protected function __construct()
{
// Make sure the session is started
if (session_id() === '') {
wfSetupSession();
}
}
/**
* Initialize the experiment and set all required tracking things
*
* @param string $experimentName
* @param array $experimentConfig
*/
private static function startExperiment($experimentName, array $experimentConfig)
{
wfDebug(sprintf("%s[%s] using %s class with %s params\n", __METHOD__, $experimentName, $experimentConfig['handler'], json_encode($experimentConfig['params'])));
new $experimentConfig['handler']($experimentConfig['params'] ?: []);
// mark a transaction with an experiment name
\Transaction::getInstance()->set(\Transaction::PARAM_AB_PERFORMANCE_TEST, $experimentName);
// set a global JS variable with an experiment name
global $wgHooks;
$wgHooks['WikiaSkinTopScripts'][] = function (array &$vars, &$scripts) use($experimentName) {
$vars['wgABPerformanceTest'] = $experimentName;
return true;
};
/*
* Start the session to bypass CDN cache
*
* We don't want to polute the CDN cache with the A/B performance testing tracking data.
* As the test are run for only a small subset of the traffic, start the session for client
* that are in the test groups to bypass the CDN cache.
*/
if (session_id() == '') {
wfSetupSession();
wfDebug(__METHOD__ . " - session started\n");
// log started sessions
global $wgUser;
WikiaLogger::instance()->info(__METHOD__, ['experiment' => $experimentName, 'session_id' => session_id(), 'is_anon' => $wgUser->isAnon()]);
}
}
function execute($par)
{
global $wgOut, $wgRequest, $wgUser, $wgFBAppId, $wgFBAppSecret, $wgLanguageCode, $wgContLang, $IP;
require_once "{$IP}/extensions/wikihow/common/facebook-platform/facebook-php-sdk-771862b/src/facebook.php";
wfLoadExtensionMessages('FBLogin');
if (session_id() == '') {
wfSetupSession();
}
$this->returnto = $wgLanguageCode == 'en' ? wfMsg('fbc_returnto') : "/" . $wgContLang->getNSText(NS_PROJECT) . ":" . wfMsg('communityportal');
//$this->returnto = $_COOKIE['wiki_returnto'] ? $_COOKIE['wiki_returnto'] : "/Special:CommunityDashboard";
$this->userid = $_COOKIE['wiki_fbuser'];
$userid = $this->userid;
if (!$userid) {
$wgOut->addHTML("An error occurred.<!--" . print_r($_COOKIE, true) . "-->");
return;
}
$this->setWgUser();
$this->facebook = new Facebook(array('appId' => $wgFBAppId, 'secret' => $wgFBAppSecret));
$accessToken = $_COOKIE['wiki_fbtoken'];
$this->facebook->setAccessToken($accessToken);
$result = $this->facebook->api('/me');
if (!$wgRequest->wasPosted()) {
// If they still have the FB_* name, show them the registration form with a proposed name
if (strpos($wgUser->getName(), "FB_") !== false) {
$this->printRegForm($result);
} else {
$this->updateAvatar($result);
// All logged in. Return them to wherever they're supposed to go
$this->setCookies();
$wgOut->redirect($this->returnto);
}
} else {
$this->processRegForm($result);
}
}
static function startSession()
{
if (session_id() == '') {
wfSetupSession();
}
self::clearCollection();
}
function execute($par)
{
global $wgRequest, $wgUser, $wgLanguageCode, $wgContLang, $wgOut;
wfLoadExtensionMessages('GPlusLogin');
if (session_id() == '') {
wfSetupSession();
}
//disconnecting?
