Factorized code for confirmation key matching

conf/db.conf

@@ -92,4 +92,11 @@ define("USER_INFO_DB_TABLE", "user_info");
  */
 define("EXPIRATION_DELAY", 180);
 
+/*
+ * The value to use in the database after a one time confirmation has been used
+ *
+ * Default value: ERROR
+ */
+define ("INVALID_CONFIRMATION_KEY", "ERROR");
+
 ?>

src/misc/utilities.php

@@ -19,7 +19,9 @@
 */
 
 include_once __DIR__ . '/../config/config.php';
+include_once __DIR__ . '/../objects/account.php';
 include_once __DIR__ . '/logging.php';
+
 if (EMAIL_ENABLED) {
 	include_once __DIR__ . '/email.php';
 }
@@ -123,6 +125,20 @@ function password_match($pwd1, $pwd2) {
 	return true;
 }
 
+function is_key_matching($key, $account) {
+	$key_db = $account->confirmation_key;
+	if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
+		if ($key_db != INVALID_CONFIRMATION_KEY) {
+			$account->confirmation_key = INVALID_CONFIRMATION_KEY;
+			$account->update();
+		}
+		
+		Logger::getInstance()->error("Key doesn't match");
+		return false;
+	}
+	return true;
+}
+
 // Time
 
 function time_elapsed_as_string($secs) {

src/xmlrpc/accounts.php

@@ -29,8 +29,6 @@ include_once __DIR__ . '/../misc/utilities.php';
 
 include_once __DIR__ . '/results_values.php';
 
-define ("INVALID_CONFIRMATION_KEY", "ERROR");
-
 // args = [user, pwd, [domain], [algo]]
 // /!\ This method must be used for tests purposes only /!\
 function xmlrpc_get_confirmation_key($method, $args) {
@@ -259,17 +257,9 @@ function xmlrpc_activate_phone_account($method, $args) {
 		return ACCOUNT_NOT_FOUND;
 	}
 
-	$key_db = $account->confirmation_key;
-	if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
-		if ($key_db != INVALID_CONFIRMATION_KEY) {
-			$account->confirmation_key = INVALID_CONFIRMATION_KEY;
-			$account->update();
-		}
-		
-		Logger::getInstance()->error("Key doesn't match");
+	if (!is_key_matching($key, $account)) {
 		return KEY_DOESNT_MATCH;
 	}
-
 	// Key is one time only
 	$account->confirmation_key = INVALID_CONFIRMATION_KEY;
 	$account->update();
@@ -445,13 +435,7 @@ function xmlrpc_activate_email_account($method, $args) {
 		return ACCOUNT_ALREADY_ACTIVATED;
 	}
 
-	$key_db = $account->confirmation_key;
-	if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
-		if ($key_db != INVALID_CONFIRMATION_KEY) {
-			$account->confirmation_key = INVALID_CONFIRMATION_KEY;
-			$account->update();
-		}
-		Logger::getInstance()->error("Key doesn't match");
+	if (!is_key_matching($key, $account)) {
 		return KEY_DOESNT_MATCH;
 	}
 
@@ -706,17 +690,9 @@ function xmlrpc_recover_account_from_confirmation_key($method, $args) {
 		return ACCOUNT_NOT_FOUND;
 	}
 
-	$key_db = $account->confirmation_key;
-	if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) {
-		if ($key_db != INVALID_CONFIRMATION_KEY) {
-			$account->confirmation_key = INVALID_CONFIRMATION_KEY;
-			$account->update();
-		}
-		
-		Logger::getInstance()->error("Key doesn't match");
+	if (!is_key_matching($key, $account)) {
 		return KEY_DOESNT_MATCH;
 	}
-
 	// Key is one time only
 	$account->confirmation_key = INVALID_CONFIRMATION_KEY;
 	$account->update();

src/xmlrpc/aliases.php

@@ -128,9 +128,13 @@ function xmlrpc_activate_phone_number_link($method, $args) {
 	if (!is_activated($account->activated)) {
 		return ACCOUNT_NOT_YET_ACTIVATED;
 	}
-	if ($key != $account->confirmation_key) {
+	
+	if (!is_key_matching($key, $account)) {
 		return KEY_DOESNT_MATCH;
 	}
+	// Key is one time only
+	$account->confirmation_key = INVALID_CONFIRMATION_KEY;
+	$account->update();
 
 	$password = new Password($db);
 	$password->account_id = $account->id;