Extension:RestrictPasswordChange

From MediaWiki.org
Jump to: navigation, search


MediaWiki extensions manualManual:Extensions
Crystal Clear action run.png
RestrictPasswordChange

Release status:Extension status beta

ImplementationTemplate:Extension#type User rights
DescriptionTemplate:Extension#description Disables password change for specific users
Author(s)Template:Extension#username John Bramley (User:Sirtitustalk)
Latest versionTemplate:Extension#version 0.2
MediaWikiTemplate:Extension#mediawiki 1.16, 1.23
PHPTemplate:Extension#php 5.2.9
LicenseTemplate:Extension#license Lesser General Public License 2.1
Download No link
Hooks usedTemplate:Extension#hook
UserLoginMailPasswordManual:Hooks/UserLoginMailPassword
PrefsPasswordAuditManual:Hooks/PrefsPasswordAudit

Translate the RestrictPasswordChange extension if it is available at translatewiki.net

Check usage and version matrix.

What can this extension do?[edit]

This extension prevents specified users from changing their password.

It uses hooks, and so should be more robust than solutions based on blocking access to certain pages (e.g. Special:ChangePassword).

I use this extension on a Wiki where there is a an account set up which is disseminated fairly freely which gives read-only access to the Wiki. People who wish to edit the Wiki request an individual account. Obviously we don't want anyone who is using the read-only account changing its password because that would prevent other people from using it. We do not want the Wiki accessible without a valid login (which would be another solution).

Finally to prevent write access to the Wiki by this read-only account we have set up a readonly user group, removed edit permissions from it using $wgRevokePermissions and assigned our read-only user to that usergroup.

The extension is useful where the majority of users should have access to password changing facilities, and only a few special purpose user accounts are to have those facilities removed. If a solution is required where a large number of users should have password change facilities disabled then the code would require improvements to allow it to use user groups.

Usage[edit]

Install the extension and set the users who are to be denied from changing their passwords in $wgRestrictPasswordChangeUsers in LocalSettings.php. e.g.

$wgRestrictPasswordChangeUsers = array("fred", "bill");

will prevent fred and bill from changing their passwords.

To remove edit permissions from those users, as discussed above, a readonly usergroup can be set up in LocalSettings.php

$wgRevokePermissions['readonly']['edit'] = true;
$wgRevokePermissions['readonly']['sendemail'] = true;
$wgRevokePermissions['readonly']['upload'] = true;
$wgRevokePermissions['readonly']['writeapi'] = true;

and the users fred and bill assigned to that group in Special:UserRights. These $wgRevokePermissions are not required for this extension to work, they are just an illustration of how it has been used.

Download instructions[edit]

Please cut and paste the code found below and place it in $IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation[edit]

To install this extension, add the following to LocalSettings.php:

require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" );
$wgRestrictPasswordChangeUsers = array("fred", "bill");

Configuration parameters[edit]

  • $wgRestrictPasswordChangeUsers - users who are to be prevented from changing their passwords

User rights[edit]

Code[edit]

<?php

/**
 * RestrictPasswordChange MediaWiki extension  
 *
 * version 0.2
 * tested on MediaWiki 1.16
 * author John Bramley
 * @license GNU Lesser General Public License 2.1 or later
 */

#######################################################################
# Prevent users in $wgRestrictPasswordChangeUsers from changing their  
# password on the Special:ChangePassword page and by 'E-mail new password'
# on Special:UserLogin
#
# add the following to LocalSettings.php:
#    require_once ( "$IP/extensions/RestrictPasswordChange/RestrictPasswordChange.php" );
#    $wgRestrictPasswordChangeUsers = array("fred", "bill");
# 
# John Bramley 2011-06-22
#######################################################################

# hook for E-mail new password button on Special:UserLogin
# called by mailPassword function in  includes/specials/SpecialUserlogin.php
$wgHooks['UserLoginMailPassword'][] = 'MailPasswordIsAllowed';
function MailPasswordIsAllowed ( $username, $error ) {
    global $wgRestrictPasswordChangeUsers;

    $u = User::newFromName( trim( $username ));  // strip space from name and use
                               // function from includes/User.php to populate structure for 
                               // $username - then get valid user name from element of that
                               // structure, which will have the first character converted
                               // to uppercase etc.
    $name=$u->mName;
    if ( in_array($name, $wgRestrictPasswordChangeUsers)) {
        $error = wfMsg( 'resetpass_forbidden' ) . " for \"$name\".";
        return false;
    }
    return true;
}

# hook for Change password button button on Special:ChangePassword
# called by attemptReset unction in includes/specials/SpecialResetpass.php
$wgHooks['PrefsPasswordAudit'][] = 'ChangePasswordIsAllowed';
function ChangePasswordIsAllowed ( $user ) {
    global $wgRestrictPasswordChangeUsers;

    $name = $user->mName;
    if ( in_array($name, $wgRestrictPasswordChangeUsers)) {
        throw new PasswordError( wfMsg( 'resetpass_forbidden' ) . " for \"$name\"." );
    }

    return true;
}

See also[edit]