Adding invitation system to mmcfe-ng core
This will allow users to send invitations to other people via email. Each account will still need to confirm the email address if the option is enabled. Addresses #330, will need to allow pool operators to enable this feature even with registrations turned off.
This commit is contained in:
Sebastian Grewe
parent
7cc1e2543c
commit
bd32dfa9f8
@ -29,6 +29,7 @@ require_once(CLASS_DIR . '/block.class.php');
|
||||
require_once(CLASS_DIR . '/setting.class.php');
|
||||
require_once(CLASS_DIR . '/monitoring.class.php');
|
||||
require_once(CLASS_DIR . '/user.class.php');
|
||||
require_once(CLASS_DIR . '/invitation.class.php');
|
||||
require_once(CLASS_DIR . '/share.class.php');
|
||||
require_once(CLASS_DIR . '/worker.class.php');
|
||||
require_once(CLASS_DIR . '/statistics.class.php');
|
||||
|
||||
@ -15,6 +15,9 @@ class Base {
|
||||
public function setMysql($mysqli) {
|
||||
$this->mysqli = $mysqli;
|
||||
}
|
||||
public function setMail($mail) {
|
||||
$this->mail = $mail;
|
||||
}
|
||||
public function setSmarty($smarty) {
|
||||
$this->smarty = $smarty;
|
||||
}
|
||||
@ -24,6 +27,9 @@ class Base {
|
||||
public function setConfig($config) {
|
||||
$this->config = $config;
|
||||
}
|
||||
public function setToken($token) {
|
||||
$this->token = $token;
|
||||
}
|
||||
public function setTokenType($tokentype) {
|
||||
$this->tokentype = $tokentype;
|
||||
}
|
||||
|
||||
106
public/include/classes/invitation.class.php
Normal file
106
public/include/classes/invitation.class.php
Normal file
@ -0,0 +1,106 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY')) die('Hacking attempt');
|
||||
|
||||
class Invitation extends Base {
|
||||
var $table = 'invitations';
|
||||
|
||||
/**
|
||||
* Fetch invitations for one account
|
||||
* @param account_id int Account ID
|
||||
* @return mixed Array on success, bool on failure
|
||||
**/
|
||||
public function getInvitations($account_id) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ?");
|
||||
if ($stmt && $stmt->bind_param('i', $account_id) && $stmt->execute() && $result = $stmt->get_result())
|
||||
return $result->fetch_all(MYSQLI_ASSOC);
|
||||
$this->setErrorMessage('Unable to fetch invitiations send from your account');
|
||||
$this->debug->append('Failed to fetch invitations from database: ' . $this->mysqli->errro);
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getCountInvitations($account_id) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$stmt = $this->mysqli->prepare("SELECT count(id) AS total FROM $this->table WHERE account_id = ?");
|
||||
if ($stmt && $stmt->bind_param('i', $account_id) && $stmt->execute() && $stmt->bind_result($total) && $stmt->fetch())
|
||||
return $total;
|
||||
$this->setErrorMessage('Unable to fetch invitiations send from your account');
|
||||
$this->debug->append('Failed to fetch invitations from database: ' . $this->mysqli->errro);
|
||||
return false;
|
||||
}
|
||||
public function getByEmail($strEmail) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
return $this->getSingle($strEmail, 'id', 'email', 's');
|
||||
}
|
||||
|
||||
public function getByTokenId($token_id) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
return $this->getSingle($token_id, 'id', 'token_id');
|
||||
}
|
||||
public function setActivated($token_id) {
|
||||
if (!$iInvitationId = $this->getByTokenId($token_id)) {
|
||||
$this->setErrorMessage('Unable to convert token ID to invitation ID');
|
||||
return false;
|
||||
}
|
||||
$field = array('name' => 'is_activated', 'type' => 'i', 'value' => 1);
|
||||
return $this->updateSingle($iInvitationId, $field);
|
||||
}
|
||||
public function createInvitation($account_id, $email, $token_id) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$stmt = $this->mysqli->prepare("INSERT INTO $this->table ( account_id, email, token_id ) VALUES ( ?, ?, ?)");
|
||||
if ($stmt && $stmt->bind_param('isi', $account_id, $email, $token_id) && $stmt->execute())
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
public function sendInvitation($account_id, $aData) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
// Check data input
|
||||
