MediaWiki  master
SpecialConfirmEmail.php
Go to the documentation of this file.
1 <?php
25 
35  public function __construct() {
36  parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
37  }
38 
39  public function doesWrites() {
40  return true;
41  }
42 
51  function execute( $code ) {
52  // Ignore things like master queries/connections on GET requests.
53  // It's very convenient to just allow formless link usage.
54  $trxProfiler = Profiler::instance()->getTransactionProfiler();
55 
56  $this->setHeaders();
57  $this->checkReadOnly();
58  $this->checkPermissions();
59 
60  // This could also let someone check the current email address, so
61  // require both permissions.
62  if ( !MediaWikiServices::getInstance()
64  ->userHasRight( $this->getUser(), 'viewmyprivateinfo' )
65  ) {
66  throw new PermissionsError( 'viewmyprivateinfo' );
67  }
68 
69  if ( $code === null || $code === '' ) {
70  $this->requireLogin( 'confirmemail_needlogin' );
71  if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
72  $this->showRequestForm();
73  } else {
74  $this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
75  }
76  } else {
77  $old = $trxProfiler->setSilenced( true );
78  $this->attemptConfirm( $code );
79  $trxProfiler->setSilenced( $old );
80  }
81  }
82 
86  function showRequestForm() {
87  $user = $this->getUser();
88  $out = $this->getOutput();
89 
90  if ( !$user->isEmailConfirmed() ) {
91  $descriptor = [];
92  if ( $user->isEmailConfirmationPending() ) {
93  $descriptor += [
94  'pending' => [
95  'type' => 'info',
96  'raw' => true,
97  'default' => "<div class=\"error mw-confirmemail-pending\">\n" .
98  $this->msg( 'confirmemail_pending' )->escaped() .
99  "\n</div>",
100  ],
101  ];
102  }
103 
104  $out->addWikiMsg( 'confirmemail_text' );
105  $form = HTMLForm::factory( 'ooui', $descriptor, $this->getContext() );
106  $form
107  ->setMethod( 'post' )
108  ->setAction( $this->getPageTitle()->getLocalURL() )
109  ->setSubmitTextMsg( 'confirmemail_send' )
110  ->setSubmitCallback( [ $this, 'submitSend' ] );
111 
112  $retval = $form->show();
113 
114  if ( $retval === true ) {
115  // should never happen, but if so, don't let the user without any message
116  $out->addWikiMsg( 'confirmemail_sent' );
117  } elseif ( $retval instanceof Status && $retval->isGood() ) {
118  $out->addWikiTextAsInterface( $retval->getValue() );
119  }
120  } else {
121  // date and time are separate parameters to facilitate localisation.
122  // $time is kept for backward compat reasons.
123  // 'emailauthenticated' is also used in SpecialPreferences.php
124  $lang = $this->getLanguage();
125  $emailAuthenticated = $user->getEmailAuthenticationTimestamp();
126  $time = $lang->userTimeAndDate( $emailAuthenticated, $user );
127  $d = $lang->userDate( $emailAuthenticated, $user );
128  $t = $lang->userTime( $emailAuthenticated, $user );
129  $out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
130  }
131  }
132 
138  public function submitSend() {
139  $status = $this->getUser()->sendConfirmationMail();
140  if ( $status->isGood() ) {
141  return Status::newGood( $this->msg( 'confirmemail_sent' )->text() );
142  } else {
143  return Status::newFatal( new RawMessage(
144  $status->getWikiText( 'confirmemail_sendfailed', false, $this->getLanguage() )
145  ) );
146  }
147  }
148 
155  private function attemptConfirm( $code ) {
156  $user = User::newFromConfirmationCode( $code, User::READ_EXCLUSIVE );
157  if ( !is_object( $user ) ) {
158  $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
159 
160  return;
161  }
162 
163  // rate limit email confirmations
164  if ( $user->pingLimiter( 'confirmemail' ) ) {
165  $this->getOutput()->addWikiMsg( 'actionthrottledtext' );
166 
167  return;
168  }
169 
170  $user->confirmEmail();
171  $user->saveSettings();
172  $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
173  $this->getOutput()->addWikiMsg( $message );
174 
175  if ( !$this->getUser()->isLoggedIn() ) {
176  $title = SpecialPage::getTitleFor( 'Userlogin' );
177  $this->getOutput()->returnToMain( true, $title );
178  }
179  }
180 }
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:69
Shortcut to construct a special page which is unlisted by default.
getContext()
Gets the context this SpecialPage is executed in.
execute( $code)
Main execution point.
static instance()
Singleton.
Definition: Profiler.php:63
if(!isset( $args[0])) $lang
attemptConfirm( $code)
Attempt to confirm the user&#39;s email address and show success or failure as needed; if successful...
static newFromConfirmationCode( $code, $flags=0)
Factory method to fetch whichever user has a given email confirmation code.
Definition: User.php:650
getOutput()
Get the OutputPage being used for this instance.
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:2165
getPermissionManager()
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
static factory( $displayFormat,... $arguments)
Construct a HTMLForm object for given display type.
Definition: HTMLForm.php:307
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:81
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes! ...
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don&#39;t need a full Title object...
Definition: SpecialPage.php:83
Special page allows users to request email confirmation message, and handles processing of the confir...
showRequestForm()
Show a nice form for the user to request a confirmation mail.
Variant of the Message class.
Definition: RawMessage.php:34
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
getUser()
Shortcut to get the User executing this instance.
submitSend()
Callback for HTMLForm send confirmation mail.
Show an error when a user tries to do something they do not have the necessary permissions for...
getLanguage()
Shortcut to get user&#39;s language.
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
checkReadOnly()
If the wiki is currently in readonly mode, throws a ReadOnlyError.
getPageTitle( $subpage=false)
Get a self-referential title object.