/**
* @param string|null $subPage
*/
public function execute($subPage)
{
$authManager = AuthManager::singleton();
$session = SessionManager::getGlobalSession();
// Session data is used for various things in the authentication process, so we must make
// sure a session cookie or some equivalent mechanism is set.
$session->persist();
$this->load($subPage);
$this->setHeaders();
$this->checkPermissions();
// Make sure it's possible to log in
if (!$this->isSignup() && !$session->canSetUser()) {
throw new ErrorPageError('cannotloginnow-title', 'cannotloginnow-text', [$session->getProvider()->describe(RequestContext::getMain()->getLanguage())]);
}
/*
* In the case where the user is already logged in, and was redirected to
* the login form from a page that requires login, do not show the login
* page. The use case scenario for this is when a user opens a large number
* of tabs, is redirected to the login page on all of them, and then logs
* in on one, expecting all the others to work properly.
*
* However, do show the form if it was visited intentionally (no 'returnto'
* is present). People who often switch between several accounts have grown
* accustomed to this behavior.
*
* Also make an exception when force=<level> is set in the URL, which means the user must
* reauthenticate for security reasons.
*/
if (!$this->isSignup() && !$this->mPosted && !$this->securityLevel && ($this->mReturnTo !== '' || $this->mReturnToQuery !== '') && $this->getUser()->isLoggedIn()) {
$this->successfulAction();
}
// If logging in and not on HTTPS, either redirect to it or offer a link.
global $wgSecureLogin;
if ($this->getRequest()->getProtocol() !== 'https') {
$title = $this->getFullTitle();
$query = $this->getPreservedParams(false) + ['title' => null, $this->mEntryErrorType === 'error' ? 'error' : 'warning' => $this->mEntryError] + $this->getRequest()->getQueryValues();
$url = $title->getFullURL($query, false, PROTO_HTTPS);
if ($wgSecureLogin && !$this->mFromHTTP && wfCanIPUseHTTPS($this->getRequest()->getIP())) {
// Avoid infinite redirect
$url = wfAppendQuery($url, 'fromhttp=1');
$this->getOutput()->redirect($url);
// Since we only do this redir to change proto, always vary
$this->getOutput()->addVaryHeader('X-Forwarded-Proto');
return;
} else {
// A wiki without HTTPS login support should set $wgServer to
// http://somehost, in which case the secure URL generated
// above won't actually start with https://
if (substr($url, 0, 8) === 'https://') {
$this->mSecureLoginUrl = $url;
}
}
}
if (!$this->isActionAllowed($this->authAction)) {
// FIXME how do we explain this to the user? can we handle session loss better?
// messages used: authpage-cannot-login, authpage-cannot-login-continue,
// authpage-cannot-create, authpage-cannot-create-continue
$this->mainLoginForm([], 'authpage-cannot-' . $this->authAction);
return;
}
$status = $this->trySubmit();
if (!$status || !$status->isGood()) {
$this->mainLoginForm($this->authRequests, $status ? $status->getMessage() : '', 'error');
return;
}
/** @var AuthenticationResponse $response */
$response = $status->getValue();
$returnToUrl = $this->getPageTitle('return')->getFullURL($this->getPreservedParams(true), false, PROTO_HTTPS);
switch ($response->status) {
case AuthenticationResponse::PASS:
$this->logAuthResult(true);
$this->proxyAccountCreation = $this->isSignup() && !$this->getUser()->isAnon();
$this->targetUser = User::newFromName($response->username);
if (!$this->proxyAccountCreation && $response->loginRequest && $authManager->canAuthenticateNow()) {
// successful registration; log the user in instantly
$response2 = $authManager->beginAuthentication([$response->loginRequest], $returnToUrl);
if ($response2->status !== AuthenticationResponse::PASS) {
LoggerFactory::getInstance('login')->error('Could not log in after account creation');
$this->successfulAction(true, Status::newFatal('createacct-loginerror'));
break;
}
}
if (!$this->proxyAccountCreation) {
// Ensure that the context user is the same as the session user.
