More security for email confirmation process ... a 15-character random

"secret" key is stored the user record on account creation, sent via
email and checked again during confirmation.

diff --git a/lib/db/mysql.sql b/lib/db/mysql.sql
index c135dc346e29ea56ad6435d9d314b043faad2014..3092783bd06535394c4c80e79e6694bd3317bf7e 100644 (file)
--- a/lib/db/mysql.sql
+++ b/lib/db/mysql.sql
@@ -167,7 +167,7 @@ CREATE TABLE `user` (
   `lastlogin` int(10) unsigned NOT NULL default '0',
   `currentlogin` int(10) unsigned NOT NULL default '0',
   `lastIP` varchar(15) default NULL,
-  `personality` varchar(5) default NULL,
+  `secret` varchar(15) default NULL,
   `picture` tinyint(1) default NULL,
   `url` varchar(255) default NULL,
   `description` text,

diff --git a/login/confirm.php b/login/confirm.php
index 45fa7b193ffcaa19f790102ff46fb6a5f93b6301..c3223acde9b121f5b90ef5088a818ad9c3ad1b67 100644 (file)
--- a/login/confirm.php
+++ b/login/confirm.php
@@ -2,9 +2,9 @@
 
        require("../config.php");
 
-       if ( isset($x) && isset($s) ) {     #  x = user.id   s = user.username
+       if ( isset($p) && isset($s) ) {     #  p = user.secret   s = user.username
 
-               $user = get_user_info_from_db("id", "$x");
+               $user = get_user_info_from_db("secret", "$p");
 
                if ($user) {
                        if ($user->username == $s) {

diff --git a/login/signup.php b/login/signup.php
index 44990b0b59d04d9c38c8fbbc6dec09d7324c5a71..564be9129fce4185e7d04ac003e0aa9fe8f2a765 100644 (file)
--- a/login/signup.php
+++ b/login/signup.php
@@ -13,6 +13,9 @@
             $user->password = md5($user->password);
             $user->confirmed = 0;
             $user->firstaccess = time();
+            $user->secret = random_string(15);
+            echo $user->secret;
+            $db->debug = true;
 
                        if (! ($user->id = insert_record("user", $user)) ) {
                 error("Could not add your record to the database!");
@@ -96,6 +99,20 @@ function validate_form($user, &$err) {
 }
 
 
+function random_string ($length=15) {
+    $pool  = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    $pool .= "abcdefghijklmnopqrstuvwxyz";
+    $pool .= "0123456789";
+    $poollen = strlen($pool);
+    mt_srand ((double) microtime() * 1000000);
+    $string = "";
+    for ($i = 0; $i < $length; $i++) {
+        $string .= substr($pool, (mt_rand()%($poollen)), 1);
+    }
+    return $string;
+}
+
+
 function send_confirmation_email($user) {
 
     global $CFG;
@@ -105,7 +122,7 @@ function send_confirmation_email($user) {
 
     $data->firstname = $user->firstname;
     $data->sitename = $site->fullname;
-    $data->link = "$CFG->wwwroot/login/confirm.php?x=$user->id&s=$user->username";
+    $data->link = "$CFG->wwwroot/login/confirm.php?p=$user->secret&s=$user->username";
     $data->admin = "$from->firstname $from->lastname ($from->email)";
 
     $message = get_string("emailconfirmation", "", $data);

diff --git a/version.php b/version.php
index 809b48dbdbf73ca4062be729fb622561247daf26..7d81ae923005becc4615fa7cc0a59eea735841a1 100644 (file)
--- a/version.php
+++ b/version.php
@@ -18,7 +18,7 @@
 // If there's something it cannot do itself, it 
 // will tell you what you need to do.
 
-$version = 2002090900;   // The current version is a date (YYYYMMDDXX) where 
+$version = 2002091000;   // The current version is a date (YYYYMMDDXX) where 
                          //    XX is a number that increments during the day
 
 $release = "1.0.4";      // For humans only, not used for the upgrade process
@@ -71,6 +71,9 @@ function upgrade_moodle($oldversion=0) {
         execute_sql(" ALTER TABLE `course` ADD `teachers` VARCHAR( 100 ) DEFAULT 'Teachers' NOT NULL AFTER `teacher` ");
         execute_sql(" ALTER TABLE `course` ADD `students` VARCHAR( 100 ) DEFAULT 'Students' NOT NULL AFTER `student` ");
     }
+    if ($oldversion < 2002091000) {
+        execute_sql(" ALTER TABLE `user` CHANGE `personality` `secret` VARCHAR( 15 ) DEFAULT NULL  ");
+    }
 
     return true;
 }