REL1_37/php/SpecialChangeEmail_8php_source.html

<?php

use MediaWiki\Auth\AuthManager;

use MediaWiki\Logger\LoggerFactory;


class SpecialChangeEmail extends FormSpecialPage {

    private $status;


    public function __construct( AuthManager $authManager ) {

        parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );


        $this->setAuthManager( $authManager );

    }


    public function doesWrites() {

        return true;

    }


    public function isListed() {

        return $this->getAuthManager()->allowsPropertyChange( 'emailaddress' );

    }


    public function execute( $par ) {

        $out = $this->getOutput();

        $out->disallowUserJs();


        parent::execute( $par );

    }


    protected function getLoginSecurityLevel() {

        return $this->getName();

    }


    protected function checkExecutePermissions( User $user ) {

        if ( !$this->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) {

            throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );

        }


        $this->requireLogin( 'changeemail-no-info' );


        // This could also let someone check the current email address, so

        // require both permissions.

        if ( !$this->getAuthority()->isAllowed( 'viewmyprivateinfo' ) ) {

            throw new PermissionsError( 'viewmyprivateinfo' );

        }


        parent::checkExecutePermissions( $user );

    }


    protected function getFormFields() {

        $user = $this->getUser();


        $fields = [

            'Name' => [

                'type' => 'info',

                'label-message' => 'username',

                'default' => $user->getName(),

            ],

            'OldEmail' => [

                'type' => 'info',

                'label-message' => 'changeemail-oldemail',

                'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),

            ],

            'NewEmail' => [

                'type' => 'email',

                'label-message' => 'changeemail-newemail',

                'autofocus' => true,

                'maxlength' => 255,

                'help-message' => 'changeemail-newemail-help',

            ],

        ];


        return $fields;

    }


    protected function getDisplayFormat() {

        return 'ooui';

    }


    protected function alterForm( HTMLForm $form ) {

        $form->setId( 'mw-changeemail-form' );

        $form->setTableId( 'mw-changeemail-table' );

        $form->setSubmitTextMsg( 'changeemail-submit' );

        $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );


        $form->addHeaderText( $this->msg( 'changeemail-header' )->parseAsBlock() );

    }


    public function onSubmit( array $data ) {

        $status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );


        $this->status = $status;


        return $status;

    }


    public function onSuccess() {

        $request = $this->getRequest();


        $returnto = $request->getVal( 'returnto' );

        $titleObj = $returnto !== null ? Title::newFromText( $returnto ) : null;

        if ( !$titleObj instanceof Title ) {

            $titleObj = Title::newMainPage();

        }

        $query = $request->getVal( 'returntoquery', '' );


        if ( $this->status->value === true ) {

            $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );

        } elseif ( $this->status->value === 'eauth' ) {

            # Notify user that a confirmation email has been sent...

            $this->getOutput()->wrapWikiMsg( "<div class='warningbox'>\n$1\n</div>",

                'eauthentsent', $this->getUser()->getName() );

            // just show the link to go back

            $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );

        }

    }


    private function attemptChange( User $user, $newaddr ) {

        if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {

            return Status::newFatal( 'invalidemailaddress' );

        }


        $oldaddr = $user->getEmail();

        if ( $newaddr === $oldaddr ) {

            return Status::newFatal( 'changeemail-nochange' );

        }


        if ( strlen( $newaddr ) > 255 ) {

            return Status::newFatal( 'changeemail-maxlength' );

        }


        // To prevent spam, rate limit adding a new address, but do

        // not rate limit removing an address.

        if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {

            return Status::newFatal( 'actionthrottledtext' );

        }


        $userLatest = $user->getInstanceForUpdate();

        $status = $userLatest->setEmailWithConfirmation( $newaddr );

        if ( !$status->isGood() ) {

            return $status;

        }


        LoggerFactory::getInstance( 'authentication' )->info(

            'Changing email address for {user} from {oldemail} to {newemail}', [

                'user' => $userLatest->getName(),

                'oldemail' => $oldaddr,

                'newemail' => $newaddr,

            ]

