search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
import PHPTAL NoPEAR 0.7.0 - files
[mediawiki.git] / includes / SpecialUserlogin.php
blobcecd6c5bb1d513e70a4c3b68a7d43195b78651e1
1 <?php
2
3 require_once('UserMailer.php');
4
5 function wfSpecialUserlogin()
6 {
7 global $wgCommandLineMode;
8 global $wgRequest;
9 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
10 User::SetupSession();
11 }
12
13 $fields = array( "wpName", "wpPassword", "wpName",
14 "wpPassword", "wpRetype" );
15 # FIXME: UGLY HACK
16 foreach( $fields as $x ) {
17 $_REQUEST[$x] = $wgRequest->getText( $x );
18 }
19
20 # When switching accounts, it sucks to get automatically logged out
21 global $wgLang;
22 if( $wgRequest->getVal( 'returnto' ) == $wgLang->specialPage( "Userlogout" ) ) {
23 $_REQUEST['returnto'] = "";
24 }
25
26 $wpCookieCheck = $wgRequest->getVal( "wpCookieCheck" );
27
28 if ( isset( $wpCookieCheck ) ) {
29 onCookieRedirectCheck( $wpCookieCheck );
30 } else if( $wgRequest->wasPosted() ) {
31 if( $wgRequest->getCheck( 'wpCreateaccount' ) ) {
32 return addNewAccount();
33 } else if ( $wgRequest->getCheck( 'wpCreateaccountMail' ) ) {
34 return addNewAccountMailPassword();
35 } else if ( $wgRequest->getCheck( 'wpMailmypassword' ) ) {
36 return mailPassword();
37 } else if ( "submit" == $wgRequest->getVal( 'action' ) || $wgRequest->getCheck( 'wpLoginattempt' ) ) {
38 return processLogin();
39 }
40 }
41 mainLoginForm( "" );
42 }
43
44
45 /* private */ function addNewAccountMailPassword()
46 {
47 global $wgOut;
48
49 if ("" == $_REQUEST['wpEmail']) {
50 mainLoginForm( wfMsg( "noemail", $_REQUEST['wpName'] ) );
51 return;
52 }
53
54 $u = addNewaccountInternal();
55
56 if ($u == NULL) {
57 return;
58 }
59
60 $u->saveSettings();
61 if (mailPasswordInternal($u) == NULL) {
62 return;
63 }
64
65 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
66 $wgOut->setRobotpolicy( "noindex,nofollow" );
67 $wgOut->setArticleRelated( false );
68
69 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
70 $wgOut->returnToMain( false );
71
72 $u = 0;
73 }
74
75
76 /* private */ function addNewAccount()
77 {
78 global $wgUser, $wgOut;
79 global $wgDeferredUpdateList;
80
81 $u = addNewAccountInternal();
82
83 if ($u == NULL) {
84 return;
85 }
86
87 $wgUser = $u;
88 $wgUser->setCookies();
89
90 $up = new UserUpdate();
91 array_push( $wgDeferredUpdateList, $up );
92
93 if( hasSessionCookie() ) {
94 return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
95 } else {
96 return cookieRedirectCheck( "new" );
97 }
98 }
99
100
101 /* private */ function addNewAccountInternal()
102 {
103 global $wgUser, $wgOut;
104 global $wgMaxNameChars;
105 global $wgRequest;
106
107 if (!$wgUser->isAllowedToCreateAccount()) {
108 userNotPrivilegedMessage();
109 return;
110 }
111
112 if ( 0 != strcmp( $_REQUEST['wpPassword'], $_REQUEST['wpRetype'] ) ) {
113 mainLoginForm( wfMsg( "badretype" ) );
114 return;
115 }
116
117 $name = trim( $_REQUEST['wpName'] );
118 if ( ( "" == $name ) ||
119 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
120 (strpos( $name, "/" ) !== false) ||
121 (strlen( $name ) > $wgMaxNameChars) )
122 {
123 mainLoginForm( wfMsg( "noname" ) );
124 return;
125 }
126 if ( wfReadOnly() ) {
127 $wgOut->readOnlyPage();
128 return;
129 }
130 $u = User::newFromName( $name );
131
132 if ( 0 != $u->idForName() ) {
133 mainLoginForm( wfMsg( "userexists" ) );
134 return;
135 }
136 $u->addToDatabase();
137 $u->setPassword( $_REQUEST['wpPassword'] );
138 $u->setEmail( $_REQUEST['wpEmail'] );
139 if ( $wgRequest->getCheck( 'wpRemember' ) ) { $r = 1; }
140 else { $r = 0; }
141 $u->setOption( "rememberpassword", $r );
142
143 return $u;
144 }
145
146
147
148
149 /* private */ function processLogin()
150 {
151 global $wgUser;
152 global $wgDeferredUpdateList;
153 global $wgRequest;
154
