Merge pull request #4 from jacob-g/master

Lots of improvements!
2024-12-04 21:01:02 -05:00 · 2015-01-19 12:06:47 -06:00 · 2015-01-19 12:06:47 -06:00 · b7a8982fbe
commit b7a8982fbe
parent 696ec2f50e 066b521780
11 changed files with 4923 additions and 4879 deletions
--- a/ConfirmAccount/ConfirmAccount.config.php
+++ b/ConfirmAccount/ConfirmAccount.config.php
@ -107,8 +107,10 @@ $wgGroupPermissions['bureaucrat']['confirmaccount'] = true;
 # This right has the request IP show when confirming accounts
 $wgGroupPermissions['bureaucrat']['requestips'] = true;

-# If credentials are stored, this right lets users look them up
+# If credentials are stored, this right lets users look them up - this just means being able to see the user's request notes
 $wgGroupPermissions['bureaucrat']['lookupcredentials'] = true;
+$wgGroupPermissions['sysop']['lookupcredentials'] = true;
+$wgGroupPermissions['Experienced_Wikians']['lookupcredentials'] = true;

 # Show notice for open requests to admins?
 # This is cached, but still can be expensive on sites with thousands of requests.
--- a/ConfirmAccount/backend/schema/mysql/patch-account_credentials.sql
+++ b/ConfirmAccount/backend/schema/mysql/patch-account_credentials.sql
@ -2,7 +2,7 @@

 ALTER TABLE /*$wgDBprefix*/account_requests
 	ADD acr_type tinyint(255) unsigned NOT NULL default 0,
-	DROP INDEX IF EXISTS acr_deleted_reg,
+	DROP INDEX acr_deleted_reg,
 	ADD INDEX acr_type_del_reg (acr_type,acr_deleted,acr_registration);

 -- This stores all of credential information
--- a/ConfirmAccount/business/AccountConfirmSubmission.php
+++ b/ConfirmAccount/business/AccountConfirmSubmission.php
@ -46,6 +46,8 @@ class AccountConfirmSubmission {
 			return $this->holdRequest( $context );
 		} elseif ( $this->action === 'accept' ) {
 			return $this->acceptRequest( $context );
+		} elseif ($this->action === 'delete') {
+			return $this->deleteRequest($context);
 		} else {
 			return array( 'accountconf_bad_action', $context->msg( 'confirmaccount-badaction' )->escaped() );
 		}
@ -65,6 +67,17 @@ class AccountConfirmSubmission {
 		return array( true, null );
 	}
 	
+	protected function deleteRequest( IContextSource $context ) {
+		$dbw = wfGetDB( DB_MASTER );
+		$dbw->begin();
+
+		$ok = $this->accountReq->remove();
+		ConfirmAccount::clearAccountRequestCountCache();
+
+		$dbw->commit();
+		return array( true, null );
+	}
+
 	protected function rejectRequest( IContextSource $context ) {
 		$dbw = wfGetDB( DB_MASTER );
 		$dbw->begin();
@ -122,7 +135,7 @@ class AccountConfirmSubmission {
 		}

 		# Send out a request hold email...
-		$result = $u->sendMail(
+		/*$result = $u->sendMail(
 			$context->msg( 'confirmaccount-email-subj' )->inContentLanguage()->text(),
 			$context->msg( 'confirmaccount-email-body5', $u->getName(), $this->reason )->inContentLanguage()->text()
 		);
@ -130,7 +143,7 @@ class AccountConfirmSubmission {
 			$dbw->rollback();
 			return array( 'accountconf_mailerror',
 				$context->msg( 'mailerror' )->rawParams( $context->getOutput()->parse( $result->getWikiText() ) )->text() );
-		}
+		}*/

 		# Clear cache for notice of how many account requests there are
 		ConfirmAccount::clearAccountRequestCountCache();
@ -433,10 +446,14 @@ class AccountConfirmSubmission {
 		global $wgAutoWelcomeNewUsers;

 		if ( $wgAutoWelcomeNewUsers ) {
+			if (trim($this->reason) == '') {
 				$msg = "confirmaccount-welc-pos{$this->type}";
 				$welcome = wfEmptyMsg( $msg )
 					? wfMessage( 'confirmaccount-welc' )->text()
 					: wfMessage( $msg )->text(); // custom message
+			} else {
+				$welcome = $this->reason;
+			}
 			# Add user welcome message!
 			$article = new WikiPage( $user->getTalkPage() );
 			$article->doEdit(
--- a/ConfirmAccount/business/AccountRequestSubmission.php
+++ b/ConfirmAccount/business/AccountRequestSubmission.php
@ -90,10 +90,13 @@ class AccountRequestSubmission {
 		}
 		
