$app->post('/account/resend-invitation', function () use($app) {
$payload = json_decode($app->request()->getBody());
$user = UserQuery::create()->findOneByEmail($payload->email);
$token = $user->getActivateToken();
if (!empty($user)) {
if (empty($token)) {
return error("token-invalid", __("This activation token is invalid. Your email address is probably already activated."));
}
// variables for `templates/invitation-email.php`
$domain = $GLOBALS['dw_config']['domain'];
$protocol = get_current_protocol();
$invitationLink = $protocol . '://' . $domain . '/account/invite/' . $token;
$name = $user->getEmail();
include '../../lib/templates/invitation-email.php';
$from = $GLOBALS['dw_config']['email']['invite'];
dw_send_support_email($user->getEmail(), __('You have been invited to Datawrapper!'), $invitation_mail, array('name' => $user->guessName(), 'invitation_link' => $invitationLink));
ok(__('You should soon receive an email with further instructions.'));
} else {
error('login-email-unknown', __('The email is not registered yet.'));
}
});
/*
* endpoint for validating an invitation. The user sends his new password
*/
$app->post('/account/invitation/:token', function ($token) use($app) {
$data = json_decode($app->request()->getBody());
if (!empty($token)) {
$users = UserQuery::create()->filterByActivateToken($token)->find();
if (count($users) != 1) {
error("token-invalid", __("This activation token is invalid. Your email address is probably already activated."));
} elseif (empty($data->pwd1)) {
Action::logAction($curUser, 'change-password-failed', array('user' => $user->getId(), 'reason' => 'old password is wrong'));
$errors[] = __('The password could not be changed because your old password was not entered correctly.');
}
}
if (!empty($payload->email) && $payload->email != $user->getEmail()) {
if (check_email($payload->email) || $curUser->isAdmin()) {
if (!email_exists($payload->email)) {
if ($curUser->isAdmin()) {
$user->setEmail($payload->email);
} else {
// non-admins need to confirm new emails addresses
$token = hash_hmac('sha256', $user->getEmail() . '/' . $payload->email . '/' . time(), DW_TOKEN_SALT);
$token_link = 'http://' . $GLOBALS['dw_config']['domain'] . '/account/settings?token=' . $token;
// send email with token
require ROOT_PATH . 'lib/templates/email-change-email.php';
dw_send_support_email($payload->email, __('Datawrapper: You requested a change of your email address'), $email_change_mail, array('name' => $user->guessName(), 'email_change_token_link' => $token_link, 'old_email' => $user->getEmail(), 'new_email' => $payload->email));
// log action for later confirmation
Action::logAction($curUser, 'email-change-request', array('old-email' => $user->getEmail(), 'new-email' => $payload->email, 'token' => $token));
$messages[] = __('To complete the change of your email address, you need to confirm that you have access to it. Therefor we sent an email with the confirmation link to your new address. Your new email will be set right after you clicked that link.');
}
} else {
$errors[] = sprintf(__('The email address <b>%s</b> already exists.'), $payload->email);
}
} else {
$errors[] = sprintf(__('The email address <b>%s</b> is invalid.'), $payload->email);
}
}
if (!empty($payload->name)) {
$user->setName($payload->name);
}
if ($curUser->isAdmin() && !empty($payload->role)) {
