summaryrefslogtreecommitdiff
path: root/src/application/actions/verifyemail/get.php
blob: 2cc2707614a2925a31efab8fdac3d5fdebc5f1c6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php

use mystic\forum\orm\User;
use Symfony\Component\Mailer\Exception\TransportException;
use Symfony\Component\Mailer\Transport;
use Symfony\Component\Mime\Address;
use Symfony\Component\Mime\Email;

$token = $_GET["token"] ?? throw new Exception(__("Missing token"));
$sig = $_GET["sig"] ?? throw new Exception(__("Missing signature"));

$user = new User();
$user->activationToken = $token;

if (!$db->fetchWhere($user, "activation_token")) {
    http_response_code(400);
    msg_error(__("Invalid token"));
    exit;
}

$expectedSignature = base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true));

if ($expectedSignature !== $sig) {
    http_response_code(400);
    msg_error(__("Invalid signature."));
    exit;
}

$isActivation = !$user->activated;
if ($isActivation) {
    $user->activated = true;
    $user->activationToken = "";

    if (!$db->update($user)) {
        http_response_code(400);
        msg_error(__("Failed to update user"));
        exit;
    }

    msg_info("?!HTML::" . __(
        "Your account has been activated!\nPlease click %link%here%/link% to log in!",
        [
            "link" => '<a href="?_action=auth">',
            "/link" => '</a>',
        ]
    ));
} else {
    $oldEmail = $user->email;
    $newEmail = $user->pendingEmail;

    $user->activationToken = "";
    $user->email = $user->pendingEmail;
    $user->pendingEmail = null;
    $user->pendingEmailCreated = null;

    if (!$db->update($user)) {
        http_response_code(400);
        msg_error(__("Failed to update user"));
        exit;
    }

    $transport = Transport::fromDsn(env("MAILER_DSN"));

    try {
        $transport->send(
            (new Email())
                ->from(env("MAILER_FROM"))
                ->to(new Address($oldEmail, $user->displayName))
                ->text(__(
                    "Hello, %user_display_name%!\n" .
                    "\n" .
                    "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
                    "\n" .
                    "Kind regards,\n" .
                    "%forum_copyright%",
                    params: [
                        "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
                        "user_display_name" => $user->displayName,
                        "old_email" => $oldEmail,
                        "new_email" => $newEmail,
                        "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
                    ]
                ))
                ->subject(__("Email address changed"))
        );
    } catch (TransportException $_) {
        // fail silently
    }

    try {
        $transport->send(
            (new Email())
                ->from(env("MAILER_FROM"))
                ->to(new Address($newEmail, $user->displayName))
                ->text(__(
                    "Hello, %user_display_name%!\n" .
                    "\n" .
                    "Your email address has been successfully changed from %old_email% to %new_email%!\n" .
                    "\n" .
                    "Kind regards,\n" .
                    "%forum_copyright%",
                    params: [
                        "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
                        "user_display_name" => $user->displayName,
                        "old_email" => $oldEmail,
                        "new_email" => $newEmail,
                        "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
                    ]
                ))
                ->subject(__("Email address changed"))
        );
    } catch (TransportException $_) {
        // fail silently
    }

    msg_info("?!HTML::" . __(
        "Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!",
        [
            "link" => '<a href="?_action=viewuser&user=' . htmlentities(urlencode($user->id)) . '">',
            "/link" => '</a>',
        ]
    ));
}