diff options
Diffstat (limited to 'includes/specials/SpecialResetpass.php')
| -rw-r--r-- | includes/specials/SpecialResetpass.php | 178 |
1 files changed, 99 insertions, 79 deletions
diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php index 707b941d..059f8dbd 100644 --- a/includes/specials/SpecialResetpass.php +++ b/includes/specials/SpecialResetpass.php @@ -4,26 +4,13 @@ * @ingroup SpecialPage */ -/** Constructor */ -function wfSpecialResetpass( $par ) { - $form = new PasswordResetForm(); - $form->execute( $par ); -} - /** * Let users recover their password. * @ingroup SpecialPage */ -class PasswordResetForm extends SpecialPage { - function __construct( $name=null, $reset=null ) { - if( $name !== null ) { - $this->mName = $name; - $this->mTemporaryPassword = $reset; - } else { - global $wgRequest; - $this->mName = $wgRequest->getVal( 'wpName' ); - $this->mTemporaryPassword = $wgRequest->getVal( 'wpPassword' ); - } +class SpecialResetpass extends SpecialPage { + public function __construct() { + parent::__construct( 'Resetpass' ); } /** @@ -32,36 +19,46 @@ class PasswordResetForm extends SpecialPage { function execute( $par ) { global $wgUser, $wgAuth, $wgOut, $wgRequest; + $this->mUserName = $wgRequest->getVal( 'wpName' ); + $this->mOldpass = $wgRequest->getVal( 'wpPassword' ); + $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' ); + $this->mRetype = $wgRequest->getVal( 'wpRetype' ); + + $this->setHeaders(); + $this->outputHeader(); + if( !$wgAuth->allowPasswordChange() ) { $this->error( wfMsg( 'resetpass_forbidden' ) ); return; } - if( $this->mName === null && !$wgRequest->wasPosted() ) { - $this->error( wfMsg( 'resetpass_missing' ) ); + if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) { + $this->error( wfMsg( 'resetpass-no-info' ) ); return; } - if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) { - $newpass = $wgRequest->getVal( 'wpNewPassword' ); - $retype = $wgRequest->getVal( 'wpRetype' ); + if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) { try { - $this->attemptReset( $newpass, $retype ); + $this->attemptReset( $this->mNewpass, $this->mRetype ); $wgOut->addWikiMsg( 'resetpass_success' ); - - $data = array( - 'action' => 'submitlogin', - 'wpName' => $this->mName, - 'wpPassword' => $newpass, - 'returnto' => $wgRequest->getVal( 'returnto' ), - ); - if( $wgRequest->getCheck( 'wpRemember' ) ) { - $data['wpRemember'] = 1; + if( !$wgUser->isLoggedIn() ) { + $data = array( + 'action' => 'submitlogin', + 'wpName' => $this->mUserName, + 'wpPassword' => $this->mNewpass, + 'returnto' => $wgRequest->getVal( 'returnto' ), + ); + if( $wgRequest->getCheck( 'wpRemember' ) ) { + $data['wpRemember'] = 1; + } + $login = new LoginForm( new FauxRequest( $data, true ) ); + $login->execute(); } - $login = new LoginForm( new FauxRequest( $data, true ) ); - $login->execute(); - - return; + $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) ); + if ( !$titleObj instanceof Title ) { + $titleObj = Title::newMainPage(); + } + $wgOut->redirect( $titleObj->getFullURL() ); } catch( PasswordError $e ) { $this->error( $e->getMessage() ); } @@ -71,9 +68,7 @@ class PasswordResetForm extends SpecialPage { function error( $msg ) { global $wgOut; - $wgOut->addHtml( '<div class="errorbox">' . - htmlspecialchars( $msg ) . - '</div>' ); + $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) ); } function showForm() { @@ -82,44 +77,54 @@ class PasswordResetForm extends SpecialPage { $wgOut->disallowUserJs(); $self = SpecialPage::getTitleFor( 'Resetpass' ); - $form = - '<div id="userloginForm">' . - wfOpenElement( 'form', + if ( !$this->mUserName ) { + $this->mUserName = $wgUser->getName(); + } + $rememberMe = ''; + if ( !