modules/email_confirm/email_confirm.module

<?php
// $Id: email_confirm.module,v 1.2 2009/06/30 07:29:12 jaydub Exp $

/**
 * Implement hook_help().
 */
function email_confirm_help($path, $arg) {
  switch ($path) {
    case 'admin/modules#description':
      return t('Configuration of confirmation email sent to users who attempt to change their email address.');
    case 'admin/help#email_confirm':
      return t('<p>The Email Change Confirmation module addresses missing functionality in the core distribution of Drupal. With this module enabled, a user who attempts to change the email address associated with their account must confirm that change by clicking a confirmation link that is sent to the new email address. The confirmation link must be clicked with a certain time period after which the pending update to their email address will expire and they will have to attempt to update their account again. This module was based on code from <a href="!url">this issue</a></p>', array('!url' => 'http://drupal.org/node/85494'));
    case 'admin/settings/email_confirm':
      return t('When the Email Change Confirmation module is enabled, users who attempt to update their email address will be required to confirm their changes by clicking a confirmation link in an email sent to the new email address. The settings below determine the subject and body of the confirmation email sent to the user. A copy is sent to both the user\'s original email address and the new address.');
  }
}

/**
 * Implement hook_menu().
 */
function email_confirm_menu() {
  $items = array();
  
  $items['user/change-mail'] = array(
    'title' => 'Change e-mail',
    'page callback' => 'email_confirm_user_change_mail', 
    'access callback' => TRUE, 
    'type' => MENU_CALLBACK
  );
  $items['admin/settings/email_confirm'] = array(
    'title' => 'Email change confirmation settings',
    'description' => 'Configuration of confirmation email sent to users who attempt to change their email address.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('email_confirm_admin_settings'),
    'access callback' => 'user_access',
    'access arguments' => array('administer site configuration'),
    'type' => MENU_NORMAL_ITEM,
  );
  
  return $items;
}

/**
 * Implement hook_settings().
 */
function email_confirm_admin_settings() {
  $form = array();
  
  $form['email_confirm_confirmation_email_subject'] = array(
    '#type' => 'textfield',
    '#title' => t('Email address change request email subject'),
    '#description' => t('The above text will be the subject for the email sent to a user that is attempting to update their email address. The placeholders !username and !site will be replaced by the username and the site name.'),
    '#default_value' => variable_get('email_confirm_confirmation_email_subject', t('Email address change request for !username at !site')),
    '#size' => 60,
    '#maxlength' => 256,
    '#required' => TRUE,
  );

  $form['email_confirm_confirmation_email_author'] = array(
    '#type' => 'textfield',
    '#title' => t('Email address change request email author'),
    '#default_value' => variable_get('email_confirm_confirmation_email_author', ''),
    '#size' => 60,
    '#description' => t('The above address will be the \'From\' email address for the confirmation email for an email address change request. If no address is supplied the default site email address will be used.'),
  );

  $form['email_confirm_confirmation_email_bcc'] = array(
    '#type' => 'textfield',
    '#title' => t('Email address change request email BCC email address'),
    '#default_value' => variable_get('email_confirm_confirmation_email_bcc', ''),
    '#size' => 60,
    '#description' => t('The above address will receive a BCC email copy of the confirmation email for an email address change request.'),
  );

  $form['email_confirm_confirmation_email_body'] = array(
    '#type' => 'textarea',
    '#title' => t('Email address change request email body'),
    '#description' => t("The above text will be the body for the email sent to a user that is attempting to update their email address. The text here will be sent to the user's new email address. The placeholders !username and !site will be replaced by the username and the site name."),
    '#default_value' => variable_get('email_confirm_confirmation_email_body', 
t('Hello !username,

A request to change your email address has been made at !site.
You need to verify the change by clicking on the link below or by
copying and pasting it in your browser:

!email_url

This is a one-time URL - it can be used only once. It expires after
24 hours. If you do not click the link to confirm, your email address
at !site will not be updated.
')),
    '#cols' => 80,
    '#rows' => 10,
    '#required' => TRUE,
  );

