function email_confirm_user_change_mail in Email Change Confirmation 6
Same name and namespace in other branches
- 5 email_confirm.module \email_confirm_user_change_mail()
- 7 email_confirm.module \email_confirm_user_change_mail()
Menu callback; process one time email change confirm and redirects to the user page on success.
1 string reference to 'email_confirm_user_change_mail'
- email_confirm_menu in ./
email_confirm.module - Implementation of hook_menu().
File
- ./
email_confirm.module, line 131
Code
function email_confirm_user_change_mail($uid = NULL, $timestamp = NULL, $new_mail = NULL, $hash = NULL) {
global $user;
// Check if all required parameters are present.
if (!isset($uid) || !is_numeric($uid) || !isset($timestamp) || !is_numeric($timestamp) || !isset($new_mail) || !isset($hash)) {
drupal_access_denied();
return;
}
$account = user_load(array(
'uid' => $uid,
'status' => 1,
));
$new_mail = str_replace(' ', '+', $new_mail);
// Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
$timeout = 86400;
$current = time();
// Some redundant checks for extra security ?
if ($timestamp < $current && $account) {
if ($current - $timestamp > $timeout) {
drupal_set_message(t('You have tried to use a one-time e-mail change link for %account that has expired--your change of e-mail request was not completed. Please visit your account edit page if you wish to attempt the change again.', array(
'%account' => $account->name,
)), 'error');
if ($account->uid == $user->uid) {
drupal_goto('user/' . $account->uid . '/edit');
}
else {
drupal_goto();
}
}
else {
if ($user->uid && $user->uid != $account->uid) {
drupal_set_message(t('You are currently logged in as %user, and are attempting to confirm an e-mail change for %account, which is not allowed. Please log in as %account and initiate a new change of e-mail request.', array(
'%user' => $user->name,
'%account' => $account->name,
)), 'error');
drupal_goto();
}
else {
if ($hash != email_confirm_user_email_rehash($account->pass, $new_mail)) {
drupal_set_message(t('There was a problem verifying your change of e-mail request--please visit your account edit page and attempt the change again'), 'error');
if ($user->uid) {
drupal_goto('user/' . $user->uid . '/edit');
}
else {
drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
}
}
else {
if ($timestamp > $account->login && $timestamp < $current) {
watchdog('user', 'User %name used one-time e-mail change link at time %timestamp.', array(
'%name' => $account->name,
'%timestamp' => $timestamp,
));
$old_mail = $account->mail;
user_save($account, array(
'mail' => $new_mail,
'login' => time(),
));
module_invoke_all('email_confirm', 'email confirmation', $account->uid, $old_mail, $new_mail);
if (module_exists('rules')) {
rules_invoke_event('email_confirm_email_change_confirmation', $account, $old_mail, $new_mail);
}
drupal_set_message(t('Your e-mail address is now %mail.', array(
'%mail' => $new_mail,
)));
if ($user->uid) {
drupal_goto('user/' . $user->uid);
}
else {
drupal_goto('user');
}
}
else {
drupal_set_message(t('You have tried to use a one-time e-mail change link which has either been used or has expired. Please request a new one.'), 'error');
if ($user->uid) {
drupal_goto('user/' . $user->uid . '/edit');
}
else {
drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
}
}
}
}
}
}
else {
// Deny access, no more clues.
// Everything will be in the watchdog's URL for the administrator to check.
drupal_access_denied();
}
}