static function lqtThread($parser, $args, $parser, $frame) { $pout = $parser->getOutput(); // Prepare information. $title = Title::newFromText($args['thread']); $thread = null; if ($args['thread']) { if (is_numeric($args['thread'])) { $thread = Threads::withId($args['thread']); } elseif ($title) { $article = new Article($title, 0); $thread = Threads::withRoot($article); } } if (is_null($thread)) { return ''; } $data = array('type' => 'thread', 'args' => $args, 'thread' => $thread->id(), 'title' => $thread->title()); if (!isset($pout->mLqtReplacements)) { $pout->mLqtReplacements = array(); } // Generate a token $tok = wfGenerateToken(); $text = '<!--LQT-THREAD-' . $tok . '-->'; $pout->mLqtReplacements[$text] = $data; return $text; }
/** * Tracking code that calls ClickTracking * @param $event string the event name * @param $title Object */ private static function clickTracking($event, $title) { // check if ClickTracking API is enabled if (!self::trackingEnabled()) { return; } $params = new FauxRequest(array('action' => 'clicktracking', 'eventid' => self::trackingCodePrefix() . $event, 'token' => wfGenerateToken(), 'namespacenumber' => $title->getNamespace())); $api = new ApiMain($params, true); $api->execute(); }
public static function generateHoneypotLink($randomText = null) { global $wgHoneypotTemplates; $urls = self::getHoneypotURLs(); $index = rand(0, count($urls) - 1); $url = $urls[$index]; $index = rand(0, count($wgHoneypotTemplates) - 1); $template = $wgHoneypotTemplates[$index]; if (!$randomText) { $randomText = wfGenerateToken(); } // Variable replacement $output = strtr($template, array('honeypoturl' => $url, 'randomtext' => htmlspecialchars($randomText))); return "{$output}\n"; }
#!/opt/webenabled/config/os/pathnames/bin/php -q <?php // integrated by Vinicius Mello http://vmmello.eti.br/ // from includes/GlobalFunctions.php function wfGenerateToken($salt = '') { $salt = serialize($salt); return md5(mt_rand(0, 0x7fffffff) . $salt); } // from includes/User.php :: function crypt() // not copied verbatim function mediawiki_crypt($password, $salt) { return ':B:' . $salt . ':' . md5($salt . '-' . md5($password)); } $f = STDIN; $password = fgets($f); $salt = substr(wfGenerateToken(), 0, 8); $value = mediawiki_crypt($password, $salt); echo "{$value}\n";
/** * Set the central session data * * @param $data Array * @return ID */ static function setSession($data) { global $wgCentralAuthCookies, $wgCentralAuthCookiePrefix; global $wgMemc; if (!$wgCentralAuthCookies) { return null; } if (!isset($_COOKIE[$wgCentralAuthCookiePrefix . 'Session'])) { $id = wfGenerateToken(); self::setCookie('Session', $id, 0); } else { $id = $_COOKIE[$wgCentralAuthCookiePrefix . 'Session']; } $key = self::memcKey('session', $id); $wgMemc->set($key, $data, 86400); return $id; }
/** * @param $source * @return string */ static function registerSource($source) { $id = wfGenerateToken(); self::$sourceRegistrations[$id] = $source; return $id; }
/** * Make a new-style password hash * * @param $password \string Plain-text password * @param $salt \string Optional salt, may be random or the user ID. * If unspecified or false, will generate one automatically * @return \string Password hash */ static function crypt($password, $salt = false) { global $wgPasswordSalt; $hash = ''; if (!wfRunHooks('UserCryptPassword', array(&$password, &$salt, &$wgPasswordSalt, &$hash))) { return $hash; } if ($wgPasswordSalt) { if ($salt === false) { $salt = substr(wfGenerateToken(), 0, 8); } return ':B:' . $salt . ':' . md5($salt . '-' . md5($password)); } else { return ':A:' . md5($password); } }
