/** * Load user data from the session or login cookie. If there are no valid * credentials, initialises the user as an anonymous user. * @return Bool True if the user is logged in, false otherwise. */ private function loadFromSession() { global $wgExternalAuthType, $wgAutocreatePolicy; $result = null; wfRunHooks('UserLoadFromSession', array($this, &$result)); if ($result !== null) { return $result; } $request = $this->getRequest(); $cookieId = $request->getCookie('UserID'); $sessId = $request->getSessionData('wsUserID'); if ($cookieId !== null) { $sId = intval($cookieId); if ($sessId !== null && $cookieId != $sessId) { $this->loadDefaults(); // Possible collision! wfDebugLog('loginSessions', "Session user ID ({$sessId}) and\n\t\t\t\t\tcookie user ID ({$sId}) don't match!"); return false; } $request->setSessionData('wsUserID', $sId); } elseif ($sessId !== null && $sessId != 0) { $sId = $sessId; } else { $this->loadDefaults(); return false; } if ($request->getSessionData('wsUserName') !== null) { $sName = $request->getSessionData('wsUserName'); } elseif ($request->getCookie('UserName') !== null) { $sName = $request->getCookie('UserName'); $request->setSessionData('wsUserName', $sName); } else { $this->loadDefaults(); return false; } // wikia change start if ($wgExternalAuthType && $wgAutocreatePolicy == 'view') { $extUser = ExternalUser::newFromCookie(); if ($extUser) { $extUser->linkToLocal($sId); } } $passwordCorrect = FALSE; // wikia change end $proposedUser = User::newFromId($sId); if (!$proposedUser->isLoggedIn()) { # Not a valid ID $this->loadDefaults(); return false; } global $wgBlockDisablesLogin; if ($wgBlockDisablesLogin && $proposedUser->isBlocked()) { # User blocked and we've disabled blocked user logins $this->loadDefaults(); return false; } if ($request->getSessionData('wsToken')) { $passwordCorrect = $proposedUser->getToken(false) === $request->getSessionData('wsToken'); $from = 'session'; } elseif ($request->getCookie('Token')) { $passwordCorrect = $proposedUser->getToken(false) === $request->getCookie('Token'); $from = 'cookie'; } else { # No session or persistent login cookie $this->loadDefaults(); return false; } if ($sName === $proposedUser->getName() && $passwordCorrect) { $this->loadFromUserObject($proposedUser); $request->setSessionData('wsToken', $this->mToken); wfDebug("User: logged in from {$from}\n"); wfRunHooks('UserLoadFromSessionInfo', array($this, $from)); return true; } else { # Invalid credentials wfDebug("User: can't log in from {$from}, invalid credentials\n"); $this->loadDefaults(); return false; } }
/** * Load user data from the session or login cookie. If there are no valid * credentials, initialises the user as an anonymous user. * @return Bool True if the user is logged in, false otherwise. */ private function loadFromSession() { global $wgExternalAuthType, $wgAutocreatePolicy; $result = null; wfRunHooks('UserLoadFromSession', array($this, &$result)); if ($result !== null) { return $result; } if ($wgExternalAuthType && $wgAutocreatePolicy == 'view') { $extUser = ExternalUser::newFromCookie(); if ($extUser) { # TODO: Automatically create the user here (or probably a bit # lower down, in fact) } } $request = $this->getRequest(); $cookieId = $request->getCookie('UserID'); $sessId = $request->getSessionData('wsUserID'); if ($cookieId !== null) { $sId = intval($cookieId); if ($sessId !== null && $cookieId != $sessId) { $this->loadDefaults(); // Possible collision! wfDebugLog('loginSessions', "Session user ID ({$sessId}) and\n\t\t\t\t\tcookie user ID ({$sId}) don't match!"); return false; } $request->setSessionData('wsUserID', $sId); } elseif ($sessId !== null && $sessId != 0) { $sId = $sessId; } else { $this->loadDefaults(); return false; } if ($request->getSessionData('wsUserName') !== null) { $sName = $request->getSessionData('wsUserName'); } elseif ($request->getCookie('UserName') !