From 66e2028c3a80b2ff55d0f136521e1fb072041198 Mon Sep 17 00:00:00 2001
From: JT Smith <jt@plainblack.com>
Date: Fri, 4 Mar 2005 20:44:11 +0000
Subject: [PATCH] added captcha and email validation to webgui auth

---
 docs/changelog/6.x.x.txt              |  6 ++-
 docs/upgrades/upgrade_6.3.0-6.4.0.sql |  5 ++-
 lib/WebGUI/Auth.pm                    |  3 ++
 lib/WebGUI/Auth/WebGUI.pm             | 55 +++++++++++++++++++++++++--
 lib/WebGUI/i18n/English/AuthWebGUI.pm | 35 +++++++++++++++++
 5 files changed, 99 insertions(+), 5 deletions(-)

diff --git a/docs/changelog/6.x.x.txt b/docs/changelog/6.x.x.txt
index 7605fce45..b30296be9 100644
--- a/docs/changelog/6.x.x.txt
+++ b/docs/changelog/6.x.x.txt
@@ -8,8 +8,12 @@
  - Added isAdminOn(), switchOnAdmin(), and switchOffAdmin() to WebGUI::Session
    to eliminate all of the previously cryptic means of doing those things.
  - Added a temporary file storage mechanism to WebGUI::Storage.
- - Added an image resizer to the image asset.
  - Image Magick is now required to run WebGUI.
+ - Added an image resizer to the image asset.
+ - Added Captcha verification option to WebGUI anonymous registration.
+ - Added email validation option to WebGUI anonymous registration. Thanks to
+   Matt Wilson for inspiration.
+ - Thumbnails will now be generated a little sharper. Thanks to Nuba.
  - Fixed resetting votes on Poll would crash it.
  - Fixed not being able to set display title and other yes no questions to no.
  - Fixed a bug where URLs would become unreachable when using SSL.
diff --git a/docs/upgrades/upgrade_6.3.0-6.4.0.sql b/docs/upgrades/upgrade_6.3.0-6.4.0.sql
index b6da4e263..8b2a107b3 100644
--- a/docs/upgrades/upgrade_6.3.0-6.4.0.sql
+++ b/docs/upgrades/upgrade_6.3.0-6.4.0.sql
@@ -1,4 +1,7 @@
 insert into webguiVersion values ('6.4.0','upgrade',unix_timestamp());
 alter table asset add index state_parentId_lineage (state,parentId,lineage);
-
+insert into settings (name, value) values ('webguiValidateEmail', '0');
+insert into settings (name, value) values ('webguiUseCaptcha', '1');
+delete from template where assetId='PBtmpl0000000000000011';
+INSERT INTO template VALUES ('   <h1><tmpl_var title></h1>\r\n\r\n<tmpl_if create.message>\r\n   <tmpl_var create.message>\r\n</tmpl_if>\r\n\r\n<tmpl_var create.form.header>\r\n<table >\r\n<tmpl_if useCaptcha>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.captcha.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.captcha></td>\r\n</tr>\r\n</tmpl_if>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.username.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.username></td>\r\n</tr>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.password.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.password></td>\r\n</tr>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var create.form.passwordConfirm.label></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.passwordConfirm></td>\r\n</tr>\r\n<tmpl_loop create.form.profile>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"><tmpl_var profile.formElement.label></td>\r\n   <td class=\"tableData\"><tmpl_var profile.formElement></td>\r\n</tr>\r\n</tmpl_loop>\r\n<tr>\r\n   <td class=\"formDescription\" valign=\"top\"></td>\r\n   <td class=\"tableData\"><tmpl_var create.form.submit></td>\r\n</tr>\r\n</table>\r\n<tmpl_var create.form.footer>\r\n\r\n<div class=\"accountOptions\">\r\n   <ul>\r\n      <li><a href=\"<tmpl_var login.url>\"><tmpl_var login.label></a></li>\r\n      <tmpl_if recoverPassword.isAllowed>\r\n	     <li><a href=\"<tmpl_var recoverPassword.url>\"><tmpl_var recoverPassword.label></a></li>\r\n	  </tmpl_if>\r\n   </ul>\r\n</div>','Auth/WebGUI/Create',1,1,'PBtmpl0000000000000011');
 
