/** * Actually add a user to the database. * Give it a User object that has been initialised with a name. * * This is a custom version of similar code in SpecialUserLogin's LoginForm with differences * due to the fact that this code doesn't require a password, etc. * * @param $u User object. * @param $autocreate boolean -- true if this is an autocreation via auth plugin * @return User object. * @private */ function initUser($u, $autocreate) { global $wgAuth, $wgExternalAuthType; if ($wgExternalAuthType) { $u = ExternalUser::addUser($u, $this->mPassword, $this->mEmail, $this->mRealName); if (is_object($u)) { $this->mExtUser = ExternalUser::newFromName($this->mName); } } else { $u->addToDatabase(); } // No passwords for FBConnect accounts //if ( $wgAuth->allowPasswordChange() ) { // $u->setPassword( $this->mPassword ); //} $u->setEmail($this->mEmail); $u->setRealName($this->mRealName); $u->setToken(); $wgAuth->initUser($u, $autocreate); if (is_object($this->mExtUser)) { $this->mExtUser->linkToLocal($u->getId()); $email = $this->mExtUser->getPref('emailaddress'); if ($email && !$this->mEmail) { $u->setEmail($email); } } //$u->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 ); $u->setOption('marketingallowed', $this->mMarketingOptIn ? 1 : 0); $u->setOption('skinoverwrite', 1); $u->saveSettings(); # Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); return $u; }
/** * @throws FacebookUserException */ function createUser($username, $domain = '') { global $wgUser, $wgAuth; // Make sure we're not stealing an existing user account (it can't hurt to check twice) if (empty($username) || !FacebookUser::userNameOK($username)) { wfDebug("Facebook: Name not OK: '{$username}'\n"); // TODO: Provide an error message that explains that they need to pick a name or the name is taken. throw new FacebookUserException('connectNewUserView', 'facebook-invalidname'); } /// START OF TYPICAL VALIDATIONS AND RESTRICTIONS ON ACCOUNT-CREATION. /// // Check the restrictions again to make sure that the user can create this account. if (wfReadOnly()) { // Indicate readOnlyPage error throw new FacebookUserException('readonlypage', null); } global $wgFbDisableLogin; if (empty($wgFbDisableLogin)) { // These two permissions don't apply in $wgFbDisableLogin mode because // then technically no users can create accounts if ($wgUser->isBlockedFromCreateAccount()) { wfDebug("Facebook: Blocked user was attempting to create account via Facebook Connect.\n"); throw new FacebookUserException('facebook-error', 'facebook-errortext'); } else { $titleObj = SpecialPage::getTitleFor('Connect'); $permErrors = $titleObj->getUserPermissionsErrors('createaccount', $wgUser, true); if (count($permErrors) > 0) { // Special case for permission errors throw new FacebookUserException($permErrors, 'createaccount'); } } } // If we are not allowing users to login locally, we should be checking // to see if the user is actually able to authenticate to the authenti- // cation server before they create an account (otherwise, they can // create a local account and login as any domain user). We only need // to check this for domains that aren't local. if ($domain != '' && $domain != 'local' && !$wgAuth->canCreateAccounts() && !$wgAuth->userExists($username)) { throw new FacebookUserException('facebook-error', 'wrongpassword'); } // IP-blocking (and open proxy blocking) protection from SpecialUserLogin global $wgEnableSorbs, $wgProxyWhitelist; $ip = wfGetIP(); if ($wgEnableSorbs && !in_array($ip, $wgProxyWhitelist) && $wgUser->inSorbsBlacklist($ip)) { throw new FacebookUserException('facebook-error', 'sorbs_create_account_reason'); } // Run a hook to let custom forms make sure that it is okay to proceed with // processing the form. This hook should only check preconditions and should // not store values. Values should be stored using the hook at the bottom of // this function. Can use 'this' to call // sendPage('chooseNameFormView', 'SOME-ERROR-MSG-CODE-HERE') if some of the // preconditions are invalid. #if (!wfRunHooks( 'SpecialConnect::createUser::validateForm', array( &$this ) )) { # return; #} $user = User::newFromName($username); if (!