Rev 432 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 432 | Rev 433 | ||
---|---|---|---|
Line 26... | Line 26... | ||
26 | } |
26 | } |
27 | 27 | ||
28 | $old_email = $params['old_email']; |
28 | $old_email = $params['old_email']; |
29 | $new_email = $params['new_email']; |
29 | $new_email = $params['new_email']; |
30 | 30 | ||
- | 31 | $ra = new OIDplusRA($old_email); |
|
- | 32 | if ($ra->isPasswordLess() && !OIDplus::authUtils()::isAdminLoggedIn()) { |
|
- | 33 | throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
|
- | 34 | } |
|
- | 35 | ||
31 | if (!OIDplus::authUtils()::isRaLoggedIn($old_email) && !OIDplus::authUtils()::isAdminLoggedIn()) { |
36 | if (!OIDplus::authUtils()::isRaLoggedIn($old_email) && !OIDplus::authUtils()::isAdminLoggedIn()) { |
32 | throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its email address.')); |
37 | throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its email address.')); |
33 | } |
38 | } |
34 | 39 | ||
35 | if (!OIDplus::mailUtils()->validMailAddress($new_email)) { |
40 | if (!OIDplus::mailUtils()->validMailAddress($new_email)) { |
Line 45... | Line 50... | ||
45 | if ($res->num_rows() > 0) { |
50 | if ($res->num_rows() > 0) { |
46 | throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
51 | throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
47 | } |
52 | } |
48 | 53 | ||
49 | if (OIDplus::authUtils()::isAdminLoggedIn()) { |
54 | if (OIDplus::authUtils()::isAdminLoggedIn()) { |
50 | OIDplus::logger()->log("[WARN]RA($old_email)!+[INFO]RA($new_email)!+[OK]A!", "Admin changed email address '$old_email' to '$new_email'"); |
- | |
51 | - | ||
52 | $ra_was_logged_in = OIDplus::authUtils()::isRaLoggedIn($old_email); |
55 | $ra_was_logged_in = OIDplus::authUtils()::isRaLoggedIn($old_email); |
53 | 56 | ||
54 | $ra = new OIDplusRA($old_email); |
57 | $ra = new OIDplusRA($old_email); |
- | 58 | ||
- | 59 | // Change RA email |
|
55 | $ra->change_email($new_email); |
60 | $ra->change_email($new_email); |
- | 61 | OIDplus::logger()->log("[WARN]RA($old_email)!+[INFO]RA($new_email)!+[OK]A!", "Admin changed email address '$old_email' to '$new_email'"); |
|
56 | 62 | ||
- | 63 | // Change objects |
|
- | 64 | $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($old_email)); |
|
- | 65 | while ($row = $res->fetch_array()) { |
|
- | 66 | OIDplus::logger()->log("[INFO]OID(".$row['id'].")+SUPOID(".$row['id'].")", "Admin changed email address of RA '$old_email' (owner of ".$row['id'].") to '$new_email'"); |
|
- | 67 | } |
|
57 | OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
68 | OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
58 | 69 | ||
- | 70 | // Re-login |
|
59 | if ($ra_was_logged_in) { |
71 | if ($ra_was_logged_in) { |
60 | OIDplus::authUtils()->raLogout($old_email); |
72 | OIDplus::authUtils()->raLogout($old_email); |
61 | OIDplus::authUtils()->raLogin($new_email); |
73 | OIDplus::authUtils()->raLogin($new_email); |
62 | } |
74 | } |
63 | 75 | ||
Line 91... | Line 103... | ||
91 | $password = $params['password']; |
103 | $password = $params['password']; |
92 | 104 | ||
93 | $auth = $params['auth']; |
105 | $auth = $params['auth']; |
94 | $timestamp = $params['timestamp']; |
106 | $timestamp = $params['timestamp']; |
95 | 107 | ||
- | 108 | $ra = new OIDplusRA($old_email); |
|
- | 109 | if ($ra->isPasswordLess() && !OIDplus::authUtils()::isAdminLoggedIn()) { |
|
- | 110 | throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
