private function checkEmail($addr, $expected = true, $msg = '')
{
if ($msg == '') {
$msg = "Testing {$addr}";
}
$this->assertEquals($expected, User::isValidEmailAddr($addr), $msg);
}
public static function receiverIsValid($receiver)
{
// Returns true if the parameter is a valid e-mail address, false if not
$receiverIsValid = true;
// There may be multiple e-mail addresses, divided by commas - which is valid
// for us, but not for the validation functions we use below. So get the single
// address into an array first, validate them one by one, and only if all are ok,
// return true.
$receiverArray = explode(',', str_replace(', ', ',', $receiver));
// To make sure some joker doesn't copy in a large number of e-mail addresses
// and spams them all, lets set a (admittedly arbitrary) limit of 10.
if (count($receiverArray) > 10) {
return false;
}
if (method_exists('Sanitizer', 'validateEmail')) {
// User::isValidEmailAddr() has been moved to Sanitizer::validateEmail as of
// MediaWiki version 1.18 (I think).
foreach ($receiverArray as $singleEmailAddress) {
if (!Sanitizer::validateEmail($singleEmailAddress)) {
$receiverIsValid = false;
}
}
} else {
foreach ($receiverArray as $singleEmailAddress) {
if (!User::isValidEmailAddr($singleEmailAddress)) {
$receiverIsValid = false;
}
}
}
return $receiverIsValid;
}
/**
* Main execution point
*
* @param $code Confirmation code passed to the page
*/
function execute($code)
{
global $wgUser, $wgOut;
$this->setHeaders();
if (wfReadOnly()) {
$wgOut->readOnlyPage();
return;
}
if (empty($code)) {
if ($wgUser->isLoggedIn()) {
if (User::isValidEmailAddr($wgUser->getEmail())) {
$this->showRequestForm();
} else {
$wgOut->addWikiMsg('confirmemail_noemail');
}
} else {
$title = SpecialPage::getTitleFor('Userlogin');
$skin = $wgUser->getSkin();
$llink = $skin->linkKnown($title, wfMsgHtml('loginreqlink'), array(), array('returnto' => $this->getTitle()->getPrefixedText()));
$wgOut->addHTML(wfMsgWikiHtml('confirmemail_needlogin', $llink));
}
} else {
$this->attemptConfirm($code);
}
}
public function execute()
{
$params = $this->extractRequestParams();
// Validation
if (!User::isValidEmailAddr($params['email'])) {
$this->dieUsage('The email address does not appear to be valid', 'invalidemail');
}
// Verification code
$code = md5('EmailCapture' . time() . $params['email'] . $params['info']);
// Insert
$dbw = wfGetDB(DB_MASTER);
$dbw->insert('email_capture', array('ec_email' => $params['email'], 'ec_info' => isset($params['info']) ? $params['info'] : null, 'ec_code' => $code), __METHOD__, array('IGNORE'));
if ($dbw->affectedRows()) {
// Send auto-response
global $wgEmailCaptureSendAutoResponse, $wgEmailCaptureAutoResponse;
$title = SpecialPage::getTitleFor('EmailCapture');
$link = $title->getCanonicalURL();
$fullLink = $title->getCanonicalURL(array('verify' => $code));
if ($wgEmailCaptureSendAutoResponse) {
UserMailer::send(new MailAddress($params['email']), new MailAddress($wgEmailCaptureAutoResponse['from'], $wgEmailCaptureAutoResponse['from-name']), wfMsg($wgEmailCaptureAutoResponse['subject-msg']), wfMsg($wgEmailCaptureAutoResponse['body-msg'], $fullLink, $link, $code), $wgEmailCaptureAutoResponse['reply-to'], $wgEmailCaptureAutoResponse['content-type']);
}
$r = array('result' => 'Success');
} else {
$r = array('result' => 'Failure', 'message' => 'Duplicate email address');
}
$this->getResult()->addValue(null, $this->getModuleName(), $r);
}
public function execute() {
$params = $this->extractRequestParams();
$result = array();
