diff options
-rw-r--r-- | application/controllers/user.php | 134 | ||||
-rw-r--r-- | application/libraries/Duser/Duser.php | 1 | ||||
-rw-r--r-- | application/libraries/Duser/drivers/Duser_db.php | 1 | ||||
-rw-r--r-- | application/views/user/profile.php | 2 |
4 files changed, 135 insertions, 3 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php index 1e0416c73..e9c24ee6b 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -358,6 +358,56 @@ class User extends MY_Controller { $this->load->view('footer', $this->data); } + public function change_email() + { + $this->duser->require_implemented("can_change_email"); + $key = $this->uri->segment(3); + $action = $this->uri->segment(4); + + $alerts = array(); + + $query = $this->muser->get_action("change_email", $key); + + $userid = $query["user"]; + $data = json_decode($query['data'], true); + + switch ($action) { + case 'confirm': + $this->db->where('id', $userid) + ->update('users', array( + "email" => $data['new_email'], + )); + $alerts[] = array( + "type" => "success", + "message" => "Your email address has been updated", + ); + break; + case 'reject': + $this->db->where('id', $userid) + ->update('users', array( + "email" => $data['old_email'], + )); + foreach ($data['keys'] as $k) { + $this->db->where('key', $k) + ->delete('actions'); + } + $alerts[] = array( + "type" => "success", + "message" => "Your email change request has been canceled and/or your old email address has been restored", + ); + break; + default: + assert(false); + break; + } + + $this->db->where('key', $key) + ->delete('actions'); + $this->data["alerts"] = $alerts; + + return $this->profile(); + } + function profile() { $this->muser->require_access(); @@ -377,12 +427,15 @@ class User extends MY_Controller { { $this->muser->require_access(); + $old = $this->muser->get_profile_data(); + /* * Key = name of the form field * Value = function that sanatizes the value and returns it * TODO: some kind of error handling that doesn't loose correctly filled out fields */ $value_processor = array(); + $alerts = array(); $value_processor["upload_id_limits"] = function($value) { $values = explode("-", $value); @@ -405,12 +458,88 @@ class User extends MY_Controller { return $lower."-".$upper; }; + $value_processor["email"] = function($value) use ($old, &$alerts) { + if (!$this->duser->is_implemented("can_change_email")) { + return null; + } + + if ($value === $old["email"]) { + return null; + } + + $this->load->helper("email"); + if (!valid_email($value)) { + throw new \exceptions\PublicApiException("user/profile/invalid-email", "Invalid email"); + } + + $this->load->library("email"); + $keys = array( + "old" => random_alphanum(12,16), + "new" => random_alphanum(12,16), + ); + $emails = array( + array( + "key" => $keys['old'], + "email" => $old['email'], + "user" => $this->muser->get_userid(), + ), + array( + "key" => $keys['new'], + "email" => $value, + "user" => $this->muser->get_userid(), + ), + ); + + foreach ($emails as $email) { + $key = $email['key']; + + $this->db->set(array( + 'key' => $key, + 'user' => $this->muser->get_userid(), + 'date' => time(), + 'action' => 'change_email', + 'data' => json_encode(array( + 'old_email' => $old['email'], + 'new_email' => $value, + 'keys' => $keys, + )), + )) + ->insert('actions'); + + $this->email->from($this->config->item("email_from")); + $this->email->to($email['email']); + $this->email->subject("FileBin email change confirmation"); + $this->email->message("" + ."A request has been sent to change the email address of account '${old["username"]}'\n" + ."from ".$old['email']." to $value.\n" + ."\n" + ."Please follow this link to CONFIRM the change:\n" + .site_url("user/change_email/$key/confirm")."\n\n" + ."Please follow this link to REJECT the change:\n" + .site_url("user/change_email/$key/reject")."\n\n" + ); + $this->email->send(); + $this->email->clear(); + } + + $alerts[] = array( + "type" => "info", + "message" => "Reset and confirmation emails have been sent to your new and old address. Until your new address is confirmed the old one will be displayed and used.", + ); + + return null; + }; + + $data = array(); foreach (array_keys($value_processor) as $field) { $value = $this->input->post($field); if ($value !== false) { - $data[$field] = $value_processor[$field]($value); + $new_value = $value_processor[$field]($value); + if ($new_value !== null) { + $data[$field] = $new_value; + } } } @@ -418,10 +547,11 @@ class User extends MY_Controller { $this->muser->update_profile($data); } - $this->data["alerts"][] = array( + $alerts[] = array( "type" => "success", "message" => "Changes saved", ); + $this->data["alerts"] = $alerts; return true; } diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index bf765d690..6212bfa6d 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -14,6 +14,7 @@ abstract class Duser_Driver extends CI_Driver { // Possible values are: // - can_register_new_users (only supported with the DB driver!) // - can_reset_password (only supported with the DB driver!) + // - can_change_email (only supported with the DB driver!) public $optional_functions = array(); /* diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php index 157a91395..b73c0e2e2 100644 --- a/application/libraries/Duser/drivers/Duser_db.php +++ b/application/libraries/Duser/drivers/Duser_db.php @@ -16,6 +16,7 @@ class Duser_db extends Duser_Driver { public $optional_functions = array( 'can_reset_password', 'can_register_new_users', + 'can_change_email', ); public function login($username, $password) diff --git a/application/views/user/profile.php b/application/views/user/profile.php index 74d786d3f..d04716b31 100644 --- a/application/views/user/profile.php +++ b/application/views/user/profile.php @@ -14,7 +14,7 @@ <div class="form-group col-lg-8 col-md-10"> <label class="control-label col-lg-2 col-md-2" for="inputEmail">Email</label> <div class="col-lg-5 col-md-5"> - <input type="text" id="inputEmail" name="email" placeholder="Email" disabled="disabled" value="<?php echo $profile_data["email"]; ?>" class="form-control"> + <input type="text" id="inputEmail" name="email" placeholder="Email" <?php if(!auth_driver_function_implemented("can_change_email")) { ?>disabled="disabled" <?php } ?>value="<?php echo $profile_data["email"]; ?>" class="form-control"> </div> </div> </div> |