== null) { $sName = $request->getCookie('UserName'); $request->setSessionData('wsUserName', $sName); } else { $this->loadDefaults(); return false; } $proposedUser = User::newFromId($sId); if (!$proposedUser->isLoggedIn()) { # Not a valid ID $this->loadDefaults(); return false; } global $wgBlockDisablesLogin; if ($wgBlockDisablesLogin && $proposedUser->isBlocked()) { # User blocked and we've disabled blocked user logins $this->loadDefaults(); return false; } if ($request->getSessionData('wsToken')) { $passwordCorrect = $proposedUser->getToken(false) === $request->getSessionData('wsToken'); $from = 'session'; } elseif ($request->getCookie('Token')) { # Get the token from DB/cache and clean it up to remove garbage padding. # This deals with historical problems with bugs and the default column value. $token = rtrim($proposedUser->getToken(false)); // correct token // Make comparison in constant time (bug 61346) $passwordCorrect = strlen($token) && $this->compareSecrets($token, $request->getCookie('Token')); $from = 'cookie'; } else { # No session or persistent login cookie $this->loadDefaults(); return false; } if ($sName === $proposedUser->getName() && $passwordCorrect) { $this->loadFromUserObject($proposedUser); $request->setSessionData('wsToken', $this->mToken); wfDebug("User: logged in from {$from}\n"); return true; } else { # Invalid credentials wfDebug("User: can't log in from {$from}, invalid credentials\n"); $this->loadDefaults(); return false; } }
/** * Load user data from the session or login cookie. If there are no valid * credentials, initialises the user as an anonymous user. * @return \bool True if the user is logged in, false otherwise. */ private function loadFromSession() { global $wgMemc, $wgCookiePrefix, $wgExternalAuthType, $wgAutocreatePolicy; $result = null; wfRunHooks('UserLoadFromSession', array($this, &$result)); if ($result !== null) { return $result; } if ($wgExternalAuthType && $wgAutocreatePolicy == 'view') { $extUser = ExternalUser::newFromCookie(); if ($extUser) { # TODO: Automatically create the user here (or probably a bit # lower down, in fact) } } if (isset($_COOKIE["{$wgCookiePrefix}UserID"])) { $sId = intval($_COOKIE["{$wgCookiePrefix}UserID"]); if (isset($_SESSION['wsUserID']) && $sId != $_SESSION['wsUserID']) { $this->loadDefaults(); // Possible collision! wfDebugLog('loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and\n\t\t\t\t\tcookie user ID ({$sId}) don't match!"); return false; } $_SESSION['wsUserID'] = $sId; } else { if (isset($_SESSION['wsUserID'])) { if ($_SESSION['wsUserID'] != 0) { $sId = $_SESSION['wsUserID']; } else { $this->loadDefaults(); return false; } } else { $this->loadDefaults(); return false; } } if (isset($_SESSION['wsUserName'])) { $sName = $_SESSION['wsUserName']; } else { if (isset($_COOKIE["{$wgCookiePrefix}UserName"])) { $sName = $_COOKIE["{$wgCookiePrefix}UserName"]; $_SESSION['wsUserName'] = $sName; } else { $this->loadDefaults(); return false; } } $passwordCorrect = FALSE; $proposedUser = User::newFromId($sId); if (!$proposedUser->isLoggedIn()) { # Not a valid ID $this->loadDefaults(); return false; } global $wgBlockDisablesLogin; if ($wgBlockDisablesLogin && $proposedUser->isBlocked()) { # User blocked and we've disabled blocked user logins $this->loadDefaults(); return false; } if (isset($_SESSION['wsToken'])) { $passwordCorrect = $proposedUser->getToken() === $_SESSION['wsToken']; $from = 'session'; } else { if (isset($_COOKIE["{$wgCookiePrefix}Token"])) { $passwordCorrect = $proposedUser->getToken() === $_COOKIE["{$wgCookiePrefix}Token"]; $from = 'cookie'; } else { # No session or persistent login cookie $this->loadDefaults(); return false; } } if ($sName === $proposedUser->getName() && $passwordCorrect) { $this->loadFromUserObject($proposedUser); $_SESSION['wsToken'] = $this->mToken; wfDebug("Logged in from {$from}\n"); return true; } else { # Invalid credentials wfDebug("Can't log in from {$from}, invalid credentials\n"); $this->loadDefaults(); return false; } }