dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
BUG#93 Fix handling of <nowiki> in templates
[lhc/web/wiklou.git] / includes / SpecialUserlogin.php
1 <?php
2 /**
3 *
4 * @package MediaWiki
5 * @subpackage SpecialPage
6 */
7
8 /**
9 *
10 */
11 require_once('UserMailer.php');
12
13 /**
14 * consutrctor
15 */
16 function wfSpecialUserlogin() {
17 global $wgCommandLineMode;
18 global $wgRequest;
19 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
20 User::SetupSession();
21 }
22
23 $form = new LoginForm( $wgRequest );
24 $form->execute();
25 }
26
27 /**
28 *
29 * @package MediaWiki
30 * @subpackage SpecialPage
31 */
32 class LoginForm {
33 var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted;
34 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
35 var $mLoginattempt, $mRemember, $mEmail;
36
37 function LoginForm( &$request ) {
38 global $wgLang, $wgAllowRealName;
39
40 $this->mName = $request->getText( 'wpName' );
41 $this->mPassword = $request->getText( 'wpPassword' );
42 $this->mRetype = $request->getText( 'wpRetype' );
43 $this->mReturnto = $request->getVal( 'returnto' );
44 $this->mCookieCheck = $request->getVal( "wpCookieCheck" );
45 $this->mPosted = $request->wasPosted();
46 $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' );
47 $this->mCreateaccountMail = $request->getCheck( 'wpCreateaccountMail' );
48 $this->mMailmypassword = $request->getCheck( 'wpMailmypassword' );
49 $this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
50 $this->mAction = $request->getVal( 'action' );
51 $this->mRemember = $request->getCheck( 'wpRemember' );
52 $this->mEmail = $request->getText( 'wpEmail' );
53 if ($wgAllowRealName) {
54 $this->mRealName = $request->getText( 'wpRealName' );
55 } else {
56 $this->mRealName = '';
57 }
58
59 # When switching accounts, it sucks to get automatically logged out
60 if( $this->mReturnto == $wgLang->specialPage( "Userlogout" ) ) {
61 $this->mReturnto = "";
62 }
63 }
64
65 function execute() {
66 if ( !is_null( $this->mCookieCheck ) ) {
67 $this->onCookieRedirectCheck( $this->mCookieCheck );
68 return;
69 } else if( $this->mPosted ) {
70 if( $this->mCreateaccount ) {
71 return $this->addNewAccount();
72 } else if ( $this->mCreateaccountMail ) {
73 return $this->addNewAccountMailPassword();
74 } else if ( $this->mMailmypassword ) {
75 return $this->mailPassword();
76 } else if ( ( "submit" == $this->mAction ) || $this->mLoginattempt ) {
77 return $this->processLogin();
78 }
79 }
80 $this->mainLoginForm( "" );
81 }
82
83 /**
84 * @access private
85 */
86 function addNewAccountMailPassword() {
87 global $wgOut;
88
89 if ("" == $this->mEmail) {
90 $this->mainLoginForm( wfMsg( "noemail", $this->mName ) );
91 return;
92 }
93
94 $u = $this->addNewaccountInternal();
95
96 if ($u == NULL) {
97 return;
98 }
99
100 $u->saveSettings();
101 $error = $this->mailPasswordInternal($u);
102
103 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
104 $wgOut->setRobotpolicy( "noindex,nofollow" );
105 $wgOut->setArticleRelated( false );
106
107 if ( $error === "" ) {
108 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
109 $wgOut->returnToMain( false );
110 } else {
111 $this->mainLoginForm( wfMsg( "mailerror", $error ) );
112 }
113
114 $u = 0;
115 }
116
117
118 /**
119 * @access private
120 */
121 function addNewAccount() {
122 global $wgUser, $wgOut;
123 global $wgDeferredUpdateList;
124
125 $u = $this->addNewAccountInternal();
126
127 if ($u == NULL) {
128 return;
129 }
130
131 $wgUser = $u;
132 $wgUser->setCookies();
133
134 $up = new UserUpdate();
