if ( !class_exists( 'SecurePoll_RemoteMWAuth' ) ) { header( 'HTTP/1.1 500 Internal Server Error' ); echo "SecurePoll is disabled.\n"; exit( 1 ); } header( 'Content-Type: application/vnd.php.serialized; charset=utf-8' ); $token = $wgRequest->getVal( 'token' ); $id = $wgRequest->getInt( 'id' ); if ( is_null( $token ) || !$id ) { echo serialize( Status::newFatal( 'securepoll-api-invalid-params' ) ); exit; } $user = User::newFromId( $id ); if ( !$user ) { echo serialize( Status::newFatal( 'securepoll-api-no-user' ) ); exit; } $token2 = SecurePoll_RemoteMWAuth::encodeToken( $user->getToken() ); if ( $token2 !== $token ) { echo serialize( Status::newFatal( 'securepoll-api-token-mismatch' ) ); exit; } $context = new SecurePoll_Context; $auth = $context->newAuth( 'local' ); $status = Status::newGood( $auth->getUserParams( $user ) ); echo serialize( $status );
/** * Show a page informing the user that they must go to another wiki to * cast their vote, and a button which takes them there. * * Clicking the button transmits a hash of their auth token, so that the * remote server can authenticate them. */ function showJumpForm() { global $wgOut, $wgUser; $url = $this->election->getProperty( 'jump-url' ); if ( !$url ) { throw new MWException( 'Configuration error: no jump-url' ); } $id = $this->election->getProperty( 'jump-id' ); if ( !$id ) { throw new MWException( 'Configuration error: no jump-id' ); } $url .= "/login/$id"; wfRunHooks( 'SecurePoll_JumpUrl', array( $this, &$url ) ); $wgOut->addWikiText( $this->election->getMessage( 'jump-text' ) ); $wgOut->addHTML( Xml::openElement( 'form', array( 'action' => $url, 'method' => 'post' ) ) . Html::hidden( 'token', SecurePoll_RemoteMWAuth::encodeToken( $wgUser->getToken() ) ) . Html::hidden( 'id', $wgUser->getId() ) . Xml::submitButton( wfMsg( 'securepoll-jump' ) ) . '</form>' ); }