MediaWiki  1.23.13
SpecialChangeEmail.php
Go to the documentation of this file.
1 <?php
30 
35  protected $mPassword;
36 
41  protected $mNewEmail;
42 
43  public function __construct() {
44  parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
45  }
46 
50  function isListed() {
51  global $wgAuth;
52 
53  return $wgAuth->allowPropChange( 'emailaddress' );
54  }
55 
59  function execute( $par ) {
60  global $wgAuth;
61 
62  $this->setHeaders();
63  $this->outputHeader();
64 
65  $out = $this->getOutput();
66  $out->disallowUserJs();
67  $out->addModules( 'mediawiki.special.changeemail' );
68 
69  if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
70  $this->error( 'cannotchangeemail' );
71 
72  return;
73  }
74 
75  $user = $this->getUser();
76  $request = $this->getRequest();
77 
78  $this->requireLogin( 'changeemail-no-info' );
79 
80  if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
81  $this->doReturnTo();
82 
83  return;
84  }
85 
86  $this->checkReadOnly();
87  $this->checkPermissions();
88 
89  // This could also let someone check the current email address, so
90  // require both permissions.
91  if ( !$user->isAllowed( 'viewmyprivateinfo' ) ) {
92  throw new PermissionsError( 'viewmyprivateinfo' );
93  }
94 
95  $this->mPassword = $request->getVal( 'wpPassword' );
96  $this->mNewEmail = $request->getVal( 'wpNewEmail' );
97 
98  if ( $request->wasPosted()
99  && $user->matchEditToken( $request->getVal( 'token' ) )
100  ) {
101  $info = $this->attemptChange( $user, $this->mPassword, $this->mNewEmail );
102  if ( $info === true ) {
103  $this->doReturnTo();
104  } elseif ( $info === 'eauth' ) {
105  # Notify user that a confirmation email has been sent...
106  $out->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
107  'eauthentsent', $user->getName() );
108  $this->doReturnTo( 'soft' ); // just show the link to go back
109  return; // skip form
110  }
111  }
112 
113  $this->showForm();
114  }
115 
119  protected function doReturnTo( $type = 'hard' ) {
120  $titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) );
121  if ( !$titleObj instanceof Title ) {
122  $titleObj = Title::newMainPage();
123  }
124  if ( $type == 'hard' ) {
125  $this->getOutput()->redirect( $titleObj->getFullURL() );
126  } else {
127  $this->getOutput()->addReturnTo( $titleObj );
128  }
129  }
130 
134  protected function error( $msg ) {
135  $this->getOutput()->wrapWikiMsg( "<p class='error'>\n$1\n</p>", $msg );
136  }
137 
138  protected function showForm() {
139  global $wgRequirePasswordforEmailChange;
140  $user = $this->getUser();
141 
142  $oldEmailText = $user->getEmail()
143  ? $user->getEmail()
144  : $this->msg( 'changeemail-none' )->text();
145 
146  $this->getOutput()->addHTML(
147  Xml::fieldset( $this->msg( 'changeemail-header' )->text() ) .
148  Xml::openElement( 'form',
149  array(
150  'method' => 'post',
151  'action' => $this->getPageTitle()->getLocalURL(),
152  'id' => 'mw-changeemail-form' ) ) . "\n" .
153  Html::hidden( 'token', $user->getEditToken() ) . "\n" .
154  Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
155  $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" .
156  Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n"
157  );
158  $items = array(
159  array( 'wpName', 'username', 'text', $user->getName() ),
160  array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
161  array( 'wpNewEmail', 'changeemail-newemail', 'email', $this->mNewEmail ),
162  );
163  if ( $wgRequirePasswordforEmailChange ) {
164  $items[] = array( 'wpPassword', 'changeemail-password', 'password', $this->mPassword );
165  }
166 
167  $this->getOutput()->addHTML(
168  $this->pretty( $items ) .
169  "\n" .
170  "<tr>\n" .
171  "<td></td>\n" .
172  '<td class="mw-input">' .
173  Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) .
174  Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) .
175  "</td>\n" .
176  "</tr>\n" .
177  Xml::closeElement( 'table' ) .
178  Xml::closeElement( 'form' ) .
179  Xml::closeElement( 'fieldset' ) . "\n"
180  );
181  }
182 
187  protected function pretty( $fields ) {
188  $out = '';
189  foreach ( $fields as $list ) {
190  list( $name, $label, $type, $value ) = $list;
191  if ( $type == 'text' ) {
192  $field = htmlspecialchars( $value );
193  } else {
194  $attribs = array( 'id' => $name );
195  if ( $name == 'wpPassword' ) {
196  $attribs[] = 'autofocus';
197  }
198  $field = Html::input( $name, $value, $type, $attribs );
199  }
200  $out .= "<tr>\n";
201  $out .= "\t<td class='mw-label'>";
202  if ( $type != 'text' ) {
203  $out .= Xml::label( $this->msg( $label )->text(), $name );
204  } else {
205  $out .= $this->msg( $label )->escaped();
206  }
207  $out .= "</td>\n";
208  $out .= "\t<td class='mw-input'>";
209  $out .= $field;
210  $out .= "</td>\n";
211  $out .= "</tr>";
212  }
213 
214  return $out;
215  }
216 
223  protected function attemptChange( User $user, $pass, $newaddr ) {
224  global $wgAuth, $wgPasswordAttemptThrottle;
225 
226  if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
227  $this->error( 'invalidemailaddress' );
228 
229  return false;
230  }
231 
232  $throttleCount = LoginForm::incLoginThrottle( $user->getName() );
233  if ( $throttleCount === true ) {
234  $lang = $this->getLanguage();
235  $this->error( array( 'changeemail-throttled', $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) ) );
236 
237  return false;
238  }
239 
240  global $wgRequirePasswordforEmailChange;
241  if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
242  $this->error( 'wrongpassword' );
243 
244  return false;
245  }
246 
247  if ( $throttleCount ) {
248  LoginForm::clearLoginThrottle( $user->getName() );
249  }
250 
251  $oldaddr = $user->getEmail();
252  $status = $user->setEmailWithConfirmation( $newaddr );
253  if ( !$status->isGood() ) {
254  $this->getOutput()->addHTML(
255  '<p class="error">' .