if ($wgRequest->getVal('disconnect')) {
self::userDisco();
return;
}
//returning to the community dashboard
$this->returnto = $wgLanguageCode == 'en' ? wfMsg('gpl_returnto') : "/" . $wgContLang->getNSText(NS_PROJECT) . ":" . wfMsg('communityportal');
//set that user (if we can)
$this->userid = $wgRequest->getVal('gplus_id') ? $wgRequest->getVal('gplus_id') : $wgRequest->getVal('user_id');
if ($this->userid) {
$this->setWgUser();
}
if ($wgRequest->wasPosted() && $wgRequest->getVal('gplus_id')) {
self::processForm();
return;
}
//get user's G+ info
$gp_id = $wgRequest->getVal('user_id');
$gp_name = $wgRequest->getVal('user_name');
$gp_email = $wgRequest->getVal('user_email');
$gp_avatar = $wgRequest->getVal('user_avatar');
self::showForm($gp_id, $gp_name, $gp_email, $gp_avatar);
}
/**
* @param $user User
* @param $mungedUsername String
* @return bool
*/
public static function attemptAddUser($user, $mungedUsername)
{
/**
* @var $wgAuth LdapAuthenticationPlugin
*/
global $wgAuth;
if (!$wgAuth->autoCreate()) {
$wgAuth->printDebug("Cannot automatically create accounts.", NONSENSITIVE);
return false;
}
$wgAuth->printDebug("User does not exist in local database; creating.", NONSENSITIVE);
// Checks passed, create the user
$user->loadDefaults($mungedUsername);
$status = $user->addToDatabase();
if ($status !== null && !$status->isOK()) {
$wgAuth->printDebug("Creation failed: " . $status->getWikiText(), NONSENSITIVE);
return false;
}
$wgAuth->initUser($user, true);
$user->setCookies();
wfSetupSession();
# Update user count
$ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1);
$ssUpdate->doUpdate();
# Notify hooks (e.g. Newuserlog)
wfRunHooks('AuthPluginAutoCreate', array($user));
return true;
}
/**
* Fixture -- run before every test
*/
protected function setUp()
{
parent::setUp();
$this->setMwGlobals(array('wgEnableUploads' => true, 'wgEnableAPI' => true));
wfSetupSession();
$this->clearFakeUploads();
}
/**
* Creates a MediaWiki User object based on the token given in the HTTP request.
*
* @param \WebRequest $request the HTTP request data as an object
*
* @return \User on successful authentication
*/
public static function newFromToken(\WebRequest $request)
{
// Extract access token from HTTP request data.
$token = self::getAccessToken($request);
// Authenticate with the token, if present.
if ($token) {
global $wgHeliosBaseUri, $wgHeliosClientId, $wgHeliosClientSecret;
$heliosClient = new Client($wgHeliosBaseUri, $wgHeliosClientId, $wgHeliosClientSecret);
// start the session if there's none so far
// the code is borrowed from SpecialUserlogin
// @see PLATFORM-1261
if (session_id() == '') {
wfSetupSession();
WikiaLogger::instance()->debug(__METHOD__ . '::startSession');
}
try {
$tokenInfo = $heliosClient->info($token);
if (!empty($tokenInfo->user_id)) {
$user = \User::newFromId($tokenInfo->user_id);
// dont return the user object if it's disabled
// @see SERVICES-459
if ((bool) $user->getGlobalFlag('disabled')) {
self::clearAccessTokenCookie();
return null;
}
// return a MediaWiki's User object
return $user;
}
} catch (ClientException $e) {
WikiaLogger::instance()->error(__METHOD__, ['exception' => $e]);
}
}
return null;
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistant
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*
* @access public
*/
public function execute()
{
$name = $password = $domain = null;
extract($this->extractRequestParams());
$result = array();
// Make sure noone is trying to guess the password brut-force
$nextLoginIn = $this->getNextLoginTimeout();
if ($nextLoginIn > 0) {
$result['result'] = 'NeedToWait';
$result['details'] = "Please wait {$nextLoginIn} seconds before next log-in attempt";
$result['wait'] = $nextLoginIn;
$this->getResult()->addValue(null, 'login', $result);
return;
}
$params = new FauxRequest(array('wpName' => $name, 'wpPassword' => $password, 'wpDomain' => $domain, 'wpRemember' => ''));
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$loginForm = new LoginForm($params);
