*/
class SpecialPasswordReset extends FormSpecialPage {
+ /**
+ * @var Message
+ */
+ private $email;
+
+ /**
+ * @var Status
+ */
+ private $result;
+
public function __construct() {
parent::__construct( 'PasswordReset' );
}
);
}
+ if( $this->getUser()->isAllowed( 'passwordreset' ) ){
+ $a['Capture'] = array(
+ 'type' => 'check',
+ 'label-message' => 'passwordreset-capture',
+ 'help-message' => 'passwordreset-capture-help',
+ );
+ }
+
return $a;
}
}
}
+ if( isset( $data['Capture'] ) && !$this->getUser()->isAllowed( 'passwordreset' ) ){
+ // The user knows they don't have the passwordreset permission, but they tried to spoof the form. That's naughty
+ throw new PermissionsError( 'passwordreset' );
+ }
+
+ /**
+ * @var $firstUser User
+ * @var $users User[]
+ */
+
if ( isset( $data['Username'] ) && $data['Username'] !== '' ) {
$method = 'username';
$users = array( User::newFromName( $data['Username'] ) );
$password = $user->randomPassword();
$user->setNewpassword( $password );
$user->saveSettings();
- $passwords[] = wfMessage( 'passwordreset-emailelement', $user->getName(), $password );
+ $passwords[] = wfMessage( 'passwordreset-emailelement', $user->getName(), $password )->plain(); // We'll escape the whole thing later
}
$passwordBlock = implode( "\n\n", $passwords );
// Send in the user's language; which should hopefully be the same
$userLanguage = $firstUser->getOption( 'language' );
- $body = wfMessage( $msg )->inLanguage( $userLanguage );
- $body->params(
+ $this->email = wfMessage( $msg )->inLanguage( $userLanguage );
+ $this->email->params(
$username,
$passwordBlock,
count( $passwords ),
$title = wfMessage( 'passwordreset-emailtitle' );
- $result = $firstUser->sendMail( $title->text(), $body->text() );
+ $this->result = $firstUser->sendMail( $title->escaped(), $this->email->escaped() );
- if ( $result->isGood() ) {
+ // Blank the email if the user is not supposed to see it
+ if( !isset( $data['Capture'] ) || !$data['Capture'] ) {
+ $this->email = null;
+ }
+
+ if ( $this->result->isGood() ) {
+ return true;
+ } elseif( isset( $data['Capture'] ) && $data['Capture'] ){
+ // The email didn't send, but maybe they knew that and that's why they captured it
return true;
} else {
// @todo FIXME: The email didn't send, but we have already set the password throttle
// timestamp, so they won't be able to try again until it expires... :(
- return array( array( 'mailerror', $result->getMessage() ) );
+ return array( array( 'mailerror', $this->result->getMessage() ) );
}
}
public function onSuccess() {
+ if( $this->getUser()->isAllowed( 'passwordreset' ) && $this->email != null ){
+ // @todo: Logging
+
+ if( $this->result->isGood() ){
+ $this->getOutput()->addWikiMsg( 'passwordreset-emailsent-capture' );
+ } else {
+ $this->getOutput()->addWikiMsg( 'passwordreset-emailerror-capture', $this->result->getMessage() );
+ }
+
+ $this->getOutput()->addHTML( Html::rawElement( 'pre', array(), $this->email->escaped() ) );
+ }
+
$this->getOutput()->addWikiMsg( 'passwordreset-emailsent' );
$this->getOutput()->returnToMain();
}
'passwordreset-pretext' => '{{PLURAL:$1||Enter one of the pieces of data below}}',
'passwordreset-username' => 'Username:',
'passwordreset-domain' => 'Domain:',
+'passwordreset-capture' => 'View the resulting email?',
+'passwordreset-capture-help' => 'If you check this box, the email (with the temporary password) will be shown to you as well as being sent to the user.',
'passwordreset-email' => 'E-mail address:',
'passwordreset-emailtitle' => 'Account details on {{SITENAME}}',
'passwordreset-emailtext-ip' => 'Someone (probably you, from IP address $1) requested a reminder of your
'passwordreset-emailelement' => 'Username: $1
Temporary password: $2',
'passwordreset-emailsent' => 'A reminder e-mail has been sent.',
+'passwordreset-emailsent-capture' => 'A reminder e-mail has been sent, which is shown below.',
+'passwordreset-emailerror-capture' => 'A reminder e-mail was generated, which is shown below, but sending it to the user failed: $1',
# Special:ChangeEmail
'changeemail' => 'Change E-mail address',
'right-siteadmin' => 'Lock and unlock the database',
'right-override-export-depth' => 'Export pages including linked pages up to a depth of 5',
'right-sendemail' => 'Send e-mail to other users',
+'right-passwordreset' => 'View password reset emails',
# User rights log
'rightslog' => 'User rights log',