'id' => 'smssettings',
'action' =>
common_local_url('smssettings')));
-
+ common_hidden('token', common_session_token());
common_element('h2', NULL, _('Address'));
if ($user->sms) {
$confirm = $this->get_confirmation();
if ($confirm) {
$carrier = Sms_carrier::staticGet($confirm->address_extra);
+ common_element_start('p');
common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')');
common_element('span', 'input_instructions',
_('Awaiting confirmation on this phone number.'));
- common_hidden('sms', $user->sms);
- common_hidden('carrier', $user->carrier);
+ common_hidden('sms', $confirm->address);
+ common_hidden('carrier', $confirm->address_extra);
common_element_end('p');
common_submit('cancel', _('Cancel'));
+ common_input('code', _('Confirmation code'), NULL,
+ _('Enter the code you received on your phone.'));
+ common_submit('confirm', _('Confirm'));
} else {
common_input('sms', _('SMS Phone number'),
($this->arg('sms')) ? $this->arg('sms') : NULL,
common_element('h2', NULL, _('Preferences'));
common_checkbox('smsnotify',
- _('Send me notices through SMS; I understand I may incur charges from my carrier.'),
+ _('Send me notices through SMS; I understand I may incur exorbitant charges from my carrier.'),
$user->smsnotify);
common_submit('save', _('Save'));
$user = common_current_user();
$confirm = new Confirm_address();
$confirm->user_id = $user->id;
- $confirm->address_type = 'email';
+ $confirm->address_type = 'sms';
if ($confirm->find(TRUE)) {
return $confirm;
} else {
function handle_post() {
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
if ($this->arg('save')) {
$this->save_preferences();
} else if ($this->arg('add')) {
$this->remove_incoming();
} else if ($this->arg('newincoming')) {
$this->new_incoming();
+ } else if ($this->arg('confirm')) {
+ $this->confirm_code();
} else {
$this->show_form(_('Unexpected form submission.'));
}
function save_preferences() {
- $smsnotify = $this->boolean('emailpost');
+ $smsnotify = $this->boolean('smsnotify');
$user = common_current_user();
$confirm->address_extra = $carrier_id;
$confirm->address_type = 'sms';
$confirm->user_id = $user->id;
- $confirm->code = common_confirmation_code(64);
+ $confirm->code = common_confirmation_code(40);
$result = $confirm->insert();
$carrier = Sms_carrier::staticGet($carrier_id);
- mail_confirm_address($confirm->code,
- $user->nickname,
- $carrier->toEmailAddress($sms));
+ mail_confirm_sms($confirm->code,
+ $user->nickname,
+ $carrier->toEmailAddress($sms));
$msg = _('A confirmation code was sent to the phone number you added. Check your inbox (and spam box!) for the code and instructions on how to use it.');
$this->show_form(_('No pending confirmation to cancel.'));
return;
}
- if ($confirm->address != $sms || $confirm->address_extra != $carrier) {
- $this->show_form(_('That is the wrong IM address.'));
+ if ($confirm->address != $sms) {
+ $this->show_form(_('That is the wrong confirmation number.'));
return;
}
$original = clone($user);
$user->sms = NULL;
$user->carrier = NULL;
+ $user->smsemail = NULL;
$result = $user->updateKeys($original);
if (!$result) {
common_log_db_error($user, 'UPDATE', __FILE__);
'send email to let us know at %s.'),
common_config('site', 'email')));
}
+
+ function confirm_code() {
+
+ $code = $this->trimmed('code');
+
+ if (!$code) {
+ $this->show_form(_('No code entered'));
+ return;
+ }
+
+ common_redirect(common_local_url('confirmaddress',
+ array('code' => $code)));
+ }
}