if (empty($aData['email']) || !filter_var($aData['email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$this->setErrorMessage( 'Invalid e-mail address' );
|
||||
return false;
|
||||
}
|
||||
if (preg_match('/[^a-z_\.\!\?\-0-9 ]/i', $aData['message'])) {
|
||||
$this->setErrorMessage('Message may only contain alphanumeric characters');
|
||||
return false;
|
||||
}
|
||||
// Ensure this invitation does not exist yet nor do we have an account with that email
|
||||
if ($this->user->getEmail($aData['email'])) {
|
||||
$this->setErrorMessage('This email is already registered as an account');
|
||||
return false;
|
||||
}
|
||||
if ($this->getByEmail($aData['email'])) {
|
||||
$this->setErrorMessage('A pending invitation for this address already exists');
|
||||
return false;
|
||||
}
|
||||
if (!$aData['token'] = $this->token->createToken('invitation', $account_id)) {
|
||||
$this->setErrorMessage('Unable to generate invitation token: ' . $this->token->getError());
|
||||
return false;
|
||||
}
|
||||
$aData['username'] = $this->user->getUserName($account_id);
|
||||
$aData['subject'] = 'Pending Invitation';
|
||||
if ($this->mail->sendMail('invitations/body', $aData)) {
|
||||
$aToken = $this->token->getToken($aData['token']);
|
||||
if (!$this->createInvitation($account_id, $aData['email'], $aToken['id'])) {
|
||||
$this->setErrorMessage('Unable to create invitation record');
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
$this->setErrorMessage('Unable to send email to recipient');
|
||||
}
|
||||
$this->setErrorMessage('Unable to send invitation');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$invitation = new invitation();
|
||||
$invitation->setDebug($debug);
|
||||
$invitation->setMysql($mysqli);
|
||||
$invitation->setMail($mail);
|
||||
$invitation->setUser($user);
|
||||
$invitation->setToken($oToken);
|
||||
$invitation->setConfig($config);
|
||||
|
||||
?>
|
||||
@ -454,7 +454,7 @@ class User {
|
||||
* @param email2 string Email confirmation
|
||||
* @return bool
|
||||
**/
|
||||
public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
|
||||
public function register($username, $password1, $password2, $pin, $email1='', $email2='', $strToken='') {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
if (strlen($username > 40)) {
|
||||
$this->setErrorMessage('Username exceeding character limit');
|
||||
@ -488,8 +488,25 @@ class User {
|
||||
$this->setErrorMessage( 'Invalid PIN' );
|
||||
return false;
|
||||
}
|
||||
if (isset($strToken)) {
|
||||
$aToken = $this->token->getToken($strToken);
|
||||
// Circle dependency, so we create our own object here
|
||||
$invitation = new Invitation();
|
||||
$invitation->setMysql($this->mysqli);
|
||||
$invitation->setDebug($this->debug);
|
||||
$invitation->setUser($this);
|
||||
$invitation->setConfig($this->config);
|
||||
if (!$invitation->setActivated($aToken['id'])) {
|
||||
$this->setErrorMessage('Unable to activate your invitation');
|
||||
return false;
|
||||
}
|
||||
if (!$this->token->deleteToken($strToken)) {
|
||||
$this->setErrorMessage('Unable to remove used token');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if ($this->mysqli->query("SELECT id FROM $this->table LIMIT 1")->num_rows > 0) {
|
||||
$this->config['accounts']['confirm_email'] ? $is_locked = 1 : $is_locked = 0;
|
||||
$this->config['accounts']['confirm_email']['enabled'] ? $is_locked = 1 : $is_locked = 0;
|
||||
$stmt = $this->mysqli->prepare("
|
||||
INSERT INTO $this->table (username, pass, email, pin, api_key, is_locked)
|
||||
VALUES (?, ?, ?, ?, ?, ?)
|
||||
@ -508,7 +525,7 @@ class User {
|
||||
$username_clean = strip_tags($username);
|
||||
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param('sssssi', $username_clean, $password_hash, $email1, $pin_hash, $apikey_hash, $is_locked) && $stmt->execute()) {
|
||||
if ($this->config['accounts']['confirm_email']) {
|
||||
if ($this->config['accounts']['confirm_email']['enabled']) {
|
||||
if ($token = $this->token->createToken('confirm_email', $stmt->insert_id)) {
|
||||
$aData['username'] = $username_clean;
|
||||
$aData['token'] = $token;
|
||||
|
||||
@ -129,14 +129,27 @@ $config['website']['mobile_theme'] = 'mobile';
|
||||
* By default, all newly created accounts will require an email verificaiton.
