added: to IsWhite (core/misc)

other unicode white characters
       25 characters -- without a new line character (10)
added: config option: account_need_email_verification
       if true then when creating an account a user has to provide
       his email address and a message with an activation link will be sent 
       back to him
added: 'pw' winix function (not finished yet)
       at the moment only one parameter 'activate'



git-svn-id: svn://ttmath.org/publicrep/winix/trunk@810 e52654a7-88a9-db11-a3e9-0013d4bc506e

functions/adduser.cpp

@@ -7,9 +7,11 @@
  * 
  */
 
+#include <cstdlib>
 #include "adduser.h"
 #include "core/slog.h"
 #include "core/plugin.h"
+#include "core/misc.h"
 
 
 
@@ -24,15 +26,12 @@ AddUser::AddUser()
 
 
 /*
-	checking whether login consists of allowed characters
-	currently all characters above 32 (space) are available
-
-	160 - unbreakable space
+	checking whether a login consists of allowed characters
 */
 bool AddUser::HasLoginCorrectChars(const std::wstring & login)
 {
 	for(size_t i=0 ; i<login.size() ; ++i)
-		if( login[i] <= 32 || login[i]==160 )
+		if( login[i] <= 32 || IsWhite(login[i]) )
 			return false;
 
 return true;
@@ -40,26 +39,46 @@ return true;
 
 
 
-bool AddUser::IsLoginCorrect(const std::wstring & login)
+bool AddUser::IsLoginCorrect(const std::wstring & login, bool use_ses_log)
 {
 	if( login.empty() )
 	{
-		log << log3 << "AddUser: login can't be empty" << logend;
-		slog << logerror << T("adduser_err_login_empty") << logend;
+		log << log2 << "AddUser: login can't be empty" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_login_empty") << logend;
+
+		return false;
+	}
+
+	if( login.size() > WINIX_ACCOUNT_MAX_LOGIN_SIZE )
+	{
+		log << log2 << "AddUser: login can't be longer than: " << WINIX_ACCOUNT_MAX_LOGIN_SIZE << " characters" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_login_too_big") << " " << WINIX_ACCOUNT_MAX_LOGIN_SIZE
+				 << " " << T("adduser_err_login_too_big2") << logend;
+
 		return false;
 	}
 
 	if( !HasLoginCorrectChars(login) )
 	{
-		log << log3 << "AddUser: incorrect login characters" << logend;
-		slog << logerror << T("adduser_err_login_incorrect_chars") << logend;
+		log << log2 << "AddUser: incorrect login characters" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_login_incorrect_chars") << logend;
+
 		return false;
 	}
 
 	if( system->users.IsUser(login) )
 	{
-		log << log3 << "AddUser: such user already exists" << logend;
-		slog << logerror << T("adduser_err_user_exists") << logend;
+		log << log2 << "AddUser: such user already exists" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_user_exists") << logend;
+
 		return false;
 	}
 
@@ -68,27 +87,103 @@ return true;
 
 
 
-bool AddUser::IsPasswordCorrect(const std::wstring & pass, const std::wstring & conf_pass)
+// !! IMPROVE ME
+// add some email validation here
+bool AddUser::IsEmailCorrect(const std::wstring & email, bool use_ses_log)
+{
+	if( email.size() > WINIX_ACCOUNT_MAX_EMAIL_SIZE )
+	{
+		log << log2 << "AddUser: email can't be longer than: " << WINIX_ACCOUNT_MAX_EMAIL_SIZE << " characters" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_email_too_big") << " " << WINIX_ACCOUNT_MAX_EMAIL_SIZE
+				 << " " << T("adduser_err_email_too_big2") << logend;
+
+		return false;
+	}
+
+return true;
+}
+
+
+bool AddUser::IsPasswordCorrect(const std::wstring & pass, const std::wstring & conf_pass, bool use_ses_log)
 {
 	if( pass != conf_pass )
 	{
-		log << log3 << "AddUser: passwords are different" << logend;
-		slog << logerror << T("adduser_err_passwords_different") << logend;
+		log << log2 << "AddUser: passwords are different" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_passwords_different") << logend;
+
 		return false;
 	}
 
 	if( pass.size() < config->pass_min_size )
 	{
-		log << log3 << "AddUser: password is too small" << logend;
-		slog << logerror << T("adduser_err_password_too_small") << " "
-			 << config->pass_min_size << " " << T("adduser_err_password_too_small2") << logend;
+		log << log2 << "AddUser: password is too small" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_password_too_small") << " "
+				 << config->pass_min_size << " " << T("adduser_err_password_too_small2") << logend;
+
 		return false;
 	}
 