155 if ( "" == $_REQUEST['wpName'] ) {
156 mainLoginForm( wfMsg( "noname" ) );
157 return;
158 }
159 $u = User::newFromName( $_REQUEST['wpName'] );
160 $id = $u->idForName();
161 if ( 0 == $id ) {
162 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
163 return;
164 }
165 $u->setId( $id );
166 $u->loadFromDatabase();
167 $ep = $u->encryptPassword( $_REQUEST['wpPassword'] );
168 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
169 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
170 mainLoginForm( wfMsg( "wrongpassword" ) );
171 return;
172 }
173 }
174
175 # We've verified now, update the real record
176 #
177 if ( $wgRequest->getCheck( 'wpRemember' ) ) {
178 $r = 1;
179 $u->setCookiePassword( $wgRequest->getText( 'wpPassword' ) );
180 } else {
181 $r = 0;
182 }
183 $u->setOption( "rememberpassword", $r );
184
185 $wgUser = $u;
186 $wgUser->setCookies();
187
188 $up = new UserUpdate();
189 array_push( $wgDeferredUpdateList, $up );
190
191 if( hasSessionCookie() ) {
192 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
193 } else {
194 return cookieRedirectCheck( "login" );
195 }
196 }
197
198 /* private */ function mailPassword()
199 {
200 global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
201 global $wgCookiePath, $wgCookieDomain, $wgDBname;
202
203 if ( "" == $_REQUEST['wpName'] ) {
204 mainLoginForm( wfMsg( "noname" ) );
205 return;
206 }
207 $u = User::newFromName( $_REQUEST['wpName'] );
208 $id = $u->idForName();
209 if ( 0 == $id ) {
210 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
211 return;
212 }
213 $u->setId( $id );
214 $u->loadFromDatabase();
215
216 if (mailPasswordInternal($u) == NULL) {
217 return;
218 }
219
220 mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
221 }
222
223
224 /* private */ function mailPasswordInternal( $u )
225 {
226 global $wgDeferredUpdateList, $wgOutputEncoding;
227 global $wgPasswordSender, $wgDBname, $wgIP;
228
229 if ( "" == $u->getEmail() ) {
230 mainLoginForm( wfMsg( "noemail", $u->getName() ) );
231 return;
232 }
233 $np = User::randomPassword();
234 $u->setNewpassword( $np );
235
236 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
237 $u->saveSettings();
238
239 $ip = $wgIP;
240 if ( "" == $ip ) { $ip = "(Unknown)"; }
241
242 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
243
244 userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( "passwordremindertitle" ), $m );
245
246 return $u;
247 }
248
249
250
251
252
253 /* private */ function successfulLogin( $msg )
254 {
255 global $wgUser;
256 global $wgDeferredUpdateList;
257 global $wgOut;
258
259 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
260 $wgOut->setRobotpolicy( "noindex,nofollow" );
261 $wgOut->setArticleRelated( false );
262 $wgOut->addHTML( $msg . "\n<p>" );
263 $wgOut->returnToMain();
264 }
265
266 function userNotPrivilegedMessage()
267 {
268 global $wgOut, $wgUser, $wgLang;
269
270 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
271 $wgOut->setRobotpolicy( "noindex,nofollow" );
272 $wgOut->setArticleRelated( false );
273
274 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
275
276 $wgOut->returnToMain( false );
277 }
278
279 /* private */ function mainLoginForm( $err )
280 {
281 global $wgUser, $wgOut, $wgLang;
282 global $wgRequest, $wgDBname;
283
284 $le = wfMsg( "loginerror" );
285 $yn = wfMsg( "yourname" );
286 $yp = wfMsg( "yourpassword" );
287 $ypa = wfMsg( "yourpasswordagain" );
288 $rmp = wfMsg( "remembermypassword" );
289 $nuo = wfMsg( "newusersonly" );
290 $li = wfMsg( "login" );
291 $ca = wfMsg( "createaccount" );
292 $cam = wfMsg( "createaccountmail" );
293 $ye = wfMsg( "youremail" );
294 $efl = wfMsg( "emailforlost" );
295 $mmp = wfMsg( "mailmypassword" );
296 $endText = wfMsg( "loginend" );
297
298 if ( $endText = "&lt;loginend&gt;" ) {
299 $endText = "";
300 }
301
