master/php/SpecialChangeEmail_8php_source.html

<?php

namespace MediaWiki\Specials;


use LogicException;

use MediaWiki\Auth\AuthManager;

use MediaWiki\Exception\ErrorPageError;

use MediaWiki\Exception\PermissionsError;

use MediaWiki\Html\Html;

use MediaWiki\HTMLForm\HTMLForm;

use MediaWiki\Logger\LoggerFactory;

use MediaWiki\Parser\Sanitizer;

use MediaWiki\SpecialPage\FormSpecialPage;

use MediaWiki\Status\Status;

use MediaWiki\Title\Title;

use MediaWiki\User\User;


class SpecialChangeEmail extends FormSpecialPage {

    private $status;


    public function __construct( AuthManager $authManager ) {

        parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );


        $this->setAuthManager( $authManager );

    }


    public function doesWrites() {

        return true;

    }


    public function isListed() {

        return $this->getAuthManager()->allowsPropertyChange( 'emailaddress' );

    }


    public function execute( $par ) {

        $out = $this->getOutput();

        $out->disallowUserJs();

        $out->addModules( 'mediawiki.special.changeemail' );

        parent::execute( $par );

    }


    protected function getLoginSecurityLevel() {

        return $this->getName();

    }


    protected function checkExecutePermissions( User $user ) {

        if ( !$this->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) {

            throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );

        }


        $this->requireNamedUser( 'changeemail-no-info', 'exception-nologin', true );


        // This could also let someone check the current email address, so

        // require both permissions.

        if ( !$this->getAuthority()->isAllowed( 'viewmyprivateinfo' ) ) {

            throw new PermissionsError( 'viewmyprivateinfo' );

        }


        parent::checkExecutePermissions( $user );

    }


    protected function getFormFields() {

        $user = $this->getUser();


        return [

            'Name' => [

                'type' => 'info',

                'label-message' => 'username',

                'default' => $user->getName(),

            ],

            'OldEmail' => [

                'type' => 'info',

                'label-message' => 'changeemail-oldemail',

                'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),

            ],

            'NewEmail' => [

                'type' => 'email',

                'label-message' => 'changeemail-newemail',

                'autofocus' => true,

                'maxlength' => 255,

                'help-message' => 'changeemail-newemail-help',

            ],

        ];

    }


    protected function getDisplayFormat() {

        return 'ooui';

    }


    protected function alterForm( HTMLForm $form ) {

        $form->setId( 'mw-changeemail-form' );

        $form->setTableId( 'mw-changeemail-table' );

        $form->setSubmitTextMsg( 'changeemail-submit' );

        $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );


        $form->addHeaderHtml( $this->msg( 'changeemail-header' )->parseAsBlock() );

        $form->setSubmitID( 'change_email_submit' );

    }


    public function onSubmit( array $data ) {

        $this->status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );


        return $this->status;

    }


    public function onSuccess() {

        $request = $this->getRequest();


        $returnTo = $request->getVal( 'returnto' );

        $titleObj = $returnTo !== null ? Title::newFromText( $returnTo ) : null;

        if ( !$titleObj instanceof Title ) {

            $titleObj = Title::newMainPage();

        }

        $query = $request->getVal( 'returntoquery', '' );


        if ( $this->status->value === true ) {

            $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );

        } elseif ( $this->status->value === 'eauth' ) {

            # Notify user that a confirmation email has been sent...

            $out = $this->getOutput();

            $out->addModuleStyles( 'mediawiki.codex.messagebox.styles' );

            $out->addHTML(

                Html::warningBox(

                    $out->msg( 'eauthentsent', $this->getUser()->getName() )->parse()

                )

            );

            // just show the link to go back

            $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );

        }

    }


    private function attemptChange( User $user, $newAddr ) {

        if ( $newAddr !== '' && !Sanitizer::validateEmail( $newAddr ) ) {

            return Status::newFatal( 'invalidemailaddress' );

        }


        $oldAddr = $user->getEmail();

        if ( $newAddr === $oldAddr ) {

            return Status::newFatal( 'changeemail-nochange' );

        }


        if ( strlen( $newAddr ) > 255 ) {

            return Status::newFatal( 'changeemail-maxlength' );

        }


        // To prevent spam, rate limit adding a new address, but do

        // not rate limit removing an address.

        if ( $newAddr !== '' ) {

            // Enforce permissions, user blocks, and rate limits

            $status = $this->authorizeAction( 'changeemail' );

            if ( !$status->isGood() ) {

                return Status::wrap( $status );

            }

        }


        $userLatest = $user->getInstanceFromPrimary() ?? throw new LogicException( 'No user' );

        $changeStatus = Status::newGood();

        if (

            !$this->getHookRunner()->onUserCanChangeEmail( $userLatest, $oldAddr, $newAddr, $changeStatus )

            && !$changeStatus->isGood()

        ) {

            return $changeStatus;

        }


        $status = $userLatest->setEmailWithConfirmation( $newAddr );

        if ( !$status->isGood() ) {

            return $status;

        }


        LoggerFactory::getInstance( 'authentication' )->info(

            'Changing email address for {user} from {oldemail} to {newemail}', [

                'user' => $userLatest->getName(),

                'oldemail' => $oldAddr,

                'newemail' => $newAddr,

            ]

        );


        $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldAddr, $newAddr );


        $userLatest->saveSettings();


        return $status;

    }


    public function requiresUnblock() {

        return false;

    }


    protected function getGroupName() {

        return 'login';

    }


}


class_alias( SpecialChangeEmail::class, 'SpecialChangeEmail' );

wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition GlobalFunctions.php:382

