Dizkus

Hello all

I will try to hack PN to perform e-mail verification for new members and for e-mail changes.
I would let users input their password at signup, but they would have to click on a link in their mail to activate their account.
And they would have to do the same whenever they change their mail address.

I need to check users logging in for their account activation. i.e. if a user tries to login and his account is not activated, he should not be able to login, but be redirected to a page from which he can re-send the confirmation mail or change his e-mail address.

Which place in the PN script would be the best to do this?
I am thinking about the handler of the login form, where I could check for the account status.

Where in the code is that place?

Before you develop this I'd do some searching around. I believe there might already be something available that does this.

--
pnDev.com ~ featuring the PostNuke paid services forum

I've been asking for such a thing in the last 2-3 years.
I don't think it exists yet.

There was a hack for letting users set their password when registering, but I never heard of any e-mail verification hack or module making it possible.

I looked at the code, and found parts of the login and registration process in many files such as
includes/pnUser.php
modules/user/user/access.php
modules/user/user.php
modules/newuser/user.php

Apparently, the way the login process is implemented, changes to it are not trivial.



edited by: manarak, Jan 22, 2007 - 07:21 PM

pnUserLogIn() checks whether the give username and password match and then, if they do logs the user in by making the appropriate sessions changes.

NewUser is simply for registering new users, all that's self contained.

The User module controls the profiles/Your Account and the login block/login form at user.php.

--
Regards,
Simon

itbegins.co.uk - Zikula Consulting

Please read the Support Guide

OK - so the first thing is probably to modify pnUserLogIn() to also check if the user's account is flagged as "verified".
If it is not, then he should not be logged in, but be redirected to a page telling him to verify his account and allowing him to resend the confirmation email to the same or a different email address.

Then I have to modify the registration process so that it allows to type-in the password and so that the user accounts are created with the flag "unverified", generates some kind of hash to be stored in the database for that user's account, and then the script sends the user an email with a link to click.
The link points to a script that will compare username, uid and hash, and if they match, the account will be "verifed".

When the user wants to change his e-mail address, the new email address is stored together with a hash. A link is sent by email to the user at the new address, and when he clicks the link, the script compares the uname/hash and replaces the old email address with the new one.

And then comes the moment where I set all my 50000 users to "unverified"... for testing purposes ))



edited by: manarak, Jan 23, 2007 - 10:25 AM

Ok, I figured out that I need to begin with modifying the way e-mail address changes are handled.

I need to do the following, after a user changes his data:
1- write all changed data to DB, except email.
2- check if the user did modify his email address
3- if so, run some queries and redirect the user to a page informing him that he needs to click on a confirmation link in his email.

In the module file Your_Account/user/modules/changeinfo.php, I found the function edituser($htmltext)
and rigth below it a second function in Your_Account/user/modules/changeinfo.php function saveuser() seems to write the data back to the database - maybe changing this function is enough.

What would here be the best way to check if the user typed a new email address into the form?

And what do these lines do?




edited by: manarak, Jan 29, 2007 - 10:59 AM

I got so far that the e-mail verification works for e-mail changes.

Can someone show me how I can get the language setting stored in the user's cookie?



edited by: manarak, Jan 30, 2007 - 11:38 AM