/**
* Actually add a user to the database.
* Give it a User object that has been initialised with a name.
*
* This is a custom version of similar code in SpecialUserLogin's LoginForm with differences
* due to the fact that this code doesn't require a password, etc.
*
* @param $u User object.
* @param $autocreate boolean -- true if this is an autocreation via auth plugin
* @return User object.
* @private
*/
function initUser($u, $autocreate)
{
global $wgAuth, $wgExternalAuthType;
if ($wgExternalAuthType) {
$u = ExternalUser::addUser($u, $this->mPassword, $this->mEmail, $this->mRealName);
if (is_object($u)) {
$this->mExtUser = ExternalUser::newFromName($this->mName);
}
} else {
$u->addToDatabase();
}
// No passwords for FBConnect accounts
//if ( $wgAuth->allowPasswordChange() ) {
// $u->setPassword( $this->mPassword );
//}
$u->setEmail($this->mEmail);
$u->setRealName($this->mRealName);
$u->setToken();
$wgAuth->initUser($u, $autocreate);
if (is_object($this->mExtUser)) {
$this->mExtUser->linkToLocal($u->getId());
$email = $this->mExtUser->getPref('emailaddress');
if ($email && !$this->mEmail) {
$u->setEmail($email);
}
}
//$u->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 );
$u->setOption('marketingallowed', $this->mMarketingOptIn ? 1 : 0);
$u->setOption('skinoverwrite', 1);
$u->saveSettings();
# Update user count
$ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1);
$ssUpdate->doUpdate();
return $u;
}
/**
* @throws FacebookUserException
*/
function createUser($username, $domain = '')
{
global $wgUser, $wgAuth;
// Make sure we're not stealing an existing user account (it can't hurt to check twice)
if (empty($username) || !FacebookUser::userNameOK($username)) {
wfDebug("Facebook: Name not OK: '{$username}'\n");
// TODO: Provide an error message that explains that they need to pick a name or the name is taken.
throw new FacebookUserException('connectNewUserView', 'facebook-invalidname');
}
/// START OF TYPICAL VALIDATIONS AND RESTRICTIONS ON ACCOUNT-CREATION. ///
// Check the restrictions again to make sure that the user can create this account.
if (wfReadOnly()) {
// Indicate readOnlyPage error
throw new FacebookUserException('readonlypage', null);
}
global $wgFbDisableLogin;
if (empty($wgFbDisableLogin)) {
// These two permissions don't apply in $wgFbDisableLogin mode because
// then technically no users can create accounts
if ($wgUser->isBlockedFromCreateAccount()) {
wfDebug("Facebook: Blocked user was attempting to create account via Facebook Connect.\n");
throw new FacebookUserException('facebook-error', 'facebook-errortext');
} else {
$titleObj = SpecialPage::getTitleFor('Connect');
$permErrors = $titleObj->getUserPermissionsErrors('createaccount', $wgUser, true);
if (count($permErrors) > 0) {
// Special case for permission errors
throw new FacebookUserException($permErrors, 'createaccount');
}
}
}
// If we are not allowing users to login locally, we should be checking
// to see if the user is actually able to authenticate to the authenti-
// cation server before they create an account (otherwise, they can
// create a local account and login as any domain user). We only need
// to check this for domains that aren't local.
if ($domain != '' && $domain != 'local' && !$wgAuth->canCreateAccounts() && !$wgAuth->userExists($username)) {
throw new FacebookUserException('facebook-error', 'wrongpassword');
}
// IP-blocking (and open proxy blocking) protection from SpecialUserLogin
global $wgEnableSorbs, $wgProxyWhitelist;
$ip = wfGetIP();
if ($wgEnableSorbs && !in_array($ip, $wgProxyWhitelist) && $wgUser->inSorbsBlacklist($ip)) {
throw new FacebookUserException('facebook-error', 'sorbs_create_account_reason');
}
// Run a hook to let custom forms make sure that it is okay to proceed with
// processing the form. This hook should only check preconditions and should
// not store values. Values should be stored using the hook at the bottom of
// this function. Can use 'this' to call
// sendPage('chooseNameFormView', 'SOME-ERROR-MSG-CODE-HERE') if some of the
// preconditions are invalid.