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index 60900138b..ad6eb220a 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -578,8 +578,11 @@ Superclass method that performs standard logout routines.
 =cut
 
 sub logout {
+	my $self = shift;
    WebGUI::Session::end($session{var}{sessionId});
    WebGUI::Session::start(1);
+	my $u = WebGUI::User->new(1);
+	$self->{user} = $u;
    return "";
 }
 
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index e37263948..d9d24064c 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -12,6 +12,7 @@ package WebGUI::Auth::WebGUI;
 
 use Digest::MD5;
 use strict;
+use URI;
 use WebGUI::Asset::Template;
 use WebGUI::Auth;
 use WebGUI::DateTime;
@@ -21,6 +22,8 @@ use WebGUI::Macro;
 use WebGUI::Mail;
 use WebGUI::Session;
 use WebGUI::SQL;
+use WebGUI::Storage::Image;
+use WebGUI::User;
 use WebGUI::Utility;
 
 our @ISA = qw(WebGUI::Auth);
@@ -161,6 +164,13 @@ sub createAccount {
  	  return $self->displayLogin;
    } 
    $vars->{'create.message'} = $_[0] if ($_[0]);
+	my $storage = WebGUI::Storage::Image->createTemp;
+	my ($filename, $challenge) = $storage->addFileFromCaptcha;
+   	$vars->{'create.form.captcha'} = WebGUI::Form::text({"name"=>"authWebGUI.captcha", size=>6, maxlength=>6})
+		.WebGUI::Form::hidden({name=>"authWebGUI.captcha.validation", value=>Digest::MD5::md5_base64(lc($challenge))})
+		.'<img src="'.$storage->getUrl($filename).'" border="0" alt="captcha" align="middle" />';
+   	$vars->{'create.form.captcha.label'} = WebGUI::International::get("captcha label","AuthWebGUI");
+	$vars->{useCaptcha} = $session{setting}{webguiUseCaptcha};
    $vars->{'create.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$session{form}{"authWebGUI.username"}});
    $vars->{'create.form.username.label'} = WebGUI::International::get(50);
    $vars->{'create.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>$session{form}{"authWebGUI.identifier"}});
@@ -188,6 +198,11 @@ sub createAccountSave {
    $error.= $self->error if(!$self->_isValidPassword($password,$passConfirm));
    my ($profile, $temp, $warning) = WebGUI::Operation::Profile::validateProfileData();
    $error .= $temp;
+	if ($session{setting}{webguiUseCaptcha}) {
+		unless ($session{form}{'authWebGUI.captcha.validation'} eq Digest::MD5::md5_base64(lc($session{form}{'authWebGUI.captcha'}))) {
+			$error .= WebGUI::International::get("captcha failure","AuthWebGUI");
+		}
+	}
    
    return $self->createAccount($error) unless ($error eq "");
    
@@ -203,8 +218,20 @@ sub createAccountSave {
    $properties->{identifier} = Digest::MD5::md5_base64($password);
    $properties->{passwordLastUpdated} = time();
    $properties->{passwordTimeout} = $session{setting}{webguiPasswordTimeout};
-      
-   return $self->SUPER::createAccountSave($username,$properties,$password,$profile);
+   $properties->{status} = 'Deactiviated' if ($session{setting}{webguiValidateEmail});
+   $self->SUPER::createAccountSave($username,$properties,$password,$profile);
+   	if ($session{setting}{webguiValidateEmail}) {
+		my $key = WebGUI::Id::generate();
+		$self->saveParams($self->userId,"WebGUI",{emailValidationKey=>$key});
+   		WebGUI::Mail::send(
+			$profile->{email},
+			WebGUI::International::get('email address validation email subject','AuthWebGUI'),
+			WebGUI::International::get('email address validation email body','AuthWebGUI')."\n\n".WebGUI::URL::getSiteURL().WebGUI::URL::page("op=auth&method=validateEmail&key=".$key),
+			);
+		$self->logout;
+		return $self->displayLogin(WebGUI::International::get('check email for validation','AuthWebGUI'));
+	}
+	return "";
 }
 