$this->setSessionUserForCurrentRequest();
}
$this->successfulAction(true);
break;
case AuthenticationResponse::FAIL:
// fall through
// fall through
case AuthenticationResponse::RESTART:
unset($this->authForm);
if ($response->status === AuthenticationResponse::FAIL) {
$action = $this->getDefaultAction($subPage);
$messageType = 'error';
} else {
$action = $this->getContinueAction($this->authAction);
$messageType = 'warning';
}
$this->logAuthResult(false, $response->message ? $response->message->getKey() : '-');
$this->loadAuth($subPage, $action, true);
$this->mainLoginForm($this->authRequests, $response->message, $messageType);
break;
case AuthenticationResponse::REDIRECT:
unset($this->authForm);
$this->getOutput()->redirect($response->redirectTarget);
break;
case AuthenticationResponse::UI:
unset($this->authForm);
$this->authAction = $this->isSignup() ? AuthManager::ACTION_CREATE_CONTINUE : AuthManager::ACTION_LOGIN_CONTINUE;
$this->authRequests = $response->neededRequests;
$this->mainLoginForm($response->neededRequests, $response->message, 'warning');
break;
default:
throw new LogicException('invalid AuthenticationResponse');
}
}
/**
* @param $user User
* @param $context IContextSource
* @param $defaultPreferences
* @return void
*/
static function profilePreferences( $user, IContextSource $context, &$defaultPreferences ) {
global $wgAuth, $wgContLang, $wgParser, $wgCookieExpiration, $wgLanguageCode,
$wgDisableTitleConversion, $wgDisableLangConversion, $wgMaxSigChars,
$wgEnableEmail, $wgEmailConfirmToEdit, $wgEnableUserEmail, $wgEmailAuthentication,
$wgEnotifWatchlist, $wgEnotifUserTalk, $wgEnotifRevealEditorAddress,
$wgSecureLogin;
// retrieving user name for GENDER and misc.
$userName = $user->getName();
## User info #####################################
// Information panel
$defaultPreferences['username'] = array(
'type' => 'info',
'label-message' => array( 'username', $userName ),
'default' => $userName,
'section' => 'personal/info',
);
$defaultPreferences['userid'] = array(
'type' => 'info',
'label-message' => array( 'uid', $userName ),
'default' => $user->getId(),
'section' => 'personal/info',
);
# Get groups to which the user belongs
$userEffectiveGroups = $user->getEffectiveGroups();
$userGroups = $userMembers = array();
foreach ( $userEffectiveGroups as $ueg ) {
if ( $ueg == '*' ) {
// Skip the default * group, seems useless here
continue;
}
$groupName = User::getGroupName( $ueg );
$userGroups[] = User::makeGroupLinkHTML( $ueg, $groupName );
$memberName = User::getGroupMember( $ueg, $userName );
$userMembers[] = User::makeGroupLinkHTML( $ueg, $memberName );
}
asort( $userGroups );
asort( $userMembers );
$lang = $context->getLanguage();
$defaultPreferences['usergroups'] = array(
'type' => 'info',
'label' => $context->msg( 'prefs-memberingroups' )->numParams(
count( $userGroups ) )->params( $userName )->parse(),
'default' => $context->msg( 'prefs-memberingroups-type',
$lang->commaList( $userGroups ),
$lang->commaList( $userMembers )
)->plain(),
'raw' => true,
'section' => 'personal/info',
);
$editCount = Linker::link( SpecialPage::getTitleFor( "Contributions", $userName ),
$lang->formatNum( $user->getEditCount() ) );
$defaultPreferences['editcount'] = array(
'type' => 'info',
'raw' => true,
'label-message' => 'prefs-edits',
'default' => $editCount,
'section' => 'personal/info',
);
if ( $user->getRegistration() ) {
$displayUser = $context->getUser();
$userRegistration = $user->getRegistration();
$defaultPreferences['registrationdate'] = array(
'type' => 'info',
