URL-escape the main page link on the logo
[mediawiki.git] / includes / SpecialUserlogin.php
blob62587cc03e7de6478ed1c936d47850bd1c14f1dc
1 <?
3 function wfSpecialUserlogin()
5 global $wpCreateaccount, $wpCreateaccountMail;
6 global $wpLoginattempt, $wpMailmypassword;
7 global $action;
9 $fields = array( "wpName", "wpPassword", "wpName",
10 "wpPassword", "wpRetype", "wpEmail" );
11 wfCleanFormFields( $fields );
13 if ( isset( $wpCreateaccount ) ) {
14 addNewAccount();
15 } else if ( isset( $wpCreateaccountMail ) ) {
16 addNewAccountMailPassword();
17 } else if ( isset( $wpMailmypassword ) ) {
18 mailPassword();
19 } else if ( "submit" == $action || isset( $wpLoginattempt ) ) {
20 processLogin();
21 } else {
22 mainLoginForm( "" );
27 /* private */ function addNewAccountMailPassword()
29 global $wgOut, $wpEmail, $wpName;
31 if ("" == $wpEmail) {
32 $m = str_replace( "$1", $wpName, wfMsg( "noemail" ) );
33 mainLoginForm( $m );
34 return;
37 $u = addNewaccountInternal();
39 if ($u == NULL) {
40 return;
43 $u->saveSettings();
44 mailPasswordInternal($u);
46 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
47 $wgOut->setRobotpolicy( "noindex,nofollow" );
48 $wgOut->setArticleFlag( false );
50 $m = str_replace( "$1", $u->getName(), wfMsg( "accmailtext" ) );
51 $m = str_replace( "$2", $u->getEmail(), $m );
52 $wgOut->addWikiText( $m );
53 $wgOut->returnToMain( false );
55 $u = 0;
59 /* private */ function addNewAccount()
61 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
62 global $wpEmail, $wgDeferredUpdateList;
64 $u = addNewAccountInternal();
66 if ($u == NULL) {
67 return;
70 $wgUser = $u;
71 $m = str_replace( "$1", $wgUser->getName(), wfMsg( "welcomecreation" ) );
72 successfulLogin( $m );
76 /* private */ function addNewAccountInternal()
78 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
79 global $wpEmail, $wgDeferredUpdateList;
81 if (!userAllowedToCreateAccount()) {
82 userNotPrivilegedMessage();
83 return;
86 if ( 0 != strcmp( $wpPassword, $wpRetype ) ) {
87 mainLoginForm( wfMsg( "badretype" ) );
88 return;
90 $wpName = trim( $wpName );
91 if ( ( "" == $wpName ) ||
92 preg_match( "/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/", $wpName ) ||
93 (strpos( $wpName, "/" ) !== false) )
95 mainLoginForm( wfMsg( "noname" ) );
96 return;
98 if ( wfReadOnly() ) {
99 $wgOut->readOnlyPage();
100 return;
102 $u = User::newFromName( $wpName );
104 if ( 0 != $u->idForName() ) {
105 mainLoginForm( wfMsg( "userexists" ) );
106 return;
108 $u->addToDatabase();
109 $u->setPassword( $wpPassword );
110 $u->setEmail( $wpEmail );
111 if ( 1 == $wpRemember ) { $r = 1; }
112 else { $r = 0; }
113 $u->setOption( "rememberpassword", $r );
115 return $u;
121 /* private */ function processLogin()
123 global $wgUser, $wpName, $wpPassword, $wpRemember;
124 global $returnto;
126 if ( "" == $wpName ) {
127 mainLoginForm( wfMsg( "noname" ) );
128 return;
130 $u = User::newFromName( $wpName );
131 $id = $u->idForName();
132 if ( 0 == $id ) {
133 $m = str_replace( "$1", $u->getName(), wfMsg( "nosuchuser" ) );
134 mainLoginForm( $m );
135 return;
137 $u->setId( $id );
138 $u->loadFromDatabase();
139 $ep = $u->encryptPassword( $wpPassword );
140 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
141 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
142 mainLoginForm( wfMsg( "wrongpassword" ) );
143 return;
147 # We've verified now, update the real record
149 if ( 1 == $wpRemember ) {
150 $r = 1;
151 $u->setCookiePassword( $wpPassword );
152 } else {
153 $r = 0;
155 $u->setOption( "rememberpassword", $r );
157 $wgUser = $u;
158 $m = str_replace( "$1", $wgUser->getName(), wfMsg( "loginsuccess" ) );
159 successfulLogin( $m );
162 /* private */ function mailPassword()
164 global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
166 if ( "" == $wpName ) {
167 mainLoginForm( wfMsg( "noname" ) );
168 return;
170 $u = User::newFromName( $wpName );
171 $id = $u->idForName();
172 if ( 0 == $id ) {
173 $m = str_replace( "$1", $u->getName(), wfMsg( "nosuchuser" ) );
174 mainLoginForm( $m );
175 return;
177 $u->setId( $id );
178 $u->loadFromDatabase();
180 if (mailPasswordInternal($u) == NULL) {
181 return;
184 $m = str_replace( "$1", $u->getName(), wfMsg( "passwordsent" ) );
185 mainLoginForm( $m );
189 /* private */ function mailPasswordInternal( $u )
191 global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
192 global $wgPasswordSender;
194 if ( "" == $u->getEmail() ) {
195 $m = str_replace( "$1", $u->getName(), wfMsg( "noemail" ) );
196 mainLoginForm( $m );
197 return;
199 $np = User::randomPassword();
200 $u->setNewpassword( $np );
202 setcookie( "wcUserPassword", "", time() - 3600 );
203 $u->saveSettings();
205 $ip = getenv( "REMOTE_ADDR" );
206 if ( "" == $ip ) { $ip = "(Unknown)"; }
208 $m = str_replace( "$1", $ip, wfMsg( "passwordremindertext" ) );
209 $m = str_replace( "$2", $u->getName(), $m );
210 $m = str_replace( "$3", $np, $m );
212 mail( $u->getEmail(), wfMsg( "passwordremindertitle" ), $m,
213 "MIME-Version: 1.0\r\n" .
