diff options
Diffstat (limited to 'www/wiki/includes/specials/SpecialConfirmemail.php')
-rw-r--r-- | www/wiki/includes/specials/SpecialConfirmemail.php | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/www/wiki/includes/specials/SpecialConfirmemail.php b/www/wiki/includes/specials/SpecialConfirmemail.php new file mode 100644 index 00000000..f494b9d6 --- /dev/null +++ b/www/wiki/includes/specials/SpecialConfirmemail.php @@ -0,0 +1,168 @@ +<?php +/** + * Implements Special:Confirmemail + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @file + * @ingroup SpecialPage + */ + +/** + * Special page allows users to request email confirmation message, and handles + * processing of the confirmation code when the link in the email is followed + * + * @ingroup SpecialPage + * @author Brion Vibber + * @author Rob Church <robchur@gmail.com> + */ +class EmailConfirmation extends UnlistedSpecialPage { + public function __construct() { + parent::__construct( 'Confirmemail', 'editmyprivateinfo' ); + } + + public function doesWrites() { + return true; + } + + /** + * Main execution point + * + * @param null|string $code Confirmation code passed to the page + * @throws PermissionsError + * @throws ReadOnlyError + * @throws UserNotLoggedIn + */ + function execute( $code ) { + // Ignore things like master queries/connections on GET requests. + // It's very convenient to just allow formless link usage. + $trxProfiler = Profiler::instance()->getTransactionProfiler(); + + $this->setHeaders(); + $this->checkReadOnly(); + $this->checkPermissions(); + + // This could also let someone check the current email address, so + // require both permissions. + if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { + throw new PermissionsError( 'viewmyprivateinfo' ); + } + + if ( $code === null || $code === '' ) { + $this->requireLogin( 'confirmemail_needlogin' ); + if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) { + $this->showRequestForm(); + } else { + $this->getOutput()->addWikiMsg( 'confirmemail_noemail' ); + } + } else { + $old = $trxProfiler->setSilenced( true ); + $this->attemptConfirm( $code ); + $trxProfiler->setSilenced( $old ); + } + } + + /** + * Show a nice form for the user to request a confirmation mail + */ + function showRequestForm() { + $user = $this->getUser(); + $out = $this->getOutput(); + + if ( !$user->isEmailConfirmed() ) { + $descriptor = []; + if ( $user->isEmailConfirmationPending() ) { + $descriptor += [ + 'pending' => [ + 'type' => 'info', + 'raw' => true, + 'default' => "<div class=\"error mw-confirmemail-pending\">\n" . + $this->msg( 'confirmemail_pending' )->escaped() . + "\n</div>", + ], + ]; + } + + $out->addWikiMsg( 'confirmemail_text' ); + $form = HTMLForm::factory( 'ooui', $descriptor, $this->getContext() ); + $form + ->setMethod( 'post' ) + ->setAction( $this->getPageTitle()->getLocalURL() ) + ->setSubmitTextMsg( 'confirmemail_send' ) + ->setSubmitCallback( [ $this, 'submitSend' ] ); + + $retval = $form->show(); + + if ( $retval === true ) { + // should never happen, but if so, don't let the user without any message + $out->addWikiMsg( 'confirmemail_sent' ); + } elseif ( $retval instanceof Status && $retval->isGood() ) { + $out->addWikiText( $retval->getValue() ); + } + } else { + // date and time are separate parameters to facilitate localisation. + // $time is kept for backward compat reasons. + // 'emailauthenticated' is also used in SpecialPreferences.php + $lang = $this->getLanguage(); + $emailAuthenticated = $user->getEmailAuthenticationTimestamp(); + $time = $lang->userTimeAndDate( $emailAuthenticated, $user ); + $d = $lang->userDate( $emailAuthenticated, $user ); + $t = $lang->userTime( $emailAuthenticated, $user ); + $out->addWikiMsg( 'emailauthenticated', $time, $d, $t ); + } + } + + /** + * Callback for HTMLForm send confirmation mail. + * + * @return Status Status object with the result + */ + public function submitSend() { + $status = $this->getUser()->sendConfirmationMail(); + if ( $status->isGood() ) { + return Status::newGood( $this->msg( 'confirmemail_sent' )->text() ); + } else { + return Status::newFatal( new RawMessage( + $status->getWikiText( 'confirmemail_sendfailed' ) + ) ); + } + } + + /** + * Attempt to confirm the user's email address and show success or failure + * as needed; if successful, take the user to log in + * + * @param string $code Confirmation code + */ + private function attemptConfirm( $code ) { + $user = User::newFromConfirmationCode( $code, User::READ_LATEST ); + if ( !is_object( $user ) ) { + $this->getOutput()->addWikiMsg( 'confirmemail_invalid' ); + + return; + } + + $user->confirmEmail(); + $user->saveSettings(); + $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success'; + $this->getOutput()->addWikiMsg( $message ); + + if ( !$this->getUser()->isLoggedIn() ) { + $title = SpecialPage::getTitleFor( 'Userlogin' ); + $this->getOutput()->returnToMain( true, $title ); + } + } +} |