'label-message' => 'prefs-registration',
'default' => $context->msg(
'prefs-registration-date-time',
$lang->userTimeAndDate( $userRegistration, $displayUser ),
$lang->userDate( $userRegistration, $displayUser ),
$lang->userTime( $userRegistration, $displayUser )
)->parse(),
'section' => 'personal/info',
);
}
$canViewPrivateInfo = $user->isAllowed( 'viewmyprivateinfo' );
$canEditPrivateInfo = $user->isAllowed( 'editmyprivateinfo' );
// Actually changeable stuff
$defaultPreferences['realname'] = array(
// (not really "private", but still shouldn't be edited without permission)
'type' => $canEditPrivateInfo && $wgAuth->allowPropChange( 'realname' ) ? 'text' : 'info',
'default' => $user->getRealName(),
'section' => 'personal/info',
'label-message' => 'yourrealname',
'help-message' => 'prefs-help-realname',
);
if ( $canEditPrivateInfo && $wgAuth->allowPasswordChange() ) {
$link = Linker::link( SpecialPage::getTitleFor( 'ChangePassword' ),
$context->msg( 'prefs-resetpass' )->escaped(), array(),
array( 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ) );
$defaultPreferences['password'] = array(
'type' => 'info',
'raw' => true,
'default' => $link,
'label-message' => 'yourpassword',
'section' => 'personal/info',
);
}
if ( $wgCookieExpiration > 0 ) {
$defaultPreferences['rememberpassword'] = array(
'type' => 'toggle',
'label' => $context->msg( 'tog-rememberpassword' )->numParams(
ceil( $wgCookieExpiration / ( 3600 * 24 ) ) )->text(),
'section' => 'personal/info',
);
}
// Only show preferhttps if secure login is turned on
if ( $wgSecureLogin && wfCanIPUseHTTPS( $context->getRequest()->getIP() ) ) {
$defaultPreferences['prefershttps'] = array(
'type' => 'toggle',
'label-message' => 'tog-prefershttps',
'help-message' => 'prefs-help-prefershttps',
'section' => 'personal/info'
);
}
// Language
$languages = Language::fetchLanguageNames( null, 'mw' );
if ( !array_key_exists( $wgLanguageCode, $languages ) ) {
$languages[$wgLanguageCode] = $wgLanguageCode;
}
ksort( $languages );
$options = array();
foreach ( $languages as $code => $name ) {
$display = wfBCP47( $code ) . ' - ' . $name;
$options[$display] = $code;
}
$defaultPreferences['language'] = array(
'type' => 'select',
'section' => 'personal/i18n',
'options' => $options,
'label-message' => 'yourlanguage',
);
$defaultPreferences['gender'] = array(
'type' => 'radio',
'section' => 'personal/i18n',
'options' => array(
$context->msg( 'parentheses',
$context->msg( 'gender-unknown' )->text()
)->text() => 'unknown',
$context->msg( 'gender-female' )->text() => 'female',
$context->msg( 'gender-male' )->text() => 'male',
),
'label-message' => 'yourgender',
'help-message' => 'prefs-help-gender',
);
// see if there are multiple language variants to choose from
if ( !$wgDisableLangConversion ) {
foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
if ( $langCode == $wgContLang->getCode() ) {
$variants = $wgContLang->getVariants();
if ( count( $variants ) <= 1 ) {
continue;
}
$variantArray = array();
foreach ( $variants as $v ) {
$v = str_replace( '_', '-', strtolower( $v ) );
$variantArray[$v] = $lang->getVariantname( $v, false );
}
$options = array();
foreach ( $variantArray as $code => $name ) {
$display = wfBCP47( $code ) . ' - ' . $name;
$options[$display] = $code;
}
$defaultPreferences['variant'] = array(
'label-message' => 'yourvariant',
'type' => 'select',
'options' => $options,
'section' => 'personal/i18n',
'help-message' => 'prefs-help-variant',
);
if ( !$wgDisableTitleConversion ) {
$defaultPreferences['noconvertlink'] = array(