|
||||
* Only after acitivating an account the user will be able to login
|
||||
*
|
||||
* Invitations will allow your users to invite new members to join the pool.
|
||||
* After sending a mail to the invited user, they can register using the token
|
||||
* created. Invitations can be enabled and disabled. They are listed on the accounts
|
||||
* page.
|
||||
*
|
||||
* You can limit the number of registrations send per account via configuration
|
||||
* variable.
|
||||
*
|
||||
* Options:
|
||||
* confirm_email : Send confirmation mail to user after registration
|
||||
* invitations : Enable or disable the invitation system
|
||||
* count : Maximum invitations a user is able to send
|
||||
*
|
||||
* Defaults:
|
||||
* confirm_email : true
|
||||
*
|
||||
* invitations : true
|
||||
* count : 5
|
||||
**/
|
||||
$config['accounts']['confirm_email'] = true;
|
||||
$config['accounts']['confirm_email']['enabled'] = true;
|
||||
$config['accounts']['invitations']['enabled'] = true;
|
||||
$config['accounts']['invitations']['count'] = 5;
|
||||
|
||||
/**
|
||||
* Some basic access restrictions on some pages
|
||||
|
||||
25
public/include/pages/account/invitations.inc.php
Normal file
25
public/include/pages/account/invitations.inc.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY')) die('Hacking attempt');
|
||||
|
||||
if ($user->isAuthenticated()) {
|
||||
if ($config['accounts']['invitations']['enabled']) {
|
||||
if ($invitation->getCountInvitations($_SESSION['USERDATA']['id']) >= $config['accounts']['invitations']['count']) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'You have exceeded the allowed invitations of ' . $config['accounts']['invitations']['count'], 'TYPE' => 'errormsg');
|
||||
} else if (isset($_POST['do']) && $_POST['do'] == 'sendInvitation') {
|
||||
if ($invitation->sendInvitation($_SESSION['USERDATA']['id'], $_POST['data'])) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Invitation sent');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to send invitation to recipient: ' . $invitation->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
}
|
||||
$aInvitations = $invitation->getInvitations($_SESSION['USERDATA']['id']);
|
||||
$smarty->assign('INVITATIONS', $aInvitations);
|
||||
} else {
|
||||
$aInvitations = array();
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg');
|
||||
}
|
||||
}
|
||||
$smarty->assign('CONTENT', 'default.tpl');
|
||||
?>
|
||||
@ -19,8 +19,8 @@ if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_PO
|
||||
$smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key']));
|
||||
if ($setting->getValue('lock_registration')) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
|
||||
} else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2']) && !$setting->getValue('lock_registration')) {
|
||||
$config['accounts']['confirm_email'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
|
||||
} else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
|
||||
$config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
@ -36,8 +36,8 @@ if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_PO
|
||||
} else {
|
||||
if ($setting->getValue('lock_registration')) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
|
||||
} else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2']) && !$setting->getValue('lock_registration')) {
|
||||
$config['accounts']['confirm_email'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
|
||||
} else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
|
||||
$config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
|
||||
@ -48,6 +48,7 @@ $aGlobal = array(
|
||||
'chaininfo' => $config['chaininfo'],
|
||||
'config' => array(
|
||||
'website' => array( 'title' => $config['website']['title'], 'acl' => $config['website']['acl'] ),
|
||||
'accounts' => $config['accounts'],
|
||||
'price' => array( 'currency' => $config['price']['currency'] ),
|
||||
'targetdiff' => $config['difficulty'],
|
||||
'currency' => $config['currency'],
|
||||
|
||||
11
public/templates/mail/invitations/body.tpl
Normal file
11
public/templates/mail/invitations/body.tpl
Normal file
@ -0,0 +1,11 @@
|
||||
<html>
|
||||
<body>
|
||||
<p>Hello valued miner,</p><br />
|
||||
<p>{$DATA.username} invited you to participate on this pool:
|
||||
<p>http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=register&token={$DATA.token}</p>
|
||||