switch ( $params['field'] ) {
case "username":
$mUser = User::newFromName( $params['inputVal'], 'creatable' );
if ( !is_object( $mUser ) ) {
$result['result'] = wfMsg( 'signupapi-noname' );
$result['icon'] = 'MW-Icon-AlertMark.png';
}
if ( 0 != $mUser->idForName() ) {
$result['result'] = wfMsg( 'signupapi-userexists' );
$result['icon'] = "MW-Icon-NoMark.png";
} else {
$result['result'] = wfMsg( 'signupapi-ok' );
$result['icon'] = "MW-Icon-CheckMark.png";
}
break;
case "email" :
$valid = User::isValidEmailAddr( $params['inputVal'] );
if ( $valid ) {
$result['result']= wfMsg( 'signupapi-ok' );
$result['icon'] = "MW-Icon-CheckMark.png";
} else {
$result['result']= wfMsg( 'signupapi-invalidemailaddress' );
$result['icon'] = "MW-Icon-NoMark.png";
}
break;
case "passwordlength" :
global $wgMinimalPasswordLength;
$result['result'] = $wgMinimalPasswordLength;
break;
default :
ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$params['field']}" );
}
$this->getResult()->addValue( null, 'signup', $result );
}
/**
* Main execution point
*
* @param $code Confirmation code passed to the page
*/
function execute($code)
{
global $wgUser, $wgOut;
if (empty($code)) {
if ($wgUser->isLoggedIn()) {
if (User::isValidEmailAddr($wgUser->getEmail())) {
$this->showRequestForm();
} else {
$wgOut->addWikiText(wfMsg('confirmemail_noemail'));
}
} else {
$title = Title::makeTitle(NS_SPECIAL, 'Userlogin');
$self = Title::makeTitle(NS_SPECIAL, 'Confirmemail');
$skin = $wgUser->getSkin();
$llink = $skin->makeKnownLinkObj($title, wfMsgHtml('loginreqlink'), 'returnto=' . $self->getPrefixedUrl());
$wgOut->addHtml(wfMsgWikiHtml('confirmemail_needlogin', $llink));
}
} else {
$this->attemptConfirm($code);
}
}
/**
* Main execution point
*
* @param $code Confirmation code passed to the page
*/
function execute($code)
{
global $wgUser, $wgOut;
$this->setHeaders();
if (empty($code)) {
if ($wgUser->isLoggedIn()) {
if (User::isValidEmailAddr($wgUser->getEmail())) {
$this->showRequestForm();
} else {
$wgOut->addWikiMsg('confirmemail_noemail');
}
} else {
$title = SpecialPage::getTitleFor('Userlogin');
$self = SpecialPage::getTitleFor('Confirmemail');
$skin = $wgUser->getSkin();
$llink = $skin->makeKnownLinkObj($title, wfMsgHtml('loginreqlink'), 'returnto=' . $self->getPrefixedUrl());
$wgOut->addHTML(wfMsgWikiHtml('confirmemail_needlogin', $llink));
}
} else {
$this->attemptConfirm($code);
}
}
function run($par)
{
global $wgRequest, $wgEmailMeAddress, $wgOut;
if ($wgRequest->wasPosted()) {
$from = $wgRequest->getText('from');
$subject = $wgRequest->getText('subject');
$message = $wgRequest->getText('message');
if (!($from && $subject && $message)) {
return $this->print_form($this->getTitle(), $subject, $from, $message, wfMsg('emailme-incomplete'));
}
if (!User::isValidEmailAddr($from)) {
return $this->print_form($this->getTitle(), $subject, $from, $message, wfMsg('emailme-invalid-email'));
}
$mailResult = UserMailer::send(new MailAddress($wgEmailMeAddress), new MailAddress($from), $subject, $message);
if (WikiError::isError($mailResult)) {
return $this->print_form($this->getTitle(), $subject, $from, $message, 'Sorry: ' . $mailResult->toString());
dvLog("ERROR: EmailMe::run(" . $mailResult->toString() . ") {$from}|{$subject}");
} else {
dvLog("EMAIL: {$from} -> {$wgEmailMeAddress} ( {$subject} ) ");
return $this->print_success();
}
}
return $this->print_form($this->getTitle(), str_replace('_', ' ', $par));
}
/**
* validate_email
* Determines if the $value passed in is a valid email address.
