/** * This method is called when user successfully logs in using FB credentials * * Facebook user ID is passed to our backend: * - if there's Wikia account connected, log the user in, * - if not, render sign up modal */ public function index() { $fbUserId = $this->getFacebookUserId(); // try to get connected Wikia account $user = FacebookClient::getInstance()->getWikiaUser($fbUserId); if ($user instanceof User && $fbUserId !== 0) { $errorMsg = ''; if ($this->isAccountDisabled($user)) { // User account was disabled, abort the login $errorMsg = wfMessage('userlogin-error-edit-account-closed-flag')->escaped(); $this->response->setData(['loginAborted' => true, 'errorMsg' => $errorMsg]); } elseif ($this->isAccountUnconfirmed($user)) { LoginForm::clearLoginToken(); $name = $user->getName(); $this->userLoginHelper->setNotConfirmedUserSession($user->getId()); $this->userLoginHelper->clearPasswordThrottle($name); $this->response->setData(['unconfirmed' => true, 'userName' => $name, 'errorMsg' => $errorMsg]); } elseif (!wfRunHooks('FacebookUserLoginSuccess', [$user, &$errorMsg])) { $this->response->setData(['loginAborted' => true, 'errorMsg' => $errorMsg]); } else { // account is connected - log the user in $user->setCookies(); $this->response->setData(['loggedIn' => true, 'userName' => $user->getName(), 'returnUrl' => $this->userLoginHelper->getRedirectUrl(), 'errorMsg' => '']); // Retrieve user email from Facebook if missing $email = $user->getEmail(); if (empty($email)) { $this->saveEmailAsynchronously($user->getId()); } } } else { $modal = $this->sendRequest('FacebookSignup', 'modal')->__toString(); $title = $this->sendRequest('FacebookSignup', 'modalHeader')->__toString(); if (empty($modal)) { $modal = wfMessage('usersignup-facebook-problem')->escaped(); } // no account connected - show FB sign up modal $this->response->setData(['htmlTitle' => $title, 'modal' => $modal, 'cancelMsg' => wfMessage('cancel')->escaped()]); } }
/** * Confirm email page. * @requestParam string code - on GET, POST * @requestParam string username - on POST * @requestParam string password - on POST * @responseParam string result [ok/error] * @responseParam string msg - result messages * @responseParam string errParam - error param */ public function index() { $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); // hide things in the skin $this->wg->SuppressWikiHeader = false; $this->wg->SuppressPageHeader = false; $this->wg->SuppressFooter = true; $this->wg->SuppressAds = true; $this->wg->SuppressToolbar = true; $this->getOutput()->disallowUserJs(); // just in case... $this->wg->Out->setPageTitle(wfMessage('wikiaconfirmemail-heading')->plain()); $par = $this->request->getVal('par', ''); $this->code = $this->request->getVal('code', $par); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); $this->editToken = $this->wg->User->getEditToken(); $this->loginToken = UserLoginHelper::getLoginToken(); $editTokenReq = $this->request->getVal('editToken', ''); $loginTokenReq = $this->request->getVal('loginToken', ''); if ($this->code == '') { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-empty-code')->escaped(); return; } if ($this->wg->request->wasPosted() && $this->wg->User->matchEditToken($editTokenReq)) { if ($this->wg->User->isAnon() && $loginTokenReq !== UserLoginHelper::getLoginToken()) { $this->result = 'error'; $this->msg = wfMessage('sessionfailure')->escaped(); return; } if ($this->username == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); $this->errParam = 'username'; return; } if ($this->password == '') { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpasswordempty')->escaped(); $this->errParam = 'password'; return; } $expUser = User::newFromConfirmationCode($this->code); if (!$expUser instanceof User) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-invalid-code')->escaped(); return; } // User - activate user, confirm email and redirect to user page or create new wiki $user = User::newFromName($this->username); if (!$user instanceof User) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-noname')->escaped(); return; } if ($user->getId() != $expUser->getId()) { $this->result = 'error'; $this->msg = wfMessage('wikiaconfirmemail-error-user-not-match')->parse(); $this->errParam = 'username'; return; } $userLoginHelper = new UserLoginHelper(); /* @var UserLoginHelper $userLoginHelper */ if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-login-throttled')->escaped(); $this->errParam = 'password'; return; } if ($user->checkPassword($this->password)) { $this->wg->User = $user; if ($user->getGlobalFlag(UserLoginSpecialController::NOT_CONFIRMED_SIGNUP_OPTION_NAME) != null) { // Signup confirm // Log user in manually $this->wg->User->setCookies(); LoginForm::clearLoginToken(); UserLoginHelper::clearNotConfirmedUserSession(); $userLoginHelper->clearPasswordThrottle($this->username); // Confirm UserLoginHelper::removeNotConfirmedFlag($user); $user->confirmEmail(); // Get and clear redirect page $userSignupRedirect = $user->getGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME); $user->setGlobalAttribute(UserLoginSpecialController::SIGNUP_REDIRECT_OPTION_NAME, null); $user->saveSettings(); $userLoginHelper->addNewUserLogEntry($user); // send welcome email $emailParams = array('$USERNAME' => $user->getName(), '$EDITPROFILEURL' => $user->getUserPage()->getFullURL(), '$LEARNBASICURL' => 'http://community.wikia.com/wiki/Help:Wikia_Basics', '$EXPLOREWIKISURL' => 'http://www.wikia.com'); $userLoginHelper->sendEmail($user, 'WelcomeMail', 