protected function __construct() { // Make sure the session is started if (session_id() === '') { wfSetupSession(); } }
/** * Initialize the experiment and set all required tracking things * * @param string $experimentName * @param array $experimentConfig */ private static function startExperiment($experimentName, array $experimentConfig) { wfDebug(sprintf("%s[%s] using %s class with %s params\n", __METHOD__, $experimentName, $experimentConfig['handler'], json_encode($experimentConfig['params']))); new $experimentConfig['handler']($experimentConfig['params'] ?: []); // mark a transaction with an experiment name \Transaction::getInstance()->set(\Transaction::PARAM_AB_PERFORMANCE_TEST, $experimentName); // set a global JS variable with an experiment name global $wgHooks; $wgHooks['WikiaSkinTopScripts'][] = function (array &$vars, &$scripts) use($experimentName) { $vars['wgABPerformanceTest'] = $experimentName; return true; }; /* * Start the session to bypass CDN cache * * We don't want to polute the CDN cache with the A/B performance testing tracking data. * As the test are run for only a small subset of the traffic, start the session for client * that are in the test groups to bypass the CDN cache. */ if (session_id() == '') { wfSetupSession(); wfDebug(__METHOD__ . " - session started\n"); // log started sessions global $wgUser; WikiaLogger::instance()->info(__METHOD__, ['experiment' => $experimentName, 'session_id' => session_id(), 'is_anon' => $wgUser->isAnon()]); } }
function execute($par) { global $wgOut, $wgRequest, $wgUser, $wgFBAppId, $wgFBAppSecret, $wgLanguageCode, $wgContLang, $IP; require_once "{$IP}/extensions/wikihow/common/facebook-platform/facebook-php-sdk-771862b/src/facebook.php"; wfLoadExtensionMessages('FBLogin'); if (session_id() == '') { wfSetupSession(); } $this->returnto = $wgLanguageCode == 'en' ? wfMsg('fbc_returnto') : "/" . $wgContLang->getNSText(NS_PROJECT) . ":" . wfMsg('communityportal'); //$this->returnto = $_COOKIE['wiki_returnto'] ? $_COOKIE['wiki_returnto'] : "/Special:CommunityDashboard"; $this->userid = $_COOKIE['wiki_fbuser']; $userid = $this->userid; if (!$userid) { $wgOut->addHTML("An error occurred.<!--" . print_r($_COOKIE, true) . "-->"); return; } $this->setWgUser(); $this->facebook = new Facebook(array('appId' => $wgFBAppId, 'secret' => $wgFBAppSecret)); $accessToken = $_COOKIE['wiki_fbtoken']; $this->facebook->setAccessToken($accessToken); $result = $this->facebook->api('/me'); if (!$wgRequest->wasPosted()) { // If they still have the FB_* name, show them the registration form with a proposed name if (strpos($wgUser->getName(), "FB_") !== false) { $this->printRegForm($result); } else { $this->updateAvatar($result); // All logged in. Return them to wherever they're supposed to go $this->setCookies(); $wgOut->redirect($this->returnto); } } else { $this->processRegForm($result); } }
static function startSession() { if (session_id() == '') { wfSetupSession(); } self::clearCollection(); }
function execute($par) { global $wgRequest, $wgUser, $wgLanguageCode, $wgContLang, $wgOut; wfLoadExtensionMessages('GPlusLogin'); if (session_id() == '') { wfSetupSession(); } //disconnecting? if ($wgRequest->getVal('disconnect')) { self::userDisco(); return; } //returning to the community dashboard $this->returnto = $wgLanguageCode == 'en' ? wfMsg('gpl_returnto') : "/" . $wgContLang->getNSText(NS_PROJECT) . ":" . wfMsg('communityportal'); //set that user (if we can) $this->userid = $wgRequest->getVal('gplus_id') ? $wgRequest->getVal('gplus_id') : $wgRequest->getVal('user_id'); if ($this->userid) { $this->setWgUser(); } if ($wgRequest->wasPosted() && $wgRequest->getVal('gplus_id')) { self::processForm(); return; } //get user's G+ info $gp_id = $wgRequest->getVal('user_id'); $gp_name = $wgRequest->getVal('user_name'); $gp_email = $wgRequest->getVal('user_email'); $gp_avatar = $wgRequest->getVal('user_avatar'); self::showForm($gp_id, $gp_name, $gp_email, $gp_avatar); }
/** * @param $user User * @param $mungedUsername String * @return bool */ public static function attemptAddUser($user, $mungedUsername) { /** * @var $wgAuth LdapAuthenticationPlugin */ global $wgAuth; if (!$wgAuth->autoCreate()) { $wgAuth->printDebug("Cannot automatically create accounts.", NONSENSITIVE); return false; } $wgAuth->printDebug("User does not exist in local database; creating.", NONSENSITIVE); // Checks passed, create the user $user->loadDefaults($mungedUsername); $status = $user->addToDatabase(); if ($status !== null && !$status->isOK()) { $wgAuth->printDebug("Creation failed: " . $status->getWikiText(), NONSENSITIVE); return false; } $wgAuth->initUser($user, true); $user->setCookies(); wfSetupSession(); # Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); # Notify hooks (e.g. Newuserlog) wfRunHooks('AuthPluginAutoCreate', array($user)); return true; }
