Пример #1
0
 public function execute()
 {
     $Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $LoginToken = null;
     extract($this->extractRequestParams());
     if (!empty($Loginattempt)) {
         // Login attempt
         $params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $LoginToken));
         // Init session if necessary
         if (session_id() == '') {
             wfSetupSession();
         }
         $result = array();
         $loginForm = new LoginForm($params);
         $caseCode = $loginForm->authenticateUserData();
         switch ($caseCode) {
             case LoginForm::RESET_PASS:
                 $result['result'] = 'Reset';
                 break;
             case LoginForm::SUCCESS:
                 global $wgUser;
                 $injected_html = '';
                 wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html));
                 $wgUser->setGlobalPreference('rememberpassword', $Remember ? 1 : 0);
                 $wgUser->setCookies();
                 $result['result'] = 'Success';
                 $result['lguserid'] = $_SESSION['wsUserID'];
                 $result['lgusername'] = $_SESSION['wsUserName'];
                 $result['lgtoken'] = $_SESSION['wsToken'];
                 break;
             case LoginForm::NO_NAME:
                 $result['result'] = 'NoName';
                 $result['text'] = wfMsg('noname');
                 break;
             case LoginForm::ILLEGAL:
                 $result['result'] = 'Illegal';
                 $result['text'] = wfMsg('noname');
                 break;
             case LoginForm::WRONG_PLUGIN_PASS:
                 $result['result'] = 'WrongPluginPass';
                 $result['text'] = wfMsg('wrongpassword');
                 break;
             case LoginForm::NOT_EXISTS:
                 $result['result'] = 'NotExists';
                 $result['text'] = wfMsg('nosuchuser', htmlspecialchars($Name));
                 break;
             case LoginForm::WRONG_PASS:
                 $result['result'] = 'WrongPass';
                 $result['text'] = wfMsg('wrongpassword');
                 #set default normal message
                 $attemptedUser = User::newFromName($Name);
                 if (!is_null($attemptedUser)) {
                     $disOpt = $attemptedUser->getGlobalFlag('disabled');
                     if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) {
                         #either closed account flag was present, override fail message
                         $result['text'] = wfMsg('edit-account-closed-flag');
                     }
                 }
                 break;
             case LoginForm::EMPTY_PASS:
                 $result['result'] = 'EmptyPass';
                 $result['text'] = wfMsg('wrongpasswordempty');
                 break;
             case LoginForm::NEED_TOKEN:
             case LoginForm::WRONG_TOKEN:
                 $result['result'] = 'NeedToken';
                 $result['text'] = wfMsg('sessionfailure');
                 break;
             case LoginForm::THROTTLED:
                 $result['result'] = 'Throttled';
                 $result['text'] = wfMsg('login-throttled');
                 break;
             case LoginForm::ABORTED:
                 $result['result'] = 'Aborted';
                 $result['text'] = wfMsg($loginForm->mAbortLoginErrorMsg);
                 break;
             default:
                 ApiBase::dieDebug(__METHOD__, "Unhandled case value: \"{$caseCode}\"");
         }
         $dbw = wfGetDB(DB_MASTER);
         $dbw->commit();
         $this->getResult()->addValue(null, 'ajaxlogin', $result);
     } else {
         if (!empty($Mailmypassword)) {
             // Remind password attemp
             $params = new FauxRequest(array('wpName' => $Name));
             $result = array();
             $loginForm = new LoginForm($params);
             $loginForm->load();
             global $wgUser, $wgOut, $wgAuth;
             if (!$wgAuth->allowPasswordChange()) {
                 $result['result'] = 'resetpass_forbidden';
                 $result['text'] = wfMsg('resetpass_forbidden');
             } else {
                 if ($wgUser->isBlocked()) {
                     $result['result'] = 'blocked-mailpassword';
                     $result['text'] = wfMsg('blocked-mailpassword');
                 } else {
                     if ('' == $loginForm->mUsername) {
                         $result['result'] = 'noname';
                         $result['text'] = wfMsg('noname');
                     } else {
                         $u = User::newFromName($loginForm->mUsername);
                         if (empty($u)) {
                             $result['result'] = 'noname';
                             $result['text'] = wfMsg('noname');
                         } else {
                             if (0 == $u->getID()) {
                                 $result['result'] = 'nosuchuser';
                                 $result['text'] = wfMsg('nosuchuser', $u->getName());
                             } else {
                                 if ($u->isPasswordReminderThrottled()) {
                                     global $wgPasswordReminderResendTime;
                                     $result['result'] = 'throttled-mailpassword';
                                     $result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3));
                                 } else {
                                     $res = $loginForm->mailPasswordInternal($u, true);
                                     if (!$res->isOK()) {
                                         $result['result'] = 'mailerror';
                                         $result['text'] = wfMsg('mailerror', $res->getMessage());
                                     } else {
                                         $result['result'] = 'OK';
                                         $result['text'] = wfMsg('passwordsent', $u->getName());
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
             $dbw = wfGetDB(DB_MASTER);
             $dbw->commit();
             $this->getResult()->addValue(null, 'ajaxlogin', $result);
         }
     }
 }
 /**
  * Disconnect the user from Facebook. This can occur in one of two ways, either when the user
  * deletes the Wikia App from facebook, or when they explicitly disconnect via Special:Preferences.
