Skip to content

URW-167 Discord verification #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 19 commits into
base: develop
Choose a base branch
from
Open

URW-167 Discord verification #185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
ec00222
Display modals for email and token input
Kenneth-W-Chen Sep 4, 2025
0a6c126
Change to slash commands
Kenneth-W-Chen Sep 6, 2025
060031b
Added some comments
Kenneth-W-Chen Sep 7, 2025
5b920b6
create table to hold discord verification tokens
Kenneth-W-Chen Sep 8, 2025
894c0fb
URW-167 Add DB interaction to verification bot
Kenneth-W-Chen Sep 9, 2025
918cec9
URW-167 Add verified role ID value to sample config file
Kenneth-W-Chen Sep 9, 2025
8c46454
Add unt_email column to users table
Kenneth-W-Chen Sep 11, 2025
4ec7838
Update verification bot with changes to users table
Kenneth-W-Chen Sep 12, 2025
077128b
Adjusted users entry creation for discord verificaiton process
Kenneth-W-Chen Sep 12, 2025
7278931
Fix minor bug with mysqli::insert_id
Kenneth-W-Chen Sep 12, 2025
017b395
Force token and email to lowercase
Kenneth-W-Chen Sep 16, 2025
57da9ec
URW-167 Add website flow for UNT email verification
Kenneth-W-Chen Sep 19, 2025
071fbb1
Fix rdMailForm plugin not showing error messages
Kenneth-W-Chen Sep 19, 2025
a7f18ba
URW-167 fix unexpected operator error
Kenneth-W-Chen Sep 19, 2025
68101be
Fix minor issues
Kenneth-W-Chen Sep 19, 2025
9334e37
URW-167 Fixed form not working due to plugin shenanigans and some bac…
Kenneth-W-Chen Sep 19, 2025
8b0234a
URW-167 fix form snackbar not showing up in some cases
Kenneth-W-Chen Sep 21, 2025
edc355f
URW-167 Minor bug fixes
Kenneth-W-Chen Sep 21, 2025
d758700
URW-167 Un-comment out error logging
Kenneth-W-Chen Sep 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
195 changes: 195 additions & 0 deletions ajax/verify-unt-email.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
<?php
require('../template/top.php');
$auth = auth();
if ($auth === false) {
http_response_code(401);
echo 'INVALID_LOGIN';
die();
}
$auth = $auth[0];
if (!isset($_POST)) {
die();
}
$dataType = $_POST['type'];
switch ($dataType) {
default:
{
echo 'INVALID_REQUEST';
die();
}
case "email":
{
$email = $_POST['email'];
// validate for my.unt.edu email
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false || preg_match('/@my\.unt\.edu$/i', $email) !== 1) {
echo 'INVALID_EMAIL';
die();
}
global $db;
// fetch latest token
$q = $db->query("SELECT
id,
created_on
FROM
discord_verification_tokens
WHERE
user_id = {$auth['id']}
ORDER BY created_on DESC
LIMIT 1");
if ($q === false) {
error_log("Could not retrieve discord verification token for user {$auth['id']}: {$db->error}");
echo 'ERROR';
die();
}
if ($q->num_rows > 0) {
$r = $q->fetch_assoc();
/** @noinspection PhpParenthesesCanBeOmittedForNewCallInspection */
/** @noinspection PhpUnhandledExceptionInspection */
if ((new DateTime())->sub(new DateInterval('PT' . EMAIL_TOKEN_GENERATION_RATE_LIMIT . 'S')) < new DateTime($r['created_on'])) {
echo 'TOKEN_RATELIMIT';
die();
}
$q = $db->query("DELETE FROM
discord_verification_tokens
WHERE
id = {$r['id']}"
);
if($q === false){
error_log("Could not delete discord verification token {$r['id']} for user {$auth['id']}: {$db->error}");
echo 'ERROR';
die();
}
}
// generate token
$token = bin2hex(openssl_random_pseudo_bytes(3));
$q = $db->query("INSERT INTO discord_verification_tokens (
token,
created_on,
user_id,
unt_email
)
VALUES (
'{$token}',
CURRENT_TIMESTAMP(),
{$auth['id']},
'{$db->real_escape_string($email)}'
)"
);
if ($q === false) {
error_log("Could not add discord verification token to db for user {$auth['id']}: {$db->error}");
echo 'ERROR';
die();
}
// send email with token
$email_send_status = email(
$email,
"UNT Robotics Discord verification token",

"<div style=\"position: relative;max-width: 100vw;text-align:center;\">" .
'<img src="cid:untrobotics-email-header">' .

' <div></div>' .

'<div style="text-align: left; max-width: 500px; display: inline-block;">' .
" <p>Hey there!</p>" .
" <p>Welcome to the team!!</p>" .
" <p>Thank you for joining the UNT Robotics Discord server!" .
" <p>Your verification token is:</p>" .
"</div>" .
"<div>" .
" <p style='font-size: 20pt; font-weight: 900; margin-top: 10px;'>{$token}</p>" .
'</div>' .