  $form['email_confirm_confirmation_original_email_body'] = array(
    '#type' => 'textarea',
    '#title' => t('Email address change request email body (Original)'),
    '#description' => t("The above text will be the body for the email sent to a user that is attempting to update their email address. The text here will be sent to the user's original email address. The placeholders !username and !site will be replaced by the username and the site name."),
    '#default_value' => variable_get('email_confirm_confirmation_original_email_body', 
t('Hello !username,

A request to change your email address has been made at !site.
In order to confirm the update of your email address you will
need to follow the instructions sent to your new email address
within 24 hours.
')),
    '#cols' => 80,
    '#rows' => 10,
    '#required' => TRUE,
  );

  return system_settings_form($form);
}

/**
 * Admin settings validate
 */
function email_confirm_admin_settings_validate($form, $form_state) {
  if (!empty($form_state['values']['email_confirm_confirmation_email_author']) && !valid_email_address($form_state['values']['email_confirm_confirmation_email_author'])) {
    form_set_error('email_confirm_confirmation_email_author', t('You must enter a valid email address for the "Email address change request email author" setting.'));
  }
  if (!empty($form_state['values']['email_confirm_confirmation_email_bcc']) && !valid_email_address($form_state['values']['email_confirm_confirmation_email_bcc'])) {
    form_set_error('email_confirm_confirmation_email_bcc', t('You must enter a valid email address for the "Email address change request email BCC email address" setting.'));
  }
}

/**
 * Implement hook_user_submit().
 */
function email_confirm_user_submit(&$edit, &$account) {
  global $user;
  if (!empty($edit['mail']) && $user->mail != $edit['mail'] && !user_access('administer users')) {
    email_confirm_build_mail($edit);
    module_invoke_all('email_confirm', 'email change', $account->uid, $user->mail, $edit['mail']);
    unset($edit['mail']);
  }
}

/**
 * Menu callback; process one time email change confirm
 * and redirects to the user page on success.
 */
function email_confirm_user_change_mail($uid, $timestamp, $new_mail, $hash, $action = '') {
  global $user;

  $account = user_load($uid);
  $new_mail = str_replace(' ', '+', $new_mail);
  
  // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
  $timeout = 86400;
  $current = REQUEST_TIME;

  // Some redundant checks for extra security ?
  if ($timestamp < $current && $account) {
    if (($current - $timestamp) > $timeout) {
      drupal_set_message(t('You have tried to use a one-time e-mail change link for %account that has expired--your change of e-mail request was not completed. Please visit your account edit page if you wish to attempt the change again.', array('%account' => $account->name)), 'error');
      if ($account->uid == $user->uid) {
        drupal_goto('user/' . $account->uid . '/edit');
      }
      else {
        drupal_goto();
      }
    }
    elseif ($user->uid && $user->uid != $account->uid) {
      drupal_set_message(t('You are currently logged in as %user, and are attempting to confirm an e-mail change for %account, which is not allowed. Please log in as %account and initiate a new change of e-mail request.', array('%user' => $user->name, '%account' => $account->name)), 'error');
      drupal_goto();
    }
    elseif ($hash != email_confirm_user_email_rehash($account->pass, $new_mail)) {
      drupal_set_message(t('There was a problem verifying your change of e-mail request--please visit your account edit page and attempt the change again'), 'error');
      if ($user->uid) {
        drupal_goto('user/' . $user->uid . '/edit');
      }
      else {
        drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
      }
    }
    elseif ($timestamp > $account->login && $timestamp < $current) {
      watchdog('user', 'User %name used one-time e-mail change link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
      user_save($account, array('mail' => $new_mail));
      module_invoke_all('email_confirm', 'email confirmation', $account->uid, $account->mail, $new_mail);
      drupal_set_message(t('Your e-mail address is now %mail.', array('%mail' => $new_mail)));
      if ($user->uid) {
        drupal_goto('user/' . $user->uid);
      }
      else {
        drupal_goto('user');
      }
    }
    else {
      drupal_set_message(t('You have tried to use a one-time e-mail change link which has either been used or has expired. Please request a new one.'), 'error');
      if ($user->uid) {
        drupal_goto('user/' . $user->uid . '/edit');
      }
      else {
        drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
      }
    }
  }
  else {
    // Deny access, no more clues.
    // Everything will be in the watchdog's URL for the administrator to check.
    drupal_access_denied();
  }
}
 
