- Generated on Thu Nov 21 2013 13:28:47 for MediaWiki by
1.7.6.1
|
MediaWiki
REL1_20
|
00001 <?php 00029 class SpecialChangePassword extends UnlistedSpecialPage { 00030 public function __construct() { 00031 parent::__construct( 'ChangePassword' ); 00032 } 00033 00037 function execute( $par ) { 00038 global $wgAuth; 00039 00040 $this->setHeaders(); 00041 $this->outputHeader(); 00042 $this->getOutput()->disallowUserJs(); 00043 00044 $request = $this->getRequest(); 00045 $this->mUserName = trim( $request->getVal( 'wpName' ) ); 00046 $this->mOldpass = $request->getVal( 'wpPassword' ); 00047 $this->mNewpass = $request->getVal( 'wpNewPassword' ); 00048 $this->mRetype = $request->getVal( 'wpRetype' ); 00049 $this->mDomain = $request->getVal( 'wpDomain' ); 00050 00051 $user = $this->getUser(); 00052 if( !$request->wasPosted() && !$user->isLoggedIn() ) { 00053 $this->error( $this->msg( 'resetpass-no-info' )->text() ); 00054 return; 00055 } 00056 00057 if( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) { 00058 $this->doReturnTo(); 00059 return; 00060 } 00061 00062 $this->checkReadOnly(); 00063 00064 if( $request->wasPosted() && $user->matchEditToken( $request->getVal( 'token' ) ) ) { 00065 try { 00066 $this->mDomain = $wgAuth->getDomain(); 00067 if( !$wgAuth->allowPasswordChange() ) { 00068 $this->error( $this->msg( 'resetpass_forbidden' )->text() ); 00069 return; 00070 } 00071 00072 $this->attemptReset( $this->mNewpass, $this->mRetype ); 00073 $this->getOutput()->addWikiMsg( 'resetpass_success' ); 00074 if( !$user->isLoggedIn() ) { 00075 LoginForm::setLoginToken(); 00076 $token = LoginForm::getLoginToken(); 00077 $data = array( 00078 'action' => 'submitlogin', 00079 'wpName' => $this->mUserName, 00080 'wpDomain' => $this->mDomain, 00081 'wpLoginToken' => $token, 00082 'wpPassword' => $this->mNewpass, 00083 'returnto' => $request->getVal( 'returnto' ), 00084 ); 00085 if( $request->getCheck( 'wpRemember' ) ) { 00086 $data['wpRemember'] = 1; 00087 } 00088 $login = new LoginForm( new FauxRequest( $data, true ) ); 00089 $login->setContext( $this->getContext() ); 00090 $login->execute( null ); 00091 } 00092 $this->doReturnTo(); 00093 } catch( PasswordError $e ) { 00094 $this->error( $e->getMessage() ); 00095 } 00096 } 00097 $this->showForm(); 00098 } 00099 00100 function doReturnTo() { 00101 $titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) ); 00102 if ( !$titleObj instanceof Title ) { 00103 $titleObj = Title::newMainPage(); 00104 } 00105 $this->getOutput()->redirect( $titleObj->getFullURL() ); 00106 } 00107 00108 function error( $msg ) { 00109 $this->getOutput()->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) ); 00110 } 00111 00112 function showForm() { 00113 global $wgCookieExpiration; 00114 00115 $user = $this->getUser(); 00116 if ( !$this->mUserName ) { 00117 $this->mUserName = $user->getName(); 00118 } 00119 $rememberMe = ''; 00120 if ( !$user->isLoggedIn() ) { 00121 $rememberMe = '<tr>' . 00122 '<td></td>' . 00123 '<td class="mw-input">' . 00124 Xml::checkLabel( 00125 $this->msg( 'remembermypassword' )->numParams( ceil( $wgCookieExpiration / ( 3600 * 24 ) ) )->text(), 00126 'wpRemember', 'wpRemember', 00127 $this->getRequest()->getCheck( 'wpRemember' ) ) . 00128 '</td>' . 00129 '</tr>'; 00130 $submitMsg = 'resetpass_submit'; 00131 $oldpassMsg = 'resetpass-temp-password'; 00132 } else { 00133 $oldpassMsg = 'oldpassword'; 00134 $submitMsg = 'resetpass-submit-loggedin'; 00135 } 00136 $extraFields = array(); 00137 wfRunHooks( 'ChangePasswordForm', array( &$extraFields ) ); 00138 $prettyFields = array( 00139 array( 'wpName', 'username', 'text', $this->mUserName ), 00140 array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ), 00141 array( 'wpNewPassword', 'newpassword', 'password', null ), 00142 array( 'wpRetype', 'retypenew', 'password', null ), 00143 ); 00144 $prettyFields = array_merge( $prettyFields, $extraFields ); 00145 $this->getOutput()->addHTML( 00146 Xml::fieldset( $this->msg( 'resetpass_header' )->text() ) . 