added captcha and email validation to webgui auth

2005-03-04 20:44:11 +00:00 · 2005-03-04 20:44:11 +00:00 · 66e2028c3a
commit 66e2028c3a
parent 7db5db5833
5 changed files with 99 additions and 5 deletions
--- a/docs/changelog/6.x.x.txt
+++ b/docs/changelog/6.x.x.txt
@ -8,8 +8,12 @@
 - Added isAdminOn(), switchOnAdmin(), and switchOffAdmin() to WebGUI::Session
   to eliminate all of the previously cryptic means of doing those things.
 - Added a temporary file storage mechanism to WebGUI::Storage.
- - Added an image resizer to the image asset.
 - Image Magick is now required to run WebGUI.
+ - Added an image resizer to the image asset.
+ - Added Captcha verification option to WebGUI anonymous registration.
+ - Added email validation option to WebGUI anonymous registration. Thanks to
+   Matt Wilson for inspiration.
+ - Thumbnails will now be generated a little sharper. Thanks to Nuba.
 - Fixed resetting votes on Poll would crash it.
 - Fixed not being able to set display title and other yes no questions to no.
 - Fixed a bug where URLs would become unreachable when using SSL.
--- a/docs/upgrades/upgrade_6.3.0-6.4.0.sql
+++ b/docs/upgrades/upgrade_6.3.0-6.4.0.sql
@ -1,4 +1,7 @@
 insert into webguiVersion values ('6.4.0','upgrade',unix_timestamp());
 alter table asset add index state_parentId_lineage (state,parentId,lineage);
-
+insert into settings (name, value) values ('webguiValidateEmail', '0');
+insert into settings (name, value) values ('webguiUseCaptcha', '1');
+delete from template where assetId='PBtmpl0000000000000011';
+INSERT INTO template VALUES ('   <h1><tmpl_var title></h1>\r\n\r\n<tmpl_if create.message>\r\n   <tmpl_var create.message>\r\n</tmpl_if>\r\n\r\n<tmpl_var create.form.header>\r\n<table >\r\n<tmpl_if useCaptcha>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.captcha.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.captcha></td>\r\n</tr>\r\n</tmpl_if>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.username.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.username></td>\r\n</tr>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.password.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.password></td>\r\n</tr>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.passwordConfirm.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.passwordConfirm></td>\r\n</tr>\r\n<tmpl_loop create.form.profile>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var profile.formElement.label></td>\r\n   <td class=\"tableData\"><tmpl_var profile.formElement></td>\r\n</tr>\r\n</tmpl_loop>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.submit></td>\r\n</tr>\r\n</table>\r\n<tmpl_var create.form.footer>\r\n\r\n<div class=\"accountOptions\">\r\n   <ul>\r\n      <li><a href=\"<tmpl_var login.url>\"><tmpl_var login.label></a></li>\r\n      <tmpl_if recoverPassword.isAllowed>\r\n	     <li><a href=\"<tmpl_var recoverPassword.url>\"><tmpl_var recoverPassword.label></a></li>\r\n	  </tmpl_if>\r\n   </ul>\r\n</div>','Auth/WebGUI/Create',1,1,'PBtmpl0000000000000011');

--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@ -578,8 +578,11 @@ Superclass method that performs standard logout routines.
 =cut

 sub logout {
+	my $self = shift;
   WebGUI::Session::end($session{var}{sessionId});
   WebGUI::Session::start(1);
+	my $u = WebGUI::User->new(1);
+	$self->{user} = $u;
   return "";
 }

--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@ -12,6 +12,7 @@ package WebGUI::Auth::WebGUI;

 use Digest::MD5;
 use strict;
+use URI;
 use WebGUI::Asset::Template;
 use WebGUI::Auth;
 use WebGUI::DateTime;
@ -21,6 +22,8 @@ use WebGUI::Macro;
 use WebGUI::Mail;
 use WebGUI::Session;
 use WebGUI::SQL;
+use WebGUI::Storage::Image;
+use WebGUI::User;
 use WebGUI::Utility;

 our @ISA = qw(WebGUI::Auth);
@ -161,6 +164,13 @@ sub createAccount {
 	  return $self->displayLogin;
   } 
   $vars->{'create.message'} = $_[0] if ($_[0]);
+	my $storage = WebGUI::Storage::Image->createTemp;
+	my ($filename, $challenge) = $storage->addFileFromCaptcha;
+   	$vars->{'create.form.captcha'} = WebGUI::Form::text({"name"=>"authWebGUI.captcha", size=>6, maxlength=>6})
+		.WebGUI::Form::hidden({name=>"authWebGUI.captcha.validation", value=>Digest::MD5::md5_base64(lc($challenge))})
+		.'<img src="'.$storage->getUrl($filename).'" border="0" alt="captcha" align="middle" />';
+   	$vars->{'create.form.captcha.label'} = WebGUI::International::get("captcha label","AuthWebGUI");
+	$vars->{useCaptcha} = $session{setting}{webguiUseCaptcha};
   $vars->{'create.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$session{form}{"authWebGUI.username"}});
   $vars->{'create.form.username.label'} = WebGUI::International::get(50);
   $vars->{'create.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>$session{form}{"authWebGUI.identifier"}});
@ -188,6 +198,11 @@ sub createAccountSave {
   $error.= $self->error if(!$self->_isValidPassword($password,$passConfirm));
   my ($profile, $temp, $warning) = WebGUI::Operation::Profile::validateProfileData();
   $error .= $temp;
+	if ($session{setting}{webguiUseCaptcha}) {
+		unless ($session{form}{'authWebGUI.captcha.validation'} eq Digest::MD5::md5_base64(lc($session{form}{'authWebGUI.captcha'}))) {
+			$error .= WebGUI::International::get("captcha failure","AuthWebGUI");
+		}
+	}
   
   return $self->createAccount($error) unless ($error eq "");
   
