IsleHorse/HorseIsleWeb
1
0
Fork 0
mirror of https://silica.codes/islehorse/HorseIsleWeb.git synced 2025-04-07 21:55:48 +12:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update email verification stuff

Browse source
This commit is contained in:
Li 2022-05-22 01:20:03 +12:00
parent bbc3c09670
commit 0370556c20
2 changed files with 25 additions and 2 deletions
master-site
common.php
web
newuser.php

15
master-site/common.php
View file

@ -94,11 +94,22 @@ function GenHmacMessage(string $data, string $channel, bool $restricted=true)
}
function send_activation_email(string $email, string $username, string $password){
include('config.php');
$hmac = GenHmacMessage($username, "UserActivation", false);
$hmacKey = base64_encode(hex2bin($hmac));
$hmacKey = base64_url_encode(hex2bin($hmac));
$activateUrl = get_protocol().get_host()."/web/newuser.php?U=".htmlspecialchars($username, ENT_QUOTES)."&AC=".htmlspecialchars($hmacKey, ENT_QUOTES);
$body = "<B>Welcome New Horse Isle Member!</B><BR><BR>\r\nTo Activate your account, Click the following link, or Copy-Paste/Type it in your browser.<BR><HR>\r\n<A HREF='".$activateUrl."'>\r\n".$activateUrl."</A><BR>\r\n or <BR>\r\n( ".$activateUrl." )\r\n<BR><HR>We hope you enjoy the game! Be sure you have written down your Username: ".htmlspecialchars($username, ENT_QUOTES)." and Password: ".htmlspecialchars($password, ENT_QUOTES)." someplace safe!<BR>\r\nNEVER give your password out to ANYONE, even someone claiming to work for Horse Isle.<BR>";
mail($email, "Horse Isle Account Verification", $body);
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
$headers .= 'From: '.$from_email."\r\n";
$headers .= 'Reply-To: '.$from_email."\r\n";
$headers .= 'X-Mailer: PHP/' . phpversion();
$subject = "Horse Isle Account Verification";
mail($email, $subject, $body, $headers);
}

12
master-site/web/newuser.php
View file

@ -10,6 +10,18 @@ if($atype > 2 || $atype < 1)
$problems = [];
if(isset( $_GET["U"], $_GET["AC"] )){
$verify_username = $GET["U"];
$verify_token = $GET["AC"];
$hmac = GenHmacMessage($verify_username, "UserActivation", false);
$hmac_hash = bin2hex(base64_url_decode($hmac));
if(hash_equals($hmac_hash, $verify_token)){
// TODO: Activate account
}
}
if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['email'],$_POST['age'],$_POST['passreqq'],$_POST['passreqa'] ,$_POST['A']))
{
if(isset($_POST["cbr"]))