'usersignup-welcome-email-subject', 'usersignup-welcome-email-body', $emailParams, 'welcome-email', 'WelcomeMail'); // redirect user if (!empty($userSignupRedirect)) { // Redirect user to the point where he finished (when signup on create wiki) $titleObj = SpecialPage::getTitleFor('CreateNewWiki'); $query = $userSignupRedirect; } else { $titleObj = $this->wg->User->getUserPage(); $query = ''; } $this->wg->out->redirect($titleObj->getFullURL($query)); return; } else { // Email change // Log user in through standard method $response = $this->app->sendRequest('UserLoginSpecial', 'login'); $result = $response->getVal('result', ''); $optionNewEmail = $this->wg->User->getGlobalAttribute('new_email'); if (!empty($optionNewEmail)) { $user->setEmail($optionNewEmail); } $user->confirmEmail(); $user->setGlobalAttribute('new_email', null); $user->saveSettings(); // redirect user if ($result === 'closurerequested') { $response = $this->app->sendRequest('UserLoginSpecial', 'getCloseAccountRedirectUrl'); $redirectUrl = $response->getVal('redirectUrl'); $this->wg->Out->redirect($redirectUrl); } else { $userPage = $user->getUserPage(); $this->wg->out->redirect($userPage->getFullURL()); } wfRunHooks('EmailChangeConfirmed', array($user)); return; } } else { $this->result = 'error'; $this->msg = wfMessage('userlogin-error-wrongpassword')->escaped(); $this->errParam = 'password'; return; } } }
/** * Entry point for reactivating an account * * Handles confirming the user's reactivation request when they have * given a valid confirmation code. If no code is given, but they have * a session ID from having successfully attempted to login to an account * that has requested closure, this forwards to the reactivateRequest * method. * * @requestParam string code - The confirmation code for reactivating an account * @requestParam string username - The user name of the account to reactivate * @requestParam string password - The password for the account to reactivate * @requestParam string editToken - The edit token for the current user * @requestParam string loginToken - The login token for the current user * @responseParam boolean success - Whether or not reactivation was successful * @responseParam string resultMessage - The result of the form submission * @responseParam string errParam - The form item an error is related to * @return void */ public function reactivate() { wfProfileIn(__METHOD__); $this->code = $this->getVal('code', false); if (empty($this->code)) { if ($this->request->getSessionData('closeAccountSessionId') !== null) { $this->forward(__CLASS__, 'reactivateRequest'); } else { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-empty-code')->parse(); } wfProfileOut(__METHOD__); return; } $this->getOutput()->setPageTitle($this->msg('closemyaccount-reactivate-page-title')->plain()); $this->response->addAsset('extensions/wikia/UserLogin/css/UserLogin.scss'); $user = $this->getUser(); $this->username = $this->request->getVal('username', ''); $this->password = $this->request->getVal('password', ''); $this->loginToken = UserLoginHelper::getLoginToken(); $this->editToken = $user->getEditToken(); $helper = new CloseMyAccountHelper(); if ($this->request->wasPosted() && $user->matchEditToken($this->request->getVal('editToken'))) { if ($user->isAnon() && $this->request->getVal('loginToken') !== UserLoginHelper::getLoginToken()) { $this->success = false; $this->resultMessage = $this->msg('sessionfailure')->escaped(); wfProfileOut(__METHOD__); return; } if ($this->username === '') { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-noname')->escaped(); $this->errParam = 'username'; wfProfileOut(__METHOD__); return; } if ($this->password === '') { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-wrongpasswordempty')->escaped(); $this->errParam = 'password'; wfProfileOut(__METHOD__); return; } $expUser = User::newFromConfirmationCode($this->code); if (!$expUser instanceof User) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-invalid-code', $this->username)->parse(); wfProfileOut(__METHOD__); return; } $user = User::newFromName($this->username); if ($user->getId() != $expUser->getId()) { $this->success = false; $this->resultMessage = $this->msg('wikiaconfirmemail-error-user-not-match')->parse(); $this->errParam = 'username'; wfProfileOut(__METHOD__); return; } $userLoginHelper = new UserLoginHelper(); /* @var UserLoginHelper $userLoginHelper */ if ($userLoginHelper->isPasswordThrottled($this->username)) { $this->success = false; $this->resultMessage = $this - msg('userlogin-error-login-throttled')->escaped(); $this->errParam = 'password'; wfProfileOut(__METHOD__); return; } if ($helper->isClosed($user)) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-disabled')->parse(); wfProfileOut(__METHOD__); return; } if (!$helper->isScheduledForClosure($user)) { $this->success = false; $this->resultMessage = $this->msg('closemyaccount-reactivate-error-not-scheduled')->escaped(); wfProfileOut(__METHOD__); return; } if ($user->checkPassword($this->password)) { $this->wg->User = $user; $this->wg->User->setCookies(); LoginForm::clearLoginToken(); $userLoginHelper->clearPasswordThrottle($this->username); $helper->reactivateAccount($user); unset($_SESSION['closeAccountSessionId']); $userPageTitle = $user->getUserPage(); $this->getOutput()->redirect($userPageTitle->getFullURL()); } else { $this->success = false; $this->resultMessage = $this->msg('userlogin-error-wrongpassword')->escaped(); $this->errParam = 'password'; } } wfProfileOut(__METHOD__); }