diff --git a/dbupdate/1.sql b/dbupdate/1.sql
new file mode 100644
index 0000000..e77c649
--- /dev/null
+++ b/dbupdate/1.sql
@@ -0,0 +1,7 @@
+create table cyberman (
+ id integer primary key,
+ dbrev integer not null
+);
+insert into cyberman (dbrev) values (2);
+
+alter table user add column newemail text;
diff --git a/lib/cyberman/Account.pm b/lib/cyberman/Account.pm
index b974028..fd602cb 100644
--- a/lib/cyberman/Account.pm
+++ b/lib/cyberman/Account.pm
@@ -1,6 +1,7 @@
package cyberman::Account;
use Dancer2 appname => "cyberman";
use Dancer2::Plugin::Database;
+use URI::Escape;
use cyberman::Helper;
@@ -73,8 +74,7 @@ post '/account' => sub {
}
if (param("email") ne $user->{"email"}) {
-
- # TODO: verify email address here
+ my $conftoken = randstring(16);
database->quick_update (
"user",
@@ -82,9 +82,18 @@ post '/account' => sub {
"id" => vars->{"auth"},
},
{
- "email" => param "email",
+ "newemail" => param("email"),
+ "conftoken" => $conftoken,
},
);
+
+ my $email = template 'email/update' => {
+ "link" => config->{"mail"}->{"baseurl"} . "/confirm_update?o=" . uri_escape($user->{"email"}) . "&n=" . uri_escape(param "email") . "&t=$conftoken",
+ },
+ {
+ "layout" => undef,
+ };
+ send_email(param("email"), $email);
}
if ($new_pass) {
@@ -125,4 +134,31 @@ post '/account' => sub {
};
};
+get '/confirm_update' => sub {
+ my $user = database->quick_select(
+ "user",
+ {
+ "email" => param("o"),
+ "newemail" => param("n"),
+ "conftoken" => param("t"),
+ },
+ );
+
+ if (!$user) {
+ return "No such user/token!";
+ }
+
+ database->quick_update(
+ "user",
+ {
+ "id" => $user->{"id"},
+ },
+ {
+ "email" => param("n"),
+ },
+ );
+
+ template 'confirmed';
+};
+
true;
diff --git a/schema.sql b/schema.sql
index 6071b0e..9e0bb8a 100644
--- a/schema.sql
+++ b/schema.sql
@@ -1,3 +1,10 @@
+drop table if exists cyberman;
+create table cyberman (
+ id integer primary key,
+ dbrev integer not null
+);
+insert into cyberman (dbrev) values (2);
+
drop table if exists user;
create table user (
id integer primary key,
@@ -5,7 +12,8 @@ create table user (
password text not null,
salt text not null,
active integer not null default 0,
- conftoken text not null
+ conftoken text not null,
+ newemail text
);
drop table if exists session;
diff --git a/views/account.tt b/views/account.tt
index d3b523d..8165bc2 100644
--- a/views/account.tt
+++ b/views/account.tt
@@ -4,7 +4,7 @@
<% IF updated %>