From 06510101ad051c5b7bbacd6411eeb2b5c53cc3a3 Mon Sep 17 00:00:00 2001 From: Jonas Kohl Date: Thu, 19 Sep 2024 13:37:59 +0200 Subject: Email editing --- src/index.php | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 158 insertions(+), 17 deletions(-) (limited to 'src/index.php') diff --git a/src/index.php b/src/index.php index 62874e6..d651400 100644 --- a/src/index.php +++ b/src/index.php @@ -441,10 +441,9 @@ if ($_action === "auth") { $sig = $_GET["sig"] ?? throw new Exception("Missing signature"); $user = new User(); - $user->activated = false; $user->activationToken = $token; - if (!$db->fetchWhere($user, [ "activated", "activation_token" ])) { + if (!$db->fetchWhere($user, "activation_token")) { http_response_code(400); msg_error(__("Invalid token")); exit; @@ -458,22 +457,101 @@ if ($_action === "auth") { exit; } - $user->activated = true; - $user->activationToken = ""; + $isActivation = !$user->activated; + if ($isActivation) { + $user->activated = true; + $user->activationToken = ""; - if (!$db->update($user)) { - http_response_code(400); - msg_error(__("Failed to update user")); - exit; - } + if (!$db->update($user)) { + http_response_code(400); + msg_error(__("Failed to update user")); + exit; + } - msg_info("?!HTML::" . __( - "Your account has been activated!\nPlease click %link%here%/link% to log in!", - [ - "link" => '', - "/link" => '', - ] - )); + msg_info("?!HTML::" . __( + "Your account has been activated!\nPlease click %link%here%/link% to log in!", + [ + "link" => '', + "/link" => '', + ] + )); + } else { + $oldEmail = $user->email; + $newEmail = $user->pendingEmail; + + $user->activationToken = ""; + $user->email = $user->pendingEmail; + $user->pendingEmail = null; + $user->pendingEmailCreated = null; + + if (!$db->update($user)) { + http_response_code(400); + msg_error(__("Failed to update user")); + exit; + } + + $transport = Transport::fromDsn(env("MAILER_DSN")); + + try { + $transport->send( + (new Email()) + ->from(env("MAILER_FROM")) + ->to(new Address($oldEmail, $user->displayName)) + ->text(__( + "Hello, %user_display_name%!\n" . + "\n" . + "Your email address has been successfully changed from %old_email% to %new_email%!\n" . + "\n" . + "Kind regards,\n" . + "%forum_copyright%", + params: [ + "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"), + "user_display_name" => $user->displayName, + "old_email" => $oldEmail, + "new_email" => $newEmail, + "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum") + ] + )) + ->subject(__("Email address changed")) + ); + } catch (TransportException $_) { + // fail silently + } + + try { + $transport->send( + (new Email()) + ->from(env("MAILER_FROM")) + ->to(new Address($newEmail, $user->displayName)) + ->text(__( + "Hello, %user_display_name%!\n" . + "\n" . + "Your email address has been successfully changed from %old_email% to %new_email%!\n" . + "\n" . + "Kind regards,\n" . + "%forum_copyright%", + params: [ + "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"), + "user_display_name" => $user->displayName, + "old_email" => $oldEmail, + "new_email" => $newEmail, + "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum") + ] + )) + ->subject(__("Email address changed")) + ); + } catch (TransportException $_) { + // fail silently + } + + msg_info("?!HTML::" . __( + "Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!", + [ + "link" => '', + "/link" => '', + ] + )); + } } elseif ($_action === "logout") { RequestUtils::unsetAuthorizedUser(); header("Location: " . ($_GET["next"] ?? ".")); @@ -766,6 +844,7 @@ if ($_action === "auth") { $pfpAction = RequestUtils::getRequiredField("pfp_action", $formId); $userName = $_POST["name"] ?? $user->name; + $email = $_POST["email"] ?? $user->email; $user->displayName = $displayName; @@ -784,6 +863,48 @@ if ($_action === "auth") { } } + if ($email !== $user->email) { + if ($user->pendingEmailCreated !== null) { + RequestUtils::triggerFormError(__("Please verify your email first!"), $formId); + } else { + $queryUser = new User(); + $queryUser->email = $email; + $queryUser->pendingEmail = $email; + if ($db->fetchWhere($queryUser, "email") || $db->fetchWhere($queryUser, "pending_email")) { + RequestUtils::triggerFormError(__("This email address is already in use!"), $formId); + } + $user->pendingEmail = $email; + $user->pendingEmailCreated = new DateTimeImmutable(); + $user->activationToken = $db->generateId(12); + + try { + Transport::fromDsn(env("MAILER_DSN"))->send( + (new Email()) + ->from(env("MAILER_FROM")) + ->to(new Address($email, $displayName)) + ->text(__( + "Hello, %user_display_name%!\n" . + "\n" . + "Please verify your new email address by clicking the link below:\n" . + "%verify_link%\n" . + "\n" . + "Kind regards,\n" . + "%forum_copyright%", + params: [ + "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"), + "user_display_name" => $displayName, + "verify_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))), + "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum") + ] + )) + ->subject(__("Please verify your email address")) + ); + } catch (TransportException $_) { + RequestUtils::triggerFormError(__("Failed to send verification email"), $formId); + } + } + } + switch ($pfpAction) { case "keep": // Do nothing @@ -1386,6 +1507,26 @@ if ($_action === "auth") { RequestUtils::triggerFormError(__("Failed to update password"), $formId); } + Transport::fromDsn(env("MAILER_DSN"))->send( + (new Email()) + ->from(env("MAILER_FROM")) + ->to(new Address($resetUser->email, $resetUser->displayName)) + ->text(__( + "Hello, %user_display_name%!\n" . + "\n" . + "We are sending this email to let you know your passwort has been reset successfully!\n" . + "\n" . + "Kind regards,\n" . + "%forum_copyright%", + params: [ + "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"), + "user_display_name" => $resetUser->displayName, + "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum") + ] + )) + ->subject(__("Password reset successfully!")) + ); + msg_info(__("Password reset successfully!"), true); } else { $formId = "pwreset"; @@ -1403,7 +1544,7 @@ if ($_action === "auth") { ->text(__( "Hello, %user_display_name%!\n" . "\n" . - "a password reset has been requested successfully! Please click the link below to set a new password:\n" . + "A password reset has been requested successfully! Please click the link below to set a new password:\n" . "%reset_link%\n" . "\n" . "If this wasn't you, you can safely ignore this email. The link will only be valid for one hour.\n" . -- cgit v1.2.3