(maintenance/fixDoubleRedirects.php)
* (bug 23315) New body classes to allow easier styling of special pages
* (bug 27159) Make email confirmation code expiration time configurable
-* CSS/JS for each user group is imported from MediaWiki:Sysop.js,
- MediaWiki:Autoconfirmed.css, etc.
=== Bug fixes in 1.18 ===
* (bug 23119) WikiError class and subclasses are now marked as deprecated
'LinksUpdate' => 'includes/LinksUpdate.php',
'LocalisationCache' => 'includes/LocalisationCache.php',
'LocalisationCache_BulkLoad' => 'includes/LocalisationCache.php',
- 'Login' => 'includes/Login.php',
'LogPage' => 'includes/LogPage.php',
'LogPager' => 'includes/LogEventsList.php',
'LogEventsList' => 'includes/LogEventsList.php',
'ResourceLoaderFileModule' => 'includes/resourceloader/ResourceLoaderFileModule.php',
'ResourceLoaderSiteModule' => 'includes/resourceloader/ResourceLoaderSiteModule.php',
'ResourceLoaderUserModule' => 'includes/resourceloader/ResourceLoaderUserModule.php',
- 'ResourceLoaderUserGroupsModule' => 'includes/resourceloader/ResourceLoaderUserGroupsModule.php',
'ResourceLoaderUserOptionsModule' => 'includes/resourceloader/ResourceLoaderUserOptionsModule.php',
'ResourceLoaderStartUpModule' => 'includes/resourceloader/ResourceLoaderStartUpModule.php',
'ReverseChronologicalPager' => 'includes/Pager.php',
'AncientPagesPage' => 'includes/specials/SpecialAncientpages.php',
'BrokenRedirectsPage' => 'includes/specials/SpecialBrokenRedirects.php',
'ContribsPager' => 'includes/specials/SpecialContributions.php',
- 'SpecialCreateAccount' => 'includes/specials/SpecialCreateAccount.php',
'DBLockForm' => 'includes/specials/SpecialLockdb.php',
'DBUnlockForm' => 'includes/specials/SpecialUnlockdb.php',
'DeadendPagesPage' => 'includes/specials/SpecialDeadendpages.php',
'UnwatchedpagesPage' => 'includes/specials/SpecialUnwatchedpages.php',
'UploadForm' => 'includes/specials/SpecialUpload.php',
'UploadSourceField' => 'includes/specials/SpecialUpload.php',
- 'SpecialUserlogin' => 'includes/specials/SpecialUserlogin.php',
'UserrightsPage' => 'includes/specials/SpecialUserrights.php',
'UsersPager' => 'includes/specials/SpecialListusers.php',
'WantedCategoriesPage' => 'includes/specials/SpecialWantedcategories.php',
protected $mButtons = array();
protected $mWrapperLegend = false;
- protected $mTokenAction = 'Edit';
/**
* Build a new HTMLForm from an array of field attributes
if ( !$class ) {
throw new MWException( "Descriptor with no class: " . print_r( $descriptor, true ) );
}
-
+
$descriptor['fieldname'] = $fieldname;
$obj = new $class( $descriptor );
/**
* Try submitting, with edit token check first
- * @return Status|boolean
+ * @return Status|boolean
*/
function tryAuthorizedSubmit() {
global $wgUser, $wgRequest;
$editToken = $wgRequest->getVal( 'wpEditToken' );
$result = false;
- # FIXME
- if ( $wgRequest->wasPosted() ){#&& $this->getMethod() != 'post' || $wgUser->matchEditToken( $editToken ) ) {
+ if ( $this->getMethod() != 'post' || $wgUser->matchEditToken( $editToken ) ) {
$result = $this->trySubmit();
}
return $result;
* display.
