summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/controllers/user.php134
-rw-r--r--application/libraries/Duser/Duser.php1
-rw-r--r--application/libraries/Duser/drivers/Duser_db.php1
-rw-r--r--application/views/user/profile.php2
4 files changed, 135 insertions, 3 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php
index 1e0416c73..e9c24ee6b 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -358,6 +358,56 @@ class User extends MY_Controller {
$this->load->view('footer', $this->data);
}
+ public function change_email()
+ {
+ $this->duser->require_implemented("can_change_email");
+ $key = $this->uri->segment(3);
+ $action = $this->uri->segment(4);
+
+ $alerts = array();
+
+ $query = $this->muser->get_action("change_email", $key);
+
+ $userid = $query["user"];
+ $data = json_decode($query['data'], true);
+
+ switch ($action) {
+ case 'confirm':
+ $this->db->where('id', $userid)
+ ->update('users', array(
+ "email" => $data['new_email'],
+ ));
+ $alerts[] = array(
+ "type" => "success",
+ "message" => "Your email address has been updated",
+ );
+ break;
+ case 'reject':
+ $this->db->where('id', $userid)
+ ->update('users', array(
+ "email" => $data['old_email'],
+ ));
+ foreach ($data['keys'] as $k) {
+ $this->db->where('key', $k)
+ ->delete('actions');
+ }
+ $alerts[] = array(
+ "type" => "success",
+ "message" => "Your email change request has been canceled and/or your old email address has been restored",
+ );
+ break;
+ default:
+ assert(false);
+ break;
+ }
+
+ $this->db->where('key', $key)
+ ->delete('actions');
+ $this->data["alerts"] = $alerts;
+
+ return $this->profile();
+ }
+
function profile()
{
$this->muser->require_access();
@@ -377,12 +427,15 @@ class User extends MY_Controller {
{
$this->muser->require_access();
+ $old = $this->muser->get_profile_data();
+
/*
* Key = name of the form field
* Value = function that sanatizes the value and returns it
* TODO: some kind of error handling that doesn't loose correctly filled out fields
*/
$value_processor = array();
+ $alerts = array();
$value_processor["upload_id_limits"] = function($value) {
$values = explode("-", $value);
@@ -405,12 +458,88 @@ class User extends MY_Controller {
return $lower."-".$upper;
};
+ $value_processor["email"] = function($value) use ($old, &$alerts) {
+ if (!$this->duser->is_implemented("can_change_email")) {
+ return null;
+ }
+
+ if ($value === $old["email"]) {
+ return null;
+ }
+
+ $this->load->helper("email");
+ if (!valid_email($value)) {
+ throw new \exceptions\PublicApiException("user/profile/invalid-email", "Invalid email");
+ }
+
+ $this->load->library("email");
+ $keys = array(
+ "old" => random_alphanum(12,16),
+ "new" => random_alphanum(12,16),
+ );
+ $emails = array(
+ array(
+ "key" => $keys['old'],
+ "email" => $old['email'],
+ "user" => $this->muser->get_userid(),
+ ),
+ array(
+ "key" => $keys['new'],
+ "email" => $value,
+ "user" => $this->muser->get_userid(),
+ ),
+ );
+
+ foreach ($emails as $email) {
+ $key = $email['key'];
+
+ $this->db->set(array(
+ 'key' => $key,
+ 'user' => $this->muser->get_userid(),
+ 'date' => time(),
+ 'action' => 'change_email',
+ 'data' => json_encode(array(
+ 'old_email' => $old['email'],
+ 'new_email' => $value,
+ 'keys' => $keys,
+ )),
+ ))
+ ->insert('actions');
+
+ $this->email->from($this->config->item("email_from"));
+ $this->email->to($email['email']);
+ $this->email->subject("FileBin email change confirmation");
+ $this->email->message(""
+ ."A request has been sent to change the email address of account '${old["username"]}'\n"
+ ."from ".$old['email']." to $value.\n"
+ ."\n"
+ ."Please follow this link to CONFIRM the change:\n"
+ .site_url("user/change_email/$key/confirm")."\n\n"
+ ."Please follow this link to REJECT the change:\n"
+ .site_url("user/change_email/$key/reject")."\n\n"
+ );
+ $this->email->send();
+ $this->email->clear();
+ }
+
+ $alerts[] = array(
+ "type" => "info",
+ "message" => "Reset and confirmation emails have been sent to your new and old address. Until your new address is confirmed the old one will be displayed and used.",
+ );
+
+ return null;
+ };
+
+
$data = array();
foreach (array_keys($value_processor) as $field) {
$value = $this->input->post($field);
if ($value !== false) {
- $data[$field] = $value_processor[$field]($value);
+ $new_value = $value_processor[$field]($value);
+ if ($new_value !== null) {
+ $data[$field] = $new_value;
+ }
}
}
@@ -418,10 +547,11 @@ class User extends MY_Controller {
$this->muser->update_profile($data);
}
- $this->data["alerts"][] = array(
+ $alerts[] = array(
"type" => "success",
"message" => "Changes saved",
);
+ $this->data["alerts"] = $alerts;
return true;
}
diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php
index bf765d690..6212bfa6d 100644
--- a/application/libraries/Duser/Duser.php
+++ b/application/libraries/Duser/Duser.php
@@ -14,6 +14,7 @@ abstract class Duser_Driver extends CI_Driver {
// Possible values are:
// - can_register_new_users (only supported with the DB driver!)
// - can_reset_password (only supported with the DB driver!)
+ // - can_change_email (only supported with the DB driver!)
public $optional_functions = array();
/*
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
index 157a91395..b73c0e2e2 100644
--- a/application/libraries/Duser/drivers/Duser_db.php
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -16,6 +16,7 @@ class Duser_db extends Duser_Driver {
public $optional_functions = array(
'can_reset_password',
'can_register_new_users',
+ 'can_change_email',
);
public function login($username, $password)
diff --git a/application/views/user/profile.php b/application/views/user/profile.php
index 74d786d3f..d04716b31 100644
--- a/application/views/user/profile.php
+++ b/application/views/user/profile.php
@@ -14,7 +14,7 @@
<div class="form-group col-lg-8 col-md-10">
<label class="control-label col-lg-2 col-md-2" for="inputEmail">Email</label>
<div class="col-lg-5 col-md-5">
- <input type="text" id="inputEmail" name="email" placeholder="Email" disabled="disabled" value="<?php echo $profile_data["email"]; ?>" class="form-control">
+ <input type="text" id="inputEmail" name="email" placeholder="Email" <?php if(!auth_driver_function_implemented("can_change_email")) { ?>disabled="disabled" <?php } ?>value="<?php echo $profile_data["email"]; ?>" class="form-control">
</div>
</div>
</div>