aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-24 16:25:45 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-24 16:25:45 +0000
commiteafaae2327feb7244c37da3e94dbbc912be9db88 (patch)
tree769644201baaf38c1b5a465a5fef5d7f81683151 /engine/lib
parentcfeaf074b33716d589cec274216bb003e0e925dd (diff)
downloadelgg-eafaae2327feb7244c37da3e94dbbc912be9db88.tar.gz
elgg-eafaae2327feb7244c37da3e94dbbc912be9db88.tar.bz2
The friend invite infrastructure is now secure.
git-svn-id: https://code.elgg.org/elgg/trunk@2310 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/users.php24
1 files changed, 20 insertions, 4 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 4f6a73626..bd212570c 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -1061,11 +1061,11 @@
* @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered
* @return int|false The new user's GUID; false on failure
*/
- function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0) {
+ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
// Load the configuration
global $CONFIG;
-
+
$username = sanitise_string($username);
$password = sanitise_string($password);
$name = sanitise_string($name);
@@ -1120,10 +1120,13 @@
$user->password = generate_user_password($user, $password);
$user->save();
- // If $friend_guid has been set
+ // If $friend_guid has been set, make mutual friends
if ($friend_guid) {
if ($friend_user = get_user($friend_guid)) {
- $user->addFriend($friend_guid);
+ if ($invitecode == generate_invite_code($friend_user->username)) {
+ $user->addFriend($friend_guid);
+ $friend_user->addFriend($user->guid);
+ }
}
}
@@ -1139,6 +1142,19 @@
}
/**
+ * Generates a unique invite code for a user
+ *
+ * @param string $username The username of the user sending the invitation
+ * @return string Invite code
+ */
+ function generate_invite_code($username) {
+
+ $secret = datalist_get('__site_secret__');
+ return md5($username . $secret);
+
+ }
+
+ /**
* Adds collection submenu items
*
*/