*/
function trySubmit() {
- # Check the session tokens
- # FIXME
- if ( false && !Token::match( null, $this->mTokenAction ) ) {
- return array( 'sessionfailure' );
- }
# Check for validation
foreach ( $this->mFlatFields as $fieldname => $field ) {
if ( !empty( $field->mParams['nodata'] ) ) {
global $wgUser;
$html = '';
+
if( $this->getMethod() == 'post' ){
- # FIXME
- $token = new Token( $this->mTokenAction );
- $html .= Html::hidden(
- "wp{$this->mTokenAction}Token",
- $token->set(),
- array( 'id' => 'wpEditToken' )
- ) . "\n";
+ $html .= Html::hidden( 'wpEditToken', $wgUser->editToken(), array( 'id' => 'wpEditToken' ) ) . "\n";
$html .= Html::hidden( 'title', $this->getTitle()->getPrefixedText() ) . "\n";
}
$this->mSubmitTooltip = $name;
}
-
/**
* Set the id for the submit button.
* @param $t String. FIXME: Integrity is *not* validated
function setMessagePrefix( $p ) {
$this->mMessagePrefix = $p;
}
- /**
- * If you want to protect the form from CSRF by a token other than
- * the usual wsEditToken, set something here.
- * @see Token::set()
- * @param $a
- */
- function setTokenAction( $a ){
- $this->mTokenAction = ucfirst( $a );
- }
/**
* Set the title for form submission
function getTitle() {
return $this->mTitle;
}
-
+
/**
* Set the method used to submit the form
* @param $method String
public function setMethod( $method='post' ){
$this->mMethod = $method;
}
-
+
public function getMethod(){
return $this->mMethod;
}
if ( isset( $params['name'] ) ) {
$this->mName = $params['name'];
}
-
+
$validName = Sanitizer::escapeId( $this->mName );
if ( $this->mName != $validName && !isset( $params['nodata'] ) ) {
throw new MWException( "Invalid name '{$this->mName}' passed to " . __METHOD__ );
}
-
+
$this->mID = "mw-input-{$this->mName}";
if ( isset( $params['default'] ) ) {
global $wgRequest;
$errors = $this->validate( $value, $this->mParent->mFieldData );
-
+
$cellAttributes = array();
$verticalLabel = false;
-
+
if ( !empty($this->mParams['vertical-label']) ) {
$cellAttributes['colspan'] = 2;
$verticalLabel = true;
array( 'class' => 'mw-input' ) + $cellAttributes,
$this->getInputHTML( $value ) . "\n$errors"
);
-
+
$fieldType = get_class( $this );
-
+
if ($verticalLabel) {
$html = Html::rawElement( 'tr',
array( 'class' => 'mw-htmlform-vertical-label' ), $label );
if ( $p !== true ) {
return $p;
}
-
+
$value = trim( $value );
# http://dev.w3.org/html5/spec/common-microsyntaxes.html#real-numbers
- # with the addition that a leading '+' sign is ok.
+ # with the addition that a leading '+' sign is ok.
if ( !preg_match( '/^((\+|\-)?\d+(\.\d+)?(E(\+|\-)?\d+)?)?$/i', $value ) ) {
return wfMsgExt( 'htmlform-float-invalid', 'parse' );