'type' => 'toggle',
'section' => 'personal/i18n',
'label-message' => 'tog-noconvertlink',
);
}
} else {
$defaultPreferences["variant-$langCode"] = array(
'type' => 'api',
);
}
}
}
// Stuff from Language::getExtraUserToggles()
// FIXME is this dead code? $extraUserToggles doesn't seem to be defined for any language
$toggles = $wgContLang->getExtraUserToggles();
foreach ( $toggles as $toggle ) {
$defaultPreferences[$toggle] = array(
'type' => 'toggle',
'section' => 'personal/i18n',
'label-message' => "tog-$toggle",
);
}
// show a preview of the old signature first
$oldsigWikiText = $wgParser->preSaveTransform( "~~~", $context->getTitle(), $user, ParserOptions::newFromContext( $context ) );
$oldsigHTML = $context->getOutput()->parseInline( $oldsigWikiText, true, true );
$defaultPreferences['oldsig'] = array(
'type' => 'info',
'raw' => true,
'label-message' => 'tog-oldsig',
'default' => $oldsigHTML,
'section' => 'personal/signature',
);
$defaultPreferences['nickname'] = array(
'type' => $wgAuth->allowPropChange( 'nickname' ) ? 'text' : 'info',
'maxlength' => $wgMaxSigChars,
'label-message' => 'yournick',
'validation-callback' => array( 'Preferences', 'validateSignature' ),
'section' => 'personal/signature',
'filter-callback' => array( 'Preferences', 'cleanSignature' ),
);
$defaultPreferences['fancysig'] = array(
'type' => 'toggle',
'label-message' => 'tog-fancysig',
'help-message' => 'prefs-help-signature', // show general help about signature at the bottom of the section
'section' => 'personal/signature'
);
## Email stuff
if ( $wgEnableEmail ) {
if ( $canViewPrivateInfo ) {
$helpMessages[] = $wgEmailConfirmToEdit
? 'prefs-help-email-required'
: 'prefs-help-email';
if ( $wgEnableUserEmail ) {
// additional messages when users can send email to each other
$helpMessages[] = 'prefs-help-email-others';
}
$emailAddress = $user->getEmail() ? htmlspecialchars( $user->getEmail() ) : '';
if ( $canEditPrivateInfo && $wgAuth->allowPropChange( 'emailaddress' ) ) {
$link = Linker::link(
SpecialPage::getTitleFor( 'ChangeEmail' ),
$context->msg( $user->getEmail() ? 'prefs-changeemail' : 'prefs-setemail' )->escaped(),
array(),
array( 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ) );
$emailAddress .= $emailAddress == '' ? $link : (
$context->msg( 'word-separator' )->plain()
. $context->msg( 'parentheses' )->rawParams( $link )->plain()
);
}
$defaultPreferences['emailaddress'] = array(
'type' => 'info',
'raw' => true,
'default' => $emailAddress,
'label-message' => 'youremail',
'section' => 'personal/email',
'help-messages' => $helpMessages,
# 'cssclass' chosen below
);
}
$disableEmailPrefs = false;
if ( $wgEmailAuthentication ) {
$emailauthenticationclass = 'mw-email-not-authenticated';
if ( $user->getEmail() ) {
if ( $user->getEmailAuthenticationTimestamp() ) {
// date and time are separate parameters to facilitate localisation.
// $time is kept for backward compat reasons.
// 'emailauthenticated' is also used in SpecialConfirmemail.php
$displayUser = $context->getUser();
$emailTimestamp = $user->getEmailAuthenticationTimestamp();
$time = $lang->userTimeAndDate( $emailTimestamp, $displayUser );
$d = $lang->userDate( $emailTimestamp, $displayUser );
$t = $lang->userTime( $emailTimestamp, $displayUser );
$emailauthenticated = $context->msg( 'emailauthenticated',
$time, $d, $t )->parse() . '<br />';
$disableEmailPrefs = false;
$emailauthenticationclass = 'mw-email-authenticated';
} else {
$disableEmailPrefs = true;
$emailauthenticated = $context->msg( 'emailnotauthenticated' )->parse() . '<br />' .
