00001 <?php 00011 class SpecialResetpass extends SpecialPage { 00012 public function __construct() { 00013 parent::__construct( 'Resetpass' ); 00014 } 00015 00019 function execute( $par ) { 00020 global $wgUser, $wgAuth, $wgOut, $wgRequest; 00021 00022 $this->mUserName = $wgRequest->getVal( 'wpName' ); 00023 $this->mOldpass = $wgRequest->getVal( 'wpPassword' ); 00024 $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' ); 00025 $this->mRetype = $wgRequest->getVal( 'wpRetype' ); 00026 00027 $this->setHeaders(); 00028 $this->outputHeader(); 00029 00030 if( !$wgAuth->allowPasswordChange() ) { 00031 $this->error( wfMsg( 'resetpass_forbidden' ) ); 00032 return; 00033 } 00034 00035 if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) { 00036 $this->error( wfMsg( 'resetpass-no-info' ) ); 00037 return; 00038 } 00039 00040 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) { 00041 try { 00042 $this->attemptReset( $this->mNewpass, $this->mRetype ); 00043 $wgOut->addWikiMsg( 'resetpass_success' ); 00044 if( !$wgUser->isLoggedIn() ) { 00045 $data = array( 00046 'action' => 'submitlogin', 00047 'wpName' => $this->mUserName, 00048 'wpPassword' => $this->mNewpass, 00049 'returnto' => $wgRequest->getVal( 'returnto' ), 00050 ); 00051 if( $wgRequest->getCheck( 'wpRemember' ) ) { 00052 $data['wpRemember'] = 1; 00053 } 00054 $login = new LoginForm( new FauxRequest( $data, true ) ); 00055 $login->execute(); 00056 } 00057 $titleObj = Title::newFromText( $wgRequest->getVal( 'returnto' ) ); 00058 if ( !$titleObj instanceof Title ) { 00059 $titleObj = Title::newMainPage(); 00060 } 00061 $wgOut->redirect( $titleObj->getFullURL() ); 00062 } catch( PasswordError $e ) { 00063 $this->error( $e->getMessage() ); 00064 } 00065 } 00066 $this->showForm(); 00067 } 00068 00069 function error( $msg ) { 00070 global $wgOut; 00071 $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) ); 00072 } 00073 00074 function showForm() { 00075 global $wgOut, $wgUser, $wgRequest; 00076 00077 $wgOut->disallowUserJs(); 00078 00079 $self = SpecialPage::getTitleFor( 'Resetpass' ); 00080 if ( !$this->mUserName ) { 00081 $this->mUserName = $wgUser->getName(); 00082 } 00083 $rememberMe = ''; 00084 if ( !$wgUser->isLoggedIn() ) { 00085 $rememberMe = '<tr>' . 00086 '<td></td>' . 00087 '<td class="mw-input">' . 00088 Xml::checkLabel( wfMsg( 'remembermypassword' ), 00089 'wpRemember', 'wpRemember', 00090 $wgRequest->getCheck( 'wpRemember' ) ) . 00091 '</td>' . 00092 '</tr>'; 00093 $submitMsg = 'resetpass_submit'; 00094 $oldpassMsg = 'resetpass-temp-password'; 00095 } else { 00096 $oldpassMsg = 'oldpassword'; 00097 $submitMsg = 'resetpass-submit-loggedin'; 00098 } 00099 $wgOut->addHTML( 00100 Xml::fieldset( wfMsg( 'resetpass_header' ) ) . 00101 Xml::openElement( 'form', 00102 array( 00103 'method' => 'post', 00104 'action' => $self->getLocalUrl(), 00105 'id' => 'mw-resetpass-form' ) ) . 00106 Xml::hidden( 'token', $wgUser->editToken() ) . 00107 Xml::hidden( 'wpName', $this->mUserName ) . 00108 Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . 00109 wfMsgExt( 'resetpass_text', array( 'parse' ) ) . 00110 Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . 00111 $this->pretty( array( 00112 array( 'wpName', 'username', 'text', $this->mUserName ), 00113 array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ), 00114 array( 'wpNewPassword', 'newpassword', 'password', '' ), 00115 array( 'wpRetype', 'retypenew', 'password', '' ), 00116 ) ) . 00117 $rememberMe . 00118 '<tr>' . 00119 '<td></td>' . 00120 '<td class="mw-input">' . 00121 Xml::submitButton( wfMsg( $submitMsg ) ) . 00122 '</td>' . 00123 '</tr>' . 00124 Xml::closeElement( 'table' ) . 00125 Xml::closeElement( 'form' ) . 00126 Xml::closeElement( 'fieldset' ) 00127 ); 00128 } 00129 00130 function pretty( $fields ) { 00131 $out = ''; 00132 foreach( $fields as $list ) { 00133 list( $name, $label, $type, $value ) = $list; 00134 if( $type == 'text' ) { 00135 $field = htmlspecialchars( $value ); 00136 } else { 00137 $field = Xml::input( $name, 20, $value, 00138 array( 'id' => $name, 'type' => $type ) ); 00139 } 00140 $out .= '<tr>'; 00141 $out .= "<td class='mw-label'>"; 00142 if ( $type != 'text' ) 00143 $out .= Xml::label( wfMsg( $label ), $name ); 00144 else 00145 $out .= wfMsg( $label ); 00146 $out .= '</td>'; 00147 $out .= "<td class='mw-input'>"; 00148 $out .= $field; 00149 $out .= '</td>'; 00150 $out .= '</tr>'; 00151 } 00152 return $out; 00153 } 00154 00158 protected function attemptReset( $newpass, $retype ) { 00159 $user = User::newFromName( $this->mUserName ); 00160 if( !$user || $user->isAnon() ) { 00161 throw new PasswordError( 'no such user' ); 00162 } 00163 00164 if( $newpass !== $retype ) { 00165 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'badretype' ) ); 00166 throw new PasswordError( wfMsg( 'badretype' ) ); 00167 } 00168 00169 if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) { 00170 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) ); 00171 throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) ); 00172 } 00173 00174 try { 00175 $user->setPassword( $this->mNewpass ); 00176 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) ); 00177 $this->mNewpass = $this->mOldpass = $this->mRetypePass = ''; 00178 } catch( PasswordError $e ) { 00179 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'error' ) ); 00180 throw new PasswordError( $e->getMessage() ); 00181 return; 00182 } 00183 00184 $user->setCookies(); 00185 $user->saveSettings(); 00186 } 00187 }