/** * Get a signup token * @return string signupToken */ public static function getSignupToken() { if (!LoginForm::getCreateaccountToken()) { // Init session if necessary if (session_id() == '') { wfSetupSession(); } LoginForm::setCreateaccountToken(); } return LoginForm::getCreateaccountToken(); }
/** * Make sure requests with invalid emails are invalid. * @expectedException UsageException */ public function testInvalidEmail() { $this->doApiRequest(array('action' => 'createaccount', 'name' => 'Test User', 'token' => LoginForm::getCreateaccountToken(), 'password' => 'password', 'email' => 'invalid')); }
public function execute() { // If we're in a mode that breaks the same-origin policy, no tokens can // be obtained if ($this->lacksSameOriginSecurity()) { $this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted'); } // $loginForm->addNewaccountInternal will throw exceptions // if wiki is read only (already handled by api), user is blocked or does not have rights. // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin) $loginTitle = SpecialPage::getTitleFor('Userlogin'); if (!$loginTitle->userCan('createaccount', $this->getUser())) { $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount'); } if ($this->getUser()->isBlockedFromCreateAccount()) { $this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock()))); } $params = $this->extractRequestParams(); // Init session if necessary if (session_id() == '') { wfSetupSession(); } if ($params['mailpassword'] && !$params['email']) { $this->dieUsageMsg('noemail'); } if ($params['language'] && !Language::isSupportedLanguage($params['language'])) { $this->dieUsage('Invalid language parameter', 'langinvalid'); } $context = new DerivativeContext($this->getContext()); $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null))); $loginForm = new LoginForm(); $loginForm->setContext($context); Hooks::run('AddNewAccountApiForm', array($this, $loginForm)); $loginForm->load(); $status = $loginForm->addNewaccountInternal(); $result = array(); if ($status->isGood()) { // Success! $user = $status->getValue(); if ($params['language']) { $user->setOption('language', $params['language']); } if ($params['mailpassword']) { // If mailpassword was set, disable the password and send an email. $user->setPassword(null); $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text')); } elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) { // Send out an email authentication message if needed $status->merge($user->sendConfirmationMail()); } // Save settings (including confirmation token) $user->saveSettings(); Hooks::run('AddNewAccount', array($user, $params['mailpassword'])); if ($params['mailpassword']) { $logAction = 'byemail'; } elseif ($this->getUser()->isLoggedIn()) { $logAction = 'create2'; } else { $logAction = 'create'; } $user->addNewUserLogEntry($logAction, (string) $params['reason']); // Add username, id, and token to result. $result['username'] = $user->getName(); $result['userid'] = $user->getId(); $result['token'] = $user->getToken(); } $apiResult = $this->getResult(); if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) { // Token was incorrect, so add it to result, but don't throw an exception // since not having the correct token is part of the normal // flow of events. $result['token'] = LoginForm::getCreateaccountToken(); $result['result'] = 'NeedToken'; } elseif (!$status->isOK()) { // There was an error. Die now. $this->dieStatus($status); } elseif (!$status->isGood()) { // Status is not good, but OK. This means warnings. $result['result'] = 'Warning'; // Add any warnings to the result $warnings = $status->getErrorsByType('warning'); if ($warnings) { foreach ($warnings as &$warning) { ApiResult::setIndexedTagName($warning['params'], 'param'); } ApiResult::setIndexedTagName($warnings, 'warning'); $result['warnings'] = $warnings; } } else { // Everything was fine. $result['result'] = 'Success'; } // Give extensions a chance to modify the API result data Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result)); $apiResult->addValue(null, 'createaccount', $result); }
