/** * Main execution point */ function execute($par) { global $wgAuth; $this->checkReadOnly(); $request = $this->getRequest(); $this->mUserName = trim($request->getVal('wpName')); $this->mOldpass = $request->getVal('wpPassword'); $this->mNewpass = $request->getVal('wpNewPassword'); $this->mRetype = $request->getVal('wpRetype'); $this->mDomain = $request->getVal('wpDomain'); $this->setHeaders(); $this->outputHeader(); $this->getOutput()->disallowUserJs(); $user = $this->getUser(); if (!$user->isLoggedIn() && !LoginForm::getLoginToken()) { LoginForm::setLoginToken(); } if (!$request->wasPosted() && !$user->isLoggedIn()) { $this->error($this->msg('resetpass-no-info')->text()); return; } if ($request->wasPosted() && $request->getBool('wpCancel')) { $this->doReturnTo(); return; } if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) { try { if (isset($_SESSION['wsDomain'])) { $this->mDomain = $_SESSION['wsDomain']; } $wgAuth->setDomain($this->mDomain); if (!$wgAuth->allowPasswordChange()) { $this->error($this->msg('resetpass_forbidden')->text()); return; } if (!$user->isLoggedIn() && $request->getVal('wpLoginOnChangeToken') !== LoginForm::getLoginToken()) { // Potential CSRF (bug 62497) $this->error($this->msg('sessionfailure')->text()); return false; } $this->attemptReset($this->mNewpass, $this->mRetype); $this->getOutput()->addWikiMsg('resetpass_success'); if (!$user->isLoggedIn()) { LoginForm::setLoginToken(); $token = LoginForm::getLoginToken(); $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $request->getVal('returnto')); if ($request->getCheck('wpRemember')) { $data['wpRemember'] = 1; } $login = new LoginForm(new FauxRequest($data, true)); $login->setContext($this->getContext()); $login->execute(null); } $this->doReturnTo(); } catch (PasswordError $e) { $this->error($e->getMessage()); } } $this->showForm(); }
/** * Main execution point */ function execute($par) { global $wgUser, $wgAuth, $wgOut, $wgRequest; if (wfReadOnly()) { $wgOut->readOnlyPage(); return; } $this->mUserName = $wgRequest->getVal('wpName'); $this->mOldpass = $wgRequest->getVal('wpPassword'); $this->mNewpass = $wgRequest->getVal('wpNewPassword'); $this->mRetype = $wgRequest->getVal('wpRetype'); $this->mDomain = $wgRequest->getVal('wpDomain'); $this->setHeaders(); $this->outputHeader(); $wgOut->disallowUserJs(); if (!$wgRequest->wasPosted() && !$wgUser->isLoggedIn()) { $this->error(wfMsg('resetpass-no-info')); return; } if ($wgRequest->wasPosted() && $wgRequest->getBool('wpCancel')) { $this->doReturnTo(); return; } if ($wgRequest->wasPosted() && $wgUser->matchEditToken($wgRequest->getVal('token'))) { try { if (isset($_SESSION['wsDomain'])) { $this->mDomain = $_SESSION['wsDomain']; } $wgAuth->setDomain($this->mDomain); if (!$wgAuth->allowPasswordChange()) { $this->error(wfMsg('resetpass_forbidden')); return; } $this->attemptReset($this->mNewpass, $this->mRetype); $wgOut->addWikiMsg('resetpass_success'); if (!$wgUser->isLoggedIn()) { LoginForm::setLoginToken(); $token = LoginForm::getLoginToken(); $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $wgRequest->getVal('returnto')); if ($wgRequest->getCheck('wpRemember')) { $data['wpRemember'] = 1; } $login = new LoginForm(new FauxRequest($data, true)); $login->execute(null); } $this->doReturnTo(); } catch (PasswordError $e) { $this->error($e->getMessage()); } } $this->showForm(); }
/** * Main execution point */ function execute($par) { global $wgAuth; $this->setHeaders(); $this->outputHeader(); $this->getOutput()->disallowUserJs(); $request = $this->getRequest(); $this->mUserName = trim($request->getVal('wpName')); $this->mOldpass = $request->getVal('wpPassword'); $this->mNewpass = $request->getVal('wpNewPassword'); $this->mRetype = $request->getVal('wpRetype'); $this->mDomain = $request->getVal('wpDomain'); $user = $this->getUser(); if (!$request->wasPosted() && !$user->isLoggedIn()) { $this->error($this->msg('resetpass-no-info')->text()); return; } if ($request->wasPosted() && $request->getBool('wpCancel')) { $this->doReturnTo(); return; } $this->checkReadOnly(); if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) { try { $this->mDomain = $wgAuth->getDomain(); if (!$wgAuth->allowPasswordChange()) { $this->error($this->msg('resetpass_forbidden')->text()); return; } $this->attemptReset($this->mNewpass, $this->mRetype); if ($user->isLoggedIn()) { $this->doReturnTo(); } else { LoginForm::setLoginToken(); $token = LoginForm::getLoginToken(); $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery'); $login = new LoginForm(new FauxRequest($data, true)); $login->setContext($this->getContext()); $login->execute(null); } return; } catch (PasswordError $e) { $this->error($e->getMessage()); } } $this->showForm(); }
