Email change verification

New Member Joined: Jan 28, 2005 Posts: 1

Hey guys, I've made it so that if someone changes their email address after they've registered, it now sends a verification email to that address before actually changing it... Here are the full details, for anyone who would like this functionality!

Basically, when someone changes their email address, it will send them an email to that email address to verify that they indeed wished to change their email address, and also to verify that the email address is valid.

Please note, I've done this on PHP-Nuke 7.6... I can't guarantee that my patches will work for any other version, but with some small changes, I'd expect they would... Anyhow...

Here goes (this is for MySQL 4 and PHP-Nuke 7.6):

First, you have to create a new table in your database:

Replace nuke_email_temp with your own prefix (IE: yourprefix_email_temp):

Code:

CREATE TABLE `nuke_email_temp` (


  `user_id` varchar(10) NOT NULL default '',


  `username` varchar(25) NOT NULL default '',


  `user_email` varchar(255) NOT NULL default '',


  `check_num` varchar(50) NOT NULL default '',


  `time` varchar(14) NOT NULL default '',


  KEY `username` (`username`,`check_num`)


) ENGINE=MyISAM;

Next, open up modules/Your_Account/index.php.

Search for:

Code:

function userinfo($username, $bypass=0, $hid=0, $url=0) {

Replace with:

Code:

function userinfo($username, $bypass=0, $hid=0, $url=0, $emailchanged=0) {

Search for:

Code:

     } else {


        echo "<font class=\"title\">"._PERSONALINFO.": $username</font></center><br><br>";


     }


     if ($userinfo[user_website]) {


        if (!eregi("http://", $userinfo[user_website])) {


            $userinfo[user_website] = "http://$userinfo[user_website]";

Then between

Code:

     } else {


        echo "<font class=\"title\">"._PERSONALINFO.": $username</font></center><br><br>";


     }

and

Code:

     if ($userinfo[user_website]) {


        if (!eregi("http://", $userinfo[user_website])) {


            $userinfo[user_website] = "http://$userinfo[user_website]";

Put this:

Code:




    if ($emailchanged > 0)


    {


       if ($emailchanged == 1)


       {


               echo "<center><font class=\"title\">You have requested an email address change.</font></center><br>";


               echo "<center><font class=\"title\">We have sent a confirmation email to your new address.</font></center><br>";


               echo "<center><font class=\"title\">Please follow the instructions in the email to complete your email address change.</font></center><br>";


       }


       else


       {


           echo "<center><font class=\"title\">Sorry, that email address is invalid.</font></center><br>";


       }


    }

So it should end up looking like this:

Code:

     } else {


        echo "<font class=\"title\">"._PERSONALINFO.": $username</font></center><br><br>";


     }





    if ($emailchanged > 0)


    {


       if ($emailchanged == 1)


       {


//         echo "<center><font class=\"title\">Please be patient. Email address changes are TEMPORARILY offline. Thank you.</font></center><br>";





               echo "<center><font class=\"title\">You have requested an email address change.</font></center><br>";


               echo "<center><font class=\"title\">We have sent a confirmation email to your new address.</font></center><br>";


               echo "<center><font class=\"title\">Please follow the instructions in the email to complete your email address change.</font></center><br>";


       }


       else


       {


           echo "<center><font class=\"title\">Sorry, that email address is invalid.</font></center><br>";


       }


    }





     if ($userinfo[user_website]) {


        if (!eregi("http://", $userinfo[user_website])) {


            $userinfo[user_website] = "http://$userinfo[user_website]";

Next, search for:

Code:

function main($user) {

Replace it with:

Code:

function main($user, $emailchanged) {

Next, search for:

Code:

     } elseif (is_user($user)) {


         global $cookie;


         cookiedecode($user);


         userinfo($cookie[1]);

Replace with:

Code:

     } elseif (is_user($user)) {


         global $cookie;


         cookiedecode($user);


         userinfo($cookie[1], 0, 0, 0, $emailchanged);

Next look for (NOTE THIS IS NOT THE FULL FUNCTION DECLARATION):

Code:

function saveuser($realname, $user_email

On the next line should be a "global" statement. Probably something like:

Code:

global $user, $cookie, $userinfo, $EditedMessage, $user_prefix, $db, $module_name, $minpass;

Add $adminmail AND $nukeurl onto that, so it looks like:

Code:

global $user, $cookie, $userinfo, $EditedMessage, $user_prefix, $db, $module_name, $minpass, $adminmail, $nukeurl;

Then search for:

Code:

$sql = "SELECT user_id, user_password FROM ".$user_prefix."_users WHERE username='$check'";

