- Email verification (regular, business owner), CLI administration

This commit is contained in:
Ty Clifford
2026-06-18 14:50:48 -04:00
parent 66f93757b6
commit cfd1fba5ab
9 changed files with 778 additions and 28 deletions
+28 -19
View File
@@ -6,7 +6,7 @@ if (setting('registration_enabled','1') !== '1') {
go('/login.php');
}
$pageTitle = 'Create Account — Discover Keyser WV';
$pageTitle = 'Create Account — My Keyser';
$errors = [];
$businessOptions = qall("SELECT id,name,address FROM businesses WHERE is_active=1 ORDER BY name");
$tier = p('member_type', 'member') === 'business_owner' ? 'business_owner' : 'member';
@@ -15,13 +15,13 @@ if (isPost()) {
csrfCheck();
if (ps('website_url') !== '' || ps('confirm_email') !== '') {
flash('Account created! Welcome to Discover Keyser WV.','success');
flash('Account created! Welcome to My Keyser.','success');
go('/index.php');
}
$formTime = (int)p('_form_time', 0);
if ($formTime && (time() - $formTime) < 3) {
flash('Account created! Welcome to Discover Keyser WV.','success');
flash('Account created! Welcome to My Keyser.','success');
go('/index.php');
}
@@ -38,12 +38,13 @@ if (isPost()) {
if (strlen($un) < 3) $errors[] = 'Username must be at least 3 characters.';
if (!preg_match('/^[a-zA-Z0-9_]+$/', $un)) $errors[] = 'Username may only contain letters, numbers, and underscores.';
if ($em && !filter_var($em, FILTER_VALIDATE_EMAIL)) $errors[] = 'Please enter a valid email address.';
if ($em === '' || !filter_var($em, FILTER_VALIDATE_EMAIL)) $errors[] = 'Please enter a valid email address.';
if (strlen($pw) < 6) $errors[] = 'Password must be at least 6 characters.';
if ($pw !== $pw2) $errors[] = 'Passwords do not match.';
if ($tos !== '1') $errors[] = 'You must agree to use this service lawfully to create an account.';
if (!$errors && qval("SELECT id FROM users WHERE username=?", [$un])) $errors[] = 'That username is already taken. Please choose another.';
if (!$errors && $em && qval("SELECT id FROM users WHERE email=?", [$em])) $errors[] = 'That email address is already registered. Try signing in instead.';
if (!$errors && qval("SELECT id FROM users WHERE email=?", [$em])) $errors[] = 'That email address is already registered. Try signing in instead.';
if (!$errors && !mailgunConfigured()) $errors[] = 'Email verification is not configured yet. Please contact the site administrator.';
$claimEdits = [
'description' => ps('claim_description'),
@@ -74,8 +75,8 @@ if (isPost()) {
if (!$errors) {
$id = qrun(
"INSERT INTO users(username,email,password)VALUES(?,?,?)",
[$un, $em ?: null, password_hash($pw, PASSWORD_BCRYPT)]
"INSERT INTO users(username,email,password,is_active,member_type)VALUES(?,?,?,?,?)",
[$un, $em, password_hash($pw, PASSWORD_BCRYPT), 0, $tier]
);
$submittedEdits = 0;
@@ -97,17 +98,25 @@ if (isPost()) {
}
}
loginUser(qone("SELECT * FROM users WHERE id=?", [$id]));
if ($tier === 'business_owner' && $claimBiz) {
$msg = 'Your account is ready. Your claim for '.$claimBiz['name'].' is queued, and we will contact you at '.$contactPhone.' within a few business days for verification.';
if ($submittedEdits) $msg .= ' '.$submittedEdits.' proposed edit'.($submittedEdits !== 1 ? 's were' : ' was').' sent to admin review.';
flash($msg, 'success');
go('/dashboard.php');
$user = qone("SELECT * FROM users WHERE id=?", [$id]);
$token = createEmailVerificationToken($id);
[$sent, $mailError] = sendVerificationEmail($user, $token);
if (!$sent) {
qrun("DELETE FROM users WHERE id=?", [$id]);
$errors[] = 'Account was not created because the verification email could not be sent: '.$mailError;
}
flash('Welcome to Discover Keyser WV, '.$un.'!', 'success');
go('/index.php');
if (!$errors) {
if ($tier === 'business_owner' && $claimBiz) {
$msg = 'Check your email to verify your account. After verification you can log in, and we will contact you at '.$contactPhone.' within a few business days for business verification.';
if ($submittedEdits) $msg .= ' '.$submittedEdits.' proposed edit'.($submittedEdits !== 1 ? 's were' : ' was').' sent to admin review.';
flash($msg, 'success');
go('/login.php');
}
flash('Check your email to verify your account before signing in.', 'success');
go('/login.php');
}
}
}
@@ -181,11 +190,11 @@ include __DIR__.'/includes/header.php';
<div class="fhint">Letters, numbers, underscores only. Min 3 characters.</div>
</div>
<div class="fg">
<label class="flabel" for="email">EMAIL ADDRESS <span style="font-weight:300;letter-spacing:0">(optional)</span></label>
<label class="flabel" for="email">EMAIL ADDRESS *</label>
<input type="email" id="email" name="email" class="finput"
value="<?=e($_POST['email']??'')?>"
autocomplete="email">
<div class="fhint">Used for account recovery and owner verification follow-up.</div>
autocomplete="email" required>
<div class="fhint">Used for email verification and account recovery.</div>
</div>
<div class="fg">
<label class="flabel" for="password">PASSWORD *</label>