search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix early finish problem introduced by dupe message fix
[mediawiki.git] / includes / SpecialUserlogin.php
blob0ef1d3ba1e09b21355b5d0160be4215fde2e3e6b
1 <?php
2
3 function wfSpecialUserlogin()
4 {
5 global $wpCreateaccount, $wpCreateaccountMail;
6 global $wpLoginattempt, $wpMailmypassword;
7 global $action, $_REQUEST, $wgCommandLineMode;
8 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
9 User::SetupSession();
10 }
11
12 $fields = array( "wpName", "wpPassword", "wpName",
13 "wpPassword", "wpRetype", "wpEmail" );
14 wfCleanFormFields( $fields );
15
16 # When switching accounts, it sucks to get automatically logged out
17 global $returnto, $wgLang;
18 if( $returnto == $wgLang->specialPage( "Userlogout" ) ) $returnto = "";
19
20 $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
21
22 if ( isset( $wpCookieCheck ) ) {
23 onCookieRedirectCheck( $wpCookieCheck );
24 } else if ( isset( $wpCreateaccount ) ) {
25 addNewAccount();
26 } else if ( isset( $wpCreateaccountMail ) ) {
27 addNewAccountMailPassword();
28 } else if ( isset( $wpMailmypassword ) ) {
29 mailPassword();
30 } else if ( "submit" == $action || isset( $wpLoginattempt ) ) {
31 processLogin();
32 } else {
33 mainLoginForm( "" );
34 }
35 }
36
37
38 /* private */ function addNewAccountMailPassword()
39 {
40 global $wgOut, $wpEmail, $wpName;
41
42 if ("" == $wpEmail) {
43 mainLoginForm( wfMsg( "noemail", $wpName ) );
44 return;
45 }
46
47 $u = addNewaccountInternal();
48
49 if ($u == NULL) {
50 return;
51 }
52
53 $u->saveSettings();
54 if (mailPasswordInternal($u) == NULL) {
55 return;
56 }
57
58 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
59 $wgOut->setRobotpolicy( "noindex,nofollow" );
60 $wgOut->setArticleRelated( false );
61
62 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
63 $wgOut->returnToMain( false );
64
65 $u = 0;
66 }
67
68
69 /* private */ function addNewAccount()
70 {
71 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
72 global $wpEmail, $wgDeferredUpdateList;
73
74 $u = addNewAccountInternal();
75
76 if ($u == NULL) {
77 return;
78 }
79
80 $wgUser = $u;
81 $wgUser->setCookies();
82
83 $up = new UserUpdate();
84 array_push( $wgDeferredUpdateList, $up );
85
86 if( hasSessionCookie() ) {
87 return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
88 } else {
89 return cookieRedirectCheck( "new" );
90 }
91 }
92
93
94 /* private */ function addNewAccountInternal()
95 {
96 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
97 global $wpEmail, $wgMaxNameChars;
98
99 if (!$wgUser->isAllowedToCreateAccount()) {
100 userNotPrivilegedMessage();
101 return;
102 }
103
104 if ( 0 != strcmp( $wpPassword, $wpRetype ) ) {
105 mainLoginForm( wfMsg( "badretype" ) );
106 return;
107 }
108 $wpName = trim( $wpName );
109 if ( ( "" == $wpName ) ||
110 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $wpName ) ||
111 (strpos( $wpName, "/" ) !== false) ||
112 (strlen( $wpName ) > $wgMaxNameChars) )
113 {
114 mainLoginForm( wfMsg( "noname" ) );
115 return;
116 }
117 if ( wfReadOnly() ) {
118 $wgOut->readOnlyPage();
119 return;
120 }
121 $u = User::newFromName( $wpName );
122
123 if ( 0 != $u->idForName() ) {
124 mainLoginForm( wfMsg( "userexists" ) );
125 return;
126 }
127 $u->addToDatabase();
128 $u->setPassword( $wpPassword );
129 $u->setEmail( $wpEmail );
130 if ( 1 == $wpRemember ) { $r = 1; }
131 else { $r = 0; }
132 $u->setOption( "rememberpassword", $r );
133
134 return $u;
135 }
136
137
138
139
140 /* private */ function processLogin()
141 {
142 global $wgUser, $wpName, $wpPassword, $wpRemember;
143 global $wgDeferredUpdateList;
144 global $returnto;
145
