c9442e39ca42ee97911eb47125a49992fcbe91fa chinhli Mon May 14 15:17:20 2012 -0700 Finalized the activation email. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index c492fca..3d9d635 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -227,36 +227,36 @@ void displayMailSuccess() /* display mail success confirmation box */ { char *email = cartUsualString(cart, "hgLogin_email", ""); char *obj=cartUsualString(cart, "hgLogin_helpWith", ""); hPrintf( "<div id=\"confirmationBox\" class=\"centeredContainer formBox\">" "\n" "<h2>UCSC Genome Browser</h2>" "<p id=\"confirmationMsg\" class=\"confirmationTxt\">An email has been sent to " " <span id=\"emailaddress\">%s</span> containing %s...</p>" "\n" "<p><a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Return to Login</a></p>", email, obj); } -void sendMail(char *email, char *subject, char *msg) +void sendMailOut(char *email, char *subject, char *msg) /* send mail to email address */ { char *hgLoginHost = wikiLinkHost(); char *obj = cartUsualString(cart, "hgLogin_helpWith", ""); -char cmd[1024]; +char cmd[4096]; safef(cmd,sizeof(cmd), "echo '%s' | mail -s \"%s\" %s" , msg, subject, email); int result = system(cmd); if (result == -1) { hPrintf( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Error emailing %s to: %s</h3>" "Click <a href=hgLogin?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", obj, email ); } else { hPrintf("<script language=\"JavaScript\">\n" @@ -265,31 +265,31 @@ "//-->" "\n" "</script>", hgLoginHost); } } void mailUsername(char *email, char *users) /* send user name list to the email address */ { char subject[256]; char msg[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "User name(s) associated with this email address at UCSC Genome Browser: \n\n %s \n", users); safecat (msg, sizeof(msg), signature); -sendMail(email, subject, msg); +sendMailOut(email, subject, msg); } void sendUsername(struct sqlConnection *conn, char *email) /* email user username(s) */ { struct sqlResult *sr; char **row; char query[256]; /* find all the user names assocaited with this email address */ char user[256]; safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) @@ -298,31 +298,31 @@ safef(user, sizeof(user), m->userName); mailUsername(email, user); } sqlFreeResult(&sr); } void mailNewPassword(char *username, char *email, char *password) /* send user new password */ { char subject[256]; char msg[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "New password for user %s: \n\n %s \n", username, password); safecat (msg, sizeof(msg), signature); -sendMail(email, subject, msg); +sendMailOut(email, subject, msg); } void displayAccHelpPage(struct sqlConnection *conn) /* draw the account help page */ { char *email = cartUsualString(cart, "hgLogin_email", ""); char *username = cartUsualString(cart, "hgLogin_userName", ""); //cartRemove(cart, "hgLogin_helpWith"); //cartRemove(cart, "hgLogin_email"); hPrintf("<script language=\"JavaScript\">\n" "<!-- " "\n" "function toggle(value){\n" "if(value=='showE')\n" "{\n" @@ -406,72 +406,79 @@ sendNewPassword(conn, username, password); return; } void clearNewPasswordFields(struct sqlConnection *conn, char *username) /* clear the newPassword fields */ { char query[256]; safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' where userName='%s'", sqlEscapeString(username)); sqlUpdate(conn, query); cartRemove(cart, "hgLogin_changeRequired"); return; } -void sendActivateMail(char *email, char *username, char *encToken) +void sendActivateMail(char *email, char *username, char *encToken, char *expireTime, char *expireDate) /* Send activation mail with token to user*/ { char subject[256]; -char msg[4064]; +char msg[4096]; char activateURL[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; char *hgLoginHost = wikiLinkHost(); +char *remoteAddr=getenv("REMOTE_ADDR"); safef(activateURL, sizeof(activateURL), "http://%s/cgi-bin/hgLogin?hgLogin.do.activateAccount=1&user=%s&token=%s\n", sqlEscapeString(hgLoginHost), sqlEscapeString(username), sqlEscapeString(encToken)); -safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); +safef(subject, sizeof(subject),"UCSC Genome Browser account e-mail address confirmation"); safef(msg, sizeof(msg), - "You have sign up an account at UCSC Genome Browser with username \"%s\". \n Please click the following link to activate the account -- \n\n%s\n\n", - username, activateURL); + "Someone, probably you from IP address %s, has requested an account %s with this e-mail address on the UCSC Genome Browser.