Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Adding phone verification
VanillaExtract
New
Hello friends, I want to add phone verification to my forum because of spam ,Although I searched for hours, I could not find a solution for Vanilla forums, I have a php code that you write your phone number and code will be sent and activate etc. but I need a thing that you will be typing your phone number when you become a member, then a verification code will be sent to your phone and you will write and you will be able to activate your account. How can I do that? Thanks.
0
Comments
Note : If you want the code here https://github.com/lahmacun/sms-uye-onay (It's turkish if you want i can translate)
Basically that would be a new registration method. I never tried to do that.
All steps by itself wouldn't be too hard to achieve, but adding that properly as a new registration method might be not as easy.
I would only be able to assist and write parts of that code. So if you are willing to get your hands dirty I would try to get you started. But please be honest: if you loose interest or are not able, I would have wasted my time. This is not something I could do in 5 minutes. Finding out how to implement a new registration method would most probably take me some time...
@R_J Yeah , please help . I know that it's a hard thing so I will be respectful, If you need a simple code
https://github.com/lahmacun/sms-uye-onay its here and message me for translation because its turkish (but needs a textlocal api key that you can get free)
I do not need any code at all. I would provide you with some starting code and will answer you any question you have, but it must be you who is glueing it all together
Start with a file plugins/phoneVerification/class.phoneverification.plugin.php
<?php $PluginInfo['phoneVerification'] = [ 'Name' => 'Phone Verification', 'Description' => 'Requires SMS verification for new users', 'Version' => '0.0.1', 'RequiredApplications' => ['Vanilla' => '>= 2.3'], 'RequiredPlugins' => ['ProfileExtender' => '>= 3'], 'SettingsPermission' => 'Garden.Settings.Manage', 'SettingsUrl' => '/dashboard/settings/phoneverification', 'MobileFriendly' => true, 'HasLocale' => true, 'Author' => 'Robin Jurinka', 'AuthorUrl' => 'https://open.vanillaforums.com/profile/r_j', 'License' => 'MIT' ]; class PhoneVerificationPlugin extends Gdn_Plugin { /** * Helper function which checks config to find out if this plugin is configured. * * @return boolean Whether the plugin has been properly configured. */ public function isConfigured() { return ( c('phoneverification.PhoneFieldName', false) != false && c('phoneVerification.TextlocalApiKey', false) != false // && registration method = approval ); } /** * Create simple settings page for the textlocal API key and the profile * extender field which holds the users phone number. * * @param [type] $sender [description] * @return [type] [description] */ public function settingsController_phoneVerification_create($sender) { $sender->permission('Garden.Settings.Manage'); $sender->addSideMenu('dashboard/settings/plugins'); $sender->setData('Title', t('Phone Verification Settings')); $sender->setData('Description', t('You must use the profile extender first to add a field for the users phone number. That field should be a required field on registration. Afterwards please select the field here')); $fields = c('ProfileExtender.Fields'); $configurationModule = new configurationModule($sender); $configurationModule->initialize( [ 'phoneVerification.TextlocalApiKey' => [ 'Control' => 'TextBox', 'LabelCode' => 'Textlocal API Key' ], 'phoneVerification.DropDown' => [ 'Control' => 'DropDown', 'Items' => array_combine( array_keys($fields), array_column($fields, 'Label') ), 'LabelCode' => 'Phone Field Name', 'Description' => 'The Profile Extenders field which holds the phone number', 'Options' => ['IncludeNull' => false] ], ] ); $configurationModule->renderAll(); } /** * Sends a code to newly registered users. * * @param [type] $sender [description] * @param [type] $args [description] * @return [type] [description] */ public function entryController_registrationPending_handler($sender, $args) { // $code = create random code // save random code to User tables Attribute column (use model->saveToSerializedColumn) $this->sendCodeToUser($args['AuthUserID'], $code); } private function sendCodeToUser($userID, $code) { // your magic here } /** * Add a "Unlock Account" menu item. * * @param ProfileController $sender Instance of the calling class. * @param mixed $args EventArguments of