  * If it comes from Facebook, the request is internal and is sent by FacebookClientController::deauthorizeCallback.
  * If it comes explicitly from the user, the request is external and is sent by preferences.js::disconnect.
  *
  * @requestParam user This is a user object.
  */
 public function disconnectFromFB()
 {
     if ($this->request->isInternal()) {
         // deauthorizeCallback which makes this internal request ensures 'user' is set
         $userId = $this->getVal('user');
         $user = User::newFromId($userId);
     } elseif ($this->isValidExternalRequest()) {
         $user = F::app()->wg->User;
     } else {
         $this->status = 'error';
         $this->msg = wfMessage('fbconnect-unknown-error')->escaped();
         return;
     }
     FacebookMapModel::deleteFromWikiaID($user->getId());
     $params = new FauxRequest(['wpName' => $user->getName()]);
     $loginForm = new LoginForm($params);
     if ($user->getGlobalFlag('fbFromExist')) {
         $res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle-exist', 'fbconnect-passwordremindertext-exist');
     } else {
         $res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle', 'fbconnect-passwordremindertext');
     }
     if ($res->isGood()) {
         $this->status = 'ok';
     } else {
         $this->status = 'error';
         $this->msg = wfMessage('fbconnect-unknown-error')->text();
     }
 }
Пример #3
0
 public function execute()
 {
     // If we're in a mode that breaks the same-origin policy, no tokens can
     // be obtained
     if ($this->lacksSameOriginSecurity()) {
         $this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
     }
     // $loginForm->addNewaccountInternal will throw exceptions
     // if wiki is read only (already handled by api), user is blocked or does not have rights.
     // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
     $loginTitle = SpecialPage::getTitleFor('Userlogin');
     if (!$loginTitle->userCan('createaccount', $this->getUser())) {
         $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
     }
     if ($this->getUser()->isBlockedFromCreateAccount()) {
         $this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
     }
     $params = $this->extractRequestParams();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     if ($params['mailpassword'] && !$params['email']) {
         $this->dieUsageMsg('noemail');
     }
     if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
         $this->dieUsage('Invalid language parameter', 'langinvalid');
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
     $loginForm->load();
     $status = $loginForm->addNewaccountInternal();
     $result = array();
     if ($status->isGood()) {
         // Success!
         $user = $status->getValue();
         if ($params['language']) {
             $user->setOption('language', $params['language']);
         }
         if ($params['mailpassword']) {
             // If mailpassword was set, disable the password and send an email.
             $user->setPassword(null);
             $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
         } elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
             // Send out an email authentication message if needed
             $status->merge($user->sendConfirmationMail());
         }
         // Save settings (including confirmation token)
         $user->saveSettings();
         Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
         if ($params['mailpassword']) {
             $logAction = 'byemail';
         } elseif ($this->getUser()->isLoggedIn()) {
             $logAction = 'create2';
         } else {
             $logAction = 'create';
         }
         $user->addNewUserLogEntry($logAction, (string) $params['reason']);
         // Add username, id, and token to result.
         $result['username'] = $user->getName();
         $result['userid'] = $user->getId();
         $result['token'] = $user->getToken();
     }
     $apiResult = $this->getResult();
     if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
         // Token was incorrect, so add it to result, but don't throw an exception
         // since not having the correct token is part of the normal
         // flow of events.
         $result['token'] = LoginForm::getCreateaccountToken();
         $result['result'] = 'NeedToken';
     } elseif (!$status->isOK()) {
         // There was an error. Die now.
         $this->dieStatus($status);
     } elseif (!$status->isGood()) {
         // Status is not good, but OK. This means warnings.
         $result['result'] = 'Warning';
         // Add any warnings to the result
         $warnings = $status->getErrorsByType('warning');
         if ($warnings) {
             foreach ($warnings as &$warning) {
                 ApiResult::setIndexedTagName($warning['params'], 'param');
             }
             ApiResult::setIndexedTagName($warnings, 'warning');
             $result['warnings'] = $warnings;
         }
     } else {
         // Everything was fine.
