/** * Checks if a user wants to change his email address and sends out a confirmation message * * @return void */ function security_tools_prepare_email_change() { $user_guid = (int) get_input("guid"); $email = get_input("email"); if (empty($user_guid)) { $user_guid = elgg_get_logged_in_user_guid(); } $user = get_user($user_guid); if (empty($user) || !is_email_address($email)) { register_error(elgg_echo("email:save:fail")); return; } if (strcmp($email, $user->email) == 0) { // no change is email address return; } if (get_user_by_email($email)) { register_error(elgg_echo("registration:dupeemail")); return; } // generate validation code $validation_code = security_tools_generate_email_code($user, $email); if (empty($validation_code)) { return; } $site = elgg_get_site_entity(); $current_email = $user->email; // make sure notification goed to new email $user->email = $email; $user->save(); // build notification $validation_url = $site->url . "email_change_confirmation?u=" . $user->getGUID() . "&c=" . $validation_code; $subject = elgg_echo("security_tools:notify_user:email_change_request:subject", array($site->name)); $message = elgg_echo("security_tools:notify_user:email_change_request:message", array($user->name, $site->name, $validation_url)); notify_user($user->getGUID(), $site->getGUID(), $subject, $message, null, "email"); // save the validation request // but first revoke previous request $user->deleteAnnotations("email_change_confirmation"); $user->annotate("email_change_confirmation", $email, ACCESS_PRIVATE, $user->getGUID()); // restore current email address $user->email = $current_email; $user->save(); system_message(elgg_echo("security_tools:usersettings:email:request", array($email))); }
if (empty($user_guid) || empty($validation_code)) { register_error(elgg_echo("error:missing_data")); forward(); } $user = elgg_get_logged_in_user_entity(); if ($user_guid != $user->getGUID() || !$user->canEdit()) { register_error(elgg_echo("security_tools:email_change_confirmation:error:user")); forward(); } $new_email = $user->getAnnotations("email_change_confirmation"); if (empty($new_email)) { register_error(elgg_echo("security_tools:email_change_confirmation:error:request")); forward(); } $new_email = $new_email[0]->value; $valid_code = security_tools_generate_email_code($user, $new_email); if ($validation_code !== $valid_code) { register_error(elgg_echo("security_tools:email_change_confirmation:error:code")); forward(); } $site = elgg_get_site_entity(); // send confirmation to old email that change occured $subject = elgg_echo("security_tools:notify_user:email_change:subject", array($site->name)); $message = elgg_echo("security_tools:notify_user:email_change:message", array($user->name, $site->name)); notify_user($user->getGUID(), $site->getGUID(), $subject, $message, null, "email"); $user->email = $new_email; if ($user->save()) { $user->deleteAnnotations("email_change_confirmation"); $forward_url = $user->getURL(); system_message(elgg_echo("email:save:success")); } else {