|
- | 111 | } |
|
- | 112 | ||
96 | if (!OIDplus::authUtils()::validateAuthKey('activate_new_ra_email;'.$old_email.';'.$new_email.';'.$timestamp, $auth)) { |
113 | if (!OIDplus::authUtils()::validateAuthKey('activate_new_ra_email;'.$old_email.';'.$new_email.';'.$timestamp, $auth)) { |
97 | throw new OIDplusException(_L('Invalid auth key')); |
114 | throw new OIDplusException(_L('Invalid auth key')); |
98 | } |
115 | } |
99 | 116 | ||
100 | if ((OIDplus::config()->getValue('max_ra_email_change_time') > 0) && (time()-$timestamp > OIDplus::config()->maxEmailChangeTime())) { |
117 | if ((OIDplus::config()->getValue('max_ra_email_change_time') > 0) && (time()-$timestamp > OIDplus::config()->maxEmailChangeTime())) { |
Line 110... | Line 127... | ||
110 | if ($res->num_rows() > 0) { |
127 | if ($res->num_rows() > 0) { |
111 | throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
128 | throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
112 | } |
129 | } |
113 | 130 | ||
114 | $ra = new OIDplusRA($old_email); |
131 | $ra = new OIDplusRA($old_email); |
- | 132 | if (!$ra->isPasswordLess()) { |
|
115 | if (!$ra->checkPassword($password)) { |
133 | if (!$ra->checkPassword($password)) { |
116 | throw new OIDplusException(_L('Wrong password')); |
134 | throw new OIDplusException(_L('Wrong password')); |
117 | } |
135 | } |
- | 136 | } |
|
118 | 137 | ||
- | 138 | // Change address of RA |
|
119 | $ra->change_email($new_email); |
139 | $ra->change_email($new_email); |
- | 140 | OIDplus::logger()->log("[OK]RA($new_email)!+RA($old_email)!", "RA '$old_email' has changed their email address to '$new_email'"); |
|
120 | 141 | ||
- | 142 | // Change objects |
|
- | 143 | $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($old_email)); |
|
- | 144 | while ($row = $res->fetch_array()) { |
|
- | 145 | OIDplus::logger()->log("[INFO]OID(".$row['id'].")+SUPOID(".$row['id'].")", "RA '$old_email' (owner of ".$row['id'].") has changed their email address to '$new_email'"); |
|
- | 146 | } |
|
121 | OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
147 | OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
122 | 148 | ||
- | 149 | // Re-login |
|
123 | OIDplus::authUtils()->raLogout($old_email); |
150 | OIDplus::authUtils()->raLogout($old_email); |
124 | OIDplus::authUtils()->raLogin($new_email); |
151 | OIDplus::authUtils()->raLogin($new_email); |
125 | 152 | ||
126 | OIDplus::logger()->log("[OK]RA($new_email)!+RA($old_email)!", "RA '$old_email' has changed their email address to '$new_email'"); |
153 | // Send email |
127 | - | ||
128 | $message = file_get_contents(__DIR__ . '/email_change_confirmation.tpl'); |
154 | $message = file_get_contents(__DIR__ . '/email_change_confirmation.tpl'); |
129 | $message = str_replace('{{SYSTEM_URL}}', OIDplus::getSystemUrl(), $message); |
155 | $message = str_replace('{{SYSTEM_URL}}', OIDplus::getSystemUrl(), $message); |
130 | $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
156 | $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
131 | $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
157 | $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
132 | $message = str_replace('{{OLD_EMAIL}}', $old_email, $message); |
158 | $message = str_replace('{{OLD_EMAIL}}', $old_email, $message); |
Line 178... | Line 204... | ||
178 | $out['icon'] = 'img/error_big.png'; |
204 | $out['icon'] = 'img/error_big.png'; |
179 | $out['text'] = '<p>'._L('This functionality has been disabled by the administrator.').'</p>'; |
