/**
* Main execution point
*/
function execute($par)
{
global $wgAuth;
$this->checkReadOnly();
$request = $this->getRequest();
$this->mUserName = trim($request->getVal('wpName'));
$this->mOldpass = $request->getVal('wpPassword');
$this->mNewpass = $request->getVal('wpNewPassword');
$this->mRetype = $request->getVal('wpRetype');
$this->mDomain = $request->getVal('wpDomain');
$this->setHeaders();
$this->outputHeader();
$this->getOutput()->disallowUserJs();
$user = $this->getUser();
if (!$request->wasPosted() && !$user->isLoggedIn()) {
$this->error($this->msg('resetpass-no-info')->text());
return;
}
if ($request->wasPosted() && $request->getBool('wpCancel')) {
$this->doReturnTo();
return;
}
if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) {
try {
if (isset($_SESSION['wsDomain'])) {
$this->mDomain = $_SESSION['wsDomain'];
}
$wgAuth->setDomain($this->mDomain);
if (!$wgAuth->allowPasswordChange()) {
$this->error($this->msg('resetpass_forbidden')->text());
return;
}
$this->attemptReset($this->mNewpass, $this->mRetype);
$this->getOutput()->addWikiMsg('resetpass_success');
if (!$user->isLoggedIn()) {
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $request->getVal('returnto'));
if ($request->getCheck('wpRemember')) {
$data['wpRemember'] = 1;
}
$login = new LoginForm(new FauxRequest($data, true));
$login->setContext($this->getContext());
$login->execute(null);
}
$this->doReturnTo();
} catch (PasswordError $e) {
$this->error($e->getMessage());
}
}
$this->showForm();
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
global $wgCookiePrefix, $wgPasswordAttemptThrottle;
$authRes = $loginForm->authenticateUserData();
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setOption('rememberpassword', 1);
$user->setCookies($this->getRequest());
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::RESET_PASS:
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
}
/**
* Get a login token
*
* @return string loginToken
*/
public static function getLoginToken()
{
if (!LoginForm::getLoginToken()) {
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
LoginForm::setLoginToken();
}
return LoginForm::getLoginToken();
}
public function onSuccess()
{
if ($this->getUser()->isLoggedIn()) {
$this->getOutput()->wrapWikiMsg("<div class=\"successbox\">\n\$1\n</div>", 'changepassword-success');
$this->getOutput()->returnToMain();
} else {
$request = $this->getRequest();
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery');
$login = new LoginForm(new DerivativeRequest($request, $data, true));
$login->setContext($this->getContext());
$login->execute(null);
}
}
function showForm()
{
global $wgCookieExpiration;
$user = $this->getUser();
if (!$this->mUserName) {
$this->mUserName = $user->getName();
}
$rememberMe = '';
if (!$user->isLoggedIn()) {
$rememberMe = '<tr>' . '<td></td>' . '<td class="mw-input">' . Xml::checkLabel($this->msg('remembermypassword')->numParams(ceil($wgCookieExpiration / (3600 * 24)))->text(), 'wpRemember', 'wpRemember', $this->getRequest()->getCheck('wpRemember')) . '</td>' . '</tr>';
$submitMsg = 'resetpass_submit';
$oldpassMsg = 'resetpass-temp-password';
} else {
$oldpassMsg = 'oldpassword';
$submitMsg = 'resetpass-submit-loggedin';
}
$loginOnChangeToken = '';
if (!$user->isLoggedIn()) {
$loginOnChangeToken = Html::hidden('wpLoginOnChangeToken', LoginForm::getLoginToken());
}
$this->getOutput()->addHTML(Xml::fieldset($this->msg('resetpass_header')->text()) . Xml::openElement('form', array('method' => 'post', 'action' => $this->getTitle()->getLocalUrl(), 'id' => 'mw-resetpass-form')) . "\n" . Html::hidden('token', $user->getEditToken()) . "\n" . Html::hidden('wpName', $this->mUserName) . "\n" . Html::hidden('wpDomain', $this->mDomain) . "\n" . Html::hidden('returnto', $this->getRequest()->getVal('returnto')) . "\n" . $loginOnChangeToken . $this->msg('resetpass_text')->parseAsBlock() . "\n" . Xml::openElement('table', array('id' => 'mw-resetpass-table')) . "\n" . $this->pretty(array(array('wpName', 'username', 'text', $this->mUserName), array('wpPassword', $oldpassMsg, 'password', $this->mOldpass), array('wpNewPassword', 'newpassword', 'password', null), array('wpRetype', 'retypenew', 'password', null))) . "\n" . $rememberMe . "<tr>\n" . "<td></td>\n" . '<td class="mw-input">' . Xml::submitButton($this->msg($submitMsg)->text()) . Xml::submitButton($this->msg('resetpass-submit-cancel')->text(), array('name' => 'wpCancel')) . "</td>\n" . "</tr>\n" . Xml::closeElement('table') . Xml::closeElement('form') . Xml::closeElement('fieldset') . "\n");
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
return;
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$throttle = $this->getConfig()->get('PasswordAttemptThrottle');
$result['wait'] = intval($throttle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'status' => LoginForm::$statusCodes[$authRes]));
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*
* @access public
*/
public function execute()
{
$params = $this->extractRequestParams();
$result = array();
$req = new FauxRequest(array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''));
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$loginForm = new LoginForm($req);
switch ($authRes = $loginForm->authenticateUserData()) {
case LoginForm::SUCCESS:
global $wgUser, $wgCookiePrefix;
$wgUser->setOption('rememberpassword', 1);
$wgUser->setCookies();
// Run hooks. FIXME: split back and frontend from this hook.
