protected $mUserName, $mDomain;
+ // Optional Wikitext Message to show above the password change form
+ protected $mPreTextMessage = null;
+
+ // label for old password input
+ protected $mOldPassMsg = null;
+
public function __construct() {
parent::__construct( 'ChangePassword', 'editmyprivateinfo' );
$this->listed( false );
}
}
+ /**
+ * Set a message at the top of the Change Password form
+ * @since 1.23
+ * @param Message $msg to parse and add to the form header
+ */
+ public function setChangeMessage( Message $msg ) {
+ $this->mPreTextMessage = $msg;
+ }
+
+ /**
+ * Set a message at the top of the Change Password form
+ * @since 1.23
+ * @param string $msg Message label for old/temp password field
+ */
+ public function setOldPasswordMessage( $msg ) {
+ $this->mOldPassMsg = $msg;
+ }
+
protected function getFormFields() {
global $wgCookieExpiration;
$user = $this->getUser();
$request = $this->getRequest();
- $oldpassMsg = $user->isLoggedIn() ? 'oldpassword' : 'resetpass-temp-password';
+ $oldpassMsg = $this->mOldPassMsg;
+ if ( !isset( $oldpassMsg ) ) {
+ $oldpassMsg = $user->isLoggedIn() ? 'oldpassword' : 'resetpass-temp-password';
+ }
$fields = array(
'Name' => array(
);
$form->addButton( 'wpCancel', $this->msg( 'resetpass-submit-cancel' )->text() );
$form->setHeaderText( $this->msg( 'resetpass_text' )->parseAsBlock() );
+ if ( $this->mPreTextMessage instanceof Message ) {
+ $form->addPreText( $this->mPreTextMessage->parseAsBlock() );
+ }
$form->addHiddenFields(
$this->getRequest()->getValues( 'wpName', 'wpDomain', 'returnto', 'returntoquery' ) );
}
);
}
+ // @TODO Make these separate messages, since the message is written for both cases
+ if ( !$user->checkTemporaryPassword( $oldpass ) && !$user->checkPassword( $oldpass ) ) {
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
+ throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
+ }
+
+ // User is resetting their password to their old password
+ if ( $oldpass === $newpass ) {
+ throw new PasswordError( $this->msg( 'resetpass-recycled' )->text() );
+ }
+
+ // Do AbortChangePassword after checking mOldpass, so we don't leak information
+ // by possibly aborting a new password before verifying the old password.
$abortMsg = 'resetpass-abort-generic';
if ( !wfRunHooks( 'AbortChangePassword', array( $user, $oldpass, $newpass, &$abortMsg ) ) ) {
wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) );
throw new PasswordError( $this->msg( $abortMsg )->text() );
}
- if ( !$user->checkTemporaryPassword( $oldpass ) && !$user->checkPassword( $oldpass ) ) {
- wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
- throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
- }
-
// Please reset throttle for successful logins, thanks!
if ( $throttleCount ) {
LoginForm::clearLoginThrottle( $this->mUserName );
// changing the password also modifies the user's token.
$user->setCookies();
}
-
+ $user->resetPasswordExpiration();
$user->saveSettings();
}