# HG changeset patch # User Dan # Date 1183052980 14400 # Node ID 7e8fd44b36b0a3db9f8915743f9bad227bfbbad1 # Parent e5484a9e0818e8721b313e622838c4b7eb3a1dc4 COPPA support added diff -r e5484a9e0818 -r 7e8fd44b36b0 includes/clientside/static/ajax.js --- a/includes/clientside/static/ajax.js Thu Jun 28 11:13:39 2007 -0400 +++ b/includes/clientside/static/ajax.js Thu Jun 28 13:49:40 2007 -0400 @@ -582,7 +582,7 @@ } }); - return true; + return false; } diff -r e5484a9e0818 -r 7e8fd44b36b0 includes/common.php --- a/includes/common.php Thu Jun 28 11:13:39 2007 -0400 +++ b/includes/common.php Thu Jun 28 13:49:40 2007 -0400 @@ -209,7 +209,7 @@ define('ENANO_MAINSTREAM', ''); // If the site is disabled, bail out, unless we're trying to log in or administer the site -if(getConfig('site_disabled') == '1') +if(getConfig('site_disabled') == '1' && $session->user_level < USER_LEVEL_ADMIN) { if ( $paths->namespace == 'Admin' || ( $paths->namespace == 'Special' && ( $paths->cpage['urlname_nons'] == 'CSS' || $paths->cpage['urlname_nons'] == 'Administration' || $paths->cpage['urlname_nons'] == 'Login' ) ) ) { @@ -230,6 +230,10 @@ die_semicritical('Site disabled', $text); } } +else if(getConfig('site_disabled') == '1' && $session->user_level >= USER_LEVEL_ADMIN) +{ + $template->site_disabled = true; +} $code = $plugins->setHook('session_started'); foreach ( $code as $cmd ) diff -r e5484a9e0818 -r 7e8fd44b36b0 includes/paths.php --- a/includes/paths.php Thu Jun 28 11:13:39 2007 -0400 +++ b/includes/paths.php Thu Jun 28 13:49:40 2007 -0400 @@ -84,6 +84,7 @@ $this->addAdminNode('Appearance', 'Manage themes', 'ThemeManager'); $this->addAdminNode('Users', 'Manage users', 'UserManager'); $this->addAdminNode('Users', 'Edit groups', 'GroupManager'); + $this->addAdminNode('Users', 'COPPA support', 'COPPA'); $this->addAdminNode('Users', 'Ban control', 'BanControl'); $this->addAdminNode('Users', 'Mass e-mail', 'MassEmail'); diff -r e5484a9e0818 -r 7e8fd44b36b0 includes/sessions.php --- a/includes/sessions.php Thu Jun 28 11:13:39 2007 -0400 +++ b/includes/sessions.php Thu Jun 28 13:49:40 2007 -0400 @@ -1296,9 +1296,10 @@ * @param string $password This should be unencrypted. * @param string $email * @param string $real_name Optional, defaults to ''. + * @param bool $coppa Optional. If true, the account is not activated initially and an admin activation request is sent. The caller is responsible for sending the address info and notice. */ - function create_user($username, $password, $email, $real_name = '') + function create_user($username, $password, $email, $real_name = '', $coppa = false) { global $db, $session, $paths, $template, $plugins; // Common objects @@ -1341,30 +1342,42 @@ $active = '0'; break; } + if ( $coppa ) + $active = '0'; + + $coppa_col = ( $coppa ) ? '1' : '0'; // Generate a totally random activation key $actkey = sha1 ( microtime() . mt_rand() ); - // We good, create the user - $this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.' )'); + // We good, create the user + $this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level, user_coppa ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.', ' . $coppa_col . ' );'); // Require the account to be activated? - switch(getConfig('account_activation')) + if ( $coppa ) + { + $this->admin_activation_request($username); + $this->send_coppa_mail($username,$email); + } + else { - case 'none': - default: - break; - case 'user': - $a = $this->send_activation_mail($username); - if(!$a) - { + switch(getConfig('account_activation')) + { + case 'none': + default: + break; + case 'user': + $a = $this->send_activation_mail($username); + if(!$a) + { + $this->admin_activation_request($username); + return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a; + } + break; + case 'admin': $this->admin_activation_request($username); - return 'The activation e-mail could not be sent due to an internal error. This could possibly be due to an incorrect SMTP configuration. A request has been sent to the administrator to activate your account for you. ' . $a; - } - break; - case 'admin': - $this->admin_activation_request($username); - break; + break; + } } // Leave some data behind for the hook @@ -1426,6 +1439,90 @@ } /** + * Attempts to send an e-mail to the specified user's e-mail address on file intended for the parents + * @param string $u The usernamd of the user requesting activation + * @return bool true on success, false on failure + */ + + function send_coppa_mail($u, $actkey = false) + { + + global $db, $session, $paths, $template, $plugins; // Common objects + + $q = $this->sql('SELECT username,email FROM '.table_prefix.'users WHERE user_id=2 OR user_level=' . USER_LEVEL_ADMIN . ' ORDER BY user_id ASC;'); + $un = $db->fetchrow(); + $admin_user = $un['username']; + + $q = $this->sql('SELECT username,activation_key,account_active,email FROM '.table_prefix.'users WHERE username=\''.