diff --git a/administrator/components/com_users/models/user.php b/administrator/components/com_users/models/user.php index 671cd02dce037..b2ab1a3d59c06 100644 --- a/administrator/components/com_users/models/user.php +++ b/administrator/components/com_users/models/user.php @@ -9,6 +9,7 @@ defined('_JEXEC') or die; +use Joomla\CMS\Router\Route; use Joomla\Registry\Registry; use Joomla\Utilities\ArrayHelper; @@ -189,6 +190,71 @@ public function save($data) $pk = (!empty($data['id'])) ? $data['id'] : (int) $this->getState('user.id'); $user = JUser::getInstance($pk); + // Make sure the activation / reset token is invalidated when the account mail is changed and a token exists. + if ($user->email != $data['email'] && $pk != 0 && !empty($user->activation) && !$user->block) + { + $app = JFactory::getApplication(); + + // Compile the notification mail values. + $data['fromname'] = $app->get('fromname'); + $data['mailfrom'] = $app->get('mailfrom'); + $data['sitename'] = $app->get('sitename'); + $data['siteurl'] = JUri::root(); + $data['activation'] = JApplicationHelper::getHash(JUserHelper::genRandomPassword()); + + // Set the link to activate the user account. + $linkMode = (int) $app->get('force_ssl', 0) == 2 ? Route::TLS_FORCE : Route::TLS_IGNORE; + $data['activate'] = Route::link( + 'site', + 'index.php?option=com_users&task=registration.activate&token=' . $data['activation'], + false, + $linkMode, + true + ); + + $emailSubject = JText::sprintf( + 'COM_USERS_EMAIL_ACCOUNT_DETAILS', + $data['name'], + $data['sitename'] + ); + + // Default case should be admin activation + $emailBodyLanguageString = 'COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_CHANGED_MAIL_BODY'; + + if (JComponentHelper::getParams('com_users')->get('useractivation') === 1 + || JComponentHelper::getParams('com_users')->get('useractivation') === 0) + { + /* + * Wait we have useractivation use the correct string then; + * Or we have a rare case that the parameter has been set to 0 (None) after the user registered but not activated the account + */ + $emailBodyLanguageString = 'COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_CHANGED_MAIL_BODY'; + } + + $emailBody = JText::sprintf( + $emailBodyLanguageString, + $data['name'], + $data['sitename'], + $data['activate'], + $data['siteurl'], + $data['username'] + ); + + // Write the new token back to the database + $activation = (object) array( + 'id' => $user->id, + 'activation' => $data['activation'], + ); + + $this->getDbo()->updateObject('#__users', $activation, 'id'); + + // Reload the user record + $user->load($user->id); + + // Send the mail to the user + JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody); + } + $my = JFactory::getUser(); $iAmSuperAdmin = $my->authorise('core.admin'); diff --git a/administrator/language/en-GB/en-GB.com_users.ini b/administrator/language/en-GB/en-GB.com_users.ini index 63421795d003b..16e4161d02b9f 100644 --- a/administrator/language/en-GB/en-GB.com_users.ini +++ b/administrator/language/en-GB/en-GB.com_users.ini @@ -90,6 +90,9 @@ COM_USERS_DESIRED_PASSWORD="Enter your desired password." COM_USERS_EDIT_NOTE="Edit Note" COM_USERS_EDIT_NOTE_N="Editing note with ID #%d" COM_USERS_EDIT_USER="Edit User %s" +COM_USERS_EMAIL_ACCOUNT_DETAILS="Account Details for %s at %s" +COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_CHANGED_MAIL_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nBefore the latest confirmation the account email address has been changed so we need you to confirm the new email address. Please select the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" +COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_CHANGED_MAIL_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nBefore the latest confirmation the account email address has been changed so we need you to confirm the new email address. Please select the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" COM_USERS_EMPTY_REVIEW="-" COM_USERS_EMPTY_SUBJECT="- No subject -" COM_USERS_ERROR_CANNOT_BATCH_SUPERUSER="A non-Super User can't perform batch operations on Super Users." diff --git a/language/en-GB/en-GB.com_users.ini b/language/en-GB/en-GB.com_users.ini index 683695a73e16c..f43963ab7544e 100644 --- a/language/en-GB/en-GB.com_users.ini +++ b/language/en-GB/en-GB.com_users.ini @@ -22,8 +22,10 @@ COM_USERS_EMAIL_REGISTERED_BODY_NOPW="Hello %s,\n\nThank you for registering at COM_USERS_EMAIL_REGISTERED_NOTIFICATION_TO_ADMIN_BODY="Hello administrator, \n\nA new user '%s', username '%s', has registered at %s." COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account select the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s" COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY_NOPW="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account select the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" +COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_CHANGED_MAIL_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nBefore the latest confirmation the account email address has been changed so we need you to confirm the new email address. Please select the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nTo verify the account select the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s" COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY_NOPW="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nTo verify the account select the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" +COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_CHANGED_MAIL_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nBefore the latest confirmation the account email address has been changed so we need you to confirm the new email address. Please select the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and the password you entered during registration:\n\nUsername: %s" COM_USERS_EMAIL_USERNAME_REMINDER_BODY="Hello,\n\nA username reminder has been requested for your %s account.\n\nYour username is %s.\n\nTo login to your account, select the link below.\n\n%s \n\nThank you." COM_USERS_EMAIL_USERNAME_REMINDER_SUBJECT="Your %s username" COM_USERS_ERROR_SECRET_CODE_WITHOUT_TFA="You have entered a Secret Code but two factor authentication is not enabled in your user account. If you want to use a secret code to secure your login please edit your user profile and enable two factor authentication."