From 0370556c20042872ac89b79a1cf9a4c03847fdf8 Mon Sep 17 00:00:00 2001
From: Li <li@silica.codes>
Date: Sun, 22 May 2022 01:20:03 +1200
Subject: [PATCH] Update email verification stuff

---
 master-site/common.php      | 15 +++++++++++++--
 master-site/web/newuser.php | 12 ++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/master-site/common.php b/master-site/common.php
index 62f2232..e2d2ad8 100644
--- a/master-site/common.php
+++ b/master-site/common.php
@@ -94,11 +94,22 @@ function GenHmacMessage(string $data, string $channel, bool $restricted=true)
 }
 
 function send_activation_email(string $email, string $username, string $password){
+	include('config.php');
+
 	$hmac = GenHmacMessage($username, "UserActivation", false);
-	$hmacKey = base64_encode(hex2bin($hmac));
+	$hmacKey = base64_url_encode(hex2bin($hmac));
 	$activateUrl = get_protocol().get_host()."/web/newuser.php?U=".htmlspecialchars($username, ENT_QUOTES)."&AC=".htmlspecialchars($hmacKey, ENT_QUOTES);
 	$body = "<B>Welcome New Horse Isle Member!</B><BR><BR>\r\nTo Activate your account, Click the following link,  or Copy-Paste/Type it in your browser.<BR><HR>\r\n<A HREF='".$activateUrl."'>\r\n".$activateUrl."</A><BR>\r\n or <BR>\r\n( ".$activateUrl." )\r\n<BR><HR>We hope you enjoy the game! Be sure you have written down your Username: ".htmlspecialchars($username, ENT_QUOTES)." and Password: ".htmlspecialchars($password, ENT_QUOTES)." someplace safe!<BR>\r\nNEVER give your password out to ANYONE, even someone claiming to work for Horse Isle.<BR>";
-	mail($email, "Horse Isle Account Verification", $body);	
+	
+	$headers  = 'MIME-Version: 1.0' . "\r\n";
+	$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
+	$headers .= 'From: '.$from_email."\r\n";
+    $headers .= 'Reply-To: '.$from_email."\r\n";
+    $headers .= 'X-Mailer: PHP/' . phpversion();
+	
+	$subject = "Horse Isle Account Verification";
+	
+	mail($email, $subject, $body, $headers);	
 }
 
 
diff --git a/master-site/web/newuser.php b/master-site/web/newuser.php
index 79df40a..eecba46 100644
--- a/master-site/web/newuser.php
+++ b/master-site/web/newuser.php
@@ -10,6 +10,18 @@ if($atype > 2 || $atype < 1)
 
 $problems = [];
 
+if(isset( $_GET["U"], $_GET["AC"] )){
+	$verify_username = $GET["U"];
+	$verify_token = $GET["AC"];
+	
+	$hmac = GenHmacMessage($verify_username, "UserActivation", false);
+	$hmac_hash = bin2hex(base64_url_decode($hmac));
+	
+	if(hash_equals($hmac_hash, $verify_token)){
+		// TODO: Activate account
+	}
+}
+
 if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['email'],$_POST['age'],$_POST['passreqq'],$_POST['passreqa'] ,$_POST['A']))
 {
 	if(isset($_POST["cbr"]))