MediaWiki  master
SpecialPasswordReset.php
Go to the documentation of this file.
1 <?php
25 
37  private $passwordReset;
38 
42  private $result;
43 
47  private $method;
48 
52  public function __construct( PasswordReset $passwordReset ) {
53  parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
54 
55  $this->passwordReset = $passwordReset;
56  }
57 
58  public function doesWrites() {
59  return true;
60  }
61 
62  public function userCanExecute( User $user ) {
63  return $this->passwordReset->isAllowed( $user )->isGood();
64  }
65 
66  public function checkExecutePermissions( User $user ) {
67  $status = Status::wrap( $this->passwordReset->isAllowed( $user ) );
68  if ( !$status->isGood() ) {
69  throw new ErrorPageError( 'internalerror', $status->getMessage() );
70  }
71 
72  parent::checkExecutePermissions( $user );
73  }
74 
78  public function execute( $par ) {
79  $out = $this->getOutput();
80  $out->disallowUserJs();
81  parent::execute( $par );
82  }
83 
84  protected function getFormFields() {
85  $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
86  $a = [];
87  if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
88  $a['Username'] = [
89  'type' => 'text',
90  'default' => $this->getRequest()->getSession()->suggestLoginUsername(),
91  'label-message' => 'passwordreset-username',
92  ];
93 
94  if ( $this->getUser()->isRegistered() ) {
95  $a['Username']['default'] = $this->getUser()->getName();
96  }
97  }
98 
99  if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
100  $a['Email'] = [
101  'type' => 'email',
102  'label-message' => 'passwordreset-email',
103  ];
104  }
105 
106  return $a;
107  }
108 
109  protected function getDisplayFormat() {
110  return 'ooui';
111  }
112 
113  public function alterForm( HTMLForm $form ) {
114  $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
115 
116  $form->setSubmitDestructive();
117 
118  $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
119 
120  $i = 0;
121  if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
122  $i++;
123  }
124  if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
125  $i++;
126  }
127 
128  $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
129 
130  $form->setHeaderHtml( $this->msg( $message, $i )->parseAsBlock() );
131  $form->setSubmitTextMsg( 'mailmypassword' );
132  }
133 
143  public function onSubmit( array $data ) {
144  $username = $data['Username'] ?? null;
145  $email = $data['Email'] ?? null;
146 
147  $this->method = $username ? 'username' : 'email';
148  $this->result = Status::wrap(
149  $this->passwordReset->execute( $this->getUser(), $username, $email ) );
150 
151  if ( $this->result->hasMessage( 'actionthrottledtext' ) ) {
152  throw new ThrottledError;
153  }
154 
155  return $this->result;
156  }
157 
162  public function onSuccess() {
163  $output = $this->getOutput();
164 
165  // Information messages.
166  $output->addWikiMsg( 'passwordreset-success' );
167  $output->addWikiMsg( 'passwordreset-success-details-generic',
168  $this->getConfig()->get( MainConfigNames::PasswordReminderResendTime ) );
169 
170  // Confirmation of what the user has just submitted.
171  $info = "\n";
172  $postVals = $this->getRequest()->getPostValues();
173  if ( isset( $postVals['wpUsername'] ) && $postVals['wpUsername'] !== '' ) {
174  $info .= "* " . $this->msg( 'passwordreset-username' ) . ' '
175  . wfEscapeWikiText( $postVals['wpUsername'] ) . "\n";
176  }
177  if ( isset( $postVals['wpEmail'] ) && $postVals['wpEmail'] !== '' ) {
178  $info .= "* " . $this->msg( 'passwordreset-email' ) . ' '
179  . wfEscapeWikiText( $postVals['wpEmail'] ) . "\n";
180  }
181  $output->addWikiMsg( 'passwordreset-success-info', $info );
182 
183  // Link to main page.
184  $output->returnToMain();
185  }
186 
191  public function isListed() {
192  if ( $this->passwordReset->isAllowed( $this->getUser() )->isGood() ) {
193  return parent::isListed();
194  }
195 
196  return false;
197  }
198 
199  protected function getGroupName() {
200  return 'login';
201  }
202 }
wfEscapeWikiText( $text)
Escapes the given text so that it may be output using addWikiText() without any linking,...
An error page which can definitely be safely rendered using the OutputPage.
Special page which uses an HTMLForm to handle processing.
string null $par
The sub-page of the special page.
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition: HTMLForm.php:155
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
Definition: HTMLForm.php:1637
setSubmitDestructive()
Identify that the submit button in the form has a destructive action.
Definition: HTMLForm.php:1623
setHeaderHtml( $html, $section=null)
Set header HTML, inside the form.
Definition: HTMLForm.php:919
addHiddenFields(array $fields)
Add an array of hidden fields to the output Array values are discarded for security reasons (per WebR...
Definition: HTMLForm.php:1173
A class containing constants representing the names of configuration variables.
Helper class for the password reset functionality shared by the web UI and the API.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getConfig()
Shortcut to get main config object.
getRequest()
Get the WebRequest being used for this instance.
Special page for requesting a password reset email.
getDisplayFormat()
Get display format for the form.
__construct(PasswordReset $passwordReset)
getFormFields()
Get an HTMLForm descriptor array.
doesWrites()
Indicates whether this special page may perform database writes.
onSuccess()
Show a message on the successful processing of the form.
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
isListed()
Hide the password reset page if resets are disabled.
onSubmit(array $data)
Process the form.
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
userCanExecute(User $user)
Checks if the given user (identified by an object) can execute this special page (as defined by $mRes...
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:64
Show an error when the user hits a rate limit.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:71