/** * Get a login token * * @return string loginToken */ public static function getLoginToken() { if (!LoginForm::getLoginToken()) { // Init session if necessary if (session_id() == '') { wfSetupSession(); } LoginForm::setLoginToken(); } return LoginForm::getLoginToken(); }
public function onSuccess() { if ($this->getUser()->isLoggedIn()) { $this->getOutput()->wrapWikiMsg("<div class=\"successbox\">\n\$1\n</div>", 'changepassword-success'); $this->getOutput()->returnToMain(); } else { $request = $this->getRequest(); LoginForm::setLoginToken(); $token = LoginForm::getLoginToken(); $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery'); $login = new LoginForm(new DerivativeRequest($request, $data, true)); $login->setContext($this->getContext()); $login->execute(null); } }
/** * Generates a template with the login form and registration form already filled into * it and other settings populated as well. This template can then be executed with * different EasyTemplates to give different results such as one view for ajax dialogs * and one view for standalone pages (such as Special:Signup). */ public static function getTemplateForCombinedForms($static = false, $lastmsg = "", &$ajaxLoginForm = "") { global $wgRequest; // Setup the data for the templates, similar to GetComboAjaxLogin. if (session_id() == '') { wfSetupSession(); } // TODO: Invstigate why this was here. //if ($wgRequest->getCheck( 'wpCreateaccount' )) { // return "error"; //} $tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/'); $response = new AjaxResponse(); $type = $wgRequest->getVal('type', ''); if (!wfReadOnly()) { if (empty($ajaxLoginForm)) { $ajaxLoginForm = new AjaxLoginForm($wgRequest); } $ajaxLoginForm->execute($type); if (!empty($ajaxLoginForm->ajaxTemplate)) { $lastmsg = $ajaxLoginForm->ajaxTemplate->data['message']; $tmpl->set('message', $ajaxLoginForm->ajaxTemplate->data['message']); $tmpl->set('messagetype', $ajaxLoginForm->ajaxTemplate->data['messagetype']); } $tmpl->set("registerAjax", $ajaxLoginForm->ajaxRender()); } $isReadOnly = wfReadOnly() ? 1 : 0; $tmpl->set("isReadOnly", $isReadOnly); if (!LoginForm::getLoginToken()) { LoginForm::setLoginToken(); } $tmpl->set("loginToken", LoginForm::getLoginToken()); if (!LoginForm::getCreateaccountToken()) { LoginForm::setCreateaccountToken(); } $tmpl->set("createToken", LoginForm::getCreateaccountToken()); // Use the existing settings to generate the login portion of the form, which will then // be fed back into the bigger template in this case (it is not always fed into ComboAjaxLogin template). $returnto = $wgRequest->getVal('returnto', ''); if (!($returnto == '')) { $returnto = "&returnto=" . wfUrlencode($returnto); } $returntoquery = $wgRequest->getVal('returntoquery', ''); if (!($returntoquery == '')) { $returntoquery = "&returntoquery=" . wfUrlencode($returntoquery); } $loginaction = Skin::makeSpecialUrl('Signup', "type=login&action=submitlogin" . $returnto . $returntoquery); $signupaction = Skin::makeSpecialUrl('Signup', "type=signup" . $returnto . $returntoquery); $tmpl->set("loginaction", $loginaction); $tmpl->set("signupaction", $signupaction); $tmpl->set("loginerror", $lastmsg); $tmpl->set("actiontype", $type); $tmpl->set("showRegister", false); $tmpl->set("showLogin", false); if ($static) { if (strtolower($type) == "login") { $tmpl->set("showLogin", true); } else { if (!$isReadOnly) { $tmpl->set("showRegister", true); } } } $tmpl->set("ajaxLoginComponent", $tmpl->render('AjaxLoginComponent')); return $tmpl; }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { // If we're in a mode that breaks the same-origin policy, no tokens can // be obtained if ($this->lacksSameOriginSecurity()) { $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied')); return; } $params = $this->extractRequestParams(); $result = array(); // Make sure session is persisted $session = MediaWiki\Session\SessionManager::getGlobalSession(); $session->persist(); // Make sure it's possible to log in if (!$session->canSetUser()) { $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en')))); return; } $authRes = false; $context = new DerivativeContext($this->getContext()); $loginType = 'N/A'; // Check login token $token = LoginForm::getLoginToken(); if (!$token) { LoginForm::setLoginToken(); $authRes = LoginForm::NEED_TOKEN; } elseif (!$params['token']) { $authRes = LoginForm::NEED_TOKEN; } elseif ($token !