 		//before we continue, verify user
-		$code = sha1($_SERVER['REMOTE_ADDR'] . date('m'));
-		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/10135908/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
+		//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
+		$project_link = $context->msg('requestaccount-project-link')->text();
+		preg_match('%(\d+)%', $project_link, $matches);
+		$code = $context->getRequest()->getSessionData('confirmaccount-code');
+		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
 	    if (!$data) {
-		   return array('api_failed', 'Accessing the API to verify your registration failed. Please try again later.');
+		   return array('api_failed', $context->msg('requestaccount-api-failed'));
 		   return;
 	    }
 	    $success = false;
@ -101,18 +104,22 @@ class AccountRequestSubmission {
 	    foreach ($matches[2] as $key => $val) {
 		   $user = $matches[1][$key];
 		   $comment = trim($val);
-		   if (strtolower($user) == strtolower($this->userName) && $comment == $code) {
+		   if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) {
 			  $success = true;
 			  break;
 		   }
 	    }
 	    
 	    if ($_POST['pwd1'] != $_POST['pwd2']) {
-		    return array('pwds_no_match', 'The passwords did not match.');
+		    return array('pwds_no_match', $context->msg('badretype'));
+	    }
+		
+		if (strlen($_POST['pwd1']) <= 4) {
+			return array('pwd_too_short', $context->msg('passwordtooshort', 5));
 		}
 	    
 	    if (!$success) {
-		    return array('no_comment', 'It does not appear you commented the verification code on the specified project. Please try again.');
+		    return array('no_comment', $context->msg('requestaccount-nocomment-error'));
 	    }
 		
 		$u = User::newFromName( $this->userName, 'creatable' );
--- a/ConfirmAccount/frontend/ConfirmAccountUI.hooks.php
+++ b/ConfirmAccount/frontend/ConfirmAccountUI.hooks.php
@ -64,11 +64,11 @@ class ConfirmAccountUIHooks {
 		if ( !$title->isSpecial( 'Recentchanges' ) && !$title->isSpecial( 'Watchlist' ) ) {
 			return true;
 		}
-		$count = ConfirmAccount::getOpenEmailConfirmedCount( '*' );
-		if ( $count > 0 ) {
+		$count = ConfirmAccount::getOpenRequestCount( '*' );
+		if ( $count['open'] > 0 ) {
 			$out->prependHtml(
 				'<div id="mw-confirmaccount-msg" class="plainlinks mw-confirmaccount-bar">' .
-				$context->msg( 'confirmaccount-newrequests' )->numParams( $count )->parse() .
+				$context->msg( 'confirmaccount-newrequests' )->numParams( $count['open'] )->parse() .
 				'</div>'
 			);

--- a/ConfirmAccount/frontend/language/ConfirmAccount.i18n.php
+++ b/ConfirmAccount/frontend/language/ConfirmAccount.i18n.php
@ -10,7 +10,7 @@ $messages = array();

 $messages['en'] = array(
 	# Site message for admins
-	'confirmaccount-newrequests' => '\'\'\'$1\'\'\' open e-mail confirmed [[Special:ConfirmAccounts|account {{PLURAL:$1|request is pending|requests are pending}}]]. \'\'\'Your attention is needed!\'\'\'',
+	'confirmaccount-newrequests' => '\'\'\'$1\'\'\' open [[Special:ConfirmAccounts|account {{PLURAL:$1|request is pending|requests are pending}}]]. \'\'\'Your attention is needed!\'\'\'',

 	# Add to Special:Login
 	'requestaccount-loginnotice' => 'To obtain a user account, you must \'\'\'[[Special:RequestAccount|request one]]\'\'\'.',
--- a/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php
+++ b/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php
@ -28,10 +28,6 @@ They can still be approved into accounts.',
 	'confirmaccount-text'     => 'This is a pending request for a user account at \'\'\'{{SITENAME}}\'\'\'.

 Carefully review the below information.
-If you are approving this request, use the position dropdown to set the account status of the user.
-Edits made to the application biography will not affect any permanent credential storage.
-Note that you can choose to create the account under a different username.
-Use this only to avoid  collisions with other names.

