Import: Handle uploads with sha1 starting with 0 properly
[mediawiki.git] / includes / specials / SpecialChangeEmail.php
blob51b08f9725dea9c35c9b25353e49e50521268fee
1 <?php
2 /**
3 * Implements Special:ChangeEmail
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
20 * @file
21 * @ingroup SpecialPage
24 /**
25 * Let users change their email address.
27 * @ingroup SpecialPage
29 class SpecialChangeEmail extends FormSpecialPage {
30 /**
31 * @var Status
33 private $status;
35 public function __construct() {
36 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
39 /**
40 * @return bool
42 public function isListed() {
43 global $wgAuth;
45 return $wgAuth->allowPropChange( 'emailaddress' );
48 /**
49 * Main execution point
50 * @param string $par
52 function execute( $par ) {
53 $out = $this->getOutput();
54 $out->disallowUserJs();
56 parent::execute( $par );
59 protected function checkExecutePermissions( User $user ) {
60 global $wgAuth;
62 if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
63 throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
66 $this->requireLogin( 'changeemail-no-info' );
68 // This could also let someone check the current email address, so
69 // require both permissions.
70 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
71 throw new PermissionsError( 'viewmyprivateinfo' );
74 parent::checkExecutePermissions( $user );
77 protected function getFormFields() {
78 $user = $this->getUser();
80 $fields = array(
81 'Name' => array(
82 'type' => 'info',
83 'label-message' => 'username',
84 'default' => $user->getName(),
86 'OldEmail' => array(
87 'type' => 'info',
88 'label-message' => 'changeemail-oldemail',
89 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
91 'NewEmail' => array(
92 'type' => 'email',
93 'label-message' => 'changeemail-newemail',
94 'autofocus' => true,
95 'help-message' => 'changeemail-newemail-help',
99 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
100 $fields['Password'] = array(
101 'type' => 'password',
102 'label-message' => 'changeemail-password'
106 return $fields;
109 protected function getDisplayFormat() {
110 return 'ooui';
113 protected function alterForm( HTMLForm $form ) {
114 $form->setId( 'mw-changeemail-form' );
115 $form->setTableId( 'mw-changeemail-table' );
116 $form->setSubmitTextMsg( 'changeemail-submit' );
117 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
119 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
120 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' ) ) {
121 $form->addHeaderText( $this->msg( 'changeemail-passwordrequired' )->parseAsBlock() );
125 public function onSubmit( array $data ) {
126 $password = isset( $data['Password'] ) ? $data['Password'] : null;
127 $status = $this->attemptChange( $this->getUser(), $password, $data['NewEmail'] );
129 $this->status = $status;
131 return $status;
134 public function onSuccess() {
135 $request = $this->getRequest();
137 $returnto = $request->getVal( 'returnto' );
138 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
139 if ( !$titleObj instanceof Title ) {
140 $titleObj = Title::newMainPage();
142 $query = $request->getVal( 'returntoquery' );
144 if ( $this->status->value === true ) {
145 $this->getOutput()->redirect( $titleObj->getFullURL( $query ) );
146 } elseif ( $this->status->value === 'eauth' ) {
147 # Notify user that a confirmation email has been sent...
148 $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
149 'eauthentsent', $this->getUser()->getName() );
150 // just show the link to go back
151 $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
156 * @param User $user
157 * @param string $pass
158 * @param string $newaddr
159 * @return Status
161 private function attemptChange( User $user, $pass, $newaddr ) {
162 global $wgAuth;
164 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
165 return Status::newFatal( 'invalidemailaddress' );
168 if ( $newaddr === $user->getEmail() ) {
169 return Status::newFatal( 'changeemail-nochange' );
172 $throttleCount = LoginForm::incLoginThrottle( $user->getName() );
173 if ( $throttleCount === true ) {
174 $lang = $this->getLanguage();
175 $throttleInfo = $this->getConfig()->get( 'PasswordAttemptThrottle' );
176 return Status::newFatal(
177 'changeemail-throttled',
178 $lang->formatDuration( $throttleInfo['seconds'] )
182 if ( $this->getConfig()->get( 'RequirePasswordforEmailChange' )
183 && !$user->checkTemporaryPassword( $pass )
184 && !$user->checkPassword( $pass )
186 return Status::newFatal( 'wrongpassword' );
189 if ( $throttleCount ) {
190 LoginForm::clearLoginThrottle( $user->getName() );
193 $oldaddr = $user->getEmail();
194 $status = $user->setEmailWithConfirmation( $newaddr );
195 if ( !$status->isGood() ) {
196 return $status;
199 Hooks::run( 'PrefsEmailAudit', array( $user, $oldaddr, $newaddr ) );
201 $user->saveSettings();
203 $wgAuth->updateExternalDB( $user );
205 return $status;
208 public function requiresUnblock() {
209 return false;
212 protected function getGroupName() {
213 return 'users';