- // Check against password throttle
- foreach ( $users as $user ) {
- if ( $user->isPasswordReminderThrottled() ) {
-
- # Round the time in hours to 3 d.p., in case someone is specifying
- # minutes or seconds.
- return [ [
- 'throttled-mailpassword',
- round( $this->getConfig()->get( 'PasswordReminderResendTime' ), 3 )
- ] ];
- }
- }
-
- // All the users will have the same email address
- if ( $firstUser->getEmail() == '' ) {
- // This won't be reachable from the email route, so safe to expose the username
- return [ [ 'noemail', wfEscapeWikiText( $firstUser->getName() ) ] ];
- }
-
- // We need to have a valid IP address for the hook, but per bug 18347, we should
- // send the user's name if they're logged in.
- $ip = $this->getRequest()->getIP();
- if ( !$ip ) {
- return [ 'badipaddress' ];
- }
- $caller = $this->getUser();
- Hooks::run( 'User::mailPasswordInternal', [ &$caller, &$ip, &$firstUser ] );
- $username = $caller->getName();
- $msg = IP::isValid( $username )
- ? 'passwordreset-emailtext-ip'
- : 'passwordreset-emailtext-user';
-
- // Send in the user's language; which should hopefully be the same
- $userLanguage = $firstUser->getOption( 'language' );
-
- $passwords = [];
- foreach ( $users as $user ) {
- $password = PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
- $user->setNewpassword( $password );
- $user->saveSettings();
- $passwords[] = $this->msg( 'passwordreset-emailelement', $user->getName(), $password )
- ->inLanguage( $userLanguage )->text(); // We'll escape the whole thing later
- }
- $passwordBlock = implode( "\n\n", $passwords );
-
- $this->email = $this->msg( $msg )->inLanguage( $userLanguage );
- $this->email->params(
- $username,
- $passwordBlock,
- count( $passwords ),
- '<' . Title::newMainPage()->getCanonicalURL() . '>',
- round( $this->getConfig()->get( 'NewPasswordExpiry' ) / 86400 )
- );
-
- $title = $this->msg( 'passwordreset-emailtitle' )->inLanguage( $userLanguage );
-
- $this->result = $firstUser->sendMail( $title->text(), $this->email->text() );
-
- if ( isset( $data['Capture'] ) && $data['Capture'] ) {
- // Save the user, will be used if an error occurs when sending the email
- $this->firstUser = $firstUser;
- } else {
- // Blank the email if the user is not supposed to see it
- $this->email = null;
- }
-
- if ( $this->result->isGood() ) {
- return true;
- } elseif ( isset( $data['Capture'] ) && $data['Capture'] ) {
- // The email didn't send, but maybe they knew that and that's why they captured it
- return true;
- } else {
- // @todo FIXME: The email wasn't sent, but we have already set
- // the password throttle timestamp, so they won't be able to try
- // again until it expires... :(
- return [ [ 'mailerror', $this->result->getMessage() ] ];
- }