switch ($loginForm->authenticateUserData()) {
case LoginForm::SUCCESS:
global $wgUser, $wgCookiePrefix;
$wgUser->setOption('rememberpassword', 1);
$wgUser->setCookies();
$result['result'] = 'Success';
$result['lguserid'] = $_SESSION['wsUserID'];
$result['lgusername'] = $_SESSION['wsUserName'];
$result['lgtoken'] = $_SESSION['wsToken'];
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
default:
ApiBase::dieDebug(__METHOD__, 'Unhandled case value');
}
if ($result['result'] != 'Success') {
$result['wait'] = $this->cacheBadLogin();
$result['details'] = "Please wait " . self::THROTTLE_TIME . " seconds before next log-in attempt";
}
// if we were allowed to try to login, memcache is fine
$this->getResult()->addValue(null, 'login', $result);
}
function __construct()
{
SpecialPage::__construct('PromoterAds');
// Make sure we have a session
wfSetupSession();
// Load things that may have been serialized into the session
$this->adFilterString = $this->getPRSessionVar('adFilterString', '');
}
public function show()
{
if (session_id() === '') {
// Send a cookie so anons get talk message notifications
wfSetupSession();
}
parent::show();
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*
* @access public
*/
public function execute()
{
$params = $this->extractRequestParams();
$result = array();
$req = new FauxRequest(array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpRemember' => ''));
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$loginForm = new LoginForm($req);
switch ($authRes = $loginForm->authenticateUserData()) {
case LoginForm::SUCCESS:
global $wgUser, $wgCookiePrefix;
$wgUser->setOption('rememberpassword', 1);
$wgUser->setCookies();
// Run hooks. FIXME: split back and frontend from this hook.
// FIXME: This hook should be placed in the backend
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($wgUser->getId());
$result['lgusername'] = $wgUser->getName();
$result['lgtoken'] = $wgUser->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
break;
case LoginForm::THROTTLED:
global $wgPasswordAttemptThrottle;
$result['result'] = 'Throttled';
$result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
}
/**
* constructor
*/
function wfSpecialUserlogin($par = '')
{
global $wgRequest;
if (session_id() == '') {
wfSetupSession();
}
$form = new LoginForm($wgRequest, $par);
$form->execute();
}
/**
* Fixture -- run before every test
*/
public function setUp()
{
global $wgEnableUploads, $wgEnableAPI;
parent::setUp();
$wgEnableUploads = true;
$wgEnableAPI = true;
wfSetupSession();
$this->clearFakeUploads();
}
/**
* constructor
*/
function wfSpecialUserlogin($par = '')
{
global $wgRequest, $wgHooks;
if (session_id() == '') {
wfSetupSession();
}
$form = new LoginForm($wgRequest, $par);
$form->execute();
$wgHooks['BeforeTabsLine'][] = array('LoginForm::topContent', $form);
}
protected function doApiRequest($params, $unused = null, $appendModule = false, $user = null)
{
$sessionId = session_id();
session_write_close();
$req = new FauxRequest($params, true, $_SESSION);
$module = new ApiMain($req, true);
$module->execute();
wfSetupSession($sessionId);
return array($module->getResultData(), $req);
}
function execute()
{
global $wgRequest, $wgHooks, $wgOut;
$this->setHeaders();
if (session_id() == '') {
wfSetupSession();
}
$form = new AjaxLoginForm($wgRequest);
$form->executeAsPage();
}
/**
* constructor
*/
function wfSpecialUserlogin()
{
global $wgCommandLineMode;
global $wgRequest;
if (!$wgCommandLineMode && !isset($_COOKIE[session_name()])) {
wfSetupSession();
}
$form = new LoginForm($wgRequest);
$form->execute();
}
public static function onMediaWikiPerformAction($output, $article, $title, $user, $request, $wiki)
{
$action = $request->getVal('action');
if ($action != 'submit2') {
return true;
}
if (session_id() == '') {
// Send a cookie so anons get talk message notifications
wfSetupSession();
}
return self::handleEditHooks($request, $title, $article, $action, $user);
}
/**
* Main entry point, hooks into MediaWikiPerformAction.
