/** * This view is sent when $wgFbDisableLogin is true. In this case, the user * must be logged in to Facebook to view the wiki, so we present a single * login button. */ private function exclusiveLoginToFacebookView() { global $wgOut, $wgSitename, $wgUser; $loginFormWidth = 400; // pixels $this->outputHeader(); $html = ' <div id="userloginForm"> <form style="width: ' . $loginFormWidth . 'px;"> <h2>' . wfMsg('userlogin') . '</h2> <p>' . wfMsg('facebook-only-text', $wgSitename) . '<br/><br/></p>' . "\n"; // Compatiblity with MW < 1.18 global $wgVersion; if (version_compare($wgVersion, '1.18', '>=')) { $skin = $this->getSkin(); } else { global $wgUser; $skin = $wgUser->getSkin(); } $html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n"; // Add a pretty Like box to entice the user to log in $html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>'; $html .= ' </form> </div>'; $wgOut->addHTML($html); }
/** * Adds several Facebook variables to the page: */ public static function ResourceLoaderGetConfigVars(&$vars) { global $wgRequest, $wgVersion, $wgFbAppId, $wgFbSocialPlugins, $wgFbStreamlineLogin, $wgUser; /* // Disabled (ext.facebook.js still uses wgPageName, but not wgPageQuery) if (!isset($vars['wgPageQuery'])) { $query = $wgRequest->getValues(); if (isset($query['title'])) { unset($query['title']); } $vars['wgPageQuery'] = wfUrlencode( wfArrayToCGI( $query ) ); } */ $vars['fbScript'] = self::getFbScript(); $vars['fbAppId'] = $wgFbAppId; $vars['fbUseXFBML'] = $wgFbSocialPlugins; $vars['fbUseAjax'] = $wgFbStreamlineLogin; if ($wgUser->isLoggedIn()) { global $facebook; $ids = FacebookDB::getFacebookIDs($wgUser); // If the user is logged in, let the JavaScript code know who the // account belongs to. The primary reason for this is so that if a // user logs in to Facebook with a different account, we can show // the "facebooklogoutandcontinue" form. // // Previously, if the user was logged in and had a valid Facebook // session, we would skip this step with the mentality that it was // unnecessary as the JavaScript code would obviously already know // the Facebook ID. However, this created a problem that can be // reproduced as follows: // 1. Log in to MediaWiki with a valid Facebook session // 2. In another tab, log out of Facebook and then log in again // as the same user, creating a different session // 3. Now reload the MediaWiki page. The server will see a valid // session and skip the fbId variable. However, the client // will fire the Facebook Login event because a new session // was picked up, even though the user was also logged in the // last time the page loaded. // Now, because the JavaScript can't find the fbId variable, it // assumes that the MediaWiki account isn't connected to a Facebook // account and shows the "facebookmergeaccount" form. However, when // this form is retrieved, the new session is synchronized to the // server and the AJAX request is invalid because you can't merge // an account that is already connected to a Facebook user. // // In and of itself, we skip this extra check and always include // the fbId variable. // // There must be a prize for finding bugs like this one. Because // seriously, I deserve it. if (count($ids)) { $vars['fbId'] = strval($ids[0]); } } $scope = FacebookAPI::getPermissions(); if (!empty($scope)) { $vars['fbScope'] = $scope; } return true; }
/** * Helper function to create name-value pairs from the list of attributes passed to the * parser hook. */ static function implodeAttrs($args) { $attrs = ''; // The default action is to strip all event handlers and allow the tag foreach ($args as $name => $value) { // Disable all event handlers (e.g. onClick, onLogin) if (substr($name, 0, 2) == 'on') { continue; } // Render perms="auto" and scope="auto" with the correct permissions // TODO: allow fields param to be "auto" for <fb:registration> if (($name == 'perms' || $name == 'scope') && $value == 'auto') { $value = FacebookAPI::getPermissions(); } // Otherwise, pass the attribute through htmlspecialchars unmodified $attrs .= " {$name}=\"" . htmlspecialchars($value) . '"'; } return $attrs; }