{if $DATA.message}<p>Personal message:</p><p>{$DATA.message}</p>{/if}
|
||||
<p></p>
|
||||
<p>Cheers,</p>
|
||||
<p>Website Administration</p>
|
||||
</body>
|
||||
</html>
|
||||
43
public/templates/mmcFE/account/invitations/default.tpl
Normal file
43
public/templates/mmcFE/account/invitations/default.tpl
Normal file
@ -0,0 +1,43 @@
|
||||
{include file="global/block_header.tpl" ALIGN="left" BLOCK_HEADER="Invitations"}
|
||||
<form action="{$smarty.server.PHP_SELF}" method="POST">
|
||||
<input type="hidden" name="page" value="{$smarty.request.page}">
|
||||
<input type="hidden" name="action" value="{$smarty.request.action}">
|
||||
<input type="hidden" name="do" value="sendInvitation">
|
||||
<table>
|
||||
<tr>
|
||||
<td>E-Mail</td>
|
||||
<td><input type="text" name="data[email]" value="{$smarty.request.data.email|escape|default:""}" size="30" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Message</td>
|
||||
<td><textarea name="data[message]">{$smarty.request.data.message|escape|default:"Please accept my invitation to this awesome pool."}</textarea></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" class="center">
|
||||
<input type="submit" class="submit small" value="Send">
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
{include file="global/block_footer.tpl"}
|
||||
|
||||
{include file="global/block_header.tpl" ALIGN="right" BLOCK_HEADER="Past Invitations"}
|
||||
<table width="100%">
|
||||
<thead style="font-size:13px;">
|
||||
<tr>
|
||||
<th>E-Mail</th>
|
||||
<th class="center">Sent</th>
|
||||
<th class="center">Activated</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{section name=invite loop=$INVITATIONS}
|
||||
<tr>
|
||||
<td>{$INVITATIONS[invite].email}</td>
|
||||
<td class="center">{$INVITATIONS[invite].time|date_format:"%d/%m/%Y %H:%M:%S"}</td>
|
||||
<td class="center"><img src="{$PATH}/images/{if $INVITATIONS[invite].is_activated}success{else}error{/if}.gif" /></td>
|
||||
</tr>
|
||||
{/section}
|
||||
<tbody>
|
||||
</table>
|
||||
{include file="global/block_footer.tpl"}
|
||||
@ -7,6 +7,7 @@
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=account&action=workers">My Workers</a></li>
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=account&action=transactions">Transactions</a></li>
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=account&action=notifications">Notifications</a></li>
|
||||
{if $GLOBAL.config.accounts.invitations}<li><a href="{$smarty.server.PHP_SELF}?page=account&action=invitations">Invitations</a></li>{/if}
|
||||
</ul>
|
||||
</li>
|
||||
{/if}
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Join our pool" BLOCK_STYLE="clear:none;"}
|
||||
<form action="{$smarty.server.PHP_SELF}" method="post">
|
||||
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
|
||||
{if $smarty.request.token|default:""}
|
||||
<input type="hidden" name="token" value="{$smarty.request.token|escape}" />
|
||||
{/if}
|
||||
<input type="hidden" name="action" value="register">
|
||||
<table width="90%" border="0">
|
||||
<tbody>
|
||||
|
||||
@ -21,7 +21,7 @@ CREATE TABLE IF NOT EXISTS `tokens` (
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
|
||||
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
|
||||
SET time_zone = "+00:00";
|
||||
|
||||
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
||||
@ -34,14 +34,35 @@ CREATE TABLE IF NOT EXISTS `token_types` (
|
||||
`id` tinyint(4) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`name` varchar(25) NOT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
|
||||
|
||||
INSERT INTO `token_types` (`id`, `name`) VALUES
|
||||
(1, 'password_reset'),
|
||||
(2, 'confirm_email');
|
||||
(2, 'confirm_email'),
|
||||
(3, 'invitation');
|
||||
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
|
||||
SET time_zone = "+00:00";
|
||||
|
||||
ALTER TABLE `accounts` DROP `token`;
|
||||
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
||||
/*!40101 SET NAMES utf8 */;
|
||||
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `invitations` (
|
||||
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`account_id` int(11) unsigned NOT NULL,
|
||||
`email` varchar(50) CHARACTER SET utf8 NOT NULL,
|
||||
`token_id` int(11) NOT NULL,
|
||||
`is_activated` tinyint(1) NOT NULL DEFAULT '0',
|
||||
`time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
Loading…
Reference in New Issue
Block a user