function efSecurePasswordsCrypt(&$password, &$salt, &$wgPasswordSalt, &$hash) { global $wgSecurePasswordsSecretKeys, $wgUser; if ($wgSecurePasswordsSecretKeys == array(false, false, false)) { die('You need to customize $wgSecurePasswordsSecretKeys in your LocalSettings.php file. See http://www.mediawiki.org/wiki/Extension:SecurePasswords for more information'); } $hash = 'S2:'; if ($salt === false) { $salt = substr(wfGenerateToken(), 0, 8); } $a = efSecurePasswordsHashOrder($wgUser->getId()); $hash_algos = hash_algos(); $algos = array(); //only use algorithms deemed "secure" foreach ($hash_algos as $algo) { switch ($algo) { case 'sha512': $algos[] = array($a[0], 'sha512'); break; case 'ripemd160': $algos[] = array($a[1], 'ripemd160'); break; case 'ripemd320': $algos[] = array($a[2], 'ripemd320'); break; case 'whirlpool': $algos[] = array($a[3], 'whirlpool'); break; case 'gost': $algos[] = array($a[4], 'gost'); break; case 'tiger192,4': $algos[] = array($a[5], 'tiger192,4'); break; case 'haval256,5': $algos[] = array($a[6], 'haval256,5'); break; case 'sha256': $algos[] = array($a[7], 'sha256'); break; case 'sha384': $algos[] = array($a[8], 'sha384'); break; case 'ripemd128': $algos[] = array($a[9], 'ripemd128'); break; case 'ripemd256': $algos[] = array($a[10], 'ripemd256'); break; } } $r1 = rand(0, count($algos) - 1); $r2 = rand(0, count($algos) - 1); $type = $algos[$r1][0] . $algos[$r2][0]; $pw1 = hash_hmac($algos[$r2][1], $salt . '-' . hash_hmac($algos[$r1][1], $password, $wgSecurePasswordsSecretKeys[0]), $wgSecurePasswordsSecretKeys[1]); $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $ksize = mcrypt_get_key_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($size, MCRYPT_RAND); $key = substr($wgSecurePasswordsSecretKeys[2], 0, $ksize - 1) . ""; $pw2 = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $pw1, MCRYPT_MODE_CBC, $iv); $pwf = base64_encode(gzcompress(base64_encode($pw2) . '|' . base64_encode($iv))); $hash .= $type . ':' . $salt . ':' . $pwf; // sometimes the mcrypt is invalid, so we need to do a quick check to make sure that comparing will work in the future // otherwise the password won't work... and that would suck $hash = efSecurePasswordsRecursiveCheck($hash, $password, $salt); return false; }
function execute($par) { global $wgOut, $wgRequest, $wgParser, $wgUser, $wgFilterCallback, $wgCookiePath, $wgCookieDomain, $wgCookieSecure; $wgOut->disable(); // build the article which we are about to save $t = Title::newFromUrl($wgRequest->getVal('target')); $a = new Article($t); $action = $wgRequest->getVal('eaction'); wfDebug("Html5Editor::execute called with {$action}\n"); // process the edit update if ($action == 'get-vars') { $wgOut->disable(); $response = array('edittoken' => $wgUser->editToken(), 'edittime' => $a->getTimestamp(true), 'drafttoken' => wfGenerateToken(), 'olddraftid' => 0); // do they already have a draft saved? $drafts = Draft::getDrafts($t, $wgUser->getID()); if ($drafts) { // do we only select an html5 draft? probably not. // for loop here in case we want to display multiple drafts of same article $response['olddraftid'] = $drafts[0]->getID(); } print json_encode($response); return; } else { if ($action == 'load-draft') { $draftid = $wgRequest->getVal('draftid'); $draft = new Draft($draftid); if (!$draft->exists()) { wfLoadExtensionMessages("Html5editor"); $response = array('error' => wfMsg('h5e-draft-does-not-exist', $draftid), 'html' => ''); wfDebug("DRAFT: {$draftid} does not exist \n"); } else { $text = $draft->getText(); $html = $this->parse($t, $a, $text); $response = array(error => '', 'html' => $html); } print json_encode($response); return; } else { if ($action == 'save-draft') { $token = $wgRequest->getVal('edittoken'); if ($wgUser->matchEditToken($token)) { wfDebug("Html5Editor::execute save-draft edit token ok!\n"); $oldtext = $a->getContent(); $html = $wgRequest->getVal('html'); $newtext = $this->convertHTML2Wikitext($html, $oldtext); $draftid = $wgRequest->getVal('draftid', null); $draft = null; // 'null' apparently is what javascript is giving us. doh. if (!