From 0c5d7a4980e530bb6118990babbeb3a2cbd40a87 Mon Sep 17 00:00:00 2001
From: Sylvain Berfini <sylvain.berfini@belledonne-communications.com>
Date: Thu, 22 Aug 2019 09:53:38 +0200
Subject: [PATCH] Added username parameter to URI sent by email to validate
 account

---
 conf/emails.conf             |  1 +
 src/misc/email.php           |  3 +-
 src/xmlrpc/accounts.php      | 78 +++++++++++++++++++-----------------
 src/xmlrpc/compatibility.php |  2 +-
 4 files changed, 46 insertions(+), 38 deletions(-)

diff --git a/conf/emails.conf b/conf/emails.conf
index bab180a..c976607 100644
--- a/conf/emails.conf
+++ b/conf/emails.conf
@@ -19,6 +19,7 @@ define("EMAIL_SITE", "https://linphone.org");
 
 /*
  * The link to open when click on activation
+ * It can have a %link% and an %username% parameter
  *
  * Default value: www.linphone.org
  */
diff --git a/src/misc/email.php b/src/misc/email.php
index a3b6be9..7b9e2fd 100644
--- a/src/misc/email.php
+++ b/src/misc/email.php
@@ -64,7 +64,7 @@ function send_email($email, $subject, $text, $html) {
 	}
 }
 
-function send_email_with_activation_link($email, $key) {
+function send_email_with_activation_link($email, $key, $username) {
 	if( !EMAIL_ENABLED ){
 		Logger::getInstance()->warning("[EMAIL] Emails are disabled");
 		return "WARNING_EMAILS_DISABLED";
@@ -76,6 +76,7 @@ function send_email_with_activation_link($email, $key) {
 	
 	$link = $pageURL . EMAIL_ACTIVATION_LINK;
 	$link = str_replace("%key%", $key, $link);
+	$link = str_replace("%username%", $username, $link);
 	Logger::getInstance()->debug("[EMAIL] Activation link is " . $link);
 	
 	$body = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY);
diff --git a/src/xmlrpc/accounts.php b/src/xmlrpc/accounts.php
index 7e6707b..4bbe940 100644
--- a/src/xmlrpc/accounts.php
+++ b/src/xmlrpc/accounts.php
@@ -520,7 +520,7 @@ function xmlrpc_create_email_account($method, $args) {
 	}
 
 	if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
-		send_email_with_activation_link($email, $account->confirmation_key);
+		send_email_with_activation_link($email, $account->confirmation_key, $account->username);
 	} else if (AUTO_ACTIVATE_ACCOUNT) {
 		//TODO
 		/*if (USE_IN_APP_PURCHASES) {
@@ -700,44 +700,11 @@ function xmlrpc_recover_account_from_confirmation_key($method, $args) {
 	return PASSWORD_NOT_FOUND;
 }
 
-// args = [username, old password, new password, [domain], [algo]]
-function xmlrpc_update_password($method, $args) {
-	$user = $args[0];
-	$domain = get_domain($args[3]);
-	$algo = get_algo($algo[4]);
-
-	Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $user . ", " . $domain . ", " . $algo . ")");
-
-	if ($algo == NULL) {
-		return ALGO_NOT_SUPPORTED;
-	}
-
-	$args[1] = hash_password($args[0], $args[1], $algo);
-	$args[2] = hash_password($args[0], $args[2], $algo);
-
-	return xmlrpc_update_hash("xmlrpc_update_password", $args);
-}
-
-// args = [username, old hash, new hash, [domain], [algo]]
-function xmlrpc_update_hash($method, $args) {
-	$user = $args[0];
-	$hashed_old_password = $args[1];
-	$hashed_new_password = $args[2];
-	$domain = get_domain($args[3]);
-	$algo = get_algo($args[4]);
-
-	Logger::getInstance()->message("[XMLRPC] xmlrpc_update_hash(" . $user . ", " . $domain . ", " . $algo . ")");
-
-	if (!check_parameter($user)) {
-		return MISSING_USERNAME_PARAM;
-	} else if ($algo == NULL) {
-		return ALGO_NOT_SUPPORTED;
-	}
-
+function update_password($username, $domain, $hashed_old_password, $hashed_new_password, $algo) {
 	$database = new Database();
 	$db = $database->getConnection();
 	$account = new Account($db);
-	$account->username = $user;
+	$account->username = $username;
 	$account->domain = $domain;
 	
 	if (!$account->getOne()) {
@@ -766,6 +733,45 @@ function xmlrpc_update_hash($method, $args) {
 	return NOK;
 }
 
+// args = [username, old password, new password, [domain], [algo]]
+function xmlrpc_update_password($method, $args) {
+	$username = $args[0];
+	$old_password = $args[1];
+	$new_password = $args[2];
+	$domain = get_domain($args[3]);
+	$algo = get_algo($algo[4]);
+
+	Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")");
+
+	if ($algo == NULL) {
+		return ALGO_NOT_SUPPORTED;
+	}
+
+	$old_hash = hash_password($username, $old_password, $domain, $algo);
+	$new_hash = hash_password($username, $new_password, $domain, $algo);
+
+	return update_password($username, $domain, $old_hash, $new_hash, $algo);
+}
+
+// args = [username, old hash, new hash, [domain], [algo]]
+function xmlrpc_update_hash($method, $args) {
+	$ususernameer = $args[0];
+	$hashed_old_password = $args[1];
+	$hashed_new_password = $args[2];
+	$domain = get_domain($args[3]);
+	$algo = get_algo($args[4]);
+
+	Logger::getInstance()->message("[XMLRPC] xmlrpc_update_hash(" . $username . ", " . $domain . ", " . $algo . ")");
+
+	if (!check_parameter($username)) {
+		return MISSING_USERNAME_PARAM;
+	} else if ($algo == NULL) {
+		return ALGO_NOT_SUPPORTED;
+	}
+
+	return update_password($username, $domain, $hashed_old_password, $hashed_new_password, $algo);
+}
+
 // args = [username, password, new email, [domain], [algo]]
 function xmlrpc_update_email($method, $args) {
 	$user = $args[0];
diff --git a/src/xmlrpc/compatibility.php b/src/xmlrpc/compatibility.php
index cc2aa28..2f95a9f 100644
--- a/src/xmlrpc/compatibility.php
+++ b/src/xmlrpc/compatibility.php
@@ -113,7 +113,7 @@ function xmlrpc_compatibility_create_account($method, $args) {
 	$password->create();
 	
 	if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) {
-		send_email_with_activation_link($account->email, $account->confirmation_key);
+		send_email_with_activation_link($account->email, $account->confirmation_key, $account->username);
 	}
 	
 	return 0;