$user) { wfDebug("Facebook: Error creating new user.\n"); throw new FacebookUserException('facebook-error', 'facebook-error-creating-user'); } // TODO: Make user a Facebook user here: $fbUser = new FacebookUser($user); // Let extensions abort the account creation. // NOTE: Currently this is commented out because it seems that most wikis might have a // handful of restrictions that won't be needed on Facebook Connections. For instance, // requiring a CAPTCHA or age-verification, etc. Having a Facebook account as a pre- // requisite removes the need for that. /* $abortError = ''; if( !wfRunHooks( 'AbortNewAccount', array( $user, &$abortError ) ) ) { // Hook point to add extra creation throttles and blocks wfDebug( "SpecialConnect::createUser: a hook blocked creation\n" ); throw new FacebookUserException('facebook-error', 'facebook-error-user-creation-hook-aborted', array( $abortError )); } */ // Apply account-creation throttles global $wgAccountCreationThrottle, $wgMemc; if ($wgAccountCreationThrottle && $wgUser->isPingLimitable()) { $key = wfMemcKey('acctcreate', 'ip', $ip); $value = $wgMemc->get($key); if (!$value) { $wgMemc->set($key, 0, 86400); } if ($value >= $wgAccountCreationThrottle) { // 'acct_creation_throttle_hit' should actually use 'parseinline' not 'parse' in $wgOut->showErrorPage() throw new FacebookUserException('facebook-error', 'acct_creation_throttle_hit', array($wgAccountCreationThrottle)); } $wgMemc->incr($key); } /// END OF TYPICAL VALIDATIONS AND RESTRICTIONS ON ACCOUNT-CREATION. /// // Fill in the info we know $userinfo = $this->getUserInfo(); $email = FacebookUser::getOptionFromInfo('email', $userinfo); $realName = FacebookUser::getOptionFromInfo('fullname', $userinfo); $pass = ''; // Create the account (locally on main cluster or via $wgAuth on other clusters) // $wgAuth essentially checks to see if these are valid parameters for new users if (!$wgAuth->addUser($user, $pass, $email, $realName)) { wfDebug("Facebook: Error adding new user to database.\n"); throw new FacebookUserException('facebook-error', 'facebook-errortext'); } // Add the user to the local database (regardless of whether $wgAuth was used) // This is a custom version of similar code in SpecialUserLogin's LoginForm // with differences due to the fact that this code doesn't require a password, etc. global $wgExternalAuthType; if ($wgExternalAuthType) { $user = ExternalUser::addUser($user, $pass, $email, $realName); if (is_object($user)) { $extUser = ExternalUser::newFromName($username); $extUser->linkToLocal($user->getId()); $extEmail = $extUser->getPref('emailaddress'); if (!empty($extEmail) && empty($email)) { $user->setEmail($extEmail); } } } else { $user->addToDatabase(); } // Attach the user to their Facebook account in the database. // This must be done up here, because somewhere after this (I'm not too // sure where) the data must be in the database before copy-to-local is // done for shared setups. FacebookDB::addFacebookID($user, $this->id); $this->user = $user; $wgAuth->initUser($this->user, true); // $autocreate == true $wgAuth->updateUser($this->user); // No passwords for Facebook accounts. /* if ( $wgAuth->allowPasswordChange() ) { $this->user->setPassword( $pass ); } */ // Store which fields should be auto-updated from Facebook when the user logs in. global $wgRequest; $updateFormPrefix = 'wpUpdateUserInfo'; foreach (self::$availableUserUpdateOptions as $option) { if ($wgRequest->getVal($updateFormPrefix . $option, '') != '') { $user->setOption("facebook-update-on-login-{$option}", 