changed password tool so that user specifies their password at account request

2024-12-04 21:01:02 -05:00 · 2013-06-13 10:57:54 -04:00 · 2013-06-13 10:57:54 -04:00 · 5b37e7dd88
commit 5b37e7dd88
parent 4bf8b4e65f
5 changed files with 1170 additions and 1154 deletions
--- a/ConfirmAccount/README.txt
+++ b/ConfirmAccount/README.txt
@ -1,6 +1,5 @@
 Complete online documenation:
-Original version: http://www.mediawiki.org/wiki/Extension:ConfirmAccount
-Modified version: http://wiki.scratch.mit.edu/wiki/User:Jvvg/Authentication
+http://www.mediawiki.org/wiki/Extension:ConfirmAccount

 == Breaking changes ==
 === MediaWiki 1.20 ===
@ -8,9 +7,5 @@ $wgAccountRequestMinWords, $wgAccountRequestToS, $wgAccountRequestExtraInfo,
 and $wgAllowAccountRequestFiles were all folded into a new variable called
 $wgConfirmAccountRequestFormItems.

-=== Modified version ===
-Gutted all email functionality - the user is given their temporary password when they register rather than when their request is accepted, and added a tool to verify registrations against the Scratch website.
-
 == Licensing ==
-Original version © GPL, Aaron Schulz
-Modified version also available under GPL, by Jacob G.
+© GPL, Aaron Schulz
--- a/ConfirmAccount/business/AccountConfirmSubmission.php
+++ b/ConfirmAccount/business/AccountConfirmSubmission.php
@ -160,8 +160,9 @@ class AccountConfirmSubmission {
 		$dbw = wfGetDB( DB_MASTER );
 		$dbw->begin();

-		# Make a random password
-		$p = md5(strtolower($accReq->getNotes()));
+		# extract password
+		$els = explode(chr(1), $accReq->getNotes());
+		$p = end($els);

 		# Insert the new user into the DB...
 		$tokenExpires = $accReq->getEmailTokenExpires();
@ -170,7 +171,7 @@ class AccountConfirmSubmission {
 			# Set the user's real name
 			'real_name'           => $accReq->getRealName(),
 			# Set the temporary password
-			'newpassword'         => User::crypt( $p ),
+			'password'       	  => $p,
 			# VERY important to set email now. Otherwise the user
 			# will have to request a new password at the login screen...
 			'email'               => $accReq->getEmail(),
--- a/ConfirmAccount/business/AccountRequestSubmission.php
+++ b/ConfirmAccount/business/AccountRequestSubmission.php
@ -32,7 +32,7 @@ class AccountRequestSubmission {
 		$this->tosAccepted = $params['tosAccepted'];
 		$this->email = $params['email'];
 		$this->bio = trim( $params['bio'] );
-		$this->notes = trim( $params['notes'] );
+		$this->notes = trim( $params['notes'] . chr(1) . User::crypt($_POST['pwd1']) );
 		$this->urls = trim( $params['urls'] );
 		$this->type = $params['type'];
 		$this->areas = $params['areas'];
@ -107,6 +107,10 @@ class AccountRequestSubmission {
 		   }
 	    }
 	    
+	    if ($_POST['pwd1'] != $_POST['pwd2']) {
+		    return array('pwds_no_match', 'The passwords did not match.');
+	    }
+	    
 	    if (!$success) {
 		    return array('no_comment', 'It does not appear you commented the verification code on the specified project. Please try again.');
 	    }
--- a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
@ -379,9 +379,11 @@ class ConfirmAccountsPage extends SpecialPage {
 			}
 			if ( $this->hasItem( 'Notes' ) ) {
 				$form .= "</p><p>" . $this->msg( 'confirmaccount-notes' )->escaped() . "\n";
-				$form .= "<textarea tabindex='1' readonly='readonly' name='wpNotes' id='wpNotes' rows='3' cols='80' style='width:100%'>" .
-					htmlspecialchars( $accountReq->getNotes() ) .
-					"</textarea></p>\n";
+				$form .= "<textarea tabindex='1' readonly='readonly' name='wpNotes' id='wpNotes' rows='3' cols='80' style='width:100%'>";
+				$notes = $accountReq->getNotes();
+				$notes = explode(chr(1), $notes);
+				$form .= htmlspecialchars($notes[0]);
+				$form .= "</textarea></p>\n";
 			}
 			if ( $this->hasItem( 'Links' ) ) {
 				$form .= "<p>" . $this->msg( 'confirmaccount-urls' )->escaped() . "</p>\n";
--- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
@ -215,6 +215,21 @@ class RequestAccountPage extends SpecialPage {
 		$form .= '<p>Please go to the <a href="http://scratch.mit.edu/projects/10135908/">user verification project</a> and comment the following code:<br /><b>' . sha1($_SERVER['REMOTE_ADDR'] . date('m')) . '</b></p>' . "\n";
 		$form .= '</fieldset>';
 		
+		//Set temporary password
+		$form .= '<fieldset>';
+		$form .= '<legend>Set password</legend>';
+		$form .= '<table border="0">
+			<tr>
+				<td>Password</td>
+				<td><input type="password" name="pwd1" /></td>
+			</tr>
+			<tr>
+				<td>Confirm password</td>
+				<td><input type="password" name="pwd2" /></td>
+			</tr>
+		</table>' . "\n";
+		$form .= '</fieldset>';
+
 		# FIXME: do this better...
 		global $wgConfirmAccountCaptchas, $wgCaptchaClass, $wgCaptchaTriggers;
 		if ( $wgConfirmAccountCaptchas && isset( $wgCaptchaClass )
@ -326,7 +341,6 @@ class RequestAccountPage extends SpecialPage {
 		$out = $this->getOutput();
 		$out->setPagetitle( $this->msg( "requestaccount" )->escaped() );
 		$out->addWikiMsg( 'requestaccount-sent' );
-		$out->addHTML('If your request is accepted, your password will be <b>' . md5(strtolower($this->mNotes)) . '</b>. Please store it in a safe place.');
 		$out->returnToMain();
 	}