$draftid || preg_match("@[^0-9]@", $draftid)) { wfDebug("Html5Editor::execute getting draft id from title \n"); $draftid = self::getDraftIDFromTitle($t); } if (!$draftid || $draftid == 'null') { $draft = new Draft(); } else { $draft = Draft::newFromID($draftid); } wfDebug("Html5Editor::execute got draft id {$draftid} \n"); $draft->setTitle($t); //$draft->setStartTime( $wgRequest->getText( 'wpStarttime' ) ); $draft->setEditTime($wgRequest->getText('edittime')); $draft->setSaveTime(wfTimestampNow()); $draft->setText($newtext); $draft->setSummary($wgRequest->getText('editsummary')); $draft->setHtml5(true); //$draft->setMinorEdit( $wgRequest->getInt( 'wpMinoredit', 0 ) ); // Save draft $draft->save(); wfDebug("Html5Editor::execute saved draft with id {$draft->getID()} and text {$newtext} \n"); $response = array('draftid' => $draft->getID()); print json_encode($response); return; } else { wfDebug("Html5Editor::execute save-draft edit token BAD {$token} \n"); $response = array('error' => 'edit token bad'); print json_encode($response); return; } return; } else { if ($action == 'save-summary') { // this implementation could have a few problems // 1. if a user is editing the article in separate windows, it will // only update the last edit // 2. Could be easy to fake an edit summary save, but is limited to // edits made by the user /// 3. There's no real 'paper' trail of the saved summary // grab the cookie with the rev_id global $wgCookiePrefix; if (isset($_COOKIE["{$wgCookiePrefix}RevId" . $t->getArticleID()])) { $revid = $_COOKIE["{$wgCookiePrefix}RevId" . $t->getArticleID()]; wfDebug("AXX: updating revcomment {$revid} \n"); $dbw = wfGetDB(DB_MASTER); $summary = "updating from html5 editor, " . $wgRequest->getVal('summary'); $dbw->update('revision', array('rev_comment' => $summary), array('rev_id' => $revid, 'rev_user_text' => $wgUser->getName()), "Html5Editor::saveComment", array("LIMIT" => 1)); $dbw->update('recentchanges', array('rc_comment' => $summary), array('rc_this_oldid' => $revid, 'rc_user_text' => $wgUser->getName()), "Html5Editor::saveComment", array("LIMIT" => 1)); } else { wfDebug("AXX: NOT updating revcomment, why\n"); } return; } else { if ($action == 'publish-html') { // check the edit token $token = $wgRequest->getVal('edittoken'); if (!$wgUser->matchEditToken($token)) { $response = array('error' => wfMsg('sessionfailure')); print json_encode($response); return; } // check the edit time and check for a conflict $edittime = $wgRequest->getVal('edittime'); if (!preg_match('/^\\d{14}$/', $edittime)) { $edittime = null; } if (!$edittime) { $response = array('error' => 'missing or invalid edit time'); print json_encode($response); return; } if ($response = $this->getPermissionErrors($t)) { print json_encode($response); return; } $newArticle = !$t->exists(); $a = new Article($t); // check for edit conflict // if( $this->mArticle->getTimestamp() != $this->edittime ) { // $this->isConflict = true; // } // now ... let's convert the HTML back into wikitext... holy crap, we are nuts $oldtext = $a->getContent(); $html = $wgRequest->getVal('html'); $newtext = $this->convertHTML2Wikitext($html, $oldtext); // filter callback? if ($wgFilterCallback && $wgFilterCallback($t, $newtext, null)) { # Error messages or other handling should be performed by the filter function $response = array('error' => self::$spam_message, 'html' => $html); print json_encode($response); return; } // do the save // TODO: check for conflicts (obviously) if ($a->doEdit($newtext, $wgRequest->getVal('summary') . " (HTML5) ")) { //$alerts = new MailAddress("*****@*****.