add csrf protection to profile settings

[quix0rs-gnu-social.git] / actions / confirmaddress.php

diff --git a/actions/confirmaddress.php b/actions/confirmaddress.php
index 72b42c2a7b4c1fcbafc46e26e18f5d3184c060fd..3cffda8710b59c15efa87ca347c22e087df3e073 100644 (file)
--- a/actions/confirmaddress.php
+++ b/actions/confirmaddress.php
@@ -19,7 +19,7 @@
 
 if (!defined('LACONICA')) { exit(1); }
 
-class ConfirmemailAction extends Action {
+class ConfirmaddressAction extends Action {
 
     function handle($args) {
         parent::handle($args);
@@ -30,51 +30,62 @@ class ConfirmemailAction extends Action {
         }
         $code = $this->trimmed('code');
         if (!$code) {
-            $this->client_error(_t('No confirmation code.'));
+            $this->client_error(_('No confirmation code.'));
             return;
         }
-        $confirm_email = Confirm_email::staticGet('code', $code);
-        if (!$confirm_email) {
-            $this->client_error(_t('Confirmation code not found.'));
+        $confirm = Confirm_address::staticGet('code', $code);
+        if (!$confirm) {
+            $this->client_error(_('Confirmation code not found.'));
             return;
         }
         $cur = common_current_user();
-        if ($cur->id != $confirm_email->user_id) {
-            $this->client_error(_t('That confirmation code is not for you!'));
+        if ($cur->id != $confirm->user_id) {
+            $this->client_error(_('That confirmation code is not for you!'));
             return;
         }
-        if ($cur->email == $confirm_email->email) {
-            $this->client_error(_t('That email address is already confirmed.'));
-            return;
-        }
-               
+               $type = $confirm->address_type;
+               if (!in_array($type, array('email', 'jabber', 'sms'))) {
+                       $this->server_error(sprintf(_('Unrecognized address type %s'), $type));
+                       return;
+               }
+        if ($cur->$type == $confirm->address) {
+            $this->client_error(_('That address has already been confirmed.'));
+                       return;
+               }
+
         $cur->query('BEGIN');
-               
+
         $orig_user = clone($cur);
-               
-        $cur->email = $confirm_email->email;
-        $result = $cur->updateKeys($orig_user);
-               
+
+               $cur->$type = $confirm->address;
+
+               if ($type == 'sms') {
+                       $cur->carrier = ($confirm->address_extra)+0;
+                       $carrier = Sms_carrier::staticGet($cur->carrier);
+                       $cur->smsemail = $carrier->toEmailAddress($cur->sms);
+               }
+
+               $result = $cur->updateKeys($orig_user);
+
         if (!$result) {
                        common_log_db_error($cur, 'UPDATE', __FILE__);
-            $this->server_error(_t('Couldn\'t update user.'));
+            $this->server_error(_('Couldn\'t update user.'));
             return;
         }
-               
-        $result = $confirm_email->delete();
-               
+
+        $result = $confirm->delete();
+
         if (!$result) {
-                       common_log_db_error($confirm_email, 'DELETE', __FILE__);
-            $this->server_error(_t('Couldn\'t delete email confirmation.'));
+                       common_log_db_error($confirm, 'DELETE', __FILE__);
+            $this->server_error(_('Couldn\'t delete email confirmation.'));
             return;
         }
-               
+
         $cur->query('COMMIT');
-               
-        common_show_header(_t('Confirm E-mail Address'));
+
+        common_show_header(_('Confirm Address'));
         common_element('p', NULL,
-                       _t('The email address "') . $cur->email . 
-                       _t('" has been confirmed for your account.'));
-        common_show_footer(_t('Confirm E-mail Address'));
+                       sprintf(_('The address "%s" has been confirmed for your account.'), $cur->$type));
+        common_show_footer();
     }
 }