search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Break backwards compatibility: Make image links parse for extended syntax even if...
[mediawiki.git] / includes / SpecialUserlogin.php
blob186521b9da54fb1fc93719f2e8c3d090f09d1232
1 <?
2
3 function wfSpecialUserlogin()
4 {
5 global $wpCreateaccount, $wpCreateaccountMail;
6 global $wpLoginattempt, $wpMailmypassword;
7 global $action, $_REQUEST;
8
9 $fields = array( "wpName", "wpPassword", "wpName",
10 "wpPassword", "wpRetype", "wpEmail" );
11 wfCleanFormFields( $fields );
12
13 # When switching accounts, it sucks to get automatically logged out
14 global $returnto, $wgLang;
15 if( $returnto == $wgLang->specialPage( "Userlogout" ) ) $returnto = "";
16
17 $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
18
19 if ( isset( $wpCookieCheck ) ) {
20 onCookieRedirectCheck( $wpCookieCheck );
21 } else if ( isset( $wpCreateaccount ) ) {
22 addNewAccount();
23 } else if ( isset( $wpCreateaccountMail ) ) {
24 addNewAccountMailPassword();
25 } else if ( isset( $wpMailmypassword ) ) {
26 mailPassword();
27 } else if ( "submit" == $action || isset( $wpLoginattempt ) ) {
28 processLogin();
29 } else {
30 mainLoginForm( "" );
31 }
32 }
33
34
35 /* private */ function addNewAccountMailPassword()
36 {
37 global $wgOut, $wpEmail, $wpName;
38
39 if ("" == $wpEmail) {
40 mainLoginForm( wfMsg( "noemail", $wpName ) );
41 return;
42 }
43
44 $u = addNewaccountInternal();
45
46 if ($u == NULL) {
47 return;
48 }
49
50 $u->saveSettings();
51 if (mailPasswordInternal($u) == NULL) {
52 return;
53 }
54
55 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
56 $wgOut->setRobotpolicy( "noindex,nofollow" );
57 $wgOut->setArticleRelated( false );
58
59 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
60 $wgOut->returnToMain( false );
61
62 $u = 0;
63 }
64
65
66 /* private */ function addNewAccount()
67 {
68 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
69 global $wpEmail, $wgDeferredUpdateList;
70
71 $u = addNewAccountInternal();
72
73 if ($u == NULL) {
74 return;
75 }
76
77 $wgUser = $u;
78 $wgUser->setCookies();
79
80 $up = new UserUpdate();
81 array_push( $wgDeferredUpdateList, $up );
82
83 if( hasSessionCookie() ) {
84 return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
85 } else {
86 return cookieRedirectCheck( "new" );
87 }
88 }
89
90
91 /* private */ function addNewAccountInternal()
92 {
93 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
94 global $wpEmail, $wgMaxNameChars;
95
96 if (!$wgUser->isAllowedToCreateAccount()) {
97 userNotPrivilegedMessage();
98 return;
99 }
100
101 if ( 0 != strcmp( $wpPassword, $wpRetype ) ) {
102 mainLoginForm( wfMsg( "badretype" ) );
103 return;
104 }
105 $wpName = trim( $wpName );
106 if ( ( "" == $wpName ) ||
107 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $wpName ) ||
108 (strpos( $wpName, "/" ) !== false) ||
109 (strlen( $wpName ) > $wgMaxNameChars) )
110 {
111 mainLoginForm( wfMsg( "noname" ) );
112 return;
113 }
114 if ( wfReadOnly() ) {
115 $wgOut->readOnlyPage();
116 return;
117 }
118 $u = User::newFromName( $wpName );
119
120 if ( 0 != $u->idForName() ) {
121 mainLoginForm( wfMsg( "userexists" ) );
122 return;
123 }
124 $u->addToDatabase();
125 $u->setPassword( $wpPassword );
126 $u->setEmail( $wpEmail );
127 if ( 1 == $wpRemember ) { $r = 1; }
128 else { $r = 0; }
129 $u->setOption( "rememberpassword", $r );
130
131 return $u;
132 }
133
134
135
136
137 /* private */ function processLogin()
138 {
139 global $wgUser, $wpName, $wpPassword, $wpRemember;
140 global $wgDeferredUpdateList;
141 global $returnto;
142
143 if ( "" == $wpName ) {
144 mainLoginForm( wfMsg( "noname" ) );
