r48780 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r48779‎ \| r48780 \| r48781 >
Date:	02:27, 25 March 2009
Author:	werdna
Status:	ok (Comments)
Tags:
Comment:	Revert r47569 and subsequent related revisions. These still break logging in with temporary passwords despite two attempts to fix the issue.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/includes/specials/SpecialResetpass.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -163,7 +163,6 @@
164	164	'proxyunbannable',
165	165	'purge',
166	166	'read',
167		~~- 'reset-passwords',~~
168	167	'reupload',
169	168	'reupload-shared',
170	169	'rollback',
Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -1255,8 +1255,6 @@
1256	1256	// Permission to change users' group assignments
1257	1257	$wgGroupPermissions['bureaucrat']['userrights'] = true;
1258	1258	$wgGroupPermissions['bureaucrat']['noratelimit'] = true;
1259		~~-// Permission to change users' passwords~~
1260		~~-# $wgGroupPermissions['bureaucrat']['reset-passwords'] = true;~~
1261	1259	// Permission to change users' groups assignments across wikis
1262	1260	#$wgGroupPermissions['bureaucrat']['userrights-interwiki'] = true;
1263	1261	// Permission to export pages including linked pages regardless of $wgExportMaxLinkDepth
—	—	@@ -1471,7 +1469,7 @@
1472	1470	* to ensure that client-side caches don't keep obsolete copies of global
1473	1471	* styles.
1474	1472	*/
1475		~~-$wgStyleVersion = '207';~~
	1473	+$wgStyleVersion = '206';
1476	1474
1477	1475
1478	1476	# Server-side caching:
—	—	@@ -2873,7 +2871,6 @@
2874	2872	'patrol',
2875	2873	'merge',
2876	2874	'suppress',
2877		~~- 'password',~~
2878	2875	);
2879	2876
2880	2877	/**
—	—	@@ -2928,7 +2925,6 @@
2929	2926	'patrol' => 'patrol-log-page',
2930	2927	'merge' => 'mergelog',
2931	2928	'suppress' => 'suppressionlog',
2932		~~- 'password' => 'resetpass-log'~~
2933	2929	);
2934	2930
2935	2931	/**
—	—	@@ -2949,7 +2945,6 @@
2950	2946	'patrol' => 'patrol-log-header',
2951	2947	'merge' => 'mergelogpagetext',
2952	2948	'suppress' => 'suppressionlogtext',
2953		~~- 'password' => 'resetpass-logtext',~~
2954	2949	);
2955	2950
2956	2951	/**
—	—	@@ -2985,7 +2980,6 @@
2986	2981	'suppress/delete' => 'suppressedarticle',
2987	2982	'suppress/block' => 'blocklogentry',
2988	2983	'suppress/reblock' => 'reblock-logentry',
2989		~~- 'password/reset' => 'resetpass-logentry'~~
2990	2984	);
2991	2985
2992	2986	/**
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -589,8 +589,7 @@
590	590	global $wgOut;
591	591	$wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $error ) );
592	592	$reset = new SpecialResetpass();
593		~~- $reset->setUser( User::newFromName( $this->mName ) );~~
594		~~- $reset->execute( $this->mName );~~
	593	+ $reset->execute( null );
595	594	}
596	595
597	596	/**
Index: trunk/phase3/includes/specials/SpecialResetpass.php
—	—	@@ -9,22 +9,9 @@
10	10	* @ingroup SpecialPage
11	11	*/
12	12	class SpecialResetpass extends SpecialPage {
13		-
14		~~- private $mSelfChange = true; // Usually, but sometimes not :)~~
15		~~- private $mUser = null; // The user requesting the reset~~
16		-
17	13	public function __construct() {
18	14	parent::__construct( 'Resetpass' );
19	15	}
20		-
21		- /**
22		~~- * Sometimes the user requesting the password change is not $wgUser~~
23		~~- * See bug 17722~~
24		~~- * @param User $usr~~
25		~~- */~~
26		~~- public function setUser( $usr ) {~~
27		~~- $this->mUser = $usr;~~
28		~~- }~~
29	16
30	17	/**
31	18	* Main execution point
—	—	@@ -32,16 +19,11 @@
33	20	function execute( $par ) {
34	21	global $wgUser, $wgAuth, $wgOut, $wgRequest;
35	22
36		~~- $this->mUserName = $wgRequest->getVal( 'wpName', $par );~~
	23	+ $this->mUserName = $wgRequest->getVal( 'wpName' );
37	24	$this->mOldpass = $wgRequest->getVal( 'wpPassword' );
38	25	$this->mNewpass = $wgRequest->getVal( 'wpNewPassword' );
39	26	$this->mRetype = $wgRequest->getVal( 'wpRetype' );
40		~~- $this->mComment = $wgRequest->getVal( 'wpComment' );~~
41	27
42		~~- if ( is_null( $this->mUser ) ) {~~
43		~~- $this->mUser = $wgUser;~~
44		~~- }~~
45		-
46	28	$this->setHeaders();
47	29	$this->outputHeader();
48	30
—	—	@@ -49,33 +31,17 @@
50	32	$this->error( wfMsg( 'resetpass_forbidden' ) );
51	33	return;
52	34	}
53		-
54		~~- // Default to our own username when not given one~~