**"); //UserMailer::send($alerts, $alerts, "HTML5 Ouput for {$t->getText()}", "{$t->getFullURL()}?action=history \n HTML: " . trim($html) . "\n\nwikitext:\n $newtext\n\n\nUser: "******"\n\n\n\nPOST: " . print_r($_POST, true) ); $r = Revision::newFromTitle($t); $this->setRevCookie($t, $r); #$html = WikihowArticleHTML::postProcess($wgOut->parse($newtext)); $html = $this->parse($t, $a, $newtext); // Create an anon attribution cookie if ($newArticle && $wgUser->getId() == 0) { setcookie('aen_anon_newarticleid', $a->getId(), time() + 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure); } $response = array(error => '', 'html' => $html); print json_encode($response); return; } else { $response = array(error => 'Error saving', 'html' => ''); print json_encode($response); return; } } } } } } return; }
/** * Build the link for Email, add clickTracking if available * @return array - the links to be tracked in email */ protected function buildEmailLink() { $pageObject = array('feedbackPage' => array('obj' => SpecialPage::getTitleFor('FeedbackDashboard', $this->feedback), 'clicktracking' => false), 'editorTalkPage' => array('obj' => $this->editor->getTalkPage(), 'clicktracking' => false), 'targetUserTalkPage' => array('obj' => $this->targetUser->getTalkPage(), 'clicktracking' => true)); $links = array(); // if clickTracking is not enabled, return the full canonical url for email if (!class_exists('ApiClickTracking')) { foreach ($pageObject as $key => $value) { $links[$key . 'Url'] = $value['obj']->getCanonicalURL(); } } else { global $wgMoodBarConfig; $token = wfGenerateToken(); $eventid = 'ext.feedbackDashboard@' . $wgMoodBarConfig['bucketConfig']['version'] . '-email-response_link-' . $this->type; $clickTrackingLink = wfAppendQuery(wfScript('api'), array('action' => 'clicktracking', 'eventid' => $eventid, 'token' => $token)); foreach ($pageObject as $key => $value) { if ($value['clicktracking']) { $links[$key . 'Url'] = wfExpandUrl(wfAppendQuery($clickTrackingLink, array('redirectto' => $value['obj']->getLinkURL(), 'namespacenumber' => $value['obj']->getNamespace())), PROTO_CANONICAL); } else { $links[$key . 'Url'] = $value['obj']->getCanonicalURL(); } } } return $links; }
public static function newToken() { return wfGenerateToken(); }
/** * Gets the session ID...we just want a unique random ID for the page load * @return session ID */ public static function get_session_id() { global $wgUser; return wfGenerateToken(array($wgUser->getName(), time())); }
/** * MakeGlobalVariablesScript hook * Generates the random wgTrackingToken JS global variable * * @param $vars Array: existing JS globals * @return Boolean: always true */ public static function makeGlobalVariablesScript(&$vars) { global $wgUser; $vars['wgTrackingToken'] = wfGenerateToken(array($wgUser->getName(), time())); return true; }
function scratchTitle() { return Title::makeTitle(NS_LQT_THREAD, wfGenerateToken()); }
/** * @param $user * @param $inject_html * @param $userName * @return bool */ static function onUserLogoutComplete(&$user, &$inject_html, $userName) { global $wgCentralAuthCookies, $wgCentralAuthAutoLoginWikis; if (!$wgCentralAuthCookies) { // Nothing to do. return true; } elseif (!$wgCentralAuthAutoLoginWikis) { $inject_html .= wfMsgExt('centralauth-logout-no-others', 'parse'); return true; } $centralUser = CentralAuthUser::getInstance($user); if (!$centralUser->exists() || !$centralUser->isAttached()) { return true; } elseif (!$wgCentralAuthAutoLoginWikis) { $inject_html .= wfMsgExt('centralauth-logout-no-others', 'parse'); return true; } // Generate the images $inject_html .= '<div class="centralauth-logout-box"><p>' . wfMsg('centralauth-logout-progress') . "</p>\n<p>"; $centralUser = new CentralAuthUser($userName); foreach ($wgCentralAuthAutoLoginWikis as $alt => $wiki) { $data = array('userName' => $userName, 'token' => $centralUser->getAuthToken(), 'remember' => false, 'wiki' => $wiki); $loginToken = wfGenerateToken($centralUser->getId()); global $wgMemc; $wgMemc->set(CentralAuthUser::memcKey('login-token', $loginToken), $data, 600); $wiki = WikiMap::getWiki($wiki); // Use WikiReference::getFullUrl(), returns a protocol-relative URL if needed $url = $wiki->getFullUrl('Special:AutoLogin'); if (strpos($url, '?') > 0) { $url .