Adding invitation system to mmcfe-ng core

This will allow users to send invitations to other people via email. Each account will still need to confirm the email address if the option is enabled. Addresses #330, will need to allow pool operators to enable this feature even with registrations turned off.
2013-07-15 12:25:16 +02:00 · 2013-07-15 12:25:16 +02:00 · bd32dfa9f8
commit bd32dfa9f8
parent 7cc1e2543c
13 changed files with 261 additions and 13 deletions
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@ -29,6 +29,7 @@ require_once(CLASS_DIR . '/block.class.php');
 require_once(CLASS_DIR . '/setting.class.php');
 require_once(CLASS_DIR . '/monitoring.class.php');
 require_once(CLASS_DIR . '/user.class.php');
 require_once(CLASS_DIR . '/invitation.class.php');
 require_once(CLASS_DIR . '/share.class.php');
 require_once(CLASS_DIR . '/worker.class.php');
 require_once(CLASS_DIR . '/statistics.class.php');
--- a/public/include/classes/base.class.php
+++ b/public/include/classes/base.class.php
@ -15,6 +15,9 @@ class Base {
  public function setMysql($mysqli) {
    $this->mysqli = $mysqli;
  }
  public function setMail($mail) {
    $this->mail = $mail;
  }
  public function setSmarty($smarty) {
    $this->smarty = $smarty;
  }
@ -24,6 +27,9 @@ class Base {
  public function setConfig($config) {
    $this->config = $config;
  }
  public function setToken($token) {
    $this->token = $token;
  }
  public function setTokenType($tokentype) {
    $this->tokentype = $tokentype;
  }
--- a/public/include/classes/invitation.class.php
+++ b/public/include/classes/invitation.class.php
@ -0,0 +1,106 @@
 <?php
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Invitation extends Base {
  var $table = 'invitations';
  /**
   * Fetch invitations for one account
   * @param account_id int Account ID
   * @return mixed Array on success, bool on failure
   **/
  public function getInvitations($account_id) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ?");
    if ($stmt && $stmt->bind_param('i', $account_id) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    $this->setErrorMessage('Unable to fetch invitiations send from your account');
    $this->debug->append('Failed to fetch invitations from database: ' . $this->mysqli->errro);
    return false;
  }
  public function getCountInvitations($account_id) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("SELECT count(id) AS total FROM $this->table WHERE account_id = ?");
    if ($stmt && $stmt->bind_param('i', $account_id) && $stmt->execute() && $stmt->bind_result($total) && $stmt->fetch())
      return $total;
    $this->setErrorMessage('Unable to fetch invitiations send from your account');
    $this->debug->append('Failed to fetch invitations from database: ' . $this->mysqli->errro);
    return false;
  }
  public function getByEmail($strEmail) {
    $this->debug->append("STA " . __METHOD__, 4);
    return $this->getSingle($strEmail, 'id', 'email', 's');
  }
  public function getByTokenId($token_id) {
    $this->debug->append("STA " . __METHOD__, 4);
    return $this->getSingle($token_id, 'id', 'token_id');
  }
  public function setActivated($token_id) {
    if (!$iInvitationId = $this->getByTokenId($token_id)) {
      $this->setErrorMessage('Unable to convert token ID to invitation ID');
      return false;
    }
    $field = array('name' => 'is_activated', 'type' => 'i', 'value' => 1);
    return $this->updateSingle($iInvitationId, $field);
  }
  public function createInvitation($account_id, $email, $token_id) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("INSERT INTO $this->table ( account_id, email, token_id ) VALUES ( ?, ?, ?)");
    if ($stmt && $stmt->bind_param('isi', $account_id, $email, $token_id) && $stmt->execute())
      return true;
    return false;
  }
  public function sendInvitation($account_id, $aData) {
    $this->debug->append("STA " . __METHOD__, 4);
    // Check data input
    if (empty($aData['email']) || !filter_var($aData['email'], FILTER_VALIDATE_EMAIL)) {
      $this->setErrorMessage( 'Invalid e-mail address' );
      return false;
    }
    if (preg_match('/[^a-z_\.\!\?\-0-9 ]/i', $aData['message'])) {
      $this->setErrorMessage('Message may only contain alphanumeric characters');
