Merge pull request #4 from jacob-g/master

Lots of improvements!
2024-12-04 12:51:01 -05:00 · 2015-01-19 12:06:47 -06:00 · 2015-01-19 12:06:47 -06:00 · b7a8982fbe
commit b7a8982fbe
parent 696ec2f50e 066b521780
11 changed files with 4923 additions and 4879 deletions
--- a/ConfirmAccount/ConfirmAccount.config.php
+++ b/ConfirmAccount/ConfirmAccount.config.php
@ -1,118 +1,120 @@
-<?php
-
-# ######## Configuration variables ########
-# IMPORTANT: DO NOT EDIT THIS FILE
-# When configuring globals, set them at LocalSettings.php instead
-
-# Set the person's bio as their userpage?
-$wgMakeUserPageFromBio = true;
-# Text to add to bio pages if the above option is on
-$wgAutoUserBioText = '';
-
-# Create a user talk page with a welcome message for accepted users.
-# The message can be customized by editing MediaWiki:confirmaccount-welc.
-$wgAutoWelcomeNewUsers = true;
-
-# How long to store rejected requests
-$wgRejectedAccountMaxAge = 7 * 24 * 3600; // 1 week
-# How long after accounts have been requested/held before they count as 'rejected'
-$wgConfirmAccountRejectAge = 30 * 24 * 3600; // 1 month
-
-# How many requests can an IP make at once?
-$wgAccountRequestThrottle = 1;
-# Can blocked users with "prevent account creation" request accounts?
-$wgAccountRequestWhileBlocked = false;
-
-# Which form elements to show at Special:RequestAccount
-$wgConfirmAccountRequestFormItems = array(
-	# Let users make names other than their "real name"
-	'UserName'        => array( 'enabled' => true ),
-	# Real name of user
-	'RealName'        => array( 'enabled' => false ),
-	# Biographical info
-	'Biography'       => array( 'enabled' => false, 'minWords' => 0 ),
-	# Interest checkboxes (defined in MediaWiki:requestaccount-areas)
-	'AreasOfInterest' => array( 'enabled' => true ),
-	# CV/resume attachment option
-	'CV'              => array( 'enabled' => false ),
-	# Additional non-public info for reviewer
-	'Notes'           => array( 'enabled' => true ),
-	# Option to place web URLs that establish the user
-	'Links'           => array( 'enabled' => false ),
-	# Terms of Service checkbox
-	'TermsOfService'  => array( 'enabled' => true ),
-);
-
-# If files can be attached, what types can be used? (MIME data is checked)
-$wgAccountRequestExts = array( 'txt', 'pdf', 'doc', 'latex', 'rtf', 'text', 'wp', 'wpd', 'sxw' );
-
-# Prospective account request types.
-# Format is an array of (integer => (subpage param,user group,autotext)) pairs.
-# The integer keys enumerate the request types. The key for a type should not change.
-# Each type has its own request queue at Special:ConfirmAccount/<subpage param>.
-# When a request of a certain type is approved, the new user:
-# (a) is placed in the <user group> group (if not User or *)
-# (b) has <autotext> appended to his or her user page
-$wgAccountRequestTypes = array(
-	0 => array( 'authors', 'user', null )
-);
-
-# If set, will add {{DEFAULTSORT:sortkey}} to userpages for auto-categories.
-# The sortkey will be made by doing a regex search and replace on the title.
-# Set this variable to false to avoid sortkey use.
-$wgConfirmAccountSortkey = false;
-// For example, the below will do {{DEFAULTSORT:firstname, lastname}}
-# $wgConfirmAccountSortkey = array( '/^(.+) ([^ ]+)$/', '$2, $1' );
-
-# IMPORTANT: do we store the user's notes and credentials
-# for sucessful account request? This will be stored indefinetely
-# and will be accessible to users with crediential lookup permissions
-$wgConfirmAccountSaveInfo = true;
-
-# Send an email to this address when account requestors confirm their email.
-# Set to false to skip this
-$wgConfirmAccountContact = false;