\nTo confirm that this account really does belong to you on the UCSC Genome Browser, open this link in your browser:\ni\n%s\nIf the account is created, only you will be e-mailed this confirmation.\nIf this is *not* you, do not follow the link. This confirmation code will expire at %s, %s.\n", + remoteAddr, username, activateURL, expireTime, expireDate); safecat (msg, sizeof(msg), signature); -sendMail(email, subject, msg); +sendMailOut(email, subject, msg); } void setupNewAccount(struct sqlConnection *conn, char *email, char *username) /* Set up new user account and send activation mail to user */ { char query[256]; char *token = generateRandomPassword(); int i; unsigned char result[MD5_DIGEST_LENGTH]; char tokenMD5[MD5_DIGEST_LENGTH*2 + 1]; i = MD5_DIGEST_LENGTH; MD5((unsigned char *) token, strlen(token), result); // Convert the tokenMD5 value to string for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&tokenMD5[i*2], "%02x", result[i]); } safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),emailToken='%s', emailTokenExpires=DATE_ADD(NOW(), INTERVAL 7 DAY), accountActivated='N' where userName='%s'", sqlEscapeString(tokenMD5), sqlEscapeString(username) ); sqlUpdate(conn, query); -sendActivateMail(email, username, tokenMD5); +safef(query,sizeof(query), + "select TIME(emailTokenExpires) from gbMembers where userName='%s'", username); +char *expireTime = sqlQuickString(conn, query); +safef(query,sizeof(query), + "select DATE(emailTokenExpires) from gbMembers where userName='%s'", username); +char *expireDate = sqlQuickString(conn, query); +sendActivateMail(email, username, tokenMD5, expireTime, expireDate); return; } void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); hPrintf("<div id=\"loginBox\" class=\"centeredContainer formBox\">" "\n" "<h2>UCSC Genome Browser</h2>" "\n" "<h3>Login</h3>" "\n" "<span style='color:red;'>%s</span>" "\n", errMsg ? errMsg : ""); @@ -649,34 +656,34 @@ freez(&errMsg); errMsg = cloneString("Invalid current password."); changePasswordPage(conn); return; } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); clearNewPasswordFields(conn, user); hPrintf("<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>"); -backToDoLoginPage(1); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); +backToDoLoginPage(1); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ { hPrintf("<div id=\"signUpBox\" class=\"centeredContainer formBox\">" "<h2>UCSC Genome Browser</h2>" "\n" "<p>Signing up enables you to save multiple sessions and to share your sessions with others.</p>" "Already have an account? <a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Login</a>.<br>" "\n"); hPrintf("<h3>Sign Up</h3>" "<form method=\"post\" action=\"hgLogin\" name=\"mainForm\">" "<span style='color:red;'>%s</span>" "\n", errMsg ? errMsg : ""); @@ -796,30 +803,35 @@ /* pass all the checks, OK to create the account now */ char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "insert into gbMembers set " "userName='%s',password='%s',email='%s', " "lastUse=NOW(),accountActivated='N'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); setupNewAccount(conn, email, user); /* send out activate code mail, and display the mail confirmation box */ /* and comback here to contine back to URL */ hPrintf("<h2>UCSC Genome Browser</h2>\n" "<p align=\"left\">\n" "</p>\n" "<h3>User %s successfully added.</h3>\n", user); +cartRemove(cart, "hgLogin_email"); +cartRemove(cart, "hgLogin_email2"); +cartRemove(cart, "hgLogin_userName"); +cartRemove(cart, "user"); +cartRemove(cart, "token"); backToHgSession(1); } void accountHelp(struct sqlConnection *conn) /* email user username(s) or new password */ { // struct sqlResult *sr; // char **row; char query[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); char *username = cartUsualString(cart, "hgLogin_userName", ""); char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); /* Forgot username */ if (sameString(helpWith,"username"))