214 "Content-type: text/plain; charset={$wgOutputEncoding}\r\n" .
215 "Content-transfer-encoding: 8bit\r\n" .
216 "From: $wgPasswordSender" );
218 return $u;
225 /* private */ function successfulLogin( $msg )
227 global $wgUser, $wgOut, $returnto;
228 global $wgDeferredUpdateList;
230 $wgUser->setCookies();
231 $up = new UserUpdate();
232 array_push( $wgDeferredUpdateList, $up );
234 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
235 $wgOut->setRobotpolicy( "noindex,nofollow" );
236 $wgOut->setArticleFlag( false );
237 $wgOut->addHTML( $msg . "\n<p>" );
238 $wgOut->returnToMain();
243 /* private */ function userAllowedToCreateAccount()
245 global $wgUser, $wgWhitelistAccount;
246 $allowed = false;
248 if (!$wgWhitelistAccount) { return 1; }; // default behaviour
249 foreach ($wgWhitelistAccount as $right => $ok) {
250 $userHasRight = (!strcmp($right, "user") || in_array($right, $wgUser->getRights()));
251 $allowed |= ($ok && $userHasRight);
253 return $allowed;
257 function userNotPrivilegedMessage()
259 global $wgOut, $wgUser, $wgLang;
261 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
262 $wgOut->setRobotpolicy( "noindex,nofollow" );
263 $wgOut->setArticleFlag( false );
265 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
266 $wgOut->returnToMain( false );
272 /* private */ function mainLoginForm( $err )
274 global $wgUser, $wgOut, $wgLang, $returnto;
275 global $wpName, $wpPassword, $wpRetype, $wpRemember;
276 global $wpEmail, $HTTP_COOKIE_VARS;
278 $le = wfMsg( "loginerror" );
279 $yn = wfMsg( "yourname" );
280 $yp = wfMsg( "yourpassword" );
281 $ypa = wfMsg( "yourpasswordagain" );
282 $rmp = wfMsg( "remembermypassword" );
283 $ayn = wfMsg( "areyounew" );
284 $nuo = wfMsg( "newusersonly" );
285 $li = wfMsg( "login" );
286 $ca = wfMsg( "createaccount" );
287 $cam = wfMsg( "createaccountmail" );
288 $ye = wfMsg( "youremail" );
289 $efl = wfMsg( "emailforlost" );
290 $mmp = wfMsg( "mailmypassword" );
292 $name = $wpName;
293 if ( "" == $name ) {
294 if ( 0 != $wgUser->getID() ) {
295 $name = $wgUser->getName();
296 } else {
297 $name = $HTTP_COOKIE_VARS["wcUserName"];
300 $pwd = $wpPassword;
302 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
303 $wgOut->setRobotpolicy( "noindex,nofollow" );
304 $wgOut->setArticleFlag( false );
306 if ( "" == $err ) {
307 $wgOut->addHTML( "<h2>$li:</h2>\n" );
308 } else {
309 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
310 color='red'>$err</font>\n" );
312 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
313 $checked = " checked";
314 } else {
315 $checked = "";
317 $q = "action=submit";
318 if ( "" != $returnto ) { $q .= "&returnto=" . wfUrlencode($returnto); }
319 $action = wfLocalUrlE( $wgLang->specialPage( "Userlogin" ), $q );
321 $wpName = wfEscapeHTML( $wpName );
322 $wpPassword = wfEscapeHTML( $wpPassword );
323 $wpRetype = wfEscapeHTML( $wpRetype );
324 $wpEmail = wfEscapeHTML( $wpEmail );
326 if ($wgUser->getID() != 0) {
327 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
330 $wgOut->addHTML( "
331 <form id=\"userlogin\" method=\"post\" action=\"{$action}\">
332 <table border=0><tr>
333 <td align=right>$yn:</td>
334 <td colspan=2 align=left>
335 <input tabindex=1 type=text name=\"wpName\" value=\"{$name}\" size=20>
336 </td></tr><tr>
337 <td align=right>$yp:</td>
338 <td align=left>
339 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$pwd}\" size=20>
340 </td>
341 <td align=left>
342 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
343 </td></tr>");
345 if (userAllowedToCreateAccount($wgUser)) {
347 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
348 <td align=right>$ypa:</td>
349 <td align=left>
350 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$wpRetype}\"
351 size=20>
352 </td><td>$nuo</td></tr>
353 <tr>
354 <td align=right>$ye:</td>
355 <td align=left>
356 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$wpEmail}\" size=20>
357 </td><td align=left>
358 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
359 $cambutton
360 </td></tr>");
363 $wgOut->addHTML("
364 <tr>
365 <td colspan=3 align=left>
366 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
367 </td></tr>
368 <tr><td colspan=3>&nbsp;</td></tr><tr>
369 <td colspan=3 align=left>
370 <p>$efl<br>
371 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
372 </td></tr></table>
373 </form>\n" );