public function execute() { // $loginForm->addNewaccountInternal will throw exceptions // if wiki is read only (already handled by api), user is blocked or does not have rights. // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin) $loginTitle = SpecialPage::getTitleFor('Userlogin'); if (!$loginTitle->userCan('createaccount', $this->getUser())) { $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount'); } if ($this->getUser()->isBlockedFromCreateAccount()) { $this->dieUsage('You cannot create a new account because you are blocked', 'blocked'); } $params = $this->extractRequestParams(); $result = array(); // Init session if necessary if (session_id() == '') { wfSetupSession(); } if ($params['mailpassword'] && !$params['email']) { $this->dieUsageMsg('noemail'); } $context = new DerivativeContext($this->getContext()); $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null))); $loginForm = new LoginForm(); $loginForm->setContext($context); $loginForm->load(); $status = $loginForm->addNewaccountInternal(); $result = array(); if ($status->isGood()) { // Success! $user = $status->getValue(); // If we showed up language selection links, and one was in use, be // smart (and sensible) and save that language as the user's preference global $wgLoginLanguageSelector, $wgEmailAuthentication; if ($wgLoginLanguageSelector && $params['language']) { $user->setOption('language', $params['language']); } if ($params['mailpassword']) { // If mailpassword was set, disable the password and send an email. $user->setPassword(null); $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text')); } elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) { // Send out an email authentication message if needed $status->merge($user->sendConfirmationMail()); } // Save settings (including confirmation token) $user->saveSettings(); wfRunHooks('AddNewAccount', array($user, $params['mailpassword'])); if ($params['mailpassword']) { $logAction = 'byemail'; } elseif ($this->getUser()->isLoggedIn()) { $logAction = 'create2'; } else { $logAction = 'create'; } $user->addNewUserLogEntry($logAction, (string) $params['reason']); // Add username, id, and token to result. $result['username'] = $user->getName(); $result['userid'] = $user->getId(); $result['token'] = $user->getToken(); } $apiResult = $this->getResult(); if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) { // Token was incorrect, so add it to result, but don't throw an exception // since not having the correct token is part of the normal // flow of events. $result['token'] = LoginForm::getCreateaccountToken(); $result['result'] = 'needtoken'; } elseif (!$status->isOK()) { // There was an error. Die now. // Cannot use dieUsageMsg() directly because extensions // might return custom error messages. $errors = $status->getErrorsArray(); if ($errors[0] instanceof Message) { $code = 'aborted'; $desc = $errors[0]; } else { $code = array_shift($errors[0]); $desc = wfMessage($code, $errors[0]); } $this->dieUsage($desc, $code); } elseif (!$status->isGood()) { // Status is not good, but OK. This means warnings. $result['result'] = 'warning'; // Add any warnings to the result $warnings = $status->getErrorsByType('warning'); if ($warnings) { foreach ($warnings as &$warning) { $apiResult->setIndexedTagName($warning['params'], 'param'); } $apiResult->setIndexedTagName($warnings, 'warning'); $result['warnings'] = $warnings; } } else { // Everything was fine. $result['result'] = 'success'; } $apiResult->addValue(null, 'createaccount', $result); }
/** * Generates a template with the login form and registration form already filled into * it and other settings populated as well. This template can then be executed with * different EasyTemplates to give different results such as one view for ajax dialogs * and one view for standalone pages (such as Special:Signup). */ public static function getTemplateForCombinedForms($static = false, $lastmsg = "", &$ajaxLoginForm = "") { global $wgRequest; // Setup the data for the templates, similar to GetComboAjaxLogin. if (session_id() == '') { wfSetupSession(); } // TODO: Invstigate why this was here. //if ($wgRequest->getCheck( 'wpCreateaccount' )) { // return "error"; //} $tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/'); $response = new AjaxResponse(); $type = $wgRequest->getVal('type', ''); if (!wfReadOnly()) { if (empty($ajaxLoginForm)) { $ajaxLoginForm = new AjaxLoginForm($wgRequest); } $ajaxLoginForm->execute($type); if (!empty($ajaxLoginForm->ajaxTemplate)) { $lastmsg = $ajaxLoginForm->ajaxTemplate->data['message']; $tmpl->set('message', $ajaxLoginForm->ajaxTemplate->data['message']); $tmpl->set('messagetype', $ajaxLoginForm->ajaxTemplate->data['messagetype']); } $tmpl->set("registerAjax", $ajaxLoginForm->ajaxRender()); } $isReadOnly = wfReadOnly() ? 