c107fc194f69e733eaff58e585899a97dad0f7ec
chinhli
Mon May 7 01:51:00 2012 -0700
Send activation mail to user
diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 8f06ff8..7155704 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -82,31 +82,31 @@
"<div id=\"confirmationBox\" class=\"centeredContainer formBox\">"
"\n"
"<h2>UCSC Genome Browser</h2>"
"<p id=\"confirmationMsg\" class=\"confirmationTxt\">An email has been sent to "
" <span id=\"emailaddress\">%s</span> containing %s...</p>"
"\n"
"<p><a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Return to Login</a></p>"
, email
, obj
);
}
void sendMail(char *email, char *subject, char *msg)
{
char *hgLoginHost = wikiLinkHost();
char *obj = cartUsualString(cart, "hgLogin_helpWith", "");
-char cmd[256];
+char cmd[1024];
safef(cmd,sizeof(cmd),
"echo '%s' | mail -s \"%s\" %s" , msg, subject, email);
int result = system(cmd);
if (result == -1)
{
hPrintf(
"<h2>UCSC Genome Browser</h2>"
"<p align=\"left\">"
"</p>"
"<h3>Error emailing %s to: %s</h3>"
"Click <a href=hgLogin?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>"
, obj
, email
);
}
@@ -172,75 +172,147 @@
encryptNewPwd(password, encPwd, sizeof(encPwd));
safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='%s', newPasswordExpire=DATE_ADD(NOW(), INTERVAL 7 DAY), passwordChangeRequired='Y' where userName='%s'",
sqlEscapeString(encPwd), sqlEscapeString(username));
sqlUpdate(conn, query);
sendNewPassword(conn, username, password);
return;
}
void sendNewPassword(struct sqlConnection *conn, char *username, char *password)
/* email user new password */
{
struct sqlResult *sr;
char query[256];
-/* find all the user names assocaited with this email address */
+/* find email address assocaited with this username */
safef(query,sizeof(query),"select email from gbMembers where userName='%s'", username);
char *email = sqlQuickString(conn, query);
if (!email || sameString(email,""))
{
freez(&errMsg);
errMsg = cloneString("Email address not found.");
displayAccHelpPage(conn);
return;
}
mailNewPassword(username, email, password);
sqlFreeResult(&sr);
}
void mailNewPassword(char *username, char *email, char *password)
/* send user new password */
{
char subject[256];
char msg[256];
char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu ";
safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser");
safef(msg, sizeof(msg), "New password for user %s: \n\n %s \n", username, password);
safecat (msg, sizeof(msg), signature);
sendMail(email, subject, msg);
}
/*************** to-do below *********************/
+void setupNewAccount(struct sqlConnection *conn, char *email, char *username)
+/* Send an activation mail to user */
+{
+char query[256];
+char *token = generateRandomPassword();
+// char encToken[45] = "";
+// encryptNewPwd(token, encToken, sizeof(encToken));
+
+ int i;
+ unsigned char result[MD5_DIGEST_LENGTH];
+ char tokenMD5[MD5_DIGEST_LENGTH*2 + 1];
+ i = MD5_DIGEST_LENGTH;
+ // /*DEBUG*/ printf("MD5_DIGEST_LENGT is -- %d\n",i);
+ MD5((unsigned char *) token, strlen(token), result);
+ // output
+/****************************************************** DEBUG
+ printf("result array:\n");
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+ printf("%02x", result[i]);
+ printf("\n");
+************************************************************/
+ // Convert the tokenMD5 value to string
+ // /* DEBUG */ printf("Convert result to tokenMD5 .......\n");
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+ {
+ sprintf(&tokenMD5[i*2], "%02x", result[i]);
+ }
+safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),emailToken='%s', emailTokenExpires=DATE_ADD(NOW(), INTERVAL 7 DAY), accountActivated='N' where userName='%s'"
+// , sqlEscapeString(encToken)
+, sqlEscapeString(tokenMD5)
+, sqlEscapeString(username)
+);
+sqlUpdate(conn, query);
+// sendActivateMail(email, username, encToken);
+sendActivateMail(email, username, tokenMD5);
+return;
+}
+
+void sendActivateMail(char *email, char *username, char *encToken)
+/* Send activation mail with token to user*/
+{
+char subject[256];
+char msg[4064];
+char activateURL[256];
+char *hgLoginHost = wikiLinkHost();
+safef(activateURL, sizeof(activateURL),
+ "http://%s/cgi-bin/hgLogin?do.activateAccount=1&user=%s&token=%s\n"
+, sqlEscapeString(hgLoginHost)
+, sqlEscapeString(username)
+, sqlEscapeString(encToken)
+);
+
+char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu ";
+safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser");
+safef(msg, sizeof(msg),
