/**
* Logs in a user with given login name and password. If keeploggedin, sets a cookie.
*
* @requestParam string username
* @requestParam string password
* @requestParam string keeploggedin [true/false]
* @responseParam string result [ok/error/unconfirm/resetpass]
* @responseParam string msg - result message
* @responseParam string errParam - error param
*/
public function login()
{
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$loginForm = new LoginForm($this->wg->request);
$loginForm->load();
// MW1.19 uses different form fields names
// set variables
if ($this->wg->request->getText('username', '') != '') {
$loginForm->mUsername = $this->wg->request->getText('username');
}
if ($this->wg->request->getText('password', '') != '') {
$loginForm->mPassword = $this->wg->request->getText('password');
}
if ($this->wg->request->getText('keeploggedin', '') != '') {
$loginForm->mRemember = $this->wg->request->getCheck('keeploggedin');
}
if ($this->wg->request->getVal('loginToken', '') != '') {
$loginForm->mToken = $this->wg->request->getVal('loginToken');
}
if ($this->wg->request->getVal('returnto', '') != '') {
$loginForm->mReturnTo = $this->wg->request->getVal('returnto');
}
$loginCase = $loginForm->authenticateUserData();
switch ($loginCase) {
case LoginForm::SUCCESS:
// first check if user has confirmed email after sign up
if ($this->wg->User->getGlobalFlag(self::NOT_CONFIRMED_SIGNUP_OPTION_NAME) && $this->wg->User->getGlobalAttribute(self::NOT_CONFIRMED_LOGIN_OPTION_NAME) !== self::NOT_CONFIRMED_LOGIN_ALLOWED) {
// User not confirmed on signup
LoginForm::clearLoginToken();
$this->userLoginHelper->setNotConfirmedUserSession($this->wg->User->getId());
$this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername);
$this->response->setValues(['result' => 'unconfirm', 'msg' => wfMessage('usersignup-confirmation-email-sent', $this->wg->User->getEmail())->parse()]);
} else {
$result = '';
$resultMsg = '';
if (!wfRunHooks('WikiaUserLoginSuccess', array($this->wg->User, &$result, &$resultMsg))) {
$this->response->setValues(['result' => $result, 'msg' => $resultMsg]);
break;
}
// Login succesful
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$this->wg->User, &$injected_html));
// set rememberpassword option
if ((bool) $loginForm->mRemember != (bool) $this->wg->User->getGlobalPreference('rememberpassword')) {
$this->wg->User->setGlobalPreference('rememberpassword', $loginForm->mRemember ? 1 : 0);
$this->wg->User->saveSettings();
} else {
$this->wg->User->invalidateCache();
}
$this->wg->User->setCookies();
LoginForm::clearLoginToken();
UserLoginHelper::clearNotConfirmedUserSession();
$this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername);
// we're sure at this point we'll need the private field'
// value in the template let's pass them then
$this->response->setValues(['username' => $loginForm->mUsername, 'result' => 'ok']);
// regenerate session ID on user login (the approach MW's core SpecialUserLogin uses)
// to avoid race conditions with long running requests logging the user back in & out
// @see PLATFORM-1028
wfResetSessionID();
}
break;
case LoginForm::NEED_TOKEN:
case LoginForm::WRONG_TOKEN:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-sessionfailure')->escaped()]);
break;
case LoginForm::NO_NAME:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-noname')->escaped(), 'errParam' => 'username']);
break;
case LoginForm::NOT_EXISTS:
case LoginForm::ILLEGAL:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-nosuchuser')->escaped(), 'errParam' => 'username']);
break;
case LoginForm::WRONG_PLUGIN_PASS:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']);
break;
case LoginForm::WRONG_PASS:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']);
$attemptedUser = User::newFromName($loginForm->mUsername);
if (!is_null($attemptedUser)) {
$disOpt = $attemptedUser->getGlobalFlag('disabled');
if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) {
# either closed account flag was present, override fail message
$this->response->setValues(['msg' => wfMessage('userlogin-error-edit-account-closed-flag')->escaped(), 'errParam' => '']);
}
}
break;
case LoginForm::EMPTY_PASS:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpasswordempty')->escaped(), 'errParam' => 'password']);
break;
case LoginForm::RESET_PASS:
$this->response->setVal('result', 'resetpass');
break;
case LoginForm::THROTTLED:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-throttled')->escaped()]);
break;
case LoginForm::CREATE_BLOCKED:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-cantcreateaccount-text')->escaped()]);
break;
case LoginForm::USER_BLOCKED:
$this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-userblocked')->escaped()]);
break;
case LoginForm::ABORTED:
$this->result = 'error';
$this->msg = wfMessage($loginForm->mAbortLoginErrorMsg)->escaped();
break;
default:
throw new MWException("Unhandled case value");
}
}
/**
* Confirm email page.
* @requestParam string code - on GET, POST
* @requestParam string username - on POST
* @requestParam string password - on POST
* @responseParam string result [ok/error]
* @responseParam string msg - result messages
* @responseParam string errParam - error param
*/
public function index()
{
$this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss');
// hide things in the skin
$this->wg->SuppressWikiHeader = false;
$this->wg->SuppressPageHeader = false;
$this->wg->SuppressFooter = true;
$this->wg->SuppressAds = true;
$this->wg->SuppressToolbar = true;
$this->getOutput()->disallowUserJs();
// just in case...
