includes/SpecialResetpass.php

   1 <?php
   2
   3 /** Constructor */
   4 function wfSpecialResetpass( $par ) {
   5         $form = new PasswordResetForm();
   6         $form->execute( $par );
   7 }
   8
   9 /**
  10  * Let users recover their password.
  11  * @addtogroup SpecialPage
  12  */
  13 class PasswordResetForm extends SpecialPage {
  14         function __construct( $name=null, $reset=null ) {
  15                 if( $name !== null ) {
  16                         $this->mName = $name;
  17                         $this->mTemporaryPassword = $reset;
  18                 } else {
  19                         global $wgRequest;
  20                         $this->mName = $wgRequest->getVal( 'wpName' );
  21                         $this->mTemporaryPassword = $wgRequest->getVal( 'wpPassword' );
  22                 }
  23         }
  24
  25         /**
  26          * Main execution point
  27          */
  28         function execute( $par='' ) {
  29                 global $wgUser, $wgAuth, $wgOut, $wgRequest;
  30
  31                 if( !$wgAuth->allowPasswordChange() ) {
  32                         $this->error( wfMsg( 'resetpass_forbidden' ) );
  33                         return;
  34                 }
  35
  36                 if( $this->mName === null && !$wgRequest->wasPosted() ) {
  37                         $this->error( wfMsg( 'resetpass_missing' ) );
  38                         return;
  39                 }
  40
  41                 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
  42                         $newpass = $wgRequest->getVal( 'wpNewPassword' );
  43                         $retype = $wgRequest->getVal( 'wpRetype' );
  44                         try {
  45                                 $this->attemptReset( $newpass, $retype );
  46                                 $wgOut->addWikiText( wfMsg( 'resetpass_success' ) );
  47
  48                                 $data = array(
  49                                         'action' => 'submitlogin',
  50                                         'wpName' => $this->mName,
  51                                         'wpPassword' => $newpass,
  52                                         'returnto' => $wgRequest->getVal( 'returnto' ),
  53                                 );
  54                                 if( $wgRequest->getCheck( 'wpRemember' ) ) {
  55                                         $data['wpRemember'] = 1;
  56                                 }
  57                                 $login = new LoginForm( new FauxRequest( $data, true ) );
  58                                 $login->execute();
  59
  60                                 return;
  61                         } catch( PasswordError $e ) {
  62                                 $this->error( $e->getMessage() );
  63                         }
  64                 }
  65                 $this->showForm();
  66         }
  67
  68         function error( $msg ) {
  69                 global $wgOut;
  70                 $wgOut->addHtml( '<div class="errorbox">' .
  71                         htmlspecialchars( $msg ) .
  72                         '</div>' );
  73         }
  74
  75         function showForm() {
  76                 global $wgOut, $wgUser, $wgRequest;
  77
  78                 $wgOut->disallowUserJs();
  79
  80                 $self = SpecialPage::getTitleFor( 'Resetpass' );
  81                 $form  =
  82                         '<div id="userloginForm">' .
  83                         wfOpenElement( 'form',
  84                                 array(
  85                                         'method' => 'post',
  86                                         'action' => $self->getLocalUrl() ) ) .
  87                         '<h2>' . wfMsgHtml( 'resetpass_header' ) . '</h2>' .
  88                         '<div id="userloginprompt">' .
  89                         wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
  90                         '</div>' .
  91                         '<table>' .
  92                         wfHidden( 'token', $wgUser->editToken() ) .
  93                         wfHidden( 'wpName', $this->mName ) .
  94                         wfHidden( 'wpPassword', $this->mTemporaryPassword ) .
  95                         wfHidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
  96                         $this->pretty( array(
  97                                 array( 'wpName', 'username', 'text', $this->mName ),
  98                                 array( 'wpNewPassword', 'newpassword', 'password', '' ),
  99                                 array( 'wpRetype', 'yourpasswordagain', 'password', '' ),
 100                         ) ) .
 101                         '<tr>' .
 102                                 '<td></td>' .
 103                                 '<td>' .
 104                                         Xml::checkLabel( wfMsg( 'remembermypassword' ),
 105                                                 'wpRemember', 'wpRemember',
 106                                                 $wgRequest->getCheck( 'wpRemember' ) ) .
 107                                 '</td>' .
 108                         '</tr>' .
 109                         '<tr>' .
 110                                 '<td></td>' .
 111                                 '<td>' .
 112                                         wfSubmitButton( wfMsgHtml( 'resetpass_submit' ) ) .
 113                                 '</td>' .
 114                         '</tr>' .
 115                         '</table>' .
 116                         wfCloseElement( 'form' ) .
 117                         '</div>';
 118                 $wgOut->addHtml( $form );
 119         }
 120
 121         function pretty( $fields ) {
 122                 $out = '';
 123                 foreach( $fields as $list ) {
 124                         list( $name, $label, $type, $value ) = $list;
 125                         if( $type == 'text' ) {
 126                                 $field = '<tt>' . htmlspecialchars( $value ) . '</tt>';
 127                         } else {
 128                                 $field = Xml::input( $name, 20, $value,
 129                                         array( 'id' => $name, 'type' => $type ) );
 130                         }
 131                         $out .= '<tr>';
 132                         $out .= '<td align="right">';
 133                         $out .= Xml::label( wfMsg( $label ), $name );
 134                         $out .= '</td>';
 135                         $out .= '<td>';
 136                         $out .= $field;
 137                         $out .= '</td>';
 138                         $out .= '</tr>';
 139                 }
 140                 return $out;
 141         }
 142
 143         /**
 144          * @throws PasswordError when cannot set the new password because requirements not met.
 145          */
 146         function attemptReset( $newpass, $retype ) {
 147                 $user = User::newFromName( $this->mName );
 148                 if( $user->isAnon() ) {
 149                         throw new PasswordError( 'no such user' );
 150                 }
 151
 152                 if( !$user->checkTemporaryPassword( $this->mTemporaryPassword ) ) {
 153                         throw new PasswordError( wfMsg( 'resetpass_bad_temporary' ) );
 154                 }
 155
 156                 if( $newpass !== $retype ) {
 157                         throw new PasswordError( wfMsg( 'badretype' ) );
 158                 }
 159
 160                 $user->setPassword( $newpass );
 161                 $user->saveSettings();
 162         }
 163 }
 164
 165