Linker::linkKnown(
SpecialPage::getTitleFor( 'Confirmemail' ),
$context->msg( 'emailconfirmlink' )->escaped()
) . '<br />';
$emailauthenticationclass = "mw-email-not-authenticated";
}
} else {
$disableEmailPrefs = true;
$emailauthenticated = $context->msg( 'noemailprefs' )->escaped();
$emailauthenticationclass = 'mw-email-none';
}
if ( $canViewPrivateInfo ) {
$defaultPreferences['emailauthentication'] = array(
'type' => 'info',
'raw' => true,
'section' => 'personal/email',
'label-message' => 'prefs-emailconfirm-label',
'default' => $emailauthenticated,
# Apply the same CSS class used on the input to the message:
'cssclass' => $emailauthenticationclass,
);
$defaultPreferences['emailaddress']['cssclass'] = $emailauthenticationclass;
}
}
if ( $wgEnableUserEmail && $user->isAllowed( 'sendemail' ) ) {
$defaultPreferences['disablemail'] = array(
'type' => 'toggle',
'invert' => true,
'section' => 'personal/email',
'label-message' => 'allowemail',
'disabled' => $disableEmailPrefs,
);
$defaultPreferences['ccmeonemails'] = array(
'type' => 'toggle',
'section' => 'personal/email',
'label-message' => 'tog-ccmeonemails',
'disabled' => $disableEmailPrefs,
);
}
if ( $wgEnotifWatchlist ) {
$defaultPreferences['enotifwatchlistpages'] = array(
'type' => 'toggle',
'section' => 'personal/email',
'label-message' => 'tog-enotifwatchlistpages',
'disabled' => $disableEmailPrefs,
);
}
if ( $wgEnotifUserTalk ) {
$defaultPreferences['enotifusertalkpages'] = array(
'type' => 'toggle',
'section' => 'personal/email',
'label-message' => 'tog-enotifusertalkpages',
'disabled' => $disableEmailPrefs,
);
}
if ( $wgEnotifUserTalk || $wgEnotifWatchlist ) {
$defaultPreferences['enotifminoredits'] = array(
'type' => 'toggle',
'section' => 'personal/email',
'label-message' => 'tog-enotifminoredits',
'disabled' => $disableEmailPrefs,
);
if ( $wgEnotifRevealEditorAddress ) {
$defaultPreferences['enotifrevealaddr'] = array(
'type' => 'toggle',
'section' => 'personal/email',
'label-message' => 'tog-enotifrevealaddr',
'disabled' => $disableEmailPrefs,
);
}
}
}
}
/**
* Determine based on the wiki configuration and the user's options,
* whether this user must be over HTTPS no matter what.
*
* @return bool
*/
public function requiresHTTPS()
{
global $wgSecureLogin;
if (!$wgSecureLogin) {
return false;
} else {
$https = $this->getBoolOption('prefershttps');
Hooks::run('UserRequiresHTTPS', array($this, &$https));
if ($https) {
$https = wfCanIPUseHTTPS($this->getRequest()->getIP());
}
return $https;
}
}
/**
* @param string|null $subPage
*/
public function execute($subPage)
{
if (session_id() == '') {
wfSetupSession();
}
$this->load();
// Check for [[Special:Userlogin/signup]]. This affects form display and
// page title.
if ($subPage == 'signup') {
$this->mType = 'signup';
}
$this->setHeaders();
// In the case where the user is already logged in, and was redirected to the login form from a
// page that requires login, do not show the login page. The use case scenario for this is when
// a user opens a large number of tabs, is redirected to the login page on all of them, and then
// logs in on one, expecting all the others to work properly.