-
-# If ConfirmEdit is installed and set to trigger for createaccount,
-# inject catpchas for requests too?
-$wgConfirmAccountCaptchas = true;
-
-# Storage repos. Has B/C for when this used FileStore.
-$wgConfirmAccountFSRepos = array(
-	'accountreqs' => array( # Location of attached files for pending requests
-		'name'       => 'accountreqs',
-		'directory'  => isset( $wgFileStore['accountreqs'] ) ?
-			$wgFileStore['accountreqs']['directory'] : "{$IP}/images/accountreqs",
-		'url'        => isset( $wgFileStore['accountreqs'] ) ?
-			$wgFileStore['accountreqs']['url'] : null,
-		'hashLevels' => isset( $wgFileStore['accountreqs'] ) ?
-			$wgFileStore['accountreqs']['hash'] : 3
-	),
-	'accountcreds' => array( # Location of credential files
-		'name'       => 'accountcreds',
-		'directory'  => isset( $wgFileStore['accountcreds'] ) ?
-			$wgFileStore['accountcreds']['directory'] : "{$IP}/images/accountcreds",
-		'url'        => isset( $wgFileStore['accountcreds'] ) ?
-			$wgFileStore['accountcreds']['url'] : null,
-		'hashLevels' => isset( $wgFileStore['accountcreds'] ) ?
-			$wgFileStore['accountcreds']['hash'] : 3
-	)
-);
-
-# Restrict account creation
-$wgGroupPermissions['*']['createaccount'] = false;
-$wgGroupPermissions['user']['createaccount'] = false;
-# Grant account queue rights
-$wgGroupPermissions['bureaucrat']['confirmaccount'] = true;
-# This right has the request IP show when confirming accounts
-$wgGroupPermissions['bureaucrat']['requestips'] = true;
-
-# If credentials are stored, this right lets users look them up
-$wgGroupPermissions['bureaucrat']['lookupcredentials'] = true;
-
-# Show notice for open requests to admins?
-# This is cached, but still can be expensive on sites with thousands of requests.
-$wgConfirmAccountNotice = true;
-
-# End of configuration variables.
-# ########
+<?php
+
+# ######## Configuration variables ########
+# IMPORTANT: DO NOT EDIT THIS FILE
+# When configuring globals, set them at LocalSettings.php instead
+
+# Set the person's bio as their userpage?
+$wgMakeUserPageFromBio = true;
+# Text to add to bio pages if the above option is on
+$wgAutoUserBioText = '';
+
+# Create a user talk page with a welcome message for accepted users.
+# The message can be customized by editing MediaWiki:confirmaccount-welc.
+$wgAutoWelcomeNewUsers = true;
+
+# How long to store rejected requests
+$wgRejectedAccountMaxAge = 7 * 24 * 3600; // 1 week
+# How long after accounts have been requested/held before they count as 'rejected'
+$wgConfirmAccountRejectAge = 30 * 24 * 3600; // 1 month
+
+# How many requests can an IP make at once?
+$wgAccountRequestThrottle = 1;
+# Can blocked users with "prevent account creation" request accounts?
+$wgAccountRequestWhileBlocked = false;
+
+# Which form elements to show at Special:RequestAccount
+$wgConfirmAccountRequestFormItems = array(
+	# Let users make names other than their "real name"
+	'UserName'        => array( 'enabled' => true ),
+	# Real name of user
+	'RealName'        => array( 'enabled' => false ),
+	# Biographical info
+	'Biography'       => array( 'enabled' => false, 'minWords' => 0 ),
+	# Interest checkboxes (defined in MediaWiki:requestaccount-areas)
+	'AreasOfInterest' => array( 'enabled' => true ),
+	# CV/resume attachment option
+	'CV'              => array( 'enabled' => false ),
+	# Additional non-public info for reviewer
+	'Notes'           => array( 'enabled' => true ),
+	# Option to place web URLs that establish the user
+	'Links'           => array( 'enabled' => false ),
+	# Terms of Service checkbox
+	'TermsOfService'  => array( 'enabled' => true ),
+);
+
