* Accept null parameter to User::setPassword() as indicating the password

field should be cleared to an unusable state. Login will only be possible after the password is reset, for instance by e-mail. * (bug 6394) Invalidate the password set for "by e-mail" account creations to avoid accidental empty password creations.
2006-12-13 08:59:20 +00:00 · 2006-12-13 08:59:20 +00:00 · 295d0bf295
commit 295d0bf295
parent 4bdff3636f
4 changed files with 32 additions and 9 deletions
--- a/5
+++ b/5
@ -296,6 +296,11 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages
 * Set an explicit class on framed thumbnail inner divs and images, changed some 
  CSS to use these instead of using descendent selectors.
+* Accept null parameter to User::setPassword() as indicating the password
+  field should be cleared to an unusable state. Login will only be possible
+  after the password is reset, for instance by e-mail.
+* (bug 6394) Invalidate the password set for "by e-mail" account creations
+  to avoid accidental empty password creations.


 == Languages updated ==
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@ -146,6 +146,10 @@ class AuthPlugin {

 	/**
 	 * Set the given password in the authentication database.
+	 * As a special case, the password may be set to null to request
+	 * locking the password to an unusable value, with the expectation
+	 * that it will be set later through a mail reset or other method.
+	 *
 	 * Return true if successful.
 	 *
 	 * @param $user User object.
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@ -123,6 +123,8 @@ class LoginForm {
 			return;
 		}

+		// Wipe the initial password and mail a temporary one
+		$u->setPassword( null );
 		$u->saveSettings();
 		$result = $this->mailPasswordInternal( $u, false );

--- a/includes/User.php
+++ b/includes/User.php
@ -1303,20 +1303,26 @@ class User {
 	 * pass the change through or if the legal password
 	 * checks fail.
 	 *
+	 * As a special case, setting the password to null
+	 * wipes it, so the account cannot be logged in until
+	 * a new password is set, for instance via e-mail.
+	 *
 	 * @param string $str
 	 * @throws PasswordError on failure
 	 */
 	function setPassword( $str ) {
 		global $wgAuth;
 		
-		if( !$wgAuth->allowPasswordChange() ) {
-			throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
-		}
+		if( $str !== null ) {
+			if( !$wgAuth->allowPasswordChange() ) {
+				throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
+			}
 		
-		if( !$this->isValidPassword( $str ) ) {
-			global $wgMinimalPasswordLength;
-			throw new PasswordError( wfMsg( 'passwordtooshort',
-				$wgMinimalPasswordLength ) );
+			if( !$this->isValidPassword( $str ) ) {
+				global $wgMinimalPasswordLength;
+				throw new PasswordError( wfMsg( 'passwordtooshort',
+					$wgMinimalPasswordLength ) );
+			}
 		}
 		
 		if( !$wgAuth->setPassword( $this, $str ) ) {
@ -1325,9 +1331,15 @@ class User {
 		
 		$this->load();
 		$this->setToken();
-		$this->mPassword = $this->encryptPassword( $str );
+		
+		if( $str === null ) {
+			// Save an invalid hash...
+			$this->mPassword = '';
+		} else {
+			$this->mPassword = $this->encryptPassword( $str );
+		}
 		$this->mNewpassword = '';
-		$this->mNewpassTime = NULL;
+		$this->mNewpassTime = null;
 		
 		return true;
 	}