Exemplo n.º 1
0
/**
 * Checks if a user wants to change his email address and sends out a confirmation message
 *
 * @return void
 */
function security_tools_prepare_email_change()
{
    $user_guid = (int) get_input("guid");
    $email = get_input("email");
    if (empty($user_guid)) {
        $user_guid = elgg_get_logged_in_user_guid();
    }
    $user = get_user($user_guid);
    if (empty($user) || !is_email_address($email)) {
        register_error(elgg_echo("email:save:fail"));
        return;
    }
    if (strcmp($email, $user->email) == 0) {
        // no change is email address
        return;
    }
    if (get_user_by_email($email)) {
        register_error(elgg_echo("registration:dupeemail"));
        return;
    }
    // generate validation code
    $validation_code = security_tools_generate_email_code($user, $email);
    if (empty($validation_code)) {
        return;
    }
    $site = elgg_get_site_entity();
    $current_email = $user->email;
    // make sure notification goed to new email
    $user->email = $email;
    $user->save();
    // build notification
    $validation_url = $site->url . "email_change_confirmation?u=" . $user->getGUID() . "&c=" . $validation_code;
    $subject = elgg_echo("security_tools:notify_user:email_change_request:subject", array($site->name));
    $message = elgg_echo("security_tools:notify_user:email_change_request:message", array($user->name, $site->name, $validation_url));
    notify_user($user->getGUID(), $site->getGUID(), $subject, $message, null, "email");
    // save the validation request
    // but first revoke previous request
    $user->deleteAnnotations("email_change_confirmation");
    $user->annotate("email_change_confirmation", $email, ACCESS_PRIVATE, $user->getGUID());
    // restore current email address
    $user->email = $current_email;
    $user->save();
    system_message(elgg_echo("security_tools:usersettings:email:request", array($email)));
}
Exemplo n.º 2
0
if (empty($user_guid) || empty($validation_code)) {
    register_error(elgg_echo("error:missing_data"));
    forward();
}
$user = elgg_get_logged_in_user_entity();
if ($user_guid != $user->getGUID() || !$user->canEdit()) {
    register_error(elgg_echo("security_tools:email_change_confirmation:error:user"));
    forward();
}
$new_email = $user->getAnnotations("email_change_confirmation");
if (empty($new_email)) {
    register_error(elgg_echo("security_tools:email_change_confirmation:error:request"));
    forward();
}
$new_email = $new_email[0]->value;
$valid_code = security_tools_generate_email_code($user, $new_email);
if ($validation_code !== $valid_code) {
    register_error(elgg_echo("security_tools:email_change_confirmation:error:code"));
    forward();
}
$site = elgg_get_site_entity();
// send confirmation to old email that change occured
$subject = elgg_echo("security_tools:notify_user:email_change:subject", array($site->name));
$message = elgg_echo("security_tools:notify_user:email_change:message", array($user->name, $site->name));
notify_user($user->getGUID(), $site->getGUID(), $subject, $message, null, "email");
$user->email = $new_email;
if ($user->save()) {
    $user->deleteAnnotations("email_change_confirmation");
    $forward_url = $user->getURL();
    system_message(elgg_echo("email:save:success"));
} else {