+# If files can be attached, what types can be used? (MIME data is checked)
+$wgAccountRequestExts = array( 'txt', 'pdf', 'doc', 'latex', 'rtf', 'text', 'wp', 'wpd', 'sxw' );
+
+# Prospective account request types.
+# Format is an array of (integer => (subpage param,user group,autotext)) pairs.
+# The integer keys enumerate the request types. The key for a type should not change.
+# Each type has its own request queue at Special:ConfirmAccount/<subpage param>.
+# When a request of a certain type is approved, the new user:
+# (a) is placed in the <user group> group (if not User or *)
+# (b) has <autotext> appended to his or her user page
+$wgAccountRequestTypes = array(
+	0 => array( 'authors', 'user', null )
+);
+
+# If set, will add {{DEFAULTSORT:sortkey}} to userpages for auto-categories.
+# The sortkey will be made by doing a regex search and replace on the title.
+# Set this variable to false to avoid sortkey use.
+$wgConfirmAccountSortkey = false;
+// For example, the below will do {{DEFAULTSORT:firstname, lastname}}
+# $wgConfirmAccountSortkey = array( '/^(.+) ([^ ]+)$/', '$2, $1' );
+
+# IMPORTANT: do we store the user's notes and credentials
+# for sucessful account request? This will be stored indefinetely
+# and will be accessible to users with crediential lookup permissions
+$wgConfirmAccountSaveInfo = true;
+
+# Send an email to this address when account requestors confirm their email.
+# Set to false to skip this
+$wgConfirmAccountContact = false;
+
+# If ConfirmEdit is installed and set to trigger for createaccount,
+# inject catpchas for requests too?
+$wgConfirmAccountCaptchas = true;
+
+# Storage repos. Has B/C for when this used FileStore.
+$wgConfirmAccountFSRepos = array(
+	'accountreqs' => array( # Location of attached files for pending requests
+		'name'       => 'accountreqs',
+		'directory'  => isset( $wgFileStore['accountreqs'] ) ?
+			$wgFileStore['accountreqs']['directory'] : "{$IP}/images/accountreqs",
+		'url'        => isset( $wgFileStore['accountreqs'] ) ?
+			$wgFileStore['accountreqs']['url'] : null,
+		'hashLevels' => isset( $wgFileStore['accountreqs'] ) ?
+			$wgFileStore['accountreqs']['hash'] : 3
+	),
+	'accountcreds' => array( # Location of credential files
+		'name'       => 'accountcreds',
+		'directory'  => isset( $wgFileStore['accountcreds'] ) ?
+			$wgFileStore['accountcreds']['directory'] : "{$IP}/images/accountcreds",
+		'url'        => isset( $wgFileStore['accountcreds'] ) ?
+			$wgFileStore['accountcreds']['url'] : null,
+		'hashLevels' => isset( $wgFileStore['accountcreds'] ) ?
+			$wgFileStore['accountcreds']['hash'] : 3
+	)
+);
+
+# Restrict account creation
+$wgGroupPermissions['*']['createaccount'] = false;
+$wgGroupPermissions['user']['createaccount'] = false;
+# Grant account queue rights
+$wgGroupPermissions['bureaucrat']['confirmaccount'] = true;
+# This right has the request IP show when confirming accounts
+$wgGroupPermissions['bureaucrat']['requestips'] = true;
+
+# If credentials are stored, this right lets users look them up - this just means being able to see the user's request notes
+$wgGroupPermissions['bureaucrat']['lookupcredentials'] = true;
+$wgGroupPermissions['sysop']['lookupcredentials'] = true;
+$wgGroupPermissions['Experienced_Wikians']['lookupcredentials'] = true;
+
+# Show notice for open requests to admins?
+# This is cached, but still can be expensive on sites with thousands of requests.
+$wgConfirmAccountNotice = true;
+
+# End of configuration variables.
+# ########
--- a/ConfirmAccount/backend/schema/mysql/patch-account_credentials.sql
+++ b/ConfirmAccount/backend/schema/mysql/patch-account_credentials.sql
@ -2,7 +2,7 @@

