Add support for backup email addresses

Support secondary email addresses that can be used to recover an account in case access to the primary email address is lost. Reset keys for an account are always sent to both the primary and the backup email address. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
author: Lukas Fleischer <lfleischer@archlinux.org> 2020-01-30 17:15:33 +0100
committer: Lukas Fleischer <lfleischer@archlinux.org> 2020-02-02 12:12:42 +0100
commit: ee2aa9755fa3c94e8c8a697c3f7a9627027994d5 (patch)
tree: ab1ae6b7628036abd7ba0bb28737cf41bfb51a6b /web
parent: e5a839bf0b9884e2a015b3f0b3fdbf23d1a1654c (diff)
download: aur-ee2aa9755fa3c94e8c8a697c3f7a9627027994d5.tar.gz
aur-ee2aa9755fa3c94e8c8a697c3f7a9627027994d5.tar.xz
6 files changed, 32 insertions, 10 deletions
diff --git a/web/html/account.php b/web/html/account.php
index ff9aba5b..c05d136d 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -33,6 +33,7 @@ if ($action == "UpdateAccount") {
 			in_request("T"),
 			in_request("S"),
 			in_request("E"),
+			in_request("BE"),
 			in_request("H"),
 			in_request("P"),
 			in_request("C"),
@@ -97,6 +98,7 @@ if (isset($_COOKIE["AURSID"])) {
 					$row["AccountTypeID"],
 					$row["Suspended"],
 					$row["Email"],
+					$row["BackupEmail"],
 					$row["HideEmail"],
 					"",
 					"",
@@ -159,6 +161,7 @@ if (isset($_COOKIE["AURSID"])) {
 				in_request("T"),
 				in_request("S"),
 				in_request("E"),
+				in_request("BE"),
 				in_request("H"),
 				in_request("P"),
 				in_request("C"),
diff --git a/web/html/login.php b/web/html/login.php
index df517055..01454414 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -26,7 +26,7 @@ html_header('AUR ' . __("Login"));
 			<ul class="errorlist"><li><?= $login_error ?></li></ul>
 			<?php endif; ?>
 			<p>
-				<label for="id_username"><?= __('User name or email address') . ':'; ?></label>
+				<label for="id_username"><?= __('User name or primary email address') . ':'; ?></label>
 				<input id="id_username" type="text" name="user" size="30" maxlength="<?= max(config_get_int('options', 'username_max_len'), 254); ?>" value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>" autofocus="autofocus" />
 			</p>
 			<p>
diff --git a/web/html/passreset.php b/web/html/passreset.php
index b3c8bd29..26b9bbbb 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -65,7 +65,7 @@ html_header(__("Password Reset"));
 	<form action="" method="post">
 		<table>
 			<tr>
-				<td><?= __("Confirm your e-mail address:"); ?></td>
+				<td><?= __("Confirm your user name or primary e-mail address:"); ?></td>
 				<td><input type="text" name="user" size="30" maxlength="64" /></td>
 			</tr>
 			<tr>
@@ -81,14 +81,14 @@ html_header(__("Password Reset"));
 		<input type="submit" class="button" value="<?= __('Continue') ?>" />
 	</form>
 	<?php else: ?>
-	<p><?= __('If you have forgotten the e-mail address you used to register, please send a message to the %saur-general%s mailing list.',
+	<p><?= __('If you have forgotten the user name and the primary e-mail address you used to register, please send a message to the %saur-general%s mailing list.',
 	'<a href="https://mailman.archlinux.org/mailman/listinfo/aur-general">',
 	'</a>'); ?></p>
 	<?php if ($error): ?>
 	<ul class="errorlist"><li><?= $error ?></li></ul>
 	<?php endif; ?>
 	<form action="" method="post">
-		<p><?= __("Enter your user name or your e-mail address:"); ?>
+		<p><?= __("Enter your user name or your primary e-mail address:"); ?>
 		<input type="text" name="user" size="30" maxlength="64" /></p>
 		<input type="submit" class="button" value="<?= __('Continue') ?>" />
 	</form>
diff --git a/web/html/register.php b/web/html/register.php
index 610befc4..fee0a68f 100644
--- a/web/html/register.php
+++ b/web/html/register.php
@@ -23,6 +23,7 @@ if (in_request("Action") == "NewAccount") {
 		1,
 		0,
 		in_request("E"),
+		in_request("BE"),
 		in_request("H"),
 		'',
 		'',
@@ -52,6 +53,7 @@ if (in_request("Action") == "NewAccount") {
 			1,
 			0,
 			in_request("E"),
+			in_request("BE"),
 			in_request("H"),
 			'',
 			'',
@@ -75,7 +77,7 @@ if (in_request("Action") == "NewAccount") {
 	}
 } else {
 	print '<p>' . __("Use this form to create an account.") . '</p>';
-	display_account_form("NewAccount", "", "", "", "", "", "", "", "", $LANG);
+	display_account_form("NewAccount", "", "", "", "", "", "", "", "", "", $LANG);
 }
 
 echo '</div>';
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index f6cda69c..443fb4b1 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -46,6 +46,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  * @param string $T The account type of the displayed user
  * @param string $S Whether the displayed user has a suspended account
  * @param string $E The e-mail address of the displayed user
+ * @param string $BE The backup e-mail address of the displayed user
  * @param string $H Whether the e-mail address of the displayed user is hidden
  * @param string $P The password value of the displayed user
  * @param string $C The confirmed password value of the displayed user
@@ -67,7 +68,7 @@ function html_format_pgp_fingerprint($fingerprint) {
  *
  * @return void
  */
-function display_account_form($A,$U="",$T="",$S="",$E="",$H="",$P="",$C="",$R="",
+function display_account_form($A,$U="",$T="",$S="",$E="",$BE="",$H="",$P="",$C="",$R="",
 		$L="",$TZ="",$HP="",$I="",$K="",$PK="",$J="",$CN="",$UN="",$ON="",$UID=0,$N="",$captcha_salt="",$captcha="") {
 	global $SUPPORTED_LANGS;
 