/**
 * Implement hook_mail().
 */
function email_confirm_mail($key, &$message, $params) {
  $language = $message['language'];
  $account = $params['account'];
  $context = $params['context'];

  $variables = user_mail_tokens($account, $language);
  $variables += array(
    '!email_url' => $context['url'],
  );

  $message['subject'] = strtr($context['subject'], $variables);
  $message['body'][] = strtr($context['body'], $variables);
  if (isset($params['headers']['Bcc'])) {
    $message['headers']['Bcc'] = $params['headers']['Bcc'];
  }
}

/**
 * Build and send out the confirmation email to the user's
 * current and proposed new email address.
 */
function email_confirm_build_mail($edit) {
  global $user;
  $params = array();
  $params['account'] = $user;
  
  $timestamp = time();
  $pass = $edit['pass'] ? md5($edit['pass']) : $user->pass;
  $hash = email_confirm_user_email_rehash($pass, $edit['mail']);
  $params['context']['url'] = url('user/change-mail/' . $user->uid . '/' . $timestamp . '/' . $edit['mail'] . '/' . $hash, array('absolute' => TRUE));

  if (module_exists('smtp') && variable_get('smtp_from', '') != '') {
    $default_from = $smtp_from;
  }
  else {
    $default_from = variable_get('site_mail', ini_get('sendmail_from'));
  }

  $from = variable_get('email_confirm_confirmation_email_author', $default_from);
  $bcc = variable_get('email_confirm_confirmation_email_bcc', '');

  $params['context']['subject'] = variable_get('email_confirm_confirmation_email_subject', t('Email address change request for !username at !site'));
  $params['context']['body'] = variable_get('email_confirm_confirmation_email_body', 
t('Hello !username,

A request to change your email address has been made at !site.
You need to verify the change by clicking on the link below or by
copying and pasting it in your browser:

!email_url

This is a one-time URL - it can be used only once. It expires after
24 hours. If you do not click the link to confirm, your email address
at !site will not be updated.
'));

  $params['headers'] = array();
  if ($bcc) {
    $params['headers']['Bcc'] = $bcc;
  }
  
  if ($message['result'] = drupal_mail('email_confirm', 'user_change_mail', $edit['mail'], user_preferred_language($user), $params, $from)) {
    $params['context']['body'] = variable_get('email_confirm_confirmation_original_email_body', 
t('Hello !username,

A request to change your email address has been made at !site.
In order to confirm the update of your email address you will
need to follow the instructions sent to your new email address
within 24 hours.
'));
    drupal_mail('email_confirm', 'user_change_mail_original', $user->mail, user_preferred_language($user), $params, $from);
    drupal_set_message(t('A confirmation email has been sent to your new email address. You must follow the link provided in that email within 24 hours in order to confirm the change to your account email address.'));
  }
}