== $params['token']) { $authRes = LoginForm::WRONG_TOKEN; } // Try bot passwords if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) { $status = BotPassword::login($params['name'], $params['password'], $this->getRequest()); if ($status->isOk()) { $session = $status->getValue(); $authRes = LoginForm::SUCCESS; $loginType = 'BotPassword'; } else { LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText()); } } // Normal login if ($authRes === false) { $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''))); $loginForm = new LoginForm(); $loginForm->setContext($context); $authRes = $loginForm->authenticateUserData(); $loginType = 'LoginForm'; } switch ($authRes) { case LoginForm::SUCCESS: $user = $context->getUser(); $this->getContext()->setUser($user); $user->setCookies($this->getRequest(), null, true); ApiQueryInfo::resetTokenCache(); // Run hooks. // @todo FIXME: Split back and frontend from this hook. // @todo FIXME: This hook should be placed in the backend $injected_html = ''; Hooks::run('UserLoginComplete', array(&$user, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); // @todo: These are deprecated, and should be removed at some // point (1.28 at the earliest, and see T121527). They were ok // when the core cookie-based login was the only thing, but // CentralAuth broke that a while back and // SessionManager/AuthManager are *really* going to break it. $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = LoginForm::getLoginToken(); // @todo: See above about deprecation $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. case LoginForm::RESET_PASS: case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; $block = $context->getUser()->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $throttle = $this->getConfig()->get('PasswordAttemptThrottle'); $result['wait'] = intval($throttle['seconds']); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; $block = User::newFromName($params['name'])->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes])); }
/** * Main execution point */ function execute( $par ) { global $wgAuth; $this->setHeaders(); $this->outputHeader(); $this->getOutput()->disallowUserJs(); $request = $this->getRequest(); $this->mUserName = trim( $request->getVal( 'wpName' ) ); $this->mOldpass = $request->getVal( 'wpPassword' ); $this->mNewpass = $request->getVal( 'wpNewPassword' ); $this->mRetype = $request->getVal( 'wpRetype' ); $this->mDomain = $request->getVal( 'wpDomain' ); $user = $this->getUser(); if ( !$user->isLoggedIn() && !LoginForm::getLoginToken() ) { LoginForm::setLoginToken(); } if ( !$request->wasPosted() && !$user->isLoggedIn() ) { $this->error( $this->msg( 'resetpass-no-info' )->text() ); return; } if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) { $titleObj = Title::newFromText( $request->getVal( 'returnto' ) ); if ( !$titleObj instanceof Title ) { $titleObj = Title::newMainPage(); } $query = $request->getVal( 'returntoquery' ); $this->getOutput()->redirect( $titleObj->getFullURL( $query ) ); return; } $this->checkReadOnly(); $this->checkPermissions(); if ( $request->wasPosted() && $user->matchEditToken( $request->getVal( 'token' ) ) ) { try { $this->mDomain = $wgAuth->getDomain(); if ( !$wgAuth->allowPasswordChange() ) { $this->error( $this->msg( 'resetpass_forbidden' )->text() ); return; } if ( !$user->isLoggedIn() && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken() ) { // Potential CSRF (bug 62497) $this->error( $this->msg( 'sessionfailure' )->text() ); return false; } $this->attemptReset( $this->mNewpass, $this->mRetype ); if ( $user->isLoggedIn() ) { $this->getOutput()->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", 'changepassword-success' ); $this->getOutput()->returnToMain(); } else { LoginForm::setLoginToken(); $token = LoginForm::getLoginToken(); $data = array( 'action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal( 'wpNewPassword' ), ) + $request->getValues( 'wpRemember', 'returnto', 'returntoquery' ); $login = new LoginForm( new DerivativeRequest( $request, $data, true ) ); $login->setContext( $this->getContext() ); $login->execute( null ); } return; } catch ( PasswordError $e ) { $this->error( $e->getMessage() ); } } $this->showForm(); }
function render() { global $wgOut, $wgExtensionsPath; if (!LoginForm::getLoginToken()) { LoginForm::setLoginToken(); } $this->templateData['loginToken'] = LoginForm::getLoginToken(); $wgOut->addStyle("{$wgExtensionsPath}/wikia/Piggyback/Piggyback.css"); $html = (new Wikia\Template\PHPEngine())->setData($this->templateData)->render(dirname(__FILE__) . '/templates/Piggyback_form.php'); $wgOut->addHtml($html); }
public static function afterAjaxLoginHTML(&$html) { $tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/'); if (!LoginForm::getLoginToken()) { LoginForm::setLoginToken(); } $tmpl->set("loginToken", LoginForm::getLoginToken()); $tmpl->set("fbButtton", FBConnect::getFBButton("sendToConnectOnLoginForSpecificForm();", "fbPrefsConnect")); $html = $tmpl->execute('ajaxLoginMerge'); return true; }