3 * StatusNet, the distributed open-source microblogging tool
5 * Plugin that requires the user to have a validated email address before they
10 * LICENCE: This program is free software: you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation, either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25 * @author Craig Andrews <candrews@integralblue.com>
26 * @author Brion Vibber <brion@status.net>
27 * @author Evan Prodromou <evan@status.net>
28 * @copyright 2011 StatusNet Inc. http://status.net/
29 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
30 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
31 * @link http://status.net/
34 if (!defined('STATUSNET') && !defined('LACONICA')) {
39 * Plugin for requiring a validated email before posting.
41 * Enable this plugin using addPlugin('RequireValidatedEmail');
45 * @author Craig Andrews <candrews@integralblue.com>
46 * @author Brion Vibber <brion@status.net>
47 * @author Evan Prodromou <evan@status.net>
48 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
49 * @copyright 2009-2010 StatusNet, Inc.
50 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
51 * @link http://status.net/
54 class RequireValidatedEmailPlugin extends Plugin
57 * Users created before this time will be grandfathered in
58 * without the validation requirement.
61 public $grandfatherCutoff = null;
64 * If OpenID plugin is installed, users with a verified OpenID
65 * association whose provider URL matches one of these regexes
66 * will be considered to be sufficiently valid for our needs.
68 * For example, to trust WikiHow and Wikipedia OpenID users:
70 * addPlugin('RequireValidatedEmailPlugin', array(
71 * 'trustedOpenIDs' => array(
72 * '!^http://\w+\.wikihow\.com/!',
73 * '!^http://\w+\.wikipedia\.org/!',
78 public $trustedOpenIDs = array();
81 * Whether or not to disallow login for unvalidated users.
84 public $disallowLogin = false;
86 function onAutoload($cls)
88 $dir = dirname(__FILE__);
92 case 'ConfirmfirstemailAction':
93 include_once $dir . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php';
100 function onRouterInitialized($m)
102 $m->connect('main/confirmfirst/:code',
103 array('action' => 'confirmfirstemail'));
108 * Event handler for notice saves; rejects the notice
109 * if user's address isn't validated.
111 * @param Notice $notice The notice being saved
113 * @return bool hook result code
116 function onStartNoticeSave($notice)
118 $user = User::staticGet('id', $notice->profile_id);
119 if (!empty($user)) { // it's a remote notice
120 if (!$this->validated($user)) {
121 $msg = _m("You must validate your email address before posting.");
122 throw new ClientException($msg);
129 * Event handler for registration attempts; rejects the registration
130 * if email field is missing.
132 * @param Action $action Action being executed
134 * @return bool hook result code
136 function onStartRegistrationTry($action)
138 $email = $action->trimmed('email');
141 $action->showForm(_m('You must provide an email address to register.'));
145 // Default form will run address format validation and reject if bad.
151 * Event handler for registration attempts; rejects the registration
152 * if email field is missing.
154 * @param Action $action Action being executed
156 * @return bool hook result code
159 function onStartRegisterUser(&$user, &$profile)
161 $email = $user->email;
164 throw new ClientException(_m('You must provide an email address to register.'));
171 * Check if a user has a validated email address or has been
172 * otherwise grandfathered in.
174 * @param User $user User to valide
178 protected function validated($user)
180 // The email field is only stored after validation...
181 // Until then you'll find them in confirm_address.
182 $knownGood = !empty($user->email) ||
183 $this->grandfathered($user) ||
184 $this->hasTrustedOpenID($user);
186 // Give other plugins a chance to override, if they can validate
187 // that somebody's ok despite a non-validated email.
189 // FIXME: This isn't how to do it! Use Start*/End* instead
191 Event::handle('RequireValidatedEmailPlugin_Override',
192 array($user, &$knownGood));
198 * Check if a user was created before the grandfathering cutoff.
199 * If so, we won't need to check for validation.
201 * @param User $user User to check
203 * @return bool true if user is grandfathered
205 protected function grandfathered($user)
207 if ($this->grandfatherCutoff) {
208 $created = strtotime($user->created . " GMT");
209 $cutoff = strtotime($this->grandfatherCutoff);
210 if ($created < $cutoff) {
218 * Override for RequireValidatedEmail plugin. If we have a user who's
219 * not validated an e-mail, but did come from a trusted provider,
220 * we'll consider them ok.
222 * @param User $user User to check
224 * @return bool true if user has a trusted OpenID.
227 function hasTrustedOpenID($user)
229 if ($this->trustedOpenIDs && class_exists('User_openid')) {
230 foreach ($this->trustedOpenIDs as $regex) {
231 $oid = new User_openid();
233 $oid->user_id = $user->id;
236 while ($oid->fetch()) {
237 if (preg_match($regex, $oid->canonical)) {
247 * Add version information for this plugin.
249 * @param array &$versions Array of associative arrays of version data
251 * @return boolean hook value
254 function onPluginVersion(&$versions)
257 array('name' => 'Require Validated Email',
258 'version' => STATUSNET_VERSION,
259 'author' => 'Craig Andrews, '.
263 'http://status.net/wiki/Plugin:RequireValidatedEmail',
265 _m('Disables posting without a validated email address.'));
270 * Hide the notice form if the user isn't able to post.
272 * @param Action $action action being shown
274 * @return boolean hook value
277 function onStartShowNoticeForm($action)
279 $user = common_current_user();
280 if (!empty($user)) { // it's a remote notice
281 if (!$this->validated($user)) {
289 * Prevent unvalidated folks from creating spam groups.
291 * @param Profile $profile User profile we're checking
292 * @param string $right rights key
293 * @param boolean $result if overriding, set to true/false has right
294 * @return boolean hook result value
296 function onUserRightsCheck(Profile $profile, $right, &$result)
298 if ($right == Right::CREATEGROUP ||
299 ($this->disallowLogin && ($right == Right::WEBLOGIN || $right == Right::API))) {
300 $user = User::staticGet('id', $profile->id);
301 if ($user && !$this->validated($user)) {
309 function onLoginAction($action, &$login)
311 if ($action == 'confirmfirstemail') {