      return false;
    }
    // Ensure this invitation does not exist yet nor do we have an account with that email
    if ($this->user->getEmail($aData['email'])) {
      $this->setErrorMessage('This email is already registered as an account');
      return false;
    }
    if ($this->getByEmail($aData['email'])) {
      $this->setErrorMessage('A pending invitation for this address already exists');
      return false;
    }
    if (!$aData['token'] = $this->token->createToken('invitation', $account_id)) {
      $this->setErrorMessage('Unable to generate invitation token: ' . $this->token->getError());
      return false;
    }
    $aData['username'] = $this->user->getUserName($account_id);
    $aData['subject'] = 'Pending Invitation';
    if ($this->mail->sendMail('invitations/body', $aData)) {
      $aToken = $this->token->getToken($aData['token']);
      if (!$this->createInvitation($account_id, $aData['email'], $aToken['id'])) {
        $this->setErrorMessage('Unable to create invitation record');
        return false;
      }
      return true;
    } else {
      $this->setErrorMessage('Unable to send email to recipient');
    }
    $this->setErrorMessage('Unable to send invitation');
    return false;
  }
 }
 $invitation = new invitation();
 $invitation->setDebug($debug);
 $invitation->setMysql($mysqli);
 $invitation->setMail($mail);
 $invitation->setUser($user);
 $invitation->setToken($oToken);
 $invitation->setConfig($config);
 ?>
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -454,7 +454,7 @@ class User {
   * @param email2 string Email confirmation
   * @return bool
   **/
-  public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
+  public function register($username, $password1, $password2, $pin, $email1='', $email2='', $strToken='') {
    $this->debug->append("STA " . __METHOD__, 4);
    if (strlen($username > 40)) {
      $this->setErrorMessage('Username exceeding character limit');
@ -488,8 +488,25 @@ class User {
      $this->setErrorMessage( 'Invalid PIN' );
      return false;
    }
    if (isset($strToken)) {
      $aToken = $this->token->getToken($strToken);
      // Circle dependency, so we create our own object here
      $invitation = new Invitation();
      $invitation->setMysql($this->mysqli);
      $invitation->setDebug($this->debug);
      $invitation->setUser($this);
      $invitation->setConfig($this->config);
      if (!$invitation->setActivated($aToken['id'])) {
        $this->setErrorMessage('Unable to activate your invitation');
        return false;
      }
      if (!$this->token->deleteToken($strToken)) {
        $this->setErrorMessage('Unable to remove used token');
        return false;
      }
    }
    if ($this->mysqli->query("SELECT id FROM $this->table LIMIT 1")->num_rows > 0) {
-      $this->config['accounts']['confirm_email'] ? $is_locked = 1 : $is_locked = 0;
+      $this->config['accounts']['confirm_email']['enabled'] ? $is_locked = 1 : $is_locked = 0;
      $stmt = $this->mysqli->prepare("
        INSERT INTO $this->table (username, pass, email, pin, api_key, is_locked)
        VALUES (?, ?, ?, ?, ?, ?)
@ -508,7 +525,7 @@ class User {
    $username_clean = strip_tags($username);
    if ($this->checkStmt($stmt) && $stmt->bind_param('sssssi', $username_clean, $password_hash, $email1, $pin_hash, $apikey_hash, $is_locked) && $stmt->execute()) {
-      if ($this->config['accounts']['confirm_email']) {
+      if ($this->config['accounts']['confirm_email']['enabled']) {
        if ($token = $this->token->createToken('confirm_email', $stmt->insert_id)) {
          $aData['username'] = $username_clean;
          $aData['token'] = $token;
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@ -129,14 +129,27 @@ $config['website']['mobile_theme'] = 'mobile';
 *   By default, all newly created accounts will require an email verificaiton.
 *   Only after acitivating an account the user will be able to login
 *
 *   Invitations will allow your users to invite new members to join the pool.
 *   After sending a mail to the invited user, they can register using the token
 *   created. Invitations can be enabled and disabled. They are listed on the accounts
 *   page.