302 $name = $wgRequest->getText( 'wpName' );
303 if ( "" == $name ) {
304 if ( 0 != $wgUser->getID() ) {
305 $name = $wgUser->getName();
306 } else {
307 $name = $_COOKIE["{$wgDBname}UserName"];
308 }
309 }
310 $pwd = $wgRequest->getText( 'wpPassword' );
311
312 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
313 $wgOut->setRobotpolicy( "noindex,nofollow" );
314 $wgOut->setArticleRelated( false );
315
316 if ( "" == $err ) {
317 $lp = wfMsg( "loginprompt" );
318 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
319 } else {
320 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
321 color='red'>$err</font>\n" );
322 }
323 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
324 $checked = " checked";
325 } else {
326 $checked = "";
327 }
328
329 $q = "action=submit";
330 $returnto = $wgRequest->getVal( "returnto" );
331 if ( !empty( $returnto ) ) {
332 $q .= "&returnto=" . wfUrlencode( $returnto );
333 }
334
335 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
336 $action = $titleObj->escapeLocalUrl( $q );
337
338 $encName = wfEscapeHTML( $name );
339 $encPassword = wfEscapeHTML( $pwd );
340 $encRetype = wfEscapeHTML( $wgRequest->getText( 'wpRetype' ) );
341 $encEmail = wfEscapeHTML( $wgRequest->getVal( 'wpEmail' ) );
342
343 if ($wgUser->getID() != 0) {
344 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
345 } else {
346 $cambutton = "";
347 }
348
349 $wgOut->addHTML( "
350 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
351 <table border=0><tr>
352 <td align=right>$yn:</td>
353 <td align=left>
354 <input tabindex=1 type=text name=\"wpName\" value=\"{$encName}\" size=20>
355 </td>
356 <td align=left>
357 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
358 </td>
359 </tr>
360 <tr>
361 <td align=right>$yp:</td>
362 <td align=left>
363 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$encPassword}\" size=20>
364 </td>
365 <td align=left>
366 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
367 </td>
368 </tr>");
369
370 if ($wgUser->isAllowedToCreateAccount()) {
371 $encRetype = htmlspecialchars( $wgRequest->getText( 'wpRetype' ) );
372 $encEmail = htmlspecialchars( $wgRequest->getText( 'wpEmail' ) );
373 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
374 <td align=right>$ypa:</td>
375 <td align=left>
376 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$encRetype}\"
377 size=20>
378 </td><td>$nuo</td></tr>
379 <tr>
380 <td align=right>$ye:</td>
381 <td align=left>
382 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$encEmail}\" size=20>
383 </td><td align=left>
384 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
385 $cambutton
386 </td></tr>");
387 }
388
389 $wgOut->addHTML("
390 <tr><td colspan=3>&nbsp;</td></tr><tr>
391 <td colspan=3 align=left>
392 <p>$efl<br>
393 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
394 </td></tr></table>
395 </form>\n" );
396 $wgOut->addHTML( $endText );
397 }
398
399 /* private */ function hasSessionCookie()
400 {
401 global $wgDisableCookieCheck;
402 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
403 }
404
405 /* private */ function cookieRedirectCheck( $type )
406 {
407 global $wgOut, $wgLang;
408
409 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
410 $check = $titleObj->getFullURL( "wpCookieCheck=$type" );
411
412 return $wgOut->redirect( $check );
413 }
414
415 /* private */ function onCookieRedirectCheck( $type ) {
416 global $wgUser;
417
418 if ( !hasSessionCookie() ) {
419 if ( $type == "new" ) {
420 return mainLoginForm( wfMsg( "nocookiesnew" ) );
421 } else if ( $type == "login" ) {
422 return mainLoginForm( wfMsg( "nocookieslogin" ) );
423 } else {
424 # shouldn't happen
425 return mainLoginForm( wfMsg( "error" ) );
426 }
427 } else {
428 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
429 }
430 }
431
432 ?>
MediaWiki Core