MediaWiki master
SpecialPasswordReset.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
31
43 private $passwordReset;
44
48 private $result;
49
53 private $method;
54
58 public function __construct( PasswordReset $passwordReset ) {
59 parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
60
61 $this->passwordReset = $passwordReset;
62 }
63
64 public function doesWrites() {
65 return true;
66 }
67
68 public function userCanExecute( User $user ) {
69 return $this->passwordReset->isAllowed( $user )->isGood();
70 }
71
72 public function checkExecutePermissions( User $user ) {
73 $status = Status::wrap( $this->passwordReset->isAllowed( $user ) );
74 if ( !$status->isGood() ) {
75 throw new ErrorPageError( 'internalerror', $status->getMessage() );
76 }
77
78 parent::checkExecutePermissions( $user );
79 }
80
84 public function execute( $par ) {
85 $out = $this->getOutput();
86 $out->disallowUserJs();
87 parent::execute( $par );
88 }
89
90 protected function getFormFields() {
91 $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
92 $a = [];
93 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
94 $a['Username'] = [
95 'type' => 'text',
96 'default' => $this->getRequest()->getSession()->suggestLoginUsername(),
97 'label-message' => 'passwordreset-username',
98 ];
99
100 if ( $this->getUser()->isRegistered() ) {
101 $a['Username']['default'] = $this->getUser()->getName();
102 }
103 }
104
105 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
106 $a['Email'] = [
107 'type' => 'email',
108 'label-message' => 'passwordreset-email',
109 ];
110 }
111
112 return $a;
113 }
114
115 protected function getDisplayFormat() {
116 return 'ooui';
117 }
118
119 public function alterForm( HTMLForm $form ) {
120 $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes );
121
122 $form->setSubmitDestructive();
123
124 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
125
126 $i = 0;
127 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
128 $i++;
129 }
130 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
131 $i++;
132 }
133
134 $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
135
136 $form->setHeaderHtml( $this->msg( $message, $i )->parseAsBlock() );
137 $form->setSubmitTextMsg( 'mailmypassword' );
138 }
139
147 public function onSubmit( array $data ) {
148 $username = $data['Username'] ?? null;
149 $email = $data['Email'] ?? null;
150
151 $this->method = $username ? 'username' : 'email';
152 $this->result = Status::wrap(
153 $this->passwordReset->execute( $this->getUser(), $username, $email ) );
154
155 if ( $this->result->hasMessage( 'actionthrottledtext' ) ) {
156 throw new ThrottledError;
157 }
158
159 return $this->result;
160 }
161
166 public function onSuccess() {
167 $output = $this->getOutput();
168
169 // Information messages.
170 $output->addWikiMsg( 'passwordreset-success' );
171 $output->addWikiMsg( 'passwordreset-success-details-generic',
173
174 // Confirmation of what the user has just submitted.
175 $info = "\n";
176 $postVals = $this->getRequest()->getPostValues();
177 if ( isset( $postVals['wpUsername'] ) && $postVals['wpUsername'] !== '' ) {
178 $info .= "* " . $this->msg( 'passwordreset-username' ) . ' '
179 . wfEscapeWikiText( $postVals['wpUsername'] ) . "\n";
180 }
181 if ( isset( $postVals['wpEmail'] ) && $postVals['wpEmail'] !== '' ) {
182 $info .= "* " . $this->msg( 'passwordreset-email' ) . ' '
183 . wfEscapeWikiText( $postVals['wpEmail'] ) . "\n";
184 }
185 $output->addWikiMsg( 'passwordreset-success-info', $info );
186
187 // Link to main page.
188 $output->returnToMain();
189 }
190
195 public function isListed() {
196 if ( !$this->passwordReset->isEnabled()->isGood() ) {
197 return false;
198 }
199
200 return parent::isListed();
201 }
202
203 protected function getGroupName() {
204 return 'login';
205 }
206}
207
212class_alias( SpecialPasswordReset::class, 'SpecialPasswordReset' );
wfEscapeWikiText( $input)
Escapes the given text so that it may be output using addWikiText() without any linking,...
An error page which can definitely be safely rendered using the OutputPage.
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:206
setHeaderHtml( $html, $section=null)
Set header HTML, inside the form.
Definition HTMLForm.php:963
setSubmitTextMsg( $msg)
Set the text for the submit button to a message.
addHiddenFields(array $fields)
Add an array of hidden fields to the output Array values are discarded for security reasons (per WebR...
setSubmitDestructive()
Identify that the submit button in the form has a destructive action.
A class containing constants representing the names of configuration variables.
const PasswordReminderResendTime
Name constant for the PasswordReminderResendTime setting, for use with Config::get()
const PasswordResetRoutes
Name constant for the PasswordResetRoutes setting, for use with Config::get()
Special page which uses an HTMLForm to handle processing.
string null $par
The sub-page of the special page.
getUser()
Shortcut to get the User executing this instance.
getConfig()
Shortcut to get main config object.
getRequest()
Get the WebRequest being used for this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
Special page for requesting a password reset email.
isListed()
Hide the password reset page if resets are disabled.
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
onSuccess()
Show a message on the successful processing of the form.
userCanExecute(User $user)
Checks if the given user (identified by an object) can execute this special page (as defined by $mRes...
doesWrites()
Indicates whether this special page may perform database writes.
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
getFormFields()
Get an HTMLForm descriptor array.
getDisplayFormat()
Get display format for the form.
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
__construct(PasswordReset $passwordReset)
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
Helper class for the password reset functionality shared by the web UI and the API.
internal since 1.36
Definition User.php:93
Show an error when the user hits a rate limit.