205 | $out['text'] = '<p>'._L('This functionality has been disabled by the administrator.').'</p>'; |
180 | return; |
206 | return; |
181 | } |
207 | } |
182 | 208 | ||
183 | $out['text'] .= '<p>'._L('Attention! Do NOT change your email address if you have logged in using Google/LDAP and not yet created an individual password (for regular login), otherwise you will lose access to your account!').'</p>'; |
- | |
184 | - | ||
185 | if (OIDplus::authUtils()::isAdminLoggedIn()) { |
209 | if (OIDplus::authUtils()::isAdminLoggedIn()) { |
- | 210 | $ra = new OIDplusRA($ra_email); |
|
- | 211 | if ($ra->isPasswordLess()) { |
|
- | 212 | $out['text'] .= '<p>'._L('Attention: This user does not have a password because they log in using LDAP or Google OAuth etc.').'</p>'; |
|
- | 213 | $out['text'] .= '<p>'._L('If you change the email address, the user cannot log in anymore, because the LDAP/OAuth plugin identifies the user via email address, not OpenID.').'</p>'; |
|
- | 214 | $out['text'] .= '<p>'._L('If you want to change the email address of the user, please <a %1>define a password</a> for them, so that they can use the regular login method using their new email address.', OIDplus::gui()->link('oidplus:change_ra_password$'.$ra_email)).'</p>'; |
|
- | 215 | } |
|
- | 216 | ||
186 | $out['text'] .= '<form id="changeRaEmailForm" action="javascript:void(0);" action="javascript:void(0);" onsubmit="return changeRaEmailFormOnSubmit(true);">'; |
217 | $out['text'] .= '<form id="changeRaEmailForm" action="javascript:void(0);" action="javascript:void(0);" onsubmit="return changeRaEmailFormOnSubmit(true);">'; |
187 | $out['text'] .= '<input type="hidden" id="old_email" value="'.htmlentities($ra_email).'"/><br>'; |
218 | $out['text'] .= '<input type="hidden" id="old_email" value="'.htmlentities($ra_email).'"/><br>'; |
188 | $out['text'] .= '<div><label class="padding_label">'._L('Old address').':</label><b>'.htmlentities($ra_email).'</b></div>'; |
219 | $out['text'] .= '<div><label class="padding_label">'._L('Old address').':</label><b>'.htmlentities($ra_email).'</b></div>'; |
189 | $out['text'] .= '<div><label class="padding_label">'._L('New address').':</label><input type="text" id="new_email" value=""/></div>'; |
220 | $out['text'] .= '<div><label class="padding_label">'._L('New address').':</label><input type="text" id="new_email" value=""/></div>'; |
190 | $out['text'] .= '<br><input type="submit" value="'._L('Change password').'"> '._L('(admin does not require email verification)').'</form>'; |
221 | $out['text'] .= '<br><input type="submit" value="'._L('Change password').'"> '._L('(admin does not require email verification)').'</form>'; |
191 | } else { |
222 | } else { |
- | 223 | $ra = new OIDplusRA($ra_email); |
|
- | 224 | if ($ra->isPasswordLess()) { |
|
- | 225 | $out['icon'] = 'img/error_big.png'; |
|
- | 226 | $out['text'] .= '<p>'._L('Attention: You are logged in without password (via LDAP or Google OAuth etc.).').'</p>'; |
|
- | 227 | $out['text'] .= '<p>'._L('Therefore, you cannot change your email address, otherwise you would love access to your account!').'</p>'; |
|
- | 228 | $out['text'] .= '<p>'._L('If you want to change your email address, then please <a %1>setup a password</a> first, and then use the regular login method to log in using your new email address.', OIDplus::gui()->link('oidplus:change_ra_password$'.$ra_email)).'</p>'; |
|
- | 229 | return; |
|
