From a350a93d1fb9bfa7b0726c006395990b44ebda17 Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Sat, 21 Feb 2009 22:27:43 +0000 Subject: [PATCH] Add logging to password resets per request on code review. Also a little javascript thing for disable/enable of relevant text boxes if you change the name to/from your own. --- includes/DefaultSettings.php | 6 ++++- includes/specials/SpecialResetpass.php | 29 +++++++++++++++-------- languages/messages/MessagesEn.php | 4 ++++ maintenance/language/messages.inc | 4 ++++ skins/common/changepassword.js | 32 ++++++++++++++++++++++++++ 5 files changed, 65 insertions(+), 10 deletions(-) create mode 100644 skins/common/changepassword.js diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index c54427b06a..40f88ae392 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1469,7 +1469,7 @@ $wgCacheEpoch = '20030516000000'; * to ensure that client-side caches don't keep obsolete copies of global * styles. */ -$wgStyleVersion = '206'; +$wgStyleVersion = '207'; # Server-side caching: @@ -2843,6 +2843,7 @@ $wgLogTypes = array( '', 'patrol', 'merge', 'suppress', + 'password', ); /** @@ -2897,6 +2898,7 @@ $wgLogNames = array( 'patrol' => 'patrol-log-page', 'merge' => 'mergelog', 'suppress' => 'suppressionlog', + 'password' => 'resetpass-log' ); /** @@ -2917,6 +2919,7 @@ $wgLogHeaders = array( 'patrol' => 'patrol-log-header', 'merge' => 'mergelogpagetext', 'suppress' => 'suppressionlogtext', + 'password' => 'resetpass-logtext', ); /** @@ -2952,6 +2955,7 @@ $wgLogActions = array( 'suppress/delete' => 'suppressedarticle', 'suppress/block' => 'blocklogentry', 'suppress/reblock' => 'reblock-logentry', + 'password/reset' => 'resetpass-logentry' ); /** diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php index 49e2530d4b..1678fc3055 100644 --- a/includes/specials/SpecialResetpass.php +++ b/includes/specials/SpecialResetpass.php @@ -26,6 +26,7 @@ class SpecialResetpass extends SpecialPage { $this->mOldpass = $wgRequest->getVal( 'wpPassword' ); $this->mNewpass = $wgRequest->getVal( 'wpNewPassword' ); $this->mRetype = $wgRequest->getVal( 'wpRetype' ); + $this->mComment = $wgRequest->getVal( 'wpComment' ); $this->setHeaders(); $this->outputHeader(); @@ -94,6 +95,10 @@ class SpecialResetpass extends SpecialPage { global $wgOut, $wgUser, $wgRequest; $wgOut->disallowUserJs(); + + if ( $wgUser->isAllowed( 'reset-passwords') ) { + $wgOut->addScriptFile( 'changepassword.js' ); + } $self = SpecialPage::getTitleFor( 'Resetpass' ); @@ -113,8 +118,7 @@ class SpecialResetpass extends SpecialPage { $oldpassMsg = 'oldpassword'; $submitMsg = 'resetpass-submit-loggedin'; } - $wgOut->addHTML( - Xml::fieldset( wfMsg( 'resetpass_header' ) ) . + $s = Xml::fieldset( wfMsg( 'resetpass_header' ) ) . Xml::openElement( 'form', array( 'method' => 'post', @@ -123,13 +127,15 @@ class SpecialResetpass extends SpecialPage { Xml::hidden( 'token', $wgUser->editToken() ) . Xml::hidden( 'returnto', $wgRequest->getVal( 'returnto' ) ) . wfMsgExt( 'resetpass_text', array( 'parse' ) ) . - Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . - $this->pretty( array( + Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ); + $formElements = array( array( 'wpName', 'username', 'text', $this->mUserName, $wgUser->isAllowed( 'reset-passwords' ) ), array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass, $this->mSelfChange ), array( 'wpNewPassword', 'newpassword', 'password', '', true ), - array( 'wpRetype', 'retypenew', 'password', '', true ), - ) ) . + array( 'wpRetype', 'retypenew', 'password', '', true ) ); + if ( $wgUser->isAllowed( 'reset-passwords' ) && $this->mSelfChange ) + $formElements[] = array( 'wpComment', 'resetpass-comment', 'text', $this->mComment, true ); + $s .= $this->pretty( $formElements ) . $rememberMe . '' . '' . @@ -139,8 +145,8 @@ class SpecialResetpass extends SpecialPage { '' . Xml::closeElement( 'table' ) . Xml::closeElement( 'form' ) . - Xml::closeElement( 'fieldset' ) - ); + Xml::closeElement( 'fieldset' ); + $wgOut->addHtml( $s ); } function pretty( $fields ) { @@ -183,7 +189,7 @@ class SpecialResetpass extends SpecialPage { throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) ); } } - + try { $user->setPassword( $this->mNewpass ); wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'success' ) ); @@ -194,6 +200,11 @@ class SpecialResetpass extends SpecialPage { return; } + if ( !$this->mSelfChange ) { + $log = new LogPage( 'password' ); + $log->addEntry( 'reset', $user->getUserPage(), $this->mComment ); + } + $user->setCookies(); $user->saveSettings(); } diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 357b0a812e..e521010e86 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1017,6 +1017,10 @@ You may have already successfully changed your password or requested a new tempo You may have already successfully changed your password or requested a new temporary password.', 'resetpass-temp-password' => 'Temporary password:', 'resetpass-no-others' => 'You cannot reset the password for other users.', +'resetpass-log' => 'Password resets', +'resetpass-logtext' => 'Below is a log of users who have had their password reset by a bureaucrat', +'resetpass-logentry' => 'changed the password for $1', +'resetpass-comment' => 'Reason for password reset', # Edit page toolbar 'bold_sample' => 'Bold text', diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 8e973283e8..d30d998626 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -462,6 +462,10 @@ $wgMessageStructure = array( 'resetpass-wrong-oldpass', 'resetpass-temp-password', 'resetpass-no-others', + 'resetpass-log', + 'resetpass-logtext', + 'resetpass-logentry', + 'resetpass-comment', ), 'toolbar' => array( 'bold_sample', diff --git a/skins/common/changepassword.js b/skins/common/changepassword.js new file mode 100644 index 0000000000..1ea09d2eda --- /dev/null +++ b/skins/common/changepassword.js @@ -0,0 +1,32 @@ + +function onNameChange() { + if ( wgUserName != document.getElementById('wpName').value ) { + document.getElementById('wpPassword').disabled = true; + document.getElementById('wpComment').disabled = false; + } else { + document.getElementById('wpPassword').disabled = false; + document.getElementById('wpComment').disabled = true; + } +} + +function onNameChangeHook() { + document.getElementById( 'wpName' ).onblur = onNameChange; +} + +addOnloadHook( onNameChangeHook ); + +function onNameChange() { + if ( wgUserName != document.getElementById('wpName').value ) { + document.getElementById('wpPassword').disabled = true; + document.getElementById('wpComment').disabled = false; + } else { + document.getElementById('wpPassword').disabled = false; + document.getElementById('wpComment').disabled = true; + } +} + +function onNameChangeHook() { + document.getElementById( 'wpName' ).onblur = onNameChange; +} + +addOnloadHook( onNameChangeHook ); -- 2.20.1