= "&logout=1&token={$loginToken}"; } else { $url .= "?logout=1&token={$loginToken}"; } $inject_html .= Xml::element('img', array('src' => $url, 'alt' => $alt, 'title' => $alt, 'width' => 20, 'height' => 20, 'style' => 'border: 1px solid #ccc;')); } $inject_html .= '</p></div>'; return true; }
/** * Returns a random password which conforms to our password requirements and is * not easily guessable. */ public static function generateRandomScrambledPassword() { // Password requirements need a captial letter, a digit, and a lowercase letter. // wfGenerateToken() returns a 32 char hex string, which will almost always satisfy the digit/letter but not always. // This suffix shouldn't reduce the entropy of the intentionally scrambled password. $REQUIRED_CHARS = "A1a"; return wfGenerateToken() . $REQUIRED_CHARS; }
/** * EditPageBeforeEditButtons hook * Add draft saving controls */ public static function controls($editpage, $buttons) { global $wgUser, $wgTitle, $wgRequest; global $egDraftsAutoSaveWait, $egDraftsAutoSaveTimeout; // Check permissions if ($wgUser->isAllowed('edit') && $wgUser->isLoggedIn()) { // Internationalization // Build XML $buttons['savedraft'] = Xml::openElement('script', array('type' => 'text/javascript', 'language' => 'javascript')); $buttonAttribs = array('id' => 'wpDraftSave', 'name' => 'wpDraftSave', 'tabindex' => 8, 'value' => wfMsg('drafts-save-save')); $accesskey = $wgUser->getSkin()->accesskey('drafts-save'); if ($accesskey !== false) { $buttonAttribs['accesskey'] = $accesskey; } $tooltip = $wgUser->getSkin()->titleAttrib('drafts-save', 'withaccess'); if ($tooltip !== false) { $buttonAttribs['title'] = $tooltip; } $ajaxButton = Xml::escapeJsString(Xml::element('input', array('type' => 'button') + $buttonAttribs + ($wgRequest->getText('action') !== 'submit' ? array('disabled' => 'disabled') : array()))); $buttons['savedraft'] .= "document.write( '{$ajaxButton}' );"; $buttons['savedraft'] .= Xml::closeElement('script'); $buttons['savedraft'] .= Xml::openElement('noscript'); $buttons['savedraft'] .= Xml::element('input', array('type' => 'submit') + $buttonAttribs); $buttons['savedraft'] .= Xml::closeElement('noscript'); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftAutoSaveWait', 'value' => $egDraftsAutoSaveWait)); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftAutoSaveTimeout', 'value' => $egDraftsAutoSaveTimeout)); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftToken', 'value' => wfGenerateToken())); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftID', 'value' => $wgRequest->getInt('draft', ''))); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftTitle', 'value' => $wgTitle->getPrefixedText())); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaved', 'value' => wfMsg('drafts-save-saved'))); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaving', 'value' => wfMsg('drafts-save-saving'))); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaveDraft', 'value' => wfMsg('drafts-save-save'))); $buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgError', 'value' => wfMsg('drafts-save-error'))); } // Continue return true; }
/** * creates a random token * @return a random token */ public static function generateRandomCookieID() { global $wgUser; return wfGenerateToken( array( $wgUser, time() ) ); }
public function setToken() { $this->tokenToCheck = wfGenerateToken( array( $this, time() ) ); wfSetupSession(); $_SESSION['wsSimpleSurveyToken'] = $this->tokenToCheck; }