/** * Show the special page * * @param $subpage Mixed: parameter passed to the page or null */ public function execute($subpage) { global $wgRequest, $wgUser, $wgOut; $this->setHeaders(); $hash_key = $wgRequest->getText('key', null); $email = $token = $timestamp = null; if (!empty($hash_key)) { #$hask_key = urldecode ( $hash_key ); $data = Wikia::verifyUserSecretKey($hash_key, 'sha256'); error_log("data = " . print_r($data, true)); if (!empty($data)) { $username = isset($data['user']) ? $data['user'] : null; $token = isset($data['token']) ? $data['token'] : null; $timestamp = isset($data['signature1']) ? $data['signature1'] : null; $oUser = User::newFromName($username); $email = $oUser->getEmail(); } } else { $email = $wgRequest->getText('email', null); $token = $wgRequest->getText('token', null); $timestamp = $wgRequest->getText('timestamp', null); } if ($email == null || $token == null || $timestamp == null) { #give up now, abandon all hope. $wgOut->addWikiMsg('unsubscribe-badaccess'); return; } #validate timestamp isnt spoiled (you only have 7 days) $timeCutoff = strtotime("7 days ago"); if ($timestamp <= $timeCutoff) { $wgOut->addWikiMsg('unsubscribe-badtime'); // $wgOut->addHTML("timestamp={$timestamp}\n"); #DEVL (remove before release) // $wgOut->addHTML("timeCutoff={$timeCutoff}\n"); #DEVL (remove before release) return; } #generate what the token SHOULD be $shouldToken = wfGenerateUnsubToken($email, $timestamp); if ($token != $shouldToken) { $wgOut->addWikiMsg('unsubscribe-badtoken'); // $wgOut->addHTML("shouldtoken={$shouldToken}\n"); #DEVL (remove before release) return; } #does the non-blank email they gave us look like an email? if (Sanitizer::validateEmail($email) == false) { #email wasnt blank, but didnt look like any email $wgOut->addWikiMsg('unsubscribe-bademail'); // $wgOut->addHTML("email={$email}\n"); #DEVL (remove before release) return; } #at this point, the 3 params check out. #is this their 2nd pass at this? $confirmed = $wgRequest->getBool('confirm', null); if ($wgRequest->wasPosted() && $confirmed) { #this is the 2nd round, they pushed the button, so do it $this->procUnsub($email); } else { #this is 1st pass, give them a button to push $this->showInfo($email, $token, $timestamp); } }