/**
* The user is logged in to MediaWiki but not Facebook.
* No Facebook user is associated with this MediaWiki account.
*
* TODO: Facebook login button causes a post to a Special:Connect/ConnectUser or something
*/
private function loginToFacebookView()
{
global $wgOut, $wgSitename, $wgUser;
$loginFormWidth = 400;
// pixels
$fb_ids = FacebookDB::getFacebookIDs($wgUser);
$this->outputHeader();
$html = '
<div id="userloginForm">
<form style="width: ' . $loginFormWidth . 'px;">' . "\n";
if (!count($fb_ids)) {
// This message was added recently and might not be translated
// In that case, fall back to an older, similar message
$formTitle = wfMsg('facebook-merge-title');
// This test probably isn't correct. I'm open to ideas
if ($formTitle == "<facebook-merge-title>") {
$formTitle = wfMsg('login');
}
$html .= '<h2>' . $formTitle . "</h2>\n";
$formText = wfMsg('facebook-merge-text', $wgSitename);
// This test probably isn't correct. I'm open to ideas
if ($formText == "<facebook-merge-text>") {
$formText = wfMsg('facebook-merge');
}
$html .= '<p>' . $formText . "<br/><br/></p>\n";
} else {
$html .= '<h2>' . wfMsg('login') . "</h2>\n";
// User is already connected to a Facebook account. Send a page asking
// them to log in to one of their (possibly several) Facebook accounts
// For now, scold them for trying to log in to a connected account
// TODO
$html .= '<p>' . wfMsg('facebook-connect-text') . "<br/><br/></p>\n";
}
// Compatiblity with MW < 1.18
global $wgVersion;
if (version_compare($wgVersion, '1.18', '>=')) {
$skin = $this->getSkin();
} else {
global $wgUser;
$skin = $wgUser->getSkin();
}
$html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n";
// Add a pretty Like box to entice the user to log in
$html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>';
$html .= '
</form>
</div>';
$wgOut->addHTML($html);
// TODO: Add a returnto link
}
/**
* We need to override the password checking so that Facebook users can
* reset their passwords and give themselves a valid password to log in
* without Facebook. This only works if the user specifies a blank password
* and hasn't already given themselves one.
*
* To that effect, you may want to modify the 'resetpass-wrong-oldpass' msg.
*
* Before version 1.14, MediaWiki used Special:Preferences to reset
* passwords instead of Special:ChangePassword, so this hook won't get
* called and Facebook users won't be able to give themselves a password
* unless they request one over email.
*
* TODO: A potential security flaw is exposed for users who run untrusted
* JavaScript code. Because no password exists, JavaScript could set a new
* password without the user's knowledge. To guard against this, we need to
* send the user an email and preemptively generate a password reset token.
*/
public static function UserComparePasswords($hash, $password, $userId, &$result)
{
global $wgUser;
// Only override if no password exists and the old password ($hash) is blank
if ($hash == '' && $password == '' && $userId) {
// Only check for password on Special:ChangePassword
// TODO: should we use RequestContext::getMain()->getTitle() instead?
$title = $wgUser->getSkin()->getTitle();
if ($title instanceof Title && $title->isSpecial('Resetpass') || $title->isSpecial('ChangePassword')) {
// Check to see if the MediaWiki user has connected via Facebook
// before. For a more strict check, we could check if the user
// is currently logged in to Facebook
$user = User::newFromId($userId);
$fb_ids = FacebookDB::getFacebookIDs($user);
if (count($fb_ids) && $fb_ids[0]) {
$result = true;
return false;
// to override internal check
}
}
}
return true;
}
/**
* Do the attach.
*
* @throws FacebookUserException
*/
private function attachUserInternal($user, $updatePrefs)
{
// The user must be logged into Facebook
if (!$this->id) {
throw new FacebookUserException('facebook-error', 'facebook-errortext');
}
if ($this->user->getId()) {
$this->sendError('facebook-error', 'facebook-errortext');
// TODO: new error msg
}
$fb_ids = FacebookDB::getFacebookIDs($user);
if (count($fb_ids)) {
$this->sendError('facebook-error', 'facebook-errortext');
// TODO: new error msg
}
// Attach the user to their Facebook account in the database
FacebookDB::addFacebookID($user, $this->id);
$this->user = $user;
// Update the user with settings from Facebook
if (count($updatePrefs)) {
foreach ($updatePrefs as $option) {
$this->user->setOption("facebookupdate-on-login-{$option}", '1');
}
}
// User has been successfully attached
#wfRunHooks( 'SpecialConnect::userAttached', array( &$this ) );
}