00147 Xml::openElement( 'form', 00148 array( 00149 'method' => 'post', 00150 'action' => $this->getTitle()->getLocalUrl(), 00151 'id' => 'mw-resetpass-form' ) ) . "\n" . 00152 Html::hidden( 'token', $user->getEditToken() ) . "\n" . 00153 Html::hidden( 'wpName', $this->mUserName ) . "\n" . 00154 Html::hidden( 'wpDomain', $this->mDomain ) . "\n" . 00155 Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" . 00156 $this->msg( 'resetpass_text' )->parseAsBlock() . "\n" . 00157 Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" . 00158 $this->pretty( $prettyFields ) . "\n" . 00159 $rememberMe . 00160 "<tr>\n" . 00161 "<td></td>\n" . 00162 '<td class="mw-input">' . 00163 Xml::submitButton( $this->msg( $submitMsg )->text() ) . 00164 Xml::submitButton( $this->msg( 'resetpass-submit-cancel' )->text(), array( 'name' => 'wpCancel' ) ) . 00165 "</td>\n" . 00166 "</tr>\n" . 00167 Xml::closeElement( 'table' ) . 00168 Xml::closeElement( 'form' ) . 00169 Xml::closeElement( 'fieldset' ) . "\n" 00170 ); 00171 } 00172 00173 function pretty( $fields ) { 00174 $out = ''; 00175 foreach ( $fields as $list ) { 00176 list( $name, $label, $type, $value ) = $list; 00177 if( $type == 'text' ) { 00178 $field = htmlspecialchars( $value ); 00179 } else { 00180 $attribs = array( 'id' => $name ); 00181 if ( $name == 'wpNewPassword' || $name == 'wpRetype' ) { 00182 $attribs = array_merge( $attribs, 00183 User::passwordChangeInputAttribs() ); 00184 } 00185 if ( $name == 'wpPassword' ) { 00186 $attribs[] = 'autofocus'; 00187 } 00188 $field = Html::input( $name, $value, $type, $attribs ); 00189 } 00190 $out .= "<tr>\n"; 00191 $out .= "\t<td class='mw-label'>"; 00192 if ( $type != 'text' ) 00193 $out .= Xml::label( $this->msg( $label )->text(), $name ); 00194 else 00195 $out .= $this->msg( $label )->escaped(); 00196 $out .= "</td>\n"; 00197 $out .= "\t<td class='mw-input'>"; 00198 $out .= $field; 00199 $out .= "</td>\n"; 00200 $out .= "</tr>"; 00201 } 00202 return $out; 00203 } 00204 00208 protected function attemptReset( $newpass, $retype ) { 00209 $user = User::newFromName( $this->mUserName ); 00210 if( !$user || $user->isAnon() ) { 00211 throw new PasswordError( $this->msg( 'nosuchusershort', $this->mUserName )->text() ); 00212 } 00213 00214 if( $newpass !== $retype ) { 00215 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) ); 00216 throw new PasswordError( $this->msg( 'badretype' )->text() ); 00217 } 00218 00219 $throttleCount = LoginForm::incLoginThrottle( $this->mUserName ); 00220 if ( $throttleCount === true ) { 00221 throw new PasswordError( $this->msg( 'login-throttled' )->text() ); 00222 } 00223 00224 $abortMsg = 'resetpass-abort-generic'; 00225 if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) { 00226 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) ); 00227 throw new PasswordError( $this->msg( $abortMsg )->text() ); 00228 } 00229 00230 if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) { 00231 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) ); 00232 throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() ); 00233 } 00234 00235 // Please reset throttle for successful logins, thanks! 00236 if ( $throttleCount ) { 00237 LoginForm::clearLoginThrottle( $this->mUserName ); 00238 } 00239 00240 try { 00241 $user->setPassword( $this->mNewpass ); 00242 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) ); 00243 $this->mNewpass = $this->mOldpass = $this->mRetypePass = ''; 00244 } catch( PasswordError $e ) { 00245 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) ); 00246 throw new PasswordError( $e->getMessage() ); 00247 } 00248 00249 $user->setCookies(); 00250 $user->saveSettings(); 00251 } 00252 }
1.7.6.1