#if (!wfRunHooks( 'SpecialConnect::createUser::validateForm', array( &$this ) )) {
# return;
#}
$user = User::newFromName($username);
if (!$user) {
wfDebug("Facebook: Error creating new user.\n");
throw new FacebookUserException('facebook-error', 'facebook-error-creating-user');
}
// TODO: Make user a Facebook user here: $fbUser = new FacebookUser($user);
// Let extensions abort the account creation.
// NOTE: Currently this is commented out because it seems that most wikis might have a
// handful of restrictions that won't be needed on Facebook Connections. For instance,
// requiring a CAPTCHA or age-verification, etc. Having a Facebook account as a pre-
// requisite removes the need for that.
/*
$abortError = '';
if( !wfRunHooks( 'AbortNewAccount', array( $user, &$abortError ) ) ) {
// Hook point to add extra creation throttles and blocks
wfDebug( "SpecialConnect::createUser: a hook blocked creation\n" );
throw new FacebookUserException('facebook-error', 'facebook-error-user-creation-hook-aborted',
array( $abortError ));
}
*/
// Apply account-creation throttles
global $wgAccountCreationThrottle, $wgMemc;
if ($wgAccountCreationThrottle && $wgUser->isPingLimitable()) {
$key = wfMemcKey('acctcreate', 'ip', $ip);
$value = $wgMemc->get($key);
if (!$value) {
$wgMemc->set($key, 0, 86400);
}
if ($value >= $wgAccountCreationThrottle) {
// 'acct_creation_throttle_hit' should actually use 'parseinline' not 'parse' in $wgOut->showErrorPage()
throw new FacebookUserException('facebook-error', 'acct_creation_throttle_hit', array($wgAccountCreationThrottle));
}
$wgMemc->incr($key);
}
/// END OF TYPICAL VALIDATIONS AND RESTRICTIONS ON ACCOUNT-CREATION. ///
// Fill in the info we know
$userinfo = $this->getUserInfo();
$email = FacebookUser::getOptionFromInfo('email', $userinfo);
$realName = FacebookUser::getOptionFromInfo('fullname', $userinfo);
$pass = '';
// Create the account (locally on main cluster or via $wgAuth on other clusters)
// $wgAuth essentially checks to see if these are valid parameters for new users
if (!$wgAuth->addUser($user, $pass, $email, $realName)) {
wfDebug("Facebook: Error adding new user to database.\n");
throw new FacebookUserException('facebook-error', 'facebook-errortext');
}
// Add the user to the local database (regardless of whether $wgAuth was used)
// This is a custom version of similar code in SpecialUserLogin's LoginForm
// with differences due to the fact that this code doesn't require a password, etc.
global $wgExternalAuthType;
if ($wgExternalAuthType) {
$user = ExternalUser::addUser($user, $pass, $email, $realName);
if (is_object($user)) {
$extUser = ExternalUser::newFromName($username);
$extUser->linkToLocal($user->getId());
$extEmail = $extUser->getPref('emailaddress');
if (!empty($extEmail) && empty($email)) {
$user->setEmail($extEmail);
}
}
} else {
$user->addToDatabase();
}
// Attach the user to their Facebook account in the database.
// This must be done up here, because somewhere after this (I'm not too
// sure where) the data must be in the database before copy-to-local is
// done for shared setups.
FacebookDB::addFacebookID($user, $this->id);
$this->user = $user;
$wgAuth->initUser($this->user, true);
// $autocreate == true
$wgAuth->updateUser($this->user);
// No passwords for Facebook accounts.
/*
if ( $wgAuth->allowPasswordChange() ) {
$this->user->setPassword( $pass );
}
*/
// Store which fields should be auto-updated from Facebook when the user logs in.