         $result['result'] = 'Success';
     }
     // Give extensions a chance to modify the API result data
     Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
     $apiResult->addValue(null, 'createaccount', $result);
 }
 public function execute()
 {
     // $loginForm->addNewaccountInternal will throw exceptions
     // if wiki is read only (already handled by api), user is blocked or does not have rights.
     // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
     $loginTitle = SpecialPage::getTitleFor('Userlogin');
     if (!$loginTitle->userCan('createaccount', $this->getUser())) {
         $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
     }
     if ($this->getUser()->isBlockedFromCreateAccount()) {
         $this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
     }
     $params = $this->extractRequestParams();
     $result = array();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     if ($params['mailpassword'] && !$params['email']) {
         $this->dieUsageMsg('noemail');
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     $loginForm->load();
     $status = $loginForm->addNewaccountInternal();
     $result = array();
     if ($status->isGood()) {
         // Success!
         $user = $status->getValue();
         // If we showed up language selection links, and one was in use, be
         // smart (and sensible) and save that language as the user's preference
         global $wgLoginLanguageSelector, $wgEmailAuthentication;
         if ($wgLoginLanguageSelector && $params['language']) {
             $user->setOption('language', $params['language']);
         }
         if ($params['mailpassword']) {
             // If mailpassword was set, disable the password and send an email.
             $user->setPassword(null);
             $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
         } elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
             // Send out an email authentication message if needed
             $status->merge($user->sendConfirmationMail());
         }
         // Save settings (including confirmation token)
         $user->saveSettings();
         wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
         if ($params['mailpassword']) {
             $logAction = 'byemail';
         } elseif ($this->getUser()->isLoggedIn()) {
             $logAction = 'create2';
         } else {
             $logAction = 'create';
         }
         $user->addNewUserLogEntry($logAction, (string) $params['reason']);
         // Add username, id, and token to result.
         $result['username'] = $user->getName();
         $result['userid'] = $user->getId();
         $result['token'] = $user->getToken();
     }
     $apiResult = $this->getResult();
     if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
         // Token was incorrect, so add it to result, but don't throw an exception
         // since not having the correct token is part of the normal
         // flow of events.
         $result['token'] = LoginForm::getCreateaccountToken();
         $result['result'] = 'needtoken';
     } elseif (!$status->isOK()) {
         // There was an error. Die now.
         // Cannot use dieUsageMsg() directly because extensions
         // might return custom error messages.
         $errors = $status->getErrorsArray();
         if ($errors[0] instanceof Message) {
             $code = 'aborted';
             $desc = $errors[0];
         } else {
             $code = array_shift($errors[0]);
             $desc = wfMessage($code, $errors[0]);
         }
         $this->dieUsage($desc, $code);
     } elseif (!$status->isGood()) {
         // Status is not good, but OK. This means warnings.
         $result['result'] = 'warning';
         // Add any warnings to the result
         $warnings = $status->getErrorsByType('warning');
         if ($warnings) {
             foreach ($warnings as &$warning) {
                 $apiResult->setIndexedTagName($warning['params'], 'param');
             }
             $apiResult->setIndexedTagName($warnings, 'warning');
             $result['warnings'] = $warnings;
         }
     } else {
         // Everything was fine.
         $result['result'] = 'success';
     }
     $apiResult->addValue(null, 'createaccount', $result);
 }
Пример #5
0
 public static function coreDisconnectFromFB($user = null)
 {
     global $wgRequest, $wgUser, $wgAuth;
     if ($user == null) {
         $user = $wgUser;
     }
     $statusError = array('status' => "error", "msg" => wfMsg('fbconnect-unknown-error'));
     if (!$user instanceof User) {
         return $statusError;
     }
     if ($user->getId() == 0) {
         return $statusError;
     }
     $dbw = wfGetDB(DB_MASTER, array(), FBConnectDB::sharedDB());
     $dbw->begin();
     $rows = FBConnectDB::removeFacebookID($user);
     // Remind password attemp
     $params = new FauxRequest(array('wpName' => $user->getName()));
     $result = array();
     $loginForm = new LoginForm($params);
     if ($wgUser->getOption("fbFromExist")) {
         $res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle-exist', 'fbconnect-passwordremindertext-exist');
     } else {
         $res = $loginForm->mailPasswordInternal($user, true, 'fbconnect-passwordremindertitle', 'fbconnect-passwordremindertext');
     }
     if (WikiError::isError($res)) {
         return $statusError;
     }
     return array('status' => "ok");
