summaryrefslogtreecommitdiff
path: root/src/application/actions/verifyemail
diff options
context:
space:
mode:
Diffstat (limited to 'src/application/actions/verifyemail')
-rw-r--r--src/application/actions/verifyemail/get.php123
1 files changed, 123 insertions, 0 deletions
diff --git a/src/application/actions/verifyemail/get.php b/src/application/actions/verifyemail/get.php
new file mode 100644
index 0000000..77a1ef4
--- /dev/null
+++ b/src/application/actions/verifyemail/get.php
@@ -0,0 +1,123 @@
+<?php
+
+use mystic\forum\orm\User;
+use Symfony\Component\Mailer\Exception\TransportException;
+use Symfony\Component\Mailer\Transport;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Email;
+
+$token = $_GET["token"] ?? throw new Exception("Missing token");
+$sig = $_GET["sig"] ?? throw new Exception("Missing signature");
+
+$user = new User();
+$user->activationToken = $token;
+
+if (!$db->fetchWhere($user, "activation_token")) {
+ http_response_code(400);
+ msg_error(__("Invalid token"));
+ exit;
+}
+
+$expectedSignature = base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true));
+
+if ($expectedSignature !== $sig) {
+ http_response_code(400);
+ msg_error(__("Invalid signature."));
+ exit;
+}
+
+$isActivation = !$user->activated;
+if ($isActivation) {
+ $user->activated = true;
+ $user->activationToken = "";
+
+ if (!$db->update($user)) {
+ http_response_code(400);
+ msg_error(__("Failed to update user"));
+ exit;
+ }
+
+ msg_info("?!HTML::" . __(
+ "Your account has been activated!\nPlease click %link%here%/link% to log in!",
+ [
+ "link" => '<a href="?_action=auth">',
+ "/link" => '</a>',
+ ]
+ ));
+} else {
+ $oldEmail = $user->email;
+ $newEmail = $user->pendingEmail;
+
+ $user->activationToken = "";
+ $user->email = $user->pendingEmail;
+ $user->pendingEmail = null;
+ $user->pendingEmailCreated = null;
+
+ if (!$db->update($user)) {
+ http_response_code(400);
+ msg_error(__("Failed to update user"));
+ exit;
+ }
+
+ $transport = Transport::fromDsn(env("MAILER_DSN"));
+
+ try {
+ $transport->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($oldEmail, $user->displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $user->displayName,
+ "old_email" => $oldEmail,
+ "new_email" => $newEmail,
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Email address changed"))
+ );
+ } catch (TransportException $_) {
+ // fail silently
+ }
+
+ try {
+ $transport->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($newEmail, $user->displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $user->displayName,
+ "old_email" => $oldEmail,
+ "new_email" => $newEmail,
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Email address changed"))
+ );
+ } catch (TransportException $_) {
+ // fail silently
+ }
+
+ msg_info("?!HTML::" . __(
+ "Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!",
+ [
+ "link" => '<a href="?_action=viewuser&user=' . htmlentities(urlencode($user->id)) . '">',
+ "/link" => '</a>',
+ ]
+ ));
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 18:53:10 +0000