* @param string $value The piece of data that is supposed to be an email
* address.
* @return boolean True if $value is a valid email address, otherwise false.
*/
protected static function validate_email($value)
{
// is email address valid?
$isEmail = User::isValidEmailAddr($value);
return $isEmail;
}
/**
* @private
*/
function addNewAccount()
{
global $wgUser, $wgEmailAuthentication;
# Create the account and abort if there's a problem doing so
$u = $this->addNewAccountInternal();
if ($u == NULL) {
return;
}
# If we showed up language selection links, and one was in use, be
# smart (and sensible) and save that language as the user's preference
global $wgLoginLanguageSelector;
if ($wgLoginLanguageSelector && $this->mLanguage) {
$u->setOption('language', $this->mLanguage);
}
# Save user settings and send out an email authentication message if needed
$u->saveSettings();
if ($wgEmailAuthentication && User::isValidEmailAddr($u->getEmail())) {
global $wgOut;
$error = $u->sendConfirmationMail();
if (WikiError::isError($error)) {
$wgOut->addWikiText(wfMsg('confirmemail_sendfailed', $error->getMessage()));
} else {
$wgOut->addWikiText(wfMsg('confirmemail_oncreate'));
}
}
# If not logged in, assume the new account as the current one and set session cookies
# then show a "welcome" message or a "need cookies" message as needed
if ($wgUser->isAnon()) {
$wgUser = $u;
$wgUser->setCookies();
wfRunHooks('AddNewAccount', array($wgUser));
if ($this->hasSessionCookie()) {
return $this->successfulLogin(wfMsg('welcomecreation', $wgUser->getName()), false);
} else {
return $this->cookieRedirectCheck('new');
}
} else {
# Confirm that the account was created
global $wgOut;
$self = SpecialPage::getTitleFor('Userlogin');
$wgOut->setPageTitle(wfMsgHtml('accountcreated'));
$wgOut->setArticleRelated(false);
$wgOut->setRobotPolicy('noindex,nofollow');
$wgOut->addHtml(wfMsgWikiHtml('accountcreatedtext', $u->getName()));
$wgOut->returnToMain($self->getPrefixedText());
wfRunHooks('AddNewAccount', array($u));
return true;
}
}
/**
* @private
*/
function addNewAccountInternal()
{
global $wgUser, $wgOut;
global $wgEnableSorbs, $wgProxyWhitelist;
global $wgMemc, $wgAccountCreationThrottle;
global $wgAuth, $wgMinimalPasswordLength;
global $wgEmailConfirmToEdit;
// If the user passes an invalid domain, something is fishy
if (!$wgAuth->validDomain($this->mDomain)) {
$this->mainLoginForm(wfMsg('wrongpassword'));
return false;
}
// If we are not allowing users to login locally, we should be checking
// to see if the user is actually able to authenticate to the authenti-
// cation server before they create an account (otherwise, they can
// create a local account and login as any domain user). We only need
// to check this for domains that aren't local.
