/** * Logs in a user with given login name and password. If keeploggedin, sets a cookie. * * @requestParam string username * @requestParam string password * @requestParam string keeploggedin [true/false] * @responseParam string result [ok/error/unconfirm/resetpass] * @responseParam string msg - result message * @responseParam string errParam - error param */ public function login() { // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($this->wg->request); $loginForm->load(); // MW1.19 uses different form fields names // set variables if ($this->wg->request->getText('username', '') != '') { $loginForm->mUsername = $this->wg->request->getText('username'); } if ($this->wg->request->getText('password', '') != '') { $loginForm->mPassword = $this->wg->request->getText('password'); } if ($this->wg->request->getText('keeploggedin', '') != '') { $loginForm->mRemember = $this->wg->request->getCheck('keeploggedin'); } if ($this->wg->request->getVal('loginToken', '') != '') { $loginForm->mToken = $this->wg->request->getVal('loginToken'); } if ($this->wg->request->getVal('returnto', '') != '') { $loginForm->mReturnTo = $this->wg->request->getVal('returnto'); } $loginCase = $loginForm->authenticateUserData(); switch ($loginCase) { case LoginForm::SUCCESS: // first check if user has confirmed email after sign up if ($this->wg->User->getGlobalFlag(self::NOT_CONFIRMED_SIGNUP_OPTION_NAME) && $this->wg->User->getGlobalAttribute(self::NOT_CONFIRMED_LOGIN_OPTION_NAME) !== self::NOT_CONFIRMED_LOGIN_ALLOWED) { // User not confirmed on signup LoginForm::clearLoginToken(); $this->userLoginHelper->setNotConfirmedUserSession($this->wg->User->getId()); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); $this->response->setValues(['result' => 'unconfirm', 'msg' => wfMessage('usersignup-confirmation-email-sent', $this->wg->User->getEmail())->parse()]); } else { $result = ''; $resultMsg = ''; if (!wfRunHooks('WikiaUserLoginSuccess', array($this->wg->User, &$result, &$resultMsg))) { $this->response->setValues(['result' => $result, 'msg' => $resultMsg]); break; } // Login succesful $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$this->wg->User, &$injected_html)); // set rememberpassword option if ((bool) $loginForm->mRemember != (bool) $this->wg->User->getGlobalPreference('rememberpassword')) { $this->wg->User->setGlobalPreference('rememberpassword', $loginForm->mRemember ? 1 : 0); $this->wg->User->saveSettings(); } else { $this->wg->User->invalidateCache(); } $this->wg->User->setCookies(); LoginForm::clearLoginToken(); UserLoginHelper::clearNotConfirmedUserSession(); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); // we're sure at this point we'll need the private field' // value in the template let's pass them then $this->response->setValues(['username' => $loginForm->mUsername, 'result' => 'ok']); // regenerate session ID on user login (the approach MW's core SpecialUserLogin uses) // to avoid race conditions with long running requests logging the user back in & out // @see PLATFORM-1028 wfResetSessionID(); } break; case LoginForm::NEED_TOKEN: case LoginForm::WRONG_TOKEN: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-sessionfailure')->escaped()]); break; case LoginForm::NO_NAME: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-noname')->escaped(), 'errParam' => 'username']); break; case LoginForm::NOT_EXISTS: case LoginForm::ILLEGAL: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-nosuchuser')->escaped(), 'errParam' => 'username']); break; case LoginForm::WRONG_PLUGIN_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']); break; case LoginForm::WRONG_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']); $attemptedUser = User::newFromName($loginForm->mUsername); if (!is_null($attemptedUser)) { $disOpt = $attemptedUser->getGlobalFlag('disabled'); if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) { # either closed account flag was present, override fail message $this->response->setValues(['msg' => wfMessage('userlogin-error-edit-account-closed-flag')->escaped(), 'errParam' => '']); } } break; case LoginForm::EMPTY_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpasswordempty')->escaped(), 'errParam' => 'password']); break; case LoginForm::RESET_PASS: $this->response->setVal('result', 'resetpass'); break; case LoginForm::THROTTLED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-throttled')->escaped()]); break; case LoginForm::CREATE_BLOCKED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-cantcreateaccount-text')->escaped()]); break; case LoginForm::USER_BLOCKED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-userblocked')->escaped()]); break; case LoginForm::ABORTED: $this->result = 'error'; $this->msg = wfMessage($loginForm->mAbortLoginErrorMsg)->escaped(); break; default: throw new MWException("Unhandled case value"); } }
