dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More globals and uninitialized variables fixes. Added WebRequest ($wgRequest)
[lhc/web/wiklou.git] / includes / SpecialUserlogin.php
1 <?php
2
3 require_once('UserMailer.php');
4
5 function wfSpecialUserlogin()
6 {
7 global $wgCommandLineMode;
8 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
9 User::SetupSession();
10 }
11
12 $fields = array( "wpName", "wpPassword", "wpName",
13 "wpPassword", "wpRetype" );
14 # FIXME: UGLY HACK
15 foreach( $fields as $x ) {
16 $_REQUEST[$x] = $wgRequest->getText( $x );
17 }
18
19 # When switching accounts, it sucks to get automatically logged out
20 global $wgLang;
21 if( $_REQUEST['returnto'] == $wgLang->specialPage( "Userlogout" ) ) $_REQUEST['returnto'] = "";
22
23 $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
24
25 if ( isset( $wpCookieCheck ) ) {
26 onCookieRedirectCheck( $wpCookieCheck );
27 } else if ( isset( $_REQUEST['wpCreateaccount'] ) ) {
28 addNewAccount();
29 } else if ( isset( $_REQUEST['wpCreateaccountMail'] ) ) {
30 addNewAccountMailPassword();
31 } else if ( isset( $_REQUEST['wpMailmypassword'] ) ) {
32 mailPassword();
33 } else if ( "submit" == $_REQUEST['action'] || array_key_exists('wpLoginattempt', $_REQUEST) ) {
34 processLogin();
35 } else {
36 mainLoginForm( "" );
37 }
38 }
39
40
41 /* private */ function addNewAccountMailPassword()
42 {
43 global $wgOut;
44
45 if ("" == $_REQUEST['wpEmail']) {
46 mainLoginForm( wfMsg( "noemail", $_REQUEST['wpName'] ) );
47 return;
48 }
49
50 $u = addNewaccountInternal();
51
52 if ($u == NULL) {
53 return;
54 }
55
56 $u->saveSettings();
57 if (mailPasswordInternal($u) == NULL) {
58 return;
59 }
60
61 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
62 $wgOut->setRobotpolicy( "noindex,nofollow" );
63 $wgOut->setArticleRelated( false );
64
65 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
66 $wgOut->returnToMain( false );
67
68 $u = 0;
69 }
70
71
72 /* private */ function addNewAccount()
73 {
74 global $wgUser, $wgOut;
75 global $wgDeferredUpdateList;
76
77 $u = addNewAccountInternal();
78
79 if ($u == NULL) {
80 return;
81 }
82
83 $wgUser = $u;
84 $wgUser->setCookies();
85
86 $up = new UserUpdate();
87 array_push( $wgDeferredUpdateList, $up );
88
89 if( hasSessionCookie() ) {
90 return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
91 } else {
92 return cookieRedirectCheck( "new" );
93 }
94 }
95
96
97 /* private */ function addNewAccountInternal()
98 {
99 global $wgUser, $wgOut;
100 global $wgMaxNameChars;
101
102 if (!$wgUser->isAllowedToCreateAccount()) {
103 userNotPrivilegedMessage();
104 return;
105 }
106
107 if ( 0 != strcmp( $_REQUEST['wpPassword'], $_REQUEST['wpRetype'] ) ) {
108 mainLoginForm( wfMsg( "badretype" ) );
109 return;
110 }
111
112 $name = trim( $_REQUEST['wpName'] );
113 if ( ( "" == $name ) ||
114 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
115 (strpos( $name, "/" ) !== false) ||
116 (strlen( $name ) > $wgMaxNameChars) )
117 {
118 mainLoginForm( wfMsg( "noname" ) );
119 return;
120 }
121 if ( wfReadOnly() ) {
122 $wgOut->readOnlyPage();
123 return;
124 }
125 $u = User::newFromName( $name );
126
127 if ( 0 != $u->idForName() ) {
128 mainLoginForm( wfMsg( "userexists" ) );
129 return;
130 }
131 $u->addToDatabase();
132 $u->setPassword( $_REQUEST['wpPassword'] );
133 $u->setEmail( $_REQUEST['wpEmail'] );
134 if ( 1 == $_REQUEST['wpRemember'] ) { $r = 1; }
135 else { $r = 0; }
136 $u->setOption( "rememberpassword", $r );
137
138 return $u;
139 }
140
141
142
143
144 /* private */ function processLogin()
145 {
146 global $wgUser;
147 global $wgDeferredUpdateList;
148
149 if ( "" == $_REQUEST['wpName'] ) {
150 mainLoginForm( wfMsg( "noname" ) );
151 return;
