includes/SpecialResetpass.php

   1 <?php
   2
   3 /** Constructor */
   4 function wfSpecialResetpass( $par ) {
   5         $form = new PasswordResetForm();
   6         $form->execute( $par );
   7 }
   8
   9 /**
  10  * Let users recover their password.
  11  * @addtogroup SpecialPage
  12  */
  13 class PasswordResetForm extends SpecialPage {
  14         function __construct( $name=null, $reset=null ) {
  15                 if( $name !== null ) {
  16                         $this->mName = $name;
  17                         $this->mTemporaryPassword = $reset;
  18                 } else {
  19                         global $wgRequest;
  20                         $this->mName = $wgRequest->getVal( 'wpName' );
  21                         $this->mTemporaryPassword = $wgRequest->getVal( 'wpPassword' );
  22                 }
  23         }
  24
  25         /**
  26          * Main execution point
  27          */
  28         function execute( $par='' ) {
  29                 global $wgUser, $wgAuth, $wgOut, $wgRequest;
  30
  31                 if( !$wgAuth->allowPasswordChange() ) {
  32                         $this->error( wfMsg( 'resetpass_forbidden' ) );
  33                         return;
  34                 }
  35
  36                 if( $this->mName === null && !$wgRequest->wasPosted() ) {
  37                         $this->error( wfMsg( 'resetpass_missing' ) );
  38                         return;
  39                 }
  40
  41                 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
  42                         $newpass = $wgRequest->getVal( 'wpNewPassword' );
  43                         $retype = $wgRequest->getVal( 'wpRetype' );
  44                         try {
  45                                 $this->attemptReset( $newpass, $retype );
  46                                 $wgOut->addWikiText( wfMsg( 'resetpass_success' ) );
  47
  48                                 $data = array(
  49                                         'action' => 'submitlogin',
  50                                         'wpName' => $this->mName,
  51                                         'wpPassword' => $newpass,
  52                                         'returnto' => $wgRequest->getVal( 'returnto' ),
  53                                 );
  54                                 if( $wgRequest->getCheck( 'wpRemember' ) ) {
  55                                         $data['wpRemember'] = 1;
  56                                 }
  57                                 $login = new LoginForm( new FauxRequest( $data, true ) );
  58                                 $login->execute();
  59
  60                                 return;
  61                         } catch( PasswordError $e ) {
  62                                 $this->error( $e->getMessage() );
  63                         }
  64                 }
  65                 $this->showForm();
  66         }
  67
  68         function error( $msg ) {
  69                 global $wgOut;
  70                 $wgOut->addHtml( '<div class="errorbox">' .
  71                         htmlspecialchars( $msg ) .
  72                         '</div>' );
  73         }
  74
  75         function showForm() {
  76                 global $wgOut, $wgUser, $wgRequest;
  77
  78                 $self = SpecialPage::getTitleFor( 'Resetpass' );
  79                 $form  =
  80                         '<div id="userloginForm">' .
  81                         wfOpenElement( 'form',
  82                                 array(
  83                                         'method' => 'post',
  84                                         'action' => $self->getLocalUrl() ) ) .
  85                         '<h2>' . wfMsgHtml( 'resetpass_header' ) . '</h2>' .
  86                         '<div id="userloginprompt">' .
  87                         wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
  88                         '</div>' .
  89                         '<table>' .
  90                         wfHidden( 'token', $wgUser->editToken() ) .
  91                         wfHidden( 'wpName', $this->mName ) .
  92                         wfHidden( 'wpPassword', $this->mTemporaryPassword ) .
  93                         wfHidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
  94                         $this->pretty( array(
  95                                 array( 'wpName', 'username', 'text', $this->mName ),
  96                                 array( 'wpNewPassword', 'newpassword', 'password', '' ),
  97                                 array( 'wpRetype', 'yourpasswordagain', 'password', '' ),
  98                         ) ) .
  99                         '<tr>' .
 100                                 '<td></td>' .
 101                                 '<td>' .
 102                                         Xml::checkLabel( wfMsg( 'remembermypassword' ),
 103                                                 'wpRemember', 'wpRemember',
 104                                                 $wgRequest->getCheck( 'wpRemember' ) ) .
 105                                 '</td>' .
 106                         '</tr>' .
 107                         '<tr>' .
 108                                 '<td></td>' .
 109                                 '<td>' .
 110                                         wfSubmitButton( wfMsgHtml( 'resetpass_submit' ) ) .
 111                                 '</td>' .
 112                         '</tr>' .
 113                         '</table>' .
 114                         wfCloseElement( 'form' ) .
 115                         '</div>';
 116                 $wgOut->addHtml( $form );
 117         }
 118
 119         function pretty( $fields ) {
 120                 $out = '';
 121                 foreach( $fields as $list ) {
 122                         list( $name, $label, $type, $value ) = $list;
 123                         if( $type == 'text' ) {
 124                                 $field = '<tt>' . htmlspecialchars( $value ) . '</tt>';
 125                         } else {
 126                                 $field = Xml::input( $name, 20, $value,
 127                                         array( 'id' => $name, 'type' => $type ) );
 128                         }
 129                         $out .= '<tr>';
 130                         $out .= '<td align="right">';
 131                         $out .= Xml::label( wfMsg( $label ), $name );
 132                         $out .= '</td>';
 133                         $out .= '<td>';
 134                         $out .= $field;
 135                         $out .= '</td>';
 136                         $out .= '</tr>';
 137                 }
 138                 return $out;
 139         }
 140
 141         /**
 142          * @throws PasswordError when cannot set the new password because requirements not met.
 143          */
 144         function attemptReset( $newpass, $retype ) {
 145                 $user = User::newFromName( $this->mName );
 146                 if( $user->isAnon() ) {
 147                         throw new PasswordError( 'no such user' );
 148                 }
 149
 150                 if( !$user->checkTemporaryPassword( $this->mTemporaryPassword ) ) {
 151                         throw new PasswordError( wfMsg( 'resetpass_bad_temporary' ) );
 152                 }
 153
 154                 if( $newpass !== $retype ) {
 155                         throw new PasswordError( wfMsg( 'badretype' ) );
 156                 }
 157
 158                 $user->setPassword( $newpass );
 159                 $user->saveSettings();
 160         }
 161 }
 162
 163 ?>