includes/specials/SpecialConfirmemail.php

   1 <?php
   2 /**
   3  * Implements Special:Confirmemail and Special:Invalidateemail
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Special page allows users to request email confirmation message, and handles
  26  * processing of the confirmation code when the link in the email is followed
  27  *
  28  * @ingroup SpecialPage
  29  * @author Brion Vibber
  30  * @author Rob Church <robchur@gmail.com>
  31  */
  32 class EmailConfirmation extends UnlistedSpecialPage {
  33         public function __construct() {
  34                 parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
  35         }
  36
  37         /**
  38          * Main execution point
  39          *
  40          * @param null|string $code Confirmation code passed to the page
  41          * @throws PermissionsError
  42          * @throws ReadOnlyError
  43          * @throws UserNotLoggedIn
  44          */
  45         function execute( $code ) {
  46                 // Ignore things like master queries/connections on GET requests.
  47                 // It's very convenient to just allow formless link usage.
  48                 Profiler::instance()->getTransactionProfiler()->resetExpectations();
  49
  50                 $this->setHeaders();
  51
  52                 $this->checkReadOnly();
  53                 $this->checkPermissions();
  54
  55                 $this->requireLogin( 'confirmemail_needlogin' );
  56
  57                 // This could also let someone check the current email address, so
  58                 // require both permissions.
  59                 if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
  60                         throw new PermissionsError( 'viewmyprivateinfo' );
  61                 }
  62
  63                 if ( $code === null || $code === '' ) {
  64                         if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
  65                                 $this->showRequestForm();
  66                         } else {
  67                                 $this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
  68                         }
  69                 } else {
  70                         $this->attemptConfirm( $code );
  71                 }
  72         }
  73
  74         /**
  75          * Show a nice form for the user to request a confirmation mail
  76          */
  77         function showRequestForm() {
  78                 $user = $this->getUser();
  79                 $out = $this->getOutput();
  80
  81                 if ( $this->getRequest()->wasPosted() &&
  82                         $user->matchEditToken( $this->getRequest()->getText( 'token' ) )
  83                 ) {
  84                         $status = $user->sendConfirmationMail();
  85                         if ( $status->isGood() ) {
  86                                 $out->addWikiMsg( 'confirmemail_sent' );
  87                         } else {
  88                                 $out->addWikiText( $status->getWikiText( 'confirmemail_sendfailed' ) );
  89                         }
  90                 } elseif ( $user->isEmailConfirmed() ) {
  91                         // date and time are separate parameters to facilitate localisation.
  92                         // $time is kept for backward compat reasons.
  93                         // 'emailauthenticated' is also used in SpecialPreferences.php
  94                         $lang = $this->getLanguage();
  95                         $emailAuthenticated = $user->getEmailAuthenticationTimestamp();
  96                         $time = $lang->userTimeAndDate( $emailAuthenticated, $user );
  97                         $d = $lang->userDate( $emailAuthenticated, $user );
  98                         $t = $lang->userTime( $emailAuthenticated, $user );
  99                         $out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
 100                 } else {
 101                         if ( $user->isEmailConfirmationPending() ) {
 102                                 $out->wrapWikiMsg(
 103                                         "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>",
 104                                         'confirmemail_pending'
 105                                 );
 106                         }
 107
 108                         $out->addWikiMsg( 'confirmemail_text' );
 109                         $form = Html::openElement(
 110                                 'form',
 111                                 array( 'method' => 'post', 'action' => $this->getPageTitle()->getLocalURL() )
 112                         ) . "\n";
 113                         $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
 114                         $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
 115                         $form .= Html::closeElement( 'form' ) . "\n";
 116                         $out->addHTML( $form );
 117                 }
 118         }
 119
 120         /**
 121          * Attempt to confirm the user's email address and show success or failure
 122          * as needed; if successful, take the user to log in
 123          *
 124          * @param string $code Confirmation code
 125          */
 126         function attemptConfirm( $code ) {
 127                 $user = User::newFromConfirmationCode( $code, User::READ_LATEST );
 128                 if ( !is_object( $user ) ) {
 129                         $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 130
 131                         return;
 132                 }
 133
 134                 $user->confirmEmail();
 135                 $user->saveSettings();
 136                 $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
 137                 $this->getOutput()->addWikiMsg( $message );
 138
 139                 if ( !$this->getUser()->isLoggedIn() ) {
 140                         $title = SpecialPage::getTitleFor( 'Userlogin' );
 141                         $this->getOutput()->returnToMain( true, $title );
 142                 }
 143         }
 144 }
 145
 146 /**
 147  * Special page allows users to cancel an email confirmation using the e-mail
 148  * confirmation code
 149  *
 150  * @ingroup SpecialPage
 151  */
 152 class EmailInvalidation extends UnlistedSpecialPage {
 153         public function __construct() {
 154                 parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
 155         }
 156
 157         function execute( $code ) {
 158                 // Ignore things like master queries/connections on GET requests.
 159                 // It's very convenient to just allow formless link usage.
 160                 Profiler::instance()->getTransactionProfiler()->resetExpectations();
 161
 162                 $this->setHeaders();
 163                 $this->checkReadOnly();
 164                 $this->checkPermissions();
 165                 $this->attemptInvalidate( $code );
 166         }
 167
 168         /**
 169          * Attempt to invalidate the user's email address and show success or failure
 170          * as needed; if successful, link to main page
 171          *
 172          * @param string $code Confirmation code
 173          */
 174         function attemptInvalidate( $code ) {
 175                 $user = User::newFromConfirmationCode( $code, User::READ_LATEST );
 176                 if ( !is_object( $user ) ) {
 177                         $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 178
 179                         return;
 180                 }
 181
 182                 $user->invalidateEmail();
 183                 $user->saveSettings();
 184                 $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
 185
 186                 if ( !$this->getUser()->isLoggedIn() ) {
 187                         $this->getOutput()->returnToMain();
 188                 }
 189         }
 190 }