master/php/SpecialChangeEmail_8php_source.html

<?php

namespace MediaWiki\Specials;


use ErrorPageError;

use HTMLForm;

use MediaWiki\Auth\AuthManager;

use MediaWiki\Html\Html;

use MediaWiki\Logger\LoggerFactory;

use MediaWiki\Parser\Sanitizer;

use MediaWiki\SpecialPage\FormSpecialPage;

use MediaWiki\Status\Status;

use MediaWiki\Title\Title;

use MediaWiki\User\User;

use PermissionsError;


class SpecialChangeEmail extends FormSpecialPage {

    private $status;


    public function __construct( AuthManager $authManager ) {

        parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );


        $this->setAuthManager( $authManager );

    }


    public function doesWrites() {

        return true;

    }


    public function isListed() {

        return $this->getAuthManager()->allowsPropertyChange( 'emailaddress' );

    }


    public function execute( $par ) {

        $out = $this->getOutput();

        $out->disallowUserJs();

        $out->addModules( 'mediawiki.special.changeemail' );

        parent::execute( $par );

    }


    protected function getLoginSecurityLevel() {

        return $this->getName();

    }


    protected function checkExecutePermissions( User $user ) {

        if ( !$this->getAuthManager()->allowsPropertyChange( 'emailaddress' ) ) {

            throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );

        }


        $this->requireNamedUser( 'changeemail-no-info' );


        // This could also let someone check the current email address, so

        // require both permissions.

        if ( !$this->getAuthority()->isAllowed( 'viewmyprivateinfo' ) ) {

            throw new PermissionsError( 'viewmyprivateinfo' );

        }


        parent::checkExecutePermissions( $user );

    }


    protected function getFormFields() {

        $user = $this->getUser();


        return [

            'Name' => [

                'type' => 'info',

                'label-message' => 'username',

                'default' => $user->getName(),

            ],

            'OldEmail' => [

                'type' => 'info',

                'label-message' => 'changeemail-oldemail',

                'default' => $user->getEmail() ?: $this->msg( 'changeemail-none' )->text(),

            ],

            'NewEmail' => [

                'type' => 'email',

                'label-message' => 'changeemail-newemail',

                'autofocus' => true,

                'maxlength' => 255,

                'help-message' => 'changeemail-newemail-help',

            ],

        ];

    }


    protected function getDisplayFormat() {

        return 'ooui';

    }


    protected function alterForm( HTMLForm $form ) {

        $form->setId( 'mw-changeemail-form' );

        $form->setTableId( 'mw-changeemail-table' );

        $form->setSubmitTextMsg( 'changeemail-submit' );

        $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );


        $form->addHeaderHtml( $this->msg( 'changeemail-header' )->parseAsBlock() );

        $form->setSubmitID( 'change_email_submit' );

    }


    public function onSubmit( array $data ) {

        $this->status = $this->attemptChange( $this->getUser(), $data['NewEmail'] );


        return $this->status;

    }


    public function onSuccess() {

        $request = $this->getRequest();


        $returnTo = $request->getVal( 'returnto' );

        $titleObj = $returnTo !== null ? Title::newFromText( $returnTo ) : null;

        if ( !$titleObj instanceof Title ) {

            $titleObj = Title::newMainPage();

        }

        $query = $request->getVal( 'returntoquery', '' );


        if ( $this->status->value === true ) {

            $this->getOutput()->redirect( $titleObj->getFullUrlForRedirect( $query ) );

        } elseif ( $this->status->value === 'eauth' ) {

            # Notify user that a confirmation email has been sent...

            $out = $this->getOutput();

            $out->addHTML(

                Html::warningBox(

                    $out->msg( 'eauthentsent', $this->getUser()->getName() )->parse()

                )

            );

            // just show the link to go back

            $this->getOutput()->addReturnTo( $titleObj, wfCgiToArray( $query ) );

        }

    }


    private function attemptChange( User $user, $newAddr ) {

        if ( $newAddr !== '' && !Sanitizer::validateEmail( $newAddr ) ) {

            return Status::newFatal( 'invalidemailaddress' );

        }


        $oldAddr = $user->getEmail();

        if ( $newAddr === $oldAddr ) {

            return Status::newFatal( 'changeemail-nochange' );

        }


        if ( strlen( $newAddr ) > 255 ) {

            return Status::newFatal( 'changeemail-maxlength' );

        }


        // To prevent spam, rate limit adding a new address, but do

        // not rate limit removing an address.

        if ( $newAddr !== '' && $user->pingLimiter( 'changeemail' ) ) {

            return Status::newFatal( 'actionthrottledtext' );

        }


        $userLatest = $user->getInstanceForUpdate();

        $status = $userLatest->setEmailWithConfirmation( $newAddr );

        if ( !$status->isGood() ) {

            return $status;

        }


        LoggerFactory::getInstance( 'authentication' )->info(

            'Changing email address for {user} from {oldemail} to {newemail}', [

                'user' => $userLatest->getName(),

                'oldemail' => $oldAddr,

                'newemail' => $newAddr,

            ]

        );


        $this->getHookRunner()->onPrefsEmailAudit( $userLatest, $oldAddr, $newAddr );


        $userLatest->saveSettings();


        return $status;