$this->wg->Out->setPageTitle(wfMessage('wikiaconfirmemail-heading')->plain());
$par = $this->request->getVal('par', '');
$this->code = $this->request->getVal('code', $par);
$this->username = $this->request->getVal('username', '');
$this->password = $this->request->getVal('password', '');
$this->editToken = $this->wg->User->getEditToken();
$this->loginToken = UserLoginHelper::getLoginToken();
$editTokenReq = $this->request->getVal('editToken', '');
$loginTokenReq = $this->request->getVal('loginToken', '');
if ($this->code == '') {
$this->result = 'error';
$this->msg = wfMessage('wikiaconfirmemail-error-empty-code')->escaped();
return;
}
if ($this->wg->request->wasPosted() && $this->wg->User->matchEditToken($editTokenReq)) {
if ($this->wg->User->isAnon() && $loginTokenReq !== UserLoginHelper::getLoginToken()) {
$this->result = 'error';
$this->msg = wfMessage('sessionfailure')->escaped();
return;
}
if ($this->username == '') {
$this->result = 'error';
$this->msg = wfMessage('userlogin-error-noname')->escaped();
$this->errParam = 'username';
return;
}
if ($this->password == '') {
$this->result = 'error';
$this->msg = wfMessage('userlogin-error-wrongpasswordempty')->escaped();
$this->errParam = 'password';
return;
}
$expUser = User::newFromConfirmationCode($this->code);
if (!$expUser instanceof User) {
$this->result = 'error';
$this->msg = wfMessage('wikiaconfirmemail-error-invalid-code')->escaped();
return;
}
// User - activate user, confirm email and redirect to user page or create new wiki
$user = User::newFromName($this->username);
if (!$user instanceof User) {
$this->result = 'error';
$this->msg = wfMessage('userlogin-error-noname')->escaped();
return;
}
if ($user->getId() != $expUser->getId()) {
$this->result = 'error';
$this->msg = wfMessage('wikiaconfirmemail-error-user-not-match')->parse();
$this->errParam = 'username';
return;
}
$userLoginHelper = new UserLoginHelper();
/* @var UserLoginHelper $userLoginHelper */
if ($userLoginHelper->isPasswordThrottled($this->username)) {
$this->result = 'error';
$this->msg = wfMessage('userlogin-error-login-throttled')->escaped();
$this->errParam = 'password';
return;
}
if ($user->checkPassword($this->password)) {
$this->wg->User = $user;
if ($user->getGlobalFlag(UserLoginSpecialController::NOT_CONFIRMED_SIGNUP_OPTION_NAME) != null) {
// Signup confirm
// Log user in manually
$this->wg->User->setCookies();
LoginForm::clearLoginToken();
UserLoginHelper::clearNotConfirmedUserSession();
$userLoginHelper->clearPasswordThrottle($this->username);
// Confirm
UserLoginHelper::removeNotConfirmedFlag($user);
$user->confirmEmail();
// Get and clear redirect page
$userSignupRedirect = $user->getGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME);
$user->setGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME, null);
$user->saveSettings();
$userLoginHelper->addNewUserLogEntry($user);
// send welcome email
$emailParams = array('$USERNAME' => $user->getName(), '$EDITPROFILEURL' => $user->getUserPage()->getFullURL(), '$LEARNBASICURL' => 'http://community.wikia.com/wiki/Help:Wikia_Basics', '$EXPLOREWIKISURL' => 'http://www.wikia.com');
$userLoginHelper->sendEmail($user, 'WelcomeMail', 'usersignup-welcome-email-subject', 'usersignup-welcome-email-body', $emailParams, 'welcome-email', 'WelcomeMail');
// redirect user
if (!empty($userSignupRedirect)) {
// Redirect user to the point where he finished (when signup on create wiki)
$titleObj = SpecialPage::getTitleFor('CreateNewWiki');
$query = $userSignupRedirect;
} else {
$titleObj = $this->wg->User->getUserPage();
$query = '';
}
$this->wg->out->redirect($titleObj->getFullURL($query));
return;
} else {
// Email change
// Log user in through standard method
$response = $this->app->sendRequest('UserLoginSpecial', 'login');
$result = $response->getVal('result', '');
$optionNewEmail = $this->wg->User->getGlobalAttribute('new_email');
if (!empty($optionNewEmail)) {
$user->setEmail($optionNewEmail);
}
$user->confirmEmail();
$user->setGlobalAttribute('new_email', null);
$user->saveSettings();
// redirect user
if ($result === 'closurerequested') {
$response = $this->app->sendRequest('UserLoginSpecial', 'getCloseAccountRedirectUrl');
$redirectUrl = $response->getVal('redirectUrl');
$this->wg->Out->redirect($redirectUrl);
} else {
$userPage = $user->getUserPage();
$this->wg->out->redirect($userPage->getFullURL());
}
wfRunHooks('EmailChangeConfirmed', array($user));
return;
}
} else {
$this->result = 'error';
$this->msg = wfMessage('userlogin-error-wrongpassword')->escaped();
$this->errParam = 'password';
return;
}
}
}
