public function execute()
{
$Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $LoginToken = null;
extract($this->extractRequestParams());
if (!empty($Loginattempt)) {
// Login attempt
$params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $LoginToken));
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$result = array();
$loginForm = new LoginForm($params);
$caseCode = $loginForm->authenticateUserData();
switch ($caseCode) {
case LoginForm::RESET_PASS:
$result['result'] = 'Reset';
break;
case LoginForm::SUCCESS:
global $wgUser;
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html));
$wgUser->setGlobalPreference('rememberpassword', $Remember ? 1 : 0);
$wgUser->setCookies();
$result['result'] = 'Success';
$result['lguserid'] = $_SESSION['wsUserID'];
$result['lgusername'] = $_SESSION['wsUserName'];
$result['lgtoken'] = $_SESSION['wsToken'];
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
$result['text'] = wfMsg('noname');
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
$result['text'] = wfMsg('noname');
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
$result['text'] = wfMsg('wrongpassword');
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
$result['text'] = wfMsg('nosuchuser', htmlspecialchars($Name));
break;
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
$result['text'] = wfMsg('wrongpassword');
#set default normal message
$attemptedUser = User::newFromName($Name);
if (!is_null($attemptedUser)) {
$disOpt = $attemptedUser->getGlobalFlag('disabled');
if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) {
#either closed account flag was present, override fail message
$result['text'] = wfMsg('edit-account-closed-flag');
}
}
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
$result['text'] = wfMsg('wrongpasswordempty');
break;
case LoginForm::NEED_TOKEN:
case LoginForm::WRONG_TOKEN:
$result['result'] = 'NeedToken';
$result['text'] = wfMsg('sessionfailure');
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$result['text'] = wfMsg('login-throttled');
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['text'] = wfMsg($loginForm->mAbortLoginErrorMsg);
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: \"{$caseCode}\"");
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
} else {
if (!empty($Mailmypassword)) {
// Remind password attemp
$params = new FauxRequest(array('wpName' => $Name));
$result = array();
$loginForm = new LoginForm($params);
$loginForm->load();
global $wgUser, $wgOut, $wgAuth;
if (!$wgAuth->allowPasswordChange()) {
$result['result'] = 'resetpass_forbidden';
$result['text'] = wfMsg('resetpass_forbidden');
} else {
if ($wgUser->isBlocked()) {
$result['result'] = 'blocked-mailpassword';
$result['text'] = wfMsg('blocked-mailpassword');
} else {
if ('' == $loginForm->mUsername) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} else {
$u = User::newFromName($loginForm->mUsername);
if (empty($u)) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} else {
if (0 == $u->getID()) {
$result['result'] = 'nosuchuser';
$result['text'] = wfMsg('nosuchuser', $u->getName());
} else {
if ($u->isPasswordReminderThrottled()) {
global $wgPasswordReminderResendTime;
$result['result'] = 'throttled-mailpassword';
$result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3));
} else {
$res = $loginForm->mailPasswordInternal($u, true);
if (!$res->isOK()) {
$result['result'] = 'mailerror';
$result['text'] = wfMsg('mailerror', $res->getMessage());
} else {
$result['result'] = 'OK';
$result['text'] = wfMsg('passwordsent', $u->getName());
}
}
}
}
}
}
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
}
}
}
/**
* Disconnect the user from Facebook. This can occur in one of two ways, either when the user
* deletes the Wikia App from facebook, or when they explicitly disconnect via Special:Preferences.
* If it comes from Facebook, the request is internal and is sent by FacebookClientController::deauthorizeCallback.
* If it comes explicitly from the user, the request is external and is sent by preferences.js::disconnect.
*
* @requestParam user This is a user object.
*/
public function disconnectFromFB()
{
if ($this->request->isInternal()) {
// deauthorizeCallback which makes this internal request ensures 'user' is set
$userId = $this->getVal('user');
$user = User::newFromId($userId);
} elseif ($this->isValidExternalRequest()) {
$user = F::app()->wg->User;
} else {
$this->status = 'error';
$this->msg = wfMessage('fbconnect-unknown-error')->escaped();
return;
}
FacebookMapModel::deleteFromWikiaID($user->getId());
$params = new FauxRequest(['wpName' => $user->getName()]);
$loginForm = new LoginForm($params);
if ($user->getGlobalFlag('fbFromExist')) {
$res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle-exist', 'fbconnect-passwordremindertext-exist');
} else {
$res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle', 'fbconnect-passwordremindertext');
}
if ($res->isGood()) {
$this->status = 'ok';
} else {
$this->status = 'error';
$this->msg = wfMessage('fbconnect-unknown-error')->text();
}
}
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
}
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
}
$params = $this->extractRequestParams();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
$this->dieUsage('Invalid language parameter', 'langinvalid');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
if ($params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'NeedToken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
$this->dieStatus($status);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'Warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
ApiResult::setIndexedTagName($warning['params'], 'param');
}
ApiResult::setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'Success';
}
// Give extensions a chance to modify the API result data
Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
$apiResult->addValue(null, 'createaccount', $result);
}
public function execute()
{
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
// If we showed up language selection links, and one was in use, be
// smart (and sensible) and save that language as the user's preference
global $wgLoginLanguageSelector, $wgEmailAuthentication;
if ($wgLoginLanguageSelector && $params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'needtoken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
// Cannot use dieUsageMsg() directly because extensions
// might return custom error messages.