And replace with:

Code:

$sql = "SELECT user_id, user_password, user_email FROM ".$user_prefix."_users WHERE username='$check'";

Search for:

Code:

$user_sig = htmlspecialchars($user_sig);


$user_email = check_html($user_email, nohtml);

Replace with:

Code:

    $user_sig = htmlspecialchars($user_sig);





    if ($user_email != $row['user_email'])


    {


     $user_email = check_html($user_email, nohtml);


       if ((!$user_email)


           || ($user_email=="")


           || (!eregi("^[_\.0-9a-z-]@([0-9a-z][0-9a-z-]\.)[a-z]{2,6}$",$user_email))


           || (strrpos($user_email,' ') > 0))


         $emailchanged = 2;


       else


       {


           // Ok, the email address seems ok.  Let's put this into the temp_email table, and send the email


           $emailchanged = 1;


           // We need the user ID, user email, and some other stuff.  ;)


           mt_srand ((double)microtime()*1000000);


           $maxran = 1000000;


           $check_num = mt_rand(0, $maxran);


           $check_num = md5($check_num);


           $time = time();


           $finishlink = "$nukeurl/modules.php?name=$module_name&op=EmailActivate&username=$username&check_num=$check_num";


           $username = check_html($username, nohtml);


           $result = $db->sql_query("INSERT INTO ".$user_prefix."_email_temp (user_id, username, user_email, check_num, time)"


                                    ."VALUES ('$vuid', '$username', '$user_email', '$check_num', '$time')");


           if(!$result) {


               echo ""._ERROR."<br>";


           } else {


               $message = "Hello ".$username.",\n\n"


                 ."You or someone else has attempted to use your email account (".$user_email.")"


                 ." as the contact information for the account named \"" .$username."\" on The Sex Den.\n"


                 ."If this is not you, or this email was sent in error, please disregard this email.\n\n"


                 ."To finish the email change, please visit the following link within the next 24 hours, "


                 ."otherwise the information will be automatically deleted from our system, and the email change "


                 ."will not take place:\n\n".$finishlink;


               $subject = "User email change";


               $from = "$adminmail";


               mail($user_email, $subject, $message, "From: $from\nX-Mailer: PHP/" . phpversion());


           }


       }


    }


    else


    {


       $emailchanged = 0;


    }

Now search for :

Code:

$db->sql_query("UPDATE ".$user_prefix."_users SET name='$realname', user_email='$user_email', femail='$femail', user_website='$user_website', user_password='$user_password', bio='$bio', user_icq='$user_icq', user_occ='$user_occ', user_from='$user_from', user_interests='$user_interests', user_sig='$user_sig', user_aim='$user_aim', user_yim='$user_yim', user_msnm='$user_msnm', newsletter='$newsletter', user_viewemail='$user_viewemail', user_allow_viewonline='$user_allow_viewonline', user_notify='$user_notify', user_notify_pm='$user_notify_pm', user_popup_pm='$user_popup_pm', user_attachsig='$user_attachsig', user_allowbbcode='$user_allowbbcode', user_allowhtml='$user_allowhtml', user_allowsmile='$user_allowsmile', user_timezone='$user_timezone', user_dateformat='$user_dateformat' WHERE user_id='$user_id'");

And replace that WHOLE line with the following:

Code:

$db->sql_query("UPDATE ".$user_prefix."_users SET name='$realname', femail='$femail', user_website='$user_website', user_password='$user_password', bio='$bio', user_icq='$user_icq', user_occ='$user_occ', user_from='$user_from', user_interests='$user_interests', user_sig='$user_sig', user_aim='$user_aim', user_yim='$user_yim', user_msnm='$user_msnm', newsletter='$newsletter', user_viewemail='$user_viewemail', user_allow_viewonline='$user_allow_viewonline', user_notify='$user_notify', user_notify_pm='$user_notify_pm', user_popup_pm='$user_popup_pm', user_attachsig='$user_attachsig', user_allowbbcode='$user_allowbbcode', user_allowhtml='$user_allowhtml', user_allowsmile='$user_allowsmile', user_timezone='$user_timezone', user_dateformat='$user_dateformat' WHERE user_id='$user_id'");

Next, search for:

Code:

                }


                $db->sql_query("UNLOCK TABLES");


