]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - actions/invite.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add 'invite-only' mode for registration
[quix0rs-gnu-social.git] / actions / invite.php
diff --git a/actions/invite.php b/actions/invite.php
index 1e2a9550325f93f30f82b4c0b4119ab132b22aac..c7d92085c163faff7999baba8f08186e6ae79e35 100644 (file)
--- a/actions/invite.php
+++ b/actions/invite.php
@@ -40,6 +40,13 @@ class InviteAction extends Action {
 
        function send_invitations() {
 
+               # CSRF protection
+               $token = $this->trimmed('token');
+               if (!$token || $token != common_session_token()) {
+                       $this->show_form(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
                $user = common_current_user();
                $profile = $user->getProfile();
 
@@ -125,6 +132,7 @@ class InviteAction extends Action {
                common_element_start('form', array('method' => 'post',
                                                                                   'id' => 'invite',
                                                                                   'action' => common_local_url('invite')));
+               common_hidden('token', common_session_token());
 
                common_textarea('addresses', _('Email addresses'),
                                                $this->trimmed('addresses'),
@@ -134,7 +142,7 @@ class InviteAction extends Action {
                                                $this->trimmed('personal'),
                                                _('Optionally add a personal message to the invitation.'));
 
-               common_submit('preview', _('Preview'));
+               common_submit('send', _('Send'));
 
                common_element_end('form');
 
@@ -143,6 +151,11 @@ class InviteAction extends Action {
 
        function send_invitation($email, $user, $personal) {
 
+               $profile = $user->getProfile();
+               $bestname = $profile->getBestName();
+
+               $sitename = common_config('site', 'name');
+
                $invite = new Invitation();
 
                $invite->address = $email;
@@ -162,17 +175,17 @@ class InviteAction extends Action {
                $headers['To'] = $email;
                $headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename);
 
-               $body = sprintf(_("%1$s has invited you to join them on %2$s (%3$s).\n\n".
-                                                 "%2$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n".
+               $body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n".
+                                                 "%2\$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n".
                                                  "You can also share news about yourself, your thoughts, or your life online with people who know about you. ".
                                                  "It's also great for meeting new people who share your interests.\n\n".
-                                                 "%1$s said:\n\n%4$s\n\n".
-                                                 "You can see %1$s's profile page on %2$s here:\n\n".
-                                                 "%5$s\n\n".
+                                                 "%1\$s said:\n\n%4\$s\n\n".
+                                                 "You can see %1\$s's profile page on %2\$s here:\n\n".
+                                                 "%5\$s\n\n".
                                                  "If you'd like to try the service, click on the link below to accept the invitation.\n\n".
-                                                 "%6$s\n\n".
+                                                 "%6\$s\n\n".
                                                  "If not, you can ignore this message. Thanks for your patience and your time.\n\n".
-                                                 "Sincerely, %2$s\n"),
+                                                 "Sincerely, %2\$s\n"),
                                                $bestname,
                                                $sitename,
                                                common_root_url(),
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)