$wgUser->isLoggedIn() ) { + $rememberMe = '<tr>' . + '<td></td>' . + '<td class="mw-input">' . + Xml::checkLabel( wfMsg( 'remembermypassword' ), + 'wpRemember', 'wpRemember', + $wgRequest->getCheck( 'wpRemember' ) ) . + '</td>' . + '</tr>'; + $submitMsg = 'resetpass_submit'; + $oldpassMsg = 'resetpass-temp-password'; + } else { + $oldpassMsg = 'oldpassword'; + $submitMsg = 'resetpass-submit-loggedin'; + } + $wgOut->addHTML( + Xml::fieldset( wfMsg( 'resetpass_header' ) ) . + Xml::openElement( 'form', array( 'method' => 'post', - 'action' => $self->getLocalUrl() ) ) . - '<h2>' . wfMsgHtml( 'resetpass_header' ) . '</h2>' . - '<div id="userloginprompt">' . + 'action' => $self->getLocalUrl(), + 'id' => 'mw-resetpass-form' ) ) . + Xml::hidden( 'token', $wgUser->editToken() ) . + Xml::hidden( 'wpName', $this->mUserName ) . + Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . wfMsgExt( 'resetpass_text', array( 'parse' ) ) . - '</div>' . - '<table>' . - wfHidden( 'token', $wgUser->editToken() ) . - wfHidden( 'wpName', $this->mName ) . - wfHidden( 'wpPassword', $this->mTemporaryPassword ) . - wfHidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . + Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . $this->pretty( array( - array( 'wpName', 'username', 'text', $this->mName ), + array( 'wpName', 'username', 'text', $this->mUserName ), + array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ), array( 'wpNewPassword', 'newpassword', 'password', '' ), - array( 'wpRetype', 'yourpasswordagain', 'password', '' ), + array( 'wpRetype', 'retypenew', 'password', '' ), ) ) . + $rememberMe . '<tr>' . '<td></td>' . - '<td>' . - Xml::checkLabel( wfMsg( 'remembermypassword' ), - 'wpRemember', 'wpRemember', - $wgRequest->getCheck( 'wpRemember' ) ) . - '</td>' . - '</tr>' . - '<tr>' . - '<td></td>' . - '<td>' . - wfSubmitButton( wfMsgHtml( 'resetpass_submit' ) ) . + '<td class="mw-input">' . + Xml::submitButton( wfMsg( $submitMsg ) ) . '</td>' . '</tr>' . - '</table>' . - wfCloseElement( 'form' ) . - '</div>'; - $wgOut->addHtml( $form ); + Xml::closeElement( 'table' ) . + Xml::closeElement( 'form' ) . + Xml::closeElement( 'fieldset' ) + ); } function pretty( $fields ) { @@ -127,16 +132,19 @@ class PasswordResetForm extends SpecialPage { foreach( $fields as $list ) { list( $name, $label, $type, $value ) = $list; if( $type == 'text' ) { - $field = '<tt>' . htmlspecialchars( $value ) . '</tt>'; + $field = htmlspecialchars( $value ); } else { $field = Xml::input( $name, 20, $value, array( 'id' => $name, 'type' => $type ) ); } $out .= '<tr>'; - $out .= '<td align="right">'; - $out .= Xml::label( wfMsg( $label ), $name ); + $out .= "<td class='mw-label'>"; + if ( $type != 'text' ) + $out .= Xml::label( wfMsg( $label ), $name ); + else + $out .= wfMsg( $label ); $out .= '</td>'; - $out .= '<td>'; + $out .= "<td class='mw-input'>"; $out .= $field; $out .= '</td>'; $out .= '</tr>'; @@ -147,21 +155,33 @@ class PasswordResetForm extends SpecialPage { /** * @throws PasswordError when cannot set the new password because requirements not met. */ - function attemptReset( $newpass, $retype ) { - $user = User::newFromName( $this->mName ); - if( $user->isAnon() ) { + protected function attemptReset( $newpass, $retype ) { + $user = User::newFromName( $this->mUserName ); + if( !$user || $user->isAnon() ) { throw new PasswordError( 'no such user' ); } - - if( !$user->checkTemporaryPassword( $this->mTemporaryPassword ) ) { - throw new PasswordError( wfMsg( 'resetpass_bad_temporary' ) ); - } - + if( $newpass !== $retype ) { + wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) ); throw new PasswordError( wfMsg( 'badretype' ) ); } - $user->setPassword( $newpass ); + if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) { + wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) ); + throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) ); + } + + try { + $user->setPassword( $this->mNewpass ); + wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) ); + $this->mNewpass = $this->mOldpass = $this->mRetypePass = ''; + } catch( PasswordError $e ) { + wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) ); + throw new PasswordError( $e->getMessage() ); + return; + } + + $user->setCookies(); $user->saveSettings(); } } |