//
// However, do show the form if it was visited intentionally (no 'returnto' is present). People
// who often switch between several accounts have grown accustomed to this behavior.
if ($this->mType !== 'signup' && !$this->mPosted && $this->getUser()->isLoggedIn() && ($this->mReturnTo !== '' || $this->mReturnToQuery !== '')) {
$this->successfulLogin();
}
// If logging in and not on HTTPS, either redirect to it or offer a link.
global $wgSecureLogin;
if ($this->mRequest->getProtocol() !== 'https') {
$title = $this->getFullTitle();
$query = array('returnto' => $this->mReturnTo !== '' ? $this->mReturnTo : null, 'returntoquery' => $this->mReturnToQuery !== '' ? $this->mReturnToQuery : null, 'title' => null, $this->mEntryErrorType === 'error' ? 'error' : 'warning' => $this->mEntryError) + $this->mRequest->getQueryValues();
$url = $title->getFullURL($query, false, PROTO_HTTPS);
if ($wgSecureLogin && wfCanIPUseHTTPS($this->getRequest()->getIP()) && !$this->mFromHTTP) {
$url = wfAppendQuery($url, 'fromhttp=1');
$this->getOutput()->redirect($url);
// Since we only do this redir to change proto, always vary
$this->getOutput()->addVaryHeader('X-Forwarded-Proto');
return;
} else {
// A wiki without HTTPS login support should set $wgServer to
// http://somehost, in which case the secure URL generated
// above won't actually start with https://
if (substr($url, 0, 8) === 'https://') {
$this->mSecureLoginUrl = $url;
}
}
}
if (!is_null($this->mCookieCheck)) {
$this->onCookieRedirectCheck($this->mCookieCheck);
return;
} elseif ($this->mPosted) {
if ($this->mCreateaccount) {
$this->addNewAccount();
return;
} elseif ($this->mCreateaccountMail) {
$this->addNewAccountMailPassword();
return;
} elseif ('submitlogin' == $this->mAction || $this->mLoginattempt) {
$this->processLogin();
return;
}
}
$this->mainLoginForm($this->mEntryError, $this->mEntryErrorType);
}
/**
* @param User $user
* @param CentralAuthUser $centralUser
* @param string $inject_html
* @return bool
*/
protected static function doCentralLoginRedirect(User $user, CentralAuthUser $centralUser, &$inject_html)
{
global $wgCentralAuthLoginWiki, $wgMemc, $wgSecureLogin;
$context = RequestContext::getMain();
$request = $context->getRequest();
if (!$wgCentralAuthLoginWiki || defined('MW_API')) {
// Mark the session to include edge login imgs on the next pageview
$request->setSessionData('CentralAuthDoEdgeLogin', true);
return true;
}
// Check that this is actually for a special login page view
if ($context->getTitle()->isSpecial('Userlogin') && $request->wasPosted()) {
// User will be redirected to Special:CentralLogin/start (central wiki),
// then redirected back to Special:CentralLogin/complete (this wiki).
// Sanity check that "returnto" is not one of the central login pages. If it
// is, then clear the "returnto" options (LoginForm will use the main page).
$returnTo = $request->getVal('returnto', '');
$returnToQuery = $request->getVal('returntoquery', '');
$returnToTitle = Title::newFromText($returnTo);
if ($returnToTitle && $returnToTitle->isSpecial('CentralLogin')) {
$returnTo = '';
$returnToQuery = '';
}
// Determine the final protocol of page, after login
$finalProto = $request->detectProtocol();
$secureCookies = $finalProto === 'https';
if ($wgSecureLogin) {
$finalProto = 'http';
if ($request->getBool('wpForceHttps', false) || $user->getBoolOption('prefershttps') && wfCanIPUseHTTPS($request->getIP())) {
$finalProto = 'https';
}
$secureCookies = $finalProto === 'https' && $user->getBoolOption('prefershttps');
}
// When POSTs triggered from Special:CentralLogin/start are sent back to
// this wiki, the token will be checked to see if it was signed with this.
// This is needed as Special:CentralLogin/start only takes a token argument
// and we need to make sure an agent requesting such a URL actually initiated
// the login request that spawned that token server-side.
