search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Removed allpagesformtext1 and allpagesformtext2, obsolete
[mediawiki.git] / includes / SpecialUserlogin.php
blobb33b95395cc9423b7416713e7b4aac16fccd4311
1 <?php
2 /**
3 *
4 * @package MediaWiki
5 * @subpackage SpecialPage
6 */
7
8 /**
9 * constructor
10 */
11 function wfSpecialUserlogin() {
12 global $wgCommandLineMode;
13 global $wgRequest;
14 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get('session.name')] ) ) {
15 User::SetupSession();
16 }
17
18 $form = new LoginForm( $wgRequest );
19 $form->execute();
20 }
21
22 /**
23 *
24 * @package MediaWiki
25 * @subpackage SpecialPage
26 */
27 class LoginForm {
28 var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted;
29 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
30 var $mLoginattempt, $mRemember, $mEmail;
31
32 /**
33 * Constructor
34 * @param webrequest $request A webrequest object passed by reference
35 */
36 function LoginForm( &$request ) {
37 global $wgLang, $wgAllowRealName, $wgEnableEmail;
38
39 $this->mName = $request->getText( 'wpName' );
40 $this->mPassword = $request->getText( 'wpPassword' );
41 $this->mRetype = $request->getText( 'wpRetype' );
42 $this->mReturnto = $request->getVal( 'returnto' );
43 $this->mCookieCheck = $request->getVal( 'wpCookieCheck' );
44 $this->mPosted = $request->wasPosted();
45 $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' );
46 $this->mCreateaccountMail = $request->getCheck( 'wpCreateaccountMail' )
47 && $wgEnableEmail;
48 $this->mMailmypassword = $request->getCheck( 'wpMailmypassword' )
49 && $wgEnableEmail;
50 $this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
51 $this->mAction = $request->getVal( 'action' );
52 $this->mRemember = $request->getCheck( 'wpRemember' );
53
54 if( $wgEnableEmail ) {
55 $this->mEmail = $request->getText( 'wpEmail' );
56 } else {
57 $this->mEmail = '';
58 }
59 if( $wgAllowRealName ) {
60 $this->mRealName = $request->getText( 'wpRealName' );
61 } else {
62 $this->mRealName = '';
63 }
64
65 # When switching accounts, it sucks to get automatically logged out
66 if( $this->mReturnto == $wgLang->specialPage( 'Userlogout' ) ) {
67 $this->mReturnto = '';
68 }
69 }
70
71 function execute() {
72 if ( !is_null( $this->mCookieCheck ) ) {
73 $this->onCookieRedirectCheck( $this->mCookieCheck );
74 return;
75 } else if( $this->mPosted ) {
76 if( $this->mCreateaccount ) {
77 return $this->addNewAccount();
78 } else if ( $this->mCreateaccountMail ) {
79 return $this->addNewAccountMailPassword();
80 } else if ( $this->mMailmypassword ) {
81 return $this->mailPassword();
82 } else if ( ( 'submitlogin' == $this->mAction ) || $this->mLoginattempt ) {
83 return $this->processLogin();
84 }
85 }
86 $this->mainLoginForm( '' );
87 }
88
89 /**
90 * @access private
91 */
92 function addNewAccountMailPassword() {
93 global $wgOut;
94
95 if ('' == $this->mEmail) {
96 $this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName ) ) );
97 return;
98 }
99
100 $u = $this->addNewaccountInternal();
101
102 if ($u == NULL) {
103 return;
104 }
105
106 $u->saveSettings();
107 $result = $this->mailPasswordInternal($u);
108
109 $wgOut->setPageTitle( wfMsg( 'accmailtitle' ) );
110 $wgOut->setRobotpolicy( 'noindex,nofollow' );
111 $wgOut->setArticleRelated( false );
112
113 if( WikiError::isError( $result ) ) {
114 $this->mainLoginForm( wfMsg( 'mailerror', $result->getMessage() ) );
115 } else {
