dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Do not insert page titles into querycache.qc_value
[lhc/web/wiklou.git] / includes / specials / SpecialChangeEmail.php
1 <?php
2 /**
3 * Implements Special:ChangeEmail
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23
24 use MediaWiki\Auth\AuthManager;
25 use MediaWiki\Logger\LoggerFactory;
26 use MediaWiki\MediaWikiServices;
27
28 /**
29 * Let users change their email address.
30 *
31 * @ingroup SpecialPage
32 */
33 class SpecialChangeEmail extends FormSpecialPage {
34 /**
35 * @var Status
36 */
37 private $status;
38
39 public function __construct() {
40 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
41 }
42
43 public function doesWrites() {
44 return true;
45 }
46
47 /**
48 * @return bool
49 */
50 public function isListed() {
51 return AuthManager::singleton()->allowsPropertyChange( 'emailaddress' );
52 }
53
54 /**
55 * Main execution point
56 * @param string $par
57 */
58 function execute( $par ) {
59 $out = $this->getOutput();
60 $out->disallowUserJs();
61
62 parent::execute( $par );
63 }
64
65 protected function getLoginSecurityLevel() {
66 return $this->getName();
67 }
68
69 protected function checkExecutePermissions( User $user ) {
70 if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
71 throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
72 }
73
74 $this->requireLogin( 'changeemail-no-info' );
75
76 // This could also let someone check the current email address, so
77 // require both permissions.
78 if ( !MediaWikiServices::getInstance()
79 ->getPermissionManager()
80 ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
81 ) {
82 throw new PermissionsError( 'viewmyprivateinfo' );
83 }
84
85 parent::checkExecutePermissions( $user );
86 }
87
88 protected function getFormFields() {
89 $user = $this->getUser();
90
91 $fields = [
92 'Name' => [
93 'type' => 'info',
94 'label-message' => 'username',
95 'default' => $user->getName(),
96 ],
97 'OldEmail' => [
98 'type' => 'info',
99 'label-message' => 'changeemail-oldemail',
100 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
101 ],
102 'NewEmail' => [
103 'type' => 'email',
104 'label-message' => 'changeemail-newemail',
105 'autofocus' => true,
106 'help-message' => 'changeemail-newemail-help',
107 ],
108 ];
109
110 return $fields;
111 }
112
113 protected function getDisplayFormat() {
114 return 'ooui';
115 }
116
117 protected function alterForm( HTMLForm $form ) {
118 $form->setId( 'mw-changeemail-form' );
119 $form->setTableId( 'mw-changeemail-table' );
120 $form->setSubmitTextMsg( 'changeemail-submit' );
121 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
122
123 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
124 }
125
126 public function onSubmit( array $data ) {
127 $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );
128
129 $this->status = $status;
130
131 return $status;
132 }
133
134 public function onSuccess() {
135 $request = $this->getRequest();
136
137 $returnto = $request->getVal( 'returnto' );
138 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
139 if ( !$titleObj instanceof Title ) {
140 $titleObj = Title::newMainPage();
141 }
142 $query = $request->getVal( 'returntoquery' );
143
144 if ( $this->status->value === true ) {
145 $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );
146 } elseif ( $this->status->value === 'eauth' ) {
147 # Notify user that a confirmation email has been sent...
148 $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
149 'eauthentsent', $this->getUser()->getName() );
150 // just show the link to go back
151 $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
152 }
153 }
154
155 /**
156 * @param User $user
157 * @param string $newaddr
158 * @return Status
159 */
160 private function attemptChange( User $user, $newaddr ) {
161 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
162 return Status::newFatal( 'invalidemailaddress' );
163 }
164
165 if ( $newaddr === $user->getEmail() ) {
166 return Status::newFatal( 'changeemail-nochange' );
167 }
168
169 // To prevent spam, rate limit adding a new address, but do
170 // not rate limit removing an address.
171 if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
172 return Status::newFatal( 'actionthrottledtext' );
173 }
174
175 $oldaddr = $user->getEmail();
176 $status = $user->setEmailWithConfirmation( $newaddr );
177 if ( !$status->isGood() ) {
178 return $status;
179 }
180
181 LoggerFactory::getInstance( 'authentication' )->info(
182 'Changing email address for {user} from {oldemail} to {newemail}', [
183 'user' => $user->getName(),
184 'oldemail' => $oldaddr,
185 'newemail' => $newaddr,
186 ]
187 );
188
189 Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
190
191 $user->saveSettings();
192
193 return $status;
194 }
195
196 public function requiresUnblock() {
197 return false;
198 }
199
200 protected function getGroupName() {
201 return 'users';
202 }
203 }
Wiklou, le Wiki du Wiklou