}
}
# http://dev.w3.org/html5/spec/common-microsyntaxes.html#signed-integers
- # with the addition that a leading '+' sign is ok. Note that leading zeros
- # are fine, and will be left in the input, which is useful for things like
+ # with the addition that a leading '+' sign is ok. Note that leading zeros
+ # are fine, and will be left in the input, which is useful for things like
# phone numbers when you know that they are integers (the HTML5 type=tel
# input does not require its value to be numeric). If you want a tidier
# value to, eg, save in the DB, clean it up with intval().
} else {
$thisAttribs = array( 'id' => "{$this->mID}-$info", 'value' => $info );
- $checkbox = Xml::check(
- $this->mName . '[]',
+ $checkbox = Xml::check(
+ $this->mName . '[]',
in_array( $info, $value, true ),
$attribs + $thisAttribs );
$checkbox .= ' ' . Html::rawElement( 'label', array( 'for' => "{$this->mID}-$info" ), $label );
class HTMLHiddenField extends HTMLFormField {
public function __construct( $params ) {
parent::__construct( $params );
-
+
# Per HTML5 spec, hidden fields cannot be 'required'
# http://dev.w3.org/html5/spec/states-of-the-type-attribute.html#hidden-state
unset( $this->mParams['required'] );
protected function needsLabel() {
return false;
}
-
+
/**
* Button cannot be invalid
*/
// Legacy Scripts
$scripts .= "\n" . $this->mScripts;
- $userScripts = array( 'user.options' );
-
// Add site JS if enabled
if ( $wgUseSiteJs ) {
$scripts .= $this->makeResourceLoaderLink( $sk, 'site', ResourceLoaderModule::TYPE_SCRIPTS );
- if( $wgUser->isLoggedIn() ){
- $userScripts[] = 'user.groups';
- }
}
- // Add user JS if enabled
+ // Add user JS if enabled - trying to load user.options as a bundle if possible
+ $userOptionsAdded = false;
if ( $wgAllowUserJs && $wgUser->isLoggedIn() ) {
$action = $wgRequest->getVal( 'action', 'view' );
if( $this->mTitle && $this->mTitle->isJsSubpage() && $sk->userCanPreview( $action ) ) {
# XXX: additional security check/prompt?
$scripts .= Html::inlineScript( "\n" . $wgRequest->getText( 'wpTextbox1' ) . "\n" ) . "\n";
} else {
- # FIXME: this means that User:Me/Common.js doesn't load when previewing
- # User:Me/Vector.js, and vice versa (bug26283)
- $userScripts[] = 'user';
+ $scripts .= $this->makeResourceLoaderLink(
+ $sk, array( 'user', 'user.options' ), ResourceLoaderModule::TYPE_SCRIPTS
+ );
+ $userOptionsAdded = true;
}
}
- $scripts .= $this->makeResourceLoaderLink( $sk, $userScripts, ResourceLoaderModule::TYPE_SCRIPTS );
+ if ( !$userOptionsAdded ) {
+ $scripts .= $this->makeResourceLoaderLink( $sk, 'user.options', ResourceLoaderModule::TYPE_SCRIPTS );
+ }
return $scripts;
}
* @private
*/
function setupUserCss( OutputPage $out ) {
- global $wgRequest, $wgUser;
+ global $wgRequest;
global $wgUseSiteCss, $wgAllowUserCss, $wgAllowUserCssPrefs;
wfProfileIn( __METHOD__ );
// Per-site custom styles
if ( $wgUseSiteCss ) {
$out->addModuleStyles( 'site' );
- if( $wgUser->isLoggedIn() ){
- $out->addModuleStyles( 'user.groups' );
- }
}
// Per-user custom styles
* @file
*/
+/**
+ * Int Number of characters in user_token field.
+ * @ingroup Constants
+ */
+define( 'USER_TOKEN_LENGTH', 32 );
+
/**
* Int Serialized record version.
* @ingroup Constants
* of the database.
*/
class User {
+ /**
+ * Global constants made accessible as class constants so that autoloader
+ * magic can be used.
+ */
+ const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
+ const MW_USER_VERSION = MW_USER_VERSION;
+ const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
/**
* Array of Strings List of member variables which are saved to the
/**
* Create a new user object from a user row.
* The row should have all fields from the user table in it.
