/**
* This view is sent when $wgFbDisableLogin is true. In this case, the user
* must be logged in to Facebook to view the wiki, so we present a single
* login button.
*/
private function exclusiveLoginToFacebookView()
{
global $wgOut, $wgSitename, $wgUser;
$loginFormWidth = 400;
// pixels
$this->outputHeader();
$html = '
<div id="userloginForm">
<form style="width: ' . $loginFormWidth . 'px;">
<h2>' . wfMsg('userlogin') . '</h2>
<p>' . wfMsg('facebook-only-text', $wgSitename) . '<br/><br/></p>' . "\n";
// Compatiblity with MW < 1.18
global $wgVersion;
if (version_compare($wgVersion, '1.18', '>=')) {
$skin = $this->getSkin();
} else {
global $wgUser;
$skin = $wgUser->getSkin();
}
$html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n";
// Add a pretty Like box to entice the user to log in
$html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>';
$html .= '
</form>
</div>';
$wgOut->addHTML($html);
}
/**
* Adds several Facebook variables to the page:
*/
public static function ResourceLoaderGetConfigVars(&$vars)
{
global $wgRequest, $wgVersion, $wgFbAppId, $wgFbSocialPlugins, $wgFbStreamlineLogin, $wgUser;
/*
// Disabled (ext.facebook.js still uses wgPageName, but not wgPageQuery)
if (!isset($vars['wgPageQuery'])) {
$query = $wgRequest->getValues();
if (isset($query['title'])) {
unset($query['title']);
}
$vars['wgPageQuery'] = wfUrlencode( wfArrayToCGI( $query ) );
}
*/
$vars['fbScript'] = self::getFbScript();
$vars['fbAppId'] = $wgFbAppId;
$vars['fbUseXFBML'] = $wgFbSocialPlugins;
$vars['fbUseAjax'] = $wgFbStreamlineLogin;
if ($wgUser->isLoggedIn()) {
global $facebook;
$ids = FacebookDB::getFacebookIDs($wgUser);
// If the user is logged in, let the JavaScript code know who the
// account belongs to. The primary reason for this is so that if a
// user logs in to Facebook with a different account, we can show
// the "facebooklogoutandcontinue" form.
//
// Previously, if the user was logged in and had a valid Facebook
// session, we would skip this step with the mentality that it was
// unnecessary as the JavaScript code would obviously already know
// the Facebook ID. However, this created a problem that can be
// reproduced as follows:
// 1. Log in to MediaWiki with a valid Facebook session
// 2. In another tab, log out of Facebook and then log in again
// as the same user, creating a different session
// 3. Now reload the MediaWiki page. The server will see a valid
// session and skip the fbId variable. However, the client
// will fire the Facebook Login event because a new session
// was picked up, even though the user was also logged in the
// last time the page loaded.
// Now, because the JavaScript can't find the fbId variable, it
// assumes that the MediaWiki account isn't connected to a Facebook
// account and shows the "facebookmergeaccount" form. However, when
// this form is retrieved, the new session is synchronized to the
// server and the AJAX request is invalid because you can't merge
// an account that is already connected to a Facebook user.
//
// In and of itself, we skip this extra check and always include
// the fbId variable.
//
// There must be a prize for finding bugs like this one. Because
// seriously, I deserve it.
if (count($ids)) {
$vars['fbId'] = strval($ids[0]);
}
}
$scope = FacebookAPI::getPermissions();
if (!empty($scope)) {
$vars['fbScope'] = $scope;
}
return true;
}
/**
* Helper function to create name-value pairs from the list of attributes passed to the
* parser hook.
*/
static function implodeAttrs($args)
{
$attrs = '';
// The default action is to strip all event handlers and allow the tag
foreach ($args as $name => $value) {
// Disable all event handlers (e.g. onClick, onLogin)
if (substr($name, 0, 2) == 'on') {
continue;
}
// Render perms="auto" and scope="auto" with the correct permissions
// TODO: allow fields param to be "auto" for <fb:registration>
if (($name == 'perms' || $name == 'scope') && $value == 'auto') {
$value = FacebookAPI::getPermissions();
}
// Otherwise, pass the attribute through htmlspecialchars unmodified
$attrs .= " {$name}=\"" . htmlspecialchars($value) . '"';
}
return $attrs;
}
