public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
}
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
}
$params = $this->extractRequestParams();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
$this->dieUsage('Invalid language parameter', 'langinvalid');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
if ($params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'NeedToken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
$this->dieStatus($status);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'Warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
ApiResult::setIndexedTagName($warning['params'], 'param');
}
ApiResult::setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'Success';
}
// Give extensions a chance to modify the API result data
Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
$apiResult->addValue(null, 'createaccount', $result);
}
public function execute()
{
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
// If we showed up language selection links, and one was in use, be
// smart (and sensible) and save that language as the user's preference
global $wgLoginLanguageSelector, $wgEmailAuthentication;
if ($wgLoginLanguageSelector && $params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'needtoken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
// Cannot use dieUsageMsg() directly because extensions
// might return custom error messages.
$errors = $status->getErrorsArray();
if ($errors[0] instanceof Message) {
$code = 'aborted';
$desc = $errors[0];
} else {
$code = array_shift($errors[0]);
$desc = wfMessage($code, $errors[0]);
}
$this->dieUsage($desc, $code);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
$apiResult->setIndexedTagName($warning['params'], 'param');
}
$apiResult->setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'success';
}
$apiResult->addValue(null, 'createaccount', $result);
}
