From 362403ccd5c18a499a4ad138418a1148bc3b6cf1 Mon Sep 17 00:00:00 2001
From: Max Semenik <maxsem.wiki@gmail.com>
Date: Mon, 23 Nov 2015 15:32:33 -0800
Subject: [PATCH] Add script to reset user emails

Current way to do it, via eval.php, is slightly scary.

Change-Id: I2b875326a0eb1e6d1f4bc758b8ac97b8f9324c4e
---
 RELEASE-NOTES-1.27             |  2 ++
 maintenance/resetUserEmail.php | 66 ++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 maintenance/resetUserEmail.php

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index c5356c151c..a79a7b280e 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -305,6 +305,8 @@ changes to languages because of Phabricator reports.
   together but instead pick the final one, similar to image syntax.
 * XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
   rather than consume everything until the end of the page.
+* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
+  a user forgot password/account was stolen.
 
 == Compatibility ==
 
diff --git a/maintenance/resetUserEmail.php b/maintenance/resetUserEmail.php
new file mode 100644
index 0000000000..50f096503a
--- /dev/null
+++ b/maintenance/resetUserEmail.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * Reset user email.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup Maintenance
+ */
+
+require_once __DIR__ . '/Maintenance.php';
+
+/**
+ * Maintenance script that resets user email.
+ *
+ * @since 1.27
+ * @ingroup Maintenance
+ */
+class ResetUserEmail extends Maintenance {
+	public function __construct() {
+		$this->mDescription = "Resets a user's email";
+		$this->addArg( 'user', 'Username or user ID, if starts with #', true );
+		$this->addArg( 'email', 'Email to assign' );
+		parent::__construct();
+	}
+
+	public function execute() {
+		$userName = $this->getArg( 0 );
+		if ( preg_match( '/^#\d+$/', $userName ) ) {
+			$user = User::newFromId( substr( $userName, 1 ) );
+		} else {
+			$user = User::newFromName( $userName );
+		}
+		if ( !$user || !$user->getId() || !$user->loadFromId() ) {
+			$this->error( "Error: user '$userName' does not exist\n", 1 );
+		}
+
+		$email = $this->getArg( 1 );
+		if ( !Sanitizer::validateEmail( $email ) ) {
+			$this->error( "Error: email '$email' is not valid\n", 1 );
+		}
+
+		// Code from https://wikitech.wikimedia.org/wiki/Password_reset
+		$user->setEmail( $email );
+		$user->setEmailAuthenticationTimestamp( wfTimestampNow() );
+		$user->saveSettings();
+		// Kick whomever is currently controlling the account off
+		$user->setPassword( PasswordFactory::generateRandomPasswordString( 128 ) );
+	}
+}
+
+$maintClass = 'ResetUserEmail';
+require_once RUN_MAINTENANCE_IF_MAIN;
-- 
2.20.1