    }


    public function requiresUnblock() {

        return false;

    }


    protected function getGroupName() {

        return 'login';

    }


}


class_alias( SpecialChangeEmail::class, 'SpecialChangeEmail' );

wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition GlobalFunctions.php:383

ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition ErrorPageError.php:30

HTMLForm
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:158

HTMLForm\addHeaderHtml
addHeaderHtml( $html, $section=null)
Add HTML to the header, inside the form.
Definition HTMLForm.php:902

HTMLForm\setTableId
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition HTMLForm.php:1768

HTMLForm\setSubmitTextMsg
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition HTMLForm.php:1625

HTMLForm\setId
setId( $id)
Definition HTMLForm.php:1779

HTMLForm\setSubmitID
setSubmitID( $t)
Set the id for the submit button.
Definition HTMLForm.php:1672

HTMLForm\addHiddenFields
addHiddenFields(array $fields)
Add an array of hidden fields to the output Array values are discarded for security reasons (per WebR...
Definition HTMLForm.php:1166

MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:108

MediaWiki\Html\Html
This class is a collection of static functions that serve two purposes:
Definition Html.php:57

MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:45

MediaWiki\Parser\Sanitizer
HTML sanitizer for MediaWiki.
Definition Sanitizer.php:46

MediaWiki\Parser\Sanitizer\validateEmail
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition Sanitizer.php:1883

MediaWiki\SpecialPage\FormSpecialPage
Special page which uses an HTMLForm to handle processing.
Definition FormSpecialPage.php:40

MediaWiki\SpecialPage\FormSpecialPage\$par
string null $par
The sub-page of the special page.
Definition FormSpecialPage.php:45

MediaWiki\SpecialPage\SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:900

MediaWiki\SpecialPage\SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:574

MediaWiki\SpecialPage\SpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition SpecialPage.php:880

MediaWiki\SpecialPage\SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:999

MediaWiki\SpecialPage\SpecialPage\requireNamedUser
requireNamedUser( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in or is a temporary user, throws UserNotLoggedIn.
Definition SpecialPage.php:452

MediaWiki\SpecialPage\SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:890

MediaWiki\SpecialPage\SpecialPage\getAuthManager
getAuthManager()
Definition SpecialPage.php:584

MediaWiki\SpecialPage\SpecialPage\getAuthority
getAuthority()
Shortcut to get the Authority executing this instance.
Definition SpecialPage.php:910

MediaWiki\SpecialPage\SpecialPage\getName
getName()
Get the name of this Special Page.
Definition SpecialPage.php:225

MediaWiki\SpecialPage\SpecialPage\getHookRunner
getHookRunner()
Definition SpecialPage.php:1196

MediaWiki\Specials\SpecialChangeEmail
Let users change their email address.
Definition SpecialChangeEmail.php:43

MediaWiki\Specials\SpecialChangeEmail\__construct
__construct(AuthManager $authManager)
Definition SpecialChangeEmail.php:52

MediaWiki\Specials\SpecialChangeEmail\execute
execute( $par)
Main execution point.
Definition SpecialChangeEmail.php:73

MediaWiki\Specials\SpecialChangeEmail\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialChangeEmail.php:58

MediaWiki\Specials\SpecialChangeEmail\onSuccess
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
Definition SpecialChangeEmail.php:144

MediaWiki\Specials\SpecialChangeEmail\getFormFields
getFormFields()
Get an HTMLForm descriptor array.
Definition SpecialChangeEmail.php:100

MediaWiki\Specials\SpecialChangeEmail\isListed
isListed()
Definition SpecialChangeEmail.php:65

MediaWiki\Specials\SpecialChangeEmail\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialChangeEmail.php:220

MediaWiki\Specials\SpecialChangeEmail\alterForm
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
Definition SpecialChangeEmail.php:128

MediaWiki\Specials\SpecialChangeEmail\checkExecutePermissions
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
Definition SpecialChangeEmail.php:84

MediaWiki\Specials\SpecialChangeEmail\getDisplayFormat
getDisplayFormat()
Get display format for the form.
Definition SpecialChangeEmail.php:124

MediaWiki\Specials\SpecialChangeEmail\onSubmit
onSubmit(array $data)
Process the form on submission.
Definition SpecialChangeEmail.php:138

MediaWiki\Specials\SpecialChangeEmail\requiresUnblock
requiresUnblock()
Whether this action cannot be executed by a blocked user, default to requiresPost()
Definition SpecialChangeEmail.php:216

MediaWiki\Specials\SpecialChangeEmail\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition SpecialChangeEmail.php:80

MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54

MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:79

MediaWiki\User\User
internal since 1.36
Definition User.php:96

MediaWiki\User\User\getInstanceForUpdate
getInstanceForUpdate()
Get a new instance of this user that was loaded from the primary DB via a locking read.
Definition User.php:3361

MediaWiki\User\User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition User.php:1379

MediaWiki\User\User\getEmail
getEmail()
Get the user's e-mail address.
Definition User.php:1920

MediaWiki\User\User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition User.php:1602

PermissionsError
Show an error when a user tries to do something they do not have the necessary permissions for.
Definition PermissionsError.php:33

StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:128

MediaWiki\Specials
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...