145 return;
146 }
147 $u = User::newFromName( $wpName );
148 $id = $u->idForName();
149 if ( 0 == $id ) {
150 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
151 return;
152 }
153 $u->setId( $id );
154 $u->loadFromDatabase();
155 $ep = $u->encryptPassword( $wpPassword );
156 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
157 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
158 mainLoginForm( wfMsg( "wrongpassword" ) );
159 return;
160 }
161 }
162
163 # We've verified now, update the real record
164 #
165 if ( 1 == $wpRemember ) {
166 $r = 1;
167 $u->setCookiePassword( $wpPassword );
168 } else {
169 $r = 0;
170 }
171 $u->setOption( "rememberpassword", $r );
172
173 $wgUser = $u;
174 $wgUser->setCookies();
175
176 $up = new UserUpdate();
177 array_push( $wgDeferredUpdateList, $up );
178
179 if( hasSessionCookie() ) {
180 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
181 } else {
182 return cookieRedirectCheck( "login" );
183 }
184 }
185
186 /* private */ function mailPassword()
187 {
188 global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
189 global $wgCookiePath, $wgCookieDomain, $wgDBname;
190
191 if ( "" == $wpName ) {
192 mainLoginForm( wfMsg( "noname" ) );
193 return;
194 }
195 $u = User::newFromName( $wpName );
196 $id = $u->idForName();
197 if ( 0 == $id ) {
198 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
199 return;
200 }
201 $u->setId( $id );
202 $u->loadFromDatabase();
203
204 if (mailPasswordInternal($u) == NULL) {
205 return;
206 }
207
208 mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
209 }
210
211
212 /* private */ function mailPasswordInternal( $u )
213 {
214 global $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
215 global $wgPasswordSender, $wgDBname;
216
217 if ( "" == $u->getEmail() ) {
218 mainLoginForm( wfMsg( "noemail", $u->getName() ) );
219 return;
220 }
221 $np = User::randomPassword();
222 $u->setNewpassword( $np );
223
224 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
225 $u->saveSettings();
226
227 $ip = getenv( "REMOTE_ADDR" );
228 if ( "" == $ip ) { $ip = "(Unknown)"; }
229
230 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
231
232 mail( $u->getEmail(), wfMsg( "passwordremindertitle" ), $m,
233 "MIME-Version: 1.0\r\n" .
234 "Content-type: text/plain; charset={$wgOutputEncoding}\r\n" .
235 "Content-transfer-encoding: 8bit\r\n" .
236 "From: $wgPasswordSender" );
237
238 return $u;
239 }
240
241
242
243
244
245 /* private */ function successfulLogin( $msg )
246 {
247 global $wgUser;
248 global $wgDeferredUpdateList;
249 global $wgOut;
250
251 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
252 $wgOut->setRobotpolicy( "noindex,nofollow" );
253 $wgOut->setArticleRelated( false );
254 $wgOut->addHTML( $msg . "\n<p>" );
255 $wgOut->returnToMain();
256 }
257
258 function userNotPrivilegedMessage()
259 {
260 global $wgOut, $wgUser, $wgLang;
261
262 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
263 $wgOut->setRobotpolicy( "noindex,nofollow" );
264 $wgOut->setArticleRelated( false );
265
266 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
267
268 $wgOut->returnToMain( false );
269 }
270
271 /* private */ function mainLoginForm( $err )
272 {
273 global $wgUser, $wgOut, $wgLang, $returnto;
274 global $wpName, $wpPassword, $wpRetype, $wpRemember;
275 global $wpEmail, $HTTP_COOKIE_VARS, $wgDBname;
276
277 $le = wfMsg( "loginerror" );
278 $yn = wfMsg( "yourname" );
279 $yp = wfMsg( "yourpassword" );
280 $ypa = wfMsg( "yourpasswordagain" );
281 $rmp = wfMsg( "remembermypassword" );
282 $nuo = wfMsg( "newusersonly" );
283 $li = wfMsg( "login" );
284 $ca = wfMsg( "createaccount" );
