search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't rely on $wgTitle in WebRequest
[mediawiki.git] / includes / api / ApiCreateAccount.php
blob2ce532b920c958af0f3283cd6fadf56900bd46f2
1 <?php
2 /**
3 * Created on August 7, 2012
4 *
5 * Copyright © 2012 Tyler Romeo <tylerromeo@gmail.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 * http://www.gnu.org/copyleft/gpl.html
21 *
22 * @file
23 */
24
25 /**
26 * Unit to authenticate account registration attempts to the current wiki.
27 *
28 * @ingroup API
29 */
30 class ApiCreateAccount extends ApiBase {
31 public function execute() {
32 // If we're in JSON callback mode, no tokens can be obtained
33 if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
34 $this->dieUsage( 'Cannot create account when using a callback', 'aborted' );
35 }
36
37 // $loginForm->addNewaccountInternal will throw exceptions
38 // if wiki is read only (already handled by api), user is blocked or does not have rights.
39 // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
40 $loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
41 if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
42 $this->dieUsage(
43 'You do not have the right to create a new account',
44 'permdenied-createaccount'
45 );
46 }
47 if ( $this->getUser()->isBlockedFromCreateAccount() ) {
48 $this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
49 }
50
51 $params = $this->extractRequestParams();
52
53 // Init session if necessary
54 if ( session_id() == '' ) {
55 wfSetupSession();
56 }
57
58 if ( $params['mailpassword'] && !$params['email'] ) {
59 $this->dieUsageMsg( 'noemail' );
60 }
61
62 if ( $params['language'] && !Language::isSupportedLanguage( $params['language'] ) ) {
63 $this->dieUsage( 'Invalid language parameter', 'langinvalid' );
64 }
65
66 $context = new DerivativeContext( $this->getContext() );
67 $context->setRequest( new DerivativeRequest(
68 $this->getContext()->getRequest(),
69 array(
70 'type' => 'signup',
71 'uselang' => $params['language'],
72 'wpName' => $params['name'],
73 'wpPassword' => $params['password'],
74 'wpRetype' => $params['password'],
75 'wpDomain' => $params['domain'],
76 'wpEmail' => $params['email'],
77 'wpRealName' => $params['realname'],
78 'wpCreateaccountToken' => $params['token'],
79 'wpCreateaccount' => $params['mailpassword'] ? null : '1',
80 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
81 )
82 ) );
83
84 $loginForm = new LoginForm();
85 $loginForm->setContext( $context );
86 wfRunHooks( 'AddNewAccountApiForm', array( $this, $loginForm ) );
87 $loginForm->load();
88
89 $status = $loginForm->addNewaccountInternal();
90 $result = array();
91 if ( $status->isGood() ) {
92 // Success!
93 $user = $status->getValue();
94
95 if ( $params['language'] ) {
96 $user->setOption( 'language', $params['language'] );
97 }
98
99 if ( $params['mailpassword'] ) {
100 // If mailpassword was set, disable the password and send an email.
101 $user->setPassword( null );
102 $status->merge( $loginForm->mailPasswordInternal(
103 $user,
104 false,
105 'createaccount-title',
106 'createaccount-text'
107 ) );
108 } elseif ( $this->getConfig()->get( 'EmailAuthentication' ) && Sanitizer::validateEmail( $user->getEmail() ) ) {
109 // Send out an email authentication message if needed
110 $status->merge( $user->sendConfirmationMail() );
111 }
112
113 // Save settings (including confirmation token)
114 $user->saveSettings();
115
116 wfRunHooks( 'AddNewAccount', array( $user, $params['mailpassword'] ) );
117
118 if ( $params['mailpassword'] ) {
119 $logAction = 'byemail';
120 } elseif ( $this->getUser()->isLoggedIn() ) {
121 $logAction = 'create2';
122 } else {
123 $logAction = 'create';
124 }
125 $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
126
127 // Add username, id, and token to result.
128 $result['username'] = $user->getName();
129 $result['userid'] = $user->getId();
130 $result['token'] = $user->getToken();
131 }
132
133 $apiResult = $this->getResult();
134
135 if ( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
136 // Token was incorrect, so add it to result, but don't throw an exception
137 // since not having the correct token is part of the normal
138 // flow of events.
139 $result['token'] = LoginForm::getCreateaccountToken();
140 $result['result'] = 'NeedToken';
141 } elseif ( !$status->isOK() ) {
142 // There was an error. Die now.
143 $this->dieStatus( $status );
144 } elseif ( !$status->isGood() ) {
145 // Status is not good, but OK. This means warnings.
146 $result['result'] = 'Warning';
147
148 // Add any warnings to the result
149 $warnings = $status->getErrorsByType( 'warning' );
150 if ( $warnings ) {
151 foreach ( $warnings as &$warning ) {
152 $apiResult->setIndexedTagName( $warning['params'], 'param' );
153 }
154 $apiResult->setIndexedTagName( $warnings, 'warning' );
155 $result['warnings'] = $warnings;
156 }
157 } else {
158 // Everything was fine.
159 $result['result'] = 'Success';
160 }
161
162 // Give extensions a chance to modify the API result data
163 wfRunHooks( 'AddNewAccountApiResult', array( $this, $loginForm, &$result ) );
164
165 $apiResult->addValue( null, 'createaccount', $result );
166 }
167
168 public function getDescription() {
169 return 'Create a new user account.';
170 }
171
172 public function mustBePosted() {
173 return true;
174 }
175
176 public function isReadMode() {
177 return false;
178 }
179
180 public function isWriteMode() {
181 return true;
182 }
183
184 public function getAllowedParams() {
185 return array(
186 'name' => array(
187 ApiBase::PARAM_TYPE => 'user',
188 ApiBase::PARAM_REQUIRED => true
189 ),
190 'password' => null,
191 'domain' => null,
192 'token' => null,
193 'email' => array(
194 ApiBase::PARAM_TYPE => 'string',
195 ApiBase::PARAM_REQUIRED => $this->getConfig()->get( 'EmailConfirmToEdit' ),
196 ),
197 'realname' => null,
198 'mailpassword' => array(
199 ApiBase::PARAM_TYPE => 'boolean',
200 ApiBase::PARAM_DFLT => false
201 ),
202 'reason' => null,
203 'language' => null
204 );
205 }
206
207 public function getParamDescription() {
208 $p = $this->getModulePrefix();
209
210 return array(
211 'name' => 'Username',
212 'password' => "Password (ignored if {$p}mailpassword is set)",
213 'domain' => 'Domain for external authentication (optional)',
214 'token' => 'Account creation token obtained in first request',
215 'email' => 'Email address of user (optional)',
216 'realname' => 'Real name of user (optional)',
217 'mailpassword' => 'If set to any value, a random password will be emailed to the user',
218 'reason' => 'Optional reason for creating the account to be put in the logs',
219 'language'
220 => 'Language code to set as default for the user (optional, defaults to content language)'
221 );
222 }
223
224 public function getExamples() {
225 return array(
226 'api.php?action=createaccount&name=testuser&password=test123',
227 'api.php?action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason',
228 );
229 }
230
231 public function getHelpUrls() {
232 return 'https://www.mediawiki.org/wiki/API:Account_creation';
233 }
234 }
MediaWiki Core