1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
<?php
use mystic\forum\orm\User;
use Symfony\Component\Mailer\Exception\TransportException;
use Symfony\Component\Mailer\Transport;
use Symfony\Component\Mime\Address;
use Symfony\Component\Mime\Email;
$token = $_GET["token"] ?? throw new Exception(__("Missing token"));
$sig = $_GET["sig"] ?? throw new Exception(__("Missing signature"));
$user = new User();
$user->activationToken = $token;
if (!$db->fetchWhere($user, "activation_token")) {
http_response_code(400);
msg_error(__("Invalid token"));
exit;
}
$expectedSignature = base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true));
if ($expectedSignature !== $sig) {
http_response_code(400);
msg_error(__("Invalid signature."));
exit;
}
$isActivation = !$user->activated;
if ($isActivation) {
$user->activated = true;
$user->activationToken = "";
if (!$db->update($user)) {
http_response_code(400);
msg_error(__("Failed to update user"));
exit;
}
msg_info("?!HTML::" . __(
"Your account has been activated!\nPlease click %link%here%/link% to log in!",
[
"link" => '<a href="?_action=auth">',
"/link" => '</a>',
]
));
} else {
$oldEmail = $user->email;
$newEmail = $user->pendingEmail;
$user->activationToken = "";
$user->email = $user->pendingEmail;
$user->pendingEmail = null;
$user->pendingEmailCreated = null;
if (!$db->update($user)) {
http_response_code(400);
msg_error(__("Failed to update user"));
exit;
}
$transport = Transport::fromDsn(env("MAILER_DSN"));
try {
$transport->send(
(new Email())
->from(env("MAILER_FROM"))
->to(new Address($oldEmail, $user->displayName))
->text(__(
"Hello, %user_display_name%!\n" .
"\n" .
"Your email address has been successfully changed from %old_email% to %new_email%!\n" .
"\n" .
"Kind regards,\n" .
"%forum_copyright%",
params: [
"forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
"user_display_name" => $user->displayName,
"old_email" => $oldEmail,
"new_email" => $newEmail,
"forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
]
))
->subject(__("Email address changed"))
);
} catch (TransportException $_) {
// fail silently
}
try {
$transport->send(
(new Email())
->from(env("MAILER_FROM"))
->to(new Address($newEmail, $user->displayName))
->text(__(
"Hello, %user_display_name%!\n" .
"\n" .
"Your email address has been successfully changed from %old_email% to %new_email%!\n" .
"\n" .
"Kind regards,\n" .
"%forum_copyright%",
params: [
"forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
"user_display_name" => $user->displayName,
"old_email" => $oldEmail,
"new_email" => $newEmail,
"forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
]
))
->subject(__("Email address changed"))
);
} catch (TransportException $_) {
// fail silently
}
msg_info("?!HTML::" . __(
"Your email address has been changed successfully!\nPlease click %link%here%/link% to return to your profile!",
[
"link" => '<a href="?_action=viewuser&user=' . htmlentities(urlencode($user->id)) . '">',
"/link" => '</a>',
]
));
}
|