From 3f66a6ca3c7ed6ef58e0a07b880b5367f8cbe7c7 Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Wed, 7 Jan 2009 14:34:55 +0000 Subject: [PATCH] Re-fix bug 2242 - adding expiry time for temporary passwords. Now with proper global declarations in User :) --- RELEASE-NOTES | 4 +++- includes/DefaultSettings.php | 5 +++++ includes/User.php | 9 ++++++++- includes/specials/SpecialUserlogin.php | 5 +++-- languages/messages/MessagesEn.php | 1 + 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 72f15c0311..12e9c771e4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -71,7 +71,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * The 'BeforeWatchlist' hook has been removed due to internal changes in Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions to customize the watchlist database query. - +* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to + tempoary passwords === Migrated extensions === The following extensions are migrated into MediaWiki 1.14: @@ -257,6 +258,7 @@ The following extensions are migrated into MediaWiki 1.14: move log * Image moving is now enabled for sysops by default * Make "Did you mean" search feature more noticeable +* (bug 2242) Add an expiry time to temporary passwords * (bug 16720) Transcluded Special:NewPages processes "/username=" * Added "Advanced search" link to the search form * Special:Upload can now have a custom upload message instead of uploadtext by diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 9a42c478db..f73e80efba 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -520,6 +520,11 @@ $wgUserEmailUseReplyTo = false; */ $wgPasswordReminderResendTime = 24; +/** + * The time, in seconds, when an emailed temporary password expires. + */ +$wgNewPasswordExpiry = 3600 * 24 * 7; + /** * SMTP Mode * For using a direct (authenticated) SMTP server connection. diff --git a/includes/User.php b/includes/User.php index 9fee089c4c..e888422ee0 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2705,7 +2705,14 @@ class User { * @return \bool True if matches, false otherwise */ function checkTemporaryPassword( $plaintext ) { - return self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ); + global $wgNewPasswordExpiry; + if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) { + $this->load(); + $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry; + return ( time() < $expiry ); + } else { + return false; + } } /** diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 6a4da7a4ab..1bb54ed62f 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -654,7 +654,7 @@ class LoginForm { * @private */ function mailPasswordInternal( $u, $throttle = true, $emailTitle = 'passwordremindertitle', $emailText = 'passwordremindertext' ) { - global $wgServer, $wgScript, $wgUser; + global $wgServer, $wgScript, $wgUser, $wgNewPasswordExpiry; if ( '' == $u->getEmail() ) { return new WikiError( wfMsg( 'noemail', $u->getName() ) ); @@ -670,7 +670,8 @@ class LoginForm { $u->setNewpassword( $np, $throttle ); $u->saveSettings(); - $m = wfMsg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript ); + $m = wfMsgExt( $emailText, array( 'parsemag' ), $ip, $u->getName(), $np, + $wgServer . $wgScript, round( $wgNewPasswordExpiry / 86400 ) ); $result = $u->sendMail( wfMsg( $emailTitle ), $m ); return $result; diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index b52aebee45..bbd6ce4a73 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -937,6 +937,7 @@ It must have at least {{PLURAL:$1|1 character|$1 characters}} and be different f password for {{SITENAME}} ($4). A temporary password for user "$2" has been created and was set to "$3". If this was your intent, you will need to log in and choose a new password now. +Your temporary password will expire in {{PLURAL:$5|one day|$5 days}}. If someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and -- 2.20.1