* Checks whether or not to spawn the editor, and does so if necessary.
*/
public static function mediaWikiPerformAction($output, $article, $title, $user, $request, $wiki)
{
global $wgHooks, $wgInlineEditorEnableGlobal;
if (!$user->getOption('inline-editor-enabled') && !$wgInlineEditorEnableGlobal) {
return true;
}
// return if the action is not 'edit' or if it's disabled
if ($wiki->getAction($request) != 'edit') {
return true;
}
// check if the 'fulleditor' parameter is set either in GET or POST
if ($request->getCheck('fulleditor')) {
// hook into the edit page to inject the hidden 'fulleditor' input field again
$wgHooks['EditPage::showEditForm:fields'][] = 'InlineEditor::showEditFormFields';
return true;
}
// terminate if the browser is not supported
if (!self::isValidBrowser()) {
self::$fallbackReason = self::REASON_BROWSER;
return true;
}
// start the session if needed
if (session_id() == '') {
wfSetupSession();
}
// try to spawn the editor and render the page
$editor = new InlineEditor($article);
// set the section to scroll to
if (isset($_GET['section'])) {
$editor->setSection($_GET['section']);
} elseif (isset($_POST['section'])) {
$editor->setSection($_POST['section']);
}
// unset the section variables so the entire page will be edited
unset($_GET['section']);
unset($_POST['section']);
$request->setVal('section', null);
// set a warning when leaving the page if necessary
$editor->setEditWarning($user->getOption('useeditwarning') == 1);
if ($editor->render($output)) {
return false;
} else {
// if rendering fails for some reason, terminate and show the advanced page notice
self::$fallbackReason = self::REASON_ADVANCED;
// don't leave traces of HTML behind
$output->clearHTML();
return true;
}
}
/**
* Leave a message on the user talk page or in the session according to
* $params['leaveMessage'].
*
* @param $status Status
*/
protected function leaveMessage($status)
{
if ($this->params['leaveMessage']) {
if ($status->isGood()) {
$this->user->leaveUserMessage(wfMsg('upload-success-subj'), wfMsg('upload-success-msg', $this->upload->getTitle()->getText(), $this->params['url']));
} else {
$this->user->leaveUserMessage(wfMsg('upload-failure-subj'), wfMsg('upload-failure-msg', $status->getWikiText(), $this->params['url']));
}
} else {
wfSetupSession($this->params['sessionId']);
if ($status->isOk()) {
$this->storeResultInSession('Success', 'filename', $this->upload->getLocalFile()->getName());
} else {
$this->storeResultInSession('Failure', 'errors', $status->getErrorsArray());
}
session_write_close();
}
}
function AuthWPUserLoadFromSession($user, &$result)
{
// Abort in cli mode. Seems like it shouldn't be necessary
// but some cli scripts to end up here for whatever bizarre
// reason - runjobs is an example.
if (php_sapi_name() == 'cli') {
return true;
}
// Is there a Wordpress user with a valid session?
$wpuser = wp_get_current_user();
if (!$wpuser->ID) {
return true;
}
$u = User::newFromName($wpuser->user_login);
if (!$u) {
wp_die("Your username '" . $wpuser->user_login . "' is not a valid MediaWiki username");
}
if (0 == $u->getID()) {
$u->addToDatabase();
$u->setToken();
}
$id = User::idFromName($wpuser->user_login);
if (!$id) {
wp_die("Failed to get ID from name '" . $wpuser->user_login . "'");
return true;
}
if ($id == 0) {
wp_die("Wikipedia '" . $wpuser->user_login . "' was not found.");
return true;
}
$user->setID($id);
$user->loadFromId();
wfSetupSession();
$user->setCookies();
// Set these to ensure synchronisation with WordPress...
