includes/specials/SpecialResetpass.php

   1 <?php
   2 /**
   3  * @file
   4  * @ingroup SpecialPage
   5  */
   6
   7 /**
   8  * Let users recover their password.
   9  * @ingroup SpecialPage
  10  */
  11 class SpecialResetpass extends SpecialPage {
  12         public function __construct() {
  13                 parent::__construct( 'Resetpass' );
  14         }
  15
  16         /**
  17          * Main execution point
  18          */
  19         function execute( $par ) {
  20                 global $wgUser, $wgAuth, $wgOut, $wgRequest;
  21
  22                 $this->mUserName = $wgRequest->getVal( 'wpName' );
  23                 $this->mOldpass = $wgRequest->getVal( 'wpPassword' );
  24                 $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' );
  25                 $this->mRetype = $wgRequest->getVal( 'wpRetype' );
  26
  27                 $this->setHeaders();
  28                 $this->outputHeader();
  29
  30                 if( !$wgAuth->allowPasswordChange() ) {
  31                         $this->error( wfMsg( 'resetpass_forbidden' ) );
  32                         return;
  33                 }
  34
  35                 if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) {
  36                         $this->error( wfMsg( 'resetpass-no-info' ) );
  37                         return;
  38                 }
  39
  40                 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) {
  41                         try {
  42                                 $this->attemptReset( $this->mNewpass, $this->mRetype );
  43                                 $wgOut->addWikiMsg( 'resetpass_success' );
  44                                 if( !$wgUser->isLoggedIn() ) {
  45                                         $data = array(
  46                                                 'action'     => 'submitlogin',
  47                                                 'wpName'     => $this->mUserName,
  48                                                 'wpPassword' => $this->mNewpass,
  49                                                 'returnto'   => $wgRequest->getVal( 'returnto' ),
  50                                         );
  51                                         if( $wgRequest->getCheck( 'wpRemember' ) ) {
  52                                                 $data['wpRemember'] = 1;
  53                                         }
  54                                         $login = new LoginForm( new FauxRequest( $data, true ) );
  55                                         $login->execute();
  56                                 }
  57                                 $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) );
  58                                 if ( !$titleObj instanceof Title ) {
  59                                         $titleObj = Title::newMainPage();
  60                                 }
  61                                 $wgOut->redirect( $titleObj->getFullURL() );
  62                         } catch( PasswordError $e ) {
  63                                 $this->error( $e->getMessage() );
  64                         }
  65                 }
  66                 $this->showForm();
  67         }
  68
  69         function error( $msg ) {
  70                 global $wgOut;
  71                 $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );
  72         }
  73
  74         function showForm() {
  75                 global $wgOut, $wgUser, $wgRequest;
  76
  77                 $wgOut->disallowUserJs();
  78
  79                 $self = SpecialPage::getTitleFor( 'Resetpass' );
  80                 if ( !$this->mUserName ) {
  81                         $this->mUserName = $wgUser->getName();
  82                 }
  83                 $rememberMe = '';
  84                 if ( !$wgUser->isLoggedIn() ) {
  85                         $rememberMe = '<tr>' .
  86                                 '<td></td>' .
  87                                 '<td class="mw-input">' .
  88                                         Xml::checkLabel( wfMsg( 'remembermypassword' ),
  89                                                 'wpRemember', 'wpRemember',
  90                                                 $wgRequest->getCheck( 'wpRemember' ) ) .
  91                                 '</td>' .
  92                         '</tr>';
  93                         $submitMsg = 'resetpass_submit';
  94                         $oldpassMsg = 'resetpass-temp-password';
  95                 } else {
  96                         $oldpassMsg = 'oldpassword';
  97                         $submitMsg = 'resetpass-submit-loggedin';
  98                 }
  99                 $wgOut->addHTML(
 100                         Xml::fieldset( wfMsg( 'resetpass_header' ) ) .
 101                         Xml::openElement( 'form',
 102                                 array(
 103                                         'method' => 'post',
 104                                         'action' => $self->getLocalUrl(),
 105                                         'id' => 'mw-resetpass-form' ) ) .
 106                         Xml::hidden( 'token', $wgUser->editToken() ) .
 107                         Xml::hidden( 'wpName', $this->mUserName ) .
 108                         Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
 109                         wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
 110                         Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) .
 111                         $this->pretty( array(
 112                                 array( 'wpName', 'username', 'text', $this->mUserName ),
 113                                 array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ),
 114                                 array( 'wpNewPassword', 'newpassword', 'password', '' ),
 115                                 array( 'wpRetype', 'retypenew', 'password', '' ),
 116                         ) ) .
 117                         $rememberMe .
 118                         '<tr>' .
 119                                 '<td></td>' .
 120                                 '<td class="mw-input">' .
 121                                         Xml::submitButton( wfMsg( $submitMsg ) ) .
 122                                 '</td>' .
 123                         '</tr>' .
 124                         Xml::closeElement( 'table' ) .
 125                         Xml::closeElement( 'form' ) .
 126                         Xml::closeElement( 'fieldset' )
 127                 );
 128         }
 129
 130         function pretty( $fields ) {
 131                 $out = '';
 132                 foreach( $fields as $list ) {
 133                         list( $name, $label, $type, $value ) = $list;
 134                         if( $type == 'text' ) {
 135                                 $field = htmlspecialchars( $value );
 136                         } else {
 137                                 $field = Xml::input( $name, 20, $value,
 138                                         array( 'id' => $name, 'type' => $type ) );
 139                         }
 140                         $out .= '<tr>';
 141                         $out .= "<td class='mw-label'>";
 142                         if ( $type != 'text' )
 143                                 $out .= Xml::label( wfMsg( $label ), $name );
 144                         else
 145                                 $out .=  wfMsg( $label );
 146                         $out .= '</td>';
 147                         $out .= "<td class='mw-input'>";
 148                         $out .= $field;
 149                         $out .= '</td>';
 150                         $out .= '</tr>';
 151                 }
 152                 return $out;
 153         }
 154
 155         /**
 156          * @throws PasswordError when cannot set the new password because requirements not met.
 157          */
 158         protected function attemptReset( $newpass, $retype ) {
 159                 $user = User::newFromName( $this->mUserName );
 160                 if( !$user || $user->isAnon() ) {
 161                         throw new PasswordError( 'no such user' );
 162                 }
 163
 164                 if( $newpass !== $retype ) {
 165                         wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) );
 166                         throw new PasswordError( wfMsg( 'badretype' ) );
 167                 }
 168
 169                 if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
 170                         wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
 171                         throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );
 172                 }
 173
 174                 try {
 175                         $user->setPassword( $this->mNewpass );
 176                         wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) );
 177                         $this->mNewpass = $this->mOldpass = $this->mRetypePass = '';
 178                 } catch( PasswordError $e ) {
 179                         wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) );
 180                         throw new PasswordError( $e->getMessage() );
 181                         return;
 182                 }
 183
 184                 $user->setCookies();
 185                 $user->saveSettings();
 186         }
 187 }