[aur-dev] [PATCH] Let the user verify their email address

Sun Aug 16 22:54:54 UTC 2015

On registering and updating an email address, the user has to type their
email address twice. Do not allow autocomplete and pasting in the
verification field.

Fixes FS#45792.

Signed-off-by: Marcel Korpel <marcel.korpel at gmail.com>
---
 web/html/account.php               | 17 +++++++++--------
 web/html/register.php              |  6 +++---
 web/lib/acctfuncs.inc.php          | 12 +++++++++---
 web/template/account_edit_form.php | 11 +++++++++++
 4 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/web/html/account.php b/web/html/account.php
index adc2542..3452af3 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -32,10 +32,10 @@ if ($action == "UpdateAccount") {
 		list($success, $update_account_message) = process_account_form(
 			"edit", "UpdateAccount",
 			in_request("U"), in_request("T"), in_request("S"),
-			in_request("E"), in_request("P"), in_request("C"),
-			in_request("R"), in_request("L"), in_request("I"),
-			in_request("K"), in_request("PK"), in_request("J"),
-			in_request("ID"), $row["Username"]);
+			in_request("E"), in_request("E2"), in_request("P"),
+			in_request("C"), in_request("R"), in_request("L"),
+			in_request("I"), in_request("K"), in_request("PK"),
+			in_request("J"), in_request("ID"), $row["Username"]);
 	}
 }
 
@@ -79,7 +79,7 @@ if (isset($_COOKIE["AURSID"])) {
 			if (can_edit_account($row)) {
 				display_account_form("UpdateAccount", $row["Username"],
 					$row["AccountTypeID"], $row["Suspended"], $row["Email"],
-					"", "", $row["RealName"], $row["LangPreference"],
+					$row["Email"], "", "", $row["RealName"], $row["LangPreference"],
 					$row["IRCNick"], $row["PGPKey"], $PK,
 					$row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
 			} else {
@@ -115,9 +115,10 @@ if (isset($_COOKIE["AURSID"])) {
 
 		if (!$success) {
 			display_account_form("UpdateAccount", in_request("U"), in_request("T"),
-				in_request("S"), in_request("E"), in_request("P"), in_request("C"),
-				in_request("R"), in_request("L"), in_request("I"), in_request("K"),
-				in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]);
+				in_request("S"), in_request("E"), in_request("E2"),	in_request("P"),
+				in_request("C"), in_request("R"), in_request("L"), in_request("I"),
+				in_request("K"), in_request("PK"), in_request("J"), in_request("ID"),
+				$row["Username"]);
 		}
 
 	} else {
diff --git a/web/html/register.php b/web/html/register.php
index 9c5c1cc..483bc5e 100644
--- a/web/html/register.php
+++ b/web/html/register.php
@@ -21,7 +21,7 @@ echo '<h2>' . __('Register') . '</h2>';
 if (in_request("Action") == "NewAccount") {
 	list($success, $message) = process_account_form(
 			"new", "NewAccount", in_request("U"), 1, 0,
-			in_request("E"), '', '', in_request("R"),
+			in_request("E"), in_request("E2"), '', '', in_request("R"),
 			in_request("L"), in_request("I"), in_request("K"),
 			in_request("PK"));
 
@@ -29,13 +29,13 @@ if (in_request("Action") == "NewAccount") {
 
 	if (!$success) {
 		display_account_form("NewAccount", in_request("U"), 1, 0,
-			in_request("E"), '', '', in_request("R"),
+			in_request("E"), in_request("E2"), '', '', in_request("R"),
 			in_request("L"), in_request("I"), in_request("K"),
 			in_request("PK"));
 	}
 } else {
 	print '<p>' . __("Use this form to create an account.") . '</p>';
-	display_account_form("NewAccount", "", "", "", "", "", "", "", $LANG);
+	display_account_form("NewAccount", "", "", "", "", "", "", "", "", $LANG);
 }
 
 echo '</div>';
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index f718a77..942b7f8 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -47,6 +47,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  * @param string $T The account type of the displayed user
  * @param string $S Whether the displayed user has a suspended account
  * @param string $E The e-mail address of the displayed user
+ * @param string $E2 The e-mail address of the user, verification field
  * @param string $P The password value of the displayed user
  * @param string $C The confirmed password value of the displayed user
  * @param string $R The real name of the displayed user
@@ -60,7 +61,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  *
  * @return void
  */
-function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
+function display_account_form($A,$U="",$T="",$S="",$E="",$E2="",$P="",$C="",$R="",
 		$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
@@ -78,6 +79,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
  * @param string $T The account type for the user
  * @param string $S Whether or not the account is suspended
  * @param string $E The e-mail address for the user
+ * @param string $E2 The e-mail address for the user, verification field
  * @param string $P The password for the user
  * @param string $C The confirmed password for the user
  * @param string $R The real name of the user
@@ -91,7 +93,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
  *
  * @return array Boolean indicating success and message to be printed
  */
-function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
+function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$E2="",$P="",$C="",
 		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
@@ -114,10 +116,14 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
 		$editor_user = null;
 	}
 
-	if (empty($E) || empty($U)) {
+	if (empty($E) || empty($E2) || empty($U)) {
 		$error = __("Missing a required field.");
 	}
 
+	if ($E != $E2) {
+		$error = __("Entered email addresses do not match.");
+	}
+
 	if ($TYPE != "new" && !$UID) {
 		$error = __("Missing User ID");
 	}
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 0aadb9d..1c1c1ab 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -72,6 +72,11 @@
 			<input type="text" size="30" maxlength="64" name="E" id="id_email" value="<?= htmlspecialchars($E,ENT_QUOTES) ?>" /> (<?= __("required") ?>)
 		</p>
 
+		<p>
+			<label for="id_email_verify"><?= __("Verify Email Address") ?>:</label>
+			<input type="text" size="30" maxlength="64" name="E2" id="id_email_verify" autocomplete="off" value="<?= htmlspecialchars($E2,ENT_QUOTES) ?>" /> (<?= __("required") ?>)
+		</p>
+
 		<?php if ($A == "UpdateAccount"): ?>
 		<p>
 			<label for="id_passwd1"><?= __("Password") ?>:</label>
@@ -136,3 +141,9 @@
 		</p>
 	</fieldset>
 </form>
+<script>
+var verify_field = document.getElementById('id_email_verify');
+verify_field.addEventListener('paste', function (e) {
+	e.preventDefault();
+}, false);
+</script>
-- 
2.5.0
