(bug 2242) Introduce expiry time for temporary passwords.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0a49ba3..a1723cf 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -71,7 +71,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * The 'BeforeWatchlist' hook has been removed due to internal changes in
   Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions
   to customize the watchlist database query.
-
+* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to 
+  tempoary passwords
 
 === Migrated extensions ===
 The following extensions are migrated into MediaWiki 1.14:
@@ -258,6 +259,7 @@ The following extensions are migrated into MediaWiki 1.14:
 * Image moving is now enabled for sysops by default
 * Make "Did you mean" search feature more noticeable
 * Added "Advanced search" link to the search form
+* (bug 2242) Add an expiry time to temporary passwords
 
 === Bug fixes in 1.14 ===
 

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 9a42c47..f73e80e 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -520,6 +520,11 @@ $wgUserEmailUseReplyTo = false;
  */
 $wgPasswordReminderResendTime = 24;
 
+/**
+ * The time, in seconds, when an emailed temporary password expires.
+ */
+$wgNewPasswordExpiry  = 3600 * 24 * 7;
+
 /**
  * SMTP Mode
  * For using a direct (authenticated) SMTP server connection.

diff --git a/includes/User.php b/includes/User.php
index 9fee089..80318a9 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -2705,7 +2705,13 @@ class User {
         * @return \bool True if matches, false otherwise
         */
        function checkTemporaryPassword( $plaintext ) {
-               return self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() );
+               if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
+                       $this->load();
+                       $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
+                       return ( time() < $expiry );
+               } else {
+                       return false;
+               }
        }
 
        /**

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 6a4da7a..0f354c2 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -654,7 +654,7 @@ class LoginForm {
         * @private
         */
        function mailPasswordInternal( $u, $throttle = true, $emailTitle = 'passwordremindertitle', $emailText = 'passwordremindertext' ) {
-               global $wgServer, $wgScript, $wgUser;
+               global $wgServer, $wgScript, $wgUser, $wgNewPasswordExpiry;
 
                if ( '' == $u->getEmail() ) {
                        return new WikiError( wfMsg( 'noemail', $u->getName() ) );
@@ -670,7 +670,7 @@ class LoginForm {
                $u->setNewpassword( $np, $throttle );
                $u->saveSettings();
 
-               $m = wfMsg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript );
+               $m = wfMsg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript, round( $wgNewPasswordExpiry / 86400 ) );
                $result = $u->sendMail( wfMsg( $emailTitle ), $m );
 
                return $result;

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index cd2a918..0fbf546 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -937,6 +937,7 @@ It must have at least {{PLURAL:$1|1 character|$1 characters}} and be different f
 password for {{SITENAME}} ($4). A temporary password for user
 "$2" has been created and was set to "$3". If this was your
 intent, you will need to log in and choose a new password now.
+Your temporary password will expire in {{PLURAL:$5|one day|$5 days}}.
 
 If someone else made this request, or if you have remembered your password,
 and you no longer wish to change it, you may ignore this message and