From 481266f23536532993802e2f61c96c58addcbaad Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 21 Oct 2006 16:31:49 +0000
Subject: [PATCH] * (bug 6427) Block blocked IPs from using the mail password
 function   to allow blocking of flooders

---
 RELEASE-NOTES                     | 3 +++
 includes/SpecialUserlogin.php     | 7 +++++++
 languages/messages/MessagesEn.php | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 9a39dbf1b4..bfdea080ef 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -66,6 +66,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 7644) User creations that are aborted by hooks shouldn't be counted
   against account creations per day limit
 * (bug 7636) Show Firefox 2 users "shift-alt" as accesskey prefix
+* (bug 6427) Block blocked IPs from using the mail password function
+  to allow blocking of flooders
+
 
 == Languages updated ==
 
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index 64cb38d960..1f56141e3f 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -407,6 +407,13 @@ class LoginForm {
 	function mailPassword() {
 		global $wgUser, $wgOut;
 		
+		# Check against blocked IPs
+		# fixme -- should we not?
+		if( $wgUser->isBlocked() ) {
+			$this->mainLoginForm( wfMsg( 'blocked-mailpassword' ) );
+			return;
+		}
+		
 		# Check against the rate limiter
 		if( $wgUser->pingLimiter( 'mailpassword' ) ) {
 			$wgOut->rateLimited();
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 8798e55e42..769d3d66b9 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -728,6 +728,8 @@ your old password.',
 'passwordsent'	=> 'A new password has been sent to the e-mail address
 registered for "$1".
 Please log in again after you receive it.',
+'blocked-mailpassword' => 'Your IP address is blocked from editing, and so
+is not allowed to use the password recovery function to prevent abuse.',
 'eauthentsent' =>  'A confirmation e-mail has been sent to the nominated e-mail address.
 Before any other mail is sent to the account, you will have to follow the instructions in the e-mail,
 to confirm that the account is actually yours.',
-- 
2.20.1