dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge fixes to ?preload= from /branches/conrad/ (cf. bug 5210, r62864, r62035)
[lhc/web/wiklou.git] / includes / specials / SpecialResetpass.php
diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php
index 707b941..967d211 100644 (file)
--- a/includes/specials/SpecialResetpass.php
+++ b/includes/specials/SpecialResetpass.php
@@ -4,26 +4,13 @@
  * @ingroup SpecialPage
  */
 
-/** Constructor */
-function wfSpecialResetpass( $par ) {
-       $form = new PasswordResetForm();
-       $form->execute( $par );
-}
-
 /**
  * Let users recover their password.
  * @ingroup SpecialPage
  */
-class PasswordResetForm extends SpecialPage {
-       function __construct( $name=null, $reset=null ) {
-               if( $name !== null ) {
-                       $this->mName = $name;
-                       $this->mTemporaryPassword = $reset;
-               } else {
-                       global $wgRequest;
-                       $this->mName = $wgRequest->getVal( 'wpName' );
-                       $this->mTemporaryPassword = $wgRequest->getVal( 'wpPassword' );
-               }
+class SpecialResetpass extends SpecialPage {
+       public function __construct() {
+               parent::__construct( 'Resetpass' );
        }
 
        /**
@@ -32,48 +19,66 @@ class PasswordResetForm extends SpecialPage {
        function execute( $par ) {
                global $wgUser, $wgAuth, $wgOut, $wgRequest;
 
+               $this->mUserName = $wgRequest->getVal( 'wpName' );
+               $this->mOldpass = $wgRequest->getVal( 'wpPassword' );
+               $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' );
+               $this->mRetype = $wgRequest->getVal( 'wpRetype' );
+               
+               $this->setHeaders();
+               $this->outputHeader();
+
                if( !$wgAuth->allowPasswordChange() ) {
                        $this->error( wfMsg( 'resetpass_forbidden' ) );
                        return;
                }
 
-               if( $this->mName === null && !$wgRequest->wasPosted() ) {
-                       $this->error( wfMsg( 'resetpass_missing' ) );
+               if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) {
+                       $this->error( wfMsg( 'resetpass-no-info' ) );
+                       return;
+               }
+
+               if( $wgRequest->wasPosted() && $wgRequest->getBool( 'wpCancel' ) ) {
+                       $this->doReturnTo();
                        return;
                }
 
-               if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
-                       $newpass = $wgRequest->getVal( 'wpNewPassword' );
-                       $retype = $wgRequest->getVal( 'wpRetype' );
+               if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) {
                        try {
-                               $this->attemptReset( $newpass, $retype );
+                               $this->attemptReset( $this->mNewpass, $this->mRetype );
                                $wgOut->addWikiMsg( 'resetpass_success' );
-
-                               $data = array(
-                                       'action' => 'submitlogin',
-                                       'wpName' => $this->mName,
-                                       'wpPassword' => $newpass,
-                                       'returnto' => $wgRequest->getVal( 'returnto' ),
-                               );
-                               if( $wgRequest->getCheck( 'wpRemember' ) ) {
-                                       $data['wpRemember'] = 1;
+                               if( !$wgUser->isLoggedIn() ) {
+                                       $data = array(
+                                               'action'     => 'submitlogin',
+                                               'wpName'     => $this->mUserName,
+                                               'wpPassword' => $this->mNewpass,
+                                               'returnto'   => $wgRequest->getVal( 'returnto' ),
+                                       );
+                                       if( $wgRequest->getCheck( 'wpRemember' ) ) {
+                                               $data['wpRemember'] = 1;
+                                       }
+                                       $login = new LoginForm( new FauxRequest( $data, true ) );
+                                       $login->execute();
                                }
-                               $login = new LoginForm( new FauxRequest( $data, true ) );
-                               $login->execute();
-
-                               return;
+                               $this->doReturnTo();
                        } catch( PasswordError $e ) {
                                $this->error( $e->getMessage() );
                        }
                }
                $this->showForm();
        }
+       
+       function doReturnTo() {
+               global $wgRequest, $wgOut;
+               $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) );
+               if ( !$titleObj instanceof Title ) {
+                       $titleObj = Title::newMainPage();
+               }
+               $wgOut->redirect( $titleObj->getFullURL() );
+       }
 