135 array_push( $wgDeferredUpdateList, $up );
136
137 if( $this->hasSessionCookie() ) {
138 return $this->successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
139 } else {
140 return $this->cookieRedirectCheck( "new" );
141 }
142 }
143
144
145 /**
146 * @access private
147 */
148 function addNewAccountInternal() {
149 global $wgUser, $wgOut;
150 global $wgMaxNameChars;
151 global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
152
153 if (!$wgUser->isAllowedToCreateAccount()) {
154 $this->userNotPrivilegedMessage();
155 return;
156 }
157
158 if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
159 $this->mainLoginForm( wfMsg( "badretype" ) );
160 return;
161 }
162
163 $name = trim( $this->mName );
164 $u = User::newFromName( $name );
165 if ( is_null( $u ) ||
166 ( "" == $name ) ||
167 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
168 (strpos( $name, "/" ) !== false) ||
169 (strlen( $name ) > $wgMaxNameChars) ||
170 ucFirst($name) != $u->getName() )
171 {
172 $this->mainLoginForm( wfMsg( "noname" ) );
173 return;
174 }
175 if ( wfReadOnly() ) {
176 $wgOut->readOnlyPage();
177 return;
178 }
179
180 if ( 0 != $u->idForName() ) {
181 $this->mainLoginForm( wfMsg( "userexists" ) );
182 return;
183 }
184
185 if ( $wgAccountCreationThrottle ) {
186 $key = "$wgDBname:acctcreate:ip:$wgIP";
187 $value = $wgMemc->incr( $key );
188 if ( !$value ) {
189 $wgMemc->set( $key, 1, 86400 );
190 }
191 if ( $value > $wgAccountCreationThrottle ) {
192 $this->throttleHit( $wgAccountCreationThrottle );
193 return;
194 }
195 }
196
197 $u->addToDatabase();
198 $u->setPassword( $this->mPassword );
199 $u->setEmail( $this->mEmail );
200 $u->setRealName( $this->mRealName );
201
202 if ( $this->mRemember ) { $r = 1; }
203 else { $r = 0; }
204 $u->setOption( "rememberpassword", $r );
205
206 return $u;
207 }
208
209 /**
210 * @access private
211 */
212 function processLogin() {
213 global $wgUser;
214 global $wgDeferredUpdateList;
215
216 if ( "" == $this->mName ) {
217 $this->mainLoginForm( wfMsg( "noname" ) );
218 return;
219 }
220 $u = User::newFromName( $this->mName );
221 if( is_null( $u ) ) {
222 $this->mainLoginForm( wfMsg( "noname" ) );
223 return;
224 }
225 $id = $u->idForName();
226 if ( 0 == $id ) {
227 $this->mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
228 return;
229 }
230 $u->setId( $id );
231 $u->loadFromDatabase();
232 if (!$u->checkPassword( $this->mPassword )) {
233 $this->mainLoginForm( wfMsg( "wrongpassword" ) );
234 return;
235 }
236
237 # We've verified now, update the real record
238 #
239 if ( $this->mRemember ) {
240 $r = 1;
241 $u->setCookiePassword( $this->mPassword );
242 } else {
243 $r = 0;
244 }
245 $u->setOption( "rememberpassword", $r );
246
247 $wgUser = $u;
248 $wgUser->setCookies();
249
250 $up = new UserUpdate();
251 array_push( $wgDeferredUpdateList, $up );
252
253 if( $this->hasSessionCookie() ) {
254 return $this->successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
255 } else {
256 return $this->cookieRedirectCheck( "login" );
257 }
258 }
259
260 /**
261 * @access private
262 */
263 function mailPassword() {
264 global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
265 global $wgCookiePath, $wgCookieDomain, $wgDBname;
266
267 if ( "" == $this->mName ) {
268 $this->mainLoginForm( wfMsg( "noname" ) );
269 return;
270 }
271 $u = User::newFromName( $this->mName );
272 if( is_null( $u ) ) {
273 $this->mainLoginForm( wfMsg( "noname" ) );
274 return;
275 }
276 $id = $u->idForName();
277 if ( 0 == $id ) {
278 $this->mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
279 return;
