/** * Confirm email page. * @requestParam string code - on GET, POST * @requestParam string username - on POST * @requestParam string password - on POST * @responseParam string result [ok/error] * @responseParam string msg - result messages * @responseParam string errParam - error param */ public function index() { $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); // hide things in the skin $this->wg->SuppressWikiHeader = false; $this->wg->SuppressPageHeader = false; $this->wg->SuppressFooter = true; $this->wg->SuppressAds = true; $this->wg->SuppressToolbar = true; $this->wg->Out->setPageTitle(wfMsg('wikiaconfirmemail-heading')); $par = $this->request->getVal('par', ''); $this->code = $this->request->getVal('code', $par); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); if ($this->code == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-empty-code'); return; } if ($this->wg->request->wasPosted()) { if ($this->username == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-noname'); $this->errParam = 'username'; return; } if ($this->password == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpasswordempty'); $this->errParam = 'password'; return; } $expUser = User::newFromConfirmationCode($this->code); if (!is_object($expUser)) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-invalid-code'); return; } // User - activate user, confirm email and redirect to user page or create new wiki $tempUser = TempUser::getTempUserFromName($this->username); if ($tempUser) { if ($tempUser->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-user-not-match'); $this->errParam = 'username'; return; } $userLoginHelper = F::build('UserLoginHelper'); if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-login-throttled'); $this->errParam = 'password'; return; } $user = $tempUser->mapTempUserToUser(false); if ($user->checkPassword($this->password)) { $this->wg->user = $tempUser->activateUser($user); $this->wg->User->setCookies(); LoginForm::clearLoginToken(); TempUser::clearTempUserSession(); $userLoginHelper->clearPasswordThrottle($this->username); // redirect user if ($tempUser->getSource() == '') { $titleObj = $this->wg->User->getUserPage(); $query = ''; } else { $titleObj = SpecialPage::getTitleFor('CreateNewWiki'); $query = $tempUser->getSource(); } $this->wg->out->redirect($titleObj->getFullURL($query)); return; } else { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpassword'); $this->errParam = 'password'; return; } } // User - confirm email and redirect to user page $user = User::newFromName($this->username); if (!$user instanceof User || $user->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-user-not-match'); $this->errParam = 'username'; return; } // set login token $this->wg->request->setVal('loginToken', UserLoginHelper::getLoginToken()); // login $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $this->result = $response->getVal('result', ''); $this->msg = $response->getVal('msg', ''); $this->errParam = $response->getVal('errParam', ''); if ($this->result == 'ok') { $optionNewEmail = $this->wg->User->getOption('new_email'); if (!empty($optionNewEmail)) { $user->setEmail($optionNewEmail); } $user->confirmEmail(); $user->setOption('new_email', null); $user->saveSettings(); $this->wf->RunHooks('ConfirmEmailComplete', array(&$user)); // redirect user $userPage = $user->getUserPage(); $this->wg->out->redirect($userPage->getFullURL()); } } }
/** * @brief retrieves valid login token */ public function retrieveLoginToken() { $this->loginToken = UserLoginHelper::getLoginToken(); }
/** * change password * @requestParam string username * @requestParam string password * @requestParam string newpassword * @requestParam string retype * @requestParam string cancel [true/false] - on POST * @requestParam string keeploggedin [true/false] - on POST * @requestParam string returnto - url to return to upon successful login * @responseParam string result [ok/error] * @responseParam string msg - result message */ public function changePassword() { $this->wg->Out->setPageTitle(wfMessage('userlogin-password-page-title')->plain()); $this->response->setVal('pageHeading', wfMessage('resetpass')->escaped()); $this->initializeTemplate(); $username = $this->request->getVal('username', ''); $password = $this->request->getVal('password', ''); $newPassword = $this->request->getVal('newpassword', ''); $retype = $this->request->getVal('retype', ''); $loginToken = $this->request->getVal('loginToken', ''); $returnto = $this->request->getVal('returnto', ''); $this->response->setValues(['username' => $username, 'password' => $password, 'newpassword' => $newPassword, 'retype' => $retype, 'editToken' => $this->wg->User->getEditToken(), 'loginToken' => $loginToken, 'returnto' => $returnto]); // since we don't support ajax GET, use of this parameter simulates a get request // in reality, it is being posted $fakeGet = $this->request->getVal('fakeGet', ''); if ($this->wg->request->wasPosted() && empty($fakeGet)) { if (!$this->wg->Auth->allowPasswordChange()) { $this->result = 'error'; $this->msg = wfMessage('resetpass_forbidden')->escaped(); return; } if ($this->request->getVal('cancel', false)) { $this->userLoginHelper->doRedirect(); return; } if ($this->wg->User->matchEditToken($this->request->getVal('editToken'))) { if ($this->wg->User->isAnon() && $loginToken !