includes/specials/SpecialChangeEmail.php

   1 <?php
   2 /**
   3  * Implements Special:ChangeEmail
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Let users change their email address.
  26  *
  27  * @ingroup SpecialPage
  28  */
  29 class SpecialChangeEmail extends UnlistedSpecialPage {
  30         public function __construct() {
  31                 parent::__construct( 'ChangeEmail' );
  32         }
  33
  34         /**
  35          * Main execution point
  36          */
  37         function execute( $par ) {
  38                 if ( wfReadOnly() ) {
  39                         throw new ReadOnlyError;
  40                 }
  41
  42                 $request = $this->getRequest();
  43                 $this->mPassword = $request->getVal( 'wpPassword' );
  44                 $this->mNewEmail = $request->getVal( 'wpNewEmail' );
  45
  46                 $this->setHeaders();
  47                 $this->outputHeader();
  48
  49                 $out = $this->getOutput();
  50                 $out->disallowUserJs();
  51
  52                 $user = $this->getUser();
  53
  54                 if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
  55                         $this->error( wfMsg( 'changeemail-no-info' ) );
  56                         return;
  57                 }
  58
  59                 if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
  60                         $this->doReturnTo();
  61                         return;
  62                 }
  63
  64                 if ( $request->wasPosted()
  65                         && $user->matchEditToken( $request->getVal( 'token' ) ) )
  66                 {
  67                         $info = $this->attemptChange( $user, $this->mPassword, $this->mNewEmail );
  68                         if ( $info === true ) {
  69                                 $this->doReturnTo();
  70                         } elseif ( $info === 'eauth' ) {
  71                                 # Notify user that a confirmation email has been sent...
  72                                 $out->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
  73                                         'eauthentsent', $user->getName() );
  74                                 $this->doReturnTo( 'soft' ); // just show the link to go back
  75                                 return; // skip form
  76                         }
  77                 }
  78
  79                 $this->showForm();
  80         }
  81
  82         protected function doReturnTo( $type = 'hard' ) {
  83                 $titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) );
  84                 if ( !$titleObj instanceof Title ) {
  85                         $titleObj = Title::newMainPage();
  86                 }
  87                 if ( $type == 'hard' ) {
  88                         $this->getOutput()->redirect( $titleObj->getFullURL() );
  89                 } else {
  90                         $this->getOutput()->addReturnTo( $titleObj );
  91                 }
  92         }
  93
  94         protected function error( $msg ) {
  95                 $this->getOutput()->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );
  96         }
  97
  98         protected function showForm() {
  99                 $user = $this->getUser();
 100
 101                 $oldEmailText = $user->getEmail()
 102                         ? $user->getEmail()
 103                         : wfMsg( 'changeemail-none' );
 104
 105                 $this->getOutput()->addHTML(
 106                         Xml::fieldset( wfMsg( 'changeemail-header' ) ) .
 107                         Xml::openElement( 'form',
 108                                 array(
 109                                         'method' => 'post',
 110                                         'action' => $this->getTitle()->getLocalUrl(),
 111                                         'id' => 'mw-changeemail-form' ) ) . "\n" .
 112                         Html::hidden( 'token', $user->editToken() ) . "\n" .
 113                         Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
 114                         wfMsgExt( 'changeemail-text', array( 'parse' ) ) . "\n" .
 115                         Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" .
 116                         $this->pretty( array(
 117                                 array( 'wpName', 'username', 'text', $user->getName() ),
 118                                 array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
 119                                 array( 'wpNewEmail', 'changeemail-newemail', 'input', $this->mNewEmail ),
 120                                 array( 'wpPassword', 'yourpassword', 'password', $this->mPassword ),
 121                         ) ) . "\n" .
 122                         "<tr>\n" .
 123                                 "<td></td>\n" .
 124                                 '<td class="mw-input">' .
 125                                         Xml::submitButton( wfMsg( 'changeemail-submit' ) ) .
 126                                         Xml::submitButton( wfMsg( 'changeemail-cancel' ), array( 'name' => 'wpCancel' ) ) .
 127                                 "</td>\n" .
 128                         "</tr>\n" .
 129                         Xml::closeElement( 'table' ) .
 130                         Xml::closeElement( 'form' ) .
 131                         Xml::closeElement( 'fieldset' ) . "\n"
 132                 );
 133         }
 134
 135         protected function pretty( $fields ) {
 136                 $out = '';
 137                 foreach ( $fields as $list ) {
 138                         list( $name, $label, $type, $value ) = $list;
 139                         if( $type == 'text' ) {
 140                                 $field = htmlspecialchars( $value );
 141                         } else {
 142                                 $attribs = array( 'id' => $name );
 143                                 if ( $name == 'wpPassword' ) {
 144                                         $attribs[] = 'autofocus';
 145                                 }
 146                                 $field = Html::input( $name, $value, $type, $attribs );
 147                         }
 148                         $out .= "<tr>\n";
 149                         $out .= "\t<td class='mw-label'>";
 150                         if ( $type != 'text' ) {
 151                                 $out .= Xml::label( wfMsg( $label ), $name );
 152                         } else {
 153                                 $out .=  wfMsgHtml( $label );
 154                         }
 155                         $out .= "</td>\n";
 156                         $out .= "\t<td class='mw-input'>";
 157                         $out .= $field;
 158                         $out .= "</td>\n";
 159                         $out .= "</tr>";
 160                 }
 161                 return $out;
 162         }
 163
 164         /**
 165          * @return bool|string true or string on success, false on failure
 166          */
 167         protected function attemptChange( User $user, $pass, $newaddr ) {
 168                 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
 169                         $this->error( wfMsgExt( 'invalidemailaddress', 'parseinline' ) );
 170                         return false;
 171                 }
 172
 173                 $throttleCount = LoginForm::incLoginThrottle( $user->getName() );
 174                 if ( $throttleCount === true ) {
 175                         $this->error( wfMsgHtml( 'login-throttled' ) );
 176                         return false;
 177                 }
 178
 179                 if ( !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
 180                         $this->error( wfMsgHtml( 'wrongpassword' ) );
 181                         return false;
 182                 }
 183
 184                 if ( $throttleCount ) {
 185                         LoginForm::clearLoginThrottle( $user->getName() );
 186                 }
 187
 188                 list( $status, $info ) = Preferences::trySetUserEmail( $user, $newaddr );
 189                 if ( $status !== true ) {
 190                         if ( $status instanceof Status ) {
 191                                 $this->getOutput()->addHTML(
 192                                         '<p class="error">' .
 193                                         $this->getOutput()->parseInline( $status->getWikiText( $info ) ) .
 194                                         '</p>' );
 195                         }
 196                         return false;
 197                 }
 198
 199                 $user->saveSettings();
 200                 return $info ? $info : true;
 201         }
 202 }