// FIXME: This hook should be placed in the backend
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($wgUser->getId());
$result['lgusername'] = $wgUser->getName();
$result['lgtoken'] = $wgUser->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
global $wgCookiePrefix;
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
break;
case LoginForm::THROTTLED:
global $wgPasswordAttemptThrottle;
$result['result'] = 'Throttled';
$result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
}
/**
* Generates a template with the login form and registration form already filled into
* it and other settings populated as well. This template can then be executed with
* different EasyTemplates to give different results such as one view for ajax dialogs
* and one view for standalone pages (such as Special:Signup).
*/
public static function getTemplateForCombinedForms($static = false, $lastmsg = "", &$ajaxLoginForm = "")
{
global $wgRequest;
// Setup the data for the templates, similar to GetComboAjaxLogin.
if (session_id() == '') {
wfSetupSession();
}
// TODO: Invstigate why this was here.
//if ($wgRequest->getCheck( 'wpCreateaccount' )) {
// return "error";
//}
$tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/');
$response = new AjaxResponse();
$type = $wgRequest->getVal('type', '');
if (!wfReadOnly()) {
if (empty($ajaxLoginForm)) {
$ajaxLoginForm = new AjaxLoginForm($wgRequest);
}
$ajaxLoginForm->execute($type);
if (!empty($ajaxLoginForm->ajaxTemplate)) {
$lastmsg = $ajaxLoginForm->ajaxTemplate->data['message'];
$tmpl->set('message', $ajaxLoginForm->ajaxTemplate->data['message']);
$tmpl->set('messagetype', $ajaxLoginForm->ajaxTemplate->data['messagetype']);
}
$tmpl->set("registerAjax", $ajaxLoginForm->ajaxRender());
}
$isReadOnly = wfReadOnly() ? 1 : 0;
$tmpl->set("isReadOnly", $isReadOnly);
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$tmpl->set("loginToken", LoginForm::getLoginToken());
if (!LoginForm::getCreateaccountToken()) {
LoginForm::setCreateaccountToken();
}
$tmpl->set("createToken", LoginForm::getCreateaccountToken());
// Use the existing settings to generate the login portion of the form, which will then
// be fed back into the bigger template in this case (it is not always fed into ComboAjaxLogin template).