$errors = $status->getErrorsArray();
if ($errors[0] instanceof Message) {
$code = 'aborted';
$desc = $errors[0];
} else {
$code = array_shift($errors[0]);
$desc = wfMessage($code, $errors[0]);
}
$this->dieUsage($desc, $code);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
$apiResult->setIndexedTagName($warning['params'], 'param');
}
$apiResult->setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'success';
}
$apiResult->addValue(null, 'createaccount', $result);
}
public static function coreDisconnectFromFB($user = null)
{
global $wgRequest, $wgUser, $wgAuth;
if ($user == null) {
$user = $wgUser;
}
$statusError = array('status' => "error", "msg" => wfMsg('fbconnect-unknown-error'));
if (!$user instanceof User) {
return $statusError;
}
if ($user->getId() == 0) {
return $statusError;
}
$dbw = wfGetDB(DB_MASTER, array(), FBConnectDB::sharedDB());
$dbw->begin();
$rows = FBConnectDB::removeFacebookID($user);
// Remind password attemp
$params = new FauxRequest(array('wpName' => $user->getName()));
$result = array();
$loginForm = new LoginForm($params);
if ($wgUser->getOption("fbFromExist")) {
$res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle-exist', 'fbconnect-passwordremindertext-exist');
} else {
$res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle', 'fbconnect-passwordremindertext');
}
if (WikiError::isError($res)) {
return $statusError;
}
return array('status' => "ok");
}
public function execute()
{
wfSetupSession();
$Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $Token = null;
extract($this->extractRequestParams());
if (!empty($Loginattempt)) {
// Login attempt
$params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $Token));
$result = array();
$loginForm = new LoginForm($params);
switch ($loginForm->authenticateUserData()) {
case LoginForm::RESET_PASS:
$result['result'] = 'Reset';
break;
case LoginForm::SUCCESS:
global $wgUser, $wgCookiePrefix;
$wgUser->setOption('rememberpassword', $Remember ? 1 : 0);
$wgUser->setCookies();
$result['result'] = 'Success';
$result['lguserid'] = intval($wgUser->getId());
$result['lgusername'] = $wgUser->getName();
$result['lgtoken'] = $wgUser->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
$result['text'] = wfMsg('noname');
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
$result['text'] = wfMsg('noname');
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
$result['text'] = wfMsg('wrongpassword');
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
$result['text'] = wfMsg('al-nosuchuser', htmlspecialchars($Name));
break;
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
$result['text'] = wfMsg('wrongpassword');
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
$result['text'] = wfMsg('wrongpasswordempty');
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['text'] = wfMsg('al-createblocked');
break;
case LoginForm::THROTTLED:
global $wgPasswordAttemptThrottle, $wgLang;
$result['result'] = 'Throttled';
$result['text'] = wfMsgExt('al-throttled', 'parsemag', $wgLang->formatNum(intval($wgPasswordAttemptThrottle['seconds'])));
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
break;
default:
ApiBase::dieDebug(__METHOD__, 'Unhandled case value');
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
} elseif (!empty($Mailmypassword)) {
// Remind password attempt
$params = new FauxRequest(array('wpName' => $Name));
$result = array();
$loginForm = new LoginForm($params);
global $wgUser, $wgAuth;
if (!$wgAuth->allowPasswordChange()) {
$result['result'] = 'resetpass_forbidden';
$result['text'] = wfMsg('resetpass_forbidden');
} elseif ($wgUser->isBlocked()) {
$result['result'] = 'blocked-mailpassword';
$result['text'] = wfMsg('blocked-mailpassword');
} elseif ('' == $loginForm->mName) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} else {
$u = User::newFromName($loginForm->mName);
if (is_null($u)) {
$result['result'] = 'noname';
$result['text'] = wfMsg('noname');
} elseif (0 == $u->getID()) {
$result['result'] = 'nosuchuser';
$result['text'] = wfMsg('al-nosuchuser', $u->getName());
} elseif ($u->isPasswordReminderThrottled()) {
global $wgPasswordReminderResendTime;
$result['result'] = 'throttled-mailpassword';
$result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3));
} else {
$res = $loginForm->mailPasswordInternal($u, true);
if (WikiError::isError($res)) {
$result['result'] = 'mailerror';
$result['text'] = wfMsg('mailerror', $res->getMessage());
} else {
$result['result'] = 'OK';
$result['text'] = wfMsg('passwordsent', $u->getName());
}
}
}
$dbw = wfGetDB(DB_MASTER);
$dbw->commit();
$this->getResult()->addValue(null, 'ajaxlogin', $result);
}
}