 }
Пример #6
0
 public function execute()
 {
     wfSetupSession();
     $Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $Token = null;
     extract($this->extractRequestParams());
     if (!empty($Loginattempt)) {
         // Login attempt
         $params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $Token));
         $result = array();
         $loginForm = new LoginForm($params);
         switch ($loginForm->authenticateUserData()) {
             case LoginForm::RESET_PASS:
                 $result['result'] = 'Reset';
                 break;
             case LoginForm::SUCCESS:
                 global $wgUser, $wgCookiePrefix;
                 $wgUser->setOption('rememberpassword', $Remember ? 1 : 0);
                 $wgUser->setCookies();
                 $result['result'] = 'Success';
                 $result['lguserid'] = intval($wgUser->getId());
                 $result['lgusername'] = $wgUser->getName();
                 $result['lgtoken'] = $wgUser->getToken();
                 $result['cookieprefix'] = $wgCookiePrefix;
                 $result['sessionid'] = session_id();
                 break;
             case LoginForm::NEED_TOKEN:
                 $result['result'] = 'NeedToken';
                 $result['token'] = $loginForm->getLoginToken();
                 $result['cookieprefix'] = $wgCookiePrefix;
                 $result['sessionid'] = session_id();
                 break;
             case LoginForm::WRONG_TOKEN:
                 $result['result'] = 'WrongToken';
                 break;
             case LoginForm::NO_NAME:
                 $result['result'] = 'NoName';
                 $result['text'] = wfMsg('noname');
                 break;
             case LoginForm::ILLEGAL:
                 $result['result'] = 'Illegal';
                 $result['text'] = wfMsg('noname');
                 break;
             case LoginForm::WRONG_PLUGIN_PASS:
                 $result['result'] = 'WrongPluginPass';
                 $result['text'] = wfMsg('wrongpassword');
                 break;
             case LoginForm::NOT_EXISTS:
                 $result['result'] = 'NotExists';
                 $result['text'] = wfMsg('al-nosuchuser', htmlspecialchars($Name));
                 break;
             case LoginForm::RESET_PASS:
             case LoginForm::WRONG_PASS:
                 $result['result'] = 'WrongPass';
                 $result['text'] = wfMsg('wrongpassword');
                 break;
             case LoginForm::EMPTY_PASS:
                 $result['result'] = 'EmptyPass';
                 $result['text'] = wfMsg('wrongpasswordempty');
                 break;
             case LoginForm::CREATE_BLOCKED:
                 $result['result'] = 'CreateBlocked';
                 $result['text'] = wfMsg('al-createblocked');
                 break;
             case LoginForm::THROTTLED:
                 global $wgPasswordAttemptThrottle, $wgLang;
                 $result['result'] = 'Throttled';
                 $result['text'] = wfMsgExt('al-throttled', 'parsemag', $wgLang->formatNum(intval($wgPasswordAttemptThrottle['seconds'])));
                 break;
             case LoginForm::USER_BLOCKED:
                 $result['result'] = 'Blocked';
                 break;
             default:
                 ApiBase::dieDebug(__METHOD__, 'Unhandled case value');
         }
         $dbw = wfGetDB(DB_MASTER);
         $dbw->commit();
         $this->getResult()->addValue(null, 'ajaxlogin', $result);
     } elseif (!empty($Mailmypassword)) {
         // Remind password attempt
         $params = new FauxRequest(array('wpName' => $Name));
         $result = array();
         $loginForm = new LoginForm($params);
         global $wgUser, $wgAuth;
         if (!$wgAuth->allowPasswordChange()) {
             $result['result'] = 'resetpass_forbidden';
             $result['text'] = wfMsg('resetpass_forbidden');
         } elseif ($wgUser->isBlocked()) {
             $result['result'] = 'blocked-mailpassword';
             $result['text'] = wfMsg('blocked-mailpassword');
         } elseif ('' == $loginForm->mName) {
             $result['result'] = 'noname';
             $result['text'] = wfMsg('noname');
         } else {
             $u = User::newFromName($loginForm->mName);
             if (is_null($u)) {
                 $result['result'] = 'noname';
                 $result['text'] = wfMsg('noname');
             } elseif (0 == $u->getID()) {
                 $result['result'] = 'nosuchuser';
                 $result['text'] = wfMsg('al-nosuchuser', $u->getName());
             } elseif ($u->isPasswordReminderThrottled()) {
                 global $wgPasswordReminderResendTime;
                 $result['result'] = 'throttled-mailpassword';
                 $result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3));
             } else {
                 $res = $loginForm->mailPasswordInternal($u, true);
                 if (WikiError::isError($res)) {
                     $result['result'] = 'mailerror';
                     $result['text'] = wfMsg('mailerror', $res->getMessage());
                 } else {
                     $result['result'] = 'OK';
                     $result['text'] = wfMsg('passwordsent', $u->getName());
                 }
             }
         }
         $dbw = wfGetDB(DB_MASTER);
         $dbw->commit();
         $this->getResult()->addValue(null, 'ajaxlogin', $result);
     }
 }