 If you simply leave this page without confirming or denying this request, it will remain pending.',
 	'confirmaccount-none-o'   => 'There are currently no open pending account requests in this list.',
@ -139,6 +135,7 @@ There may be contact lists on site that you can use if you want to know more abo
 $2

 There may be contact lists on site that you can use if you want to know more about user account policy.',
+	
 );

 /** Message documentation (Message documentation)
@ -5726,7 +5723,7 @@ $2
 Aquò permet d’èsser sus la tièra dels contactes del site, se ne desiratz saber mai sus las règlas que concernisson los comptes.',
 );

-/** Oriya (ଓଡ଼ିଆ)
+/** Oriya (ଓଡ଼ିଆ)
 * @author Odisha1
 */
 $messages['or'] = array(
--- a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
+++ b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
@ -14,7 +14,7 @@ $messages['en'] = array(

 Make sure that you first read the [[{{MediaWiki:Requestaccount-page}}|Terms of Service]] before requesting an account.

-Once the account is approved, a Wiki administrator will comment on one of your projects explaining how to proceed. Also note that you will be given a password when you submit this form. Hold on to it, as you will need it if your request is accepted.',
+Once the account is approved, a Wiki administrator will comment on one of your projects explaining how to proceed.',
 	'requestaccount-footer'     => '', # only translate this message to other languages if you have to change it
 	'requestaccount-page'       => '{{ns:project}}:Terms of Service',
 	'requestaccount-dup'        => '\'\'\'Note: You already are logged in with a registered account.\'\'\'',
@ -23,9 +23,7 @@ Once the account is approved, a Wiki administrator will comment on one of your p
 	'requestaccount-leg-person' => 'Personal information',
 	'requestaccount-leg-other'  => 'Other information',
 	'requestaccount-leg-tos'    => 'Terms of Service',
-	'requestaccount-acc-text'   => 'Your e-mail address will be sent a confirmation message once this request is submitted.
-Please respond by clicking on the confirmation link provided by the e-mail.
-Also, your password will be e-mailed to you when your account is created.',
+	'requestaccount-acc-text'   => 'When your account is created, you will be notified via a comment on your profile whether your request was accepted or rejected. Please try to remember the password you set (if in doubt set it to the same thing as your Scratch password). Please note that nobody can see your password.',
 	'requestaccount-areas' 		=> '', # Do not translate this message to other languages
 	'requestaccount-areas-text' => 'Select the topic areas below in which you have formal expertise or would like to do the most work in.',
 	'requestaccount-ext-text'   => 'The following information is kept private and will only be used for this request.',
@ -71,6 +69,15 @@ The e-mail address has been confirmed. You can confirm the request here "$2".',

 	'acct_request_throttle_hit' => "Sorry, you have already requested {{PLURAL:$1|1 account|$1 accounts}}.
 You cannot make any more requests.",
+
+	//Scratch-specific stuff
+	'requestaccount-user-verification' => 'User verification',
+	'requestaccount-code-troubleshoot' => '\'\'\'Note:\'\'\' If you are having problems with user verification not working, please see our [[Scratch_Wiki:Become a contributor/Verification code troubleshooting|troubleshooting page]]',
+	'requestaccount-set-pwd'			=> 'Set password',
+	'requestaccount-project-info'		=> 'Please go to the [$1 user verification project] and comment the following code:<br />\'\'\'$2\'\'\'',
+	'requestaccount-project-link' 		=> 'http://scratch.mit.edu/projects/10135908/',
+	'requestaccount-nocomment-error'	=> 'It does not appear you commented the verification code on the specified project. Please try again.',
+	'requestaccount-api-failed'			=> 'Accessing the API to verify your registration failed. Please try again later.',
 );

