- /* check if user with correct password has entered a new email address */
- if (($newadr <> '') && ($newadr <> $oldadr)) { # the user supplied a new email address on the login page
-
- # prepare for authentication and mail a temporary password to newadr
- if ( !$u->isValidEmailAddr( $newadr ) ) {
- return $this->mainLoginForm( wfMsg( 'invalidemailaddress', $error ) );
- }
- $u->mEmail = $newadr; # new behaviour: store this new emailaddr from login-page now into user database record ...
- $u->mEmailAuthenticationtimestamp = 0; # ... but flag the address as "dirty" (unauthenticated)
- $alreadyauthenticated = false;
-
- if ($wgEmailAuthentication) {
-
- # mail a temporary one-time password to the dirty address and return here to complete the user login
- # if the user returns now or later using this temp. password, then the new email address $newadr
- # - which is already stored in his user record - gets authenticated in checkpassword()
-
- $error = $this->mailPasswordInternal( $u, false, $newpassword_temp);
- $u->mNewpassword = $newpassword_temp;
-
- # The temporary password is mailed. The user is logged-in as he entered his correct password
- # This appears to be more intuitive than alternative 2.
-
- if ($error === '') {
- $mailmsg = '<br />' . wfMsg( 'passwordsentforemailauthentication', $u->getName() );
- } else {
- $mailmsg = '<br />' . wfMsg( 'mailerror', $error ) ;
- }
- }
- }
-