Profile block base style

[quix0rs-gnu-social.git] / actions / emailsettings.php

diff --git a/actions/emailsettings.php b/actions/emailsettings.php
index cbc4f644f36d6de5723cbdb6ef137f3b972ca2d3..b35b4d28ee1a28c66b82e46454522c50332e5882 100644 (file)
--- a/actions/emailsettings.php
+++ b/actions/emailsettings.php
@@ -34,6 +34,7 @@ class EmailsettingsAction extends SettingsAction {
                                                                                   'id' => 'emailsettings',
                                                                                   'action' =>
                                                                                   common_local_url('emailsettings')));
+               common_hidden('token', common_session_token());
 
                common_element('h2', NULL, _('Address'));
 
@@ -83,14 +84,26 @@ class EmailsettingsAction extends SettingsAction {
                }
                
                common_element('h2', NULL, _('Preferences'));
-               
+
                common_checkbox('emailnotifysub',
-                                               _('Send me notices of new subscriptions through email.'),
-                                               $user->emailnotifysub);
+                               _('Send me notices of new subscriptions through email.'),
+                               $user->emailnotifysub);
+               common_checkbox('emailnotifyfav',
+                               _('Send me email when someone adds my notice as a favorite.'),
+                               $user->emailnotifyfav);
+               common_checkbox('emailnotifymsg',
+                               _('Send me email when someone sends me a private message.'),
+                               $user->emailnotifymsg);
+               common_checkbox('emailnotifynudge',
+                               _('Allow friends to nudge me and send me an email.'),
+                               $user->emailnotifynudge);
                common_checkbox('emailpost',
                                                _('I want to post notices by email.'),
                                                $user->emailpost);
-                       
+               common_checkbox('emailmicroid',
+                               _('Publish a MicroID for my email address.'),
+                               $user->emailmicroid);
+
                common_submit('save', _('Save'));
                
                common_element_end('form');
@@ -111,6 +124,13 @@ class EmailsettingsAction extends SettingsAction {
 
        function handle_post() {
 
+               # CSRF protection
+               $token = $this->trimmed('token');
+               if (!$token || $token != common_session_token()) {
+                       $this->show_form(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
                if ($this->arg('save')) {
                        $this->save_preferences();
                } else if ($this->arg('add')) {
@@ -131,8 +151,12 @@ class EmailsettingsAction extends SettingsAction {
        function save_preferences() {
 
                $emailnotifysub = $this->boolean('emailnotifysub');
+               $emailnotifyfav = $this->boolean('emailnotifyfav');
+               $emailnotifymsg = $this->boolean('emailnotifymsg');
+               $emailnotifynudge = $this->boolean('emailnotifynudge');
+               $emailmicroid = $this->boolean('emailmicroid');
                $emailpost = $this->boolean('emailpost');
-               
+
                $user = common_current_user();
 
                assert(!is_null($user)); # should already be checked
@@ -142,6 +166,10 @@ class EmailsettingsAction extends SettingsAction {
                $original = clone($user);
 
                $user->emailnotifysub = $emailnotifysub;
+               $user->emailnotifyfav = $emailnotifyfav;
+               $user->emailnotifymsg = $emailnotifymsg;
+               $user->emailnotifynudge = $emailnotifynudge;
+               $user->emailmicroid = $emailmicroid;
                $user->emailpost = $emailpost;
 
                $result = $user->update($original);
@@ -201,9 +229,7 @@ class EmailsettingsAction extends SettingsAction {
                        return;
                }
 
-               mail_confirm_address($confirm->code,
-                                                        $user->nickname,
-                                                        $email);
+               mail_confirm_address($user, $confirm->code, $user->nickname, $email);
 
                $msg = _('A confirmation code was sent to the email address you added. Check your inbox (and spam box!) for the code and instructions on how to use it.');
 
@@ -269,8 +295,8 @@ class EmailsettingsAction extends SettingsAction {
                
                $orig = clone($user);
                $user->incomingemail = NULL;
-               
-               if (!$user->update($orig)) {
+
+               if (!$user->updateKeys($orig)) {
                        common_log_db_error($user, 'UPDATE', __FILE__);
                        $this->server_error(_("Couldn't update user record."));
                }
@@ -284,7 +310,7 @@ class EmailsettingsAction extends SettingsAction {
                $orig = clone($user);
                $user->incomingemail = mail_new_incoming_address();
                
-               if (!$user->update($orig)) {
+               if (!$user->updateKeys($orig)) {
                        common_log_db_error($user, 'UPDATE', __FILE__);
                        $this->server_error(_("Couldn't update user record."));
                }