== UserLoginHelper::getLoginToken()) { $this->result = 'error'; $this->msg = wfMessage('sessionfailure')->escaped(); return; } $user = User::newFromName($username); if (!$user || $user->isAnon()) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-nosuchuser')->escaped(); return; } if ($newPassword !== $retype) { $this->result = 'error'; $this->msg = wfMessage('badretype')->escaped(); wfRunHooks('PrefsPasswordAudit', [$user, $newPassword, 'badretype']); return; } // from attemptReset() in SpecialResetpass if (!$user->checkTemporaryPassword($password) && !$user->checkPassword($password)) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpassword')->escaped(); wfRunHooks('PrefsPasswordAudit', [$user, $newPassword, 'wrongpassword']); return; } $valid = $user->getPasswordValidity($newPassword); if ($valid !== true) { $this->result = 'error'; $this->msg = wfMessage($valid, $this->wg->MinimalPasswordLength)->text(); return; } $user->setPassword($newPassword); wfRunHooks('PrefsPasswordAudit', [$user, $newPassword, 'success']); $user->saveSettings(); $this->result = 'ok'; $this->msg = wfMessage('resetpass_success')->escaped(); $this->wg->request->setVal('password', $newPassword); $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $result = $response->getVal('result', ''); if ($result === 'closurerequested') { $response = $this->app->sendRequest('UserLoginSpecial', 'getCloseAccountRedirectUrl'); $redirectUrl = $response->getVal('redirectUrl'); $this->wg->Out->redirect($redirectUrl); } else { $this->userLoginHelper->doRedirect(); } } } }
/** * Confirm email page. * @requestParam string code - on GET, POST * @requestParam string username - on POST * @requestParam string password - on POST * @responseParam string result [ok/error] * @responseParam string msg - result messages * @responseParam string errParam - error param */ public function index() { $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); // hide things in the skin $this->wg->SuppressWikiHeader = false; $this->wg->SuppressPageHeader = false; $this->wg->SuppressFooter = true; $this->wg->SuppressAds = true; $this->wg->SuppressToolbar = true; $this->getOutput()->disallowUserJs(); // just in case... $this->wg->Out->setPageTitle(wfMessage('wikiaconfirmemail-heading')->plain()); $par = $this->request->getVal('par', ''); $this->code = $this->request->getVal('code', $par); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); $this->editToken = $this->wg->User->getEditToken(); $this->loginToken = UserLoginHelper::getLoginToken(); $editTokenReq = $this->request->getVal('editToken', ''); $loginTokenReq = $this->request->getVal('loginToken', ''); if ($this->code == '') { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-empty-code')->escaped(); return; } if ($this->wg->request->wasPosted() && $this->wg->User->matchEditToken($editTokenReq)) { if ($this->wg->User->isAnon() && $loginTokenReq !== UserLoginHelper::getLoginToken()) { $this->result = 'error'; $this->msg = wfMessage('sessionfailure')->escaped(); return; } if ($this->username == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); $this->errParam = 'username'; return; } if ($this->password == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpasswordempty')->escaped(); $this->errParam = 'password'; return; } $expUser = User::newFromConfirmationCode($this->code); if (!$expUser instanceof User) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-invalid-code')->escaped(); return; } // User - activate user, confirm email and redirect to user page or create new wiki $user = User::newFromName($this->username); if (!$user instanceof User) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); return; } if ($user->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-user-not-match')->parse(); $this->errParam = 'username'; return; } $userLoginHelper = new UserLoginHelper(); /* @var UserLoginHelper $userLoginHelper */ if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-login-throttled')->escaped(); $this->errParam = 'password'; return; } if ($user->checkPassword($this->password)) { $this->wg->User = $user; if ($user->getGlobalFlag(UserLoginSpecialController::NOT_CONFIRMED_SIGNUP_OPTION_NAME) != null) { // Signup confirm // Log user in manually $this->wg->User->setCookies(); LoginForm::clearLoginToken(); UserLoginHelper::clearNotConfirmedUserSession(); $userLoginHelper->clearPasswordThrottle($this->username); // Confirm UserLoginHelper::removeNotConfirmedFlag($user); $user->confirmEmail(); // Get and clear redirect page $userSignupRedirect = $user->getGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME); $user->setGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME, null); $user->saveSettings(); $userLoginHelper->addNewUserLogEntry($user); // send welcome email $emailParams = array('$USERNAME' => $user->getName(), '$EDITPROFILEURL' => $user->getUserPage()->getFullURL(), '$LEARNBASICURL' => 'http://community.wikia.com/wiki/Help:Wikia_Basics', '$EXPLOREWIKISURL' => 'http://www.wikia.com'); $userLoginHelper->sendEmail($user, 'WelcomeMail', 'usersignup-welcome-email-subject', 'usersignup-welcome-email-body', $emailParams, 'welcome-email', 'WelcomeMail'); // redirect user if (!empty($userSignupRedirect)) { // Redirect user to the point where he finished (when signup on create wiki) $titleObj = SpecialPage::getTitleFor('CreateNewWiki'); $query = $userSignupRedirect; } else { $titleObj = $this->wg->User->getUserPage(); $query = ''; } $this->wg->out->redirect($titleObj->getFullURL($query)); return; } else { // Email change // Log user in through standard method $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $result = $response->getVal('result', ''); $optionNewEmail = $this->wg->User->getGlobalAttribute('new_email'); if (!empty($optionNewEmail)) { $user->setEmail($optionNewEmail); } $user->confirmEmail(); $user->setGlobalAttribute('new_email', null); $user->saveSettings(); // redirect user if ($result === 'closurerequested') { $response = $this->app->sendRequest('UserLoginSpecial', 'getCloseAccountRedirectUrl'); $redirectUrl = $response->getVal('redirectUrl'); $this->wg->Out->redirect($redirectUrl); } else { $userPage = $user->getUserPage(); $this->wg->out->redirect($userPage->getFullURL()); } wfRunHooks('EmailChangeConfirmed', array($user)); return; } } else { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpassword')->escaped(); $this->errParam = 'password'; return; } } }
/** * @param array $vars * @return bool */ public static function onMakeGlobalVariablesScript(array &$vars) { $app = F::app(); if ($app->checkSkin('wikiamobile')) { $vars['wgLoginToken'] = UserLoginHelper::getLoginToken(); } // Max and min password lengths for JS validation $vars['wgWikiaMaxNameChars'] = $app->wg->WikiaMaxNameChars; $vars['wgMinimalPasswordLength'] = $app->wg->MinimalPasswordLength; return true; }
/** * Entry point for reactivating an account * * Handles confirming the user's reactivation request when they have * given a valid confirmation code. If no code is given, but they have * a session ID from having successfully attempted to login to an account * that has requested closure, this forwards to the reactivateRequest * method. * * @requestParam string code - The confirmation code for reactivating an account * @requestParam string username - The user name of the account to reactivate * @requestParam string password - The password for the account to reactivate * @requestParam string editToken - The edit token for the current user * @requestParam string loginToken - The login token for the current user * @responseParam boolean success - Whether or not reactivation was successful * @responseParam string resultMessage - The result of the form submission * @responseParam string errParam - The form item an error is related to * @return void */ public function reactivate() { wfProfileIn(__METHOD__); $this->code = $this->getVal('code', false); if (empty($this->code)) { if ($this->request->getSessionData('closeAccountSessionId') !== null) { $this->forward(__CLASS__, 'reactivateRequest'); } else { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-empty-code')->parse(); } wfProfileOut(__METHOD__); return; } $this->getOutput()->setPageTitle($this->msg('closemyaccount-reactivate-page-title')->plain()); $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); $user = $this->getUser(); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); $this->loginToken = UserLoginHelper::getLoginToken(); $this->editToken = $user->getEditToken(); $helper = new CloseMyAccountHelper(); if ($this->request->wasPosted() && $user->matchEditToken($this->request->getVal('editToken'))) { if ($user->isAnon() && $this->request->getVal('loginToken') !== UserLoginHelper::getLoginToken()) { $this->success = false; $this->resultMessage = $this->msg('sessionfailure')->escaped(); wfProfileOut(__METHOD__); return; } if ($this->username === '') { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-noname')->escaped(); $this->errParam = 'username'; wfProfileOut(__METHOD__); return; } if ($this->password === '') { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-wrongpasswordempty')->escaped(); $this->errParam = 'password'; wfProfileOut(__METHOD__); return; } $expUser = User::newFromConfirmationCode($this->code); if (!$expUser instanceof User) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-invalid-code', $this->username)->parse(); wfProfileOut(__METHOD__); return; } $user = User::newFromName($this->username); if ($user->getId() != $expUser->getId()) { $this->success = false; $this->resultMessage = $this->msg('wikiaconfirmemail-error-user-not-match')->parse(); $this->errParam = 'username'; wfProfileOut(__METHOD__); return; } $userLoginHelper = new UserLoginHelper(); /* @var UserLoginHelper $userLoginHelper */ if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->success = false; $this->resultMessage = $this - msg('userlogin-error-login-throttled')->escaped(); $this->errParam = 'password'; wfProfileOut(__METHOD__); return; } if ($helper->isClosed($user)) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-disabled')->parse(); wfProfileOut(__METHOD__); return; } if (!$helper->isScheduledForClosure($user)) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-not-scheduled')->escaped(); wfProfileOut(__METHOD__); return; } if ($user->checkPassword($this->password)) { $this->wg->User = $user; $this->wg->User->setCookies(); LoginForm::clearLoginToken(); $userLoginHelper->clearPasswordThrottle($this->username); $helper->reactivateAccount($user); unset($_SESSION['closeAccountSessionId']); $userPageTitle = $user->getUserPage(); $this->getOutput()->redirect($userPageTitle->getFullURL()); } else { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-wrongpassword')->escaped(); $this->errParam = 'password'; } } wfProfileOut(__METHOD__); }