1); } else { $user->setOption("facebook-update-on-login-{$option}", 0); } } // Process the FacebookPushEvent preference checkboxes if Push Events are enabled global $wgFbEnablePushToFacebook; if (!empty($wgFbEnablePushToFacebook)) { global $wgFbPushEventClasses; if (!empty($wgFbPushEventClasses)) { foreach ($wgFbPushEventClasses as $pushEventClassName) { $pushObj = new $pushEventClassName(); $className = get_class(); $prefName = $pushObj->getUserPreferenceName(); $this->user->setOption($prefName, $wgRequest->getCheck($prefName) ? '1' : '0'); } } // Save the preference for letting user select to never send anything to their newsfeed $prefName = FacebookPushEvent::$PREF_TO_DISABLE_ALL; $this->user->setOption($prefName, $wgRequest->getCheck($prefName) ? '1' : '0'); } // I think this should be done here $this->user->setToken(); // This is done via login() #$this->user->saveSettings(); // Log the user in $this->login(); // Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); wfRunHooks('AddNewAccount', array($this->user)); // Allow custom form processing to store values since this form submission was successful. // This hook should not fail on invalid input, instead check the input using the SpecialConnect::createUser::validateForm hook above. #wfRunHooks( 'SpecialConnect::createUser::postProcessForm', array( &$this ) ); $wgUser->addNewUserLogEntryAutoCreate(); }
public function initUser($u, $autocreate, $createTempUser = true) { global $wgAuth, $wgExternalAuthType; // for FBconnect we don't want to create temp users if ($createTempUser === false) { return parent::initUser($u, $autocreate); } // add TempUser, update User object, set TempUser session $tempUser = TempUser::createNewFromUser($u, $this->mReturnTo); if ($wgExternalAuthType) { $u = ExternalUser::addUser($u, "", "", ""); if (is_object($u)) { $this->mExtUser = ExternalUser::newFromName($this->mUsername); } } else { $u->addToDatabase(); } $u->setToken(); $wgAuth->initUser($u, $autocreate); if (is_object($this->mExtUser)) { $this->mExtUser->linkToLocal($u->getId()); } $u->setOption('rememberpassword', $this->mRemember ? 1 : 0); $u->setOption('marketingallowed', $this->mMarketingOptIn ? 1 : 0); if ($this->mLanguage) { $u->setOption('language', $this->mLanguage); } $u->setOption('skinoverwrite', 1); $u->setPassword($this->mPassword); $tempUser->setPassword($u->mPassword); $tempUser->setId($u->getId()); $tempUser->addToDatabase(); wfRunHooks('AddNewAccountTempUser', array($u, false)); $tempUser->saveSettingsTempUserToUser($u); $tempUser->setTempUserSession(); return $u; }
/** * Actually add a user to the database. * Give it a User object that has been initialised with a name. * * @param $oUser User object. * @param $autocreate boolean -- true if this is an autocreation via auth plugin * @return User object. * @private */ function initUser($oUser, $autocreate) { global $wgAuth, $wgExternalAuthType; wfProfileIn(__METHOD__); $oExtUser = null; if ($wgExternalAuthType) { $oUser = ExternalUser::addUser($oUser, $this->mPassword, $this->mEmail, ""); if (is_object($oUser)) { $oExtUser = ExternalUser::newFromName($this->mUsername); } } else { $oUser->addToDatabase(); } if ($wgAuth->allowPasswordChange()) { $oUser->setPassword($this->mPassword); } $oUser->setEmail($this->mEmail); $oUser->setToken(); $wgAuth->initUser($oUser, $autocreate); if (is_object($oExtUser)) { $oExtUser->linkToLocal($oUser->getId()); $email = $oExtUser->getPref('emailaddress'); if ($email && !$this->mEmail) { $oUser->setEmail($email); } } $oUser->setOption('rememberpassword', isset($this->mRemember) ? 1 : 0); $oUser->setOption('marketingallowed', isset($this->mMarketing) ? 1 : 0); $oUser->setOption('skinoverwrite', 1); $oUser->saveSettings(); # Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); wfProfileOut(__METHOD__); return $oUser; }