includes/SpecialResetpass.php

   1 <?php
   2
   3 function wfSpecialResetpass( $par ) {
   4         $form = new PasswordResetForm();
   5         $form->execute( $par );
   6 }
   7
   8 class PasswordResetForm extends SpecialPage {
   9         function __construct( $name=null, $reset=null ) {
  10                 if( $name !== null ) {
  11                         $this->mName = $name;
  12                         $this->mTemporaryPassword = $reset;
  13                 } else {
  14                         global $wgRequest;
  15                         $this->mName = $wgRequest->getVal( 'wpName' );
  16                         $this->mTemporaryPassword = $wgRequest->getVal( 'wpPassword' );
  17                 }
  18         }
  19
  20         /**
  21          * Main execution point
  22          */
  23         function execute( $par='' ) {
  24                 global $wgUser, $wgAuth, $wgOut, $wgRequest;
  25
  26                 if( !$wgAuth->allowPasswordChange() ) {
  27                         $this->error( wfMsg( 'resetpass_forbidden' ) );
  28                         return;
  29                 }
  30
  31                 if( $this->mName === null && !$wgRequest->wasPosted() ) {
  32                         $this->error( wfMsg( 'resetpass_missing' ) );
  33                         return;
  34                 }
  35
  36                 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
  37                         $newpass = $wgRequest->getVal( 'wpNewPassword' );
  38                         $retype = $wgRequest->getVal( 'wpRetype' );
  39                         try {
  40                                 $this->attemptReset( $newpass, $retype );
  41                                 $wgOut->addWikiText( wfMsg( 'resetpass_success' ) );
  42
  43                                 $data = array(
  44                                         'action' => 'submitlogin',
  45                                         'wpName' => $this->mName,
  46                                         'wpPassword' => $newpass,
  47                                         'returnto' => $wgRequest->getVal( 'returnto' ),
  48                                 );
  49                                 if( $wgRequest->getCheck( 'wpRemember' ) ) {
  50                                         $data['wpRemember'] = 1;
  51                                 }
  52                                 $login = new LoginForm( new FauxRequest( $data, true ) );
  53                                 $login->execute();
  54
  55                                 return;
  56                         } catch( PasswordError $e ) {
  57                                 $this->error( $e->getMessage() );
  58                         }
  59                 }
  60                 $this->showForm();
  61         }
  62
  63         function error( $msg ) {
  64                 global $wgOut;
  65                 $wgOut->addHtml( '<div class="errorbox">' .
  66                         htmlspecialchars( $msg ) .
  67                         '</div>' );
  68         }
  69
  70         function showForm() {
  71                 global $wgOut, $wgUser, $wgRequest;
  72
  73                 $self = SpecialPage::getTitleFor( 'Resetpass' );
  74                 $form  =
  75                         '<div id="userloginForm">' .
  76                         wfOpenElement( 'form',
  77                                 array(
  78                                         'method' => 'post',
  79                                         'action' => $self->getLocalUrl() ) ) .
  80                         '<h2>' . wfMsgHtml( 'resetpass_header' ) . '</h2>' .
  81                         '<div id="userloginprompt">' .
  82                         wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
  83                         '</div>' .
  84                         '<table>' .
  85                         wfHidden( 'token', $wgUser->editToken() ) .
  86                         wfHidden( 'wpName', $this->mName ) .
  87                         wfHidden( 'wpPassword', $this->mTemporaryPassword ) .
  88                         wfHidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
  89                         $this->pretty( array(
  90                                 array( 'wpName', 'username', 'text', $this->mName ),
  91                                 array( 'wpNewPassword', 'newpassword', 'password', '' ),
  92                                 array( 'wpRetype', 'yourpasswordagain', 'password', '' ),
  93                         ) ) .
  94                         '<tr>' .
  95                                 '<td></td>' .
  96                                 '<td>' .
  97                                         Xml::checkLabel( wfMsg( 'remembermypassword' ),
  98                                                 'wpRemember', 'wpRemember',
  99                                                 $wgRequest->getCheck( 'wpRemember' ) ) .
 100                                 '</td>' .
 101                         '</tr>' .
 102                         '<tr>' .
 103                                 '<td></td>' .
 104                                 '<td>' .
 105                                         wfSubmitButton( wfMsgHtml( 'resetpass_submit' ) ) .
 106                                 '</td>' .
 107                         '</tr>' .
 108                         '</table>' .
 109                         wfCloseElement( 'form' ) .
 110                         '</div>';
 111                 $wgOut->addHtml( $form );
 112         }
 113
 114         function pretty( $fields ) {
 115                 $out = '';
 116                 foreach( $fields as $list ) {
 117                         list( $name, $label, $type, $value ) = $list;
 118                         if( $type == 'text' ) {
 119                                 $field = '<tt>' . htmlspecialchars( $value ) . '</tt>';
 120                         } else {
 121                                 $field = Xml::input( $name, 20, $value,
 122                                         array( 'id' => $name, 'type' => $type ) );
 123                         }
 124                         $out .= '<tr>';
 125                         $out .= '<td align="right">';
 126                         $out .= Xml::label( wfMsg( $label ), $name );
 127                         $out .= '</td>';
 128                         $out .= '<td>';
 129                         $out .= $field;
 130                         $out .= '</td>';
 131                         $out .= '</tr>';
 132                 }
 133                 return $out;
 134         }
 135
 136         /**
 137          * @throws PasswordError
 138          */
 139         function attemptReset( $newpass, $retype ) {
 140                 $user = User::newFromName( $this->mName );
 141                 if( $user->isAnon() ) {
 142                         throw new PasswordError( 'no such user' );
 143                 }
 144
 145                 if( !$user->checkTemporaryPassword( $this->mTemporaryPassword ) ) {
 146                         throw new PasswordError( wfMsg( 'resetpass_bad_temporary' ) );
 147                 }
 148
 149                 if( $newpass !== $retype ) {
 150                         throw new PasswordError( wfMsg( 'badretype' ) );
 151                 }
 152
 153                 $user->setPassword( $newpass );
 154                 $user->saveSettings();
 155         }
 156 }
 157
 158 ?>