146 if ( "" == $wpName ) {
147 mainLoginForm( wfMsg( "noname" ) );
148 return;
149 }
150 $u = User::newFromName( $wpName );
151 $id = $u->idForName();
152 if ( 0 == $id ) {
153 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
154 return;
155 }
156 $u->setId( $id );
157 $u->loadFromDatabase();
158 $ep = $u->encryptPassword( $wpPassword );
159 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
160 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
161 mainLoginForm( wfMsg( "wrongpassword" ) );
162 return;
163 }
164 }
165
166 # We've verified now, update the real record
167 #
168 if ( 1 == $wpRemember ) {
169 $r = 1;
170 $u->setCookiePassword( $wpPassword );
171 } else {
172 $r = 0;
173 }
174 $u->setOption( "rememberpassword", $r );
175
176 $wgUser = $u;
177 $wgUser->setCookies();
178
179 $up = new UserUpdate();
180 array_push( $wgDeferredUpdateList, $up );
181
182 if( hasSessionCookie() ) {
183 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
184 } else {
185 return cookieRedirectCheck( "login" );
186 }
187 }
188
189 /* private */ function mailPassword()
190 {
191 global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
192 global $wgCookiePath, $wgCookieDomain, $wgDBname;
193
194 if ( "" == $wpName ) {
195 mainLoginForm( wfMsg( "noname" ) );
196 return;
197 }
198 $u = User::newFromName( $wpName );
199 $id = $u->idForName();
200 if ( 0 == $id ) {
201 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
202 return;
203 }
204 $u->setId( $id );
205 $u->loadFromDatabase();
206
207 if (mailPasswordInternal($u) == NULL) {
208 return;
209 }
210
211 mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
212 }
213
214
215 /* private */ function mailPasswordInternal( $u )
216 {
217 global $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
218 global $wgPasswordSender, $wgDBname, $wgIP;
219
220 if ( "" == $u->getEmail() ) {
221 mainLoginForm( wfMsg( "noemail", $u->getName() ) );
222 return;
223 }
224 $np = User::randomPassword();
225 $u->setNewpassword( $np );
226
227 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
228 $u->saveSettings();
229
230 $ip = $wgIP;
231 if ( "" == $ip ) { $ip = "(Unknown)"; }
232
233 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
234
235 mail( $u->getEmail(), wfMsg( "passwordremindertitle" ), $m,
236 "MIME-Version: 1.0\r\n" .
237 "Content-type: text/plain; charset={$wgOutputEncoding}\r\n" .
238 "Content-transfer-encoding: 8bit\r\n" .
239 "From: $wgPasswordSender" );
240
241 return $u;
242 }
243
244
245
246
247
248 /* private */ function successfulLogin( $msg )
249 {
250 global $wgUser;
251 global $wgDeferredUpdateList;
252 global $wgOut;
253
254 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
255 $wgOut->setRobotpolicy( "noindex,nofollow" );
256 $wgOut->setArticleRelated( false );
257 $wgOut->addHTML( $msg . "\n<p>" );
258 $wgOut->returnToMain();
259 }
260
261 function userNotPrivilegedMessage()
262 {
263 global $wgOut, $wgUser, $wgLang;
264
265 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
266 $wgOut->setRobotpolicy( "noindex,nofollow" );
267 $wgOut->setArticleRelated( false );
268
269 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
270
271 $wgOut->returnToMain( false );
272 }
273
274 /* private */ function mainLoginForm( $err )
275 {
276 global $wgUser, $wgOut, $wgLang, $returnto;
277 global $wpName, $wpPassword, $wpRetype, $wpRemember;
278 global $wpEmail, $HTTP_COOKIE_VARS, $wgDBname;
279
280 $le = wfMsg( "loginerror" );
281 $yn = wfMsg( "yourname" );
282 $yp = wfMsg( "yourpassword" );
283 $ypa = wfMsg( "yourpasswordagain" );
284 $rmp = wfMsg( "remembermypassword" );
285 $nuo = wfMsg( "newusersonly" );
286 $li = wfMsg( "login" );