285 $cam = wfMsg( "createaccountmail" );
286 $ye = wfMsg( "youremail" );
287 $efl = wfMsg( "emailforlost" );
288 $mmp = wfMsg( "mailmypassword" );
289 $endText = wfMsg( "loginend" );
290
291
292 $name = $wpName;
293 if ( "" == $name ) {
294 if ( 0 != $wgUser->getID() ) {
295 $name = $wgUser->getName();
296 } else {
297 $name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
298 }
299 }
300 $pwd = $wpPassword;
301
302 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
303 $wgOut->setRobotpolicy( "noindex,nofollow" );
304 $wgOut->setArticleRelated( false );
305
306 if ( "" == $err ) {
307 $lp = wfMsg( "loginprompt" );
308 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
309 } else {
310 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
311 color='red'>$err</font>\n" );
312 }
313 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
314 $checked = " checked";
315 } else {
316 $checked = "";
317 }
318 $q = "action=submit";
319 if ( "" != $returnto ) { $q .= "&returnto=" . wfUrlencode($returnto); }
320 $action = wfLocalUrlE( $wgLang->specialPage( "Userlogin" ), $q );
321
322 $wpName = wfEscapeHTML( $wpName );
323 $wpPassword = wfEscapeHTML( $wpPassword );
324 $wpRetype = wfEscapeHTML( $wpRetype );
325 $wpEmail = wfEscapeHTML( $wpEmail );
326
327 if ($wgUser->getID() != 0) {
328 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
329 }
330
331 $wgOut->addHTML( "
332 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
333 <table border=0><tr>
334 <td align=right>$yn:</td>
335 <td align=left>
336 <input tabindex=1 type=text name=\"wpName\" value=\"{$name}\" size=20>
337 </td>
338 <td align=left>
339 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
340 </td>
341 </tr>
342 <tr>
343 <td align=right>$yp:</td>
344 <td align=left>
345 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$pwd}\" size=20>
346 </td>
347 <td align=left>
348 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
349 </td>
350 </tr>");
351
352 if ($wgUser->isAllowedToCreateAccount()) {
353
354 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
355 <td align=right>$ypa:</td>
356 <td align=left>
357 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$wpRetype}\"
358 size=20>
359 </td><td>$nuo</td></tr>
360 <tr>
361 <td align=right>$ye:</td>
362 <td align=left>
363 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$wpEmail}\" size=20>
364 </td><td align=left>
365 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
366 $cambutton
367 </td></tr>");
368 }
369
370 $wgOut->addHTML("
371 <tr><td colspan=3>&nbsp;</td></tr><tr>
372 <td colspan=3 align=left>
373 <p>$efl<br>
374 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
375 </td></tr></table>
376 </form>\n" );
377 $wgOut->addHTML( $endText );
378 }
379
380 /* private */ function hasSessionCookie()
381 {
382 global $wgDisableCookieCheck;
383 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
384 }
385
386 /* private */ function cookieRedirectCheck( $type )
387 {
388 global $wgOut, $wgLang;
389
390 $check = wfLocalUrl( wfUrlEncode( $wgLang->specialPage( "Userlogin" ) ),
391 "wpCookieCheck=$type" );
392
393 return $wgOut->redirect( $check );
394 }
395
396 /* private */ function onCookieRedirectCheck( $type ) {
397 global $wgUser;
398
399 if ( !hasSessionCookie() ) {
400 if ( $type == "new" ) {
401 return mainLoginForm( wfMsg( "nocookiesnew" ) );
402 } else if ( $type == "login" ) {
403 return mainLoginForm( wfMsg( "nocookieslogin" ) );
404 } else {
405 # shouldn't happen
406 return mainLoginForm( wfMsg( "error" ) );
407 }
408 } else {
409 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
410 }
411 }
412
413 ?>
MediaWiki Core