256  $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) .
257  '</p>' );
258 
259  return false;
260  }
261 
262  wfRunHooks( 'PrefsEmailAudit', array( $user, $oldaddr, $newaddr ) );
263 
264  $user->saveSettings();
265 
266  $wgAuth->updateExternalDB( $user );
267 
268  return $status->value;
269  }
270 
271  protected function getGroupName() {
272  return 'users';
273  }
274 }
SpecialPage\getPageTitle
getPageTitle( $subpage=false)
Get a self-referential title object.
Definition: SpecialPage.php:488
Title\newFromText
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:189
SpecialChangeEmail\$mNewEmail
string $mNewEmail
Users new email address.
Definition: SpecialChangeEmail.php:39
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:535
UnlistedSpecialPage
Shortcut to construct a special page which is unlisted by default.
Definition: UnlistedSpecialPage.php:29
text
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add text
Definition: design.txt:12
Title\newMainPage
static newMainPage()
Create a new Title for the Main Page.
Definition: Title.php:441
$pass
$pass
Definition: UtfNormalGenerate.php:131
SpecialChangeEmail\__construct
__construct()
Definition: SpecialChangeEmail.php:41
LoginForm\incLoginThrottle
static incLoginThrottle( $username)
Increment the login attempt throttle hit count for the (username,current IP) tuple unless the throttl...
Definition: SpecialUserlogin.php:723
SpecialPage\checkPermissions
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
Definition: SpecialPage.php:287
Sanitizer\validateEmail
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:1847
LoginForm\clearLoginThrottle
static clearLoginThrottle( $username)
Clear the login attempt throttle hit count for the (username,current IP) tuple.
Definition: SpecialUserlogin.php:751
Html\hidden
static hidden( $name, $value, $attribs=array())
Convenience function to produce an input element with type=hidden.
Definition: Html.php:665
PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition: PermissionsError.php:28
SpecialPage\getLanguage
getLanguage()
Shortcut to get user's language.
Definition: SpecialPage.php:578
SpecialPage\requireLogin
requireLogin( $reasonMsg=null, $titleMsg=null)
If the user is not logged in, throws UserNotLoggedIn error.
Definition: SpecialPage.php:321
Xml\openElement
static openElement( $element, $attribs=null)
This opens an XML element.
Definition: Xml.php:109
SpecialChangeEmail\pretty
pretty( $fields)
Definition: SpecialChangeEmail.php:185
$out
$out
Definition: UtfNormalGenerate.php:167
SpecialChangeEmail\error
error( $msg)
Definition: SpecialChangeEmail.php:132
SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition: SpecialChangeEmail.php:57
SpecialChangeEmail\$mPassword
string $mPassword
Users password.
Definition: SpecialChangeEmail.php:34
SpecialChangeEmail\isListed
isListed()
Definition: SpecialChangeEmail.php:48
wfRunHooks
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
Definition: GlobalFunctions.php:4058
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
SpecialPage\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition: SpecialPage.php:352
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:545
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
Html\input
static input( $name, $value='', $type='text', $attribs=array())
Convenience function to produce an "<input>" element.
Definition: Html.php:648
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
SpecialChangeEmail\doReturnTo
doReturnTo( $type='hard')
Definition: SpecialChangeEmail.php:117
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:336
$value
$value
Definition: styleTest.css.php:45
SpecialPage\msg
msg()
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:609
SpecialChangeEmail
Let users change their email address.
Definition: SpecialChangeEmail.php:29
SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: SpecialPage.php:525
SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialChangeEmail.php:269
SpecialChangeEmail\attemptChange
attemptChange(User $user, $pass, $newaddr)
Definition: SpecialChangeEmail.php:221
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:237
SpecialChangeEmail\showForm
showForm()
Definition: SpecialChangeEmail.php:136
Title
Represents a title within MediaWiki.
Definition: Title.php:35
Xml\closeElement
static closeElement( $element)
Shortcut to close an XML element.
Definition: Xml.php:118
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
Xml\submitButton
static submitButton( $value, $attribs=array())
Convenience function to build an HTML submit button.
Definition: Xml.php:463
SpecialPage\checkReadOnly
checkReadOnly()
If the wiki is currently in readonly mode, throws a ReadOnlyError.
Definition: SpecialPage.php:300
Xml\label
static label( $label, $id, $attribs=array())
Convenience function to build an HTML form label.
Definition: Xml.php:374
$attribs
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned and may include noclasses after processing & $attribs
Definition: hooks.txt:1530
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:59
SpecialPage\outputHeader
outputHeader( $summaryMessageKey='')
Outputs a summary message on top of special pages Per default the message key is the canonical name o...
Definition: SpecialPage.php:443
Xml\fieldset
static fieldset( $legend=false, $content=false, $attribs=array())
Shortcut for creating fieldsets.
Definition: Xml.php:563
$type
$type
Definition: testCompression.php:46