116 $wgOut->addWikiText( wfMsg( 'accmailtext', $u->getName(), $u->getEmail() ) );
117 $wgOut->returnToMain( false );
118 }
119 $u = 0;
120 }
121
122
123 /**
124 * @access private
125 */
126 function addNewAccount() {
127 global $wgUser, $wgOut;
128
129 $u = $this->addNewAccountInternal();
130
131 if ($u == NULL) {
132 return;
133 }
134
135 $wgUser = $u;
136 $wgUser->setCookies();
137
138 $wgUser->saveSettings();
139 if( $wgUser->isValidEmailAddr( $wgUser->getEmail() ) ) {
140 $wgUser->sendConfirmationMail();
141 }
142
143 if( $this->hasSessionCookie() ) {
144 return $this->successfulLogin( wfMsg( 'welcomecreation', $wgUser->getName() ) );
145 } else {
146 return $this->cookieRedirectCheck( 'new' );
147 }
148 }
149
150 /**
151 * @access private
152 */
153 function addNewAccountInternal() {
154 global $wgUser, $wgOut;
155 global $wgMaxNameChars;
156 global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
157 global $wgMinimalPasswordLength;
158
159 if (!$wgUser->isAllowedToCreateAccount()) {
160 $this->userNotPrivilegedMessage();
161 return false;
162 }
163
164 if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
165 $this->mainLoginForm( wfMsg( 'badretype' ) );
166 return false;
167 }
168
169 $name = trim( $this->mName );
170 $u = User::newFromName( $name );
171 if ( is_null( $u ) ||
172 ( '' == $name ) ||
173 $wgUser->isIP( $name ) ||
174 (strpos( $name, '/' ) !== false) ||
175 (strlen( $name ) > $wgMaxNameChars) ||
176 ucFirst($name) != $u->getName() )
177 {
178 $this->mainLoginForm( wfMsg( 'noname' ) );
179 return false;
180 }
181 if ( wfReadOnly() ) {
182 $wgOut->readOnlyPage();
183 return false;
184 }
185
186 if ( 0 != $u->idForName() ) {
187 $this->mainLoginForm( wfMsg( 'userexists' ) );
188 return false;
189 }
190
191 if ( strlen( $this->mPassword ) < $wgMinimalPasswordLength ) {
192 $this->mainLoginForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) );
193 return false;
194 }
195
196 if ( $wgAccountCreationThrottle ) {
197 $key = $wgDBname.':acctcreate:ip:'.$wgIP;
198 $value = $wgMemc->incr( $key );
199 if ( !$value ) {
200 $wgMemc->set( $key, 1, 86400 );
201 }
202 if ( $value > $wgAccountCreationThrottle ) {
203 $this->throttleHit( $wgAccountCreationThrottle );
204 return false;
205 }
206 }
207
208 return $this->initUser( $u );
209 }
210
211 /**
212 * Actually add a user to the database.
213 * Give it a User object that has been initialised with a name.
214 *
215 * @param User $u
216 * @return User
217 * @access private
218 */
219 function &initUser( &$u ) {
220 $u->addToDatabase();
221 $u->setPassword( $this->mPassword );
222 $u->setEmail( $this->mEmail );
223 $u->setRealName( $this->mRealName );
224 $u->setToken();
225
226 global $wgAuth;
227 $wgAuth->initUser( $u );
228
229 if ( $this->mRemember ) { $r = 1; }
230 else { $r = 0; }
231 $u->setOption( 'rememberpassword', $r );
232
233 return $u;
234 }
235
236 /**
237 * @access private
238 */
239 function processLogin() {
240 global $wgUser;
241
242 if ( '' == $this->mName ) {
243 $this->mainLoginForm( wfMsg( 'noname' ) );
244 return;
245 }
246 $u = User::newFromName( $this->mName );
247 if( is_null( $u ) ) {
248 $this->mainLoginForm( wfMsg( 'noname' ) );
249 return;
250 }
251 if ( 0 == $u->getID() ) {
252 global $wgAuth;
253 /**
254 * If the external authentication plugin allows it,
255 * automatically create a new account for users that
256 * are externally defined but have not yet logged in.
