Add script to reset user emails

Current way to do it, via eval.php, is slightly scary.

Change-Id: I2b875326a0eb1e6d1f4bc758b8ac97b8f9324c4e

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index c5356c1..a79a7b2 100644 (file)
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -305,6 +305,8 @@ changes to languages because of Phabricator reports.
   together but instead pick the final one, similar to image syntax.
 * XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
   rather than consume everything until the end of the page.
+* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
+  a user forgot password/account was stolen.
 
 == Compatibility ==
 

diff --git a/maintenance/resetUserEmail.php b/maintenance/resetUserEmail.php
new file mode 100644 (file)
index 0000000..50f0965
--- /dev/null
+++ b/maintenance/resetUserEmail.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * Reset user email.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup Maintenance
+ */
+
+require_once __DIR__ . '/Maintenance.php';
+
+/**
+ * Maintenance script that resets user email.
+ *
+ * @since 1.27
+ * @ingroup Maintenance
+ */
+class ResetUserEmail extends Maintenance {
+       public function __construct() {
+               $this->mDescription = "Resets a user's email";
+               $this->addArg( 'user', 'Username or user ID, if starts with #', true );
+               $this->addArg( 'email', 'Email to assign' );
+               parent::__construct();
+       }
+
+       public function execute() {
+               $userName = $this->getArg( 0 );
+               if ( preg_match( '/^#\d+$/', $userName ) ) {
+                       $user = User::newFromId( substr( $userName, 1 ) );
+               } else {
+                       $user = User::newFromName( $userName );
+               }
+               if ( !$user || !$user->getId() || !$user->loadFromId() ) {
+                       $this->error( "Error: user '$userName' does not exist\n", 1 );
+               }
+
+               $email = $this->getArg( 1 );
+               if ( !Sanitizer::validateEmail( $email ) ) {
+                       $this->error( "Error: email '$email' is not valid\n", 1 );
+               }
+
+               // Code from https://wikitech.wikimedia.org/wiki/Password_reset
+               $user->setEmail( $email );
+               $user->setEmailAuthenticationTimestamp( wfTimestampNow() );
+               $user->saveSettings();
+               // Kick whomever is currently controlling the account off
+               $user->setPassword( PasswordFactory::generateRandomPasswordString( 128 ) );
+       }
+}
+
+$maintClass = 'ResetUserEmail';
+require_once RUN_MAINTENANCE_IF_MAIN;