Page MenuHomePhabricator

Harmonize functions User::setNewPassword() and User:setPassword(): allow null to reset the temporary password
Closed, ResolvedPublic


I suggest to harmonize the two functions with the goal, that also the temporary password (newPassword) can be made invalid by passing a null parameter.

Current version does not allow to clear the temporary password, but I wish to have thar for E:OpenID .

Current code in User.php is:


  • Set the password and reset the random token unconditionally. *
  • @param string|null $str New password to set or null to set an invalid
  • password hash meaning that the user will not be able to log in
  • through the web interface.

public function setInternalPassword( $str ) {


		if ( $str === null ) {
			// Save an invalid hash...
			$this->mPassword = '';
		} else {
			$this->mPassword = self::crypt( $str );
		$this->mNewpassword = '';
		$this->mNewpassTime = null;



  • Set the password for a password reminder or new account email *
  • @param string $str New password to set
  • @param bool $throttle If true, reset the throttle timestamp to the present

public function setNewpassword( $str, $throttle = true ) {

		$this->mNewpassword = self::crypt( $str );
		if ( $throttle ) {
			$this->mNewpassTime = wfTimestampNow();


Version: 1.23.0
Severity: enhancement



Event Timeline

bzimport raised the priority of this task from to Low.
bzimport set Reference to bz57075.
bzimport added a subscriber: Unknown Object (MLST).
Wikinaut created this task.Nov 14 2013, 8:40 PM

Change 96029 had a related patch set uploaded by IAlex:
Allow null to be passed to User::setNewPassword()

Change 96029 merged by jenkins-bot:
Allow null to be passed to User::setNewPassword()