email confirmation

app.rb

@@ -439,13 +439,7 @@ post '/create' do
       body: Tilt.new('./views/templates/email_welcome.erb', pretty: true).render(self)
     })
 
-    EmailWorker.perform_async({
+    send_confirmation_email @site
-      from: 'web@neocities.org',
-      reply_to: 'contact@neocities.org',
-      to: @site.email,
-      subject: "[Neocities] Confirm your email address",
-      body: Tilt.new('./views/templates/email_confirm.erb', pretty: true).render(self)
-    })
 
     session[:id] = @site.id
     redirect '/'
@@ -531,6 +525,23 @@ post '/change_password' do
   end
 end
 
+post '/change_email' do
+  require_login
+  current_site.email = params[:email]
+  current_site.email_confirmation_token = SecureRandom.hex 3
+  current_site.email_confirmed = false
+
+  if current_site.valid?
+    current_site.save_changes
+    send_confirmation_email
+    flash[:success] = 'Successfully changed email. We have sent a confirmation email, please use it to confirm your email address.'
+    redirect '/settings'
+  end
+
+  current_site.reload
+  erb :settings
+end
+
 post '/change_name' do
   require_login
   old_username = current_site.username
@@ -1252,3 +1263,13 @@ end
 def api_not_found
   api_error 404, 'not_found', 'the requested api call does not exist'
 end
+
+def send_confirmation_email(site=current_site)
+  EmailWorker.perform_async({
+    from: 'web@neocities.org',
+    reply_to: 'contact@neocities.org',
+    to: site.email,
+    subject: "[Neocities] Confirm your email address",
+    body: Tilt.new('./views/templates/email_confirm.erb', pretty: true).render(self, site: site)
+  })
+end

models/site.rb

@@ -68,6 +68,8 @@ class Site < Sequel::Model
     /PHP\.Hide/
   ]
 
+  EMAIL_SANITY_REGEX = /.+@.+\..+/i
+
   BANNED_TIME = 2592000 # 30 days in seconds
 
   TITLE_MAX = 100
@@ -440,18 +442,25 @@ class Site < Sequel::Model
       errors.add :username, 'A valid user/site name is required.'
     end
 
-    if new? && values[:username].length > 32
+    if values[:username].length > 32
       errors.add :username, 'User/site name cannot exceed 32 characters.'
     end
 
     # Check that email has been provided
-    if new? && values[:email].empty?
+    if values[:email].empty?
       errors.add :email, 'An email address is required.'
     end
 
     # Check for existing email
-    if new? && self.class.select(:id).filter(email: values[:email]).first
+    email_check = self.class.select(:id).filter(email: values[:email]).first
-      errors.add :email, 'This email address already exists on Neocities, please use your existing account.'
+    if email_check && email_check.id == self.id
+      errors.add :email, 'You are already using this email address for this account.'
+    elsif email_check && email_check.id != self.id
+      errors.add :email, 'This email address already exists on Neocities, please use your existing account instead of creating a new one.'
+    end
+
+    unless values[:email] =~ EMAIL_SANITY_REGEX
+      errors.add :email, 'A valid email address is required.'
     end
 
     # Check for existing user

views/settings.erb

@@ -56,6 +56,19 @@
      		<input class="btn-Action" type="submit" value="Change Password">
      	</form>
 
+      <h2>Change Email</h2>
+      <form method="POST" action="/change_email">
+        <%== csrf_token_input_html %>
+
+        <p>Current Email: <strong><%= current_site.email %></strong></p>
+        <p>New Email:</p>
+        <input class="input-Area" name="email" type="text">
+
+        <div>
+          <input class="btn-Action" type="submit" value="Change Email">
+        </div>
+      </form>
+
 
 
      	<h2>Change Site (User) Name</h2>

views/templates/email_confirm.erb

@@ -1,10 +1,10 @@
-Hello <%= @site.username %>,
+Hello <%= site.username %>,
 
 Please confirm your email address for Neocities!
 
 You can confirm your email address using the link below:
 
-https://neocities.org/site/<%= @site.username %>/confirm_email/<%= @site.email_confirmation_token %>
+https://neocities.org/site/<%= site.username %>/confirm_email/<%= site.email_confirmation_token %>
 
 Thank you!