r81928 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r81927‎ \| r81928 \| r81929 >
Date:	02:46, 11 February 2011
Author:	dantman
Status:	resolved (Comments)
Tags:
Comment:	Add a new maintenance script to reset the user_token of all users if you think someone got ahold of your user table.
Modified paths:	/trunk/phase3/maintenance/resetUserTokens.php (added) (history)

Diff [purge]

Index: trunk/phase3/maintenance/resetUserTokens.php
—	—	@@ -0,0 +1,82 @@
	2	+<?php
	3	+/**
	4	+ * Script to reset the user_token for all users on the wiki. Useful if you
	5	+ * believe that your user table was acidentally leaked to an external source.
	6	+ *
	7	+ * This program is free software; you can redistribute it and/or modify
	8	+ * it under the terms of the GNU General Public License as published by
	9	+ * the Free Software Foundation; either version 2 of the License, or
	10	+ * (at your option) any later version.
	11	+ *
	12	+ * This program is distributed in the hope that it will be useful,
	13	+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	+ * GNU General Public License for more details.
	16	+ *
	17	+ * You should have received a copy of the GNU General Public License along
	18	+ * with this program; if not, write to the Free Software Foundation, Inc.,
	19	+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
	20	+ * http://www.gnu.org/copyleft/gpl.html
	21	+ *
	22	+ * @file
	23	+ * @ingroup Maintenance
	24	+ * @author Daniel Friesen <mediawiki@danielfriesen.name>
	25	+ */
	26	+
	27	+require_once( dirname( __FILE__ ) . '/Maintenance.php' );
	28	+
	29	+class ResetUserTokens extends Maintenance {
	30	+ public function __construct() {
	31	+ parent::__construct();
	32	+ $this->mDescription = "Reset the user_token of all users on the wiki. Note that this may log some of them out.";
	33	+ $this->addOption( 'nowarn', "Hides the 5 seconds warning", false, false );
	34	+ $this->addOption( 'quiet', "Do not print what is happening", false, false );
	35	+ }
	36	+
	37	+ public function execute() {
	38	+ $nowarn = $this->getOption( 'nowarn' );
	39	+ $quiet = $this->getOption( 'quiet' );
	40	+
	41	+ if ( !$nowarn ) {
	42	+ echo <<<WARN
	43	+The script is about to reset the user_token for ALL USERS in the database.
	44	+This may log some of them out and is not necessary unless you believe your
	45	+user table has been compromised.
	46	+
	47	+Abort with control-c in the next five seconds....
	48	+WARN;
	49	+ wfCountDown( 5 );
	50	+ }
	51	+
	52	+ // We list user by user_id from one of the slave database
	53	+ $dbr = wfGetDB( DB_SLAVE );
	54	+ $result = $dbr->select( 'user',
	55	+ array( 'user_id' ),
	56	+ array(),
	57	+ __METHOD__
	58	+ );
	59	+
	60	+ foreach ( $result as $id ) {
	61	+ $user = User::newFromId( $id->user_id );
	62	+
	63	+ $username = $user->getName();
	64	+
	65	+ if ( !$quiet ) {
	66	+ echo "Resetting user_token for $username: ";
	67	+ }
	68	+
	69	+ // Change value
	70	+ $user->setToken();
	71	+ $user->saveSettings();
	72	+
	73	+ if ( !$quiet ) {
	74	+ echo " OK\n";
	75	+ }
	76	+
	77	+ }
	78	+
	79	+ }
	80	+}
	81	+
	82	+$maintClass = "ResetUserTokens";
	83	+require_once( RUN_MAINTENANCE_IF_MAIN );
Property changes on: trunk/phase3/maintenance/resetUserTokens.php
___________________________________________________________________
Added: svn:eol-style
1	84	+ native

Follow-up revisions

Revision	Commit summary	Author	Date
r84894	Followup r81928, make proper use of $this->output instead of echo.	dantman	03:38, 28 March 2011

Comments

#Comment by Reedy (talk | contribs) 12:04, 11 February 2011

Shouldn't be using $this->output(); instead of echo?

#Comment by Dantman (talk | contribs) 12:58, 11 February 2011

Perhaps... I didn't know the entire Maintenance class api. Tbh, I also didn't know about differences since 1.16 and I actually wrote this because I needed to use it on a 1.16 wiki. I was debating making some improvements to the Maintenance class to handle things like the countdown warning but left out the idea since I wanted to be able to backport it locally and run it on 1.16.

#Comment by Reedy (talk | contribs) 13:02, 11 February 2011

<Reedy> ^demon, people need to use $this->output() in maintenance rather than echo don't they?

grager_ (~quassel@abzv90.neoplus.adsl.tpnet.pl) has joined #mediawiki

<^demon> You should, yes <^demon> So it respects --quiet <Reedy> Dantman, ^

rainman-sr (~rainman@wikipedia/Rainman) has joined #mediawiki

<^demon> Error output should go to ->error() (which goes to stderr and doesn't respect --quiet)

#Comment by Dantman (talk | contribs) 03:39, 28 March 2011

Using $this->output now.

Status & tagging log

00:08, 15 June 2011 😂 (talk | contribs) changed the status of r81928 [removed: new added: resolved]
03:39, 28 March 2011 Dantman (talk | contribs) changed the status of r81928 [removed: fixme added: new]
13:02, 11 February 2011 Reedy (talk | contribs) changed the status of r81928 [removed: new added: fixme]