$returnto = $wgRequest->getVal('returnto', '');
if (!($returnto == '')) {
$returnto = "&returnto=" . wfUrlencode($returnto);
}
$returntoquery = $wgRequest->getVal('returntoquery', '');
if (!($returntoquery == '')) {
$returntoquery = "&returntoquery=" . wfUrlencode($returntoquery);
}
$loginaction = Skin::makeSpecialUrl('Signup', "type=login&action=submitlogin" . $returnto . $returntoquery);
$signupaction = Skin::makeSpecialUrl('Signup', "type=signup" . $returnto . $returntoquery);
$tmpl->set("loginaction", $loginaction);
$tmpl->set("signupaction", $signupaction);
$tmpl->set("loginerror", $lastmsg);
$tmpl->set("actiontype", $type);
$tmpl->set("showRegister", false);
$tmpl->set("showLogin", false);
if ($static) {
if (strtolower($type) == "login") {
$tmpl->set("showLogin", true);
} else {
if (!$isReadOnly) {
$tmpl->set("showRegister", true);
}
}
}
$tmpl->set("ajaxLoginComponent", $tmpl->render('AjaxLoginComponent'));
return $tmpl;
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
return;
}
$params = $this->extractRequestParams();
$result = array();
// Make sure session is persisted
$session = MediaWiki\Session\SessionManager::getGlobalSession();
$session->persist();
// Make sure it's possible to log in
if (!$session->canSetUser()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))));
return;
}
$authRes = false;
$context = new DerivativeContext($this->getContext());
$loginType = 'N/A';
// Check login token
$token = LoginForm::getLoginToken();
if (!$token) {
LoginForm::setLoginToken();
$authRes = LoginForm::NEED_TOKEN;
} elseif (!$params['token']) {
$authRes = LoginForm::NEED_TOKEN;
} elseif ($token !== $params['token']) {
$authRes = LoginForm::WRONG_TOKEN;
}
// Try bot passwords
if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
$status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
if ($status->isOk()) {
$session = $status->getValue();
$authRes = LoginForm::SUCCESS;
$loginType = 'BotPassword';
} else {
LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText());
}
}
// Normal login
if ($authRes === false) {
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
$loginType = 'LoginForm';
}
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
// @todo: These are deprecated, and should be removed at some
// point (1.28 at the earliest, and see T121527). They were ok
// when the core cookie-based login was the only thing, but
// CentralAuth broke that a while back and
// SessionManager/AuthManager are *really* going to break it.
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = LoginForm::getLoginToken();
// @todo: See above about deprecation
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$throttle = $this->getConfig()->get('PasswordAttemptThrottle');
$result['wait'] = intval($throttle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes]));
}
/**
* This hook is registered by the Auth_remoteuser constructor. It will be
* called on every page load. It serves the function of automatically logging
* in the user. The Auth_remoteuser class is an AuthPlugin and handles the
* actual authentication, user creation, etc.
*
* Details:
* 1. Check to see if the user has a session and is not anonymous. If this is
* true, check whether REMOTE_USER matches the session user. If so, we can
* just return; otherwise we must logout the session user and login as the
* REMOTE_USER.
* 2. If the user doesn't have a session, we create a login form with our own
* fake request and ask the form to authenticate the user. If the user does
* not exist authenticateUserData will attempt to create one. The login form
* uses our Auth_remoteuser class as an AuthPlugin.
*
* Note: If cookies are disabled, an infinite loop /might/ occur?
*/
function Auth_remote_user_hook()
{
global $wgUser, $wgRequest, $wgAuthRemoteuserDomain, $wgAuth;
// For a few special pages, don't do anything.
$title = $wgRequest->getVal('title');
if ($title == Title::makeName(NS_SPECIAL, 'UserLogout') || $title == Title::makeName(NS_SPECIAL, 'UserLogin')) {
return;
}
// Process the username if required
if (!isset($_SERVER['REMOTE_USER'])) {
return;
}
if (isset($wgAuthRemoteuserDomain) && strlen($wgAuthRemoteuserDomain)) {
$username = str_replace("{$wgAuthRemoteuserDomain}\\", "", $_SERVER['REMOTE_USER']);
$username = str_replace("@{$wgAuthRemoteuserDomain}", "", $username);
} else {
$username = $_SERVER['REMOTE_USER'];
}
// Check for valid session
$user = User::newFromSession();
if (!$user->isAnon()) {
if ($user->getName() == $wgAuth->getCanonicalName($username)) {
return;
// Correct user is already logged in.
} else {
$user->doLogout();
// Logout mismatched user.
}
}
// Copied from includes/SpecialUserlogin.php
if (!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) {
wfSetupSession();
}
// If the login form returns NEED_TOKEN try once more with the right token
$trycount = 0;
$token = '';
$errormessage = '';
do {
$tryagain = false;
// Submit a fake login form to authenticate the user.
$params = new FauxRequest(array('wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpLoginToken' => $token, 'wpRemember' => ''));
// Authenticate user data will automatically create new users.
