diff options
Diffstat (limited to 'includes/specials/SpecialPasswordReset.php')
| -rw-r--r-- | includes/specials/SpecialPasswordReset.php | 94 |
1 files changed, 62 insertions, 32 deletions
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index 90b0ac80..c486ba01 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -27,19 +27,23 @@ * @ingroup SpecialPage */ class SpecialPasswordReset extends FormSpecialPage { - /** * @var Message */ private $email; /** + * @var User + */ + private $firstUser; + + /** * @var Status */ private $result; public function __construct() { - parent::__construct( 'PasswordReset' ); + parent::__construct( 'PasswordReset', 'editmyprivateinfo' ); } public function userCanExecute( User $user ) { @@ -65,7 +69,8 @@ class SpecialPasswordReset extends FormSpecialPage { 'type' => 'text', 'label-message' => 'passwordreset-username', ); - if( $this->getUser()->isLoggedIn() ) { + + if ( $this->getUser()->isLoggedIn() ) { $a['Username']['default'] = $this->getUser()->getName(); } } @@ -86,7 +91,7 @@ class SpecialPasswordReset extends FormSpecialPage { ); } - if( $this->getUser()->isAllowed( 'passwordreset' ) ) { + if ( $this->getUser()->isAllowed( 'passwordreset' ) ) { $a['Capture'] = array( 'type' => 'check', 'label-message' => 'passwordreset-capture', @@ -98,11 +103,15 @@ class SpecialPasswordReset extends FormSpecialPage { } public function alterForm( HTMLForm $form ) { - $form->setSubmitTextMsg( 'mailmypassword' ); - } - - protected function preText() { global $wgPasswordResetRoutes; + + $form->setDisplayFormat( 'vform' ); + // Turn the old-school line around the form off. + // XXX This wouldn't be necessary here if we could set the format of + // the HTMLForm to 'vform' at its creation, but there's no way to do so + // from a FormSpecialPage class. + $form->setWrapperLegend( false ); + $i = 0; if ( isset( $wgPasswordResetRoutes['username'] ) && $wgPasswordResetRoutes['username'] ) { $i++; @@ -113,7 +122,11 @@ class SpecialPasswordReset extends FormSpecialPage { if ( isset( $wgPasswordResetRoutes['domain'] ) && $wgPasswordResetRoutes['domain'] ) { $i++; } - return $this->msg( 'passwordreset-pretext', $i )->parseAsBlock(); + + $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one'; + + $form->setHeaderText( $this->msg( $message, $i )->parseAsBlock() ); + $form->setSubmitTextMsg( 'mailmypassword' ); } /** @@ -136,8 +149,9 @@ class SpecialPasswordReset extends FormSpecialPage { } } - if( isset( $data['Capture'] ) && !$this->getUser()->isAllowed( 'passwordreset' ) ) { - // The user knows they don't have the passwordreset permission, but they tried to spoof the form. That's naughty + if ( isset( $data['Capture'] ) && !$this->getUser()->isAllowed( 'passwordreset' ) ) { + // The user knows they don't have the passwordreset permission, + // but they tried to spoof the form. That's naughty throw new PermissionsError( 'passwordreset' ); } @@ -151,8 +165,8 @@ class SpecialPasswordReset extends FormSpecialPage { $users = array( User::newFromName( $data['Username'] ) ); } elseif ( isset( $data['Email'] ) && $data['Email'] !== '' - && Sanitizer::validateEmail( $data['Email'] ) ) - { + && Sanitizer::validateEmail( $data['Email'] ) + ) { $method = 'email'; $res = wfGetDB( DB_SLAVE )->select( 'user', @@ -160,9 +174,11 @@ class SpecialPasswordReset extends FormSpecialPage { array( 'user_email' => $data['Email'] ), __METHOD__ ); + if ( $res ) { $users = array(); - foreach( $res as $row ) { + + foreach ( $res as $row ) { $users[] = User::newFromRow( $row ); } } else { @@ -180,8 +196,8 @@ class SpecialPasswordReset extends FormSpecialPage { return array( $error ); } - if( count( $users ) == 0 ) { - if( $method == 'email' ) { + if ( count( $users ) == 0 ) { + if ( $method == 'email' ) { // Don't reveal whether or not an email address is in use return true; } else { @@ -204,9 +220,13 @@ class SpecialPasswordReset extends FormSpecialPage { foreach ( $users as $user ) { if ( $user->isPasswordReminderThrottled() ) { global $wgPasswordReminderResendTime; + # Round the time in hours to 3 d.p., in case someone is specifying # minutes or seconds. - return array( array( 'throttled-mailpassword', round( $wgPasswordReminderResendTime, 3 ) ) ); + return array( array( + 'throttled-mailpassword', + round( $wgPasswordReminderResendTime, 3 ) + ) ); } } @@ -239,8 +259,8 @@ class SpecialPasswordReset extends FormSpecialPage { $password = $user->randomPassword(); $user->setNewpassword( $password ); $user->saveSettings(); - $passwords[] = $this->msg( 'passwordreset-emailelement', $user->getName(), $password - )->inLanguage( $userLanguage )->text(); // We'll escape the whole thing later + $passwords[] = $this->msg( 'passwordreset-emailelement', $user->getName(), $password ) + ->inLanguage( $userLanguage )->text(); // We'll escape the whole thing later } $passwordBlock = implode( "\n\n", $passwords ); @@ -249,7 +269,7 @@ class SpecialPasswordReset extends FormSpecialPage { $username, $passwordBlock, count( $passwords ), - '<' . Title::newMainPage()->getCanonicalUrl() . '>', + '<' . Title::newMainPage()->getCanonicalURL() . '>', round( $wgNewPasswordExpiry / 86400 ) ); @@ -257,31 +277,36 @@ class SpecialPasswordReset extends FormSpecialPage { $this->result = $firstUser->sendMail( $title->escaped(), $this->email->text() ); - // Blank the email if the user is not supposed to see it - if( !isset( $data['Capture'] ) || !$data['Capture'] ) { + if ( isset( $data['Capture'] ) && $data['Capture'] ) { + // Save the user, will be used if an error occurs when sending the email + $this->firstUser = $firstUser; + } else { + // Blank the email if the user is not supposed to see it $this->email = null; } if ( $this->result->isGood() ) { return true; - } elseif( isset( $data['Capture'] ) && $data['Capture'] ) { + } elseif ( isset( $data['Capture'] ) && $data['Capture'] ) { // The email didn't send, but maybe they knew that and that's why they captured it return true; } else { - // @todo FIXME: The email didn't send, but we have already set the password throttle - // timestamp, so they won't be able to try again until it expires... :( + // @todo FIXME: The email wasn't sent, but we have already set + // the password throttle timestamp, so they won't be able to try + // again until it expires... :( return array( array( 'mailerror', $this->result->getMessage() ) ); } } public function onSuccess() { - if( $this->getUser()->isAllowed( 'passwordreset' ) && $this->email != null ) { - // @todo: Logging + if ( $this->getUser()->isAllowed( 'passwordreset' ) && $this->email != null ) { + // @todo Logging - if( $this->result->isGood() ) { + if ( $this->result->isGood() ) { $this->getOutput()->addWikiMsg( 'passwordreset-emailsent-capture' ); } else { - $this->getOutput()->addWikiMsg( 'passwordreset-emailerror-capture', $this->result->getMessage() ); + $this->getOutput()->addWikiMsg( 'passwordreset-emailerror-capture', + $this->result->getMessage(), $this->firstUser->getName() ); } $this->getOutput()->addHTML( Html::rawElement( 'pre', array(), $this->email->escaped() ) ); @@ -292,12 +317,12 @@ class SpecialPasswordReset extends FormSpecialPage { } protected function canChangePassword( User $user ) { - global $wgPasswordResetRoutes, $wgAuth; + global $wgPasswordResetRoutes, $wgEnableEmail, $wgAuth; // Maybe password resets are disabled, or there are no allowable routes if ( !is_array( $wgPasswordResetRoutes ) || - !in_array( true, array_values( $wgPasswordResetRoutes ) ) ) - { + !in_array( true, array_values( $wgPasswordResetRoutes ) ) + ) { return 'passwordreset-disabled'; } @@ -306,6 +331,11 @@ class SpecialPasswordReset extends FormSpecialPage { return 'resetpass_forbidden'; } + // Maybe email features have been disabled + if ( !$wgEnableEmail ) { + return 'passwordreset-emaildisabled'; + } + // Maybe the user is blocked (check this here rather than relying on the parent // method as we have a more specific error message to use here if ( $user->isBlocked() ) { |