 ALTER TABLE /*$wgDBprefix*/account_requests
 	ADD acr_type tinyint(255) unsigned NOT NULL default 0,
-	DROP INDEX IF EXISTS acr_deleted_reg,
+	DROP INDEX acr_deleted_reg,
 	ADD INDEX acr_type_del_reg (acr_type,acr_deleted,acr_registration);

 -- This stores all of credential information
--- a/ConfirmAccount/business/AccountConfirmSubmission.php
+++ b/ConfirmAccount/business/AccountConfirmSubmission.php
@ -46,6 +46,8 @@ class AccountConfirmSubmission {
 			return $this->holdRequest( $context );
 		} elseif ( $this->action === 'accept' ) {
 			return $this->acceptRequest( $context );
+		} elseif ($this->action === 'delete') {
+			return $this->deleteRequest($context);
 		} else {
 			return array( 'accountconf_bad_action', $context->msg( 'confirmaccount-badaction' )->escaped() );
 		}
@ -64,6 +66,17 @@ class AccountConfirmSubmission {
 		$dbw->commit();
 		return array( true, null );
 	}
+	
+	protected function deleteRequest( IContextSource $context ) {
+		$dbw = wfGetDB( DB_MASTER );
+		$dbw->begin();
+
+		$ok = $this->accountReq->remove();
+		ConfirmAccount::clearAccountRequestCountCache();
+
+		$dbw->commit();
+		return array( true, null );
+	}

 	protected function rejectRequest( IContextSource $context ) {
 		$dbw = wfGetDB( DB_MASTER );
@ -122,7 +135,7 @@ class AccountConfirmSubmission {
 		}

 		# Send out a request hold email...
-		$result = $u->sendMail(
+		/*$result = $u->sendMail(
 			$context->msg( 'confirmaccount-email-subj' )->inContentLanguage()->text(),
 			$context->msg( 'confirmaccount-email-body5', $u->getName(), $this->reason )->inContentLanguage()->text()
 		);
@ -130,7 +143,7 @@ class AccountConfirmSubmission {
 			$dbw->rollback();
 			return array( 'accountconf_mailerror',
 				$context->msg( 'mailerror' )->rawParams( $context->getOutput()->parse( $result->getWikiText() ) )->text() );
-		}
+		}*/

 		# Clear cache for notice of how many account requests there are
 		ConfirmAccount::clearAccountRequestCountCache();
@ -433,10 +446,14 @@ class AccountConfirmSubmission {
 		global $wgAutoWelcomeNewUsers;

 		if ( $wgAutoWelcomeNewUsers ) {
-			$msg = "confirmaccount-welc-pos{$this->type}";
-			$welcome = wfEmptyMsg( $msg )
-				? wfMessage( 'confirmaccount-welc' )->text()
-				: wfMessage( $msg )->text(); // custom message
+			if (trim($this->reason) == '') {
+				$msg = "confirmaccount-welc-pos{$this->type}";
+				$welcome = wfEmptyMsg( $msg )
+					? wfMessage( 'confirmaccount-welc' )->text()
+					: wfMessage( $msg )->text(); // custom message
+			} else {
+				$welcome = $this->reason;
+			}
 			# Add user welcome message!
 			$article = new WikiPage( $user->getTalkPage() );
 			$article->doEdit(
--- a/ConfirmAccount/business/AccountRequestSubmission.php
+++ b/ConfirmAccount/business/AccountRequestSubmission.php
@ -24,7 +24,7 @@ class AccountRequestSubmission {
 	protected $attachmentDidNotForget; // user already saw "please re-attach" notice
 	protected $attachmentSize; // bytes size of file
 	protected $attachmentTempPath; // tmp path file was uploaded to FS
-
+		
 	public function __construct( User $requester, array $params ) {
 		$this->requester = $requester;
 		$this->userName = trim( $params['userName'] );
@ -90,10 +90,13 @@ class AccountRequestSubmission {
 		}
 		
 		//before we continue, verify user
-		$code = sha1($_SERVER['REMOTE_ADDR'] . date('m'));
-		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/10135908/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
+		//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
+		$project_link = $context->msg('requestaccount-project-link')->text();
+		preg_match('%(\d+)%', $project_link, $matches);
+		$code = $context->getRequest()->getSessionData('confirmaccount-code');
+		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
 	    if (!$data) {
-		   return array('api_failed', 'Accessing the API to verify your registration failed. Please try again later.');
+		   return array('api_failed', $context->msg('requestaccount-api-failed'));
 		   return;
 	    }
 	    $success = false;
@ -101,18 +104,22 @@ class AccountRequestSubmission {
 	    foreach ($matches[2] as $key => $val) {
 		   $user = $matches[1][$key];
 		   $comment = trim($val);
-		   if (strtolower($user) == strtolower($this->userName) && $comment == $code) {
+		   if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) {
 			  $success = true;
 			  break;
 		   }
 	    }
 	    
 	    if ($_POST['pwd1'] != $_POST['pwd2']) {
-		    return array('pwds_no_match', 'The passwords did not match.');
+		    return array('pwds_no_match', $context->msg('badretype'));
 	    }
+		
+		if (strlen($_POST['pwd1']) <= 4) {
+			return array('pwd_too_short', $context->msg('passwordtooshort', 5));
+		}
 	    
 	    if (!$success) {
-		    return array('no_comment', 'It does not appear you commented the verification code on the specified project. Please try again.');
+		    return array('no_comment', $context->msg('requestaccount-nocomment-error'));
 	    }
 		