152 }
153 $u = User::newFromName( $_REQUEST['wpName'] );
154 $id = $u->idForName();
155 if ( 0 == $id ) {
156 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
157 return;
158 }
159 $u->setId( $id );
160 $u->loadFromDatabase();
161 $ep = $u->encryptPassword( $_REQUEST['wpPassword'] );
162 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
163 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
164 mainLoginForm( wfMsg( "wrongpassword" ) );
165 return;
166 }
167 }
168
169 # We've verified now, update the real record
170 #
171 if ( 1 == $_REQUEST['wpRemember'] ) {
172 $r = 1;
173 $u->setCookiePassword( $_REQUEST['wpPassword'] );
174 } else {
175 $r = 0;
176 }
177 $u->setOption( "rememberpassword", $r );
178
179 $wgUser = $u;
180 $wgUser->setCookies();
181
182 $up = new UserUpdate();
183 array_push( $wgDeferredUpdateList, $up );
184
185 if( hasSessionCookie() ) {
186 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
187 } else {
188 return cookieRedirectCheck( "login" );
189 }
190 }
191
192 /* private */ function mailPassword()
193 {
194 global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
195 global $wgCookiePath, $wgCookieDomain, $wgDBname;
196
197 if ( "" == $_REQUEST['wpName'] ) {
198 mainLoginForm( wfMsg( "noname" ) );
199 return;
200 }
201 $u = User::newFromName( $_REQUEST['wpName'] );
202 $id = $u->idForName();
203 if ( 0 == $id ) {
204 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
205 return;
206 }
207 $u->setId( $id );
208 $u->loadFromDatabase();
209
210 if (mailPasswordInternal($u) == NULL) {
211 return;
212 }
213
214 mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
215 }
216
217
218 /* private */ function mailPasswordInternal( $u )
219 {
220 global $wgDeferredUpdateList, $wgOutputEncoding;
221 global $wgPasswordSender, $wgDBname, $wgIP;
222
223 if ( "" == $u->getEmail() ) {
224 mainLoginForm( wfMsg( "noemail", $u->getName() ) );
225 return;
226 }
227 $np = User::randomPassword();
228 $u->setNewpassword( $np );
229
230 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
231 $u->saveSettings();
232
233 $ip = $wgIP;
234 if ( "" == $ip ) { $ip = "(Unknown)"; }
235
236 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
237
238 userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( "passwordremindertitle" ), $m );
239
240 return $u;
241 }
242
243
244
245
246
247 /* private */ function successfulLogin( $msg )
248 {
249 global $wgUser;
250 global $wgDeferredUpdateList;
251 global $wgOut;
252
253 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
254 $wgOut->setRobotpolicy( "noindex,nofollow" );
255 $wgOut->setArticleRelated( false );
256 $wgOut->addHTML( $msg . "\n<p>" );
257 $wgOut->returnToMain();
258 }
259
260 function userNotPrivilegedMessage()
261 {
262 global $wgOut, $wgUser, $wgLang;
263
264 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
265 $wgOut->setRobotpolicy( "noindex,nofollow" );
266 $wgOut->setArticleRelated( false );
267
268 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
269
270 $wgOut->returnToMain( false );
271 }
272
273 /* private */ function mainLoginForm( $err )
274 {
275 global $wgUser, $wgOut, $wgLang;
276 global $HTTP_COOKIE_VARS, $wgDBname;
277
278 $le = wfMsg( "loginerror" );
279 $yn = wfMsg( "yourname" );
280 $yp = wfMsg( "yourpassword" );
281 $ypa = wfMsg( "yourpasswordagain" );
282 $rmp = wfMsg( "remembermypassword" );
283 $nuo = wfMsg( "newusersonly" );
284 $li = wfMsg( "login" );
285 $ca = wfMsg( "createaccount" );
286 $cam = wfMsg( "createaccountmail" );
287 $ye = wfMsg( "youremail" );
288 $efl = wfMsg( "emailforlost" );
289 $mmp = wfMsg( "mailmypassword" );
290 $endText = wfMsg( "loginend" );
291
292 if ( $endText = "&lt;loginend&gt;" ) {
293 $endText = "";
