 |
Xataface 2.0
Xataface Application Framework
|
actions/activate.php
Go to the documentation of this file.
00001 <?php 00008 class dataface_actions_activate { 00009 function handle(&$params){ 00010 $app = Dataface_Application::getInstance(); 00011 00012 if ( !isset($_GET['code']) ){ 00013 // We need this parameter or we can do nothing. 00014 return PEAR::raiseError( 00015 df_translate('actions.activate.MESSAGE_MISSING_CODE_PARAMETER', 00016 'The code parameter is missing from your request. Validation cannot take place. Please check your url and try again.' 00017 ), 00018 DATAFACE_E_ERROR 00019 ); 00020 } 00021 00022 // Step 0: Find out what the redirect URL will be 00023 // We accept --redirect markers to specify which page to redirect 00024 // to after we're done. This will usually be the page that the 00025 // user was on before they went to the login page. 00026 if ( isset($_SESSION['--redirect']) ) $url = $_SESSION['--redirect']; 00027 else if ( isset($_SESSION['-redirect']) ) $url = $_SESSION['-redirect']; 00028 else if ( isset($_REQUEST['--redirect']) ) $url = $_REQUEST['--redirect']; 00029 else if ( isset($_REQUEST['-redirect']) ) $url = $_REQUEST['-redirect']; 00030 else $url = $app->url('-action='.$app->_conf['default_action']); 00031 00032 00033 // Step 1: Delete all registrations older than time limit 00034 $time_limit = 24*60*60; // 1 day 00035 if ( isset($params['time_limit']) ){ 00036 $time_limit = intval($params['time_limit']); 00037 } 00038 00039 $res = mysql_query( 00040 "delete from dataface__registrations 00041 where registration_date < '".addslashes(date('Y-m-d H:i:s', time()-$time_limit))."'", 00042 df_db() 00043 ); 00044 if ( !$res ){ 00045 error_log(mysql_error(df_db())); 00046 throw new Exception("Failed to delete registrations due to an SQL error. See error log for details.", E_USER_ERROR); 00047 00048 } 00049 00050 // Step 2: Load the specified registration information 00051 00052 $res = mysql_query( 00053 "select registration_data from dataface__registrations 00054 where registration_code = '".addslashes($_GET['code'])."'", 00055 df_db() 00056 ); 00057 00058 if ( !$res ){ 00059 error_log(mysql_error(df_db())); 00060 throw new Exception("Failed to load registration information due to an SQL error. See error log for details.", E_USER_ERROR); 00061 00062 } 00063 00064 if ( mysql_num_rows($res) == 0 ){ 00065 // We didn't find any records matching the prescribed code, so 00066 // we redirect the user to their desired page and inform them 00067 // that the registration didn't work. 00068 $msg = df_translate( 00069 'actions.activate.MESSAGE_REGISTRATION_NOT_FOUND', 00070 'No registration information could be found to match this code. Please try registering again.' 00071 ); 00072 $app->redirect($url.'&--msg='.urlencode($msg)); 00073 00074 } 00075 00076 // Step 3: Check to make sure that there are no other users with the 00077 // same name. 00078 00079 list($raw_data) = mysql_fetch_row($res); 00080 $values = unserialize($raw_data); 00081 $appdel = $app->getDelegate(); 00082 if ( isset($appdel) and method_exists($appdel, 'validateRegistrationForm') ){ 00083 $res = $appdel->validateRegistrationForm($values); 00084 if ( PEAR::isError($res) ){ 00085 $msg = $res->getMessage(); 00086 $app->redirect($url.'&--msg='.urlencode($msg)); 00087 } 00088 } else { 00089 $res = mysql_query("select count(*) from 00090 `".str_replace('`','',$app->_conf['_auth']['users_table'])."` 00091 where `".str_replace('`','',$app->_conf['_auth']['username_column'])."` = '".addslashes($values[$app->_conf['_auth']['username_column']])."' 00092 ", df_db()); 00093 if ( !$res ){ 00094 error_log(mysql_error(df_db())); 00095 throw new Exception("Failed to find user records due to an SQL error. See error log for details.", E_USER_ERROR); 00096 00097 } 00098 list($num) = mysql_fetch_row($res); 00099 if ( $num > 0 ){ 00100 $msg = df_translate( 00101 'actions.activate.MESSAGE_DUPLICATE_USER', 00102 'Registration failed because a user already exists by that name. Try registering again with a different name.' 00103 ); 00104 $app->redirect($url.'&--msg='.urlencode($msg)); 00105 } 00106 } 00107 00108 00109 // Step 4: Save the registration data and log the user in. 00110 $record = new Dataface_Record($app->_conf['_auth']['users_table'], array()); 00111 $record->setValues($values); 00112 $res = $record->save(); 00113 if ( PEAR::isError($res) ){ 00114 $app->redirect($url.'&--msg='.urlencode($res->getMessage())); 00115 } else { 00116 $res = mysql_query( 00117 "delete from dataface__registrations 00118 where registration_code = '".addslashes($_GET['code'])."'", 00119 df_db() 00120 ); 00121 00122 if ( !$res ){ 00123 error_log(mysql_error(df_db())); 00124 throw new Exception("Failed to clean up old registrations due to an SQL error. See error log for details.", E_USER_ERROR); 00125 00126 } 00127 $msg = df_translate( 00128 'actions.activate.MESSAGE_REGISTRATION_COMPLETE', 00129 'Registration complete. You are now logged in.'); 00130 $_SESSION['UserName'] = $record->strval($app->_conf['_auth']['username_column']); 00131 00132 00133 import('Dataface/Utilities.php'); 00134 00135 Dataface_Utilities::fireEvent('after_action_activate', array('record'=>$record)); 00136 00137 $app->redirect($url.'&--msg='.urlencode($msg)); 00138 00139 } 00140 00141 00142 } 00143 } 00144 ?>
