/** * The user is logged in to MediaWiki but not Facebook. * No Facebook user is associated with this MediaWiki account. * * TODO: Facebook login button causes a post to a Special:Connect/ConnectUser or something */ private function loginToFacebookView() { global $wgOut, $wgSitename, $wgUser; $loginFormWidth = 400; // pixels $fb_ids = FacebookDB::getFacebookIDs($wgUser); $this->outputHeader(); $html = ' <div id="userloginForm"> <form style="width: ' . $loginFormWidth . 'px;">' . "\n"; if (!count($fb_ids)) { // This message was added recently and might not be translated // In that case, fall back to an older, similar message $formTitle = wfMsg('facebook-merge-title'); // This test probably isn't correct. I'm open to ideas if ($formTitle == "<facebook-merge-title>") { $formTitle = wfMsg('login'); } $html .= '<h2>' . $formTitle . "</h2>\n"; $formText = wfMsg('facebook-merge-text', $wgSitename); // This test probably isn't correct. I'm open to ideas if ($formText == "<facebook-merge-text>") { $formText = wfMsg('facebook-merge'); } $html .= '<p>' . $formText . "<br/><br/></p>\n"; } else { $html .= '<h2>' . wfMsg('login') . "</h2>\n"; // User is already connected to a Facebook account. Send a page asking // them to log in to one of their (possibly several) Facebook accounts // For now, scold them for trying to log in to a connected account // TODO $html .= '<p>' . wfMsg('facebook-connect-text') . "<br/><br/></p>\n"; } // Compatiblity with MW < 1.18 global $wgVersion; if (version_compare($wgVersion, '1.18', '>=')) { $skin = $this->getSkin(); } else { global $wgUser; $skin = $wgUser->getSkin(); } $html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n"; // Add a pretty Like box to entice the user to log in $html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>'; $html .= ' </form> </div>'; $wgOut->addHTML($html); // TODO: Add a returnto link }
/** * We need to override the password checking so that Facebook users can * reset their passwords and give themselves a valid password to log in * without Facebook. This only works if the user specifies a blank password * and hasn't already given themselves one. * * To that effect, you may want to modify the 'resetpass-wrong-oldpass' msg. * * Before version 1.14, MediaWiki used Special:Preferences to reset * passwords instead of Special:ChangePassword, so this hook won't get * called and Facebook users won't be able to give themselves a password * unless they request one over email. * * TODO: A potential security flaw is exposed for users who run untrusted * JavaScript code. Because no password exists, JavaScript could set a new * password without the user's knowledge. To guard against this, we need to * send the user an email and preemptively generate a password reset token. */ public static function UserComparePasswords($hash, $password, $userId, &$result) { global $wgUser; // Only override if no password exists and the old password ($hash) is blank if ($hash == '' && $password == '' && $userId) { // Only check for password on Special:ChangePassword // TODO: should we use RequestContext::getMain()->getTitle() instead? $title = $wgUser->getSkin()->getTitle(); if ($title instanceof Title && $title->isSpecial('Resetpass') || $title->isSpecial('ChangePassword')) { // Check to see if the MediaWiki user has connected via Facebook // before. For a more strict check, we could check if the user // is currently logged in to Facebook $user = User::newFromId($userId); $fb_ids = FacebookDB::getFacebookIDs($user); if (count($fb_ids) && $fb_ids[0]) { $result = true; return false; // to override internal check } } } return true; }
/** * Generates a unique username for a wiki account based on the prefix specified * in the message 'facebook-usernameprefix'. The number appended is equal to * the number of Facebook Connect to user ID associations in the user_fbconnect * table, so quite a few numbers will be skipped. However, this approach is * more scalable. For smaller wiki installations, uncomment the line $i = 1 to * have consecutive usernames starting at 1. */ static function generateUserName() { // Because $i is incremented the first time through the while loop $i = FacebookDB::countUsers(); // rough estimate $max = $i + 100; while ($i < PHP_INT_MAX && $i < $max) { $name = self::getUserNamePrefix() . $i; if (FacebookUser::userNameOK($name)) { return $name; } ++$i; } return $prefix; }