diff options
Diffstat (limited to 'mod/uservalidationbyemail')
-rw-r--r-- | mod/uservalidationbyemail/start.php | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index 49dfdcc28..4596fd7d6 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -16,9 +16,12 @@ function uservalidationbyemail_init() { // This doesn't need to be an action because security is handled by the validation codes. register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler'); - // mark users as unvalidated when they register + // mark users as unvalidated and disable when they register register_plugin_hook('register', 'user', 'uservalidationbyemail_disable_new_user'); + // canEdit override to allow not logged in code to disable a user + register_plugin_hook('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit'); + // prevent users from logging in if they aren't validated register_plugin_hook('action', 'login', 'uservalidationbyemail_check_login_attempt'); @@ -62,6 +65,12 @@ function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) { } // disable user to prevent showing up on the site + // set context to our canEdit() override works + $context = get_context(); + set_context('uservalidationbyemail_new_user'); + $hidden_entities = access_get_show_hidden_status(); + access_show_hidden_entities(TRUE); + // Don't do a recursive disable. Any entities owned by the user at this point // are products of plugins that hook into create user and might need // access to the entities. @@ -72,10 +81,34 @@ function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) { uservalidationbyemail_set_user_validation_status($user->guid, FALSE); uservalidationbyemail_request_validation($user->guid); + set_context($context); + access_show_hidden_entities($hidden_entities); + return TRUE; } /** + * Override the canEdit() call for if we're in the context of registering a new user. + * + */ +function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) { + // $params['user'] is the user to check permissions for. + // we want the entity to check, which is a user. + $user = elgg_get_array_value('entity', $params); + + if (!($user instanceof ElggUser)) { + return NULL; + } + + $context = get_context(); + if ($context == 'uservalidationbyemail_new_user' || $context = 'uservalidationbyemail_validate_user') { + return TRUE; + } + + return NULL; +} + +/** * Checks if a login failed because the user hasn't validated his account. * * @param unknown_type $hook @@ -137,10 +170,16 @@ function uservalidationbyemail_page_handler($page) { if (($code) && ($user)) { if (uservalidationbyemail_validate_email($user_guid, $code)) { + + $context = get_context(); + set_context('uservalidationbyemail_validate_user'); + system_message(elgg_echo('email:confirm:success')); $user = get_entity($user_guid); $user->enable(); + + set_context($context); login($user); } else { register_error(elgg_echo('email:confirm:fail')); @@ -192,7 +231,7 @@ function uservalidationbyemail_check_manual_login($event, $type, $user) { access_show_hidden_entities(TRUE); // @todo register_error()? - $return = ($user instanceof ElggUser && $user->disabled == 'yes' && !$user->validated) ? FALSE : NULL; + $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL; access_show_hidden_entities($access_status); |