includes/specials/SpecialConfirmemail.php

   1 <?php
   2 /**
   3  * Implements Special:Confirmemail and Special:Invalidateemail
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Special page allows users to request email confirmation message, and handles
  26  * processing of the confirmation code when the link in the email is followed
  27  *
  28  * @ingroup SpecialPage
  29  * @author Brion Vibber
  30  * @author Rob Church <robchur@gmail.com>
  31  */
  32 class EmailConfirmation extends UnlistedSpecialPage {
  33         public function __construct() {
  34                 parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
  35         }
  36
  37         /**
  38          * Main execution point
  39          *
  40          * @param null|string $code Confirmation code passed to the page
  41          */
  42         function execute( $code ) {
  43                 $this->setHeaders();
  44
  45                 $this->checkReadOnly();
  46                 $this->checkPermissions();
  47
  48                 // This could also let someone check the current email address, so
  49                 // require both permissions.
  50                 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
  51                         throw new PermissionsError( 'viewmyprivateinfo' );
  52                 }
  53
  54                 if ( $code === null || $code === '' ) {
  55                         if ( $this->getUser()->isLoggedIn() ) {
  56                                 if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
  57                                         $this->showRequestForm();
  58                                 } else {
  59                                         $this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
  60                                 }
  61                         } else {
  62                                 $llink = Linker::linkKnown(
  63                                         SpecialPage::getTitleFor( 'Userlogin' ),
  64                                         $this->msg( 'loginreqlink' )->escaped(),
  65                                         array(),
  66                                         array( 'returnto' => $this->getTitle()->getPrefixedText() )
  67                                 );
  68                                 $this->getOutput()->addHTML(
  69                                         $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse()
  70                                 );
  71                         }
  72                 } else {
  73                         $this->attemptConfirm( $code );
  74                 }
  75         }
  76
  77         /**
  78          * Show a nice form for the user to request a confirmation mail
  79          */
  80         function showRequestForm() {
  81                 $user = $this->getUser();
  82                 $out = $this->getOutput();
  83
  84                 if ( $this->getRequest()->wasPosted() &&
  85                         $user->matchEditToken( $this->getRequest()->getText( 'token' ) )
  86                 ) {
  87                         $status = $user->sendConfirmationMail();
  88                         if ( $status->isGood() ) {
  89                                 $out->addWikiMsg( 'confirmemail_sent' );
  90                         } else {
  91                                 $out->addWikiText( $status->getWikiText( 'confirmemail_sendfailed' ) );
  92                         }
  93                 } else {
  94                         if ( $user->isEmailConfirmed() ) {
  95                                 // date and time are separate parameters to facilitate localisation.
  96                                 // $time is kept for backward compat reasons.
  97                                 // 'emailauthenticated' is also used in SpecialPreferences.php
  98                                 $lang = $this->getLanguage();
  99                                 $emailAuthenticated = $user->getEmailAuthenticationTimestamp();
 100                                 $time = $lang->userTimeAndDate( $emailAuthenticated, $user );
 101                                 $d = $lang->userDate( $emailAuthenticated, $user );
 102                                 $t = $lang->userTime( $emailAuthenticated, $user );
 103                                 $out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
 104                         }
 105
 106                         if ( $user->isEmailConfirmationPending() ) {
 107                                 $out->wrapWikiMsg(
 108                                         "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>",
 109                                         'confirmemail_pending'
 110                                 );
 111                         }
 112
 113                         $out->addWikiMsg( 'confirmemail_text' );
 114                         $form = Html::openElement(
 115                                 'form',
 116                                 array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() )
 117                         ) . "\n";
 118                         $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
 119                         $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
 120                         $form .= Html::closeElement( 'form' ) . "\n";
 121                         $out->addHTML( $form );
 122                 }
 123         }
 124
 125         /**
 126          * Attempt to confirm the user's email address and show success or failure
 127          * as needed; if successful, take the user to log in
 128          *
 129          * @param string $code Confirmation code
 130          */
 131         function attemptConfirm( $code ) {
 132                 $user = User::newFromConfirmationCode( $code );
 133                 if ( !is_object( $user ) ) {
 134                         $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 135
 136                         return;
 137                 }
 138
 139                 $user->confirmEmail();
 140                 $user->saveSettings();
 141                 $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
 142                 $this->getOutput()->addWikiMsg( $message );
 143
 144                 if ( !$this->getUser()->isLoggedIn() ) {
 145                         $title = SpecialPage::getTitleFor( 'Userlogin' );
 146                         $this->getOutput()->returnToMain( true, $title );
 147                 }
 148         }
 149 }
 150
 151 /**
 152  * Special page allows users to cancel an email confirmation using the e-mail
 153  * confirmation code
 154  *
 155  * @ingroup SpecialPage
 156  */
 157 class EmailInvalidation extends UnlistedSpecialPage {
 158         public function __construct() {
 159                 parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
 160         }
 161
 162         function execute( $code ) {
 163                 $this->setHeaders();
 164                 $this->checkReadOnly();
 165                 $this->checkPermissions();
 166                 $this->attemptInvalidate( $code );
 167         }
 168
 169         /**
 170          * Attempt to invalidate the user's email address and show success or failure
 171          * as needed; if successful, link to main page
 172          *
 173          * @param string $code Confirmation code
 174          */
 175         function attemptInvalidate( $code ) {
 176                 $user = User::newFromConfirmationCode( $code );
 177                 if ( !is_object( $user ) ) {
 178                         $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 179
 180                         return;
 181                 }
 182
 183                 $user->invalidateEmail();
 184                 $user->saveSettings();
 185                 $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
 186
 187                 if ( !$this->getUser()->isLoggedIn() ) {
 188                         $this->getOutput()->returnToMain();
 189                 }
 190         }
 191 }