/**
     * The user is logged in to MediaWiki but not Facebook.
     * No Facebook user is associated with this MediaWiki account.
     * 
     * TODO: Facebook login button causes a post to a Special:Connect/ConnectUser or something
     */
    private function loginToFacebookView()
    {
        global $wgOut, $wgSitename, $wgUser;
        $loginFormWidth = 400;
        // pixels
        $fb_ids = FacebookDB::getFacebookIDs($wgUser);
        $this->outputHeader();
        $html = '
<div id="userloginForm">
	<form style="width: ' . $loginFormWidth . 'px;">' . "\n";
        if (!count($fb_ids)) {
            // This message was added recently and might not be translated
            // In that case, fall back to an older, similar message
            $formTitle = wfMsg('facebook-merge-title');
            // This test probably isn't correct. I'm open to ideas
            if ($formTitle == "&lt;facebook-merge-title&gt;") {
                $formTitle = wfMsg('login');
            }
            $html .= '<h2>' . $formTitle . "</h2>\n";
            $formText = wfMsg('facebook-merge-text', $wgSitename);
            // This test probably isn't correct. I'm open to ideas
            if ($formText == "&lt;facebook-merge-text&gt;") {
                $formText = wfMsg('facebook-merge');
            }
            $html .= '<p>' . $formText . "<br/><br/></p>\n";
        } else {
            $html .= '<h2>' . wfMsg('login') . "</h2>\n";
            // User is already connected to a Facebook account. Send a page asking
            // them to log in to one of their (possibly several) Facebook accounts
            // For now, scold them for trying to log in to a connected account
            // TODO
            $html .= '<p>' . wfMsg('facebook-connect-text') . "<br/><br/></p>\n";
        }
        // Compatiblity with MW < 1.18
        global $wgVersion;
        if (version_compare($wgVersion, '1.18', '>=')) {
            $skin = $this->getSkin();
        } else {
            global $wgUser;
            $skin = $wgUser->getSkin();
        }
        $html .= '<fb:login-button show-faces="true" width="' . $loginFormWidth . '" max-rows="3" scope="' . FacebookAPI::getPermissions() . '" colorscheme="' . FacebookXFBML::getColorScheme($skin->getSkinName()) . '"></fb:login-button><br/><br/><br/>' . "\n";
        // Add a pretty Like box to entice the user to log in
        $html .= '<fb:like href="' . Title::newMainPage()->getFullURL() . '" send="false" width="' . $loginFormWidth . '" show_faces="true"></fb:like>';
        $html .= '
	</form>
</div>';
        $wgOut->addHTML($html);
        // TODO: Add a returnto link
    }
예제 #2
0
 /**
  * We need to override the password checking so that Facebook users can
  * reset their passwords and give themselves a valid password to log in
  * without Facebook. This only works if the user specifies a blank password
  * and hasn't already given themselves one.
  * 
  * To that effect, you may want to modify the 'resetpass-wrong-oldpass' msg.
  * 
  * Before version 1.14, MediaWiki used Special:Preferences to reset
  * passwords instead of Special:ChangePassword, so this hook won't get
  * called and Facebook users won't be able to give themselves a password
  * unless they request one over email.
  * 
  * TODO: A potential security flaw is exposed for users who run untrusted
  * JavaScript code. Because no password exists, JavaScript could set a new
  * password without the user's knowledge. To guard against this, we need to
  * send the user an email and preemptively generate a password reset token.
  */
 public static function UserComparePasswords($hash, $password, $userId, &$result)
 {
     global $wgUser;
     // Only override if no password exists and the old password ($hash) is blank
     if ($hash == '' && $password == '' && $userId) {
         // Only check for password on Special:ChangePassword
         // TODO: should we use RequestContext::getMain()->getTitle() instead?
         $title = $wgUser->getSkin()->getTitle();
         if ($title instanceof Title && $title->isSpecial('Resetpass') || $title->isSpecial('ChangePassword')) {
             // Check to see if the MediaWiki user has connected via Facebook
             // before. For a more strict check, we could check if the user
             // is currently logged in to Facebook
             $user = User::newFromId($userId);
             $fb_ids = FacebookDB::getFacebookIDs($user);
             if (count($fb_ids) && $fb_ids[0]) {
                 $result = true;
                 return false;
                 // to override internal check
             }
         }
     }
     return true;
 }
예제 #3
0
 /**
  * Generates a unique username for a wiki account based on the prefix specified
  * in the message 'facebook-usernameprefix'. The number appended is equal to
  * the number of Facebook Connect to user ID associations in the user_fbconnect
  * table, so quite a few numbers will be skipped. However, this approach is
  * more scalable. For smaller wiki installations, uncomment the line $i = 1 to
  * have consecutive usernames starting at 1.
  */
 static function generateUserName()
 {
     // Because $i is incremented the first time through the while loop
     $i = FacebookDB::countUsers();
     // rough estimate
     $max = $i + 100;
     while ($i < PHP_INT_MAX && $i < $max) {
         $name = self::getUserNamePrefix() . $i;
         if (FacebookUser::userNameOK($name)) {
             return $name;
         }
         ++$i;
     }
     return $prefix;
 }