 		$u = User::newFromName( $this->userName, 'creatable' );
--- a/ConfirmAccount/frontend/ConfirmAccountUI.hooks.php
+++ b/ConfirmAccount/frontend/ConfirmAccountUI.hooks.php
@ -64,11 +64,11 @@ class ConfirmAccountUIHooks {
 		if ( !$title->isSpecial( 'Recentchanges' ) && !$title->isSpecial( 'Watchlist' ) ) {
 			return true;
 		}
-		$count = ConfirmAccount::getOpenEmailConfirmedCount( '*' );
-		if ( $count > 0 ) {
+		$count = ConfirmAccount::getOpenRequestCount( '*' );
+		if ( $count['open'] > 0 ) {
 			$out->prependHtml(
 				'<div id="mw-confirmaccount-msg" class="plainlinks mw-confirmaccount-bar">' .
-				$context->msg( 'confirmaccount-newrequests' )->numParams( $count )->parse() .
+				$context->msg( 'confirmaccount-newrequests' )->numParams( $count['open'] )->parse() .
 				'</div>'
 			);

--- a/ConfirmAccount/frontend/language/ConfirmAccount.i18n.php
+++ b/ConfirmAccount/frontend/language/ConfirmAccount.i18n.php
@ -10,7 +10,7 @@ $messages = array();

 $messages['en'] = array(
 	# Site message for admins
-	'confirmaccount-newrequests' => '\'\'\'$1\'\'\' open e-mail confirmed [[Special:ConfirmAccounts|account {{PLURAL:$1|request is pending|requests are pending}}]]. \'\'\'Your attention is needed!\'\'\'',
+	'confirmaccount-newrequests' => '\'\'\'$1\'\'\' open [[Special:ConfirmAccounts|account {{PLURAL:$1|request is pending|requests are pending}}]]. \'\'\'Your attention is needed!\'\'\'',

 	# Add to Special:Login
 	'requestaccount-loginnotice' => 'To obtain a user account, you must \'\'\'[[Special:RequestAccount|request one]]\'\'\'.',
--- a/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php
+++ b/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php
@ -28,10 +28,6 @@ They can still be approved into accounts.',
 	'confirmaccount-text'     => 'This is a pending request for a user account at \'\'\'{{SITENAME}}\'\'\'.

 Carefully review the below information.
-If you are approving this request, use the position dropdown to set the account status of the user.
-Edits made to the application biography will not affect any permanent credential storage.
-Note that you can choose to create the account under a different username.
-Use this only to avoid  collisions with other names.

 If you simply leave this page without confirming or denying this request, it will remain pending.',
 	'confirmaccount-none-o'   => 'There are currently no open pending account requests in this list.',
@ -139,6 +135,7 @@ There may be contact lists on site that you can use if you want to know more abo
 $2

 There may be contact lists on site that you can use if you want to know more about user account policy.',
+	
 );

 /** Message documentation (Message documentation)
@ -5726,7 +5723,7 @@ $2
 Aquò permet d’èsser sus la tièra dels contactes del site, se ne desiratz saber mai sus las règlas que concernisson los comptes.',
 );

