Extension:RestrictPasswordChange

From MediaWiki.org
Jump to: navigation, search


MediaWiki extensions manual
Crystal Clear action run.png
RestrictPasswordChange

Release status: beta

Implementation User rights
Description Disables password change for specific users
Author(s) John Bramley (User:Sirtitustalk)
Latest version 0.2
MediaWiki 1.16
PHP 5.2.9
License Lesser General Public License 2.1
Download No link
Hooks used
UserLoginMailPassword

PrefsPasswordAudit

Translate the RestrictPasswordChange extension if it is available at translatewiki.net

Check usage and version matrix; code metrics

What can this extension do?[edit | edit source]

This extension prevents specified users from changing their password.

It uses hooks, and so should be more robust than solutions based on blocking access to certain pages (e.g. Special:ChangePassword).

I use this extension on a Wiki where there is a an account set up which is disseminated fairly freely which gives read-only access to the Wiki. People who wish to edit the Wiki request an individual account. Obviously we don't want anyone who is using the read-only account changing its password because that would prevent other people from using it. We do not want the Wiki accessible without a valid login (which would be another solution).

Finally to prevent write access to the Wiki by this read-only account we have set up a readonly user group, removed edit permissions from it using $wgRevokePermissions and assigned our read-only user to that usergroup.

The extension is useful where the majority of users should have access to password changing facilities, and only a few special purpose user accounts are to have those facilities removed. If a solution is required where a large number of users should have password change facilities disabled then the code would require improvements to allow it to use user groups.

Usage[edit | edit source]

Install the extension and set the users who are to be denied from changing their passwords in $wgRestrictPasswordChangeUsers in LocalSettings.php. e.g.

$wgRestrictPasswordChangeUsers = array("fred", "bill");

will prevent fred and bill from changing their passwords.

To remove edit permissions from those users, as discussed above, a readonly usergroup can be set up in LocalSettings.php

$wgRevokePermissions['readonly']['edit'] = true;
$wgRevokePermissions['readonly']['sendemail'] = true;
$wgRevokePermissions['readonly']['upload'] = true;
$wgRevokePermissions['readonly']['writeapi'] = true;

and the users fred and bill assigned to that group in Special:UserRights. These $wgRevokePermissions are not required for this extension to work, they are just an illustration of how it has been used.

Download instructions[edit | edit source]

Please cut and paste the code found below and place it in $IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation[edit | edit source]

To install this extension, add the following to LocalSettings.php:

require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" );
$wgRestrictPasswordChangeUsers = array("fred", "bill");

Configuration parameters[edit | edit source]

  • $wgRestrictPasswordChangeUsers - users who are to be prevented from changing their passwords

User rights[edit | edit source]

Code[edit | edit source]

<?php
 
/**
 * RestrictPasswordChange MediaWiki extension  
 *
 * version 0.2
 * tested on MediaWiki 1.16
 * author John Bramley
 * @license GNU Lesser General Public License 2.1 or later
 */
 
#######################################################################
# Prevent users in $wgRestrictPasswordChangeUsers from changing their  
# password on the Special:ChangePassword page and by 'E-mail new password'
# on Special:UserLogin
#
# add the following to LocalSettings.php:
#    require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" );
#    $wgRestrictPasswordChangeUsers = array("fred", "bill");
# 
# John Bramley 2011-06-22
#######################################################################

# hook for E-mail new password button on Special:UserLogin
# called by mailPassword function in  includes/specials/SpecialUserlogin.php
$wgHooks['UserLoginMailPassword'][] = 'MailPasswordIsAllowed';
function MailPasswordIsAllowed ( $username, $error ) {
    global $wgRestrictPasswordChangeUsers;
 
    $u = User::newFromName( trim( $username ));  // strip space from name and use
                               // function from includes/User.php to populate structure for 
                               // $username - then get valid user name from element of that
                               // structure, which will have the first character converted
                               // to uppercase etc.
    $name=$u->mName;
    if ( in_array($name, $wgRestrictPasswordChangeUsers)) {
        $error = wfMsg( 'resetpass_forbidden' ) . " for \"$name\".";
        return false;
    }
    return true;
}
 
# hook for Change password button button on Special:ChangePassword
# called by attemptReset unction in includes/specials/SpecialResetpass.php
$wgHooks['PrefsPasswordAudit'][] = 'ChangePasswordIsAllowed';
function ChangePasswordIsAllowed ( $user ) {
    global $wgRestrictPasswordChangeUsers;
 
    $name = $user->mName;
    if ( in_array($name, $wgRestrictPasswordChangeUsers)) {
        throw new PasswordError( wfMsg( 'resetpass_forbidden' ) . " for \"$name\"." );
    }
 
    return true;
}

See also[edit | edit source]