function email_confirm_user_email_rehash($pass, $mail) {
  return md5($pass . $mail . drupal_get_private_key());
}
1	<?php
2	// $Id: email_confirm.module,v 1.2 2009/06/30 07:29:12 jaydub Exp $
3
4	/**
5	* Implement hook_help().
6	*/
7	function email_confirm_help($path, $arg) {
8	switch ($path) {
9	case 'admin/modules#description':
10	return t('Configuration of confirmation email sent to users who attempt to change their email address.');
11	case 'admin/help#email_confirm':
12	return t('<p>The Email Change Confirmation module addresses missing functionality in the core distribution of Drupal. With this module enabled, a user who attempts to change the email address associated with their account must confirm that change by clicking a confirmation link that is sent to the new email address. The confirmation link must be clicked with a certain time period after which the pending update to their email address will expire and they will have to attempt to update their account again. This module was based on code from <a href="!url">this issue</a></p>', array('!url' => 'http://drupal.org/node/85494'));
13	case 'admin/settings/email_confirm':
14	return t('When the Email Change Confirmation module is enabled, users who attempt to update their email address will be required to confirm their changes by clicking a confirmation link in an email sent to the new email address. The settings below determine the subject and body of the confirmation email sent to the user. A copy is sent to both the user\'s original email address and the new address.');
15	}
16	}
17
18	/**
19	* Implement hook_menu().
20	*/
21	function email_confirm_menu() {
22	$items = array();
23
24	$items['user/change-mail'] = array(
25	'title' => 'Change e-mail',
26	'page callback' => 'email_confirm_user_change_mail',
27	'access callback' => TRUE,
28	'type' => MENU_CALLBACK
29	);
30	$items['admin/settings/email_confirm'] = array(
31	'title' => 'Email change confirmation settings',
32	'description' => 'Configuration of confirmation email sent to users who attempt to change their email address.',
33	'page callback' => 'drupal_get_form',
34	'page arguments' => array('email_confirm_admin_settings'),
35	'access callback' => 'user_access',
36	'access arguments' => array('administer site configuration'),
37	'type' => MENU_NORMAL_ITEM,
38	);
39
40	return $items;
41	}
42
43	/**
44	* Implement hook_settings().
45	*/
46	function email_confirm_admin_settings() {
47	$form = array();
48
49	$form['email_confirm_confirmation_email_subject'] = array(
50	'#type' => 'textfield',
51	'#title' => t('Email address change request email subject'),
52	'#description' => t('The above text will be the subject for the email sent to a user that is attempting to update their email address. The placeholders !username and !site will be replaced by the username and the site name.'),
53	'#default_value' => variable_get('email_confirm_confirmation_email_subject', t('Email address change request for !username at !site')),
54	'#size' => 60,
55	'#maxlength' => 256,
56	'#required' => TRUE,
57	);
58
59	$form['email_confirm_confirmation_email_author'] = array(
60	'#type' => 'textfield',
61	'#title' => t('Email address change request email author'),
62	'#default_value' => variable_get('email_confirm_confirmation_email_author', ''),
63	'#size' => 60,
64	'#description' => t('The above address will be the \'From\' email address for the confirmation email for an email address change request. If no address is supplied the default site email address will be used.'),
65	);
66
67	$form['email_confirm_confirmation_email_bcc'] = array(
68	'#type' => 'textfield',
69	'#title' => t('Email address change request email BCC email address'),
70	'#default_value' => variable_get('email_confirm_confirmation_email_bcc', ''),
71	'#size' => 60,
72	'#description' => t('The above address will receive a BCC email copy of the confirmation email for an email address change request.'),
73	);
74
75	$form['email_confirm_confirmation_email_body'] = array(
76	'#type' => 'textarea',
77	'#title' => t('Email address change request email body'),
78	'#description' => t("The above text will be the body for the email sent to a user that is attempting to update their email address. The text here will be sent to the user's new email address. The placeholders !username and !site will be replaced by the username and the site name."),
