1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
<?php
use mystic\forum\orm\User;
use Symfony\Component\Mailer\Exception\TransportException;
use Symfony\Component\Mailer\Transport;
use Symfony\Component\Mime\Address;
use Symfony\Component\Mime\Email;
$token = $_GET["token"] ?? call_user_func(function() {
http_response_code(400);
msg_error(__("Missing token"));
exit;
});
$sig = $_GET["sig"] ?? call_user_func(function() {
http_response_code(400);
msg_error(__("Missing signature"));
exit;
});
$user = new User();
$user->activationToken = $token;
if (!$db->fetchWhere($user, "activation_token")) {
http_response_code(400);
msg_error(__("Invalid token"));
exit;
}
$expectedSignature = base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true));
if ($expectedSignature !== $sig) {
http_response_code(400);
msg_error(__("Invalid signature."));
exit;
}
$isActivation = !$user->activated;
if ($isActivation) {
$user->activated = true;
$user->activationToken = "";
if (!$db->update($user)) {
http_response_code(400);
msg_error(__("Failed to update user"));
exit;
}
msg_info("?!HTML::" . __(
"Your account has been activated!\nPlease click %link%here%/link% to log in!",
[
"link" => '<a href="?_action=auth">',
"/link" => '</a>',
]
));
} else {
$oldEmail = $user->email;
$newEmail = $user->pendingEmail;
$user->activationToken = "";
$user->email = $user->pendingEmail;
$user->pendingEmail = null;
$user->pendingEmailCreated = null;
if (!$db->update($user)) {
http_response_code(400);
msg_error(__("Failed to update user"));
exit;
}
$transport = Transport::fromDsn(env("MAILER_DSN"));
try {
$transport->send(
(new Email())
->from(env("MAILER_FROM"))
->to(new Address($oldEmail, $user->displayName))
->text(__(
"Hello, %user_display_name%!\n" .
"\n" .
"Your email address has been successfully changed from %old_email% to %new_email%!\n" .
"\n" .
"Kind regards,\n" .
"%forum_copyright%",
params: [
"forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
"user_display_name" => $user->displayName,
"old_email" => $oldEmail,
"new_email" => $newEmail,
"forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
]
))
->subject(__("Email address changed"))
);
} catch (TransportException $_) {
// fail silently
}
try {
$transport->send(
(new Email())
->from(env("MAILER_FROM"))
->to(new Address($newEmail, $user->displayName))
->text(__(
"Hello, %user_display_name%!\n" .
"\n" .
"Your email address has been successfully changed from %old_email% to %new_email%!\n" .
"\n" .
"Kind regards,\n" .
"%forum_copyright%",
params: [
"forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
"user_display_name" => $user->displayName,
"old_email" => $oldEmail,
"new_email" => $newEmail,
"forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
]
))
->subject(__("Email address changed"))
);
} catch (TransportException $_) {
// fail silently
}
msg_info("?!HTML::" . __(
"Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!",
[
"link" => '<a href="?_action=viewuser&user=' . htmlentities(urlencode($user->id)) . '">',
"/link" => '</a>',
]
));
}
|