if ( !class_exists( 'SecurePoll_RemoteMWAuth' ) ) {
header( 'HTTP/1.1 500 Internal Server Error' );
echo "SecurePoll is disabled.\n";
exit( 1 );
}
header( 'Content-Type: application/vnd.php.serialized; charset=utf-8' );
$token = $wgRequest->getVal( 'token' );
$id = $wgRequest->getInt( 'id' );
if ( is_null( $token ) || !$id ) {
echo serialize( Status::newFatal( 'securepoll-api-invalid-params' ) );
exit;
}
$user = User::newFromId( $id );
if ( !$user ) {
echo serialize( Status::newFatal( 'securepoll-api-no-user' ) );
exit;
}
$token2 = SecurePoll_RemoteMWAuth::encodeToken( $user->getToken() );
if ( $token2 !== $token ) {
echo serialize( Status::newFatal( 'securepoll-api-token-mismatch' ) );
exit;
}
$context = new SecurePoll_Context;
$auth = $context->newAuth( 'local' );
$status = Status::newGood( $auth->getUserParams( $user ) );
echo serialize( $status );
/**
* Show a page informing the user that they must go to another wiki to
* cast their vote, and a button which takes them there.
*
* Clicking the button transmits a hash of their auth token, so that the
* remote server can authenticate them.
*/
function showJumpForm() {
global $wgOut, $wgUser;
$url = $this->election->getProperty( 'jump-url' );
if ( !$url ) {
throw new MWException( 'Configuration error: no jump-url' );
}
$id = $this->election->getProperty( 'jump-id' );
if ( !$id ) {
throw new MWException( 'Configuration error: no jump-id' );
}
$url .= "/login/$id";
wfRunHooks( 'SecurePoll_JumpUrl', array( $this, &$url ) );
$wgOut->addWikiText( $this->election->getMessage( 'jump-text' ) );
$wgOut->addHTML(
Xml::openElement( 'form', array( 'action' => $url, 'method' => 'post' ) ) .
Html::hidden( 'token', SecurePoll_RemoteMWAuth::encodeToken( $wgUser->getToken() ) ) .
Html::hidden( 'id', $wgUser->getId() ) .
Xml::submitButton( wfMsg( 'securepoll-jump' ) ) .
'</form>'
);
}