79	'#default_value' => variable_get('email_confirm_confirmation_email_body',
80	t('Hello !username,
81
82	A request to change your email address has been made at !site.
83	You need to verify the change by clicking on the link below or by
84	copying and pasting it in your browser:
85
86	!email_url
87
88	This is a one-time URL - it can be used only once. It expires after
89	24 hours. If you do not click the link to confirm, your email address
90	at !site will not be updated.
91	')),
92	'#cols' => 80,
93	'#rows' => 10,
94	'#required' => TRUE,
95	);
96
97	$form['email_confirm_confirmation_original_email_body'] = array(
98	'#type' => 'textarea',
99	'#title' => t('Email address change request email body (Original)'),
100	'#description' => t("The above text will be the body for the email sent to a user that is attempting to update their email address. The text here will be sent to the user's original email address. The placeholders !username and !site will be replaced by the username and the site name."),
101	'#default_value' => variable_get('email_confirm_confirmation_original_email_body',
102	t('Hello !username,
103
104	A request to change your email address has been made at !site.
105	In order to confirm the update of your email address you will
106	need to follow the instructions sent to your new email address
107	within 24 hours.
108	')),
109	'#cols' => 80,
110	'#rows' => 10,
111	'#required' => TRUE,
112	);
113
114	return system_settings_form($form);
115	}
116
117	/**
118	* Admin settings validate
119	*/
120	function email_confirm_admin_settings_validate($form, $form_state) {
121	if (!empty($form_state['values']['email_confirm_confirmation_email_author']) && !valid_email_address($form_state['values']['email_confirm_confirmation_email_author'])) {
122	form_set_error('email_confirm_confirmation_email_author', t('You must enter a valid email address for the "Email address change request email author" setting.'));
123	}
124	if (!empty($form_state['values']['email_confirm_confirmation_email_bcc']) && !valid_email_address($form_state['values']['email_confirm_confirmation_email_bcc'])) {
125	form_set_error('email_confirm_confirmation_email_bcc', t('You must enter a valid email address for the "Email address change request email BCC email address" setting.'));
126	}
127	}
128
129	/**
130	* Implement hook_user_submit().
131	*/
132	function email_confirm_user_submit(&$edit, &$account) {
133	global $user;
134	if (!empty($edit['mail']) && $user->mail != $edit['mail'] && !user_access('administer users')) {
135	email_confirm_build_mail($edit);
136	module_invoke_all('email_confirm', 'email change', $account->uid, $user->mail, $edit['mail']);
137	unset($edit['mail']);
138	}
139	}
140
141	/**
142	* Menu callback; process one time email change confirm
143	* and redirects to the user page on success.
144	*/
145	function email_confirm_user_change_mail($uid, $timestamp, $new_mail, $hash, $action = '') {
146	global $user;
147
148	$account = user_load($uid);
149	$new_mail = str_replace(' ', '+', $new_mail);
150
151	// Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
152	$timeout = 86400;
153	$current = REQUEST_TIME;
154
155	// Some redundant checks for extra security ?
156	if ($timestamp < $current && $account) {
157	if (($current - $timestamp) > $timeout) {
158	drupal_set_message(t('You have tried to use a one-time e-mail change link for %account that has expired--your change of e-mail request was not completed. Please visit your account edit page if you wish to attempt the change again.', array('%account' => $account->name)), 'error');
159	if ($account->uid == $user->uid) {
160	drupal_goto('user/' . $account->uid . '/edit');
161	}
162	else {
163	drupal_goto();
164	}
165	}
166	elseif ($user->uid && $user->uid != $account->uid) {
167	drupal_set_message(t('You are currently logged in as %user, and are attempting to confirm an e-mail change for %account, which is not allowed. Please log in as %account and initiate a new change of e-mail request.', array('%user' => $user->name, '%account' => $account->name)), 'error');
168	drupal_goto();
169	}
170	elseif ($hash != email_confirm_user_email_rehash($account->pass, $new_mail)) {
171	drupal_set_message(t('There was a problem verifying your change of e-mail request--please visit your account edit page and attempt the change again'), 'error');
172	if ($user->uid) {
173	drupal_goto('user/' . $user->uid . '/edit');
174	}
175	else {
