-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I've introduced new handling for e-mailed password resets in r18288.

Previously, the random password generated at e-mail time was allowed to be used transparently for regular logins. Both the previous and the generated passwords would continue to be valid for logins until a new password was manually set at Special:Preferences.

Now, use of the temporary password at Special:Userlogin will instead shunt over to a password-change form (via the new special-purpose Special:Resetpass).

So: * The only thing you can do with an e-mailed password now is choose a new password * Once you've changed your password, both the previous password and the e-mailed temporary password are no longer valid for anything

This should discourage people from using the e-mailed passwords permanently, and make password resets safer (since the old password will definitely no longer be valid once the person has logged in with the new one).

Internally, User::setPassword() now does some validity checking, talks to $wgAuth directly, and throws PasswordError exceptions for failure cases. These can be caught for error reporting in the user interface.

User::checkPassword() no longer returns true for the temporary password; use the separate User::checkTemporaryPassword() to check for a match there.

LoginForm::authenticateUserData() returns a new error code for this case; the bot API may or may not need to be updated.

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)