+	if( pass.size() > WINIX_ACCOUNT_MAX_PASSWORD_SIZE )
+	{
+		log << log2 << "AddUser: password can't be longer than: " << WINIX_ACCOUNT_MAX_PASSWORD_SIZE << " characters" << logend;
+
+		if( use_ses_log )
+			slog << logerror << T("adduser_err_password_too_big") << " " << WINIX_ACCOUNT_MAX_PASSWORD_SIZE
+				 << " " << T("adduser_err_password_too_big2") << logend;
+
+		return false;
+	}
+
+
 return true;
 }
 
 
+/*
+	adding a new account
+	this method doesn't check whether the login or password is correct
+	(consist of allowed characters)
+
+	input:
+		user - all fields from User struct without 'id'
+		pass - user's password
+
+	output:
+		result: true when the account has been successfully created
+		and user.id will be set
+*/
+bool AddUser::AddNewUser(User & user, const std::wstring & pass)
+{
+	up.pass = pass;
+	system->crypt.PassHashCrypt(up);
+	
+	if( db->AddUser(user, up) == WINIX_ERR_OK )
+	{
+		if( system->users.AddUser(user) )
+		{
+			log << log2 << "AddUser: added a new user: " << user.name << logend;
+			return true;
+		}
+		else
+		{
+			log << log1 << "AddUser: I can't add to system->users: " << user.name
+				<< " but the user was added to the db correctly" << logend;
+		}
+	}
+	else
+	{
+		log << log1 << "AddUser: I cannot add a user -- database error" << logend;
+	}
+
+return false;
+}
+
 
 
 void AddUser::MakePost()
@@ -97,35 +192,46 @@ void AddUser::MakePost()
 	const std::wstring & login     = cur->request->PostVar(L"login");
 	const std::wstring & pass      = cur->request->PostVar(L"password");
 	const std::wstring & conf_pass = cur->request->PostVar(L"passwordconfirm");
+	const std::wstring & email     = cur->request->PostVar(L"email");
+	long code = 0;
 
-	if( !IsLoginCorrect(login) || !IsPasswordCorrect(pass, conf_pass) )
+	if( !IsLoginCorrect(login, true) || !IsEmailCorrect(email, true) || !IsPasswordCorrect(pass, conf_pass, true) )
 		return;
 
-	user.name  = login;
-	user.email = cur->request->PostVar(L"email");
+	user.name       = login;
+	user.email      = email;
+	user.super_user = false;
+	user.notify     = 0;
+	user.status     = (config->account_need_email_verification)? WINIX_ACCOUNT_NOT_ACTIVATED : WINIX_ACCOUNT_READY;
 
-	up.pass = pass;
-	system->crypt.PassHashCrypt(up);
-	
-	cur->request->status = db->AddUser(user, up);
-	
-	if( cur->request->status == WINIX_ERR_OK )
+	if( cur->session->puser && cur->session->puser->super_user )
 	{
-		if( system->users.AddUser(user) )
+		if( cur->request->IsPostVar(L"autoactivate") )
 		{
-			log << log2 << "AddUser: added a new user: " << user.name << logend;
-
-			if( !cur->session->puser )
-			{
-				system->users.LoginUser(user.id, false);
-				log << log2 << "AddUser: now logged as: " << user.name << logend;
-				plugin.Call(WINIX_USER_LOGGED);
-			}
+			user.status = WINIX_ACCOUNT_READY;
+			log << log2 << "AddUser: account activated by an admin" << logend;
 		}
-		else
+	}
+
+	if( user.status == WINIX_ACCOUNT_NOT_ACTIVATED )
+	{
+		code = std::rand();
+		user.aenv.Add(L"activation_code", code);
+	}
+
+	if( AddNewUser(user, pass) )
+	{
+		if( !cur->session->puser && user.status == WINIX_ACCOUNT_READY )
 		{
-			log << log1 << "AddUser: I can't add to system->users: " << user.name
-				<< " but the user was added to the db correctly" << logend;
+			system->users.LoginUser(user.id, false);
+			log << log2 << "AddUser: now logged as: " << user.name << logend;
+			plugin.Call(WINIX_USER_LOGGED);
+		}
+
+		if( user.status == WINIX_ACCOUNT_NOT_ACTIVATED )
+		{
+			system->notify.ActivateAccount(user.name, user.email, code);
+			slog << loginfo << T(L"account_email_sent") << logend;
 		}
 
 		system->RedirectToLastItem();