- | 230 | } |
|
- | 231 | ||
192 | $out['text'] .= '<form id="changeRaEmailForm" action="javascript:void(0);" action="javascript:void(0);" onsubmit="return changeRaEmailFormOnSubmit(false);">'; |
232 | $out['text'] .= '<form id="changeRaEmailForm" action="javascript:void(0);" action="javascript:void(0);" onsubmit="return changeRaEmailFormOnSubmit(false);">'; |
193 | $out['text'] .= '<input type="hidden" id="old_email" value="'.htmlentities($ra_email).'"/><br>'; |
233 | $out['text'] .= '<input type="hidden" id="old_email" value="'.htmlentities($ra_email).'"/><br>'; |
194 | $out['text'] .= '<div><label class="padding_label">'._L('Old address').':</label><b>'.htmlentities($ra_email).'</b></div>'; |
234 | $out['text'] .= '<div><label class="padding_label">'._L('Old address').':</label><b>'.htmlentities($ra_email).'</b></div>'; |
195 | $out['text'] .= '<div><label class="padding_label">'._L('New address').':</label><input type="text" id="new_email" value=""/></div>'; |
235 | $out['text'] .= '<div><label class="padding_label">'._L('New address').':</label><input type="text" id="new_email" value=""/></div>'; |
196 | $out['text'] .= '<br><input type="submit" value="'._L('Send new activation email').'"></form>'; |
236 | $out['text'] .= '<br><input type="submit" value="'._L('Send new activation email').'"></form>'; |
Line 201... | Line 241... | ||
201 | $old_email = explode('$',$id)[1]; |
241 | $old_email = explode('$',$id)[1]; |
202 | $new_email = explode('$',$id)[2]; |
242 | $new_email = explode('$',$id)[2]; |
203 | $timestamp = explode('$',$id)[3]; |
243 | $timestamp = explode('$',$id)[3]; |
204 | $auth = explode('$',$id)[4]; |
244 | $auth = explode('$',$id)[4]; |
205 | 245 | ||
- | 246 | $out['title'] = _L('Perform email address change'); |
|
- | 247 | $out['icon'] = file_exists(__DIR__.'/icon_big.png') ? OIDplus::webpath(__DIR__).'icon_big.png' : ''; |
|
- | 248 | ||
206 | if (!OIDplus::config()->getValue('allow_ra_email_change') && !OIDplus::authUtils()::isAdminLoggedIn()) { |
249 | if (!OIDplus::config()->getValue('allow_ra_email_change') && !OIDplus::authUtils()::isAdminLoggedIn()) { |
207 | $out['icon'] = 'img/error_big.png'; |
250 | $out['icon'] = 'img/error_big.png'; |
208 | $out['text'] = '<p>'._L('This functionality has been disabled by the administrator.').'</p>'; |
251 | $out['text'] = '<p>'._L('This functionality has been disabled by the administrator.').'</p>'; |
209 | return; |
252 | return; |
210 | } |
253 | } |
211 | 254 | ||
- | 255 | $ra = new OIDplusRA($old_email); |
|
- | 256 | if ($ra->isPasswordLess() && !OIDplus::authUtils()::isAdminLoggedIn()) { |
|
212 | $out['title'] = _L('Perform email address change'); |
257 | $out['icon'] = 'img/error_big.png'; |
213 | $out['icon'] = file_exists(__DIR__.'/icon_big.png') ? OIDplus::webpath(__DIR__).'icon_big.png' : ''; |
258 | $out['text'] = '<p>'._L('E-Mail-Address cannot be changed because this user does not have a password').'</p>'; |
- | 259 | return; |
|
- | 260 | } |
|
214 | 261 | ||
215 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
262 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
216 | if ($res->num_rows() == 0) { |
263 | if ($res->num_rows() == 0) { |
217 | $out['icon'] = 'img/error_big.png'; |
264 | $out['icon'] = 'img/error_big.png'; |
218 | $out['text'] = _L('eMail address does not exist anymore. It was probably already changed.'); |
265 | $out['text'] = _L('eMail address does not exist anymore. It was probably already changed.'); |