257 */
258 if ( $wgAuth->autoCreate() && $wgAuth->userExists( $u->getName() ) ) {
259 if ( $wgAuth->authenticate( $u->getName(), $this->mPassword ) ) {
260 $u =& $this->initUser( $u );
261 } else {
262 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
263 return;
264 }
265 } else {
266 $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) );
267 return;
268 }
269 } else {
270 $u->loadFromDatabase();
271 }
272
273 if (!$u->checkPassword( $this->mPassword )) {
274 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
275 return;
276 }
277
278 # We've verified now, update the real record
279 #
280 if ( $this->mRemember ) {
281 $r = 1;
282 } else {
283 $r = 0;
284 }
285 $u->setOption( 'rememberpassword', $r );
286
287 $wgUser = $u;
288 $wgUser->setCookies();
289
290 $wgUser->saveSettings();
291
292 if( $this->hasSessionCookie() ) {
293 return $this->successfulLogin( wfMsg( 'loginsuccess', $wgUser->getName() ) );
294 } else {
295 return $this->cookieRedirectCheck( 'login' );
296 }
297 }
298
299 /**
300 * @access private
301 */
302 function mailPassword() {
303 global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
304 global $wgCookiePath, $wgCookieDomain, $wgDBname;
305
306 if ( '' == $this->mName ) {
307 $this->mainLoginForm( wfMsg( 'noname' ) );
308 return;
309 }
310 $u = User::newFromName( $this->mName );
311 if( is_null( $u ) ) {
312 $this->mainLoginForm( wfMsg( 'noname' ) );
313 return;
314 }
315 if ( 0 == $u->getID() ) {
316 $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) );
317 return;
318 }
319
320 $u->loadFromDatabase();
321
322 $result = $this->mailPasswordInternal( $u );
323 if( WikiError::isError( $result ) ) {
324 $this->mainLoginForm( wfMsg( 'mailerror', $result->getMessage() ) );
325 } else {
326 $this->mainLoginForm( wfMsg( 'passwordsent', $u->getName() ) );
327 }
328 }
329
330
331 /**
332 * @return mixed true on success, WikiError on failure
333 * @access private
334 */
335 function mailPasswordInternal( $u ) {
336 global $wgPasswordSender, $wgDBname, $wgIP;
337 global $wgCookiePath, $wgCookieDomain;
338
339 if ( '' == $u->getEmail() ) {
340 return wfMsg( 'noemail', $u->getName() );
341 }
342
343 $np = $u->randomPassword();
344 $u->setNewpassword( $np );
345
346 setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain );
347
348 $u->saveSettings();
349
350 $ip = $wgIP;
351 if ( '' == $ip ) { $ip = '(Unknown)'; }
352
353 $m = wfMsg( 'passwordremindermailbody', $ip, $u->getName(), wfUrlencode($u->getName()), $np );
354 $result = $u->sendMail( wfMsg( 'passwordremindermailsubject' ), $m );
355
356 return $result;
357 }
358
359
360 /**
361 * @param string $msg Message that will be shown on success.
