change_email.pl
Copying Source is Forbidden
262 lines of code
1
#!/usr/local/bin/perl
2
3
binmode(STDIN, ":utf8");
4
binmode(STDOUT, ":utf8");
5
6
# must have's!
7
use strict;
8
use warnings;
9
use CGI::Carp qw(fatalsToBrowser);
10
use DBI;
11
use URI::Escape;
12
13
use lib "/var/www/html/Pm";
14
15
use Html qw(pre_html_header header);
16
use Html2 qw(tag br hr embolden italicize);
17
use Bc_chef qw(cookie_get);
18
use Bc_misc qw(get_param referrer new_id);
19
use Bc_sql qw(
20
get_constant
21
sql_execute
22
user_exists
23
$QUERY_PAGE
24
$QUERY_UID
25
$LOGGEDIN
26
27
$DB
28
);
29
30
use Security qw(banned);
31
use Redir qw(error_redir notice_redir);
32
use Email qw(email_send);
33
use User qw(valid_email get_user_stat);
34
use Date qw(get_today add_date isBeforeDate);
35
36
my $DEBUG = 0;
37
38
my $output;
39
40
my $e = get_param("e");
41
my $c = get_param("c");
42
43
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
44
my $msg = "Access Denied";
45
if ($DEBUG) { $msg .= " (change_email.pl)"; }
46
$output = error_redir("/", $msg);
47
} else {
48
############################################################
49
50
### YOUR CONTENT HERE
51
52
# so what's the big idea here?
53
#
54
# smart-ass. we will get one of two parameters:
55
# e = email address
56
# c = confirmation code
57
58
if ($DEBUG) {
59
$output = pre_html_header();
60
$output .= "DEBUG MODE ENABLED" . hr . br;
61
}
62
63
if (not $LOGGEDIN) {
64
# if the user is not logged in
65
if ($DEBUG) {
66
$output .= "Not Logged in!" . br;
67
} else {
68
$output = error_redir(referrer(), "I need you to be logged in for this to work now...");
69
}
70
} elsif (not $e and not $c) {
71
# if we get no parameters
72
if ($DEBUG) {
73
$output .= "No parameters given" . br;
74
} else {
75
$output = error_redir("/", "I need something to work with now...");
76
}
77
} else {
78
# we got a parameter, or more
79
if ($e) {
80
if ($DEBUG) { $output .= "got email address: $e" . br; }
81
# check $e for 'validity"!
82
if (valid_email($e)) {
83
my $send_msg = 0;
84
85
if ($DEBUG) { $output .= "email address is valid" . br; }
86
# okay, it's not in use and it's valid
87
88
# we SHOULD check if there is already a request pending
89
# if there is, we SHOULD check if this request is stale or not
90
# if it is stale, delete the request, and build a new request
91
my $pendingsql = "select * from new_email where UID=" . $DB->quote($LOGGEDIN);
92
my $pending = sql_execute($pendingsql);
93
94
if (ref $pending eq "ARRAY") {
95
if (@$pending == 0) {
96
if ($DEBUG) { $output .= "no pending requests found" . br; }
97
98
my $code = new_id(256);
99
my $sql = "insert into new_email values (NULL, ";
100
$sql .= $DB->quote($code) . ", ";
101
$sql .= $DB->quote($LOGGEDIN) . ", ";
102
$sql .= $DB->quote($e) . ", ";
103
$sql .= $DB->quote(get_today("db", 1));
104
$sql .= ")";
105
my $result = sql_execute($sql, "change email");
106
107
if ($result == 1) {
108
if ($DEBUG) { $output .= "request posted to DB" . br; }
109
# now the msg:
110
my $link = "https://night-stand.ca/change_email.pl?c=$code";
111
my $msg = "Hello, " . get_user_stat($LOGGEDIN, "nickname") . ",\n\n";
112
$msg .= "You are receiving this message because a request was logged to change your current email address at Night Stand\n";
113
$msg .= "to the email address this message was sent to. if you received this message in error, you may simply ignore it.\n";
114
$msg .= "The request will expire after a few days.\n\n";
115
$msg .= "Click the link below to confirm the change of your email address at Night Stand to this email address.\n\n";
116
$msg .= "$link\n\n";
117
118
email_send($e, "Email Change Request", $msg);
119
120
if ($DEBUG) {
121
$output .= "Message sent to $e\n";
122
} else {
123
$output = notice_redir(referrer(), "Message Sent to $e");
124
}
125
} else {
126
if ($DEBUG) {
127
$output .= "Data could not be stored: $result (" . DBI->errstr . ")" . br;
128
} else {
129
$output = error_redir(referrer(), "Bad code, bad!");
130
}
131
}
132
} else {
133
if ($DEBUG) {
134
$output .= "Request already pending" . br;
135
} else {
136
$output = error_redir(referrer(), "Bad code, bad!");
137
}
138
}
139
} elsif (ref $pending eq "HASH") {
140
# one pending request
141
142
if (ref $pending eq "HASH") {
143
# just one request pending
144
if ($DEBUG) { $output .= "request pending ($pending->{code}: $pending->{UID})" . br; }