 /** Message documentation (Message documentation)
--- a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php
@ -295,13 +295,13 @@ class ConfirmAccountsPage extends SpecialPage {
 		$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
 		$form .= '<table cellpadding=\'4\'>';
 		$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
-		$form .= "<td>" . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName' ) ) . "</td></tr>\n";
+		$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
 		$econf = '';
-		if ( $accountReq->getEmailAuthTimestamp() ) {
+		/*if ( $accountReq->getEmailAuthTimestamp() ) {
 			$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';
 		}
 		$form .= "<tr><td>" . $this->msg( 'confirmaccount-email' )->escaped() . "</td>";
-		$form .= "<td>" . htmlspecialchars( $accountReq->getEmail() ) . $econf . "</td></tr>\n";
+		$form .= "<td>" . htmlspecialchars( $accountReq->getEmail() ) . $econf . "</td></tr>\n";*/
 		if ( count( $wgAccountRequestTypes ) > 1 ) {
 			$options = array();
 			$form .= "<tr><td><strong>" . $this->msg( 'confirmaccount-reqtype' )->escaped() . "</strong></td><td>";
@ -435,9 +435,14 @@ class ConfirmAccountsPage extends SpecialPage {
 		$form .= "<td>" . Xml::radio( 'wpSubmitType', 'hold', $this->submitType == 'hold',
 			array( 'id' => 'submitHold', 'onclick' => 'document.getElementById("wpComment").style.display="block"' ) );
 		$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-hold' )->text(), 'submitHold' ) . "</td>\n";
-		$form .= "<td>" . Xml::radio( 'wpSubmitType', 'spam', $this->submitType == 'spam',
-			array( 'id' => 'submitSpam', 'onclick' => 'document.getElementById("wpComment").style.display="none"' ) );
-		$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-spam' )->text(), 'submitSpam' ) . "</td>\n";
+		if ($rejectTimestamp || $heldTimestamp) {
+			$form .= "<td>" . Xml::radio( 'wpSubmitType', 'delete', $this->submitType == 'delete',
+				array( 'id' => 'submitDelete', 'onclick' => 'document.getElementById("wpComment").style.display="block"' ) );
+			$form .= ' ' . Xml::label( $this->msg( 'delete' )->text(), 'submitDelete' ) . "</td>\n";
+		}
+		//$form .= "<td>" . Xml::radio( 'wpSubmitType', 'spam', $this->submitType == 'spam',
+		//	array( 'id' => 'submitSpam', 'onclick' => 'document.getElementById("wpComment").style.display="none"' ) );
+		//$form .= ' ' . Xml::label( $this->msg( 'confirmaccount-spam' )->text(), 'submitSpam' ) . "</td>\n";
 		$form .= "</tr></table>";
 		$form .= "<div id='wpComment'><p>" . $this->msg( 'confirmaccount-reason' )->escaped() . "</p>\n";
 		$form .= "<p><textarea name='wpReason' id='wpReason' rows='3' cols='80' style='width:80%; display=block;'>" .
@ -661,8 +666,8 @@ class ConfirmAccountsPage extends SpecialPage {
 			}
 		}

-		# Every 30th view, prune old deleted items
-		if ( 0 == mt_rand( 0, 29 ) ) {
+		# Every 10th view, prune old deleted items
+		if ( 0 == mt_rand( 0, 10 ) ) {
 			ConfirmAccount::runAutoMaintenance();
 		}
 	}
--- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
@ -92,6 +92,12 @@ class RequestAccountPage extends SpecialPage {
 	protected function showForm( $msg = '', $forgotFile = 0 ) {
 		global $wgAccountRequestTypes, $wgMakeUserPageFromBio;

+		//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
+		if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
+			$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
+			$this->getRequest()->setSessionData('confirmaccount-time', time());
+		}
+
 		$reqUser = $this->getUser();

 		$this->mForgotAttachment = $forgotFile;
@ -211,21 +217,21 @@ class RequestAccountPage extends SpecialPage {
 		
 		//Scratch user verification
 		$form .= '<fieldset>';
-		$form .= '<legend>User verification</legend>';
-		$form .= '<p>Please go to the <a href="http://scratch.mit.edu/projects/10135908/">user verification project</a> and comment the following code:<br /><b>' . sha1($_SERVER['REMOTE_ADDR'] . date('m')) . '</b></p>
-		<p><b>Note:</b>If you are having problems with User verification not working, please see our <a href="http://wiki.scratch.mit.edu/wiki/Scratch_Wiki:Become_a_contributor/Verification_code_troubleshooting">Troubleshooting page</a></p>' . "\n";
+		$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
+		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
+		<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
 		$form .= '</fieldset>';
 		
