01c8c421f8
Add functionality to expire users' passwords: * Adds column to the user table to keep a password expiration * Adds $wgPasswordExpirationDays, which will force users to reset their passwords after a set number of days. By default, this set to false, so passwords never expire. * Adds a default grace period of 7 days, where if the user's password is expired, they can still login, but are encouraged to reset their password. * Adds hook 'LoginPasswordResetMessage' to update reset message, in case an extension wants to vary the message on a particular reset event. * Adds hook 'ResetPasswordExpiration' to allow extensions to change the expiration date when the user resets their password. E.g., if an extension wants to vary the expiration based on the user's group. If the user is in the grace period, they get a password reset form added to the login successful page. If an extension prevents showing the login successful page (like CentralAuth), it should be updated to show a password change form during the grace period. After the grace period, the user will not be able to login without changing their password. Also prevents a successful reset if the user is "changing" their password to their existing password. No passwords will expire by default. Sites will have to call User->expirePassword() from their own maintenance script to trigger a password reset for a user. Bug: 54997 Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061
3 lines
147 B
SQL
3 lines
147 B
SQL
-- For setting a password expiration date for users
|
|
ALTER TABLE /*$wgDBprefix*/user
|
|
ADD COLUMN user_password_expires varbinary(14) DEFAULT NULL;
|