Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 80
0.00% covered (danger)
0.00%
0 / 1
CRAP
0.00% covered (danger)
0.00%
0 / 1
ucp_activate
0.00% covered (danger)
0.00%
0 / 78
0.00% covered (danger)
0.00%
0 / 1
380
0.00% covered (danger)
0.00%
0 / 1
 main
0.00% covered (danger)
0.00%
0 / 78
0.00% covered (danger)
0.00%
0 / 1
380
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14/**
15* @ignore
16*/
17if (!defined('IN_PHPBB'))
18{
19    exit;
20}
21
22/**
23* ucp_activate
24* User activation
25*/
26class ucp_activate
27{
28    var $u_action;
29
30    function main($id, $mode)
31    {
32        global $config, $phpbb_root_path, $phpEx, $request;
33        global $db, $user, $auth, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
34
35        $user_id = $request->variable('u', 0);
36        $key = $request->variable('k', '');
37
38        $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
39            FROM ' . USERS_TABLE . "
40            WHERE user_id = $user_id";
41        $result = $db->sql_query($sql);
42        $user_row = $db->sql_fetchrow($result);
43        $db->sql_freeresult($result);
44
45        if (!$user_row)
46        {
47            trigger_error('NO_USER');
48        }
49
50        if ($user_row['user_type'] <> USER_INACTIVE && !$user_row['user_newpasswd'])
51        {
52            meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
53            trigger_error('ALREADY_ACTIVATED');
54        }
55
56        if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL || $user_row['user_actkey'] !== $key)
57        {
58            trigger_error('WRONG_ACTIVATION');
59        }
60
61        // Do not allow activating by non administrators when admin activation is on
62        // Only activation type the user should be able to do is INACTIVE_REMIND
63        // or activate a new password which is not an activation state :@
64        if (!$user_row['user_newpasswd'] && $user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user'))
65        {
66            if (!$user->data['is_registered'])
67            {
68                login_box('', $user->lang['NO_AUTH_OPERATION']);
69            }
70            send_status_line(403, 'Forbidden');
71            trigger_error('NO_AUTH_OPERATION');
72        }
73
74        $update_password = ($user_row['user_newpasswd']) ? true : false;
75
76        if ($update_password)
77        {
78            $sql_ary = array(
79                'user_actkey'                => '',
80                'user_password'                => $user_row['user_newpasswd'],
81                'user_newpasswd'            => '',
82                'user_login_attempts'        => 0,
83                'reset_token'                => '',
84                'reset_token_expiration'    => 0,
85            );
86
87            $sql = 'UPDATE ' . USERS_TABLE . '
88                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
89                WHERE user_id = ' . $user_row['user_id'];
90            $db->sql_query($sql);
91
92            $user->reset_login_keys($user_row['user_id']);
93
94            $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
95                'reportee_id' => $user_row['user_id'],
96                $user_row['username']
97            ));
98        }
99
100        if (!$update_password)
101        {
102            include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
103
104            user_active_flip('activate', $user_row['user_id']);
105
106            $sql_ary = [
107                'user_actkey'                => '',
108                'reset_token'                => '',
109                'reset_token_expiration'    => 0,
110            ];
111
112            $sql = 'UPDATE ' . USERS_TABLE . '
113                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
114                WHERE user_id = {$user_row['user_id']}";
115            $db->sql_query($sql);
116
117            // Create the correct logs
118            $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE_USER', false, array(
119                'reportee_id' => $user_row['user_id']
120            ));
121
122            if ($auth->acl_get('a_user'))
123            {
124                $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE', false, array($user_row['username']));
125            }
126        }
127
128        if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password)
129        {
130            /* @var $phpbb_notifications \phpbb\notification\manager */
131            $phpbb_notifications = $phpbb_container->get('notification_manager');
132            $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
133
134            include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
135
136            $messenger = new messenger(false);
137
138            $messenger->template('admin_welcome_activated', $user_row['user_lang']);
139
140            $messenger->set_addresses($user_row);
141
142            $messenger->anti_abuse_headers($config, $user);
143
144            $messenger->assign_vars(array(
145                'USERNAME'    => html_entity_decode($user_row['username'], ENT_COMPAT))
146            );
147
148            $messenger->send($user_row['user_notify_type']);
149
150            $message = 'ACCOUNT_ACTIVE_ADMIN';
151        }
152        else
153        {
154            if (!$update_password)
155            {
156                $message = ($user_row['user_inactive_reason'] == INACTIVE_PROFILE) ? 'ACCOUNT_ACTIVE_PROFILE' : 'ACCOUNT_ACTIVE';
157            }
158            else
159            {
160                $message = 'PASSWORD_ACTIVATED';
161            }
162        }
163
164        /**
165        * This event can be used to modify data after user account's activation
166        *
167        * @event core.ucp_activate_after
168        * @var    array    user_row    Array with some user data
169        * @var    string    message        Language string of the message that will be displayed to the user
170        * @since 3.1.6-RC1
171        */
172        $vars = array('user_row', 'message');
173        extract($phpbb_dispatcher->trigger_event('core.ucp_activate_after', compact($vars)));
174
175        meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
176        trigger_error($user->lang[$message]);
177    }
178}