/** * Confirm email page. * @requestParam string code - on GET, POST * @requestParam string username - on POST * @requestParam string password - on POST * @responseParam string result [ok/error] * @responseParam string msg - result messages * @responseParam string errParam - error param */ public function index() { $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); // hide things in the skin $this->wg->SuppressWikiHeader = false; $this->wg->SuppressPageHeader = false; $this->wg->SuppressFooter = true; $this->wg->SuppressAds = true; $this->wg->SuppressToolbar = true; $this->getOutput()->disallowUserJs(); // just in case... $this->wg->Out->setPageTitle(wfMessage('wikiaconfirmemail-heading')->plain()); $par = $this->request->getVal('par', ''); $this->code = $this->request->getVal('code', $par); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); $this->editToken = $this->wg->User->getEditToken(); $this->loginToken = UserLoginHelper::getLoginToken(); $editTokenReq = $this->request->getVal('editToken', ''); $loginTokenReq = $this->request->getVal('loginToken', ''); if ($this->code == '') { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-empty-code')->escaped(); return; } if ($this->wg->request->wasPosted() && $this->wg->User->matchEditToken($editTokenReq)) { if ($this->wg->User->isAnon() && $loginTokenReq !== UserLoginHelper::getLoginToken()) { $this->result = 'error'; $this->msg = wfMessage('sessionfailure')->escaped(); return; } if ($this->username == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); $this->errParam = 'username'; return; } if ($this->password == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpasswordempty')->escaped(); $this->errParam = 'password'; return; } $expUser = User::newFromConfirmationCode($this->code); if (!$expUser instanceof User) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-invalid-code')->escaped(); return; } // User - activate user, confirm email and redirect to user page or create new wiki $user = User::newFromName($this->username); if (!$user instanceof User) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); return; } if ($user->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-user-not-match')->parse(); $this->errParam = 'username'; return; } $userLoginHelper = new UserLoginHelper(); /* @var UserLoginHelper $userLoginHelper */ if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-login-throttled')->escaped(); $this->errParam = 'password'; return; } if ($user->checkPassword($this->password)) { $this->wg->User = $user; if ($user->getGlobalFlag(UserLoginSpecialController::NOT_CONFIRMED_SIGNUP_OPTION_NAME) != null) { // Signup confirm // Log user in manually $this->wg->User->setCookies(); LoginForm::clearLoginToken(); UserLoginHelper::clearNotConfirmedUserSession(); $userLoginHelper->clearPasswordThrottle($this->username); // Confirm UserLoginHelper::removeNotConfirmedFlag($user); $user->confirmEmail(); // Get and clear redirect page $userSignupRedirect = $user->getGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME); $user->setGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME, null); $user->saveSettings(); $userLoginHelper->addNewUserLogEntry($user); // send welcome email $emailParams = array('$USERNAME' => $user->getName(), '$EDITPROFILEURL' => $user->getUserPage()->getFullURL(), '$LEARNBASICURL' => 'http://community.wikia.com/wiki/Help:Wikia_Basics', '$EXPLOREWIKISURL' => 'http://www.wikia.com'); $userLoginHelper->sendEmail($user, 'WelcomeMail', 'usersignup-welcome-email-subject', 'usersignup-welcome-email-body', $emailParams, 'welcome-email', 'WelcomeMail'); // redirect user if (!empty($userSignupRedirect)) { // Redirect user to the point where he finished (when signup on create wiki) $titleObj = SpecialPage::getTitleFor('CreateNewWiki'); $query = $userSignupRedirect; } else { $titleObj = $this->wg->User->getUserPage(); $query = ''; } $this->wg->out->redirect($titleObj->getFullURL($query)); return; } else { // Email change // Log user in through standard method $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $result = $response->getVal('result', ''); $optionNewEmail = $this->wg->User->getGlobalAttribute('new_email'); if (!empty($optionNewEmail)) { $user->setEmail($optionNewEmail); } $user->confirmEmail(); $user->setGlobalAttribute('new_email', null); $user->saveSettings(); // redirect user if ($result === 'closurerequested') { $response = $this->app->sendRequest('UserLoginSpecial', 'getCloseAccountRedirectUrl'); $redirectUrl = $response->getVal('redirectUrl'); $this->wg->Out->redirect($redirectUrl); } else { $userPage = $user->getUserPage(); $this->wg->out->redirect($userPage->getFullURL()); } wfRunHooks('EmailChangeConfirmed', array($user)); return; } } else { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpassword')->escaped(); $this->errParam = 'password'; return; } } }