if ('local' != $this->mDomain && '' != $this->mDomain) {
if (!$wgAuth->canCreateAccounts() && (!$wgAuth->userExists($this->mName) || !$wgAuth->authenticate($this->mName, $this->mPassword))) {
$this->mainLoginForm(wfMsg('wrongpassword'));
return false;
}
}
if (wfReadOnly()) {
$wgOut->readOnlyPage();
return false;
}
# Check permissions
if (!$wgUser->isAllowed('createaccount')) {
$this->userNotPrivilegedMessage();
return false;
} elseif ($wgUser->isBlockedFromCreateAccount()) {
$this->userBlockedMessage();
return false;
}
$ip = wfGetIP();
if ($wgEnableSorbs && !in_array($ip, $wgProxyWhitelist) && $wgUser->inSorbsBlacklist($ip)) {
$this->mainLoginForm(wfMsg('sorbs_create_account_reason') . ' (' . htmlspecialchars($ip) . ')');
return;
}
# Now create a dummy user ($u) and check if it is valid
$name = trim($this->mName);
$u = User::newFromName($name, 'creatable');
if (is_null($u)) {
$this->mainLoginForm(wfMsg('noname'));
return false;
}
if (0 != $u->idForName()) {
$this->mainLoginForm(wfMsg('userexists'));
return false;
}
if (0 != strcmp($this->mPassword, $this->mRetype)) {
$this->mainLoginForm(wfMsg('badretype'));
return false;
}
# check for minimal password length
if (!$u->isValidPassword($this->mPassword)) {
if (!$this->mCreateaccountMail) {
$this->mainLoginForm(wfMsgExt('passwordtooshort', array('parsemag'), $wgMinimalPasswordLength));
return false;
} else {
# do not force a password for account creation by email
# set invalid password, it will be replaced later by a random generated password
$this->mPassword = null;
}
}
# if you need a confirmed email address to edit, then obviously you
# need an email address.
if ($wgEmailConfirmToEdit && empty($this->mEmail)) {
$this->mainLoginForm(wfMsg('noemailtitle'));
return false;
}
if (!empty($this->mEmail) && !User::isValidEmailAddr($this->mEmail)) {
$this->mainLoginForm(wfMsg('invalidemailaddress'));
return false;
}
# Set some additional data so the AbortNewAccount hook can be used for
# more than just username validation
$u->setEmail($this->mEmail);
$u->setRealName($this->mRealName);
$abortError = '';
if (!wfRunHooks('AbortNewAccount', array($u, &$abortError))) {
// Hook point to add extra creation throttles and blocks
wfDebug("LoginForm::addNewAccountInternal: a hook blocked creation\n");
$this->mainLoginForm($abortError);
return false;
}
if ($wgAccountCreationThrottle && $wgUser->isPingLimitable()) {
$key = wfMemcKey('acctcreate', 'ip', $ip);
$value = $wgMemc->get($key);
if (!$value) {
$wgMemc->set($key, 0, 86400);
}
if ($value >= $wgAccountCreationThrottle) {
$this->throttleHit($wgAccountCreationThrottle);
return false;
}
$wgMemc->incr($key);
}
if (!$wgAuth->addUser($u, $this->mPassword, $this->mEmail, $this->mRealName)) {
$this->mainLoginForm(wfMsg('externaldberror'));
return false;
}
return $this->initUser($u, false);
}
private function userSignup() {
// Get user input and check the environment
$this->mUserDataChecker->run();
// Throw if data getting or environment checks have failed which indicates that account creation is impossible
$checker_error = $this->mUserDataChecker->getError();
if ( $checker_error ) {
throw new Exception( $checker_error );
}
$user = $this->mUserDataChecker->mUser;
$user->setEmail( $this->mUserDataChecker->mEmail );
$user->setRealName( $this->mUserDataChecker->mRealname );
$abortError = '';
if ( !wfRunHooks( 'AbortNewAccount', array( $user, &$abortError ) ) ) {
// Hook point to add extra creation throttles and blocks
wfDebug( "LoginForm::addNewAccountInternal: a hook blocked creation\n" );
throw new Exception( $abortError );
}
global $wgAccountCreationThrottle;
global $wgUser, $wgRequest;
if ( $wgAccountCreationThrottle && $wgUser->isPingLimitable() ) {
$key = wfMemcKey( 'acctcreate', 'ip', $wgRequest->getIP() );
$value = $wgMemc->incr( $key );
if ( !$value ) {
$wgMemc->set( $key, 1, 86400 );
}
if ( $value > $wgAccountCreationThrottle ) {
throw new Exception( wfMsg( 'ses-throttlehit' ) );
}
}
global $wgAuth;
$addedUser = $wgAuth->addUser(
$user,
$this->mUserDataChecker->mPassword,
$this->mUserDataChecker->mEmail,
$this->mUserDataChecker->mRealname
);
if ( !$addedUser ) {
throw new Exception( 'externaldberror' );