/** * Fixture -- run before every test */ protected function setUp() { parent::setUp(); $this->setMwGlobals(array('wgEnableUploads' => true, 'wgEnableAPI' => true)); wfSetupSession(); $this->clearFakeUploads(); }
/** * Creates a MediaWiki User object based on the token given in the HTTP request. * * @param \WebRequest $request the HTTP request data as an object * * @return \User on successful authentication */ public static function newFromToken(\WebRequest $request) { // Extract access token from HTTP request data. $token = self::getAccessToken($request); // Authenticate with the token, if present. if ($token) { global $wgHeliosBaseUri, $wgHeliosClientId, $wgHeliosClientSecret; $heliosClient = new Client($wgHeliosBaseUri, $wgHeliosClientId, $wgHeliosClientSecret); // start the session if there's none so far // the code is borrowed from SpecialUserlogin // @see PLATFORM-1261 if (session_id() == '') { wfSetupSession(); WikiaLogger::instance()->debug(__METHOD__ . '::startSession'); } try { $tokenInfo = $heliosClient->info($token); if (!empty($tokenInfo->user_id)) { $user = \User::newFromId($tokenInfo->user_id); // dont return the user object if it's disabled // @see SERVICES-459 if ((bool) $user->getGlobalFlag('disabled')) { self::clearAccessTokenCookie(); return null; } // return a MediaWiki's User object return $user; } } catch (ClientException $e) { WikiaLogger::instance()->error(__METHOD__, ['exception' => $e]); } } return null; }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistant * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. * * @access public */ public function execute() { $name = $password = $domain = null; extract($this->extractRequestParams()); $result = array(); // Make sure noone is trying to guess the password brut-force $nextLoginIn = $this->getNextLoginTimeout(); if ($nextLoginIn > 0) { $result['result'] = 'NeedToWait'; $result['details'] = "Please wait {$nextLoginIn} seconds before next log-in attempt"; $result['wait'] = $nextLoginIn; $this->getResult()->addValue(null, 'login', $result); return; } $params = new FauxRequest(array('wpName' => $name, 'wpPassword' => $password, 'wpDomain' => $domain, 'wpRemember' => '')); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($params); switch ($loginForm->authenticateUserData()) { case LoginForm::SUCCESS: global $wgUser, $wgCookiePrefix; $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); $result['result'] = 'Success'; $result['lguserid'] = $_SESSION['wsUserID']; $result['lgusername'] = $_SESSION['wsUserName']; $result['lgtoken'] = $_SESSION['wsToken']; $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; default: ApiBase::dieDebug(__METHOD__, 'Unhandled case value'); } if ($result['result'] != 'Success') { $result['wait'] = $this->cacheBadLogin(); $result['details'] = "Please wait " . self::THROTTLE_TIME . " seconds before next log-in attempt"; } // if we were allowed to try to login, memcache is fine $this->getResult()->addValue(null, 'login', $result); }
function __construct() { SpecialPage::__construct('PromoterAds'); // Make sure we have a session wfSetupSession(); // Load things that may have been serialized into the session $this->adFilterString = $this->getPRSessionVar('adFilterString', ''); }
public function show() { if (session_id() === '') { // Send a cookie so anons get talk message notifications wfSetupSession(); } parent::show(); }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. * * @access public */ public function execute() { $params = $this->extractRequestParams(); $result = array(); $req = new FauxRequest(array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpRemember' => '')); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($req); switch ($authRes = $loginForm->authenticateUserData()) { case LoginForm::SUCCESS: global $wgUser, $wgCookiePrefix; $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); // Run hooks. FIXME: split back and frontend from this hook. // FIXME: This hook should be placed in the backend $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($wgUser->getId()); $result['lgusername'] = $wgUser->getName(); $result['lgtoken'] = $wgUser->getToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; break; case LoginForm::THROTTLED: global $wgPasswordAttemptThrottle; $result['result'] = 'Throttled'; $result['wait'] = intval($wgPasswordAttemptThrottle['seconds']); break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); }