55		~~- if ( !$this->mUserName ) {~~
56		~~- $this->mUserName = $this->mUser->getName();~~
57		~~- }~~
58		-
59		~~- // Are we changing our own?~~
60		~~- if ( $this->mUser->getName() != $this->mUserName ) {~~
61		~~- $this->mSelfChange = false; // We're changing someone else~~
62		~~- }~~
63	35
64		~~- if( !$wgRequest->wasPosted() && !$this->mUser->isLoggedIn() ) {~~
	36	+ if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) {
65	37	$this->error( wfMsg( 'resetpass-no-info' ) );
66	38	return;
67	39	}
68	40
69		~~- if ( !$this->mSelfChange && !$this->mUser->isAllowed( 'reset-passwords' ) ) {~~
70		~~- $this->error( wfMsg( 'resetpass-no-others' ) );~~
71		~~- return;~~
72		~~- }~~
73		-
74		~~- if( $wgRequest->wasPosted() && $this->mUser->matchEditToken( $wgRequest->getVal('token') ) ) {~~
	41	+ if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) {
75	42	try {
76	43	$this->attemptReset( $this->mNewpass, $this->mRetype );
77	44	$wgOut->addWikiMsg( 'resetpass_success' );
78		~~- // Only attempt this login session if we're changing our own password~~
79		~~- if( $this->mSelfChange && !$wgUser->isLoggedIn() ) {~~
	45	+ if( !$wgUser->isLoggedIn() ) {
80	46	$data = array(
81	47	'action' => 'submitlogin',
82	48	'wpName' => $this->mUserName,
—	—	@@ -109,15 +75,13 @@
110	76	global $wgOut, $wgUser, $wgRequest;
111	77
112	78	$wgOut->disallowUserJs();
113		-
114		~~- if ( $this->mUser->isAllowed( 'reset-passwords') ) {~~
115		~~- $wgOut->addScriptFile( 'changepassword.js' );~~
116		~~- }~~
117	79
118	80	$self = SpecialPage::getTitleFor( 'Resetpass' );
119		-
	81	+ if ( !$this->mUserName ) {
	82	+ $this->mUserName = $wgUser->getName();
	83	+ }
120	84	$rememberMe = '';
121		~~- if ( !$this->mUser->isLoggedIn() ) {~~
	85	+ if ( !$wgUser->isLoggedIn() ) {
122	86	$rememberMe = '<tr>' .
123	87	'<td></td>' .
124	88	'<td class="mw-input">' .
—	—	@@ -132,24 +96,24 @@
133	97	$oldpassMsg = 'oldpassword';
134	98	$submitMsg = 'resetpass-submit-loggedin';
135	99	}
136		~~- $s = Xml::fieldset( wfMsg( 'resetpass_header' ) ) .~~
	100	+ $wgOut->addHTML(
	101	+ Xml::fieldset( wfMsg( 'resetpass_header' ) ) .
137	102	Xml::openElement( 'form',
138	103	array(
139	104	'method' => 'post',
140	105	'action' => $self->getLocalUrl(),
141	106	'id' => 'mw-resetpass-form' ) ) .
142		~~- Xml::hidden( 'token', $this->mUser->editToken() ) .~~
	107	+ Xml::hidden( 'token', $wgUser->editToken() ) .
	108	+ Xml::hidden( 'wpName', $this->mUserName ) .
143	109	Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) .
144	110	wfMsgExt( 'resetpass_text', array( 'parse' ) ) .
145		~~- Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) );~~
146		~~- $formElements = array(~~
147		~~- array( 'wpName', 'username', 'text', $this->mUserName, $this->mUser->isAllowed( 'reset-passwords' ) ),~~
148		~~- array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass, $this->mSelfChange ),~~
149		~~- array( 'wpNewPassword', 'newpassword', 'password', '', true ),~~
150		~~- array( 'wpRetype', 'retypenew', 'password', '', true ) );~~
151		~~- if ( $this->mUser->isAllowed( 'reset-passwords' ) && $this->mSelfChange )~~
152		~~- $formElements[] = array( 'wpComment', 'resetpass-comment', 'text', $this->mComment, true );~~
153		~~- $s .= $this->pretty( $formElements ) .~~
	111	+ Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) .
	112	+ $this->pretty( array(
	113	+ array( 'wpName', 'username', 'text', $this->mUserName ),
	114	+ array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ),
	115	+ array( 'wpNewPassword', 'newpassword', 'password', '' ),
	116	+ array( 'wpRetype', 'retypenew', 'password', '' ),
	117	+ ) ) .
154	118	$rememberMe .
155	119	'<tr>' .
156	120	'<td></td>' .
—	—	@@ -159,23 +123,28 @@
160	124	'</tr>' .
161	125	Xml::closeElement( 'table' ) .
162	126	Xml::closeElement( 'form' ) .
163		~~- Xml::closeElement( 'fieldset' );~~
164		~~- $wgOut->addHtml( $s );~~
	127	+ Xml::closeElement( 'fieldset' )
	128	+ );
165	129	}
166	130
167	131	function pretty( $fields ) {
168	132	$out = '';
169	133	foreach( $fields as $list ) {
170		~~- list( $name, $label, $type, $value, $enabled ) = $list;~~
171		~~- $params = array( 'id' => $name, 'type' => $type );~~
172		~~- if ( !$enabled )~~
173		~~- $params['disabled'] = 'disabled';~~