$db->escape($u).'\';'); + $r = $db->fetchrow(); + if ( empty($r['email']) ) + $db->_die('BUG: $session->send_activation_mail(): no e-mail address in row'); + + if(isset($_SERVER['HTTPS'])) $prot = 'https'; + else $prot = 'http'; + if($_SERVER['SERVER_PORT'] == '80') $p = ''; + else $p = ':'.$_SERVER['SERVER_PORT']; + $sidbak = false; + if($this->sid_super) + $sidbak = $this->sid_super; + $this->sid_super = false; + if($sidbak) + $this->sid_super = $sidbak; + unset($sidbak); + $link = "$prot://".$_SERVER['HTTP_HOST'].scriptPath; + + $message = 'Dear parent or legal guardian, +A child under the username ' . $u . ' recently registered on our website. The child provided your e-mail address as the one of his or her authorized parent or legal guardian, and to comply with the United States Childrens\' Online Privacy Protection act, we ask that all parents of children ages 13 or under please mail us a written form authorizing their child\'s use of our website. + +If you wish for your child to be allowed access to our website, please print and fill out the form below, and mail it to this address: + +' . getConfig('coppa_address') . ' + +If you do NOT wish for your child to be allowed access to our site, you do not need to do anything - your child will not be able to access our site as a registered user unless you authorize their account activation. + +Authorization form: +-------------------------------- Cut here -------------------------------- + +I, _______________________________________, the legal parent or guardian of the child registered on the website "' . getConfig('site_name') . '" as ' . $u . ', hereby give my authorization for the child\'s e-mail address, instant messaging information, location, and real name, to be collected and stored in a database owned and maintained by ' . getConfig('site_name') . ' at the child\'s option, and for the administrators of this website to use this information according to the privacy policy displayed on their website <' . $link . '>. + +Child\'s name: _____________________________________ + +Child\'s e-mail address: _____________________________________ +(optional - if you don\'t provide this, we\'ll just send site-related e-mails to your e-mail address) + +Signature of parent or guardian: + +____________________________________________________ + +Date (YYYY-MM-DD): ______ / _____ / _____ + +-------------------------------- Cut here --------------------------------'; + $message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team"; + + error_reporting(E_ALL); + + dc_dump($r, 'session: about to send COPPA e-mail to '.$r['email']); + if(getConfig('smtp_enabled') == '1') + { + $result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?Your administrative session has timed out. Log in again'; echo ''; } + if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) ) + { + $admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true); + echo '
The site is currently disabled and thus is only accessible to administrators.
+ You can re-enable the site through the administration panel. +
'; + } } function footer($simple = false) { diff -r e5484a9e0818 -r 7e8fd44b36b0 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Thu Jun 28 11:13:39 2007 -0400 +++ b/plugins/SpecialAdmin.php Thu Jun 28 13:49:40 2007 -0400 @@ -247,10 +247,10 @@ Global site options These options control the entire site. - Site name: - Site description: + Site name: + Site description: Main page: pagename_field('main_page', str_replace('_', ' ', getConfig('main_page'))); ?> - Copyright notice shown on pages: + Copyright notice shown on pages: Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad. Contact e-mail
All e-mail sent from this site will appear to have come from the address shown here. @@ -348,7 +348,7 @@ -
+ @@ -958,7 +958,10 @@ break; } } - $q = $db->sql_query('SELECT log_type, action, time_id, date_string, author, edit_summary FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); + $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l + LEFT JOIN '.table_prefix.'users AS u + ON ( u.username = l.edit_summary OR u.username IS NULL ) + WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); if($q) { if($db->numrows() > 0) @@ -969,13 +972,14 @@ echo '