/** * constructor */ function wfSpecialUserlogin($par = '') { global $wgRequest; if (session_id() == '') { wfSetupSession(); } $form = new LoginForm($wgRequest, $par); $form->execute(); }
/** * Fixture -- run before every test */ public function setUp() { global $wgEnableUploads, $wgEnableAPI; parent::setUp(); $wgEnableUploads = true; $wgEnableAPI = true; wfSetupSession(); $this->clearFakeUploads(); }
/** * constructor */ function wfSpecialUserlogin($par = '') { global $wgRequest, $wgHooks; if (session_id() == '') { wfSetupSession(); } $form = new LoginForm($wgRequest, $par); $form->execute(); $wgHooks['BeforeTabsLine'][] = array('LoginForm::topContent', $form); }
protected function doApiRequest($params, $unused = null, $appendModule = false, $user = null) { $sessionId = session_id(); session_write_close(); $req = new FauxRequest($params, true, $_SESSION); $module = new ApiMain($req, true); $module->execute(); wfSetupSession($sessionId); return array($module->getResultData(), $req); }
function execute() { global $wgRequest, $wgHooks, $wgOut; $this->setHeaders(); if (session_id() == '') { wfSetupSession(); } $form = new AjaxLoginForm($wgRequest); $form->executeAsPage(); }
/** * constructor */ function wfSpecialUserlogin() { global $wgCommandLineMode; global $wgRequest; if (!$wgCommandLineMode && !isset($_COOKIE[session_name()])) { wfSetupSession(); } $form = new LoginForm($wgRequest); $form->execute(); }
public static function onMediaWikiPerformAction($output, $article, $title, $user, $request, $wiki) { $action = $request->getVal('action'); if ($action != 'submit2') { return true; } if (session_id() == '') { // Send a cookie so anons get talk message notifications wfSetupSession(); } return self::handleEditHooks($request, $title, $article, $action, $user); }
/** * Main entry point, hooks into MediaWikiPerformAction. * Checks whether or not to spawn the editor, and does so if necessary. */ public static function mediaWikiPerformAction($output, $article, $title, $user, $request, $wiki) { global $wgHooks, $wgInlineEditorEnableGlobal; if (!$user->getOption('inline-editor-enabled') && !$wgInlineEditorEnableGlobal) { return true; } // return if the action is not 'edit' or if it's disabled if ($wiki->getAction($request) != 'edit') { return true; } // check if the 'fulleditor' parameter is set either in GET or POST if ($request->getCheck('fulleditor')) { // hook into the edit page to inject the hidden 'fulleditor' input field again $wgHooks['EditPage::showEditForm:fields'][] = 'InlineEditor::showEditFormFields'; return true; } // terminate if the browser is not supported if (!self::isValidBrowser()) { self::$fallbackReason = self::REASON_BROWSER; return true; } // start the session if needed if (session_id() == '') { wfSetupSession(); } // try to spawn the editor and render the page $editor = new InlineEditor($article); // set the section to scroll to if (isset($_GET['section'])) { $editor->setSection($_GET['section']); } elseif (isset($_POST['section'])) { $editor->setSection($_POST['section']); } // unset the section variables so the entire page will be edited unset($_GET['section']); unset($_POST['section']); $request->setVal('section', null); // set a warning when leaving the page if necessary $editor->setEditWarning($user->getOption('useeditwarning') == 1); if ($editor->render($output)) { return false; } else { // if rendering fails for some reason, terminate and show the advanced page notice self::$fallbackReason = self::REASON_ADVANCED; // don't leave traces of HTML behind $output->clearHTML(); return true; } }
/** * Leave a message on the user talk page or in the session according to * $params['leaveMessage']. * * @param $status Status */ protected function leaveMessage($status) { if ($this->params['leaveMessage']) { if ($status->isGood()) { $this->user->leaveUserMessage(wfMsg('upload-success-subj'), wfMsg('upload-success-msg', $this->upload->getTitle()->getText(), $this->params['url'])); } else { $this->user->leaveUserMessage(wfMsg('upload-failure-subj'), wfMsg('upload-failure-msg', $status->getWikiText(), $this->params['url'])); } } else { wfSetupSession($this->params['sessionId']); if ($status->isOk()) { $this->storeResultInSession('Success', 'filename', $this->upload->getLocalFile()->getName()); } else { $this->storeResultInSession('Failure', 'errors', $status->getErrorsArray()); } session_write_close(); } }