}
$user->addToDatabase();
if ( $wgAuth->allowPasswordChange() ) {
$user->setPassword( $this->mUserDataChecker->mPassword );
}
$user->setToken();
$wgAuth->initUser( $user, false );
$user->setOption( 'rememberpassword', $this->mUserDataChecker->mRemember ? 1 : 0 );
$user->saveSettings();
# Update user count
$ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
$ssUpdate->doUpdate();
global $wgLoginLanguageSelector;
$language = $this->mUserDataChecker->mLanguage;
if ( $wgLoginLanguageSelector && $language ) {
$user->setOption( 'language', $language );
}
global $wgEmailAuthentication;
if ( $wgEmailAuthentication && User::isValidEmailAddr( $user->getEmail() ) ) {
$status = $user->sendConfirmationMail();
if ( !$status->isGood() ) {
throw new Exception( wfMsg( 'ses-emailfailed' ) . "\n" . $status->getMessage() );
}
}
$user->saveSettings();
wfRunHooks( 'AddNewAccount', array( $user ) );
}
public function checkEmailValidity()
{
global $wgEnableEmail;
if ( $wgEnableEmail && !User::isValidEmailAddr( $this->mEmail ) )
$this->error( wfMsg( 'invalidemailaddress' ) );
}
/**
* Add a recipient the list if not already present
*/
function addRecipient($recipient)
{
if ($valid = User::isValidEmailAddr($recipient) && !in_array($recipient, $this->recipients)) {
$this->recipients[] = $recipient;
}
return $valid;
}
public function execute($par)
{
global $wgRequest, $wgOut;
wfLoadExtensionMessages('FollowWidget');
$wgOut->disable(true);
$email = $wgRequest->getVal('newEmail');
if (!User::isValidEmailAddr($email)) {
$arr = array('success' => false, 'message' => wfMessage('invalidemailaddress')->text());
echo json_encode($arr);
return;
}
$dbw =& wfGetDB(DB_MASTER);
$res = $dbw->select(array('emailfeed'), array('email'), array('email' => $email));
if ($res->numRows() == 0) {
$res = $dbw->insert('emailfeed', array('email' => $email));
$arr = array('success' => true, 'message' => wfMessage('fw-added')->text());
} else {
$arr = array('success' => false, 'message' => wfMessage('fw-exists')->text());
}
echo json_encode($arr);
}
public function submit()
{
$retVal = true;
$this->parent->setVarsFromRequest(array('wgSitename', '_NamespaceType', '_AdminName', '_AdminPassword', '_AdminPassword2', '_AdminEmail', '_Subscribe', '_SkipOptional', 'wgMetaNamespace'));
// Validate site name
if (strval($this->getVar('wgSitename')) === '') {
$this->parent->showError('config-site-name-blank');
$retVal = false;
}
// Fetch namespace
$nsType = $this->getVar('_NamespaceType');
if ($nsType == 'site-name') {
$name = $this->getVar('wgSitename');
// Sanitize for namespace
// This algorithm should match the JS one in WebInstallerOutput.php
$name = preg_replace('/[\\[\\]\\{\\}|#<>%+? ]/', '_', $name);
$name = str_replace('&', '&', $name);
$name = preg_replace('/__+/', '_', $name);
$name = ucfirst(trim($name, '_'));
} elseif ($nsType == 'generic') {
$name = wfMsg('config-ns-generic');
} else {
// other
$name = $this->getVar('wgMetaNamespace');
}
// Validate namespace
if (strpos($name, ':') !== false) {
$good = false;
} else {
// Title-style validation
$title = Title::newFromText($name);
if (!$title) {
$good = $nsType == 'site-name';
} else {
$name = $title->getDBkey();
$good = true;
}
}
if (!$good) {
$this->parent->showError('config-ns-invalid', $name);
$retVal = false;
}
// Make sure it won't conflict with any existing namespaces
global $wgContLang;
$nsIndex = $wgContLang->getNsIndex($name);
if ($nsIndex !== false && $nsIndex !== NS_PROJECT) {
$this->parent->showError('config-ns-conflict', $name);
$retVal = false;
}
$this->setVar('wgMetaNamespace', $name);
// Validate username for creation
$name = $this->getVar('_AdminName');
if (strval($name) === '') {
$this->parent->showError('config-admin-name-blank');
$cname = $name;
$retVal = false;
} else {
$cname = User::getCanonicalName($name, 'creatable');
if ($cname === false) {
$this->parent->showError('config-admin-name-invalid', $name);
$retVal = false;
} else {
$this->setVar('_AdminName', $cname);
}
}
// Validate password
$msg = false;
$valid = false;
$pwd = $this->getVar('_AdminPassword');
$user = User::newFromName($cname);
$valid = $user && $user->getPasswordValidity($pwd);