280 }
281 $u->setId( $id );
282 $u->loadFromDatabase();
283
284 $error = $this->mailPasswordInternal( $u );
285 if ($error === "") {
286 $this->mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
287 } else {
288 $this->mainLoginForm( wfMsg( "mailerror", $error ) );
289 }
290
291 }
292
293
294 /**
295 * @access private
296 */
297 function mailPasswordInternal( $u ) {
298 global $wgDeferredUpdateList, $wgOutputEncoding;
299 global $wgPasswordSender, $wgDBname, $wgIP;
300 global $wgCookiePath, $wgCookieDomain;
301
302 if ( "" == $u->getEmail() ) {
303 return wfMsg( "noemail", $u->getName() );
304 }
305 $np = User::randomPassword();
306 $u->setNewpassword( $np );
307
308 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
309 $u->saveSettings();
310
311 $ip = $wgIP;
312 if ( "" == $ip ) { $ip = "(Unknown)"; }
313
314 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
315
316 $error = userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( "passwordremindertitle" ), $m );
317
318 return $error;
319 }
320
321
322 /**
323 * @access private
324 */
325 function successfulLogin( $msg ) {
326 global $wgUser;
327 global $wgDeferredUpdateList;
328 global $wgOut;
329
330 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
331 $wgOut->setRobotpolicy( "noindex,nofollow" );
332 $wgOut->setArticleRelated( false );
333 $wgOut->addWikiText( $msg );
334 $wgOut->returnToMain();
335 }
336
337 function userNotPrivilegedMessage() {
338 global $wgOut, $wgUser, $wgLang;
339
340 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
341 $wgOut->setRobotpolicy( "noindex,nofollow" );
342 $wgOut->setArticleRelated( false );
343
344 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
345
346 $wgOut->returnToMain( false );
347 }
348
349 /**
350 * @access private
351 */
352 function mainLoginForm( $err ) {
353 global $wgUser, $wgOut, $wgLang;
354 global $wgDBname, $wgAllowRealName;
355
356 $le = wfMsg( "loginerror" );
357 $yn = wfMsg( "yourname" );
358 $yp = wfMsg( "yourpassword" );
359 $ypa = wfMsg( "yourpasswordagain" );
360 $rmp = wfMsg( "remembermypassword" );
361 $nuo = wfMsg( "newusersonly" );
362 $li = wfMsg( "login" );
363 $ca = wfMsg( "createaccount" );
364 $cam = wfMsg( "createaccountmail" );
365 $ye = wfMsg( "youremail" );
366 if( $wgAllowRealName ) {
367 $yrn = wfMsg( "yourrealname" );
368 } else {
369 $yrn = '';
370 }
371 $efl = wfMsg( "emailforlost" );
372 $mmp = wfMsg( "mailmypassword" );
373 $endText = wfMsg( "loginend" );
374
375 if ( $endText = "&lt;loginend&gt;" ) {
376 $endText = "";
377 }
378
379 if ( "" == $this->mName ) {
380 if ( 0 != $wgUser->getID() ) {
381 $this->mName = $wgUser->getName();
382 } else {
383 $this->mName = @$_COOKIE["{$wgDBname}UserName"];
384 }
385 }
386
387 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
388 $wgOut->setRobotpolicy( "noindex,nofollow" );
389 $wgOut->setArticleRelated( false );
390
391 if ( "" == $err ) {
392 $lp = wfMsg( "loginprompt" );
393 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
394 } else {
395 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
396 color='red'>$err</font>\n" );
397 }
398 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
399 $checked = " checked";
400 } else {
401 $checked = "";
402 }
403
404 $q = "action=submit";
405 if ( !empty( $this->mReturnto ) ) {
406 $q .= "&returnto=" . wfUrlencode( $this->mReturnto );
407 }
408
409 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
410 $action = $titleObj->escapeLocalUrl( $q );
411
412 $encName = htmlspecialchars( $this->mName );
413 $encPassword = htmlspecialchars( $this->mPassword );
