | @ <td class="form_label" align="right">Confirm password:</td> |
| 1737 | @ <td><input type="password" name="cp" value="%h(zConfirm)" size="30"></td> |
| 1738 |