includes/specials/SpecialChangeEmail.php

   1 <?php
   2 /**
   3  * Implements Special:ChangeEmail
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Let users change their email address.
  26  *
  27  * @ingroup SpecialPage
  28  */
  29 class SpecialChangeEmail extends FormSpecialPage {
  30         /**
  31          * @var Status
  32          */
  33         private $status;
  34
  35         public function __construct() {
  36                 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
  37         }
  38
  39         public function doesWrites() {
  40                 return true;
  41         }
  42
  43         /**
  44          * @return bool
  45          */
  46         public function isListed() {
  47                 global $wgAuth;
  48
  49                 return $wgAuth->allowPropChange( 'emailaddress' );
  50         }
  51
  52         /**
  53          * Main execution point
  54          * @param string $par
  55          */
  56         function execute( $par ) {
  57                 $out = $this->getOutput();
  58                 $out->disallowUserJs();
  59
  60                 parent::execute( $par );
  61         }
  62
  63         protected function checkExecutePermissions( User $user ) {
  64                 global $wgAuth;
  65
  66                 if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
  67                         throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
  68                 }
  69
  70                 $this->requireLogin( 'changeemail-no-info' );
  71
  72                 // This could also let someone check the current email address, so
  73                 // require both permissions.
  74                 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
  75                         throw new PermissionsError( 'viewmyprivateinfo' );
  76                 }
  77
  78                 parent::checkExecutePermissions( $user );
  79         }
  80
  81         protected function getFormFields() {
  82                 $user = $this->getUser();
  83
  84                 $fields = array(
  85                         'Name' => array(
  86                                 'type' => 'info',
  87                                 'label-message' => 'username',
  88                                 'default' => $user->getName(),
  89                         ),
  90                         'OldEmail' => array(
  91                                 'type' => 'info',
  92                                 'label-message' => 'changeemail-oldemail',
  93                                 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
  94                         ),
  95                         'NewEmail' => array(
  96                                 'type' => 'email',
  97                                 'label-message' => 'changeemail-newemail',
  98                                 'autofocus' => true,
  99                                 'help-message' => 'changeemail-newemail-help',
 100                         ),
 101                 );
 102
 103                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
 104                         $fields['Password'] = array(
 105                                 'type' => 'password',
 106                                 'label-message' => 'changeemail-password'
 107                         );
 108                 }
 109
 110                 return $fields;
 111         }
 112
 113         protected function getDisplayFormat() {
 114                 return 'ooui';
 115         }
 116
 117         protected function alterForm( HTMLForm $form ) {
 118                 $form->setId( 'mw-changeemail-form' );
 119                 $form->setTableId( 'mw-changeemail-table' );
 120                 $form->setSubmitTextMsg( 'changeemail-submit' );
 121                 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
 122
 123                 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
 124                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
 125                         $form->addHeaderText( $this->msg( 'changeemail-passwordrequired' )->parseAsBlock() );
 126                 }
 127         }
 128
 129         public function onSubmit( array $data ) {
 130                 $password = isset( $data['Password'] ) ? $data['Password'] : null;
 131                 $status = $this->attemptChange( $this->getUser(), $password, $data['NewEmail'] );
 132
 133                 $this->status = $status;
 134
 135                 return $status;
 136         }
 137
 138         public function onSuccess() {
 139                 $request = $this->getRequest();
 140
 141                 $returnto = $request->getVal( 'returnto' );
 142                 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
 143                 if ( !$titleObj instanceof Title ) {
 144                         $titleObj = Title::newMainPage();
 145                 }
 146                 $query = $request->getVal( 'returntoquery' );
 147
 148                 if ( $this->status->value === true ) {
 149                         $this->getOutput()->redirect( $titleObj->getFullURL( $query ) );
 150                 } elseif ( $this->status->value === 'eauth' ) {
 151                         # Notify user that a confirmation email has been sent...
 152                         $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
 153                                 'eauthentsent', $this->getUser()->getName() );
 154                         // just show the link to go back
 155                         $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
 156                 }
 157         }
 158
 159         /**
 160          * @param User $user
 161          * @param string $pass
 162          * @param string $newaddr
 163          * @return Status
 164          */
 165         private function attemptChange( User $user, $pass, $newaddr ) {
 166                 global $wgAuth;
 167
 168                 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
 169                         return Status::newFatal( 'invalidemailaddress' );
 170                 }
 171
 172                 if ( $newaddr === $user->getEmail() ) {
 173                         return Status::newFatal( 'changeemail-nochange' );
 174                 }
 175
 176                 $throttleCount = LoginForm::incLoginThrottle( $user->getName() );
 177                 if ( $throttleCount === true ) {
 178                         $lang = $this->getLanguage();
 179                         $throttleInfo = $this->getConfig()->get( 'PasswordAttemptThrottle' );
 180                         return Status::newFatal(
 181                                 'changeemail-throttled',
 182                                 $lang->formatDuration( $throttleInfo['seconds'] )
 183                         );
 184                 }
 185
 186                 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' )
 187                         && !$user->checkTemporaryPassword( $pass )
 188                         && !$user->checkPassword( $pass )
 189                 ) {
 190                         return Status::newFatal( 'wrongpassword' );
 191                 }
 192
 193                 if ( $throttleCount ) {
 194                         LoginForm::clearLoginThrottle( $user->getName() );
 195                 }
 196
 197                 $oldaddr = $user->getEmail();
 198                 $status = $user->setEmailWithConfirmation( $newaddr );
 199                 if ( !$status->isGood() ) {
 200                         return $status;
 201                 }
 202
 203                 Hooks::run( 'PrefsEmailAudit', array( $user, $oldaddr, $newaddr ) );
 204
 205                 $user->saveSettings();
 206
 207                 $wgAuth->updateExternalDB( $user );
 208
 209                 return $status;
 210         }
 211
 212         public function requiresUnblock() {
 213                 return false;
 214         }
 215
 216         protected function getGroupName() {
 217                 return 'users';
 218         }
 219 }