414 $encRetype = htmlspecialchars( $this->mRetype );
415 $encEmail = htmlspecialchars( $this->mEmail );
416 $encRealName = htmlspecialchars( $this->mRealName );
417
418 if ($wgUser->getID() != 0) {
419 $cambutton = "<input tabindex='6' type='submit' name=\"wpCreateaccountMail\" value=\"{$cam}\" />";
420 } else {
421 $cambutton = "";
422 }
423
424 $wgOut->addHTML( "
425 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
426 <table border='0'><tr>
427 <td align='right'>$yn:</td>
428 <td align='left'>
429 <input tabindex='1' type='text' name=\"wpName\" value=\"{$encName}\" size='20' />
430 </td>
431 <td align='left'>
432 <input tabindex='3' type='submit' name=\"wpLoginattempt\" value=\"{$li}\" />
433 </td>
434 </tr>
435 <tr>
436 <td align='right'>$yp:</td>
437 <td align='left'>
438 <input tabindex='2' type='password' name=\"wpPassword\" value=\"{$encPassword}\" size='20' />
439 </td>
440 <td align='left'>
441 <input tabindex='7' type='checkbox' name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked /><label for=\"wpRemember\">$rmp</label>
442 </td>
443 </tr>");
444
445 if ($wgUser->isAllowedToCreateAccount()) {
446 $encRetype = htmlspecialchars( $this->mRetype );
447 $encEmail = htmlspecialchars( $this->mEmail );
448 $wgOut->addHTML("<tr><td colspan='3'>&nbsp;</td></tr><tr>
449 <td align='right'>$ypa:</td>
450 <td align='left'>
451 <input tabindex='4' type='password' name=\"wpRetype\" value=\"{$encRetype}\"
452 size='20' />
453 </td><td>$nuo</td></tr>
454 <tr>
455 <td align='right'>$ye:</td>
456 <td align='left'>
457 <input tabindex='6' type='text' name=\"wpEmail\" value=\"{$encEmail}\" size='20' />
458 </td>");
459
460 if ($wgAllowRealName) {
461 $wgOut->addHTML("<td>&nbsp;</td>
462 </tr><tr>
463 <td align='right'>$yrn:</td>
464 <td align='left'>
465 <input tabindex='6' type='text' name=\"wpRealName\" value=\"{$encRealName}\" size='20' />
466 </td>");
467 }
468
469 $wgOut->addHTML("<td align='left'>
470 <input tabindex='7' type='submit' name=\"wpCreateaccount\" value=\"{$ca}\" />
471 $cambutton
472 </td></tr>");
473 }
474
475 $wgOut->addHTML("
476 <tr><td colspan='3'>&nbsp;</td></tr><tr>
477 <td colspan='3' align='left'>
478 <p>$efl<br />
479 <input tabindex='8' type='submit' name=\"wpMailmypassword\" value=\"{$mmp}\" /></p>
480 </td></tr></table>
481 </form>\n" );
482 $wgOut->addHTML( $endText );
483 }
484
485 /**
486 * @access private
487 */
488 function hasSessionCookie() {
489 global $wgDisableCookieCheck;
490 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
491 }
492
493 /**
494 * @access private
495 */
496 function cookieRedirectCheck( $type ) {
497 global $wgOut, $wgLang;
498
499 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
500 $check = $titleObj->getFullURL( "wpCookieCheck=$type" );
501
502 return $wgOut->redirect( $check );
503 }
504
505 /**
506 * @access private
507 */
508 function onCookieRedirectCheck( $type ) {
509 global $wgUser;
510
511 if ( !$this->hasSessionCookie() ) {
512 if ( $type == "new" ) {
513 return $this->mainLoginForm( wfMsg( "nocookiesnew" ) );
514 } else if ( $type == "login" ) {
515 return $this->mainLoginForm( wfMsg( "nocookieslogin" ) );
516 } else {
517 # shouldn't happen
518 return $this->mainLoginForm( wfMsg( "error" ) );
519 }
520 } else {
521 return $this->successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
522 }
523 }
524
525 /**
526 * @access private
527 */
528 function throttleHit( $limit ) {
529 global $wgOut;
530
531 $wgOut->addWikiText( wfMsg( 'acct_creation_throttle_hit', $limit ) );
532 }
533 }
534 ?>
Wiklou, le Wiki du Wiklou