Extension:RestrictPasswordChange
 Release status: beta |
|||
|---|---|---|---|
| Implementation | User rights | ||
| Description | Disables password change for specific users | ||
| Author(s) | John Bramley (User:Sirtitustalk) | ||
| Last version | 0.2 | ||
| MediaWiki | 1.16 | ||
| PHP | 5.2.9 | ||
| License | Lesser General Public License 2.1 | ||
| Download | No link | ||
|
|||
| Check usage and version matrix | |||
Contents |
What can this extension do? [edit]
This extension prevents specified users from changing their password.
It uses hooks, and so should be more robust than solutions based on blocking access to certain pages (e.g. Special:ChangePassword).
I use this extension on a Wiki where there is a an account set up which is disseminated fairly freely which gives read-only access to the Wiki. People who wish to edit the Wiki request an individual account. Obviously we don't want anyone who is using the read-only account changing its password because that would prevent other people from using it. We do not want the Wiki accessible without a valid login (which would be another solution).
Finally to prevent write access to the Wiki by this read-only account we have set up a readonly user group, removed edit permissions from it using $wgRevokePermissions and assigned our read-only user to that usergroup.
The extension is useful where the majority of users should have access to password changing facilities, and only a few special purpose user accounts are to have those facilities removed. If a solution is required where a large number of users should have password change facilities disabled then the code would require improvements to allow it to use user groups.
Usage [edit]
Install the extension and set the users who are to be denied from changing their passwords in $wgRestrictPasswordChangeUsers in LocalSettings.php. e.g.
$wgRestrictPasswordChangeUsers = array("fred", "bill");
will prevent fred and bill from changing their passwords.
To remove edit permissions from those users, as discussed above, a readonly usergroup can be set up in LocalSettings.php
$wgRevokePermissions['readonly']['edit'] = true; $wgRevokePermissions['readonly']['sendemail'] = true; $wgRevokePermissions['readonly']['upload'] = true; $wgRevokePermissions['readonly']['writeapi'] = true;
and the users fred and bill assigned to that group in Special:UserRights. These $wgRevokePermissions are not required for this extension to work, they are just an illustration of how it has been used.
Download instructions [edit]
Please cut and paste the code found below and place it in $IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
Installation [edit]
To install this extension, add the following to LocalSettings.php:
require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" ); $wgRestrictPasswordChangeUsers = array("fred", "bill");
Configuration parameters [edit]
- $wgRestrictPasswordChangeUsers - users who are to be prevented from changing their passwords
User rights [edit]
Code [edit]
<?php /** * RestrictPasswordChange MediaWiki extension * * version 0.2 * tested on MediaWiki 1.16 * author John Bramley * @license GNU Lesser General Public License 2.1 or later */ ####################################################################### # Prevent users in $wgRestrictPasswordChangeUsers from changing their # password on the Special:ChangePassword page and by 'E-mail new password' # on Special:UserLogin # # add the following to LocalSettings.php: # require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" ); # $wgRestrictPasswordChangeUsers = array("fred", "bill"); # # John Bramley 2011-06-22 ####################################################################### # hook for E-mail new password button on Special:UserLogin # called by mailPassword function in includes/specials/SpecialUserlogin.php $wgHooks['UserLoginMailPassword'][] = 'MailPasswordIsAllowed'; function MailPasswordIsAllowed ( $username, $error ) { global $wgRestrictPasswordChangeUsers; $u = User::newFromName( trim( $username )); // strip space from name and use // function from includes/User.php to populate structure for // $username - then get valid user name from element of that // structure, which will have the first character converted // to uppercase etc. $name=$u->mName; if ( in_array($name, $wgRestrictPasswordChangeUsers)) { $error = wfMsg( 'resetpass_forbidden' ) . " for \"$name\"."; return false; } return true; } # hook for Change password button button on Special:ChangePassword # called by attemptReset unction in includes/specials/SpecialResetpass.php $wgHooks['PrefsPasswordAudit'][] = 'ChangePasswordIsAllowed'; function ChangePasswordIsAllowed ( $user ) { global $wgRestrictPasswordChangeUsers; $name = $user->mName; if ( in_array($name, $wgRestrictPasswordChangeUsers)) { throw new PasswordError( wfMsg( 'resetpass_forbidden' ) . " for \"$name\"." ); } return true; }