        function error( $msg ) {
                global $wgOut;
-               $wgOut->addHtml( '<div class="errorbox">' .
-                       htmlspecialchars( $msg ) .
-                       '</div>' );
+               $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );
        }
 
        function showForm() {
@@ -82,64 +87,85 @@ class PasswordResetForm extends SpecialPage {
                $wgOut->disallowUserJs();
 
                $self = SpecialPage::getTitleFor( 'Resetpass' );
-               $form  =
-                       '<div id="userloginForm">' .
-                       wfOpenElement( 'form',
-                               array(
-                                       'method' => 'post',
-                                       'action' => $self->getLocalUrl() ) ) .
-                       '<h2>' . wfMsgHtml( 'resetpass_header' ) . '</h2>' .
-                       '<div id="userloginprompt">' .
-                       wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
-                       '</div>' .
-                       '<table>' .
-                       wfHidden( 'token', $wgUser->editToken() ) .
-                       wfHidden( 'wpName', $this->mName ) .
-                       wfHidden( 'wpPassword', $this->mTemporaryPassword ) .
-                       wfHidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
-                       $this->pretty( array(
-                               array( 'wpName', 'username', 'text', $this->mName ),
-                               array( 'wpNewPassword', 'newpassword', 'password', '' ),
-                               array( 'wpRetype', 'yourpasswordagain', 'password', '' ),
-                       ) ) .
-                       '<tr>' .
+               if ( !$this->mUserName ) {
+                       $this->mUserName = $wgUser->getName();
+               }
+               $rememberMe = '';
+               if ( !$wgUser->isLoggedIn() ) {
+                       $rememberMe = '<tr>' .
                                '<td></td>' .
-                               '<td>' .
+                               '<td class="mw-input">' .
                                        Xml::checkLabel( wfMsg( 'remembermypassword' ),
                                                'wpRemember', 'wpRemember',
                                                $wgRequest->getCheck( 'wpRemember' ) ) .
                                '</td>' .
-                       '</tr>' .
-                       '<tr>' .
-                               '<td></td>' .
-                               '<td>' .
-                                       wfSubmitButton( wfMsgHtml( 'resetpass_submit' ) ) .
-                               '</td>' .
-                       '</tr>' .
-                       '</table>' .
-                       wfCloseElement( 'form' ) .
-                       '</div>';
-               $wgOut->addHtml( $form );
+                       '</tr>';
+                       $submitMsg = 'resetpass_submit';
+                       $oldpassMsg = 'resetpass-temp-password';
+               } else {
+                       $oldpassMsg = 'oldpassword';
+                       $submitMsg = 'resetpass-submit-loggedin';
+               }
+               $wgOut->addHTML(
+                       Xml::fieldset( wfMsg( 'resetpass_header' ) ) .
+                       Xml::openElement( 'form',
+                               array(
+                                       'method' => 'post',
+                                       'action' => $self->getLocalUrl(),
+                                       'id' => 'mw-resetpass-form' ) ) . "\n" .
+                       Xml::hidden( 'token', $wgUser->editToken() ) . "\n" .
+                       Xml::hidden( 'wpName', $this->mUserName ) . "\n" .
+                       Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . "\n" .
+                       wfMsgExt( 'resetpass_text', array( 'parse' ) ) . "\n" .
+                       Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" .
+                       $this->pretty( array(
+                               array( 'wpName', 'username', 'text', $this->mUserName ),
+                               array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ),
+                               array( 'wpNewPassword', 'newpassword', 'password', null ),
+                               array( 'wpRetype', 'retypenew', 'password', null ),
+                       ) ) . "\n" .
+                       $rememberMe .
+                       "<tr>\n" .
+                               "<td></td>\n" .
+                               '<td class="mw-input">' .
+                                       Xml::submitButton( wfMsg( $submitMsg ) ) .
+                                       Xml::submitButton( wfMsg( 'resetpass-submit-cancel' ), array( 'name' => 'wpCancel' ) ) .
+                               "</td>\n" .
+                       "</tr>\n" .
+                       Xml::closeElement( 'table' ) .
+                       Xml::closeElement( 'form' ) .
+                       Xml::closeElement( 'fieldset' ) . "\n"
+               );
        }
 
