diff --git a/master-site/common.php b/master-site/common.php
index 62f2232..e2d2ad8 100644
--- a/master-site/common.php
+++ b/master-site/common.php
@@ -94,11 +94,22 @@ function GenHmacMessage(string $data, string $channel, bool $restricted=true)
}
function send_activation_email(string $email, string $username, string $password){
+ include('config.php');
+
$hmac = GenHmacMessage($username, "UserActivation", false);
- $hmacKey = base64_encode(hex2bin($hmac));
+ $hmacKey = base64_url_encode(hex2bin($hmac));
$activateUrl = get_protocol().get_host()."/web/newuser.php?U=".htmlspecialchars($username, ENT_QUOTES)."&AC=".htmlspecialchars($hmacKey, ENT_QUOTES);
$body = "Welcome New Horse Isle Member!
\r\nTo Activate your account, Click the following link, or Copy-Paste/Type it in your browser.
\r\n\r\n".$activateUrl."
\r\n or
\r\n( ".$activateUrl." )\r\n
We hope you enjoy the game! Be sure you have written down your Username: ".htmlspecialchars($username, ENT_QUOTES)." and Password: ".htmlspecialchars($password, ENT_QUOTES)." someplace safe!
\r\nNEVER give your password out to ANYONE, even someone claiming to work for Horse Isle.
";
- mail($email, "Horse Isle Account Verification", $body);
+
+ $headers = 'MIME-Version: 1.0' . "\r\n";
+ $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
+ $headers .= 'From: '.$from_email."\r\n";
+ $headers .= 'Reply-To: '.$from_email."\r\n";
+ $headers .= 'X-Mailer: PHP/' . phpversion();
+
+ $subject = "Horse Isle Account Verification";
+
+ mail($email, $subject, $body, $headers);
}
diff --git a/master-site/web/newuser.php b/master-site/web/newuser.php
index 79df40a..eecba46 100644
--- a/master-site/web/newuser.php
+++ b/master-site/web/newuser.php
@@ -10,6 +10,18 @@ if($atype > 2 || $atype < 1)
$problems = [];
+if(isset( $_GET["U"], $_GET["AC"] )){
+ $verify_username = $GET["U"];
+ $verify_token = $GET["AC"];
+
+ $hmac = GenHmacMessage($verify_username, "UserActivation", false);
+ $hmac_hash = bin2hex(base64_url_decode($hmac));
+
+ if(hash_equals($hmac_hash, $verify_token)){
+ // TODO: Activate account
+ }
+}
+
if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['email'],$_POST['age'],$_POST['passreqq'],$_POST['passreqa'] ,$_POST['A']))
{
if(isset($_POST["cbr"]))