/**
* Main execution point
*/
function execute($par)
{
global $wgAuth;
$this->checkReadOnly();
$request = $this->getRequest();
$this->mUserName = trim($request->getVal('wpName'));
$this->mOldpass = $request->getVal('wpPassword');
$this->mNewpass = $request->getVal('wpNewPassword');
$this->mRetype = $request->getVal('wpRetype');
$this->mDomain = $request->getVal('wpDomain');
$this->setHeaders();
$this->outputHeader();
$this->getOutput()->disallowUserJs();
$user = $this->getUser();
if (!$user->isLoggedIn() && !LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
if (!$request->wasPosted() && !$user->isLoggedIn()) {
$this->error($this->msg('resetpass-no-info')->text());
return;
}
if ($request->wasPosted() && $request->getBool('wpCancel')) {
$this->doReturnTo();
return;
}
if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) {
try {
if (isset($_SESSION['wsDomain'])) {
$this->mDomain = $_SESSION['wsDomain'];
}
$wgAuth->setDomain($this->mDomain);
if (!$wgAuth->allowPasswordChange()) {
$this->error($this->msg('resetpass_forbidden')->text());
return;
}
if (!$user->isLoggedIn() && $request->getVal('wpLoginOnChangeToken') !== LoginForm::getLoginToken()) {
// Potential CSRF (bug 62497)
$this->error($this->msg('sessionfailure')->text());
return false;
}
$this->attemptReset($this->mNewpass, $this->mRetype);
$this->getOutput()->addWikiMsg('resetpass_success');
if (!$user->isLoggedIn()) {
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $request->getVal('returnto'));
if ($request->getCheck('wpRemember')) {
$data['wpRemember'] = 1;
}
$login = new LoginForm(new FauxRequest($data, true));
$login->setContext($this->getContext());
$login->execute(null);
}
$this->doReturnTo();
} catch (PasswordError $e) {
$this->error($e->getMessage());
}
}
$this->showForm();
}
/**
* Main execution point
*/
function execute($par)
{
global $wgUser, $wgAuth, $wgOut, $wgRequest;
if (wfReadOnly()) {
$wgOut->readOnlyPage();
return;
}
$this->mUserName = $wgRequest->getVal('wpName');
$this->mOldpass = $wgRequest->getVal('wpPassword');
$this->mNewpass = $wgRequest->getVal('wpNewPassword');
$this->mRetype = $wgRequest->getVal('wpRetype');
$this->mDomain = $wgRequest->getVal('wpDomain');
$this->setHeaders();
$this->outputHeader();
$wgOut->disallowUserJs();
if (!$wgRequest->wasPosted() && !$wgUser->isLoggedIn()) {
$this->error(wfMsg('resetpass-no-info'));
return;
}
if ($wgRequest->wasPosted() && $wgRequest->getBool('wpCancel')) {
$this->doReturnTo();
return;
}
if ($wgRequest->wasPosted() && $wgUser->matchEditToken($wgRequest->getVal('token'))) {
try {
if (isset($_SESSION['wsDomain'])) {
$this->mDomain = $_SESSION['wsDomain'];
}
$wgAuth->setDomain($this->mDomain);
if (!$wgAuth->allowPasswordChange()) {
$this->error(wfMsg('resetpass_forbidden'));
return;
}
$this->attemptReset($this->mNewpass, $this->mRetype);
$wgOut->addWikiMsg('resetpass_success');
if (!$wgUser->isLoggedIn()) {
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $wgRequest->getVal('returnto'));
if ($wgRequest->getCheck('wpRemember')) {
$data['wpRemember'] = 1;
}
$login = new LoginForm(new FauxRequest($data, true));
$login->execute(null);
}
$this->doReturnTo();
} catch (PasswordError $e) {
$this->error($e->getMessage());
}
}
$this->showForm();
}
/**
* Main execution point
*/
function execute($par)
{
global $wgAuth;
$this->setHeaders();
$this->outputHeader();
$this->getOutput()->disallowUserJs();
$request = $this->getRequest();
$this->mUserName = trim($request->getVal('wpName'));
$this->mOldpass = $request->getVal('wpPassword');
$this->mNewpass = $request->getVal('wpNewPassword');
$this->mRetype = $request->getVal('wpRetype');
$this->mDomain = $request->getVal('wpDomain');
$user = $this->getUser();
if (!$request->wasPosted() && !$user->isLoggedIn()) {
$this->error($this->msg('resetpass-no-info')->text());
return;
}
if ($request->wasPosted() && $request->getBool('wpCancel')) {
$this->doReturnTo();
return;
}
$this->checkReadOnly();
if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) {
try {
$this->mDomain = $wgAuth->getDomain();
if (!$wgAuth->allowPasswordChange()) {
$this->error($this->msg('resetpass_forbidden')->text());
return;
}
$this->attemptReset($this->mNewpass, $this->mRetype);
if ($user->isLoggedIn()) {
$this->doReturnTo();
} else {
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery');
$login = new LoginForm(new FauxRequest($data, true));
$login->setContext($this->getContext());
$login->execute(null);
}
return;
} catch (PasswordError $e) {
$this->error($e->getMessage());
}
}
$this->showForm();
}
/**
* Get a login token
*
* @return string loginToken
*/
public static function getLoginToken()
{
if (!LoginForm::getLoginToken()) {
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
LoginForm::setLoginToken();