 *
 *   You can limit the number of registrations send per account via configuration
 *   variable.
 *
 *  Options:
 *    confirm_email  :  Send confirmation mail to user after registration
 *    invitations    :  Enable or disable the invitation system
 *    count          :  Maximum invitations a user is able to send
 *
 *  Defaults:
 *    confirm_email  :  true
- *
+ *    invitations    :  true
 *    count          :  5
 **/
-$config['accounts']['confirm_email'] = true;
+$config['accounts']['confirm_email']['enabled'] = true;
 $config['accounts']['invitations']['enabled'] = true;
 $config['accounts']['invitations']['count'] = 5;
 /**
 * Some basic access restrictions on some pages
--- a/public/include/pages/account/invitations.inc.php
+++ b/public/include/pages/account/invitations.inc.php
@ -0,0 +1,25 @@
 <?php
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  if ($config['accounts']['invitations']['enabled']) {
    if ($invitation->getCountInvitations($_SESSION['USERDATA']['id']) >= $config['accounts']['invitations']['count']) {
      $_SESSION['POPUP'][] = array('CONTENT' => 'You have exceeded the allowed invitations of ' . $config['accounts']['invitations']['count'], 'TYPE' => 'errormsg');
    } else if (isset($_POST['do']) && $_POST['do'] == 'sendInvitation') {
      if ($invitation->sendInvitation($_SESSION['USERDATA']['id'], $_POST['data'])) {
        $_SESSION['POPUP'][] = array('CONTENT' => 'Invitation sent');
      } else {
        $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to send invitation to recipient: ' . $invitation->getError(), 'TYPE' => 'errormsg');
      }
    }
    $aInvitations = $invitation->getInvitations($_SESSION['USERDATA']['id']);
    $smarty->assign('INVITATIONS', $aInvitations);
  } else {
    $aInvitations = array();
    $_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg');
  }
 }
 $smarty->assign('CONTENT', 'default.tpl');
 ?>
--- a/public/include/pages/register/register.inc.php
+++ b/public/include/pages/register/register.inc.php
@ -19,8 +19,8 @@ if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_PO
    $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key']));
    if ($setting->getValue('lock_registration')) {
      $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-    } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2']) && !$setting->getValue('lock_registration')) {
+    } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
-      $config['accounts']['confirm_email'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
+      $config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
    } else {
      $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
    }
@ -36,8 +36,8 @@ if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_PO
 } else {
  if ($setting->getValue('lock_registration')) {
    $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-  } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2']) && !$setting->getValue('lock_registration')) {
+  } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
-    $config['accounts']['confirm_email'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
+    $config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
  } else {
    $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
  }
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@ -48,6 +48,7 @@ $aGlobal = array(
  'chaininfo' => $config['chaininfo'],
  'config' => array(
    'website' => array( 'title' => $config['website']['title'], 'acl' => $config['website']['acl'] ),
    'accounts' => $config['accounts'],
    'price' => array( 'currency' => $config['price']['currency'] ),
    'targetdiff' => $config['difficulty'],
    'currency' => $config['currency'],
--- a/public/templates/mail/invitations/body.tpl
+++ b/public/templates/mail/invitations/body.tpl
@ -0,0 +1,11 @@
 <html>
 <body>
 <p>Hello valued miner,</p><br />
 <p>{$DATA.username} invited you to participate on this pool:
 <p>http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=register&token={$DATA.token}</p>
 {if $DATA.message}<p>Personal message:</p><p>{$DATA.message}</p>{/if}
 <p></p>
 <p>Cheers,</p>
 <p>Website Administration</p>
 </body>
 </html>
--- a/public/templates/mmcFE/account/invitations/default.tpl
