/**
* @param User $user
* @param string $pass
* @param string $newaddr
* @return Status
*/
private function attemptChange(User $user, $pass, $newaddr)
{
global $wgAuth;
if ($newaddr != '' && !Sanitizer::validateEmail($newaddr)) {
return Status::newFatal('invalidemailaddress');
}
if ($newaddr === $user->getEmail()) {
return Status::newFatal('changeemail-nochange');
}
$throttleInfo = LoginForm::incrementLoginThrottle($user->getName());
if ($throttleInfo) {
$lang = $this->getLanguage();
return Status::newFatal('changeemail-throttled', $lang->formatDuration($throttleInfo['wait']));
}
if ($this->getConfig()->get('RequirePasswordforEmailChange') && !$user->checkTemporaryPassword($pass) && !$user->checkPassword($pass)) {
return Status::newFatal('wrongpassword');
}
LoginForm::clearLoginThrottle($user->getName());
$oldaddr = $user->getEmail();
$status = $user->setEmailWithConfirmation($newaddr);
if (!$status->isGood()) {
return $status;
}
Hooks::run('PrefsEmailAudit', [$user, $oldaddr, $newaddr]);
$user->saveSettings();
$wgAuth->updateExternalDB($user);
return $status;
}
/**
* Checks the new password if it meets the requirements for passwords and set
* it as a current password, otherwise set the passed Status object to fatal
* and doesn't change anything
*
* @param string $oldpass The current (temporary) password.
* @param string $newpass The password to set.
* @param string $retype The string of the retype password field to check with newpass
* @return Status
*/
protected function attemptReset($oldpass, $newpass, $retype)
{
$isSelf = $this->mUserName === $this->getUser()->getName();
if ($isSelf) {
$user = $this->getUser();
} else {
$user = User::newFromName($this->mUserName);
}
if (!$user || $user->isAnon()) {
return Status::newFatal($this->msg('nosuchusershort', $this->mUserName));
}
if ($newpass !== $retype) {
Hooks::run('PrefsPasswordAudit', [$user, $newpass, 'badretype']);
return Status::newFatal($this->msg('badretype'));
}
$throttleInfo = LoginForm::incrementLoginThrottle($this->mUserName);
if ($throttleInfo) {
return Status::newFatal($this->msg('changepassword-throttled')->durationParams($throttleInfo['wait']));
}
// @todo Make these separate messages, since the message is written for both cases
if (!$user->checkTemporaryPassword($oldpass) && !$user->checkPassword($oldpass)) {
Hooks::run('PrefsPasswordAudit', [$user, $newpass, 'wrongpassword']);
return Status::newFatal($this->msg('resetpass-wrong-oldpass'));
}
// User is resetting their password to their old password
if ($oldpass === $newpass) {
return Status::newFatal($this->msg('resetpass-recycled'));
}
// Do AbortChangePassword after checking mOldpass, so we don't leak information
// by possibly aborting a new password before verifying the old password.
$abortMsg = 'resetpass-abort-generic';
if (!Hooks::run('AbortChangePassword', [$user, $oldpass, $newpass, &$abortMsg])) {
Hooks::run('PrefsPasswordAudit', [$user, $newpass, 'abortreset']);
return Status::newFatal($this->msg($abortMsg));
}
// Please reset throttle for successful logins, thanks!
LoginForm::clearLoginThrottle($this->mUserName);
try {
$user->setPassword($newpass);
Hooks::run('PrefsPasswordAudit', [$user, $newpass, 'success']);
} catch (PasswordError $e) {
Hooks::run('PrefsPasswordAudit', [$user, $newpass, 'error']);
return Status::newFatal(new RawMessage($e->getMessage()));
}
if ($isSelf) {
// This is needed to keep the user connected since
// changing the password also modifies the user's token.
$remember = $this->getRequest()->getCookie('Token') !== null;
$user->setCookies(null, null, $remember);
}
$user->saveSettings();
$this->resetPasswordExpiration($user);
return Status::newGood();
}