00001 <?php
00011 class SpecialResetpass extends SpecialPage {
00012 public function __construct() {
00013 parent::__construct( 'Resetpass' );
00014 }
00015
00019 function execute( $par ) {
00020 global $wgUser, $wgAuth, $wgOut, $wgRequest;
00021
00022 $this->mUserName = $wgRequest->getVal( 'wpName' );
00023 $this->mOldpass = $wgRequest->getVal( 'wpPassword' );
00024 $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' );
00025 $this->mRetype = $wgRequest->getVal( 'wpRetype' );
00026
00027 $this->setHeaders();
00028 $this->outputHeader();
00029
00030 if( !$wgAuth->allowPasswordChange() ) {
00031 $this->error( wfMsg( 'resetpass_forbidden' ) );
00032 return;
00033 }
00034
00035 if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) {
00036 $this->error( wfMsg( 'resetpass-no-info' ) );
00037 return;
00038 }
00039
00040 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) {
00041 try {
00042 $this->attemptReset( $this->mNewpass, $this->mRetype );
00043 $wgOut->addWikiMsg( 'resetpass_success' );
00044 if( !$wgUser->isLoggedIn() ) {
00045 $data = array(
00046 'action' => 'submitlogin',
00047 'wpName' => $this->mUserName,
00048 'wpPassword' => $this->mNewpass,
00049 'returnto' => $wgRequest->getVal( 'returnto' ),
00050 );
00051 if( $wgRequest->getCheck( 'wpRemember' ) ) {
00052 $data['wpRemember'] = 1;
00053 }
00054 $login = new LoginForm( new FauxRequest( $data, true ) );
00055 $login->execute();
00056 }
00057 $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) );
00058 if ( !$titleObj instanceof Title ) {
00059 $titleObj = Title::newMainPage();
00060 }
00061 $wgOut->redirect( $titleObj->getFullURL() );
00062 } catch( PasswordError $e ) {
00063 $this->error( $e->getMessage() );
00064 }
00065 }
00066 $this->showForm();
00067 }
00068
00069 function error( $msg ) {
00070 global $wgOut;
00071 $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );
00072 }
00073
00074 function showForm() {
00075 global $wgOut, $wgUser, $wgRequest;
00076
00077 $wgOut->disallowUserJs();
00078
00079 $self = SpecialPage::getTitleFor( 'Resetpass' );
00080 if ( !$this->mUserName ) {
00081 $this->mUserName = $wgUser->getName();
00082 }
00083 $rememberMe = '';
00084 if ( !$wgUser->isLoggedIn() ) {
00085 $rememberMe = '<tr>' .
00086 '<td></td>' .
00087 '<td class="mw-input">' .
00088 Xml::checkLabel( wfMsg( 'remembermypassword' ),
00089 'wpRemember', 'wpRemember',
00090 $wgRequest->getCheck( 'wpRemember' ) ) .
00091 '</td>' .
00092 '</tr>';
00093 $submitMsg = 'resetpass_submit';
00094 $oldpassMsg = 'resetpass-temp-password';
00095 } else {
00096 $oldpassMsg = 'oldpassword';
00097 $submitMsg = 'resetpass-submit-loggedin';
00098 }
00099 $wgOut->addHTML(
00100 Xml::fieldset( wfMsg( 'resetpass_header' ) ) .
00101 Xml::openElement( 'form',
00102 array(
00103 'method' => 'post',
00104 'action' => $self->getLocalUrl(),
00105 'id' => 'mw-resetpass-form' ) ) .
00106 Xml::hidden( 'token', $wgUser->editToken() ) .
00107 Xml::hidden( 'wpName', $this->mUserName ) .
00108 Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
00109 wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
00110 Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) .
00111 $this->pretty( array(
00112 array( 'wpName', 'username', 'text', $this->mUserName ),
00113 array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ),
00114 array( 'wpNewPassword', 'newpassword', 'password', '' ),
00115 array( 'wpRetype', 'retypenew', 'password', '' ),
00116 ) ) .
00117 $rememberMe .
00118 '<tr>' .
00119 '<td></td>' .
00120 '<td class="mw-input">' .
00121 Xml::submitButton( wfMsg( $submitMsg ) ) .
00122 '</td>' .
00123 '</tr>' .
00124 Xml::closeElement( 'table' ) .
00125 Xml::closeElement( 'form' ) .
00126 Xml::closeElement( 'fieldset' )
00127 );
00128 }
00129
00130 function pretty( $fields ) {
00131 $out = '';
00132 foreach( $fields as $list ) {
00133 list( $name, $label, $type, $value ) = $list;
00134 if( $type == 'text' ) {
00135 $field = htmlspecialchars( $value );
00136 } else {
00137 $field = Xml::input( $name, 20, $value,
00138 array( 'id' => $name, 'type' => $type ) );
00139 }
00140 $out .= '<tr>';
00141 $out .= "<td class='mw-label'>";
00142 if ( $type != 'text' )
00143 $out .= Xml::label( wfMsg( $label ), $name );
00144 else
00145 $out .= wfMsg( $label );
00146 $out .= '</td>';
00147 $out .= "<td class='mw-input'>";
00148 $out .= $field;
00149 $out .= '</td>';
00150 $out .= '</tr>';
00151 }
00152 return $out;
00153 }
00154
00158 protected function attemptReset( $newpass, $retype ) {
00159 $user = User::newFromName( $this->mUserName );
00160 if( !$user || $user->isAnon() ) {
00161 throw new PasswordError( 'no such user' );
00162 }
00163
00164 if( $newpass !== $retype ) {
00165 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) );
00166 throw new PasswordError( wfMsg( 'badretype' ) );
00167 }
00168
00169 if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
00170 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
00171 throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );
00172 }
00173
00174 try {
00175 $user->setPassword( $this->mNewpass );
00176 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) );
00177 $this->mNewpass = $this->mOldpass = $this->mRetypePass = '';
00178 } catch( PasswordError $e ) {
00179 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) );
00180 throw new PasswordError( $e->getMessage() );
00181 return;
00182 }
00183
00184 $user->setCookies();
00185 $user->saveSettings();
00186 }
00187 }