- * @param $row array A row from the user table
+ * @param $row Array A row from the user table
* @return User
*/
static function newFromRow( $row ) {
if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
return $result;
-
if ( $result === false ) {
if( strlen( $password ) < $wgMinimalPasswordLength ) {
return 'passwordtooshort';
// Deprecated, but kept for backwards-compatibility config
return false;
}
-
-
-
if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
// No other good way currently to disable rate limits
// for specific IPs. :P
}
if( !$this->isValidPassword( $str ) ) {
- global $wgMinimalPasswordLength;
+ global $wgMinimalPasswordLength;
$valid = $this->getPasswordValidity( $str );
if ( is_array( $valid ) ) {
$message = array_shift( $valid );
$params = array( $wgMinimalPasswordLength );
}
throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
- }
+ }
}
if( !$wgAuth->setPassword( $this, $str ) ) {
}
/**
-
* Check if user is allowed to access a feature / make an action
* @param $action String action to be checked
* @return Boolean: True if action is allowed, else false
'user_newpassword' => $this->mNewpassword,
'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
'user_real_name' => $this->mRealName,
- 'user_email' => $this->mEmail,
- 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
+ 'user_email' => $this->mEmail,
+ 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
'user_options' => '',
'user_touched' => $dbw->timestamp( $this->mTouched ),
'user_token' => $this->mToken,
}
$dbw = wfGetDB( DB_MASTER );
$seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
+
$fields = array(
'user_id' => $seqVal,
'user_name' => $name,
// are shorter than this, doesn't mean people wont be able
// to. Certain authentication plugins do NOT want to save
// domain passwords in a mysql database, so we should
- // check this (incase $wgAuth->strict() is false).
+ // check this (in case $wgAuth->strict() is false).
if( !$this->isValidPassword( $password ) ) {
return false;
}
return EDIT_TOKEN_SUFFIX;
} else {
if( !isset( $_SESSION['wsEditToken'] ) ) {
- $token = $this->generateToken();
+ $token = self::generateToken();
$_SESSION['wsEditToken'] = $token;
} else {
$token = $_SESSION['wsEditToken'];
* @param $salt String Optional salt value
* @return String The new random token
*/
- function generateToken( $salt = '' ) {
+ public static function generateToken( $salt = '' ) {
$token = dechex( mt_rand() ) . dechex( mt_rand() );
return md5( $token . $salt );
}
$now = time();
$expires = $now + $wgUserEmailConfirmationTokenExpiry;
$expiration = wfTimestamp( TS_MW, $expires );
- $token = wfGenerateToken( $this->mId . $this->mEmail . $expires );
+ $token = self::generateToken( $this->mId . $this->mEmail . $expires );
$hash = md5( $token );
$this->load();
$this->mEmailToken = $hash;
* Get the timestamp of account creation.
*
* @return String|Bool Timestamp of account creation, or false for
- * non-existent/anonymous user accounts.
+ * non-existent/anonymous user accounts.
*/
public function getRegistration() {
return $this->getId() > 0
* Get the timestamp of the first edit
*
* @return String|Bool Timestamp of first edit, or false for
- * non-existent/anonymous user accounts.
+ * non-existent/anonymous user accounts.
*/
public function getFirstEditTimestamp() {
if( $this->getId() == 0 ) {
*
* @param $group String: the group to check for whether it can add/remove
* @return Array array( 'add' => array( addablegroups ),
- * 'remove' => array( removablegroups ),
- * 'add-self' => array( addablegroups to self),
- * 'remove-self' => array( removable groups from self) )
+ * 'remove' => array( removablegroups ),
+ * 'add-self' => array( addablegroups to self),
+ * 'remove-self' => array( removable groups from self) )
*/
static function changeableByGroup( $group ) {
global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
* @param $byEmail Boolean: account made by email?
* @param $reason String: user supplied reason
*/
- public function addNewUserLogEntry( $creator, $byEmail = false ) {
- global $wgUser, $wgNewUserLog;
+ public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
+ global $wgUser, $wgContLang, $wgNewUserLog;
if( empty( $wgNewUserLog ) ) {
return true; // disabled
}
- $action = ( $creator == $wgUser )
- ? 'create2' # Safe to publish the creator
- : 'create'; # Creator is an IP, don't splash it all over Special:Log
-
- $message = $byEmail
- ? wfMsgForContent( 'newuserlog-byemail' )
- : '';
-
+ if( $this->getName() == $wgUser->getName() ) {
+ $action = 'create';
+ } else {
+ $action = 'create2';
+ if ( $byEmail ) {
+ if ( $reason === '' ) {
+ $reason = wfMsgForContent( 'newuserlog-byemail' );
+ } else {
+ $reason = $wgContLang->commaList( array(
+ $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
+ }
+ }
+ }
$log = new LogPage( 'newusers' );
$log->addEntry(
$action,
$this->getUserPage(),
- $message,
- array( $this->getId() ),
- $creator
+ $reason,
+ array( $this->getId() )
);
return true;
}
* Used by things like CentralAuth and perhaps other authplugins.
