maintenance/resetUserTokens.php

   1 <?php
   2 /**
   3  * Script to reset the user_token for all users on the wiki. Useful if you
   4  * believe that your user table was acidentally leaked to an external source.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License along
  17  * with this program; if not, write to the Free Software Foundation, Inc.,
  18  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  19  * http://www.gnu.org/copyleft/gpl.html
  20  *
  21  * @file
  22  * @ingroup Maintenance
  23  * @author Daniel Friesen <mediawiki@danielfriesen.name>
  24  */
  25
  26 require_once( dirname( __FILE__ ) . '/Maintenance.php' );
  27
  28 class ResetUserTokens extends Maintenance {
  29         public function __construct() {
  30                 parent::__construct();
  31                 $this->mDescription = "Reset the user_token of all users on the wiki. Note that this may log some of them out.";
  32                 $this->addOption( 'nowarn', "Hides the 5 seconds warning", false, false );
  33                 $this->addOption( 'quiet', "Do not print what is happening", false, false );
  34         }
  35
  36         public function execute() {
  37                 $nowarn = $this->getOption( 'nowarn' );
  38                 $quiet = $this->getOption( 'quiet' );
  39
  40                 if ( !$nowarn ) {
  41                         echo <<<WARN
  42 The script is about to reset the user_token for ALL USERS in the database.
  43 This may log some of them out and is not necessary unless you believe your
  44 user table has been compromised.
  45
  46 Abort with control-c in the next five seconds....
  47 WARN;
  48                         wfCountDown( 5 );
  49                 }
  50
  51                 // We list user by user_id from one of the slave database
  52                 $dbr = wfGetDB( DB_SLAVE );
  53                 $result = $dbr->select( 'user',
  54                         array( 'user_id' ),
  55                         array(),
  56                         __METHOD__
  57                         );
  58
  59                 foreach ( $result as $id ) {
  60                         $user = User::newFromId( $id->user_id );
  61
  62                         $username = $user->getName();
  63
  64                         if ( !$quiet ) {
  65                                 echo "Resetting user_token for $username: ";
  66                         }
  67
  68                         // Change value
  69                         $user->setToken();
  70                         $user->saveSettings();
  71
  72                         if ( !$quiet ) {
  73                                 echo " OK\n";
  74                         }
  75
  76                 }
  77
  78         }
  79 }
  80
  81 $maintClass = "ResetUserTokens";
  82 require_once( RUN_MAINTENANCE_IF_MAIN );