allowPropChange( 'emailaddress' ); } /** * Main execution point */ function execute( $par ) { global $wgAuth; $this->setHeaders(); $this->outputHeader(); $out = $this->getOutput(); $out->disallowUserJs(); $out->addModules( 'mediawiki.special.changeemail' ); if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) { $this->error( 'cannotchangeemail' ); return; } $user = $this->getUser(); $request = $this->getRequest(); if ( !$request->wasPosted() && !$user->isLoggedIn() ) { $this->error( 'changeemail-no-info' ); return; } if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) { $this->doReturnTo(); return; } $this->checkReadOnly(); $this->checkPermissions(); // This could also let someone check the current email address, so // require both permissions. if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { throw new PermissionsError( 'viewmyprivateinfo' ); } $this->mPassword = $request->getVal( 'wpPassword' ); $this->mNewEmail = $request->getVal( 'wpNewEmail' ); if ( $request->wasPosted() && $user->matchEditToken( $request->getVal( 'token' ) ) ) { $info = $this->attemptChange( $user, $this->mPassword, $this->mNewEmail ); if ( $info === true ) { $this->doReturnTo(); } elseif ( $info === 'eauth' ) { # Notify user that a confirmation email has been sent... $out->wrapWikiMsg( "
\n$1\n
", 'eauthentsent', $user->getName() ); $this->doReturnTo( 'soft' ); // just show the link to go back return; // skip form } } $this->showForm(); } /** * @param $type string */ protected function doReturnTo( $type = 'hard' ) { $titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) ); if ( !$titleObj instanceof Title ) { $titleObj = Title::newMainPage(); } if ( $type == 'hard' ) { $this->getOutput()->redirect( $titleObj->getFullURL() ); } else { $this->getOutput()->addReturnTo( $titleObj ); } } /** * @param $msg string */ protected function error( $msg ) { $this->getOutput()->wrapWikiMsg( "

\n$1\n

", $msg ); } protected function showForm() { global $wgRequirePasswordforEmailChange; $user = $this->getUser(); $oldEmailText = $user->getEmail() ? $user->getEmail() : $this->msg( 'changeemail-none' )->text(); $this->getOutput()->addHTML( Xml::fieldset( $this->msg( 'changeemail-header' )->text() ) . Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL(), 'id' => 'mw-changeemail-form' ) ) . "\n" . Html::hidden( 'token', $user->getEditToken() ) . "\n" . Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" . $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" . Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" ); $items = array( array( 'wpName', 'username', 'text', $user->getName() ), array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ), array( 'wpNewEmail', 'changeemail-newemail', 'email', $this->mNewEmail ), ); if ( $wgRequirePasswordforEmailChange ) { $items[] = array( 'wpPassword', 'changeemail-password', 'password', $this->mPassword ); } $this->getOutput()->addHTML( $this->pretty( $items ) . "\n" . "\n" . "\n" . '' . Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) . Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) . "\n" . "\n" . Xml::closeElement( 'table' ) . Xml::closeElement( 'form' ) . Xml::closeElement( 'fieldset' ) . "\n" ); } /** * @param $fields array * @return string */ protected function pretty( $fields ) { $out = ''; foreach ( $fields as $list ) { list( $name, $label, $type, $value ) = $list; if ( $type == 'text' ) { $field = htmlspecialchars( $value ); } else { $attribs = array( 'id' => $name ); if ( $name == 'wpPassword' ) { $attribs[] = 'autofocus'; } $field = Html::input( $name, $value, $type, $attribs ); } $out .= "\n"; $out .= "\t"; if ( $type != 'text' ) { $out .= Xml::label( $this->msg( $label )->text(), $name ); } else { $out .= $this->msg( $label )->escaped(); } $out .= "\n"; $out .= "\t"; $out .= $field; $out .= "\n"; $out .= ""; } return $out; } /** * @param $user User * @param $pass string * @param $newaddr string * @return bool|string true or string on success, false on failure */ protected function attemptChange( User $user, $pass, $newaddr ) { global $wgAuth, $wgPasswordAttemptThrottle; if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) { $this->error( 'invalidemailaddress' ); return false; } $throttleCount = LoginForm::incLoginThrottle( $user->getName() ); if ( $throttleCount === true ) { $lang = $this->getLanguage(); $this->error( array( 'login-throttled', $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) ) ); return false; } global $wgRequirePasswordforEmailChange; if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) { $this->error( 'wrongpassword' ); return false; } if ( $throttleCount ) { LoginForm::clearLoginThrottle( $user->getName() ); } $oldaddr = $user->getEmail(); $status = $user->setEmailWithConfirmation( $newaddr ); if ( !$status->isGood() ) { $this->getOutput()->addHTML( '

' . $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) . '

' ); return false; } wfRunHooks( 'PrefsEmailAudit', array( $user, $oldaddr, $newaddr ) ); $user->saveSettings(); $wgAuth->updateExternalDB( $user ); return $status->value; } protected function getGroupName() { return 'users'; } }