*/
public function addNewUserLogEntryAutoCreate() {
- global $wgNewUserLog;
- if( empty( $wgNewUserLog ) ) {
+ global $wgNewUserLog, $wgLogAutocreatedAccounts;
+ if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
return true; // disabled
}
$log = new LogPage( 'newusers', false );
- $log->addEntry(
- 'autocreate',
- $this->getUserPage(),
- '',
- array( $this->getId() ),
- $this->getId()
- );
+ $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
return true;
}
+++ /dev/null
-<?php
-/**
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @author Trevor Parscal
- * @author Roan Kattouw
- */
-
-/**
- * Module for user customizations
- */
-class ResourceLoaderUserGroupsModule extends ResourceLoaderWikiModule {
-
- /* Protected Methods */
- protected $origin = self::ORIGIN_USER_SITEWIDE;
-
- protected function getPages( ResourceLoaderContext $context ) {
- if ( $context->getUser() ) {
- $user = User::newFromName( $context->getUser() );
- if( $user instanceof User ){
- $pages = array();
- foreach( $user->getEffectiveGroups() as $group ){
- if( in_array( $group, array( '*', 'user' ) ) ){
- continue;
- }
- $g = ucfirst( $group );
- $pages["MediaWiki:$g.js"] = array( 'type' => 'script' );
- $pages["MediaWiki:$g.css"] = array( 'type' => 'style' );
- }
- return $pages;
- }
- }
- return array();
- }
-
- /* Methods */
-
- public function getGroup() {
- return 'user';
- }
-
- public function getFlip( $context ) {
- global $wgContLang;
-
- return $wgContLang->getDir() !== $context->getDirection();
- }
-}
* @ingroup SpecialPage
*/
class SpecialResetpass extends SpecialPage {
-
- public $mFormFields = array(
- 'NameInfo' => array(
- 'type' => 'info',
- 'label-message' => 'yourname',
- 'default' => '',
- ),
- 'Name' => array(
- 'type' => 'hidden',
- 'name' => 'wpName',
- 'default' => null,
- ),
- 'OldPassword' => array(
- 'type' => 'password',
- 'label-message' => 'oldpassword',
- 'size' => '20',
- 'id' => 'wpPassword',
- 'required' => '',
- ),
- 'NewPassword' => array(
- 'type' => 'password',
- 'label-message' => 'newpassword',
- 'size' => '20',
- 'id' => 'wpNewPassword',
- 'required' => '',
- ),
- 'Retype' => array(
- 'type' => 'password',
- 'label-message' => 'retypenew',
- 'size' => '20',
- 'id' => 'wpRetype',
- 'required' => '',
- ),
- 'Remember' => array(
- 'type' => 'check',
- 'id' => 'wpRemember',
- ),
- );
-
- protected $mUsername;
- protected $mLogin;
-
public function __construct() {
- global $wgRequest, $wgUser, $wgLang, $wgCookieExpiration;
-
parent::__construct( 'Resetpass' );
- $this->mFormFields['Retype']['validation-callback'] = array( 'SpecialCreateAccount', 'formValidateRetype' );
-
- $this->mUsername = $wgRequest->getVal( 'wpName', $wgUser->getName() );
- $this->mReturnTo = $wgRequest->getVal( 'returnto' );
- $this->mReturnToQuery = $wgRequest->getVal( 'returntoquery' );
-
- $this->mFormFields['Remember']['label'] = wfMsgExt(
- 'remembermypassword',
- 'parseinline',
- $wgLang->formatNum( ceil( $wgCookieExpiration / 86400 ) )
- );
}
/**
* Main execution point
*/
- public function execute( $par ) {
+ function execute( $par ) {
global $wgUser, $wgAuth, $wgOut, $wgRequest;
if ( wfReadOnly() ) {
return;
}
+ $this->mUserName = $wgRequest->getVal( 'wpName' );