$user->setEmail($wpuser->user_email);
$user->setRealName($wpuser->user_nicename);
$user->saveSettings();
$result = true;
return true;
}
function GodAuth_hook()
{
global $wgUser;
global $wgRequest;
$title = $wgRequest->getVal('title');
if ($title == Title::makeName(NS_SPECIAL, 'Userlogout') || $title == Title::makeName(NS_SPECIAL, 'Userlogin')) {
return;
}
$user = User::newFromSession();
if (!$user->isAnon()) {
return;
// User is already logged in and not anonymous.
}
if (!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) {
wfSetupSession();
}
#
# Create a new MediaWiki account if needed
#
$_user = GodAuth_getUser();
$id = User::idFromName($_user);
if (is_null($id)) {
$u = User::newFromName($_user);
$user->setName($_user);
$user->setRealName('');
$user->setEmail(GodAuth_getEmail());
$user->mEmailAuthenticated = wfTimestampNow();
$user->setToken();
$user->saveSettings();
$user->addToDatabase();
} else {
$user->mId = $id;
$user->loadFromId();
}
$wgUser = $user;
$wgUser->setCookies();
return;
}
/**
* Get a signup token
* @return string signupToken
*/
public static function getSignupToken()
{
if (!LoginForm::getCreateaccountToken()) {
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
LoginForm::setCreateaccountToken();
}
return LoginForm::getCreateaccountToken();
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
global $wgCookiePrefix, $wgPasswordAttemptThrottle;
$authRes = $loginForm->authenticateUserData();
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setOption('rememberpassword', 1);
$user->setCookies($this->getRequest());
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::RESET_PASS:
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
}
/**
* Executes a list of actions.
*
* @param $filters array
* @param $title Title
* @param $vars array
* @return Status returns the operation's status. $status->isOK() will return true if
* there were no actions taken, false otherwise. $status->getValue() will return
* an array listing the actions taken. $status-getErrors(), etc, will provide
* the errors and warnings to be shown to the user to explain the actions.
*/
public static function executeFilterActions($filters, $title, $vars)
{
global $wgMainCacheType;
wfProfileIn(__METHOD__);
$actionsByFilter = self::getConsequencesForFilters($filters);
$actionsTaken = array_fill_keys($filters, array());
$messages = array();
global $wgOut, $wgAbuseFilterDisallowGlobalLocalBlocks, $wgAbuseFilterRestrictedActions;
foreach ($actionsByFilter as $filter => $actions) {
// Special-case handling for warnings.
$parsed_public_comments = $wgOut->parseInline(self::$filters[$filter]->af_public_comments);
$global_filter = preg_match('/^global-/', $filter) == 1;
// If the filter is throttled and throttling is available via object
// caching, check to see if the user has hit the throttle.
if (!empty($actions['throttle']) && $wgMainCacheType !== CACHE_NONE) {
$parameters = $actions['throttle']['parameters'];
$throttleId = array_shift($parameters);
list($rateCount, $ratePeriod) = explode(',', array_shift($parameters));
$hitThrottle = false;
// The rest are throttle-types.
foreach ($parameters as $throttleType) {
$hitThrottle = $hitThrottle || self::isThrottled($throttleId, $throttleType, $title, $rateCount, $ratePeriod, $global_filter);
}
unset($actions['throttle']);
if (!$hitThrottle) {
$actionsTaken[$filter][] = 'throttle';
continue;
}
}
if ($wgAbuseFilterDisallowGlobalLocalBlocks && $global_filter) {
foreach ($wgAbuseFilterRestrictedActions as $blockingAction) {
unset($actions[$blockingAction]);
}
}
if (!empty($actions['warn'])) {
$parameters = $actions['warn']['parameters'];
$warnKey = 'abusefilter-warned-' . md5($title->getPrefixedText()) . '-' . $filter;
// Make sure the session is started prior to using it
if (session_id() === '') {
wfSetupSession();
}
if (!isset($_SESSION[$warnKey]) || !$_SESSION[$warnKey]) {
$_SESSION[$warnKey] = true;
// Threaten them a little bit
if (!empty($parameters[0]) && strlen($parameters[0])) {
$msg = $parameters[0];
} else {
$msg = 'abusefilter-warning';
}
$messages[] = array($msg, $parsed_public_comments, $filter);
$actionsTaken[$filter][] = 'warn';
continue;
// Don't do anything else.