+"You have sign up an account at UCSC Genome Browser with username \"%s\". \n Please click the following link to activate the account -- \n\n%s\n\n"
+, username
+, activateURL
+);
+safecat (msg, sizeof(msg), signature);
+sendMail(email, subject, msg);
+}
+
void activateAccount(struct sqlConnection *conn)
/* activate account */
{
// struct sqlResult *sr;
// char **row;
char query[256];
-char *token = cgiUsualString("hgLogin_activateAccount", "");
-safef(query,sizeof(query),"Token is %s ", token);
-if (!sameString(token,""))
+char *token = cgiUsualString("token", "");
+char *username = cgiUsualString("user","");
+safef(query,sizeof(query),
+ "select emailToken from gbMembers where userName='%s'", username);
+char *emailToken = sqlQuickString(conn, query);
+hPrintf("<p>emailToken in DB: %s token: %s</P>", emailToken, token);
+if (sameString(emailToken, token))
{
+ safef(query,sizeof(query), "update gbMembers set lastUse=NOW(), dateActivated=NOW(), emailToken='', emailTokenExpires='', accountActivated='Y' where userName='%s'"
+ , username
+ );
+ sqlUpdate(conn, query);
+} else {
freez(&errMsg);
- errMsg = cloneString(query);
+ errMsg = cloneString("Token does not match.");
+}
displayLoginPage(conn);
return;
}
-}
/* -------- password functions ---- */
void cryptWikiWay(char *password, char *salt, char* result)
// encrypt password as mediawiki does: ':B:'.$salt.':'. md5($salt.'-'.md5($password )
{
int i;
unsigned char result1[MD5_DIGEST_LENGTH];
unsigned char result2[MD5_DIGEST_LENGTH];
char firstMD5[MD5_DIGEST_LENGTH*2 + 1];
char secondMD5[MD5_DIGEST_LENGTH*2 + 1];
i = MD5_DIGEST_LENGTH;
// /*DEBUG*/ printf("MD5_DIGEST_LENGT is -- %d\n",i);
MD5((unsigned char *) password, strlen(password), result1);
// output
/****************************************************** DEBUG
@@ -765,31 +837,31 @@
{
freez(&errMsg);
errMsg = cloneString("Passwords do not match.");
signupPage(conn);
return;
}
/* pass all the checks, OK to create the account now */
char encPwd[45] = "";
encryptNewPwd(password, encPwd, sizeof(encPwd));
safef(query,sizeof(query), "insert into gbMembers set "
"userName='%s',password='%s',email='%s', "
"lastUse=NOW(),accountActivated='N'",
sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email));
sqlUpdate(conn, query);
-
+setupNewAccount(conn, email, user);
/* send out activate code mail, and display the main confirmation box */
/* and comback here to contine back to URL */
hPrintf(
"<h2>UCSC Genome Browser</h2>\n"
"<p align=\"left\">\n"
"</p>\n"
"<h3>User %s successfully added.</h3>\n"
, user
);
/* TODO: cleanup the hgLogin_xxxx vars in the cart */
backToHgSession(2);
}
void displayAccHelpPage(struct sqlConnection *conn)
@@ -899,31 +971,30 @@
displayAccHelpPage(conn);
return;
} else {
safef(query,sizeof(query),
"select password from gbMembers where userName='%s'", username);
char *password = sqlQuickString(conn, query);
if (!password)
{
freez(&errMsg);
errMsg = cloneString("Username not found.");
displayAccHelpPage(conn);
return;
}
}
lostPassword(conn, username);
- //sendNewPassword(conn, username, password);
return;
}
// cartRemove(cart, "hgLogin_helpWith");
// cartRemove(cart, "hgLogin_email");
// cartRemove(cart, "hgLogin_userName");
displayAccHelpPage(conn);
return;
}
void clearNewPasswordFields(struct sqlConnection *conn, char *username)
/* clear the newPassword fields */
{
char query[256];
safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' where userName='%s'",
sqlEscapeString(username));
@@ -1244,31 +1315,31 @@
if (cartVarExists(cart, "debug"))
debugShowAllMembers(conn);
else if (cartVarExists(cart, "hgLogin.do.changePasswordPage"))
changePasswordPage(conn);
else if (cartVarExists(cart, "hgLogin.do.changePassword"))
changePassword(conn);
else if (cartVarExists(cart, "hgLogin.do.displayUserInfo"))
displayUserInfo(conn);
else if (cartVarExists(cart, "hgLogin.do.displayAccHelpPage"))
displayAccHelpPage(conn);
else if (cartVarExists(cart, "hgLogin.do.accountHelp"))
accountHelp(conn);
else if (cartVarExists(cart, "hgLogin.do.activateAccount"))
activateAccount(conn);
else if (cartVarExists(cart, "hgLogin.do.displayMailSuccess"))
- displayMailSuccess(conn);
+ displayMailSuccess();
else if (cartVarExists(cart, "hgLogin.do.displayLoginPage"))
displayLoginPage(conn);
else if (cartVarExists(cart, "hgLogin.do.displayLogin"))
displayLogin(conn);
else if (cartVarExists(cart, "hgLogin.do.displayLogout"))
displayLogoutSuccess();
else if (cartVarExists(cart, "hgLogin.do.signup"))
signup(conn);
else
signupPage(conn);
hDisconnectCentral(&conn);
cartRemovePrefix(cart, "hgLogin.do.");