function AuthWPUserLoadFromSession($user, &$result) { // Abort in cli mode. Seems like it shouldn't be necessary // but some cli scripts to end up here for whatever bizarre // reason - runjobs is an example. if (php_sapi_name() == 'cli') { return true; } // Is there a Wordpress user with a valid session? $wpuser = wp_get_current_user(); if (!$wpuser->ID) { return true; } $u = User::newFromName($wpuser->user_login); if (!$u) { wp_die("Your username '" . $wpuser->user_login . "' is not a valid MediaWiki username"); } if (0 == $u->getID()) { $u->addToDatabase(); $u->setToken(); } $id = User::idFromName($wpuser->user_login); if (!$id) { wp_die("Failed to get ID from name '" . $wpuser->user_login . "'"); return true; } if ($id == 0) { wp_die("Wikipedia '" . $wpuser->user_login . "' was not found."); return true; } $user->setID($id); $user->loadFromId(); wfSetupSession(); $user->setCookies(); // Set these to ensure synchronisation with WordPress... $user->setEmail($wpuser->user_email); $user->setRealName($wpuser->user_nicename); $user->saveSettings(); $result = true; return true; }
function GodAuth_hook() { global $wgUser; global $wgRequest; $title = $wgRequest->getVal('title'); if ($title == Title::makeName(NS_SPECIAL, 'Userlogout') || $title == Title::makeName(NS_SPECIAL, 'Userlogin')) { return; } $user = User::newFromSession(); if (!$user->isAnon()) { return; // User is already logged in and not anonymous. } if (!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) { wfSetupSession(); } # # Create a new MediaWiki account if needed # $_user = GodAuth_getUser(); $id = User::idFromName($_user); if (is_null($id)) { $u = User::newFromName($_user); $user->setName($_user); $user->setRealName(''); $user->setEmail(GodAuth_getEmail()); $user->mEmailAuthenticated = wfTimestampNow(); $user->setToken(); $user->saveSettings(); $user->addToDatabase(); } else { $user->mId = $id; $user->loadFromId(); } $wgUser = $user; $wgUser->setCookies(); return; }
/** * Get a signup token * @return string signupToken */ public static function getSignupToken() { if (!LoginForm::getCreateaccountToken()) { // Init session if necessary if (session_id() == '') { wfSetupSession(); } LoginForm::setCreateaccountToken(); } return LoginForm::getCreateaccountToken(); }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { $params = $this->extractRequestParams(); $result = array(); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $context = new DerivativeContext($this->getContext()); $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''))); $loginForm = new LoginForm(); $loginForm->setContext($context); global $wgCookiePrefix, $wgPasswordAttemptThrottle; $authRes = $loginForm->authenticateUserData(); switch ($authRes) { case LoginForm::SUCCESS: $user = $context->getUser(); $this->getContext()->setUser($user); $user->setOption('rememberpassword', 1); $user->setCookies($this->getRequest()); ApiQueryInfo::resetTokenCache(); // Run hooks. // @todo FIXME: Split back and frontend from this hook. // @todo FIXME: This hook should be placed in the backend $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$user, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = $loginForm->getLoginToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::RESET_PASS: // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;" // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;" case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $result['wait'] = intval($wgPasswordAttemptThrottle['seconds']); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); }