} else {
// We already warned them
$_SESSION[$warnKey] = false;
}
unset($actions['warn']);
}
// prevent double warnings
if (count(array_intersect(array_keys($actions), $wgAbuseFilterRestrictedActions)) > 0 && !empty($actions['disallow'])) {
unset($actions['disallow']);
}
// Do the rest of the actions
foreach ($actions as $action => $info) {
$newMsg = self::takeConsequenceAction($action, $info['parameters'], $title, $vars, self::$filters[$filter]->af_public_comments, $filter);
if ($newMsg !== null) {
$messages[] = $newMsg;
}
$actionsTaken[$filter][] = $action;
}
}
$status = self::buildStatus($actionsTaken, $messages);
wfProfileOut(__METHOD__);
return $status;
}
/**
* Reset the session_id
*
* @since 1.22
*/
function wfResetSessionID()
{
global $wgCookieSecure;
$oldSessionId = session_id();
$cookieParams = session_get_cookie_params();
if (wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure']) {
session_regenerate_id(false);
} else {
$tmp = $_SESSION;
session_destroy();
wfSetupSession(MWCryptRand::generateHex(32));
$_SESSION = $tmp;
}
$newSessionId = session_id();
Hooks::run('ResetSessionID', array($oldSessionId, $newSessionId));
}
/**
* Perform one of the "standard" actions
*
* @param $output OutputPage
* @param $article Article
* @param $title Title
* @param $user User
* @param $request WebRequest
*/
function performAction(&$output, &$article, &$title, &$user, &$request)
{
wfProfileIn(__METHOD__);
if (!wfRunHooks('MediaWikiPerformAction', array($output, $article, $title, $user, $request, $this))) {
wfProfileOut(__METHOD__);
return;
}
$action = $this->getVal('Action');
if (in_array($action, $this->getVal('DisabledActions', array()))) {
/* No such action; this will switch to the default case */
$action = 'nosuchaction';
}
// Workaround for bug #20966: inability of IE to provide an action dependent
// on which submit button is clicked.
if ($action === 'historysubmit') {
if ($request->getBool('revisiondelete')) {
$action = 'revisiondelete';
} else {
$action = 'view';
}
}
switch ($action) {
case 'view':
$output->setSquidMaxage($this->getVal('SquidMaxage'));
$article->view();
break;
case 'raw':
// includes JS/CSS
wfProfileIn(__METHOD__ . '-raw');
$raw = new RawPage($article);
$raw->view();
wfProfileOut(__METHOD__ . '-raw');
break;
case 'watch':
case 'unwatch':
case 'delete':
case 'revert':
case 'rollback':
case 'protect':
case 'unprotect':
case 'info':
case 'markpatrolled':
case 'render':
case 'deletetrackback':
case 'purge':
$article->{$action}();
break;
case 'print':
$article->view();
break;
case 'dublincore':
if (!$this->getVal('EnableDublinCoreRdf')) {
wfHttpError(403, 'Forbidden', wfMsg('nodublincore'));
} else {
$rdf = new DublinCoreRdf($article);
$rdf->show();
}
break;
case 'creativecommons':
if (!$this->getVal('EnableCreativeCommonsRdf')) {
wfHttpError(403, 'Forbidden', wfMsg('nocreativecommons'));
} else {
$rdf = new CreativeCommonsRdf($article);
$rdf->show();
}
break;
case 'credits':
Credits::showPage($article);
break;
case 'submit':
if (session_id() == '') {
/* Send a cookie so anons get talk message notifications */
wfSetupSession();
}
/* Continue... */
/* Continue... */
case 'edit':
case 'editredlink':
if (wfRunHooks('CustomEditor', array($article, $user))) {
$internal = $request->getVal('internaledit');
$external = $request->getVal('externaledit');
$section = $request->getVal('section');
$oldid = $request->getVal('oldid');