}
return LoginForm::getLoginToken();
}
public function onSuccess()
{
if ($this->getUser()->isLoggedIn()) {
$this->getOutput()->wrapWikiMsg("<div class=\"successbox\">\n\$1\n</div>", 'changepassword-success');
$this->getOutput()->returnToMain();
} else {
$request = $this->getRequest();
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery');
$login = new LoginForm(new DerivativeRequest($request, $data, true));
$login->setContext($this->getContext());
$login->execute(null);
}
}
/**
* Generates a template with the login form and registration form already filled into
* it and other settings populated as well. This template can then be executed with
* different EasyTemplates to give different results such as one view for ajax dialogs
* and one view for standalone pages (such as Special:Signup).
*/
public static function getTemplateForCombinedForms($static = false, $lastmsg = "", &$ajaxLoginForm = "")
{
global $wgRequest;
// Setup the data for the templates, similar to GetComboAjaxLogin.
if (session_id() == '') {
wfSetupSession();
}
// TODO: Invstigate why this was here.
//if ($wgRequest->getCheck( 'wpCreateaccount' )) {
// return "error";
//}
$tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/');
$response = new AjaxResponse();
$type = $wgRequest->getVal('type', '');
if (!wfReadOnly()) {
if (empty($ajaxLoginForm)) {
$ajaxLoginForm = new AjaxLoginForm($wgRequest);
}
$ajaxLoginForm->execute($type);
if (!empty($ajaxLoginForm->ajaxTemplate)) {
$lastmsg = $ajaxLoginForm->ajaxTemplate->data['message'];
$tmpl->set('message', $ajaxLoginForm->ajaxTemplate->data['message']);
$tmpl->set('messagetype', $ajaxLoginForm->ajaxTemplate->data['messagetype']);
}
$tmpl->set("registerAjax", $ajaxLoginForm->ajaxRender());
}
$isReadOnly = wfReadOnly() ? 1 : 0;
$tmpl->set("isReadOnly", $isReadOnly);
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$tmpl->set("loginToken", LoginForm::getLoginToken());
if (!LoginForm::getCreateaccountToken()) {
LoginForm::setCreateaccountToken();
}
$tmpl->set("createToken", LoginForm::getCreateaccountToken());
// Use the existing settings to generate the login portion of the form, which will then
// be fed back into the bigger template in this case (it is not always fed into ComboAjaxLogin template).
$returnto = $wgRequest->getVal('returnto', '');
if (!($returnto == '')) {
$returnto = "&returnto=" . wfUrlencode($returnto);
}
$returntoquery = $wgRequest->getVal('returntoquery', '');
if (!($returntoquery == '')) {
$returntoquery = "&returntoquery=" . wfUrlencode($returntoquery);
}
$loginaction = Skin::makeSpecialUrl('Signup', "type=login&action=submitlogin" . $returnto . $returntoquery);
$signupaction = Skin::makeSpecialUrl('Signup', "type=signup" . $returnto . $returntoquery);
$tmpl->set("loginaction", $loginaction);
$tmpl->set("signupaction", $signupaction);
$tmpl->set("loginerror", $lastmsg);
$tmpl->set("actiontype", $type);
$tmpl->set("showRegister", false);
$tmpl->set("showLogin", false);
if ($static) {
if (strtolower($type) == "login") {
$tmpl->set("showLogin", true);
} else {
if (!$isReadOnly) {
$tmpl->set("showRegister", true);
}
}
}
$tmpl->set("ajaxLoginComponent", $tmpl->render('AjaxLoginComponent'));
return $tmpl;
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
return;
}
$params = $this->extractRequestParams();
$result = array();
// Make sure session is persisted
$session = MediaWiki\Session\SessionManager::getGlobalSession();
$session->persist();
// Make sure it's possible to log in
if (!$session->canSetUser()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))));
return;
}
$authRes = false;
$context = new DerivativeContext($this->getContext());
$loginType = 'N/A';
// Check login token
$token = LoginForm::getLoginToken();
if (!$token) {
LoginForm::setLoginToken();
$authRes = LoginForm::NEED_TOKEN;
} elseif (!$params['token']) {
$authRes = LoginForm::NEED_TOKEN;
} elseif ($token !== $params['token']) {
$authRes = LoginForm::WRONG_TOKEN;
}
// Try bot passwords
if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
$status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
if ($status->isOk()) {
$session = $status->getValue();
$authRes = LoginForm::SUCCESS;
$loginType = 'BotPassword';
} else {
LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText());
}
}
// Normal login
if ($authRes === false) {
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
$loginType = 'LoginForm';
}
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
// @todo: These are deprecated, and should be removed at some
// point (1.28 at the earliest, and see T121527). They were ok
// when the core cookie-based login was the only thing, but
// CentralAuth broke that a while back and
// SessionManager/AuthManager are *really* going to break it.