MediaWiki\Auth\AuthManager
AuthManager is the authentication system in MediaWiki and serves entry point for authentication.
Definition AuthManager.php:109

MediaWiki\Exception\ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition ErrorPageError.php:21

MediaWiki\Exception\PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition PermissionsError.php:22

MediaWiki\HTMLForm\HTMLForm
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:195

MediaWiki\HTMLForm\HTMLForm\setSubmitTextMsg
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition HTMLForm.php:1548

MediaWiki\HTMLForm\HTMLForm\setTableId
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition HTMLForm.php:1691

MediaWiki\HTMLForm\HTMLForm\addHiddenFields
addHiddenFields(array $fields)
Add an array of hidden fields to the output Array values are discarded for security reasons (per WebR...
Definition HTMLForm.php:1106

MediaWiki\HTMLForm\HTMLForm\setId
setId( $id)
Definition HTMLForm.php:1702

MediaWiki\HTMLForm\HTMLForm\setSubmitID
setSubmitID( $t)
Set the id for the submit button.
Definition HTMLForm.php:1595

MediaWiki\HTMLForm\HTMLForm\addHeaderHtml
addHeaderHtml( $html, $section=null)
Add HTML to the header, inside the form.
Definition HTMLForm.php:924

MediaWiki\Html\Html
This class is a collection of static functions that serve two purposes:
Definition Html.php:43

MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:32

MediaWiki\Parser\Sanitizer
HTML sanitizer for MediaWiki.
Definition Sanitizer.php:32

MediaWiki\SpecialPage\FormSpecialPage
Special page which uses an HTMLForm to handle processing.
Definition FormSpecialPage.php:26

MediaWiki\SpecialPage\FormSpecialPage\$par
string null $par
The subpage of the special page.
Definition FormSpecialPage.php:31

MediaWiki\SpecialPage\SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:884

MediaWiki\SpecialPage\SpecialPage\authorizeAction
authorizeAction(?string $action=null)
Utility function for authorizing an action to be performed by the special page.
Definition SpecialPage.php:357

MediaWiki\SpecialPage\SpecialPage\requireNamedUser
requireNamedUser( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin', bool $alwaysRedirectToLoginPage=false)
If the user is not logged in or is a temporary user, throws UserNotLoggedIn.
Definition SpecialPage.php:439

MediaWiki\SpecialPage\SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:561

MediaWiki\SpecialPage\SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition SpecialPage.php:864

MediaWiki\SpecialPage\SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:985

MediaWiki\SpecialPage\SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:874

MediaWiki\SpecialPage\SpecialPage\getAuthManager
getAuthManager()
Definition SpecialPage.php:571

MediaWiki\SpecialPage\SpecialPage\getAuthority
getAuthority()
Shortcut to get the Authority executing this instance.
Definition SpecialPage.php:894

MediaWiki\SpecialPage\SpecialPage\getName
getName()
Get the canonical, unlocalized name of this special page without namespace.
Definition SpecialPage.php:211

MediaWiki\SpecialPage\SpecialPage\getHookRunner
getHookRunner()
Definition SpecialPage.php:1194

MediaWiki\Specials\SpecialChangeEmail
Let users change their email address.
Definition SpecialChangeEmail.php:27

MediaWiki\Specials\SpecialChangeEmail\__construct
__construct(AuthManager $authManager)
Definition SpecialChangeEmail.php:33

MediaWiki\Specials\SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition SpecialChangeEmail.php:55

MediaWiki\Specials\SpecialChangeEmail\doesWrites
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki....
Definition SpecialChangeEmail.php:40

MediaWiki\Specials\SpecialChangeEmail\onSuccess
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
Definition SpecialChangeEmail.php:130

MediaWiki\Specials\SpecialChangeEmail\getFormFields
getFormFields()
Get an HTMLForm descriptor array.array
Definition SpecialChangeEmail.php:84

MediaWiki\Specials\SpecialChangeEmail\isListed
isListed()
Definition SpecialChangeEmail.php:47

MediaWiki\Specials\SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialChangeEmail.php:221

MediaWiki\Specials\SpecialChangeEmail\alterForm
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
Definition SpecialChangeEmail.php:113

MediaWiki\Specials\SpecialChangeEmail\checkExecutePermissions
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
Definition SpecialChangeEmail.php:67

MediaWiki\Specials\SpecialChangeEmail\getDisplayFormat
getDisplayFormat()
Get display format for the form.See HTMLForm documentation for available values.1....
Definition SpecialChangeEmail.php:109

MediaWiki\Specials\SpecialChangeEmail\onSubmit
onSubmit(array $data)
Process the form on submission.bool|string|array|Status As documented for HTMLForm::trySubmit.
Definition SpecialChangeEmail.php:124

MediaWiki\Specials\SpecialChangeEmail\requiresUnblock
requiresUnblock()
Whether this action cannot be executed by a blocked user, default to requiresPost()bool
Definition SpecialChangeEmail.php:216

MediaWiki\Specials\SpecialChangeEmail\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition SpecialChangeEmail.php:63

MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44

MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:69

MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130

MediaWiki\User\User\getInstanceFromPrimary
getInstanceFromPrimary(int $loadFlags=IDBAccessObject::READ_LATEST)
Get an instance of this user that was loaded from the primary DB.
Definition User.php:3239

MediaWiki\User\User\getEmail
getEmail()
Get the user's e-mail address.
Definition User.php:1861

MediaWiki\User\User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition User.php:1524

StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:137

MediaWiki\Specials