+ $this->mOldpass = $wgRequest->getVal( 'wpPassword' );
+ $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' );
+ $this->mRetype = $wgRequest->getVal( 'wpRetype' );
+ $this->mDomain = $wgRequest->getVal( 'wpDomain' );
+
$this->setHeaders();
$this->outputHeader();
$wgOut->disallowUserJs();
- if( wfReadOnly() ){
- $wgOut->readOnlyPage();
- return false;
- }
- if( !$wgAuth->allowPasswordChange() ) {
- $wgOut->showErrorPage( 'errorpagetitle', 'resetpass_forbidden' );
- return false;
- }
-
if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) {
- $wgOut->showErrorPage( 'errorpagetitle', 'resetpass-no-info' );
- return false;
+ $this->error( wfMsg( 'resetpass-no-info' ) );
+ return;
}
- $this->getForm()->show();
-
- }
-
- public function formSubmitCallback( $data ){
- $data['Password'] = $data['OldPassword'];
- $this->mLogin = new Login( $data );
- $result = $this->attemptReset( $data );
+ if( $wgRequest->wasPosted() && $wgRequest->getBool( 'wpCancel' ) ) {
+ $this->doReturnTo();
+ return;
+ }
- if( $result === true ){
- # Log the user in if they're not already (ie we're
- # coming from the e-mail-password-reset route
- global $wgUser;
- if( !$wgUser->isLoggedIn() ) {
- $this->mLogin->attemptLogin( $data['NewPassword'] );
- # Redirect out to the appropriate target.
- SpecialUserlogin::successfulLogin(
- 'resetpass_success',
- $this->mReturnTo,
- $this->mReturnToQuery,
- $this->mLogin->mLoginResult
- );
- } else {
- # Redirect out to the appropriate target.
- SpecialUserlogin::successfulLogin(
- 'resetpass_success',
- $this->mReturnTo,
- $this->mReturnToQuery
- );
+ if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
+ try {
+ $wgAuth->setDomain( $this->mDomain );
+ if( !$wgAuth->allowPasswordChange() ) {
+ $this->error( wfMsg( 'resetpass_forbidden' ) );
+ return;
+ }
+
+ $this->attemptReset( $this->mNewpass, $this->mRetype );
+ $wgOut->addWikiMsg( 'resetpass_success' );
+ if( !$wgUser->isLoggedIn() ) {
+ LoginForm::setLoginToken();
+ $token = LoginForm::getLoginToken();
+ $data = array(
+ 'action' => 'submitlogin',
+ 'wpName' => $this->mUserName,
+ 'wpDomain' => $this->mDomain,
+ 'wpLoginToken' => $token,
+ 'wpPassword' => $this->mNewpass,
+ 'returnto' => $wgRequest->getVal( 'returnto' ),
+ );
+ if( $wgRequest->getCheck( 'wpRemember' ) ) {
+ $data['wpRemember'] = 1;
+ }
+ $login = new LoginForm( new FauxRequest( $data, true ) );
+ $login->execute( null );
+ }
+ $this->doReturnTo();
+ } catch( PasswordError $e ) {
+ $this->error( $e->getMessage() );
}
- return true;
- } else {
- return $result;
}
+ $this->showForm();
+ }
+
+ function doReturnTo() {
+ global $wgRequest, $wgOut;
+ $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) );
+ if ( !$titleObj instanceof Title ) {
+ $titleObj = Title::newMainPage();
+ }
+ $wgOut->redirect( $titleObj->getFullURL() );
+ }
+
+ function error( $msg ) {
+ global $wgOut;
+ $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );
}
- public function getForm( $reset=false ) {
- global $wgOut, $wgUser, $wgRequest;
+ function showForm() {
+ global $wgOut, $wgUser, $wgRequest, $wgLivePasswordStrengthChecks;
- if( $reset || $wgRequest->getCheck( 'reset' ) ){
- # Request is coming from Special:UserLogin after it
- # authenticated someone with a temporary password.