        );


        $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldaddr, $newaddr );


        $userLatest->saveSettings();


        return $status;

    }


    public function requiresUnblock() {

        return false;

    }


    protected function getGroupName() {

        return 'users';

    }


}


wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition GlobalFunctions.php:375

ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition ErrorPageError.php:30

FormSpecialPage
Special page which uses an HTMLForm to handle processing.
Definition FormSpecialPage.php:31

FormSpecialPage\$par
string null $par
The sub-page of the special page.
Definition FormSpecialPage.php:36

HTMLForm
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:143

HTMLForm\setTableId
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition HTMLForm.php:1559

HTMLForm\setSubmitTextMsg
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition HTMLForm.php:1420

HTMLForm\setId
setId( $id)
Definition HTMLForm.php:1570

HTMLForm\addHeaderText
addHeaderText( $msg, $section=null)
Add HTML to the header, inside the form.
Definition HTMLForm.php:830

HTMLForm\addHiddenFields
addHiddenFields(array $fields)
Add an array of hidden fields to the output.
Definition HTMLForm.php:985

MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:102

MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45

PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition PermissionsError.php:32

SpecialChangeEmail
Let users change their email address.
Definition SpecialChangeEmail.php:32

SpecialChangeEmail\$status
Status $status
Definition SpecialChangeEmail.php:36

SpecialChangeEmail\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialChangeEmail.php:47

SpecialChangeEmail\isListed
isListed()
Definition SpecialChangeEmail.php:54

SpecialChangeEmail\requiresUnblock
requiresUnblock()
Whether this action cannot be executed by a blocked user.
Definition SpecialChangeEmail.php:203

SpecialChangeEmail\getDisplayFormat
getDisplayFormat()
Get display format for the form.
Definition SpecialChangeEmail.php:115

SpecialChangeEmail\onSuccess
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
Definition SpecialChangeEmail.php:136

SpecialChangeEmail\alterForm
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
Definition SpecialChangeEmail.php:119

SpecialChangeEmail\getFormFields
getFormFields()
Get an HTMLForm descriptor array.
Definition SpecialChangeEmail.php:89

SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialChangeEmail.php:207

SpecialChangeEmail\attemptChange
attemptChange(User $user, $newaddr)
Definition SpecialChangeEmail.php:162

SpecialChangeEmail\checkExecutePermissions
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
Definition SpecialChangeEmail.php:73

SpecialChangeEmail\__construct
__construct(AuthManager $authManager)
Definition SpecialChangeEmail.php:41

SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition SpecialChangeEmail.php:62

SpecialChangeEmail\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition SpecialChangeEmail.php:69

SpecialChangeEmail\onSubmit
onSubmit(array $data)
Process the form on POST submission.
Definition SpecialChangeEmail.php:128

SpecialPage\getName
getName()
Get the name of this Special Page.
Definition SpecialPage.php:179

SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:790

SpecialPage\requireLogin
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
Definition SpecialPage.php:388

SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:800

SpecialPage\$authManager
AuthManager null $authManager
Definition SpecialPage.php:88

SpecialPage\getAuthManager
getAuthManager()
Definition SpecialPage.php:520

SpecialPage\getHookRunner
getHookRunner()
Definition SpecialPage.php:1095

SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:912

SpecialPage\getAuthority
getAuthority()
Shortcut to get the Authority executing this instance.
Definition SpecialPage.php:810

SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition SpecialPage.php:780

SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:510

StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:122

Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44

Title
Represents a title within MediaWiki.
Definition Title.php:48

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:69

User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition User.php:1689

User\getEmail
getEmail()
Get the user's e-mail address.
Definition User.php:2433

User\getInstanceForUpdate
getInstanceForUpdate()
Get a new instance of this user that was loaded from the primary DB via a locking read.
Definition User.php:4240