 #-------------------------------------------------------------------
@@ -356,6 +383,16 @@ sub editUserSettingsForm {
              -label=>WebGUI::International::get(6,'AuthWebGUI')
              );
    $f->textarea("webguiRecoverPasswordEmail",WebGUI::International::get(134),$session{setting}{webguiRecoverPasswordEmail});
+   $f->yesNo(
+	         -name=>"webguiValidateEmail",
+             -value=>$session{setting}{webguiValidateEmail},
+             -label=>WebGUI::International::get('validate email','AuthWebGUI')
+             );
+   $f->yesNo(
+	         -name=>"webguiUseCaptcha",
+             -value=>$session{setting}{webguiUseCaptcha},
+             -label=>WebGUI::International::get('use captcha','AuthWebGUI')
+             );
    return $f->printRowsOnly;
 }
 
@@ -411,7 +448,7 @@ sub new {
    my $class = shift;
    my $authMethod = $_[0];
    my $userId = $_[1];
-   my @callable = ('createAccount','deactivateAccount','displayAccount','displayLogin','login','logout','recoverPassword','resetExpiredPasswordSave','recoverPasswordFinish','createAccountSave','deactivateAccountConfirm','resetExpiredPasswordSave','updateAccount');
+   my @callable = ('validateEmail','createAccount','deactivateAccount','displayAccount','displayLogin','login','logout','recoverPassword','resetExpiredPasswordSave','recoverPasswordFinish','createAccountSave','deactivateAccountConfirm','resetExpiredPasswordSave','updateAccount');
    my $self = WebGUI::Auth->new($authMethod,$userId,\@callable);
    bless $self, $class;
 }
@@ -528,6 +565,18 @@ sub resetExpiredPasswordSave {
    return $self->displayLogin($msg);
 }
 
+#-------------------------------------------------------------------
+sub validateEmail {
+	my $self = shift;
+	my ($userId) = WebGUI::SQL->quickArray("select userId from authentication where fieldData=".quote($session{form}{key})." and fieldName='emailValidationKey' and authMethod='WebGUI'");
+	if (defined $userId) {
+		my $u = WebGUI::User->new($userId);
+		$u->status("Active");
+	}
+	return $self->displayLogin;
+}
+
+
 #-------------------------------------------------------------------
 
 =head2 updateAccount (  )
diff --git a/lib/WebGUI/i18n/English/AuthWebGUI.pm b/lib/WebGUI/i18n/English/AuthWebGUI.pm
index 13f317725..88945e22e 100644
--- a/lib/WebGUI/i18n/English/AuthWebGUI.pm
+++ b/lib/WebGUI/i18n/English/AuthWebGUI.pm
@@ -1,6 +1,41 @@
 package WebGUI::i18n::English::AuthWebGUI;
 
 our $I18N = {
+	'use captcha' => {
+		message => q|Use captcha image?|,
+		lastUpdated => 1078852836
+	},
+
+	'validate email' => {
+		message => q|Validate email addresses?|,
+		lastUpdated => 1078852836
+	},
+
+	'captcha label' => {
+		message => q|Verify Your Humanity|,
+		lastUpdated => 1078852836
+	},
+
+	'captcha failure' => {
+		message => q|You need to type in the six characters you see in the image to prove that you are human.|,
+		lastUpdated => 1078852836
+	},
+
+	'email address validation email subject' => {
+		message => q|Account Activation|,
+		lastUpdated => 1078852836
+	},
+
+	'email address validation email body' => {
+		message => q|Welcome to our site. Please click on the link below to activate your account.|,
+		lastUpdated => 1078852836
+	},
+
+	'check email for validation' => {
+		message => q|Please check your email to activate your account.|,
+		lastUpdated => 1078852836
+	},
+
 	'account-1' => {
 		message => q|WebGUI Authentication Display Account Template|,
 		lastUpdated => 1078852836