+++ b/public/templates/mmcFE/account/invitations/default.tpl
@ -0,0 +1,43 @@
 {include file="global/block_header.tpl" ALIGN="left" BLOCK_HEADER="Invitations"}
 <form action="{$smarty.server.PHP_SELF}" method="POST">
 <input type="hidden" name="page" value="{$smarty.request.page}">
 <input type="hidden" name="action" value="{$smarty.request.action}">
 <input type="hidden" name="do" value="sendInvitation">
 <table>
  <tr>
    <td>E-Mail</td>
    <td><input type="text" name="data[email]" value="{$smarty.request.data.email|escape|default:""}" size="30" /></td>
  </tr>
  <tr>
    <td>Message</td>
    <td><textarea name="data[message]">{$smarty.request.data.message|escape|default:"Please accept my invitation to this awesome pool."}</textarea></td>
  </tr>
  <tr>
    <td colspan="2" class="center">
      <input type="submit" class="submit small" value="Send">
    </td>
  </tr>
 </table>
 </form>
 {include file="global/block_footer.tpl"}
 {include file="global/block_header.tpl" ALIGN="right" BLOCK_HEADER="Past Invitations"}
    <table width="100%">
      <thead style="font-size:13px;">
        <tr>
          <th>E-Mail</th>
          <th class="center">Sent</th>
          <th class="center">Activated</th>
        </tr>
      </thead>
      <tbody>
 {section name=invite loop=$INVITATIONS}
        <tr>
          <td>{$INVITATIONS[invite].email}</td>
          <td class="center">{$INVITATIONS[invite].time|date_format:"%d/%m/%Y %H:%M:%S"}</td>
          <td class="center"><img src="{$PATH}/images/{if $INVITATIONS[invite].is_activated}success{else}error{/if}.gif" /></td>
        </tr>
 {/section}
      <tbody>
    </table>
 {include file="global/block_footer.tpl"}
--- a/public/templates/mmcFE/global/navigation.tpl
+++ b/public/templates/mmcFE/global/navigation.tpl
@ -7,6 +7,7 @@
                <li><a href="{$smarty.server.PHP_SELF}?page=account&action=workers">My Workers</a></li>
                <li><a href="{$smarty.server.PHP_SELF}?page=account&action=transactions">Transactions</a></li>
                <li><a href="{$smarty.server.PHP_SELF}?page=account&action=notifications">Notifications</a></li>
                {if $GLOBAL.config.accounts.invitations}<li><a href="{$smarty.server.PHP_SELF}?page=account&action=invitations">Invitations</a></li>{/if}
              </ul>
            </li>
            {/if}
--- a/public/templates/mmcFE/register/default.tpl
+++ b/public/templates/mmcFE/register/default.tpl
@ -1,6 +1,9 @@
 {include file="global/block_header.tpl" BLOCK_HEADER="Join our pool" BLOCK_STYLE="clear:none;"}
 <form action="{$smarty.server.PHP_SELF}" method="post">
  <input type="hidden" name="page" value="{$smarty.request.page|escape}">
 {if $smarty.request.token|default:""}
  <input type="hidden" name="token" value="{$smarty.request.token|escape}" />
 {/if}
  <input type="hidden" name="action" value="register">
  <table width="90%" border="0">
    <tbody>
--- a/sql/004_tokens_invitations.sql
+++ b/sql/004_tokens_invitations.sql
@ -21,7 +21,7 @@ CREATE TABLE IF NOT EXISTS `tokens` (
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
-SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
 SET time_zone = "+00:00";
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
@ -34,14 +34,35 @@ CREATE TABLE IF NOT EXISTS `token_types` (
  `id` tinyint(4) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(25) NOT NULL,
  PRIMARY KEY (`id`)
-) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
 INSERT INTO `token_types` (`id`, `name`) VALUES
 (1, 'password_reset'),
-(2, 'confirm_email');
+(2, 'confirm_email'),
 (3, 'invitation');
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
 SET time_zone = "+00:00";
-ALTER TABLE `accounts` DROP `token`;
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
 /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
 /*!40101 SET NAMES utf8 */;
 CREATE TABLE IF NOT EXISTS `invitations` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `account_id` int(11) unsigned NOT NULL,
  `email` varchar(50) CHARACTER SET utf8 NOT NULL,
  `token_id` int(11) NOT NULL,
  `is_activated` tinyint(1) NOT NULL DEFAULT '0',
  `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB  DEFAULT CHARSET=utf8;
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;