174		~~- $field = Xml::input( $name, 20, $value, $params );~~
	134	+ list( $name, $label, $type, $value ) = $list;
	135	+ if( $type == 'text' ) {
	136	+ $field = htmlspecialchars( $value );
	137	+ } else {
	138	+ $field = Xml::input( $name, 20, $value,
	139	+ array( 'id' => $name, 'type' => $type ) );
	140	+ }
175	141	$out .= '<tr>';
176		~~- $out .= '<td class="mw-label">';~~
177		~~- $out .= Xml::label( wfMsg( $label ), $name );~~
	142	+ $out .= "<td class='mw-label'>";
	143	+ if ( $type != 'text' )
	144	+ $out .= Xml::label( wfMsg( $label ), $name );
	145	+ else
	146	+ $out .= wfMsg( $label );
178	147	$out .= '</td>';
179		~~- $out .= '<td class="mw-input">';~~
	148	+ $out .= "<td class='mw-input'>";
180	149	$out .= $field;
181	150	$out .= '</td>';
182	151	$out .= '</tr>';
—	—	@@ -197,13 +166,11 @@
198	167	throw new PasswordError( wfMsg( 'badretype' ) );
199	168	}
200	169
201		~~- if ( $this->mSelfChange ) {~~
202		~~- if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {~~
203		~~- wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );~~
204		~~- throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );~~
205		~~- }~~
	170	+ if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
	171	+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
	172	+ throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );
206	173	}
207		-
	174	+
208	175	try {
209	176	$user->setPassword( $this->mNewpass );
210	177	wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) );
—	—	@@ -214,14 +181,7 @@
215	182	return;
216	183	}
217	184
218		~~- if ( !$this->mSelfChange ) {~~
219		~~- $log = new LogPage( 'password' );~~
220		~~- $log->addEntry( 'reset', $user->getUserPage(), $this->mComment );~~
221		~~- } else {~~
222		~~- // Only set cookies if it was a self-change~~
223		~~- $user->setCookies();~~
224		~~- }~~
225		-
	185	+ $user->setCookies();
226	186	$user->saveSettings();
227	187	}
228	188	}
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -1018,7 +1018,6 @@
1019	1019	'resetpass-wrong-oldpass' => 'Invalid temporary or current password.
1020	1020	You may have already successfully changed your password or requested a new temporary password.',
1021	1021	'resetpass-temp-password' => 'Temporary password:',
1022		~~-'resetpass-no-others' => 'You cannot reset the password for other users.',~~
1023	1022	'resetpass-log' => 'Password resets log',
1024	1023	'resetpass-logtext' => 'Below is a log of users who have had their password reset by an administrator.',
1025	1024	'resetpass-logentry' => 'changed the password for $1',
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -117,11 +117,8 @@
118	118	* Special:ListUsers: Sort list of usergroups by alphabet
119	119	* (bug 16762) Special:Movepage now shows a list of subpages when possible
120	120	* (bug 17585) Hide legend on Special:Specialpages from non-privileged users
121		~~-* (bug 15876) Users with 'reset-passwords' right can change the passwords of~~
122		~~- other users.~~
123	121	* Add an ID if 'missingsummary' is triggered to allow styling of the summary
124	122	line
125		~~-* Add logging to password resets if not resetting your own~~
126	123	* Added $wgUseTagFilter to control enabling of filter-by-change-tag
127	124	* (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the
128	125	username

Follow-up revisions

Revision	Commit summary	Author	Date
r48789	Follow up r48780: Remove message from maintenance script too	raymond	07:17, 25 March 2009
r78536	Rm unused javascript added in r47637 (follow up to r47569) and not reverted w...	happy-melon	16:04, 17 December 2010
r95597	Remove a message for a feature introduced with r47569 and reverted with r48780.	raymond	11:01, 27 August 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r47569	ChangePassword fixes:...	demon	18:35, 20 February 2009

Comments

#Comment by Raymond (talk | contribs) 07:20, 25 March 2009

Follow up in r48789: Remove unused message from maintenance script too

Status & tagging log

18:03, 9 December 2011 Aaron Schulz (talk | contribs) changed the tags for r48780 [removed: ok]
10:03, 25 March 2009 Brion VIBBER (talk | contribs) changed the status of r48780 [removed: new added: ok]
07:49, 25 March 2009 Aaron Schulz (talk | contribs) changed the tags for r48780 [added: ok]