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = LoginForm::getLoginToken();
// @todo: See above about deprecation
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$throttle = $this->getConfig()->get('PasswordAttemptThrottle');
$result['wait'] = intval($throttle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes]));
}
/**
* Main execution point
*/
function execute( $par ) {
global $wgAuth;
$this->setHeaders();
$this->outputHeader();
$this->getOutput()->disallowUserJs();
$request = $this->getRequest();
$this->mUserName = trim( $request->getVal( 'wpName' ) );
$this->mOldpass = $request->getVal( 'wpPassword' );
$this->mNewpass = $request->getVal( 'wpNewPassword' );
$this->mRetype = $request->getVal( 'wpRetype' );
$this->mDomain = $request->getVal( 'wpDomain' );
$user = $this->getUser();
if ( !$user->isLoggedIn() && !LoginForm::getLoginToken() ) {
LoginForm::setLoginToken();
}
if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
$this->error( $this->msg( 'resetpass-no-info' )->text() );
return;
}
if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
$titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
if ( !$titleObj instanceof Title ) {
$titleObj = Title::newMainPage();
}
$query = $request->getVal( 'returntoquery' );
$this->getOutput()->redirect( $titleObj->getFullURL( $query ) );
return;
}
$this->checkReadOnly();
$this->checkPermissions();
if ( $request->wasPosted() && $user->matchEditToken( $request->getVal( 'token' ) ) ) {
try {
$this->mDomain = $wgAuth->getDomain();
if ( !$wgAuth->allowPasswordChange() ) {
$this->error( $this->msg( 'resetpass_forbidden' )->text() );
return;
}
if ( !$user->isLoggedIn()
&& $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
) {
// Potential CSRF (bug 62497)
$this->error( $this->msg( 'sessionfailure' )->text() );
return false;
}
$this->attemptReset( $this->mNewpass, $this->mRetype );
if ( $user->isLoggedIn() ) {
$this->getOutput()->wrapWikiMsg(
"<div class=\"successbox\">\n$1\n</div>",
'changepassword-success'
);
$this->getOutput()->returnToMain();
} else {
LoginForm::setLoginToken();
$token = LoginForm::getLoginToken();
$data = array(
'action' => 'submitlogin',
'wpName' => $this->mUserName,
'wpDomain' => $this->mDomain,
'wpLoginToken' => $token,
'wpPassword' => $request->getVal( 'wpNewPassword' ),
) + $request->getValues( 'wpRemember', 'returnto', 'returntoquery' );
$login = new LoginForm( new DerivativeRequest( $request, $data, true ) );
$login->setContext( $this->getContext() );
$login->execute( null );
}
return;
} catch ( PasswordError $e ) {
$this->error( $e->getMessage() );
}
}
$this->showForm();
}
function render()
{
global $wgOut, $wgExtensionsPath;
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$this->templateData['loginToken'] = LoginForm::getLoginToken();
$wgOut->addStyle("{$wgExtensionsPath}/wikia/Piggyback/Piggyback.css");
$html = (new Wikia\Template\PHPEngine())->setData($this->templateData)->render(dirname(__FILE__) . '/templates/Piggyback_form.php');
$wgOut->addHtml($html);
}
public static function afterAjaxLoginHTML(&$html)
{
$tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/');
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$tmpl->set("loginToken", LoginForm::getLoginToken());
$tmpl->set("fbButtton", FBConnect::getFBButton("sendToConnectOnLoginForSpecificForm();", "fbPrefsConnect"));
$html = $tmpl->execute('ajaxLoginMerge');
return true;
}