- $this->mFormFields['OldPassword']['label-message'] = 'resetpass-temp-password';
+ if ( $wgLivePasswordStrengthChecks ) {
+ $wgOut->addPasswordSecurity( 'wpNewPassword', 'wpRetype' );
+ }
+ $self = $this->getTitle();
+ if ( !$this->mUserName ) {
+ $this->mUserName = $wgUser->getName();
+ }
+ $rememberMe = '';
+ if ( !$wgUser->isLoggedIn() ) {
+ global $wgCookieExpiration, $wgLang;
+ $rememberMe = '<tr>' .
+ '<td></td>' .
+ '<td class="mw-input">' .
+ Xml::checkLabel(
+ wfMsgExt( 'remembermypassword', 'parsemag', $wgLang->formatNum( ceil( $wgCookieExpiration / ( 3600 * 24 ) ) ) ),
+ 'wpRemember', 'wpRemember',
+ $wgRequest->getCheck( 'wpRemember' ) ) .
+ '</td>' .
+ '</tr>';
$submitMsg = 'resetpass_submit';
- $this->mFormFields['OldPassword']['default'] = $wgRequest->getText( 'wpPassword' );
- #perpetuate
- $this->mFormFields['reset'] = array(
- 'type' => 'hidden',
- 'default' => '1',
- );
+ $oldpassMsg = 'resetpass-temp-password';
} else {
- unset( $this->mFormFields['Remember'] );
+ $oldpassMsg = 'oldpassword';
$submitMsg = 'resetpass-submit-loggedin';
}
+ $wgOut->addHTML(
+ Xml::fieldset( wfMsg( 'resetpass_header' ) ) .
+ Xml::openElement( 'form',
+ array(
+ 'method' => 'post',
+ 'action' => $self->getLocalUrl(),
+ 'id' => 'mw-resetpass-form' ) ) . "\n" .
+ Html::hidden( 'token', $wgUser->editToken() ) . "\n" .
+ Html::hidden( 'wpName', $this->mUserName ) . "\n" .
+ Html::hidden( 'wpDomain', $this->mDomain ) . "\n" .
+ Html::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . "\n" .
+ wfMsgExt( 'resetpass_text', array( 'parse' ) ) . "\n" .
+ Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" .
+ $this->pretty( array(
+ array( 'wpName', 'username', 'text', $this->mUserName, '' ),
+ array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass, '' ),
+ array( 'wpNewPassword', 'newpassword', 'password', null, '<div id="password-strength"></div>' ),
+ array( 'wpRetype', 'retypenew', 'password', null, '<div id="password-retype"></div>' ),
+ ) ) . "\n" .
+ $rememberMe .
+ "<tr>\n" .
+ "<td></td>\n" .
+ '<td class="mw-input">' .
+ Xml::submitButton( wfMsg( $submitMsg ) ) .
+ Xml::submitButton( wfMsg( 'resetpass-submit-cancel' ), array( 'name' => 'wpCancel' ) ) .
+ "</td>\n" .
+ "</tr>\n" .
+ Xml::closeElement( 'table' ) .
+ Xml::closeElement( 'form' ) .