'.$s . ' awaiting account activation

'; echo '
- '; + '; $cls = 'row2'; while($row = $db->fetchrow()) { if($cls == 'row2') $cls = 'row1'; else $cls = 'row2'; - echo ''; + $coppa = ( $row['user_coppa'] == '1' ) ? 'Yes' : 'No'; + echo ''; } echo '
Date of requestRequested byRequested forActions
Date of requestRequested byRequested forCOPPA userActions
'.date('F d, Y h:i a', $row['time_id']).''.$row['author'].''.$row['edit_summary'].'Activate nowSend activation e-mailDeny request
'.date('F d, Y h:i a', $row['time_id']).''.$row['author'].''.$row['edit_summary'].'' . $coppa . 'Activate nowSend activation e-mailDeny request
'; } @@ -1342,6 +1346,79 @@ echo ''; } +function page_Admin_COPPA() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + return; + } + + echo '

Background information

'; + echo '

+ The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards + children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected + in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano + provides an easy way to allow you, as the website administrator, to obtain this authorization. +

'; + + // Start form + + if ( isset($_POST['coppa_address']) ) + { + // Saving changes + $enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0'; + setConfig('enable_coppa', $enable_coppa); + + $address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false); + setConfig('coppa_address', $address); + + echo '
Your changes have been saved.
'; + } + + echo '
'; + + echo '
'; + echo ''; + echo ' + + '; + + echo ' + + + '; + + echo ' + + + '; + + echo ' + + '; + + echo '
+ COPPA support +
+ Enable COPPA support: + +
+ If this is checked, users will be asked if they are under 13 years of age before registering +
+ Your mailing address:
+ This is the address to which parents will send authorization forms. + 		+ +
+ +
'; + + echo ''; + +} + function page_Admin_PageManager() { global $db, $session, $paths, $template, $plugins; // Common objects diff -r e5484a9e0818 -r 7e8fd44b36b0 plugins/SpecialGroups.php --- a/plugins/SpecialGroups.php Thu Jun 28 11:13:39 2007 -0400 +++ b/plugins/SpecialGroups.php Thu Jun 28 13:49:40 2007 -0400 @@ -474,12 +474,12 @@ Group membership details - + Current group memberships: - '; + '; $taboo = Array('Everyone'); - if ( sizeof ( $session->groups ) > 0 ) + if ( sizeof ( $session->groups ) > count($taboo) ) { echo 'Good/bad icon - Password:Good/bad icon - Enter your password again to confirm. - E-mail address:An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.'; ?>Good/bad icon - Real name:
Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site. - Visual confirmation
Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can generate a new image.

If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.CAPTCHA image - Code: - - -
- - - + + '; + echo ''; + echo ' + + + + + '; + echo '
+ Before you can register, please tell us your age. +
+ I was born on or before ' . $yo13_date . ' and am at least 13 years of age
+ I was born after ' . $yo13_date . ' and am less than 13 years of age +
'; + echo '
'; + } $template->footer(); } diff -r e5484a9e0818 -r 7e8fd44b36b0 schema.sql --- a/schema.sql Thu Jun 28 11:13:39 2007 -0400 +++ b/schema.sql Thu Jun 28 13:49:40 2007 -0400 @@ -103,6 +103,7 @@ old_encryption tinyint(1) NOT NULL DEFAULT 0, temp_password text, temp_password_time int(12) NOT NULL DEFAULT 0, + user_coppa tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (user_id) ) CHARACTER SET `utf8` COLLATE `utf8_bin`; diff -r e5484a9e0818 -r 7e8fd44b36b0 upgrade.sql --- a/upgrade.sql Thu Jun 28 11:13:39 2007 -0400 +++ b/upgrade.sql Thu Jun 28 13:49:40 2007 -0400 @@ -6,7 +6,7 @@ INSERT INTO {{TABLE_PREFIX}}config (config_name, config_value) VALUES( 'enano_version', '1.0' ); ---BEGIN 1.0RC3--- -- Placeholder (all versions need to have at least one query performed) -UPDATE {{TABLE_PREFIX}}config SET config_value='' WHERE config_name=' '; +ALTER {{TABLE_PREFIX}}users ADD COLUMN user_coppa tinyint(1) NOT NULL DEFAULT 0; ---END 1.0RC3--- ---BEGIN 1.0RC2--- -- Add the "Moderators" group