-/** Oriya (ଓଡ଼ିଆ)
+/** Oriya (ଓଡ଼ିଆ)
 * @author Odisha1
 */
 $messages['or'] = array(
--- a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
+++ b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
--- a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
@ -295,13 +295,13 @@ class ConfirmAccountsPage extends SpecialPage {
 		$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
 		$form .= '<table cellpadding=\'4\'>';
 		$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
-		$form .= "<td>" . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName' ) ) . "</td></tr>\n";
+		$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
 		$econf = '';
-		if ( $accountReq->getEmailAuthTimestamp() ) {
+		/*if ( $accountReq->getEmailAuthTimestamp() ) {
 			$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';
 		}
 		$form .= "<tr><td>" . $this->msg( 'confirmaccount-email' )->escaped() . "</td>";
-		$form .= "<td>" . htmlspecialchars( $accountReq->getEmail() ) . $econf . "</td></tr>\n";
+		$form .= "<td>" . htmlspecialchars( $accountReq->getEmail() ) . $econf . "</td></tr>\n";*/
 		if ( count( $wgAccountRequestTypes ) > 1 ) {
 			$options = array();
 			$form .= "<tr><td><strong>" . $this->msg( 'confirmaccount-reqtype' )->escaped() . "</strong></td><td>";
@ -435,9 +435,14 @@ class ConfirmAccountsPage extends SpecialPage {
 		$form .= "<td>" . Xml::radio( 'wpSubmitType', 'hold', $this->submitType == 'hold',
 			array( 'id' => 'submitHold', 'onclick' => 'document.getElementById("wpComment").style.display="block"' ) );
 		$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-hold' )->text(), 'submitHold' ) . "</td>\n";
-		$form .= "<td>" . Xml::radio( 'wpSubmitType', 'spam', $this->submitType == 'spam',
-			array( 'id' => 'submitSpam', 'onclick' => 'document.getElementById("wpComment").style.display="none"' ) );
-		$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-spam' )->text(), 'submitSpam' ) . "</td>\n";
+		if ($rejectTimestamp || $heldTimestamp) {
+			$form .= "<td>" . Xml::radio( 'wpSubmitType', 'delete', $this->submitType == 'delete',
+				array( 'id' => 'submitDelete', 'onclick' => 'document.getElementById("wpComment").style.display="block"' ) );
+			$form .= ' ' . Xml::label( $this->msg( 'delete' )->text(), 'submitDelete' ) . "</td>\n";
+		}
+		//$form .= "<td>" . Xml::radio( 'wpSubmitType', 'spam', $this->submitType == 'spam',
+		//	array( 'id' => 'submitSpam', 'onclick' => 'document.getElementById("wpComment").style.display="none"' ) );
+		//$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-spam' )->text(), 'submitSpam' ) . "</td>\n";
 		$form .= "</tr></table>";
 		$form .= "<div id='wpComment'><p>" . $this->msg( 'confirmaccount-reason' )->escaped() . "</p>\n";
 		$form .= "<p><textarea name='wpReason' id='wpReason' rows='3' cols='80' style='width:80%; display=block;'>" .
@ -661,8 +666,8 @@ class ConfirmAccountsPage extends SpecialPage {
 			}
 		}

-		# Every 30th view, prune old deleted items
-		if ( 0 == mt_rand( 0, 29 ) ) {
+		# Every 10th view, prune old deleted items
+		if ( 0 == mt_rand( 0, 10 ) ) {
 			ConfirmAccount::runAutoMaintenance();
 		}
 	}
--- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
@ -92,6 +92,12 @@ class RequestAccountPage extends SpecialPage {
 	protected function showForm( $msg = '', $forgotFile = 0 ) {
 		global $wgAccountRequestTypes, $wgMakeUserPageFromBio;

+		//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
+		if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
+			$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
+			$this->getRequest()->setSessionData('confirmaccount-time', time());
+		}
+
 		$reqUser = $this->getUser();

 		$this->mForgotAttachment = $forgotFile;
@ -211,26 +217,26 @@ class RequestAccountPage extends SpecialPage {
 		
 		//Scratch user verification
 		$form .= '<fieldset>';
-		$form .= '<legend>User verification</legend>';
-		$form .= '<p>Please go to the <a href="http://scratch.mit.edu/projects/10135908/">user verification project</a> and comment the following code:<br /><b>' . sha1($_SERVER['REMOTE_ADDR'] . date('m')) . '</b></p>
-		<p><b>Note:</b>If you are having problems with User verification not working, please see our <a href="http://wiki.scratch.mit.edu/wiki/Scratch_Wiki:Become_a_contributor/Verification_code_troubleshooting">Troubleshooting page</a></p>' . "\n";
+		$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
+		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
+		<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
 		$form .= '</fieldset>';
 		
 		//Set temporary password
 		$form .= '<fieldset>';
-		$form .= '<legend>Set password</legend>';
+		$form .= '<legend>' . $this->msg('requestaccount-set-pwd') . '</legend>';
 		$form .= '<table border="0">
 			<tr>
-				<td>Password</td>
+				<td>' . $this->msg('yourpassword') . '</td>
 				<td><input type="password" name="pwd1" /></td>
 			</tr>
 			<tr>
-				<td>Confirm password</td>
+				<td>' . $this->msg('yourpasswordagain') . '</td>
 				<td><input type="password" name="pwd2" /></td>
 			</tr>
 		</table>' . "\n";
 		$form .= '</fieldset>';
-
+		
 		# FIXME: do this better...
 		global $wgConfirmAccountCaptchas, $wgCaptchaClass, $wgCaptchaTriggers;
 		if ( $wgConfirmAccountCaptchas && isset( $wgCaptchaClass )
@ -319,7 +325,7 @@ class RequestAccountPage extends SpecialPage {
 				'attachmentSrcName'         => $this->mSrcName,
 				'attachmentDidNotForget'    => $this->mForgotAttachment, // confusing name :)
 				'attachmentSize'            => $this->mFileSize,
-				'attachmentTempPath'        => $this->mTempPath
+				'attachmentTempPath'        => $this->mTempPath,
 			)
 		);