+ Xml::closeElement( 'fieldset' ) . "\n"
+ );
+ }
- $this->mFormFields['Name']['default'] =
- $this->mFormFields['NameInfo']['default'] = $this->mUsername;
-
- $form = new HTMLForm( $this->mFormFields, '' );
- $form->suppressReset();
- $form->setSubmitText( wfMsg( $submitMsg ) );
- $form->setTitle( $this->getTitle() );
- $form->addHiddenField( 'returnto', $this->mReturnTo );
- $form->setWrapperLegend( wfMsg( 'resetpass_header' ) );
-
- $form->setSubmitCallback( array( $this, 'formSubmitCallback' ) );
- $form->loadData();
-
- return $form;
+ function pretty( $fields ) {
+ $out = '';
+ foreach ( $fields as $list ) {
+ list( $name, $label, $type, $value, $extra ) = $list;
+ if( $type == 'text' ) {
+ $field = htmlspecialchars( $value );
+ } else {
+ $attribs = array( 'id' => $name );
+ if ( $name == 'wpNewPassword' || $name == 'wpRetype' ) {
+ $attribs = array_merge( $attribs,
+ User::passwordChangeInputAttribs() );
+ }
+ if ( $name == 'wpPassword' ) {
+ $attribs[] = 'autofocus';
+ }
+ $field = Html::input( $name, $value, $type, $attribs );
+ }
+ $out .= "<tr>\n";
+ $out .= "\t<td class='mw-label'>";
+ if ( $type != 'text' )
+ $out .= Xml::label( wfMsg( $label ), $name );
+ else
+ $out .= wfMsgHtml( $label );
+ $out .= "</td>\n";
+ $out .= "\t<td class='mw-input'>$field</td>\n";
+ $out .= "\t<td>$extra</td>\n";
+ $out .= "</tr>";
+ }
+ return $out;
}
/**
- * Try to reset the user's password
+ * @throws PasswordError when cannot set the new password because requirements not met.
*/
- protected function attemptReset( $data ) {
-
- if( !$data['Name']
- || !$data['OldPassword']
- || !$data['NewPassword']
- || !$data['Retype'] )
- {
- return false;
+ protected function attemptReset( $newpass, $retype ) {
+ $user = User::newFromName( $this->mUserName );
+ if( !$user || $user->isAnon() ) {
+ throw new PasswordError( 'no such user' );
}
-
- $user = $this->mLogin->getUser();
- if( !( $user instanceof User ) ){
- return wfMsgExt( 'nosuchuser', 'parse' );
+
+ if( $newpass !== $retype ) {
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) );
+ throw new PasswordError( wfMsg( 'badretype' ) );
}
- if( $data['NewPassword'] !== $data['Retype'] ) {
- wfRunHooks( 'PrefsPasswordAudit', array( $user, $data['NewPassword'], 'badretype' ) );
- return wfMsgExt( 'badretype', 'parse' );
+ if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
+ throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );
}
-
- if( !$user->checkPassword( $data['OldPassword'] ) && !$user->checkTemporaryPassword( $data['OldPassword'] ) )
- {
- wfRunHooks( 'PrefsPasswordAudit', array( $user, $data['NewPassword'], 'wrongpassword' ) );
- return wfMsgExt( 'resetpass-wrong-oldpass', 'parse' );
- }
-
+
try {
- $user->setPassword( $data['NewPassword'] );
- wfRunHooks( 'PrefsPasswordAudit', array( $user, $data['NewPassword'], 'success' ) );
+ $user->setPassword( $this->mNewpass );
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) );
+ $this->mNewpass = $this->mOldpass = $this->mRetypePass = '';
} catch( PasswordError $e ) {
- wfRunHooks( 'PrefsPasswordAudit', array( $user, $data['NewPassword'], 'error' ) );
- return $e->getMessage();
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) );
+ throw new PasswordError( $e->getMessage() );
}
-
+
$user->setCookies();
$user->saveSettings();
- return true;
}
}
'startup' => array( 'class' => 'ResourceLoaderStartUpModule' ),
'user' => array( 'class' => 'ResourceLoaderUserModule' ),
'user.options' => array( 'class' => 'ResourceLoaderUserOptionsModule' ),
- 'user.groups' => array( 'class' => 'ResourceLoaderUserGroupsModule' ),
/* Skins */
dépôts / lhc / web / wiklou.git / commitdiff