 		//Set temporary password
 		$form .= '<fieldset>';
-		$form .= '<legend>Set password</legend>';
+		$form .= '<legend>' . $this->msg('requestaccount-set-pwd') . '</legend>';
 		$form .= '<table border="0">
 			<tr>
-				<td>Password</td>
+				<td>' . $this->msg('yourpassword') . '</td>
 				<td><input type="password" name="pwd1" /></td>
 			</tr>
 			<tr>
-				<td>Confirm password</td>
+				<td>' . $this->msg('yourpasswordagain') . '</td>
 				<td><input type="password" name="pwd2" /></td>
 			</tr>
 		</table>' . "\n";
@ -319,7 +325,7 @@ class RequestAccountPage extends SpecialPage {
 				'attachmentSrcName'         => $this->mSrcName,
 				'attachmentDidNotForget'    => $this->mForgotAttachment, // confusing name :)
 				'attachmentSize'            => $this->mFileSize,
-				'attachmentTempPath'        => $this->mTempPath
+				'attachmentTempPath'        => $this->mTempPath,
 			)
 		);

--- a/ConfirmAccount/frontend/specialpages/actions/UserCredentials_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/UserCredentials_body.php
@ -93,8 +93,8 @@ class UserCredentialsPage extends SpecialPage {
 		$form .= "<td>" . Linker::makeLinkObj( $user->getUserPage(), htmlspecialchars( $user->getUserPage()->getText() ) ) . "</td></tr>\n";

 		$econf = $row->acd_email_authenticated ? ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>' : '';
-		$form .= "<tr><td>" . $this->msg( 'usercredentials-email' )->escaped() . "</td>";
-		$form .= "<td>" . htmlspecialchars( $row->acd_email ) . $econf . "</td></tr>\n";
+		//$form .= "<tr><td>" . $this->msg( 'usercredentials-email' )->escaped() . "</td>";
+		//$form .= "<td>" . htmlspecialchars( $row->acd_email ) . $econf . "</td></tr>\n";

 		$form .= $grouplist;

@ -135,7 +135,7 @@ class UserCredentialsPage extends SpecialPage {
 			$form .= '</fieldset>';
 		}

-		$form .= '<fieldset>';
+		/*$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg( 'usercredentials-leg-person' )->escaped() . '</legend>';
 		$form .= '<table cellpadding=\'4\'>';
 		$form .= "<tr><td>" . $this->msg( 'usercredentials-real' )->escaped() . "</td>";
@ -145,24 +145,27 @@ class UserCredentialsPage extends SpecialPage {
 		$form .= "<p><textarea tabindex='1' readonly='readonly' name='wpBio' id='wpNewBio' rows='10' cols='80' style='width:100%'>" .
 			htmlspecialchars( $row->acd_bio ) .
 			"</textarea></p>\n";
-		$form .= '</fieldset>';
+		$form .= '</fieldset>';*/

 		$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg( 'usercredentials-leg-other' )->escaped() . '</legend>';
 		if ( $this->hasItem( 'CV' ) || $this->hasItem( 'Notes' ) || $this->hasItem( 'Links' ) ) {
-			$form .= '<p>' . $this->msg( 'usercredentials-attach' )->escaped() . ' ';
+			/*$form .= '<p>' . $this->msg( 'usercredentials-attach' )->escaped() . ' ';
 			if ( $row->acd_filename ) {
 				$form .= Linker::makeKnownLinkObj( $titleObj, htmlspecialchars( $row->acd_filename ),
 					'file=' . $row->acd_storage_key );
 			} else {
 				$form .= $this->msg( 'confirmaccount-none-p' )->escaped();
 			}
-			$form .= "</p><p>" . $this->msg( 'usercredentials-notes' )->escaped() . "</p>\n";
+			$form .= '</p>';*/
+			//get rid of the hashed password, which is currently jammed in with the request notes
+			$notes_parts = explode(chr(1), $row->acd_notes);
+			$form .= '<p>' . $this->msg( 'usercredentials-notes' )->escaped() . "</p>\n";
 			$form .= "<p><textarea tabindex='1' readonly='readonly' name='wpNotes' id='wpNotes' rows='3' cols='80' style='width:100%'>" .
-				htmlspecialchars( $row->acd_notes ) .
+				htmlspecialchars( $notes_parts[0] ) .
 				"</textarea></p>\n";
-			$form .= "<p>" . $this->msg( 'usercredentials-urls' )->escaped() . "</p>\n";
-			$form .= ConfirmAccountsPage::parseLinks( $row->acd_urls );
+			/*$form .= "<p>" . $this->msg( 'usercredentials-urls' )->escaped() . "</p>\n";
+			$form .= ConfirmAccountsPage::parseLinks( $row->acd_urls );*/
 		}
 		$form .= '</fieldset>';