/** * Executes a list of actions. * * @param $filters array * @param $title Title * @param $vars array * @return Status returns the operation's status. $status->isOK() will return true if * there were no actions taken, false otherwise. $status->getValue() will return * an array listing the actions taken. $status-getErrors(), etc, will provide * the errors and warnings to be shown to the user to explain the actions. */ public static function executeFilterActions($filters, $title, $vars) { global $wgMainCacheType; wfProfileIn(__METHOD__); $actionsByFilter = self::getConsequencesForFilters($filters); $actionsTaken = array_fill_keys($filters, array()); $messages = array(); global $wgOut, $wgAbuseFilterDisallowGlobalLocalBlocks, $wgAbuseFilterRestrictedActions; foreach ($actionsByFilter as $filter => $actions) { // Special-case handling for warnings. $parsed_public_comments = $wgOut->parseInline(self::$filters[$filter]->af_public_comments); $global_filter = preg_match('/^global-/', $filter) == 1; // If the filter is throttled and throttling is available via object // caching, check to see if the user has hit the throttle. if (!empty($actions['throttle']) && $wgMainCacheType !== CACHE_NONE) { $parameters = $actions['throttle']['parameters']; $throttleId = array_shift($parameters); list($rateCount, $ratePeriod) = explode(',', array_shift($parameters)); $hitThrottle = false; // The rest are throttle-types. foreach ($parameters as $throttleType) { $hitThrottle = $hitThrottle || self::isThrottled($throttleId, $throttleType, $title, $rateCount, $ratePeriod, $global_filter); } unset($actions['throttle']); if (!$hitThrottle) { $actionsTaken[$filter][] = 'throttle'; continue; } } if ($wgAbuseFilterDisallowGlobalLocalBlocks && $global_filter) { foreach ($wgAbuseFilterRestrictedActions as $blockingAction) { unset($actions[$blockingAction]); } } if (!empty($actions['warn'])) { $parameters = $actions['warn']['parameters']; $warnKey = 'abusefilter-warned-' . md5($title->getPrefixedText()) . '-' . $filter; // Make sure the session is started prior to using it if (session_id() === '') { wfSetupSession(); } if (!isset($_SESSION[$warnKey]) || !$_SESSION[$warnKey]) { $_SESSION[$warnKey] = true; // Threaten them a little bit if (!empty($parameters[0]) && strlen($parameters[0])) { $msg = $parameters[0]; } else { $msg = 'abusefilter-warning'; } $messages[] = array($msg, $parsed_public_comments, $filter); $actionsTaken[$filter][] = 'warn'; continue; // Don't do anything else. } else { // We already warned them $_SESSION[$warnKey] = false; } unset($actions['warn']); } // prevent double warnings if (count(array_intersect(array_keys($actions), $wgAbuseFilterRestrictedActions)) > 0 && !empty($actions['disallow'])) { unset($actions['disallow']); } // Do the rest of the actions foreach ($actions as $action => $info) { $newMsg = self::takeConsequenceAction($action, $info['parameters'], $title, $vars, self::$filters[$filter]->af_public_comments, $filter); if ($newMsg !== null) { $messages[] = $newMsg; } $actionsTaken[$filter][] = $action; } } $status = self::buildStatus($actionsTaken, $messages); wfProfileOut(__METHOD__); return $status; }
/** * Reset the session_id * * @since 1.22 */ function wfResetSessionID() { global $wgCookieSecure; $oldSessionId = session_id(); $cookieParams = session_get_cookie_params(); if (wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure']) { session_regenerate_id(false); } else { $tmp = $_SESSION; session_destroy(); wfSetupSession(MWCryptRand::generateHex(32)); $_SESSION = $tmp; } $newSessionId = session_id(); Hooks::run('ResetSessionID', array($oldSessionId, $newSessionId)); }
/** * Perform one of the "standard" actions * * @param $output OutputPage * @param $article Article * @param $title Title * @param $user User * @param $request WebRequest */ function performAction(&$output, &$article, &$title, &$user, &$request) { wfProfileIn(__METHOD__); if (!wfRunHooks('MediaWikiPerformAction', array($output, $article, $title, $user, $request, $this))) { wfProfileOut(__METHOD__); return; } $action = $this->getVal('Action'); if (in_array($action, $this->getVal('DisabledActions', array()))) { /* No such action; this will switch to the default case */ $action = 'nosuchaction'; } // Workaround for bug #20966: inability of IE to provide an action dependent // on which submit button is clicked. if ($action === 'historysubmit') { if ($request->getBool('revisiondelete')) { $action = 'revisiondelete'; } else { $action = 'view'; } } switch ($action) { case 'view': $output->setSquidMaxage($this->getVal('SquidMaxage')); $article->view(); break; case 'raw': // includes JS/CSS wfProfileIn(__METHOD__ . '-raw'); $raw = new RawPage($article); $raw->view(); wfProfileOut(__METHOD__ . '-raw'); break; case 'watch': case 'unwatch': case 'delete': case 'revert': case 'rollback': case 'protect': case 'unprotect': case 'info': case 'markpatrolled': case 'render': case 'deletetrackback': case 'purge': $article->{$action}(); break; case 'print': $article->view(); break; case 'dublincore': if (!