AfterAddSideMenu. * * @return void. */ public function profileController_afterAddSideMenu_handler($sender, $args) { if ($this->isConfigured() == false) { return; } // Get a reference to the menu that we like to extend. $menu = &$args['SideMenu']; $menu->addLink( 'Options', sprite('SpUnlockAccount').' '.t('Unlock Account'), 'profile/phoneverification', ['Garden.SignIn.Allow'] ); } public function profileController_phoneVerification_create($sender, $args) { if ($this->isConfigured() == false) { return; } $sender->permission('Garden.SignIn.Allow'); $sender->getUserInfo('', '', Gdn::session()->UserID, false); $sender->editMode(true); // Set the breadcrumbs. $sender->setData( 'Breadcrumbs', [ ['Name' => t('Profile'), 'Url' => '/profile'], ['Name' => t('Unlock Account'), 'Url' => '/profile/phoneverification'] ] ); $sender->setData('Title', t('Unlock Account')); // Form submission handling. if ($sender->Form->authenticatedPostBack()) { decho($sender->Form->formValues()); $sender->informMessage(t('Your changes have been saved.')); } $sender->render('phoneverification', '', 'plugins/phoneVerification'); } }Add a file plugins/phoneVerifications/views/phoneverification.php:
<?php defined('APPLICATION') or die; ?> <h2 class="H"><?= $this->title() ?></h2> <?php echo $this->Form->open(), $this->Form->errors(), $this->Form->label('Enter the code your received on your phone', 'SMSCode'), $this->Form->textBox('SMSCode'), $this->Form->close('OK');Implement your API up to there, so that new users get the SMS.
@R_J I do everything that you said , added api key etc, but it doesn't send message and doesn't appears phone verification menu or profile/phoneverification please check inbox
Note: my vanilla is 2.3
You must have misunderstood me when I said I would only be able to assist and write parts of that code. So if you are willing to get your hands dirty I would try to get you started.
Simply pointing me to the API documentation is not what I expected. When I said But please be honest: if you loose interest or are not able, I would have wasted my time. it would have been nice if you would have admitted that you have no coding skills.
@R_J oh thanks , I'm sorry
Since I already started showing a path and I don't want that the work I invested is wasted, here are the steps described that I would take to achieve something like that.
Limit access until user enters "unlock" code
Vanilla has a registration mode called "Approval". If that is chosen new users have limited rights until there account has been approved by a moderator/admin. Which rights these are can be configured.
That is a great starting point. In your plan you have spoken about something like a page which will be a dead end for new users. That's nothing a new user would like to see. Why not allow him toying around in his profile, do some limited things but only give him limited access rights to the categories?
It would also be able to show all users who haven't unlocked their account a hint at the top of each screen, showing a link to the "unlock" page.
The mobile phone number
In order to be able to send an unlock code, you would need an additional field in the registration form. The most easiest way to achieve that is to use the ProfileExtender plugin. You can set up a field which is shown in the registration process and you can make it even required.
My personal opinion is that you should guide users, not force them. So I wouldn't make that phone field required on registration, but let the user do his registration and afterwards point him to the page where he can enter the phone number and ask for a registration code.
Sending the code
You can hook into some "after registration" hooks, I don't know an exact name, and a) check if there is a phone number provider b) stop if not c) create a random "code" d) save that code to the users attributes e) send the code to the user f) save a timestamp to the attributes, too
And if the user doesn't provide a phone number on registration? The page which should show a field to unlock the account must check if there is phone number available. If not, the view should show a "Please give us your number so that we can send you a code" page where the user has to enter his phone number. Afterwards it would be very similar to the steps described above.
Entering the code
You should do a check against a timestamp. If the code is too old, tell the user he has to request a new one.
After he has entered the code, check if it is the correct one and if it is, remove the approval note and do a role promotion.
Remove the clutter from the user attributes