diff options
| author | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-10-24 16:25:45 +0000 |
|---|---|---|
| committer | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-10-24 16:25:45 +0000 |
| commit | eafaae2327feb7244c37da3e94dbbc912be9db88 (patch) | |
| tree | 769644201baaf38c1b5a465a5fef5d7f81683151 /engine | |
| parent | cfeaf074b33716d589cec274216bb003e0e925dd (diff) | |
| download | elgg-eafaae2327feb7244c37da3e94dbbc912be9db88.tar.gz elgg-eafaae2327feb7244c37da3e94dbbc912be9db88.tar.bz2 | |
The friend invite infrastructure is now secure.
git-svn-id: https://code.elgg.org/elgg/trunk@2310 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
| -rw-r--r-- | engine/lib/users.php | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index 4f6a73626..bd212570c 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1061,11 +1061,11 @@ * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered
* @return int|false The new user's GUID; false on failure
*/
- function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0) {
+ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
// Load the configuration
global $CONFIG; - +
$username = sanitise_string($username); $password = sanitise_string($password); $name = sanitise_string($name); @@ -1120,10 +1120,13 @@ $user->password = generate_user_password($user, $password);
$user->save();
- // If $friend_guid has been set
+ // If $friend_guid has been set, make mutual friends
if ($friend_guid) {
if ($friend_user = get_user($friend_guid)) {
- $user->addFriend($friend_guid);
+ if ($invitecode == generate_invite_code($friend_user->username)) {
+ $user->addFriend($friend_guid);
+ $friend_user->addFriend($user->guid);
+ }
}
}
@@ -1139,6 +1142,19 @@ }
/**
+ * Generates a unique invite code for a user
+ *
+ * @param string $username The username of the user sending the invitation
+ * @return string Invite code
+ */
+ function generate_invite_code($username) {
+
+ $secret = datalist_get('__site_secret__');
+ return md5($username . $secret);
+
+ }
+
+ /**
* Adds collection submenu items
*
*/
|