global $wgRequest;
$updateFormPrefix = 'wpUpdateUserInfo';
foreach (self::$availableUserUpdateOptions as $option) {
if ($wgRequest->getVal($updateFormPrefix . $option, '') != '') {
$user->setOption("facebook-update-on-login-{$option}", 1);
} else {
$user->setOption("facebook-update-on-login-{$option}", 0);
}
}
// Process the FacebookPushEvent preference checkboxes if Push Events are enabled
global $wgFbEnablePushToFacebook;
if (!empty($wgFbEnablePushToFacebook)) {
global $wgFbPushEventClasses;
if (!empty($wgFbPushEventClasses)) {
foreach ($wgFbPushEventClasses as $pushEventClassName) {
$pushObj = new $pushEventClassName();
$className = get_class();
$prefName = $pushObj->getUserPreferenceName();
$this->user->setOption($prefName, $wgRequest->getCheck($prefName) ? '1' : '0');
}
}
// Save the preference for letting user select to never send anything to their newsfeed
$prefName = FacebookPushEvent::$PREF_TO_DISABLE_ALL;
$this->user->setOption($prefName, $wgRequest->getCheck($prefName) ? '1' : '0');
}
// I think this should be done here
$this->user->setToken();
// This is done via login()
#$this->user->saveSettings();
// Log the user in
$this->login();
// Update user count
$ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1);
$ssUpdate->doUpdate();
wfRunHooks('AddNewAccount', array($this->user));
// Allow custom form processing to store values since this form submission was successful.
// This hook should not fail on invalid input, instead check the input using the SpecialConnect::createUser::validateForm hook above.
#wfRunHooks( 'SpecialConnect::createUser::postProcessForm', array( &$this ) );
$wgUser->addNewUserLogEntryAutoCreate();
}
public function initUser($u, $autocreate, $createTempUser = true)
{
global $wgAuth, $wgExternalAuthType;
// for FBconnect we don't want to create temp users
if ($createTempUser === false) {
return parent::initUser($u, $autocreate);
}
// add TempUser, update User object, set TempUser session
$tempUser = TempUser::createNewFromUser($u, $this->mReturnTo);
if ($wgExternalAuthType) {
$u = ExternalUser::addUser($u, "", "", "");
if (is_object($u)) {
$this->mExtUser = ExternalUser::newFromName($this->mUsername);
}
} else {
$u->addToDatabase();
}
$u->setToken();
$wgAuth->initUser($u, $autocreate);
if (is_object($this->mExtUser)) {
$this->mExtUser->linkToLocal($u->getId());
}
$u->setOption('rememberpassword', $this->mRemember ? 1 : 0);
$u->setOption('marketingallowed', $this->mMarketingOptIn ? 1 : 0);
if ($this->mLanguage) {
$u->setOption('language', $this->mLanguage);
}
$u->setOption('skinoverwrite', 1);
$u->setPassword($this->mPassword);
$tempUser->setPassword($u->mPassword);
$tempUser->setId($u->getId());
$tempUser->addToDatabase();
wfRunHooks('AddNewAccountTempUser', array($u, false));
$tempUser->saveSettingsTempUserToUser($u);
$tempUser->setTempUserSession();
return $u;
}
/**
* Actually add a user to the database.
* Give it a User object that has been initialised with a name.
*
* @param $oUser User object.
* @param $autocreate boolean -- true if this is an autocreation via auth plugin
* @return User object.
* @private
*/
function initUser($oUser, $autocreate)
{
global $wgAuth, $wgExternalAuthType;
wfProfileIn(__METHOD__);
$oExtUser = null;
if ($wgExternalAuthType) {
$oUser = ExternalUser::addUser($oUser, $this->mPassword, $this->mEmail, "");
if (is_object($oUser)) {
$oExtUser = ExternalUser::newFromName($this->mUsername);
}
} else {
$oUser->addToDatabase();
}
if ($wgAuth->allowPasswordChange()) {
$oUser->setPassword($this->mPassword);
}
$oUser->setEmail($this->mEmail);
$oUser->setToken();
$wgAuth->initUser($oUser, $autocreate);
if (is_object($oExtUser)) {
$oExtUser->linkToLocal($oUser->getId());
$email = $oExtUser->getPref('emailaddress');
if ($email && !$this->mEmail) {
$oUser->setEmail($email);
}
}
$oUser->setOption('rememberpassword', isset($this->mRemember) ? 1 : 0);
$oUser->setOption('marketingallowed', isset($this->mMarketing) ? 1 : 0);
$oUser->setOption('skinoverwrite', 1);
$oUser->saveSettings();
# Update user count
$ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1);
$ssUpdate->doUpdate();
wfProfileOut(__METHOD__);
return $oUser;
}