362 * @access private
363 */
364 function successfulLogin( $msg ) {
365 global $wgUser;
366 global $wgOut;
367
368 # Run any hooks; ignore results
369
370 wfRunHooks('UserLoginComplete', array(&$wgUser));
371
372 $wgOut->setPageTitle( wfMsg( 'loginsuccesstitle' ) );
373 $wgOut->setRobotpolicy( 'noindex,nofollow' );
374 $wgOut->setArticleRelated( false );
375 $wgOut->addWikiText( $msg );
376 $wgOut->returnToMain();
377 }
378
379 /** */
380 function userNotPrivilegedMessage() {
381 global $wgOut;
382
383 $wgOut->setPageTitle( wfMsg( 'whitelistacctitle' ) );
384 $wgOut->setRobotpolicy( 'noindex,nofollow' );
385 $wgOut->setArticleRelated( false );
386
387 $wgOut->addWikiText( wfMsg( 'whitelistacctext' ) );
388
389 $wgOut->returnToMain( false );
390 }
391
392 /**
393 * @access private
394 */
395 function mainLoginForm( $err ) {
396 global $wgUser, $wgOut, $wgLang;
397 global $wgDBname, $wgAllowRealName, $wgEnableEmail;
398
399 if ( '' == $this->mName ) {
400 if ( $wgUser->isLoggedIn() ) {
401 $this->mName = $wgUser->getName();
402 } else {
403 $this->mName = @$_COOKIE[$wgDBname.'UserName'];
404 }
405 }
406
407 $q = 'action=submitlogin';
408 if ( !empty( $this->mReturnto ) ) {
409 $q .= '&returnto=' . wfUrlencode( $this->mReturnto );
410 }
411 $titleObj = Title::makeTitle( NS_SPECIAL, 'Userlogin' );
412
413 require_once( 'templates/Userlogin.php' );
414 $template =& new UserloginTemplate();
415
416 $template->set( 'name', $this->mName );
417 $template->set( 'password', $this->mPassword );
418 $template->set( 'retype', $this->mRetype );
419 $template->set( 'email', $this->mEmail );
420 $template->set( 'realname', $this->mRealName );
421
422 $template->set( 'action', $titleObj->getLocalUrl( $q ) );
423 $template->set( 'error', $err );
424 $template->set( 'create', $wgUser->isAllowedToCreateAccount() );
425 $template->set( 'createemail', $wgEnableEmail && $wgUser->isLoggedIn() );
426 $template->set( 'userealname', $wgAllowRealName );
427 $template->set( 'useemail', $wgEnableEmail );
428 $template->set( 'remember', $wgUser->getOption( 'rememberpassword' ) or $this->mRemember );
429
430 $wgOut->setPageTitle( wfMsg( 'userlogin' ) );
431 $wgOut->setRobotpolicy( 'noindex,nofollow' );
432 $wgOut->setArticleRelated( false );
433 $wgOut->addTemplate( $template );
434 }
435
436 /**
437 * @access private
438 */
439 function hasSessionCookie() {
440 global $wgDisableCookieCheck;
441 return ( $wgDisableCookieCheck ) ? true : ( '' != $_COOKIE[session_name()] );
442 }
443
444 /**
445 * @access private
446 */
447 function cookieRedirectCheck( $type ) {
448 global $wgOut, $wgLang;
449
450 $titleObj = Title::makeTitle( NS_SPECIAL, 'Userlogin' );
451 $check = $titleObj->getFullURL( 'wpCookieCheck='.$type );
452
453 return $wgOut->redirect( $check );
454 }
455
456 /**
457 * @access private
458 */
459 function onCookieRedirectCheck( $type ) {
460 global $wgUser;
461
462 if ( !$this->hasSessionCookie() ) {
463 if ( $type == 'new' ) {
464 return $this->mainLoginForm( wfMsg( 'nocookiesnew' ) );
465 } else if ( $type == 'login' ) {
466 return $this->mainLoginForm( wfMsg( 'nocookieslogin' ) );
467 } else {
468 # shouldn't happen
469 return $this->mainLoginForm( wfMsg( 'error' ) );
470 }
471 } else {
472 return $this->successfulLogin( wfMsg( 'loginsuccess', $wgUser->getName() ) );
473 }
474 }
475
476 /**
477 * @access private
478 */
479 function throttleHit( $limit ) {
480 global $wgOut;
481
482 $wgOut->addWikiText( wfMsg( 'acct_creation_throttle_hit', $limit ) );
483 }
484 }
485 ?>
MediaWiki Core