145
146
# add four days to the date request was made
147
# if that works out to a date before today,
148
# then the request is expired.
149
my $expired = isBeforeDate(add_date($pending->{date}, 4, "d"), get_today("db", 1));
150
151
if ($expired) {
152
if ($DEBUG) { $output .= "pending request is expired" . br; }
153
my $removesql = "delete from new_email where code=" . $DB->($pending->{code});
154
my $removed = sql_execute($removesql);
155
156
if ($removed) {
157
if ($DEBUG) {
158
$output .= "stale request found and deleted" . br;
159
} else {
160
$output = error_redir(referrer(), "Bad code, bad!");
161
}
162
} else {
163
if ($DEBUG) {
164
$output .= "could not remove stale request" . br;
165
} else {
166
$output = error_redir(referrer(), "A glitch in the matrix?!");
167
}
168
}
169
} else {
170
# a fresh request exists
171
if ($DEBUG) {
172
$output .= "fresh request is already pending" . br;
173
} else {
174
$output = error_redir(referrer(), "Request already pending! Check email, or try this again in a few days");
175
}
176
}
177
} elsif (ref $pending eq "ARRAY") {
178
if ($DEBUG) { $output .= "two or more requests pending" . br; }
179
} else {
180
if ($DEBUG) { $output .= "\$pending is neither a hash nor an array reference: $pending" . br; }
181
}
182
} else {
183
# odd, this shouldn't happen
184
if ($DEBUG) {
185
$output .= "wtf??" . br;
186
} else {
187
$output = error_redir(referrer(), "wtf?");
188
}
189
}
190
191
# now check if we can insert the data?
192
} else {
193
if ($DEBUG) {
194
$output .= "Invalid email address" . br;
195
} else {
196
$output = error_redir(referrer(), "Invalid email address");
197
}
198
}
199
200
} elsif ($c) {
201
if ($DEBUG) { $output .= "got code: $c" . br; }
202
# user has clicked link in msg sent to new email address
203
204
# grab the data from "new_email" table
205
my $sql = "select * from new_email where code=" . $DB->quote($c);
206
my $result = sql_execute($sql);
207
208
if (ref $result eq "HASH") {
209
if ($DEBUG) { $output .= "request exists: $result ($result->{ID}" . br; }
210
211
if ($LOGGEDIN eq $result->{UID}) {
212
if ($DEBUG) { $output .= "UID's match" . br; }
213
214
my $updatesql = "update users set email=" . $DB->quote($result->{email}) . " where ID=" . $DB->quote($result->{UID});
215
my $update = sql_execute($updatesql);
216
if ($update) {
217
if ($DEBUG) { $output .= "email address updated" . br; }
218
my $clearsql = "delete from new_email where code=" . $DB->quote($c);
219
my $clear = sql_execute($clearsql);
220
if ($clear) {
221
if ($DEBUG) {
222
$output .= "email address updated, and request cleared" . br;
223
} else {
224
$output = notice_redir(referrer(), "update of email address successful");
225
}
226
} else {
227
if ($DEBUG) {
228
$output .= "email updated, but could not clear request" . br;
229
} else {
230
$output = error_redir(referrer(), "update of email address successful, but couldn't clear change request!");
231
}
232
}
233
} else {
234
if ($DEBUG) {
235
$output .= "update of email address failed!" . br;
236
} else {
237
$output = error_redir(referrer(), "update of email address failed!\n");
238
}
239
}
240
} else {
241
if ($DEBUG) {
242
$output .= "UID's don not match ($LOGGEDIN != $result->{UID})" . br;
243
} else {
244
$output = error_redir(referrer(), "Bad code, bad!");
245
}
246
}
247
} else {
248
if ($DEBUG) {
249
$output .= "Invalid code" . br;
250
} else {
251
$output = error_redir("/", "Bad code, bad!");
252
}
253
}
254
}
255
}
256
257
############################################################
258
}
259
260
print $output;
261
262
exit 1;