        function pretty( $fields ) {
                $out = '';
-               foreach( $fields as $list ) {
+               foreach ( $fields as $list ) {
                        list( $name, $label, $type, $value ) = $list;
                        if( $type == 'text' ) {
-                               $field = '<tt>' . htmlspecialchars( $value ) . '</tt>';
+                               $field = htmlspecialchars( $value );
                        } else {
-                               $field = Xml::input( $name, 20, $value,
-                                       array( 'id' => $name, 'type' => $type ) );
+                               $attribs = array( 'id' => $name );
+                               if ( $name == 'wpNewPassword' || $name == 'wpRetype' ) {
+                                       $attribs = array_merge( $attribs,
+                                               User::passwordChangeInputAttribs() );
+                               }
+                               if ( $name == 'wpPassword' ) {
+                                       $attribs[] = 'autofocus';
+                               }
+                               $field = Html::input( $name, $value, $type, $attribs );
                        }
-                       $out .= '<tr>';
-                       $out .= '<td align="right">';
-                       $out .= Xml::label( wfMsg( $label ), $name );
-                       $out .= '</td>';
-                       $out .= '<td>';
+                       $out .= "<tr>\n";
+                       $out .= "\t<td class='mw-label'>";
+                       if ( $type != 'text' )
+                               $out .= Xml::label( wfMsg( $label ), $name );
+                       else 
+                               $out .=  wfMsgHtml( $label );
+                       $out .= "</td>\n";
+                       $out .= "\t<td class='mw-input'>";
                        $out .= $field;
-                       $out .= '</td>';
-                       $out .= '</tr>';
+                       $out .= "</td>\n";
+                       $out .= "</tr>";
                }
                return $out;
        }
@@ -147,21 +173,33 @@ class PasswordResetForm extends SpecialPage {
        /**
         * @throws PasswordError when cannot set the new password because requirements not met.
         */
-       function attemptReset( $newpass, $retype ) {
-               $user = User::newFromName( $this->mName );
-               if( $user->isAnon() ) {
+       protected function attemptReset( $newpass, $retype ) {
+               $user = User::newFromName( $this->mUserName );
+               if( !$user || $user->isAnon() ) {
                        throw new PasswordError( 'no such user' );
                }
-
-               if( !$user->checkTemporaryPassword( $this->mTemporaryPassword ) ) {
-                       throw new PasswordError( wfMsg( 'resetpass_bad_temporary' ) );
-               }
-
+               
                if( $newpass !== $retype ) {
+                       wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) );
                        throw new PasswordError( wfMsg( 'badretype' ) );
                }
 
-               $user->setPassword( $newpass );
+               if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
+                       wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
+                       throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );
+               }
+               
+               try {
+                       $user->setPassword( $this->mNewpass );
+                       wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) );
+                       $this->mNewpass = $this->mOldpass = $this->mRetypePass = '';
+               } catch( PasswordError $e ) {
+                       wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) );
+                       throw new PasswordError( $e->getMessage() );
+                       return;
+               }
+               
+               $user->setCookies();
                $user->saveSettings();
        }
 }
Wiklou, le Wiki du Wiklou