@ -203,8 +218,20 @@ sub createAccountSave {
   $properties->{identifier} = Digest::MD5::md5_base64($password);
   $properties->{passwordLastUpdated} = time();
   $properties->{passwordTimeout} = $session{setting}{webguiPasswordTimeout};
-      
-   return $self->SUPER::createAccountSave($username,$properties,$password,$profile);
+   $properties->{status} = 'Deactiviated' if ($session{setting}{webguiValidateEmail});
+   $self->SUPER::createAccountSave($username,$properties,$password,$profile);
+   	if ($session{setting}{webguiValidateEmail}) {
+		my $key = WebGUI::Id::generate();
+		$self->saveParams($self->userId,"WebGUI",{emailValidationKey=>$key});
+   		WebGUI::Mail::send(
+			$profile->{email},
+			WebGUI::International::get('email address validation email subject','AuthWebGUI'),
+			WebGUI::International::get('email address validation email body','AuthWebGUI')."\n\n".WebGUI::URL::getSiteURL().WebGUI::URL::page("op=auth&method=validateEmail&key=".$key),
+			);
+		$self->logout;
+		return $self->displayLogin(WebGUI::International::get('check email for validation','AuthWebGUI'));
+	}
+	return "";
 }

 #-------------------------------------------------------------------
@ -356,6 +383,16 @@ sub editUserSettingsForm {
             -label=>WebGUI::International::get(6,'AuthWebGUI')
             );
   $f->textarea("webguiRecoverPasswordEmail",WebGUI::International::get(134),$session{setting}{webguiRecoverPasswordEmail});
+   $f->yesNo(
+	         -name=>"webguiValidateEmail",
+             -value=>$session{setting}{webguiValidateEmail},
+             -label=>WebGUI::International::get('validate email','AuthWebGUI')
+             );
+   $f->yesNo(
+	         -name=>"webguiUseCaptcha",
+             -value=>$session{setting}{webguiUseCaptcha},
+             -label=>WebGUI::International::get('use captcha','AuthWebGUI')
+             );
   return $f->printRowsOnly;
 }

@ -411,7 +448,7 @@ sub new {
   my $class = shift;
   my $authMethod = $_[0];
   my $userId = $_[1];
-   my @callable = ('createAccount','deactivateAccount','displayAccount','displayLogin','login','logout','recoverPassword','resetExpiredPasswordSave','recoverPasswordFinish','createAccountSave','deactivateAccountConfirm','resetExpiredPasswordSave','updateAccount');
+   my @callable = ('validateEmail','createAccount','deactivateAccount','displayAccount','displayLogin','login','logout','recoverPassword','resetExpiredPasswordSave','recoverPasswordFinish','createAccountSave','deactivateAccountConfirm','resetExpiredPasswordSave','updateAccount');
   my $self = WebGUI::Auth->new($authMethod,$userId,\@callable);
   bless $self, $class;
 }
@ -528,6 +565,18 @@ sub resetExpiredPasswordSave {
   return $self->displayLogin($msg);
 }

+#-------------------------------------------------------------------
+sub validateEmail {
+	my $self = shift;
+	my ($userId) = WebGUI::SQL->quickArray("select userId from authentication where fieldData=".quote($session{form}{key})." and fieldName='emailValidationKey' and authMethod='WebGUI'");
+	if (defined $userId) {
+		my $u = WebGUI::User->new($userId);
+		$u->status("Active");
+	}
+	return $self->displayLogin;
+}
+
+
 #-------------------------------------------------------------------

 =head2 updateAccount (  )
--- a/lib/WebGUI/i18n/English/AuthWebGUI.pm
+++ b/lib/WebGUI/i18n/English/AuthWebGUI.pm
@ -1,6 +1,41 @@
 package WebGUI::i18n::English::AuthWebGUI;

 our $I18N = {
+	'use captcha' => {
+		message => q|Use captcha image?|,
+		lastUpdated => 1078852836
+	},
+
+	'validate email' => {
+		message => q|Validate email addresses?|,
+		lastUpdated => 1078852836
+	},
+
+	'captcha label' => {
+		message => q|Verify Your Humanity|,
+		lastUpdated => 1078852836
+	},
+
+	'captcha failure' => {
+		message => q|You need to type in the six characters you see in the image to prove that you are human.|,
+		lastUpdated => 1078852836
+	},
+
+	'email address validation email subject' => {
+		message => q|Account Activation|,
+		lastUpdated => 1078852836
+	},
+
+	'email address validation email body' => {
+		message => q|Welcome to our site. Please click on the link below to activate your account.|,
+		lastUpdated => 1078852836
+	},
+
+	'check email for validation' => {
+		message => q|Please check your email to activate your account.|,
+		lastUpdated => 1078852836
+	},
+
 	'account-1' => {
 		message => q|WebGUI Authentication Display Account Template|,
 		lastUpdated => 1078852836