1 : 0; $tmpl->set("isReadOnly", $isReadOnly); if (!LoginForm::getLoginToken()) { LoginForm::setLoginToken(); } $tmpl->set("loginToken", LoginForm::getLoginToken()); if (!LoginForm::getCreateaccountToken()) { LoginForm::setCreateaccountToken(); } $tmpl->set("createToken", LoginForm::getCreateaccountToken()); // Use the existing settings to generate the login portion of the form, which will then // be fed back into the bigger template in this case (it is not always fed into ComboAjaxLogin template). $returnto = $wgRequest->getVal('returnto', ''); if (!($returnto == '')) { $returnto = "&returnto=" . wfUrlencode($returnto); } $returntoquery = $wgRequest->getVal('returntoquery', ''); if (!($returntoquery == '')) { $returntoquery = "&returntoquery=" . wfUrlencode($returntoquery); } $loginaction = Skin::makeSpecialUrl('Signup', "type=login&action=submitlogin" . $returnto . $returntoquery); $signupaction = Skin::makeSpecialUrl('Signup', "type=signup" . $returnto . $returntoquery); $tmpl->set("loginaction", $loginaction); $tmpl->set("signupaction", $signupaction); $tmpl->set("loginerror", $lastmsg); $tmpl->set("actiontype", $type); $tmpl->set("showRegister", false); $tmpl->set("showLogin", false); if ($static) { if (strtolower($type) == "login") { $tmpl->set("showLogin", true); } else { if (!$isReadOnly) { $tmpl->set("showRegister", true); } } } $tmpl->set("ajaxLoginComponent", $tmpl->render('AjaxLoginComponent')); return $tmpl; }
private function displayForm() { if (session_id() == '') { wfSetupSession(); } if (!LoginForm::getCreateaccountToken()) { LoginForm::setCreateaccountToken(); } $token = LoginForm::getCreateaccountToken(); # block_join $html = Xml::openElement('div', array('class' => 'block block_join')); $html .= Xml::element('h3', array('class' => 'title'), wfMessage('sz-mp-joinus')->text()); # inside $html .= Xml::openElement('div', array('class' => 'inside')); global $wgServer; $html .= Xml::openElement('form', array('id' => 'userloginS', 'action' => $wgServer . '/index.php?title=Special:UserLogin&action=submitlogin&type=signup&from=SpecialWelcome', 'method' => 'post', 'name' => 'userlogin')); $html .= Xml::openElement('p'); $html .= Xml::element('label', array('for' => 'wpNameS', 'class' => 'sread'), wfMessage('yourname')->text()); $html .= Xml::element('input', array('id' => 'wpNameS', 'name' => 'wpName', 'placeholder' => wfMessage('sz-mp-yourname')->text())); $html .= Xml::closeElement('p'); $html .= Xml::openElement('p'); $html .= Xml::element('label', array('for' => 'wpPasswordS', 'class' => 'sread'), wfMessage('yourpassword')->text()); $html .= Xml::element('input', array('id' => 'wpPasswordS', 'type' => 'password', 'name' => 'wpPassword', 'placeholder' => wfMessage('sz-mp-yourpassword')->text())); $html .= Xml::closeElement('p'); $html .= Xml::openElement('p'); $html .= Xml::element('label', array('for' => 'wpRetypeS', 'class' => 'sread'), wfMessage('yourpasswordagain')->text()); $html .= Xml::element('input', array('id' => 'wpRetypeS', 'type' => 'password', 'name' => 'wpRetype', 'placeholder' => wfMessage('sz-mp-yourpasswordagain')->text())); $html .= Xml::closeElement('p'); $html .= Xml::openElement('p'); $html .= Xml::element('label', array('for' => 'wpEmailS', 'class' => 'sread'), wfMessage('youremail')->text()); $html .= Xml::element('input', array('id' => 'wpEmailS', 'name' => 'wpEmail', 'placeholder' => wfMessage('sz-mp-youremail')->text())); $html .= Xml::closeElement('p'); $html .= Xml::openElement('p', array('class' => 'submit')); $html .= Linker::link(SpecialPage::getTitleFor('UserLogin'), wfMessage('login')->text()); $html .= Xml::element('label', array('for' => 'wpCreateaccountS', 'class' => 'sread'), wfMessage('createaccount')->text()); $html .= Xml::element('input', array('id' => 'wpCreateaccountS', 'name' => 'wpCreateaccount', 'type' => 'submit', 'value' => wfMessage('sz-mp-enter')->text())); $html .= Xml::closeElement('p'); $html .= Xml::element('input', array('name' => 'wpCreateaccountToken', 'type' => 'hidden', 'value' => $token)); $html .= Xml::closeElement('form'); # /inside $html .= Xml::closeElement('div'); # /block $html .= Xml::closeElement('div'); return $html; }