176	drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
177	}
178	}
179	elseif ($timestamp > $account->login && $timestamp < $current) {
180	watchdog('user', 'User %name used one-time e-mail change link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
181	user_save($account, array('mail' => $new_mail));
182	module_invoke_all('email_confirm', 'email confirmation', $account->uid, $account->mail, $new_mail);
183	drupal_set_message(t('Your e-mail address is now %mail.', array('%mail' => $new_mail)));
184	if ($user->uid) {
185	drupal_goto('user/' . $user->uid);
186	}
187	else {
188	drupal_goto('user');
189	}
190	}
191	else {
192	drupal_set_message(t('You have tried to use a one-time e-mail change link which has either been used or has expired. Please request a new one.'), 'error');
193	if ($user->uid) {
194	drupal_goto('user/' . $user->uid . '/edit');
195	}
196	else {
197	drupal_goto('user/login', 'destination=user/' . $user->uid . '/edit');
198	}
199	}
200	}
201	else {
202	// Deny access, no more clues.
203	// Everything will be in the watchdog's URL for the administrator to check.
204	drupal_access_denied();
205	}
206	}
207
208	/**
209	* Implement hook_mail().
210	*/
211	function email_confirm_mail($key, &$message, $params) {
212	$language = $message['language'];
213	$account = $params['account'];
214	$context = $params['context'];
215
216	$variables = user_mail_tokens($account, $language);
217	$variables += array(
218	'!email_url' => $context['url'],
219	);
220
221	$message['subject'] = strtr($context['subject'], $variables);
222	$message['body'][] = strtr($context['body'], $variables);
223	if (isset($params['headers']['Bcc'])) {
224	$message['headers']['Bcc'] = $params['headers']['Bcc'];
225	}
226	}
227
228	/**
229	* Build and send out the confirmation email to the user's
230	* current and proposed new email address.
231	*/
232	function email_confirm_build_mail($edit) {
233	global $user;
234	$params = array();
235	$params['account'] = $user;
236
237	$timestamp = time();
238	$pass = $edit['pass'] ? md5($edit['pass']) : $user->pass;
239	$hash = email_confirm_user_email_rehash($pass, $edit['mail']);
240	$params['context']['url'] = url('user/change-mail/' . $user->uid . '/' . $timestamp . '/' . $edit['mail'] . '/' . $hash, array('absolute' => TRUE));
241
242	if (module_exists('smtp') && variable_get('smtp_from', '') != '') {
243	$default_from = $smtp_from;
244	}
245	else {
246	$default_from = variable_get('site_mail', ini_get('sendmail_from'));
247	}
248
249	$from = variable_get('email_confirm_confirmation_email_author', $default_from);
250	$bcc = variable_get('email_confirm_confirmation_email_bcc', '');
251
252	$params['context']['subject'] = variable_get('email_confirm_confirmation_email_subject', t('Email address change request for !username at !site'));
253	$params['context']['body'] = variable_get('email_confirm_confirmation_email_body',
254	t('Hello !username,
255
256	A request to change your email address has been made at !site.
257	You need to verify the change by clicking on the link below or by
258	copying and pasting it in your browser:
259
260	!email_url
261
262	This is a one-time URL - it can be used only once. It expires after
263	24 hours. If you do not click the link to confirm, your email address
264	at !site will not be updated.
265	'));
266
267	$params['headers'] = array();
268	if ($bcc) {
269	$params['headers']['Bcc'] = $bcc;
270	}
271
272	if ($message['result'] = drupal_mail('email_confirm', 'user_change_mail', $edit['mail'], user_preferred_language($user), $params, $from)) {
273	$params['context']['body'] = variable_get('email_confirm_confirmation_original_email_body',
274	t('Hello !username,
275
276	A request to change your email address has been made at !site.
277	In order to confirm the update of your email address you will
278	need to follow the instructions sent to your new email address
279	within 24 hours.
280	'));
281	drupal_mail('email_confirm', 'user_change_mail_original', $user->mail, user_preferred_language($user), $params, $from);
282	drupal_set_message(t('A confirmation email has been sent to your new email address. You must follow the link provided in that email within 24 hours in order to confirm the change to your account email address.'));
283	}
284	}
285
286	function email_confirm_user_email_rehash($pass, $mail) {
287	return md5($pass . $mail . drupal_get_private_key());
288	}