/** * The user is logged in to MediaWiki but not Facebook. * No Facebook user is associated with this MediaWiki account. * * TODO: Facebook login button causes a post to a Special:Connect/ConnectUser or something */ private function loginToFacebookView() { global $wgOut, $wgSitename, $wgUser; $loginFormWidth = 400; // pixels $fb_ids = FacebookDB::getFacebookIDs($wgUser); $this->outputHeader(); $html = ' <div id="userloginForm"> <form style="width: ' . $loginFormWidth . 'px;">' . "\n"; if (!count($fb_ids)) { // This message was added recently and might not be translated // In that case, fall back to an older, similar message $formTitle = wfMsg('facebook-merge-title'); // This test probably isn't correct. I'm open to ideas if ($formTitle == "<facebook-merge-title>") { $formTitle = wfMsg('login'); } $html .= '<h2>' . $formTitle . "</h2>\n"; $formText = wfMsg('facebook-merge-text', $wgSitename); // This test probably isn't correct. I'm open to ideas if ($formText == "<facebook-merge-text>") { $formText = wfMsg('facebook-merge'); } $html .= '<p>' . $formText . "<br/><br/></p>\n"; } else { $html .= '<h2>' . wfMsg('login') . "</h2>\n"; // User is already connected to a Facebook account. Send a page asking // them to log in to one of their (possibly several) Facebook accounts // For now, scold them for trying to log in to a connected account // TODO $html .= '<p>' . wfMsg('facebook-connect-text') . "<br/><br/></p>\n"; } // Compatiblity with MW < 1.18 global $wgVersion; if (version_compare($wgVersion, '1.18', '>=')) { $skin = $this->getSkin(); } else { global $wgUser; $skin = $wgUser->getSkin(); } $html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n"; // Add a pretty Like box to entice the user to log in $html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>'; $html .= ' </form> </div>'; $wgOut->addHTML($html); // TODO: Add a returnto link }
/** * We need to override the password checking so that Facebook users can * reset their passwords and give themselves a valid password to log in * without Facebook. This only works if the user specifies a blank password * and hasn't already given themselves one. * * To that effect, you may want to modify the 'resetpass-wrong-oldpass' msg. * * Before version 1.14, MediaWiki used Special:Preferences to reset * passwords instead of Special:ChangePassword, so this hook won't get * called and Facebook users won't be able to give themselves a password * unless they request one over email. * * TODO: A potential security flaw is exposed for users who run untrusted * JavaScript code. Because no password exists, JavaScript could set a new * password without the user's knowledge. To guard against this, we need to * send the user an email and preemptively generate a password reset token. */ public static function UserComparePasswords($hash, $password, $userId, &$result) { global $wgUser; // Only override if no password exists and the old password ($hash) is blank if ($hash == '' && $password == '' && $userId) { // Only check for password on Special:ChangePassword // TODO: should we use RequestContext::getMain()->getTitle() instead? $title = $wgUser->getSkin()->getTitle(); if ($title instanceof Title && $title->isSpecial('Resetpass') || $title->isSpecial('ChangePassword')) { // Check to see if the MediaWiki user has connected via Facebook // before. For a more strict check, we could check if the user // is currently logged in to Facebook $user = User::newFromId($userId); $fb_ids = FacebookDB::getFacebookIDs($user); if (count($fb_ids) && $fb_ids[0]) { $result = true; return false; // to override internal check } } } return true; }
/** * Do the attach. * * @throws FacebookUserException */ private function attachUserInternal($user, $updatePrefs) { // The user must be logged into Facebook if (!$this->id) { throw new FacebookUserException('facebook-error', 'facebook-errortext'); } if ($this->user->getId()) { $this->sendError('facebook-error', 'facebook-errortext'); // TODO: new error msg } $fb_ids = FacebookDB::getFacebookIDs($user); if (count($fb_ids)) { $this->sendError('facebook-error', 'facebook-errortext'); // TODO: new error msg } // Attach the user to their Facebook account in the database FacebookDB::addFacebookID($user, $this->id); $this->user = $user; // Update the user with settings from Facebook if (count($updatePrefs)) { foreach ($updatePrefs as $option) { $this->user->setOption("facebookupdate-on-login-{$option}", '1'); } } // User has been successfully attached #wfRunHooks( 'SpecialConnect::userAttached', array( &$this ) ); }