MediaWiki REL1_35
SpecialChangeEmail.php
Go to the documentation of this file.
1<?php
24use MediaWiki\Logger\LoggerFactory;
25use MediaWiki\MediaWikiServices;
26
32class SpecialChangeEmail extends FormSpecialPage {
36 private $status;
37
38 public function __construct() {
39 parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
40 }
41
42 public function doesWrites() {
43 return true;
44 }
45
49 public function isListed() {
50 return MediaWikiServices::getInstance()->getAuthManager()
51 ->allowsPropertyChange( 'emailaddress' );
52 }
53
58 public function execute( $par ) {
59 $out = $this->getOutput();
60 $out->disallowUserJs();
61
62 parent::execute( $par );
63 }
64
65 protected function getLoginSecurityLevel() {
66 return $this->getName();
67 }
68
69 protected function checkExecutePermissions( User $user ) {
70 $services = MediaWikiServices::getInstance();
71 if ( !$services->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) {
72 throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
73 }
74
75 $this->requireLogin( 'changeemail-no-info' );
76
77 // This could also let someone check the current email address, so
78 // require both permissions.
79 if ( !$services->getPermissionManager()
80 ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
81 ) {
82 throw new PermissionsError( 'viewmyprivateinfo' );
83 }
84
85 parent::checkExecutePermissions( $user );
86 }
87
88 protected function getFormFields() {
89 $user = $this->getUser();
90
91 $fields = [
92 'Name' => [
93 'type' => 'info',
94 'label-message' => 'username',
95 'default' => $user->getName(),
96 ],
97 'OldEmail' => [
98 'type' => 'info',
99 'label-message' => 'changeemail-oldemail',
100 'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),
101 ],
102 'NewEmail' => [
103 'type' => 'email',
104 'label-message' => 'changeemail-newemail',
105 'autofocus' => true,
106 'maxlength' => 255,
107 'help-message' => 'changeemail-newemail-help',
108 ],
109 ];
110
111 return $fields;
112 }
113
114 protected function getDisplayFormat() {
115 return 'ooui';
116 }
117
118 protected function alterForm( HTMLForm $form ) {
119 $form->setId( 'mw-changeemail-form' );
120 $form->setTableId( 'mw-changeemail-table' );
121 $form->setSubmitTextMsg( 'changeemail-submit' );
122 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
123
124 $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );
125 }
126
127 public function onSubmit( array $data ) {
128 $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );
129
130 $this->status = $status;
131
132 return $status;
133 }
134
135 public function onSuccess() {
136 $request = $this->getRequest();
137
138 $returnto = $request->getVal( 'returnto' );
139 $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;
140 if ( !$titleObj instanceof Title ) {
141 $titleObj = Title::newMainPage();
142 }
143 $query = $request->getVal( 'returntoquery', '' );
144
145 if ( $this->status->value === true ) {
146 $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );
147 } elseif ( $this->status->value === 'eauth' ) {
148 # Notify user that a confirmation email has been sent...
149 $this->getOutput()->wrapWikiMsg( "<div class='error' style='clear: both;'>\n$1\n</div>",
150 'eauthentsent', $this->getUser()->getName() );
151 // just show the link to go back
152 $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );
153 }
154 }
155
161 private function attemptChange( User $user, $newaddr ) {
162 if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
163 return Status::newFatal( 'invalidemailaddress' );
164 }
165
166 $oldaddr = $user->getEmail();
167 if ( $newaddr === $oldaddr ) {
168 return Status::newFatal( 'changeemail-nochange' );
169 }
170
171 if ( strlen( $newaddr ) > 255 ) {
172 return Status::newFatal( 'changeemail-maxlength' );
173 }
174
175 // To prevent spam, rate limit adding a new address, but do
176 // not rate limit removing an address.
177 if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
178 return Status::newFatal( 'actionthrottledtext' );
179 }
180
181 $userLatest = $user->getInstanceForUpdate();
182 $status = $userLatest->setEmailWithConfirmation( $newaddr );
183 if ( !$status->isGood() ) {
184 return $status;
185 }
186
187 LoggerFactory::getInstance( 'authentication' )->info(
188 'Changing email address for {user} from {oldemail} to {newemail}', [
189 'user' => $userLatest->getName(),
190 'oldemail' => $oldaddr,
191 'newemail' => $newaddr,
192 ]
193 );
194
195 $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldaddr, $newaddr );
196
197 $userLatest->saveSettings();
198
199 return $status;
200 }
201
202 public function requiresUnblock() {
203 return false;
204 }
205
206 protected function getGroupName() {
207 return 'users';
208 }
209}
wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition GlobalFunctions.php:391
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition ErrorPageError.php:30
FormSpecialPage
Special page which uses an HTMLForm to handle processing.
Definition FormSpecialPage.php:31
FormSpecialPage\$par
string null $par
The sub-page of the special page.
Definition FormSpecialPage.php:36
HTMLForm
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:135
HTMLForm\setTableId
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition HTMLForm.php:1528
HTMLForm\setSubmitTextMsg
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition HTMLForm.php:1407
HTMLForm\setId
setId( $id)
Definition HTMLForm.php:1539
HTMLForm\addHeaderText
addHeaderText( $msg, $section=null)
Add HTML to the header, inside the form.
Definition HTMLForm.php:819
HTMLForm\addHiddenFields
addHiddenFields(array $fields)
Add an array of hidden fields to the output.
Definition HTMLForm.php:974
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:152
PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition PermissionsError.php:31
SpecialChangeEmail
Let users change their email address.
Definition SpecialChangeEmail.php:32
SpecialChangeEmail\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialChangeEmail.php:42
SpecialChangeEmail\requiresUnblock
requiresUnblock()
Whether this action cannot be executed by a blocked user.
Definition SpecialChangeEmail.php:202
SpecialChangeEmail\getDisplayFormat
getDisplayFormat()
Get display format for the form.
Definition SpecialChangeEmail.php:114
SpecialChangeEmail\onSuccess
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
Definition SpecialChangeEmail.php:135
SpecialChangeEmail\alterForm
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
Definition SpecialChangeEmail.php:118
SpecialChangeEmail\getFormFields
getFormFields()
Get an HTMLForm descriptor array.
Definition SpecialChangeEmail.php:88
SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialChangeEmail.php:206
SpecialChangeEmail\attemptChange
attemptChange(User $user, $newaddr)
Definition SpecialChangeEmail.php:161
SpecialChangeEmail\checkExecutePermissions
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
Definition SpecialChangeEmail.php:69
SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition SpecialChangeEmail.php:58
SpecialChangeEmail\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition SpecialChangeEmail.php:65
SpecialChangeEmail\onSubmit
onSubmit(array $data)
Process the form on POST submission.
Definition SpecialChangeEmail.php:127
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition SpecialPage.php:164
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:744
SpecialPage\requireLogin
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
Definition SpecialPage.php:373
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:754
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:828
SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition SpecialPage.php:734
StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:122
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44
Title
Represents a title within MediaWiki.
Definition Title.php:42
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:60
User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition User.php:1747
User\getEmail
getEmail()
Get the user's e-mail address.
Definition User.php:2545
User\getInstanceForUpdate
getInstanceForUpdate()
Get a new instance of this user that was loaded from the master via a locking read.
Definition User.php:4563