$this->getVal('EnableDublinCoreRdf')) { wfHttpError(403, 'Forbidden', wfMsg('nodublincore')); } else { $rdf = new DublinCoreRdf($article); $rdf->show(); } break; case 'creativecommons': if (!$this->getVal('EnableCreativeCommonsRdf')) { wfHttpError(403, 'Forbidden', wfMsg('nocreativecommons')); } else { $rdf = new CreativeCommonsRdf($article); $rdf->show(); } break; case 'credits': Credits::showPage($article); break; case 'submit': if (session_id() == '') { /* Send a cookie so anons get talk message notifications */ wfSetupSession(); } /* Continue... */ /* Continue... */ case 'edit': case 'editredlink': if (wfRunHooks('CustomEditor', array($article, $user))) { $internal = $request->getVal('internaledit'); $external = $request->getVal('externaledit'); $section = $request->getVal('section'); $oldid = $request->getVal('oldid'); if (!$this->getVal('UseExternalEditor') || $action == 'submit' || $internal || $section || $oldid || !$user->getOption('externaleditor') && !$external) { $editor = new EditPage($article); $editor->submit(); } elseif ($this->getVal('UseExternalEditor') && ($external || $user->getOption('externaleditor'))) { $mode = $request->getVal('mode'); $extedit = new ExternalEdit($article, $mode); $extedit->edit(); } } break; case 'history': if ($request->getFullRequestURL() == $title->getInternalURL('action=history')) { $output->setSquidMaxage($this->getVal('SquidMaxage')); } $history = new HistoryPage($article); $history->history(); break; case 'revisiondelete': // For show/hide submission from history page $special = SpecialPage::getPage('Revisiondelete'); $special->execute(''); break; default: if (wfRunHooks('UnknownAction', array($action, $article))) { $output->showErrorPage('nosuchaction', 'nosuchactiontext'); } } wfProfileOut(__METHOD__); }
$ps_memcached = Profiler::instance()->scopedProfileIn($fname . '-memcached'); $wgMemc = wfGetMainCache(); $messageMemc = wfGetMessageCacheStorage(); $parserMemc = wfGetParserCacheStorage(); wfDebugLog('caches', 'main: ' . get_class($wgMemc) . ', message: ' . get_class($messageMemc) . ', parser: ' . get_class($parserMemc)); Profiler::instance()->scopedProfileOut($ps_memcached); // Most of the config is out, some might want to run hooks here. Hooks::run('SetupAfterCache'); $ps_session = Profiler::instance()->scopedProfileIn($fname . '-session'); if (!defined('MW_NO_SESSION') && !$wgCommandLineMode) { // If session.auto_start is there, we can't touch session name if (!wfIniGetBool('session.auto_start')) { session_name($wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session'); } if ($wgRequest->checkSessionCookie() || isset($_COOKIE[$wgCookiePrefix . 'Token'])) { wfSetupSession(); } } Profiler::instance()->scopedProfileOut($ps_session); $ps_globals = Profiler::instance()->scopedProfileIn($fname . '-globals'); /** * @var Language $wgContLang */ $wgContLang = Language::factory($wgLanguageCode); $wgContLang->initEncoding(); $wgContLang->initContLang(); // Now that variant lists may be available... $wgRequest->interpolateTitle(); /** * @var User $wgUser */
/** * Logs in the user by their Facebook ID. If the Facebook user doesn't have * an account on the wiki, then they are presented with a form prompting * them to choose a wiki username. */ protected function login($fb_id) { global $wgUser; // Check to see if the Connected user exists in the database if ($fb_id) { $user = FBConnectDB::getUser($fb_id); } if (isset($user) && $user instanceof User) { $fbUser = new FBConnectUser($user); // Update user from facebook (see class FBConnectUser) $fbUser->updateFromFacebook(); // Setup the session global $wgSessionStarted; if (!$wgSessionStarted) { wfSetupSession(); } $user->setCookies(); $wgUser = $user; // Similar to what's done in LoginForm::authenticateUserData(). // Load $wgUser now. This is necessary because loading $wgUser (say by calling // getName()) calls the UserLoadFromSession hook, which potentially // creates the user in the local database. $sessionUser = User::newFromSession(); $sessionUser->load(); $this->sendPage('displaySuccessLogin'); } else { if ($fb_id) { $this->sendPage('chooseNameForm'); } else { // TODO: send an error message saying only Connected users can log in // or ask them to Connect. $this->sendError('fbconnect-cancel', 'fbconnect-canceltext'); } } }