From: Ryan Lane Date: Fri, 11 Feb 2011 17:38:56 +0000 (+0000) Subject: Partial fix for bug 27310. Add domain information when doing password resets. Also... X-Git-Tag: 1.31.0-rc.0~32042 X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22sites_tous%22%29%20.%20%22?a=commitdiff_plain;h=7b5dbc3882a61492d15fffabe7ac8eaf281b14a8;p=lhc%2Fweb%2Fwiklou.git Partial fix for bug 27310. Add domain information when doing password resets. Also, the login form being used for non-logged in users was failing because of a missing login token, so this adds a login token before the form is executed. --- diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php index 87b9149a8a..256cc90394 100644 --- a/includes/specials/SpecialResetpass.php +++ b/includes/specials/SpecialResetpass.php @@ -46,16 +46,12 @@ class SpecialResetpass extends SpecialPage { $this->mOldpass = $wgRequest->getVal( 'wpPassword' ); $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' ); $this->mRetype = $wgRequest->getVal( 'wpRetype' ); + $this->mDomain = $wgRequest->getVal( 'wpDomain' ); $this->setHeaders(); $this->outputHeader(); $wgOut->disallowUserJs(); - if( !$wgAuth->allowPasswordChange() ) { - $this->error( wfMsg( 'resetpass_forbidden' ) ); - return; - } - if( !$wgRequest->wasPosted() && !$wgUser->isLoggedIn() ) { $this->error( wfMsg( 'resetpass-no-info' ) ); return; @@ -66,16 +62,26 @@ class SpecialResetpass extends SpecialPage { return; } - if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('token') ) ) { + if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) { try { + $wgAuth->setDomain( $this->mDomain ); + if( !$wgAuth->allowPasswordChange() ) { + $this->error( wfMsg( 'resetpass_forbidden' ) ); + return; + } + $this->attemptReset( $this->mNewpass, $this->mRetype ); $wgOut->addWikiMsg( 'resetpass_success' ); if( !$wgUser->isLoggedIn() ) { + LoginForm::setLoginToken(); + $token = LoginForm::getLoginToken(); $data = array( - 'action' => 'submitlogin', - 'wpName' => $this->mUserName, - 'wpPassword' => $this->mNewpass, - 'returnto' => $wgRequest->getVal( 'returnto' ), + 'action' => 'submitlogin', + 'wpName' => $this->mUserName, + 'wpDomain' => $this->mDomain, + 'wpLoginToken' => $token, + 'wpPassword' => $this->mNewpass, + 'returnto' => $wgRequest->getVal( 'returnto' ), ); if( $wgRequest->getCheck( 'wpRemember' ) ) { $data['wpRemember'] = 1; @@ -142,6 +148,7 @@ class SpecialResetpass extends SpecialPage { 'id' => 'mw-resetpass-form' ) ) . "\n" . Html::hidden( 'token', $wgUser->editToken() ) . "\n" . Html::hidden( 'wpName', $this->mUserName ) . "\n" . + Html::hidden( 'wpDomain', $this->mDomain ) . "\n" . Html::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . "\n" . wfMsgExt( 'resetpass_text', array( 'parse' ) ) . "\n" . Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" .