diff --git a/conf/db.conf b/conf/db.conf index 4bb2e94..469c9fa 100644 --- a/conf/db.conf +++ b/conf/db.conf @@ -92,4 +92,11 @@ define("USER_INFO_DB_TABLE", "user_info"); */ define("EXPIRATION_DELAY", 180); +/* + * The value to use in the database after a one time confirmation has been used + * + * Default value: ERROR + */ +define ("INVALID_CONFIRMATION_KEY", "ERROR"); + ?> \ No newline at end of file diff --git a/src/misc/utilities.php b/src/misc/utilities.php index 5a1792a..0190894 100644 --- a/src/misc/utilities.php +++ b/src/misc/utilities.php @@ -19,7 +19,9 @@ */ include_once __DIR__ . '/../config/config.php'; +include_once __DIR__ . '/../objects/account.php'; include_once __DIR__ . '/logging.php'; + if (EMAIL_ENABLED) { include_once __DIR__ . '/email.php'; } @@ -123,6 +125,20 @@ function password_match($pwd1, $pwd2) { return true; } +function is_key_matching($key, $account) { + $key_db = $account->confirmation_key; + if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { + if ($key_db != INVALID_CONFIRMATION_KEY) { + $account->confirmation_key = INVALID_CONFIRMATION_KEY; + $account->update(); + } + + Logger::getInstance()->error("Key doesn't match"); + return false; + } + return true; +} + // Time function time_elapsed_as_string($secs) { diff --git a/src/xmlrpc/accounts.php b/src/xmlrpc/accounts.php index ec09fd3..da73518 100644 --- a/src/xmlrpc/accounts.php +++ b/src/xmlrpc/accounts.php @@ -29,8 +29,6 @@ include_once __DIR__ . '/../misc/utilities.php'; include_once __DIR__ . '/results_values.php'; -define ("INVALID_CONFIRMATION_KEY", "ERROR"); - // args = [user, pwd, [domain], [algo]] // /!\ This method must be used for tests purposes only /!\ function xmlrpc_get_confirmation_key($method, $args) { @@ -259,17 +257,9 @@ function xmlrpc_activate_phone_account($method, $args) { return ACCOUNT_NOT_FOUND; } - $key_db = $account->confirmation_key; - if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { - if ($key_db != INVALID_CONFIRMATION_KEY) { - $account->confirmation_key = INVALID_CONFIRMATION_KEY; - $account->update(); - } - - Logger::getInstance()->error("Key doesn't match"); + if (!is_key_matching($key, $account)) { return KEY_DOESNT_MATCH; } - // Key is one time only $account->confirmation_key = INVALID_CONFIRMATION_KEY; $account->update(); @@ -445,13 +435,7 @@ function xmlrpc_activate_email_account($method, $args) { return ACCOUNT_ALREADY_ACTIVATED; } - $key_db = $account->confirmation_key; - if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { - if ($key_db != INVALID_CONFIRMATION_KEY) { - $account->confirmation_key = INVALID_CONFIRMATION_KEY; - $account->update(); - } - Logger::getInstance()->error("Key doesn't match"); + if (!is_key_matching($key, $account)) { return KEY_DOESNT_MATCH; } @@ -706,17 +690,9 @@ function xmlrpc_recover_account_from_confirmation_key($method, $args) { return ACCOUNT_NOT_FOUND; } - $key_db = $account->confirmation_key; - if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { - if ($key_db != INVALID_CONFIRMATION_KEY) { - $account->confirmation_key = INVALID_CONFIRMATION_KEY; - $account->update(); - } - - Logger::getInstance()->error("Key doesn't match"); + if (!is_key_matching($key, $account)) { return KEY_DOESNT_MATCH; } - // Key is one time only $account->confirmation_key = INVALID_CONFIRMATION_KEY; $account->update(); diff --git a/src/xmlrpc/aliases.php b/src/xmlrpc/aliases.php index 3533986..250d2b8 100644 --- a/src/xmlrpc/aliases.php +++ b/src/xmlrpc/aliases.php @@ -128,9 +128,13 @@ function xmlrpc_activate_phone_number_link($method, $args) { if (!is_activated($account->activated)) { return ACCOUNT_NOT_YET_ACTIVATED; } - if ($key != $account->confirmation_key) { + + if (!is_key_matching($key, $account)) { return KEY_DOESNT_MATCH; } + // Key is one time only + $account->confirmation_key = INVALID_CONFIRMATION_KEY; + $account->update(); $password = new Password($db); $password->account_id = $account->id;