' <div></div>' .

" <p></p>" .

" <p>If you need any assistance, please reach out to <a href=\"mailto:[email protected]\">[email protected]</a>.</p>" .

' <div></div>' .

'<div style="text-align: left; width: 500px; display: inline-block;">' .
" <p>All the best,</p>" .
" <p><em>UNT Robotics Leadership</em></p>" .
'</div>' .

"</div>",

"[email protected]",
null,
[
[
'content' => base64_encode(file_get_contents(BASE . '/images/unt-robotics-email-header.jpg')),
'type' => 'image/jpeg',
'filename' => 'unt-robotics-email-header.jpg',
'disposition' => 'inline',
'content_id' => 'untrobotics-email-header'
]
]
);
if($email_send_status === false) {
error_log("Failed to email verification token to {$email}.");
echo 'ERROR';
// delete newly generated token from db since we couldn't email it
$q = $db->query("DELETE FROM
discord_verification_tokens
WHERE
token = '{$token}'
AND
user_id = {$auth['id']}");
if($q === false){
error_log("Could not delete discord verification token {$token} for user {$auth['id']}: {$db->error}");
}
die();
}
// changes the form to send a token instead of email
echo 'TOKEN';
break;
}
case "token":
{
$token = $_POST['token'];
if (!ctype_xdigit($token) || strlen($token) !== 6) {
echo 'INVALID_TOKEN';
die();
}
global $db;
// check if there's an unexpired token for the user
$q = $db->query("SELECT
unt_email
FROM
discord_verification_tokens
WHERE
token = '{$token}'
AND
user_id = {$auth['id']}
AND
created_on + INTERVAL 7 day > CURRENT_TIMESTAMP()");
if($q === false){
error_log("Failed to fetch token for user {$auth['id']}: {$db->error}");
echo 'ERROR';
die();
}
if ($q->num_rows === 0) {
echo 'INVALID_TOKEN';
die();
}
// add unt_email to users entry
$email = $q->fetch_column();
$q = $db->query("UPDATE
users
SET
unt_email = '{$db->real_escape_string($email)}'
WHERE
id = {$auth['id']}");
if($q === false){
error_log("Failed to add UNT email ({$email}) to user {$auth['id']}: {$db->error}");
echo 'ERROR';
die();
}

// deletes the form and shows the discord link
echo '<a href="/join/w/discord">Click here to update your Discord account status.</a>';
break;
}
}
30 changes: 30 additions & 0 deletions api/discord/application-commands/commands.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[
{
"name": "verify-email",
"type": 1,
"description": "Verify your identity as a UNT student, faculty, or alumnus",
"options": [
{
"name": "email",
"description": "A valid UNT email",
"type": 3,
"required": true,
"min_length": 9,
"max_length": 255
}
]
},
{
"name": "verify-token",
"type": 1,
"description": "Verify you own the email provided in /verify-email",
"options": [
{
"name": "token",
"description": "The token sent to your UNT email address",
"type": 3,
"required": true
}
]
}
]
21 changes: 21 additions & 0 deletions api/discord/application-commands/register.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?php
require_once(__DIR__ . "/../bots/admin.php");
require_once(__DIR__ . "/../../../template/config.php");

// commands are stored in a JSON format. See https://discord.com/developers/docs/interactions/application-commands#application-command-object for object structure
$commands = json_decode(file_get_contents(__DIR__ . "/commands.json"), false);
$errs = [];
// have to register each command one-by-one. You can only bulk update commands, not register (I think)
foreach ($commands as $command) {
// try to add the app command and log the error to the error array if it fails
try {
AdminBot::add_application_command($command, DISCORD_APP_CLIENT_ID, DISCORD_GUILD_ID);
} catch (DiscordBotException $e) {
$errs[] = $command->name . ": " . $e->getMessage();
}
}

// log errors
if(count($errs) > 0) {
error_log("Couldn't add/update the following commands to the Discord bot:\n" . implode("\n", $errs));
}
18 changes: 18 additions & 0 deletions api/discord/bot.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,24 @@ public static function get_all_users($guild_id) {
return static::send_api_request("/guilds/{$guild_id}/members?limit=1000");
}

/**
* Registers an application command for the Discord bot.
* @param $command_json object JSON object with command details
* @param $application_id string The application ID of the Discord bot to register the command to
* @param $guild_id string The guild ID the command will be work on. If empty, command will be registered globally
* @return stdClass
* @throws DiscordBotException
* @see https://discord.com/developers/docs/interactions/application-commands
*/
public static function add_application_command($command_json, $application_id, $guild_id = "") {
$scope = "applications/{$application_id}";
// if $guild_id is blank, then the scope is global (available in all servers [the bot is in] and DMs
if($guild_id != "") {
$scope .= "/guilds/{$guild_id}";
}
return self::send_api_request("/v10/{$scope}/commands", 'POST', "application/json", $command_json);
}

// utils
public static function hasHitRateLimit($result) {
return $result->status_code == 429;
Expand Down
Loading