$loginForm = new LoginForm($params);
$result = $loginForm->authenticateUserData();
switch ($result) {
case LoginForm::SUCCESS:
$wgUser->setOption('rememberpassword', 1);
$wgUser->setCookies();
break;
case LoginForm::NEED_TOKEN:
$token = $loginForm->getLoginToken();
$tryagain = $trycount == 0;
break;
case LoginForm::WRONG_TOKEN:
$errormessage = 'WrongToken';
break;
case LoginForm::NO_NAME:
$errormessage = 'NoName';
break;
case LoginForm::ILLEGAL:
$errormessage = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$errormessage = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$errormessage = 'NotExists';
break;
case LoginForm::WRONG_PASS:
$errormessage = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$errormessage = 'EmptyPass';
break;
default:
$errormessage = 'Unknown';
break;
}
if ($result != LoginForm::SUCCESS && $result != LoginForm::NEED_TOKEN) {
error_log('Unexpected REMOTE_USER authentication failure. Login Error was:' . $errormessage);
}
$trycount++;
} while ($tryagain);
return;
}
function render()
{
global $wgOut, $wgExtensionsPath;
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$this->templateData['loginToken'] = LoginForm::getLoginToken();
$wgOut->addStyle("{$wgExtensionsPath}/wikia/Piggyback/Piggyback.css");
$html = (new Wikia\Template\PHPEngine())->setData($this->templateData)->render(dirname(__FILE__) . '/templates/Piggyback_form.php');
$wgOut->addHtml($html);
}
public static function afterAjaxLoginHTML(&$html)
{
$tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/');
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$tmpl->set("loginToken", LoginForm::getLoginToken());
$tmpl->set("fbButtton", FBConnect::getFBButton("sendToConnectOnLoginForSpecificForm();", "fbPrefsConnect"));
$html = $tmpl->execute('ajaxLoginMerge');
return true;
}
public function execute()
{
wfSetupSession();
$Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $Token = null;
extract($this->extractRequestParams());
if (!empty($Loginattempt)) {
// Login attempt
$params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $Token));
$result = array();
$loginForm = new LoginForm($params);
switch ($loginForm->authenticateUserData()) {
case LoginForm::RESET_PASS:
$result['result'] = 'Reset';
break;
case LoginForm::SUCCESS:
global $wgUser, $wgCookiePrefix;
$wgUser->setOption('rememberpassword', $Remember ? 1 : 0);
$wgUser->setCookies();
$result['result'] = 'Success';
$result['lguserid'] = intval($wgUser->getId());
$result['lgusername'] = $wgUser->getName();
$result['lgtoken'] = $wgUser->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
$result['text'] = wfMsg('noname');
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
$result['text'] = wfMsg('noname');
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
$result['text'] = wfMsg('wrongpassword');
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
$result['text'] = wfMsg('al-nosuchuser', htmlspecialchars($Name));
break;
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
$result['text'] = wfMsg('wrongpassword');
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
$result['text'] = wfMsg('wrongpasswordempty');
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['text'] = wfMsg('al-createblocked');
break;
case LoginForm::THROTTLED:
global $wgPasswordAttemptThrottle, $wgLang;
$result['result'] = 'Throttled';
$result['text'] = wfMsgExt('al-throttled', 'parsemag', $wgLang->formatNum(intval($wgPasswordAttemptThrottle['seconds'])));
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
break;
default:
ApiBase::dieDebug(__METHOD__, 'Unhandled case value');
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
} elseif (!empty($Mailmypassword)) {
// Remind password attempt
$params = new FauxRequest(array('wpName' => $Name));
$result = array();
$loginForm = new LoginForm($params);
global $wgUser, $wgAuth;
if (!$wgAuth->allowPasswordChange()) {
$result['result'] = 'resetpass_forbidden';
$result['text'] = wfMsg('resetpass_forbidden');
} elseif ($wgUser->isBlocked()) {
$result['result'] = 'blocked-mailpassword';
$result['text'] = wfMsg('blocked-mailpassword');
} elseif ('' == $loginForm->mName) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} else {
$u = User::newFromName($loginForm->mName);
if (is_null($u)) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} elseif (0 == $u->getID()) {
$result['result'] = 'nosuchuser';
$result['text'] = wfMsg('al-nosuchuser', $u->getName());
} elseif ($u->isPasswordReminderThrottled()) {
global $wgPasswordReminderResendTime;
$result['result'] = 'throttled-mailpassword';
$result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3));
} else {
$res = $loginForm->mailPasswordInternal($u, true);
if (WikiError::isError($res)) {
$result['result'] = 'mailerror';
$result['text'] = wfMsg('mailerror', $res->getMessage());
} else {
$result['result'] = 'OK';
$result['text'] = wfMsg('passwordsent', $u->getName());
}
}
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
}
}