/** * Confirm email page. * @requestParam string code - on GET, POST * @requestParam string username - on POST * @requestParam string password - on POST * @responseParam string result [ok/error] * @responseParam string msg - result messages * @responseParam string errParam - error param */ public function index() { $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); // hide things in the skin $this->wg->SuppressWikiHeader = false; $this->wg->SuppressPageHeader = false; $this->wg->SuppressFooter = true; $this->wg->SuppressAds = true; $this->wg->SuppressToolbar = true; $this->wg->Out->setPageTitle(wfMsg('wikiaconfirmemail-heading')); $par = $this->request->getVal('par', ''); $this->code = $this->request->getVal('code', $par); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); if ($this->code == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-empty-code'); return; } if ($this->wg->request->wasPosted()) { if ($this->username == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-noname'); $this->errParam = 'username'; return; } if ($this->password == '') { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpasswordempty'); $this->errParam = 'password'; return; } $expUser = User::newFromConfirmationCode($this->code); if (!is_object($expUser)) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-invalid-code'); return; } // User - activate user, confirm email and redirect to user page or create new wiki $tempUser = TempUser::getTempUserFromName($this->username); if ($tempUser) { if ($tempUser->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-user-not-match'); $this->errParam = 'username'; return; } $userLoginHelper = F::build('UserLoginHelper'); if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-login-throttled'); $this->errParam = 'password'; return; } $user = $tempUser->mapTempUserToUser(false); if ($user->checkPassword($this->password)) { $this->wg->user = $tempUser->activateUser($user); $this->wg->User->setCookies(); LoginForm::clearLoginToken(); TempUser::clearTempUserSession(); $userLoginHelper->clearPasswordThrottle($this->username); // redirect user if ($tempUser->getSource() == '') { $titleObj = $this->wg->User->getUserPage(); $query = ''; } else { $titleObj = SpecialPage::getTitleFor('CreateNewWiki'); $query = $tempUser->getSource(); } $this->wg->out->redirect($titleObj->getFullURL($query)); return; } else { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpassword'); $this->errParam = 'password'; return; } } // User - confirm email and redirect to user page $user = User::newFromName($this->username); if (!$user instanceof User || $user->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = $this->wf->Msg('wikiaconfirmemail-error-user-not-match'); $this->errParam = 'username'; return; } // set login token $this->wg->request->setVal('loginToken', UserLoginHelper::getLoginToken()); // login $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $this->result = $response->getVal('result', ''); $this->msg = $response->getVal('msg', ''); $this->errParam = $response->getVal('errParam', ''); if ($this->result == 'ok') { $optionNewEmail = $this->wg->User->getOption('new_email'); if (!empty($optionNewEmail)) { $user->setEmail($optionNewEmail); } $user->confirmEmail(); $user->setOption('new_email', null); $user->saveSettings(); $this->wf->RunHooks('ConfirmEmailComplete', array(&$user)); // redirect user $userPage = $user->getUserPage(); $this->wg->out->redirect($userPage->getFullURL()); } } }
/** * @brief logs in a user with given login name and password. if keeploggedin, sets a cookie. * @details * @requestParam string username * @requestParam string password * @requestParam string keeploggedin [true/false] * @responseParam string result [ok/error/unconfirm/resetpass] * @responseParam string msg - result message * @responseParam string errParam - error param */ public function login() { // Init session if necessary if (session_id() == '') { $this->wf->SetupSession(); } $loginForm = F::build('LoginForm', array(&$this->wg->request)); $loginForm->load(); // MW1.19 uses different form fields names // set variables if ($this->wg->request->getText('username', '') != '') { $loginForm->mUsername = $this->wg->request->getText('username'); } if ($this->wg->request->getText('password', '') != '') { $loginForm->mPassword = $this->wg->request->getText('password'); } if ($this->wg->request->getText('keeploggedin', '') != '') { $loginForm->mRemember = $this->wg->request->getCheck('keeploggedin'); } if ($this->wg->request->getVal('loginToken', '') != '') { $loginForm->mToken = $this->wg->request->getVal('loginToken'); } if ($this->wg->request->getVal('returnto', '') != '') { $loginForm->mReturnTo = $this->wg->request->getVal('returnto'); } $loginCase = $loginForm->authenticateUserData(); switch ($loginCase) { case LoginForm::SUCCESS: $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$this->wg->User, &$injected_html)); // set rememberpassword option if ((bool) $loginForm->mRemember != (bool) $this->wg->User->getOption('rememberpassword')) { $this->wg->User->setOption('rememberpassword', $loginForm->mRemember ? 1 : 0); $this->wg->User->saveSettings(); } else { $this->wg->User->invalidateCache(); } $this->wg->User->setCookies(); LoginForm::clearLoginToken(); TempUser::clearTempUserSession(); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); $this->result = 'ok'; break; case LoginForm::NEED_TOKEN: case LoginForm::WRONG_TOKEN: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-sessionfailure'); break; case LoginForm::NO_NAME: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-noname'); $this->errParam = 'username'; break; case LoginForm::ILLEGAL: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-nosuchuser'); $this->errParam = 'username'; break; case LoginForm::NOT_EXISTS: $tempUser = F::build('TempUser', array($loginForm->mUsername), 'getTempUserFromName'); if ($tempUser) { if ($this->userLoginHelper->isPasswordThrottled($loginForm->mUsername)) { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-login-throttled'); } else { $user = $tempUser->mapTempUserToUser(false); if ($user->checkPassword($loginForm->mPassword)) { LoginForm::clearLoginToken(); $tempUser->setTempUserSession(); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); // set lang for unconfirmed user $langCode = $user->getOption('language'); if ($this->wg->User->getOption('language') != $langCode) { $this->wg->User->setOption('language', $langCode); } $this->result = 'unconfirm'; $this->msg = $this->wf->MsgExt('usersignup-confirmation-email-sent', array('parseinline'), $tempUser->getEmail()); } else { if ($user->checkTemporaryPassword($loginForm->mPassword)) { $this->result = 'resetpass'; } else { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpassword'); $this->errParam = 'password'; } } } } else { $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-nosuchuser'); $this->errParam = 'username'; } break; case LoginForm::WRONG_PLUGIN_PASS: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpassword'); $this->errParam = 'password'; break; case LoginForm::WRONG_PASS: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpassword'); $this->errParam = 'password'; $attemptedUser = F::build('User', array($loginForm->mUsername), 'newFromName'); if (!is_null($attemptedUser)) { $disOpt = $attemptedUser->getOption('disabled'); if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) { #either closed account flag was present, override fail message $this->msg = $this->wf->Msg('userlogin-error-edit-account-closed-flag'); $this->errParam = ''; } } break; case LoginForm::EMPTY_PASS: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-wrongpasswordempty'); $this->errParam = 'password'; break; case LoginForm::RESET_PASS: $this->result = 'resetpass'; break; case LoginForm::THROTTLED: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-login-throttled'); break; case LoginForm::CREATE_BLOCKED: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-cantcreateaccount-text'); break; case LoginForm::USER_BLOCKED: $this->result = 'error'; $this->msg = $this->wf->Msg('userlogin-error-login-userblocked'); break; default: throw new MWException("Unhandled case value"); } }