/**
* The user is logged in to MediaWiki but not Facebook.
* No Facebook user is associated with this MediaWiki account.
*
* TODO: Facebook login button causes a post to a Special:Connect/ConnectUser or something
*/
private function loginToFacebookView()
{
global $wgOut, $wgSitename, $wgUser;
$loginFormWidth = 400;
// pixels
$fb_ids = FacebookDB::getFacebookIDs($wgUser);
$this->outputHeader();
$html = '
<div id="userloginForm">
<form style="width: ' . $loginFormWidth . 'px;">' . "\n";
if (!count($fb_ids)) {
// This message was added recently and might not be translated
// In that case, fall back to an older, similar message
$formTitle = wfMsg('facebook-merge-title');
// This test probably isn't correct. I'm open to ideas
if ($formTitle == "<facebook-merge-title>") {
$formTitle = wfMsg('login');
}
$html .= '<h2>' . $formTitle . "</h2>\n";
$formText = wfMsg('facebook-merge-text', $wgSitename);
// This test probably isn't correct. I'm open to ideas
if ($formText == "<facebook-merge-text>") {
$formText = wfMsg('facebook-merge');
}
$html .= '<p>' . $formText . "<br/><br/></p>\n";
} else {
$html .= '<h2>' . wfMsg('login') . "</h2>\n";
// User is already connected to a Facebook account. Send a page asking
// them to log in to one of their (possibly several) Facebook accounts
// For now, scold them for trying to log in to a connected account
// TODO
$html .= '<p>' . wfMsg('facebook-connect-text') . "<br/><br/></p>\n";
}
// Compatiblity with MW < 1.18
global $wgVersion;
if (version_compare($wgVersion, '1.18', '>=')) {
$skin = $this->getSkin();
} else {
global $wgUser;
$skin = $wgUser->getSkin();
}
$html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n";
// Add a pretty Like box to entice the user to log in
$html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>';
$html .= '
</form>
</div>';
$wgOut->addHTML($html);
// TODO: Add a returnto link
}
/**
* We need to override the password checking so that Facebook users can
* reset their passwords and give themselves a valid password to log in
* without Facebook. This only works if the user specifies a blank password
* and hasn't already given themselves one.
*
* To that effect, you may want to modify the 'resetpass-wrong-oldpass' msg.
*
* Before version 1.14, MediaWiki used Special:Preferences to reset
* passwords instead of Special:ChangePassword, so this hook won't get
* called and Facebook users won't be able to give themselves a password
* unless they request one over email.
*
* TODO: A potential security flaw is exposed for users who run untrusted
* JavaScript code. Because no password exists, JavaScript could set a new
* password without the user's knowledge. To guard against this, we need to
* send the user an email and preemptively generate a password reset token.
*/
public static function UserComparePasswords($hash, $password, $userId, &$result)
{
global $wgUser;
// Only override if no password exists and the old password ($hash) is blank
if ($hash == '' && $password == '' && $userId) {
// Only check for password on Special:ChangePassword
// TODO: should we use RequestContext::getMain()->getTitle() instead?
$title = $wgUser->getSkin()->getTitle();
if ($title instanceof Title && $title->isSpecial('Resetpass') || $title->isSpecial('ChangePassword')) {
// Check to see if the MediaWiki user has connected via Facebook
// before. For a more strict check, we could check if the user
// is currently logged in to Facebook
$user = User::newFromId($userId);
$fb_ids = FacebookDB::getFacebookIDs($user);
if (count($fb_ids) && $fb_ids[0]) {
$result = true;
return false;
// to override internal check
}
}
}
return true;
}
/**
* Generates a unique username for a wiki account based on the prefix specified
* in the message 'facebook-usernameprefix'. The number appended is equal to
* the number of Facebook Connect to user ID associations in the user_fbconnect
* table, so quite a few numbers will be skipped. However, this approach is
* more scalable. For smaller wiki installations, uncomment the line $i = 1 to
* have consecutive usernames starting at 1.
*/
static function generateUserName()
{
// Because $i is incremented the first time through the while loop
$i = FacebookDB::countUsers();
// rough estimate
$max = $i + 100;
while ($i < PHP_INT_MAX && $i < $max) {
$name = self::getUserNamePrefix() . $i;
if (FacebookUser::userNameOK($name)) {
return $name;
}
++$i;
}
return $prefix;
}