@@ -95,6 +96,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$H="",$P="",$C="",$R=""
  * @param string $T The account type for the user
  * @param string $S Whether or not the account is suspended
  * @param string $E The e-mail address for the user
+ * @param string $BE The backup e-mail address for the user
  * @param string $H Whether or not the e-mail address should be hidden
  * @param string $P The password for the user
  * @param string $C The confirmed password for the user
@@ -117,7 +119,7 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$H="",$P="",$C="",$R=""
  *
  * @return array Boolean indicating success and message to be printed
  */
-function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C="",
+function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$BE="",$H="",$P="",$C="",
 		$R="",$L="",$TZ="",$HP="",$I="",$K="",$PK="",$J="",$CN="",$UN="",$ON="",$UID=0,$N="",$passwd="",$captcha_salt="",$captcha="") {
 	global $SUPPORTED_LANGS;
 
@@ -175,6 +177,9 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
 	if (!$error && !valid_email($E)) {
 		$error = __("The email address is invalid.");
 	}
+	if (!$error && $BE && !valid_email($BE)) {
+		$error = __("The backup email address is invalid.");
+	}
 
 	if (!$error && !empty($HP) && !valid_homepage($HP)) {
 		$error = __("The home page is invalid, please specify the full HTTP(s) URL.");
@@ -311,6 +316,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
 		}
 		$U = $dbh->quote($U);
 		$E = $dbh->quote($E);
+		$BE = $dbh->quote($BE);
 		$P = $dbh->quote($P);
 		$R = $dbh->quote($R);
 		$L = $dbh->quote($L);
@@ -319,9 +325,9 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
 		$I = $dbh->quote($I);
 		$K = $dbh->quote(str_replace(" ", "", $K));
 		$q = "INSERT INTO Users (AccountTypeID, Suspended, ";
-		$q.= "InactivityTS, Username, Email, Passwd , ";
+		$q.= "InactivityTS, Username, Email, BackupEmail, Passwd , ";
 		$q.= "RealName, LangPreference, Timezone, Homepage, IRCNick, PGPKey) ";
-		$q.= "VALUES (1, 0, 0, $U, $E, $P, $R, $L, $TZ, ";
+		$q.= "VALUES (1, 0, 0, $U, $E, $BE, $P, $R, $L, $TZ, ";
 		$q.= "$HP, $I, $K)";
 		$result = $dbh->exec($q);
 		if (!$result) {
@@ -374,6 +380,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
 			$q.= ", Suspended = 0";
 		}
 		$q.= ", Email = " . $dbh->quote($E);
+		$q.= ", BackupEmail = " . $dbh->quote($BE);
 		if ($H) {
 			$q.= ", HideEmail = 1";
 		} else {
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 09d65c0f..edacbbf3 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -76,12 +76,22 @@
 			<label for="id_email"><?= __("Email Address") ?>:</label>
 			<input type="text" size="30" maxlength="254" name="E" id="id_email" value="<?= htmlspecialchars($E,ENT_QUOTES) ?>" /> (<?= __("required") ?>)
 		</p>
-
 		<p>
 			<em><?= __("Please ensure you correctly entered your email address, otherwise you will be locked out.") ?></em>
 		</p>
 
 		<p>
+			<label for="id_backup_email"><?= __("Backup Email Address") ?>:</label>
+			<input type="text" size="30" maxlength="254" name="BE" id="id_backup_email" value="<?= htmlspecialchars($BE, ENT_QUOTES) ?>" />
+		</p>
+		<p>
+			<em>
+				<?= __("Optionally provide a secondary email address that can be used to restore your account in case you lose access to your primary email address.") ?>
+				<?= __("Password reset links are always sent to both your primary and your backup email address.") ?>
+			</em>
+		</p>
+
+		<p>
 			<label for="id_hide"><?= __("Hide Email Address") ?>:</label>
 			<input type="checkbox" name="H" id="id_hide" <?= $H ? 'checked="checked"' : '' ?> />
 		</p>
author	Lukas Fleischer <lfleischer@archlinux.org>	2020-01-30 17:15:33 +0100
committer	Lukas Fleischer <lfleischer@archlinux.org>	2020-02-02 12:12:42 +0100
commit	ee2aa9755fa3c94e8c8a697c3f7a9627027994d5 (patch)
tree	ab1ae6b7628036abd7ba0bb28737cf41bfb51a6b /web
parent	e5a839bf0b9884e2a015b3f0b3fdbf23d1a1654c (diff)
download	aur-ee2aa9755fa3c94e8c8a697c3f7a9627027994d5.tar.gz aur-ee2aa9755fa3c94e8c8a697c3f7a9627027994d5.tar.xz