287 $ca = wfMsg( "createaccount" );
288 $cam = wfMsg( "createaccountmail" );
289 $ye = wfMsg( "youremail" );
290 $efl = wfMsg( "emailforlost" );
291 $mmp = wfMsg( "mailmypassword" );
292 $endText = wfMsg( "loginend" );
293
294
295 $name = $wpName;
296 if ( "" == $name ) {
297 if ( 0 != $wgUser->getID() ) {
298 $name = $wgUser->getName();
299 } else {
300 $name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
301 }
302 }
303 $pwd = $wpPassword;
304
305 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
306 $wgOut->setRobotpolicy( "noindex,nofollow" );
307 $wgOut->setArticleRelated( false );
308
309 if ( "" == $err ) {
310 $lp = wfMsg( "loginprompt" );
311 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
312 } else {
313 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
314 color='red'>$err</font>\n" );
315 }
316 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
317 $checked = " checked";
318 } else {
319 $checked = "";
320 }
321 $q = "action=submit";
322 if ( "" != $returnto ) { $q .= "&returnto=" . wfUrlencode($returnto); }
323 $action = wfLocalUrlE( $wgLang->specialPage( "Userlogin" ), $q );
324
325 $wpName = wfEscapeHTML( $wpName );
326 $wpPassword = wfEscapeHTML( $wpPassword );
327 $wpRetype = wfEscapeHTML( $wpRetype );
328 $wpEmail = wfEscapeHTML( $wpEmail );
329
330 if ($wgUser->getID() != 0) {
331 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
332 }
333
334 $wgOut->addHTML( "
335 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
336 <table border=0><tr>
337 <td align=right>$yn:</td>
338 <td align=left>
339 <input tabindex=1 type=text name=\"wpName\" value=\"{$name}\" size=20>
340 </td>
341 <td align=left>
342 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
343 </td>
344 </tr>
345 <tr>
346 <td align=right>$yp:</td>
347 <td align=left>
348 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$pwd}\" size=20>
349 </td>
350 <td align=left>
351 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
352 </td>
353 </tr>");
354
355 if ($wgUser->isAllowedToCreateAccount()) {
356
357 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
358 <td align=right>$ypa:</td>
359 <td align=left>
360 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$wpRetype}\"
361 size=20>
362 </td><td>$nuo</td></tr>
363 <tr>
364 <td align=right>$ye:</td>
365 <td align=left>
366 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$wpEmail}\" size=20>
367 </td><td align=left>
368 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
369 $cambutton
370 </td></tr>");
371 }
372
373 $wgOut->addHTML("
374 <tr><td colspan=3>&nbsp;</td></tr><tr>
375 <td colspan=3 align=left>
376 <p>$efl<br>
377 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
378 </td></tr></table>
379 </form>\n" );
380 $wgOut->addHTML( $endText );
381 }
382
383 /* private */ function hasSessionCookie()
384 {
385 global $wgDisableCookieCheck;
386 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
387 }
388
389 /* private */ function cookieRedirectCheck( $type )
390 {
391 global $wgOut, $wgLang;
392
393 $check = wfLocalUrl( wfUrlEncode( $wgLang->specialPage( "Userlogin" ) ),
394 "wpCookieCheck=$type" );
395
396 return $wgOut->redirect( $check );
397 }
398
399 /* private */ function onCookieRedirectCheck( $type ) {
400 global $wgUser;
401
402 if ( !hasSessionCookie() ) {
403 if ( $type == "new" ) {
404 return mainLoginForm( wfMsg( "nocookiesnew" ) );
405 } else if ( $type == "login" ) {
406 return mainLoginForm( wfMsg( "nocookieslogin" ) );
407 } else {
408 # shouldn't happen
409 return mainLoginForm( wfMsg( "error" ) );
410 }
411 } else {
412 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
413 }
414 }
415
416 ?>
MediaWiki Core