if (strval($pwd) === '') {
# $user->getPasswordValidity just checks for $wgMinimalPasswordLength.
# This message is more specific and helpful.
$msg = 'config-admin-password-blank';
} elseif ($pwd !== $this->getVar('_AdminPassword2')) {
$msg = 'config-admin-password-mismatch';
} elseif ($valid !== true) {
# As of writing this will only catch the username being e.g. 'FOO' and
# the password 'foo'
$msg = $valid;
}
if ($msg !== false) {
call_user_func_array(array($this->parent, 'showError'), (array) $msg);
$this->setVar('_AdminPassword', '');
$this->setVar('_AdminPassword2', '');
$retVal = false;
}
// Validate e-mail if provided
$email = $this->getVar('_AdminEmail');
if ($email && !User::isValidEmailAddr($email)) {
$this->parent->showError('config-admin-error-bademail');
$retVal = false;
}
return $retVal;
}
static function validateEmail($email, $alldata)
{
if ($email && !User::isValidEmailAddr($email)) {
return wfMsgExt('invalidemailaddress', 'parseinline');
}
global $wgEmailConfirmToEdit;
if ($wgEmailConfirmToEdit && !$email) {
return wfMsgExt('noemailtitle', 'parseinline');
}
return true;
}
/**
* As recCheckCondition, but *not* recursive. The only valid conditions
* are those whose first element is APCOND_EMAILCONFIRMED/APCOND_EDITCOUNT/
* APCOND_AGE. Other types will throw an exception if no extension evalu-
* ates them.
*
* @param $cond Array: A condition, which must not contain other conditions
* @param $user The user to check the condition against
* @return bool Whether the condition is true for the user
*/
private static function checkCondition($cond, User $user)
{
global $wgEmailAuthentication;
if (count($cond) < 1) {
return false;
}
switch ($cond[0]) {
case APCOND_EMAILCONFIRMED:
if (User::isValidEmailAddr($user->getEmail())) {
if ($wgEmailAuthentication) {
return (bool) $user->getEmailAuthenticationTimestamp();
} else {
return true;
}
}
return false;
case APCOND_EDITCOUNT:
return $user->getEditCount() >= $cond[1];
case APCOND_AGE:
$age = time() - wfTimestampOrNull(TS_UNIX, $user->getRegistration());
return $age >= $cond[1];
case APCOND_AGE_FROM_EDIT:
$age = time() - wfTimestampOrNull(TS_UNIX, $user->getFirstEditTimestamp());
return $age >= $cond[1];
case APCOND_INGROUPS:
$groups = array_slice($cond, 1);
return count(array_intersect($groups, $user->getGroups())) == count($groups);
case APCOND_ISIP:
return $cond[1] == wfGetIP();
case APCOND_IPINRANGE:
return IP::isInRange(wfGetIP(), $cond[1]);
case APCOND_BLOCKED:
return $user->isBlocked();
default:
$result = null;
wfRunHooks('AutopromoteCondition', array($cond[0], array_slice($cond, 1), $user, &$result));
if ($result === null) {
throw new MWException("Unrecognized condition {$cond[0]} for autopromotion!");
}
return (bool) $result;
}
}