$secret = MWCryptRand::generateHex(32);
$_SESSION['CentralAuth:autologin:current-attempt'] = array('secret' => $secret, 'remember' => $request->getCheck('wpRemember'), 'returnTo' => $returnTo, 'returnToQuery' => $returnToQuery, 'stickHTTPS' => $secureCookies, 'finalProto' => $finalProto, 'type' => $request->getText('type'));
// Create a new token to pass to Special:CentralLogin/start (central wiki)
$token = MWCryptRand::generateHex(32);
$key = CentralAuthUser::memcKey('central-login-start-token', $token);
$data = array('secret' => $secret, 'name' => $centralUser->getName(), 'guid' => $centralUser->getId(), 'wikiId' => wfWikiId(), 'secureCookies' => $secureCookies, 'finalProto' => $finalProto, 'currentProto' => $request->detectProtocol());
Hooks::run('CentralAuthLoginRedirectData', array($centralUser, &$data));
$wgMemc->set($key, $data, 60);
$wiki = WikiMap::getWiki($wgCentralAuthLoginWiki);
// Use WikiReference::getFullUrl(), returns a protocol-relative URL if needed
$context->getOutput()->redirect(wfAppendQuery($wiki->getFullUrl('Special:CentralLogin/start'), "token={$token}"));
// Set $inject_html to some text to bypass the LoginForm redirection
$inject_html .= '<!-- do CentralAuth redirect -->';
} else {
// Mark the session to include edge login imgs on the next pageview
$request->setSessionData('CentralAuthDoEdgeLogin', true);
}
return true;
}
public function execute($subPage)
{
if (session_id() == '') {
wfSetupSession();
}
$this->load();
// Check for [[Special:Userlogin/signup]]. This affects form display and
// page title.
if ($subPage == 'signup') {
$this->mType = 'signup';
}
$this->setHeaders();
// If logging in and not on HTTPS, either redirect to it or offer a link.
global $wgSecureLogin;
if ($this->mRequest->getProtocol() !== 'https') {
$title = $this->getFullTitle();
$query = array('returnto' => $this->mReturnTo, 'returntoquery' => $this->mReturnToQuery, 'title' => null) + $this->mRequest->getQueryValues();
$url = $title->getFullURL($query, false, PROTO_HTTPS);
if ($wgSecureLogin && wfCanIPUseHTTPS($this->getRequest()->getIP())) {
$url = wfAppendQuery($url, 'fromhttp=1');
$this->getOutput()->redirect($url);
// Since we only do this redir to change proto, always vary
$this->getOutput()->addVaryHeader('X-Forwarded-Proto');
return;
} else {
// A wiki without HTTPS login support should set $wgServer to
// http://somehost, in which case the secure URL generated
// above won't actually start with https://
if (substr($url, 0, 8) === 'https://') {
$this->mSecureLoginUrl = $url;
}
}
}
if (!is_null($this->mCookieCheck)) {
$this->onCookieRedirectCheck($this->mCookieCheck);
return;
} elseif ($this->mPosted) {
if ($this->mCreateaccount) {
$this->addNewAccount();
return;
} elseif ($this->mCreateaccountMail) {
$this->addNewAccountMailPassword();
return;
} elseif ('submitlogin' == $this->mAction || $this->mLoginattempt) {
$this->processLogin();
return;
}
}
$this->mainLoginForm('');
}
/**
* @param CentralAuthUser $centralUser
* @param User $user
* @return array
*/
private function getCentralSession($centralUser, $user)
{
$centralSession = $centralUser->getSession();
$request = $this->getRequest();
// If there's no "finalProto", check if one was passed, and otherwise
// assume the current.
if (!isset($centralSession['finalProto'])) {
$centralSession['finalProto'] = $request->getVal('proto', $request->detectProtocol());
}
// If there's no "remember", pull from the user preference.
if (!isset($centralSession['remember'])) {
$centralSession['remember'] = $user->getBoolOption('rememberpassword');
}
// Make sure there's a value for secureCookies
if (!isset($centralSession['secureCookies'])) {
$centralSession['secureCookies'] = $user->getBoolOption('prefershttps') && wfCanIPUseHTTPS($request->getIP());
}
// Make sure there's a session id by creating a session if necessary.
if (!isset($centralSession['sessionId'])) {
$centralSession['sessionId'] = $centralUser->setSession($centralSession);
}
return $centralSession;
}