--- a/ConfirmAccount/frontend/specialpages/actions/UserCredentials_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/UserCredentials_body.php
@ -93,8 +93,8 @@ class UserCredentialsPage extends SpecialPage {
 		$form .= "<td>" . Linker::makeLinkObj( $user->getUserPage(), htmlspecialchars( $user->getUserPage()->getText() ) ) . "</td></tr>\n";

 		$econf = $row->acd_email_authenticated ? ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>' : '';
-		$form .= "<tr><td>" . $this->msg( 'usercredentials-email' )->escaped() . "</td>";
-		$form .= "<td>" . htmlspecialchars( $row->acd_email ) . $econf . "</td></tr>\n";
+		//$form .= "<tr><td>" . $this->msg( 'usercredentials-email' )->escaped() . "</td>";
+		//$form .= "<td>" . htmlspecialchars( $row->acd_email ) . $econf . "</td></tr>\n";

 		$form .= $grouplist;

@ -135,7 +135,7 @@ class UserCredentialsPage extends SpecialPage {
 			$form .= '</fieldset>';
 		}

-		$form .= '<fieldset>';
+		/*$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg( 'usercredentials-leg-person' )->escaped() . '</legend>';
 		$form .= '<table cellpadding=\'4\'>';
 		$form .= "<tr><td>" . $this->msg( 'usercredentials-real' )->escaped() . "</td>";
@ -145,24 +145,27 @@ class UserCredentialsPage extends SpecialPage {
 		$form .= "<p><textarea tabindex='1' readonly='readonly' name='wpBio' id='wpNewBio' rows='10' cols='80' style='width:100%'>" .
 			htmlspecialchars( $row->acd_bio ) .
 			"</textarea></p>\n";
-		$form .= '</fieldset>';
+		$form .= '</fieldset>';*/

 		$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg( 'usercredentials-leg-other' )->escaped() . '</legend>';
 		if ( $this->hasItem( 'CV' ) || $this->hasItem( 'Notes' ) || $this->hasItem( 'Links' ) ) {
-			$form .= '<p>' . $this->msg( 'usercredentials-attach' )->escaped() . ' ';
+			/*$form .= '<p>' . $this->msg( 'usercredentials-attach' )->escaped() . ' ';
 			if ( $row->acd_filename ) {
 				$form .= Linker::makeKnownLinkObj( $titleObj, htmlspecialchars( $row->acd_filename ),
 					'file=' . $row->acd_storage_key );
 			} else {
 				$form .= $this->msg( 'confirmaccount-none-p' )->escaped();
 			}
-			$form .= "</p><p>" . $this->msg( 'usercredentials-notes' )->escaped() . "</p>\n";
+			$form .= '</p>';*/
+			//get rid of the hashed password, which is currently jammed in with the request notes
+			$notes_parts = explode(chr(1), $row->acd_notes);
+			$form .= '<p>' . $this->msg( 'usercredentials-notes' )->escaped() . "</p>\n";
 			$form .= "<p><textarea tabindex='1' readonly='readonly' name='wpNotes' id='wpNotes' rows='3' cols='80' style='width:100%'>" .
-				htmlspecialchars( $row->acd_notes ) .
+				htmlspecialchars( $notes_parts[0] ) .
 				"</textarea></p>\n";
-			$form .= "<p>" . $this->msg( 'usercredentials-urls' )->escaped() . "</p>\n";
-			$form .= ConfirmAccountsPage::parseLinks( $row->acd_urls );
+			/*$form .= "<p>" . $this->msg( 'usercredentials-urls' )->escaped() . "</p>\n";
+			$form .= ConfirmAccountsPage::parseLinks( $row->acd_urls );*/
 		}
 		$form .= '</fieldset>';