1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
/*
Copyright (©) 2003-2025 Teus Benschop.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <session/confirm.h>
#include <assets/view.h>
#include <assets/page.h>
#include <assets/header.h>
#include <session/login.h>
#include <locale/translate.h>
#include <webserver/request.h>
#include <filter/roles.h>
#include <filter/string.h>
#include <filter/url.h>
#include <confirm/worker.h>
#include <email/send.h>
#include <index/index.h>
#include <database/logs.h>
#include <database/config/general.h>
#include <user/logic.h>
struct Verification
{
std::string question;
std::string answer;
std::string passage;
};
const char * session_confirm_url ()
{
return "session/confirm";
}
bool session_confirm_acl (Webserver_Request& webserver_request)
{
// Find the level of the user.
// This confirmation page only allows access if the user is not yet logged in.
// Such a situation produces level 1, that is the guest level.
int level = webserver_request.session_logic ()->get_level ();
return (level == roles::guest);
}
std::string session_confirm ([[maybe_unused]] Webserver_Request& webserver_request)
{
#ifdef HAVE_CLOUD
std::string email;
const bool is_valid_confirmation = confirm::worker::handle_link (webserver_request, email);
// Handle a valid confirmation.
if (is_valid_confirmation) {
// Authenticate against local database, but skipping some checks.
if (webserver_request.session_logic()->attempt_login (email, std::string(), true, true)) {
// Log the login.
Database_Logs::log (webserver_request.session_logic ()->get_username () + " confirmed account and logged in");
// Store web site's base URL.
const std::string site_url = get_base_url (webserver_request);
database::config::general::set_site_url (site_url);
// Store account creation time.
user_logic_store_account_creation (webserver_request.session_logic ()->get_username ());
}
}
// In all cases, go to the home page.
redirect_browser (webserver_request, index_index_url());
#endif
return std::string();
}
|
