From 295d0bf2956c43e9a46dbc79f9a22273a6eabc3e Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Wed, 13 Dec 2006 08:59:20 +0000 Subject: [PATCH] * Accept null parameter to User::setPassword() as indicating the password field should be cleared to an unusable state. Login will only be possible after the password is reset, for instance by e-mail. * (bug 6394) Invalidate the password set for "by e-mail" account creations to avoid accidental empty password creations. --- RELEASE-NOTES | 5 +++++ includes/AuthPlugin.php | 4 ++++ includes/SpecialUserlogin.php | 2 ++ includes/User.php | 30 +++++++++++++++++++++--------- 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 8bcf68d9a4..50d381cb2b 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -296,6 +296,11 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages * Set an explicit class on framed thumbnail inner divs and images, changed some CSS to use these instead of using descendent selectors. +* Accept null parameter to User::setPassword() as indicating the password + field should be cleared to an unusable state. Login will only be possible + after the password is reset, for instance by e-mail. +* (bug 6394) Invalidate the password set for "by e-mail" account creations + to avoid accidental empty password creations. == Languages updated == diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php index cf06e426c3..e33ef1bf94 100644 --- a/includes/AuthPlugin.php +++ b/includes/AuthPlugin.php @@ -146,6 +146,10 @@ class AuthPlugin { /** * Set the given password in the authentication database. + * As a special case, the password may be set to null to request + * locking the password to an unusable value, with the expectation + * that it will be set later through a mail reset or other method. + * * Return true if successful. * * @param $user User object. diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index 3288d80faf..29281e64a2 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -123,6 +123,8 @@ class LoginForm { return; } + // Wipe the initial password and mail a temporary one + $u->setPassword( null ); $u->saveSettings(); $result = $this->mailPasswordInternal( $u, false ); diff --git a/includes/User.php b/includes/User.php index 597d003667..87f75a45e4 100644 --- a/includes/User.php +++ b/includes/User.php @@ -1303,20 +1303,26 @@ class User { * pass the change through or if the legal password * checks fail. * + * As a special case, setting the password to null + * wipes it, so the account cannot be logged in until + * a new password is set, for instance via e-mail. + * * @param string $str * @throws PasswordError on failure */ function setPassword( $str ) { global $wgAuth; - if( !$wgAuth->allowPasswordChange() ) { - throw new PasswordError( wfMsg( 'password-change-forbidden' ) ); - } + if( $str !== null ) { + if( !$wgAuth->allowPasswordChange() ) { + throw new PasswordError( wfMsg( 'password-change-forbidden' ) ); + } - if( !$this->isValidPassword( $str ) ) { - global $wgMinimalPasswordLength; - throw new PasswordError( wfMsg( 'passwordtooshort', - $wgMinimalPasswordLength ) ); + if( !$this->isValidPassword( $str ) ) { + global $wgMinimalPasswordLength; + throw new PasswordError( wfMsg( 'passwordtooshort', + $wgMinimalPasswordLength ) ); + } } if( !$wgAuth->setPassword( $this, $str ) ) { @@ -1325,9 +1331,15 @@ class User { $this->load(); $this->setToken(); - $this->mPassword = $this->encryptPassword( $str ); + + if( $str === null ) { + // Save an invalid hash... + $this->mPassword = ''; + } else { + $this->mPassword = $this->encryptPassword( $str ); + } $this->mNewpassword = ''; - $this->mNewpassTime = NULL; + $this->mNewpassTime = null; return true; } -- 2.20.1