guid) == true) { return $value; } // disable user to prevent showing up on the site // set context so our canEdit() override works elgg_push_context('uservalidationbyemail_new_user'); $hidden_entities = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); // Don't do a recursive disable. Any entities owned by the user at this point // are products of plugins that hook into create user and might need // access to the entities. // @todo That ^ sounds like a specific case...would be nice to track it down... $user->disable('uservalidationbyemail_new_user', FALSE); // set user as unvalidated and send out validation email elgg_set_user_validation_status($user->guid, FALSE); uservalidationbyemail_request_validation($user->guid); elgg_pop_context(); access_show_hidden_entities($hidden_entities); return $value; } /** * Override the canEdit() call for if we're in the context of registering a new user. * * @param string $hook * @param string $type * @param bool $value * @param array $params * @return bool|null */ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) { // $params['user'] is the user to check permissions for. // we want the entity to check, which is a user. $user = elgg_extract('entity', $params); if (!($user instanceof ElggUser)) { return; } $context = elgg_get_context(); if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') { return TRUE; } return; } /** * Checks if an account is validated * * @params array $credentials The username and password * @return bool */ function uservalidationbyemail_check_auth_attempt($credentials) { if (!isset($credentials['username'])) { return; } $username = $credentials['username']; // See if the user exists and isn't validated $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); $user = get_user_by_username($username); if ($user && isset($user->validated) && !$user->validated) { // show an error and resend validation email uservalidationbyemail_request_validation($user->guid); access_show_hidden_entities($access_status); throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); } access_show_hidden_entities($access_status); } /** * Checks sent passed validation code and user guids and validates the user. * * @param array $page * @return bool */ function uservalidationbyemail_page_handler($page) { if (isset($page[0]) && $page[0] == 'confirm') { $code = sanitise_string(get_input('c', FALSE)); $user_guid = get_input('u', FALSE); // new users are not enabled by default. $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); $user = get_entity($user_guid); if ($code && $user) { if (uservalidationbyemail_validate_email($user_guid, $code)) { elgg_push_context('uservalidationbyemail_validate_user'); system_message(elgg_echo('email:confirm:success')); $user = get_entity($user_guid); $user->enable(); elgg_pop_context(); try { login($user); } catch(LoginException $e){ register_error($e->getMessage()); } } else { register_error(elgg_echo('email:confirm:fail')); } } else { register_error(elgg_echo('email:confirm:fail')); } access_show_hidden_entities($access_status); } else { register_error(elgg_echo('email:confirm:fail')); } // forward to front page forward(''); } /** * Make sure any admin users are automatically validated * * @param string $event * @param string $type * @param ElggUser $user */ function uservalidationbyemail_validate_new_admin_user($event, $type, $user) { if ($user instanceof ElggUser && !$user->validated) { elgg_set_user_validation_status($user->guid, TRUE, 'admin_user'); } } /** * Registers public pages to allow in the case walled garden has been enabled. */ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) { $return_value[] = 'uservalidationbyemail/confirm'; return $return_value; } /** * Prevent a manual code login with login(). * * @param string $event * @param string $type * @param ElggUser $user * @return bool * * @throws LoginException */ function uservalidationbyemail_check_manual_login($event, $type, $user) { $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) { // send new validation email uservalidationbyemail_request_validation($user->getGUID()); // restore hidden entities settings access_show_hidden_entities($access_status); // throw error so we get a nice error message throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); } access_show_hidden_entities($access_status); }