Allow disabling of "change password" section in user preferences (for alternate authentication methods)
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Jan 26 2006, 5:44 PM

Description

Author: bugzilla.wikimedia.org

Description:
Using LDAP authentication (apache mod_ldap with REMOTE_USER, autologins) --
users are unable to change their password through the wiki forms, so it's
helpful to disable the option (to avoid confusion).

Simple patch below to check a variable (might be better to hook the preferences
page such that an extension can change the HTML generated for the change
password section, or disable it altogether):

(diff is against 1.159 version of includes/SpecialPreferences.php in CVS)

SpecialPreferences.php 2006-01-26 10:35:08.000000000 -0700

+++ SpecialPreferences.php.new 2006-01-26 10:35:02.000000000 -0700
@@ -632,27 +632,28 @@

		$wgOut->addHTML('</table>');

		# Password

$this->mOldpass = htmlspecialchars( $this->mOldpass );
$this->mNewpass = htmlspecialchars( $this->mNewpass );
$this->mRetypePass = htmlspecialchars( $this->mRetypePass ); -
$wgOut->addHTML( '<fieldset><legend>' . wfMsg( 'changepassword' ) .

'</legend><table>');

$wgOut->addHTML(
$this->addRow(
'<label for="wpOldpass">' . wfMsg( 'oldpassword' ) . '</label>',
"<input type='password' name='wpOldpass' id='wpOldpass'

value=\"{$this->mOldpass}\" size='20' />"

) .
$this->addRow(
'<label for="wpNewpass">' . wfMsg( 'newpassword' ) . '</label>',
"<input type='password' name='wpNewpass' id='wpNewpass'

value=\"{$this->mNewpass}\" size='20' />"

) .
$this->addRow(
'<label for="wpRetypePass">' . wfMsg( 'retypenew' ) . '</label>',
"<input type='password' name='wpRetypePass' id='wpRetypePass'

value=\"{$this->mRetypePass}\" size='20' />"

) .
"</table>\n" .
$this->getToggle( "rememberpassword" ) . "</fieldset>\n\n" ); -

+ if ( !$wgDisablePasswordChange ) {
+ $this->mOldpass = htmlspecialchars( $this->mOldpass );
+ $this->mNewpass = htmlspecialchars( $this->mNewpass );
+ $this->mRetypePass = htmlspecialchars( $this->mRetypePass );
+
+ $wgOut->addHTML( '<fieldset><legend>' . wfMsg( 'changepassword' ) .
'</legend><table>');
+ $wgOut->addHTML(
+ $this->addRow(
+ '<label for="wpOldpass">' . wfMsg( 'oldpassword' ) . '</label>',
+ "<input type='password' name='wpOldpass' id='wpOldpass'
value=\"{$this->mOldpass}\" size='20' />"
+ ) .
+ $this->addRow(
+ '<label for="wpNewpass">' . wfMsg( 'newpassword' ) . '</label>',
+ "<input type='password' name='wpNewpass' id='wpNewpass'
value=\"{$this->mNewpass}\" size='20' />"
+ ) .
+ $this->addRow(
+ '<label for="wpRetypePass">' . wfMsg( 'retypenew' ) . '</label>',
+ "<input type='password' name='wpRetypePass' id='wpRetypePass'
value=\"{$this->mRetypePass}\" size='20' />"
+ ) .
+ "</table>\n" .
+ $this->getToggle( "rememberpassword" ) . "</fieldset>\n\n" );
+ }

<FIXME>
Enotif if ($wgEnableEmail) {

Version: 1.6.x
Severity: enhancement

Details

Reference: bz4762

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:04 PM

• bzimport added a project: MediaWiki-Core-Preferences.

• bzimport set Reference to bz4762.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Jan 26 2006, 5:44 PM

bugzilla.wikimedia.org wrote:

Patch as file.

Attached:

SpecialPreferences.php.patch2 KBDownload

bugzilla.wikimedia.org wrote:

(In reply to comment #0)

On further inspection, the logic in that if statement just disables it all the
time (in my tests) -- sadly, I am unfamiliar with the nuances of PHP and have
been unable to get it to work as expected...

Further, this just removes some fields from the form. It doesn't disable
processing if the data is sent.

robchur wrote:

Authentication plugins can now prevent users from changing their password.

Allow disabling of "change password" section in user preferences (for alternate authentication methods)Closed, ResolvedPublicActions

Description

Details

Event Timeline

Allow disabling of "change password" section in user preferences (for alternate authentication methods)
Closed, ResolvedPublic
Actions