summaryrefslogtreecommitdiff
path: root/src/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/index.php')
-rw-r--r--src/index.php175
1 files changed, 158 insertions, 17 deletions
diff --git a/src/index.php b/src/index.php
index 62874e6..d651400 100644
--- a/src/index.php
+++ b/src/index.php
@@ -441,10 +441,9 @@ if ($_action === "auth") {
$sig = $_GET["sig"] ?? throw new Exception("Missing signature");
$user = new User();
- $user->activated = false;
$user->activationToken = $token;
- if (!$db->fetchWhere($user, [ "activated", "activation_token" ])) {
+ if (!$db->fetchWhere($user, "activation_token")) {
http_response_code(400);
msg_error(__("Invalid token"));
exit;
@@ -458,22 +457,101 @@ if ($_action === "auth") {
exit;
}
- $user->activated = true;
- $user->activationToken = "";
+ $isActivation = !$user->activated;
+ if ($isActivation) {
+ $user->activated = true;
+ $user->activationToken = "";
- if (!$db->update($user)) {
- http_response_code(400);
- msg_error(__("Failed to update user"));
- exit;
- }
+ if (!$db->update($user)) {
+ http_response_code(400);
+ msg_error(__("Failed to update user"));
+ exit;
+ }
- msg_info("?!HTML::" . __(
- "Your account has been activated!\nPlease click %link%here%/link% to log in!",
- [
- "link" => '<a href="?_action=auth">',
- "/link" => '</a>',
- ]
- ));
+ msg_info("?!HTML::" . __(
+ "Your account has been activated!\nPlease click %link%here%/link% to log in!",
+ [
+ "link" => '<a href="?_action=auth">',
+ "/link" => '</a>',
+ ]
+ ));
+ } else {
+ $oldEmail = $user->email;
+ $newEmail = $user->pendingEmail;
+
+ $user->activationToken = "";
+ $user->email = $user->pendingEmail;
+ $user->pendingEmail = null;
+ $user->pendingEmailCreated = null;
+
+ if (!$db->update($user)) {
+ http_response_code(400);
+ msg_error(__("Failed to update user"));
+ exit;
+ }
+
+ $transport = Transport::fromDsn(env("MAILER_DSN"));
+
+ try {
+ $transport->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($oldEmail, $user->displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $user->displayName,
+ "old_email" => $oldEmail,
+ "new_email" => $newEmail,
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Email address changed"))
+ );
+ } catch (TransportException $_) {
+ // fail silently
+ }
+
+ try {
+ $transport->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($newEmail, $user->displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $user->displayName,
+ "old_email" => $oldEmail,
+ "new_email" => $newEmail,
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Email address changed"))
+ );
+ } catch (TransportException $_) {
+ // fail silently
+ }
+
+ msg_info("?!HTML::" . __(
+ "Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!",
+ [
+ "link" => '<a href="?_action=viewuser&user=' . htmlentities(urlencode($user->id)) . '">',
+ "/link" => '</a>',
+ ]
+ ));
+ }
} elseif ($_action === "logout") {
RequestUtils::unsetAuthorizedUser();
header("Location: " . ($_GET["next"] ?? "."));
@@ -766,6 +844,7 @@ if ($_action === "auth") {
$pfpAction = RequestUtils::getRequiredField("pfp_action", $formId);
$userName = $_POST["name"] ?? $user->name;
+ $email = $_POST["email"] ?? $user->email;
$user->displayName = $displayName;
@@ -784,6 +863,48 @@ if ($_action === "auth") {
}
}
+ if ($email !== $user->email) {
+ if ($user->pendingEmailCreated !== null) {
+ RequestUtils::triggerFormError(__("Please verify your email first!"), $formId);
+ } else {
+ $queryUser = new User();
+ $queryUser->email = $email;
+ $queryUser->pendingEmail = $email;
+ if ($db->fetchWhere($queryUser, "email") || $db->fetchWhere($queryUser, "pending_email")) {
+ RequestUtils::triggerFormError(__("This email address is already in use!"), $formId);
+ }
+ $user->pendingEmail = $email;
+ $user->pendingEmailCreated = new DateTimeImmutable();
+ $user->activationToken = $db->generateId(12);
+
+ try {
+ Transport::fromDsn(env("MAILER_DSN"))->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($email, $displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "Please verify your new email address by clicking the link below:\n" .
+ "%verify_link%\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $displayName,
+ "verify_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))),
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Please verify your email address"))
+ );
+ } catch (TransportException $_) {
+ RequestUtils::triggerFormError(__("Failed to send verification email"), $formId);
+ }
+ }
+ }
+
switch ($pfpAction) {
case "keep":
// Do nothing
@@ -1386,6 +1507,26 @@ if ($_action === "auth") {
RequestUtils::triggerFormError(__("Failed to update password"), $formId);
}
+ Transport::fromDsn(env("MAILER_DSN"))->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($resetUser->email, $resetUser->displayName))
+ ->text(__(
+ "Hello, %user_display_name%!\n" .
+ "\n" .
+ "We are sending this email to let you know your passwort has been reset successfully!\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $resetUser->displayName,
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Password reset successfully!"))
+ );
+
msg_info(__("Password reset successfully!"), true);
} else {
$formId = "pwreset";
@@ -1403,7 +1544,7 @@ if ($_action === "auth") {
->text(__(
"Hello, %user_display_name%!\n" .
"\n" .
- "a password reset has been requested successfully! Please click the link below to set a new password:\n" .
+ "A password reset has been requested successfully! Please click the link below to set a new password:\n" .
"%reset_link%\n" .
"\n" .
"If this wasn't you, you can safely ignore this email. The link will only be valid for one hour.\n" .