294 }
295
296 $name = $_REQUEST['wpName'];
297 if ( "" == $name ) {
298 if ( 0 != $wgUser->getID() ) {
299 $name = $wgUser->getName();
300 } else {
301 $name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
302 }
303 }
304 $pwd = $_REQUEST['wpPassword'];
305
306 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
307 $wgOut->setRobotpolicy( "noindex,nofollow" );
308 $wgOut->setArticleRelated( false );
309
310 if ( "" == $err ) {
311 $lp = wfMsg( "loginprompt" );
312 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
313 } else {
314 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
315 color='red'>$err</font>\n" );
316 }
317 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
318 $checked = " checked";
319 } else {
320 $checked = "";
321 }
322 $q = "action=submit";
323 if ( "" != $_REQUEST['returnto'] ) { $q .= "&returnto=" . wfUrlencode($_REQUEST['returnto']); }
324 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
325 $action = $titleObj->escapeLocalUrl( $q );
326
327 $encName = wfEscapeHTML( $name );
328 $encPassword = wfEscapeHTML( $pwd );
329 $encRetype = wfEscapeHTML( $_REQUEST['wpRetype'] );
330 $encEmail = wfEscapeHTML( $_REQUEST['wpEmail'] );
331
332 if ($wgUser->getID() != 0) {
333 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
334 }
335
336 $wgOut->addHTML( "
337 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
338 <table border=0><tr>
339 <td align=right>$yn:</td>
340 <td align=left>
341 <input tabindex=1 type=text name=\"wpName\" value=\"{$encName}\" size=20>
342 </td>
343 <td align=left>
344 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
345 </td>
346 </tr>
347 <tr>
348 <td align=right>$yp:</td>
349 <td align=left>
350 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$encPassword}\" size=20>
351 </td>
352 <td align=left>
353 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
354 </td>
355 </tr>");
356
357 if ($wgUser->isAllowedToCreateAccount()) {
358 $encRetype = htmlspecialchars( $_REQUEST['wpRetype'] );
359 $encEmail = htmlspecialchars( $_REQUEST['wpCreateAccount'] );
360 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
361 <td align=right>$ypa:</td>
362 <td align=left>
363 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$encRetype}\"
364 size=20>
365 </td><td>$nuo</td></tr>
366 <tr>
367 <td align=right>$ye:</td>
368 <td align=left>
369 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$encEmail}\" size=20>
370 </td><td align=left>
371 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
372 $cambutton
373 </td></tr>");
374 }
375
376 $wgOut->addHTML("
377 <tr><td colspan=3>&nbsp;</td></tr><tr>
378 <td colspan=3 align=left>
379 <p>$efl<br>
380 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
381 </td></tr></table>
382 </form>\n" );
383 $wgOut->addHTML( $endText );
384 }
385
386 /* private */ function hasSessionCookie()
387 {
388 global $wgDisableCookieCheck;
389 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
390 }
391
392 /* private */ function cookieRedirectCheck( $type )
393 {
394 global $wgOut, $wgLang;
395
396 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
397 $check = $titleObj->getFullURL( "wpCookieCheck=$type" );
398
399 return $wgOut->redirect( $check );
400 }
401
402 /* private */ function onCookieRedirectCheck( $type ) {
403 global $wgUser;
404
405 if ( !hasSessionCookie() ) {
406 if ( $type == "new" ) {
407 return mainLoginForm( wfMsg( "nocookiesnew" ) );
408 } else if ( $type == "login" ) {
409 return mainLoginForm( wfMsg( "nocookieslogin" ) );
410 } else {
411 # shouldn't happen
412 return mainLoginForm( wfMsg( "error" ) );
413 }
414 } else {
415 return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
416 }
417 }
418
419 ?>
Wiklou, le Wiki du Wiklou