From eafaae2327feb7244c37da3e94dbbc912be9db88 Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 24 Oct 2008 16:25:45 +0000 Subject: The friend invite infrastructure is now secure. git-svn-id: https://code.elgg.org/elgg/trunk@2310 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/users.php | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'engine/lib/users.php') diff --git a/engine/lib/users.php b/engine/lib/users.php index 4f6a73626..bd212570c 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1061,11 +1061,11 @@ * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered * @return int|false The new user's GUID; false on failure */ - function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0) { + function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { // Load the configuration global $CONFIG; - + $username = sanitise_string($username); $password = sanitise_string($password); $name = sanitise_string($name); @@ -1120,10 +1120,13 @@ $user->password = generate_user_password($user, $password); $user->save(); - // If $friend_guid has been set + // If $friend_guid has been set, make mutual friends if ($friend_guid) { if ($friend_user = get_user($friend_guid)) { - $user->addFriend($friend_guid); + if ($invitecode == generate_invite_code($friend_user->username)) { + $user->addFriend($friend_guid); + $friend_user->addFriend($user->guid); + } } } @@ -1138,6 +1141,19 @@ return $user->getGUID(); } + /** + * Generates a unique invite code for a user + * + * @param string $username The username of the user sending the invitation + * @return string Invite code + */ + function generate_invite_code($username) { + + $secret = datalist_get('__site_secret__'); + return md5($username . $secret); + + } + /** * Adds collection submenu items * -- cgit v1.2.3