function logintoboggan_validate_email in LoginToboggan 5
Same name and namespace in other branches
- 6 logintoboggan.module \logintoboggan_validate_email()
- 7 logintoboggan.validation.inc \logintoboggan_validate_email()
Menu callback; process validate the e-mail address as a one time URL, and redirects to the user page on success.
1 string reference to 'logintoboggan_validate_email'
- logintoboggan_menu in ./
logintoboggan.module - Implementation of hook_menu()
File
- ./
logintoboggan.module, line 809 - Logintoboggan Module
Code
function logintoboggan_validate_email($uid, $timestamp, $hashed_pass, $action = 'login') {
global $user;
$current = time();
$uid = (int) $uid;
// Some redundant checks for extra security
if ($timestamp < $current && $uid && ($account = user_load(array(
'uid' => $uid,
)))) {
// No time out for first time login.
// This conditional checks that:
// - the user is still in the pre-auth role or didn't set
// their own password.
// - the hashed password is correct.
if ((variable_get('user_email_verification', TRUE) && empty($account->login) || array_key_exists(logintoboggan_validating_id(), $account->roles)) && $hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail)) {
watchdog('user', t('E-mail validation URL used for %name with timestamp @timestamp.', array(
'%name' => $account->name,
'@timestamp' => $timestamp,
)));
// Test here for a valid pre-auth -- if the pre-auth is set to the auth user, we
// handle things a bit differently.
$validating_id = logintoboggan_validating_id();
$pre_auth = !variable_get('user_email_verification', TRUE) && $validating_id != DRUPAL_AUTHENTICATED_RID;
_logintoboggan_process_validation($account);
// Where do we redirect after confirming the account?
$redirect = _logintoboggan_process_redirect(variable_get('toboggan_redirect_on_confirm', ''), $account);
switch ($action) {
// Proceed with normal user login, as long as it's open registration and their
// account hasn't been blocked.
case 'login':
// Only show the validated message if there's a valid pre-auth role.
if ($pre_auth) {
drupal_set_message(t('You have successfully validated your e-mail address.'));
}
if (!$account->status) {
drupal_set_message(t('Your account is currently blocked -- login cancelled.'), 'error');
drupal_goto('');
}
else {
$edit = array();
drupal_goto(logintoboggan_process_login($account, $edit, $redirect));
}
break;
// Admin validation.
case 'admin':
// user has new permissions, so we clear their menu cache
cache_clear_all($account->uid . ':', 'cache_menu', TRUE);
drupal_set_message(t('You have successfully validated %user.', array(
'%user' => $account->name,
)));
drupal_goto("user/{$account->uid}/edit");
break;
// Catch all.
default:
// user has new permissions, so we clear their menu cache
cache_clear_all($account->uid . ':', 'cache_menu', TRUE);
drupal_set_message(t('You have successfully validated %user.', array(
'%user' => $account->name,
)));
drupal_goto('');
break;
}
}
else {
$message = t("Sorry, you can only use your validation link once for security reasons.");
// No one currently logged in, go straight to user login page.
if (empty($user->uid)) {
$message .= t(" Please log in with your username and password instead now.");
$goto = 'user/login';
}
else {
$goto = 'user';
}
drupal_set_message($message, 'error');
drupal_goto($goto);
}
}
// Deny access, no more clues.
// Everything will be in the watchdog's URL for the administrator to check.
drupal_access_denied();
}