From: Chad Horohoe Date: Tue, 6 Jan 2009 16:21:44 +0000 (+0000) Subject: (bug 2242) Introduce expiry time for temporary passwords. X-Git-Tag: 1.31.0-rc.0~43552 X-Git-Url: http://git.cyclocoop.org/fichier?a=commitdiff_plain;h=b4f1376fc203b97475cbbe84a71e9f5661e37dde;p=lhc%2Fweb%2Fwiklou.git (bug 2242) Introduce expiry time for temporary passwords. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0a49ba3011..a1723cffc1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -71,7 +71,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * The 'BeforeWatchlist' hook has been removed due to internal changes in Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions to customize the watchlist database query. - +* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to + tempoary passwords === Migrated extensions === The following extensions are migrated into MediaWiki 1.14: @@ -258,6 +259,7 @@ The following extensions are migrated into MediaWiki 1.14: * Image moving is now enabled for sysops by default * Make "Did you mean" search feature more noticeable * Added "Advanced search" link to the search form +* (bug 2242) Add an expiry time to temporary passwords === Bug fixes in 1.14 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 9a42c478db..f73e80efba 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -520,6 +520,11 @@ $wgUserEmailUseReplyTo = false; */ $wgPasswordReminderResendTime = 24; +/** + * The time, in seconds, when an emailed temporary password expires. + */ +$wgNewPasswordExpiry = 3600 * 24 * 7; + /** * SMTP Mode * For using a direct (authenticated) SMTP server connection. diff --git a/includes/User.php b/includes/User.php index 9fee089c4c..80318a9be9 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2705,7 +2705,13 @@ class User { * @return \bool True if matches, false otherwise */ function checkTemporaryPassword( $plaintext ) { - return self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ); + if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) { + $this->load(); + $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry; + return ( time() < $expiry ); + } else { + return false; + } } /** diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 6a4da7a4ab..0f354c2475 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -654,7 +654,7 @@ class LoginForm { * @private */ function mailPasswordInternal( $u, $throttle = true, $emailTitle = 'passwordremindertitle', $emailText = 'passwordremindertext' ) { - global $wgServer, $wgScript, $wgUser; + global $wgServer, $wgScript, $wgUser, $wgNewPasswordExpiry; if ( '' == $u->getEmail() ) { return new WikiError( wfMsg( 'noemail', $u->getName() ) ); @@ -670,7 +670,7 @@ class LoginForm { $u->setNewpassword( $np, $throttle ); $u->saveSettings(); - $m = wfMsg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript ); + $m = wfMsg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript, round( $wgNewPasswordExpiry / 86400 ) ); $result = $u->sendMail( wfMsg( $emailTitle ), $m ); return $result; diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index cd2a91883f..0fbf5467b7 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -937,6 +937,7 @@ It must have at least {{PLURAL:$1|1 character|$1 characters}} and be different f password for {{SITENAME}} ($4). A temporary password for user "$2" has been created and was set to "$3". If this was your intent, you will need to log in and choose a new password now. +Your temporary password will expire in {{PLURAL:$5|one day|$5 days}}. If someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and