MediaWiki master
SpecialPasswordReset.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
31
42 private PasswordReset $passwordReset;
43
44 public function __construct( PasswordReset $passwordReset ) {
45 parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
46
47 $this->passwordReset = $passwordReset;
48 }
49
50 public function doesWrites() {
51 return true;
52 }
53
55 public function userCanExecute( User $user ) {
56 return $this->passwordReset->isAllowed( $user )->isGood();
57 }
58
59 public function checkExecutePermissions( User $user ) {
60 $status = Status::wrap( $this->passwordReset->isAllowed( $user ) );
61 if ( !$status->isGood() ) {
62 throw new ErrorPageError( 'internalerror', $status->getMessage() );
63 }
64
65 parent::checkExecutePermissions( $user );
66 }
67
71 public function execute( $par ) {
72 $out = $this->getOutput();
73 $out->disallowUserJs();
74 parent::execute( $par );
75 }
76
78 protected function getFormFields() {
79 $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
80 $a = [];
81 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
82 $a['Username'] = [
83 'type' => 'user',
84 'default' => $this->getRequest()->getSession()->suggestLoginUsername(),
85 'label-message' => 'passwordreset-username',
86 'excludetemp' => true,
87 ];
88
89 if ( $this->getUser()->isRegistered() ) {
90 $a['Username']['default'] = $this->getUser()->getName();
91 }
92 }
93
94 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
95 $a['Email'] = [
96 'type' => 'email',
97 'label-message' => 'passwordreset-email',
98 ];
99 }
100
101 return $a;
102 }
103
105 protected function getDisplayFormat() {
106 return 'ooui';
107 }
108
109 public function alterForm( HTMLForm $form ) {
110 $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
111
112 $form->setSubmitDestructive();
113
114 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
115
116 $i = 0;
117 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
118 $i++;
119 }
120 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
121 $i++;
122 }
123
124 $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
125
126 $form->setHeaderHtml( $this->msg( $message, $i )->parseAsBlock() );
127 $form->setSubmitTextMsg( 'mailmypassword' );
128 }
129
138 public function onSubmit( array $data ) {
139 $username = $data['Username'] ?? null;
140 $email = $data['Email'] ?? null;
141
142 $result = Status::wrap(
143 $this->passwordReset->execute( $this->getUser(), $username, $email ) );
144
145 if ( $result->hasMessage( 'actionthrottledtext' ) ) {
146 throw new ThrottledError;
147 }
148
149 return $result;
150 }
151
156 public function onSuccess() {
157 $output = $this->getOutput();
158
159 // Information messages.
160 $output->addWikiMsg( 'passwordreset-success' );
161 $output->addWikiMsg( 'passwordreset-success-details-generic',
163
164 // Confirmation of what the user has just submitted.
165 $info = "\n";
166 $postVals = $this->getRequest()->getPostValues();
167 if ( isset( $postVals['wpUsername'] ) && $postVals['wpUsername'] !== '' ) {
168 $info .= "* " . $this->msg( 'passwordreset-username' ) . ' '
169 . wfEscapeWikiText( $postVals['wpUsername'] ) . "\n";
170 }
171 if ( isset( $postVals['wpEmail'] ) && $postVals['wpEmail'] !== '' ) {
172 $info .= "* " . $this->msg( 'passwordreset-email' ) . ' '
173 . wfEscapeWikiText( $postVals['wpEmail'] ) . "\n";
174 }
175 $output->addWikiMsg( 'passwordreset-success-info', $info );
176
177 // Add a return to link to the main page.
178 $output->returnToMain();
179 }
180
185 public function isListed() {
186 if ( !$this->passwordReset->isEnabled()->isGood() ) {
187 return false;
188 }
189
190 return parent::isListed();
191 }
192
194 protected function getGroupName() {
195 return 'login';
196 }
197}
198
203class_alias( SpecialPasswordReset::class, 'SpecialPasswordReset' );
wfEscapeWikiText( $input)
Escapes the given text so that it may be output using addWikiText() without any linking,...
An error page which can definitely be safely rendered using the OutputPage.
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:209
setHeaderHtml( $html, $section=null)
Set header HTML, inside the form.
Definition HTMLForm.php:997
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
addHiddenFields(array $fields)
Add an array of hidden fields to the output Array values are discarded for security reasons (per WebR...
setSubmitDestructive()
Identify that the submit button in the form has a destructive action.
A class containing constants representing the names of configuration variables.
const PasswordReminderResendTime
Name constant for the PasswordReminderResendTime setting, for use with Config::get()
const PasswordResetRoutes
Name constant for the PasswordResetRoutes setting, for use with Config::get()
Special page which uses an HTMLForm to handle processing.
string null $par
The subpage of the special page.
getUser()
Shortcut to get the User executing this instance.
getConfig()
Shortcut to get main config object.
getRequest()
Get the WebRequest being used for this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
Special page for requesting a password reset email.
isListed()
Hide the password reset page if resets are disabled.
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
onSuccess()
Show a message on the successful processing of the form.
userCanExecute(User $user)
Checks if the given user (identified by an object) can execute this special page (as defined by $mRes...
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki.
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
getFormFields()
Get an HTMLForm descriptor array.array
getDisplayFormat()
Get display format for the form.See HTMLForm documentation for available values.1....
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
__construct(PasswordReset $passwordReset)
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
Password reset helper for functionality shared by the web UI and the API.
User class for the MediaWiki software.
Definition User.php:119
Show an error when the user hits a rate limit.