            } else {


                $db->sql_query("UPDATE ".$user_prefix."_users SET name='$realname', user_email='$user_email', femail='$femail', user_website='$user_website', bio='$bio', user_icq='$user_icq', user_occ='$user_occ', user_from='$user_from', user_interests='$user_interests', user_sig='$user_sig', user_aim='$user_aim', user_yim='$user_yim', user_msnm='$user_msnm', newsletter='$newsletter', user_viewemail='$user_viewemail', user_allow_viewonline='$user_allow_viewonline', user_notify='$user_notify', user_notify_pm='$user_notify_pm', user_popup_pm='$user_popup_pm', user_attachsig='$user_attachsig', user_allowbbcode='$user_allowbbcode', user_allowhtml='$user_allowhtml', user_allowsmile='$user_allowsmile', user_timezone='$user_timezone', user_dateformat='$user_dateformat' WHERE user_id='$user_id'");


            }


            Header("Location: modules.php?name=$module_name");


        }


     }


 }

And replace with (NOTE THE EXTRA } AT THE BOTTOM!):

Code:

                }


                $db->sql_query("UNLOCK TABLES");


            } else {


                $db->sql_query("UPDATE ".$user_prefix."_users SET name='$realname', femail='$femail', user_website='$user_website', bio='$bio', user_icq='$user_icq', user_occ='$user_occ', user_from='$user_from', user_interests='$user_interests', user_sig='$user_sig', user_aim='$user_aim', user_yim='$user_yim', user_msnm='$user_msnm', newsletter='$newsletter', user_viewemail='$user_viewemail', user_allow_viewonline='$user_allow_viewonline', user_notify='$user_notify', user_notify_pm='$user_notify_pm', user_popup_pm='$user_popup_pm', user_attachsig='$user_attachsig', user_allowbbcode='$user_allowbbcode', user_allowhtml='$user_allowhtml', user_allowsmile='$user_allowsmile', user_timezone='$user_timezone', user_dateformat='$user_dateformat' WHERE user_id='$user_id'");


           }


            if ($emailchanged > 0)


            {


                Header("Location: modules.php?name=$module_name&emailchanged=$emailchanged");


            }


            else


            {


            Header("Location: modules.php?name=$module_name");


        }


     }


 }


 }

Next, search for:

Code:

switch($op) {

Now, BEFORE that switch line, insert this:

Code:

function EmailActivate($username, $check_num)


{


    global $db, $user_prefix, $module_name, $language;


    $past = time()-86400;


    $db->sql_query("DELETE FROM ".$user_prefix."_email_temp WHERE time < '$past'");


    $sql = "SELECT * FROM ".$user_prefix."_email_temp WHERE username='$username' AND check_num='$check_num'";


    $result = $db->sql_query($sql);


    if ($db->sql_numrows($result) == 1)


    {


       $row = $db->sql_fetchrow($result);


       if ($check_num == $row['check_num'])


       {


           $db->sql_query("UPDATE `".$user_prefix."_users` SET `user_email`='".$row['user_email']."' WHERE `username` LIKE '$username'");


           $db->sql_query("DELETE FROM ".$user_prefix."_email_temp WHERE username='$username' AND check_num='$check_num'");


           include("header.php");


           title("Email Change Successful!");


           OpenTable();


           echo "<center><b>". $username. ":</b>Your email address has been successfully changed. Please continue to the <a href=\"$nukeurl\">Main Site</a>$


           CloseTable();


           include("footer.php");


           die();


       }


       else


       {


           include("header.php");


           title("Email Change Error!");


           OpenTable();


           echo "<center>There is no information in the database to support this email change! Please continue to the <a href=\"$nukeurl\">Main Site</a>.</$


           CloseTable();


           include("footer.php");


           die();


       }


    }


    else


    {


       include("header.php");


       title("Email Change Error!");


       OpenTable();


       echo "<center>There is no information in the database to support this email change! Please continue to the <a href=\"$nukeurl\">Main Site</a>.</cent$


       CloseTable();


       include("footer.php");


       die();


    }


}

And then in the switch statement...

Right after:

Code:

     case "CoolSize":


        CoolSize($size);


        break;

Insert this:

Code:

  case "EmailActivate":


     EmailActivate($username, $check_num);


     break;

And FINALLY, replace:

Code:

     default:


        main($user);


        break;

With:

Code:

     default:


     if (isset($emailchanged))


       main($user, $emailchanged);


     else


       main($user, 0);


        break;

Save the file.

That SHOULD do it. Smile

If not, I don't know why it's not working. Razz

Also, it was a pain in the @ kaching!

to try to diff it all, and I may have missed something... But you should get the gist of it. Smile

If you DO find that I made a mistake in these instructions, PLEASE let me know! Seriously, if you need to do something different from what I've shown here because of a mistake I made in this post, let me know!!

I hope you find this as useful as I did!