if (!$this->getVal('UseExternalEditor') || $action == 'submit' || $internal || $section || $oldid || !$user->getOption('externaleditor') && !$external) {
$editor = new EditPage($article);
$editor->submit();
} elseif ($this->getVal('UseExternalEditor') && ($external || $user->getOption('externaleditor'))) {
$mode = $request->getVal('mode');
$extedit = new ExternalEdit($article, $mode);
$extedit->edit();
}
}
break;
case 'history':
if ($request->getFullRequestURL() == $title->getInternalURL('action=history')) {
$output->setSquidMaxage($this->getVal('SquidMaxage'));
}
$history = new HistoryPage($article);
$history->history();
break;
case 'revisiondelete':
// For show/hide submission from history page
$special = SpecialPage::getPage('Revisiondelete');
$special->execute('');
break;
default:
if (wfRunHooks('UnknownAction', array($action, $article))) {
$output->showErrorPage('nosuchaction', 'nosuchactiontext');
}
}
wfProfileOut(__METHOD__);
}
$ps_memcached = Profiler::instance()->scopedProfileIn($fname . '-memcached');
$wgMemc = wfGetMainCache();
$messageMemc = wfGetMessageCacheStorage();
$parserMemc = wfGetParserCacheStorage();
wfDebugLog('caches', 'main: ' . get_class($wgMemc) . ', message: ' . get_class($messageMemc) . ', parser: ' . get_class($parserMemc));
Profiler::instance()->scopedProfileOut($ps_memcached);
// Most of the config is out, some might want to run hooks here.
Hooks::run('SetupAfterCache');
$ps_session = Profiler::instance()->scopedProfileIn($fname . '-session');
if (!defined('MW_NO_SESSION') && !$wgCommandLineMode) {
// If session.auto_start is there, we can't touch session name
if (!wfIniGetBool('session.auto_start')) {
session_name($wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session');
}
if ($wgRequest->checkSessionCookie() || isset($_COOKIE[$wgCookiePrefix . 'Token'])) {
wfSetupSession();
}
}
Profiler::instance()->scopedProfileOut($ps_session);
$ps_globals = Profiler::instance()->scopedProfileIn($fname . '-globals');
/**
* @var Language $wgContLang
*/
$wgContLang = Language::factory($wgLanguageCode);
$wgContLang->initEncoding();
$wgContLang->initContLang();
// Now that variant lists may be available...
$wgRequest->interpolateTitle();
/**
* @var User $wgUser
*/
/**
* Logs in the user by their Facebook ID. If the Facebook user doesn't have
* an account on the wiki, then they are presented with a form prompting
* them to choose a wiki username.
*/
protected function login($fb_id)
{
global $wgUser;
// Check to see if the Connected user exists in the database
if ($fb_id) {
$user = FBConnectDB::getUser($fb_id);
}
if (isset($user) && $user instanceof User) {
$fbUser = new FBConnectUser($user);
// Update user from facebook (see class FBConnectUser)
$fbUser->updateFromFacebook();
// Setup the session
global $wgSessionStarted;
if (!$wgSessionStarted) {
wfSetupSession();
}
$user->setCookies();
$wgUser = $user;
// Similar to what's done in LoginForm::authenticateUserData().
// Load $wgUser now. This is necessary because loading $wgUser (say by calling
// getName()) calls the UserLoadFromSession hook, which potentially
// creates the user in the local database.
$sessionUser = User::newFromSession();
$sessionUser->load();
$this->sendPage('displaySuccessLogin');
} else {
if ($fb_id) {
$this->sendPage('chooseNameForm');
} else {
// TODO: send an error message saying only Connected users can log in
// or ask them to Connect.
$this->sendError('fbconnect-cancel', 'fbconnect-canceltext');
}
}
}
