[aur-dev] [PATCH] Let the user verify their email address

16 Aug 2015

On registering and updating an email address, the user has to type their
email address twice. Do not allow autocomplete and pasting in the
verification field.

Fixes FS#45792.

Signed-off-by: Marcel Korpel 
---
 web/html/account.php               | 17 +++++++++--------
 web/html/register.php              |  6 +++---
 web/lib/acctfuncs.inc.php          | 12 +++++++++---
 web/template/account_edit_form.php | 11 +++++++++++
 4 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/web/html/account.php b/web/html/account.php
index adc2542..3452af3 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -32,10 +32,10 @@ if ($action == "UpdateAccount") {
 		list($success, $update_account_message) = process_account_form(
 			"edit", "UpdateAccount",
 			in_request("U"), in_request("T"), in_request("S"),
-			in_request("E"), in_request("P"), in_request("C"),
-			in_request("R"), in_request("L"), in_request("I"),
-			in_request("K"), in_request("PK"), in_request("J"),
-			in_request("ID"), $row["Username"]);
+			in_request("E"), in_request("E2"), in_request("P"),
+			in_request("C"), in_request("R"), in_request("L"),
+			in_request("I"), in_request("K"), in_request("PK"),
+			in_request("J"), in_request("ID"), $row["Username"]);
 	}
 }
 
@@ -79,7 +79,7 @@ if (isset($_COOKIE["AURSID"])) {
 			if (can_edit_account($row)) {
 				display_account_form("UpdateAccount", $row["Username"],
 					$row["AccountTypeID"], $row["Suspended"], $row["Email"],
-					"", "", $row["RealName"], $row["LangPreference"],
+					$row["Email"], "", "", $row["RealName"], $row["LangPreference"],
 					$row["IRCNick"], $row["PGPKey"], $PK,
 					$row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
 			} else {
@@ -115,9 +115,10 @@ if (isset($_COOKIE["AURSID"])) {
 
 		if (!$success) {
 			display_account_form("UpdateAccount", in_request("U"), in_request("T"),
-				in_request("S"), in_request("E"), in_request("P"), in_request("C"),
-				in_request("R"), in_request("L"), in_request("I"), in_request("K"),
-				in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]);
+				in_request("S"), in_request("E"), in_request("E2"),	in_request("P"),
+				in_request("C"), in_request("R"), in_request("L"), in_request("I"),
+				in_request("K"), in_request("PK"), in_request("J"), in_request("ID"),
+				$row["Username"]);
 		}
 
 	} else {
diff --git a/web/html/register.php b/web/html/register.php
index 9c5c1cc..483bc5e 100644
--- a/web/html/register.php
+++ b/web/html/register.php
@@ -21,7 +21,7 @@ echo '<h2>' . __('Register') . '</h2>';
 if (in_request("Action") == "NewAccount") {
 	list($success, $message) = process_account_form(
 			"new", "NewAccount", in_request("U"), 1, 0,
-			in_request("E"), '', '', in_request("R"),
+			in_request("E"), in_request("E2"), '', '', in_request("R"),
 			in_request("L"), in_request("I"), in_request("K"),
 			in_request("PK"));
 
@@ -29,13 +29,13 @@ if (in_request("Action") == "NewAccount") {
 
 	if (!$success) {
 		display_account_form("NewAccount", in_request("U"), 1, 0,
-			in_request("E"), '', '', in_request("R"),
+			in_request("E"), in_request("E2"), '', '', in_request("R"),
 			in_request("L"), in_request("I"), in_request("K"),
 			in_request("PK"));
 	}
 } else {
 	print '<p>' . __("Use this form to create an account.") . '</p>';
-	display_account_form("NewAccount", "", "", "", "", "", "", "", $LANG);
+	display_account_form("NewAccount", "", "", "", "", "", "", "", "", $LANG);
 }
 
 echo '</div>';
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index f718a77..942b7f8 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -47,6 +47,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  * @param string $T The account type of the displayed user
  * @param string $S Whether the displayed user has a suspended account
  * @param string $E The e-mail address of the displayed user
+ * @param string $E2 The e-mail address of the user, verification field
  * @param string $P The password value of the displayed user
  * @param string $C The confirmed password value of the displayed user
  * @param string $R The real name of the displayed user
@@ -60,7 +61,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  *
  * @return void
  */
-function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
+function display_account_form($A,$U="",$T="",$S="",$E="",$E2="",$P="",$C="",$R="",
 		$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
@@ -78,6 +79,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
  * @param string $T The account type for the user
  * @param string $S Whether or not the account is suspended
  * @param string $E The e-mail address for the user
+ * @param string $E2 The e-mail address for the user, verification field
  * @param string $P The password for the user
  * @param string $C The confirmed password for the user
  * @param string $R The real name of the user
@@ -91,7 +93,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
  *
  * @return array Boolean indicating success and message to be printed
  */
-function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
+function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$E2="",$P="",$C="",
 		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
@@ -114,10 +116,14 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
 		$editor_user = null;
 	}
 
-	if (empty($E) || empty($U)) {
+	if (empty($E) || empty($E2) || empty($U)) {
 		$error = __("Missing a required field.");
 	}
 
+	if ($E != $E2) {
+		$error = __("Entered email addresses do not match.");
+	}
+
 	if ($TYPE != "new" && !$UID) {
 		$error = __("Missing User ID");
 	}
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 0aadb9d..1c1c1ab 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -72,6 +72,11 @@
 			<input type="text" size="30" maxlength="64" name="E" id="id_email" value="<?= htmlspecialchars($E,ENT_QUOTES) ?>" /> (<?= __("required") ?>)
 		</p>
 
+		<p>
+			<label for="id_email_verify"><?= __("Verify Email Address") ?>:</label>
+			<input type="text" size="30" maxlength="64" name="E2" id="id_email_verify" autocomplete="off" value="<?= htmlspecialchars($E2,ENT_QUOTES) ?>" /> (<?= __("required") ?>)
+		</p>
+
 		<?php if ($A == "UpdateAccount"): ?>
 		<p>
 			<label for="id_passwd1"><?= __("Password") ?>:</label>
@@ -136,3 +141,9 @@
 		</p>
 	</fieldset>
 </form>
+<script>
+var verify_field = document.getElementById('id_email_verify');
+verify_field.addEventListener('paste', function (e) {
+	e.preventDefault();
+}, false);
+</script>
-- 
2.5.0

    

Marcel Korpel

Marcel Korpel

Patrick Burroughs (Celti)

Marcel Korpel

Eli Schwartz

Loui Chang

Lukas Fleischer

Marcel Korpel

Loui Chang

tags

participants (5)