X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialUserlogin.php;h=89eedcbe7294c3d22689d3a1a4a4a11d90ac3f9f;hb=37b73a88820fda845e73f6a03f7406bad1e1d3b6;hp=bd43239c49a35339c144c0de8af8fb2801591113;hpb=7ce04ed3c6b33fa21279a665b2f8b190585c85af;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index bd43239c49..89eedcbe72 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -1,410 +1,533 @@ - - -function wfSpecialUserlogin() -{ - global $wpCreateaccount, $wpCreateaccountMail; - global $wpLoginattempt, $wpMailmypassword; - global $action, $_REQUEST; - - $fields = array( "wpName", "wpPassword", "wpName", - "wpPassword", "wpRetype", "wpEmail" ); - wfCleanFormFields( $fields ); - - $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ]; - - if ( isset( $wpCookieCheck ) ) { - onCookieRedirectCheck( $wpCookieCheck ); - } else if ( isset( $wpCreateaccount ) ) { - addNewAccount(); - } else if ( isset( $wpCreateaccountMail ) ) { - addNewAccountMailPassword(); - } else if ( isset( $wpMailmypassword ) ) { - mailPassword(); - } else if ( "submit" == $action || isset( $wpLoginattempt ) ) { - processLogin(); - } else { - mainLoginForm( "" ); +execute(); } - -/* private */ function addNewAccountMailPassword() -{ - global $wgOut, $wpEmail, $wpName; +/** + * + * @package MediaWiki + * @subpackage SpecialPage + */ +class LoginForm { + var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted; + var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword; + var $mLoginattempt, $mRemember, $mEmail; - if ("" == $wpEmail) { - mainLoginForm( wfMsg( "noemail", $wpName ) ); - return; - } - - $u = addNewaccountInternal(); - - if ($u == NULL) { - return; + function LoginForm( &$request ) { + global $wgLang, $wgAllowRealName; + + $this->mName = $request->getText( 'wpName' ); + $this->mPassword = $request->getText( 'wpPassword' ); + $this->mRetype = $request->getText( 'wpRetype' ); + $this->mReturnto = $request->getVal( 'returnto' ); + $this->mCookieCheck = $request->getVal( 'wpCookieCheck' ); + $this->mPosted = $request->wasPosted(); + $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' ); + $this->mCreateaccountMail = $request->getCheck( 'wpCreateaccountMail' ); + $this->mMailmypassword = $request->getCheck( 'wpMailmypassword' ); + $this->mLoginattempt = $request->getCheck( 'wpLoginattempt' ); + $this->mAction = $request->getVal( 'action' ); + $this->mRemember = $request->getCheck( 'wpRemember' ); + $this->mEmail = $request->getText( 'wpEmail' ); + if ($wgAllowRealName) { + $this->mRealName = $request->getText( 'wpRealName' ); + } else { + $this->mRealName = ''; + } + + # When switching accounts, it sucks to get automatically logged out + if( $this->mReturnto == $wgLang->specialPage( 'Userlogout' ) ) { + $this->mReturnto = ''; + } } - $u->saveSettings(); - if (mailPasswordInternal($u) == NULL) - { - return; + function execute() { + if ( !is_null( $this->mCookieCheck ) ) { + $this->onCookieRedirectCheck( $this->mCookieCheck ); + return; + } else if( $this->mPosted ) { + if( $this->mCreateaccount ) { + return $this->addNewAccount(); + } else if ( $this->mCreateaccountMail ) { + return $this->addNewAccountMailPassword(); + } else if ( $this->mMailmypassword ) { + return $this->mailPassword(); + } else if ( ( 'submit' == $this->mAction ) || $this->mLoginattempt ) { + return $this->processLogin(); + } + } + $this->mainLoginForm( '' ); } - $wgOut->setPageTitle( wfMsg( "accmailtitle" ) ); - $wgOut->setRobotpolicy( "noindex,nofollow" ); - $wgOut->setArticleFlag( false ); - - $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) ); - $wgOut->returnToMain( false ); + /** + * @access private + */ + function addNewAccountMailPassword() { + global $wgOut; + + if ('' == $this->mEmail) { + $this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName ) ) ); + return; + } - $u = 0; -} + $u = $this->addNewaccountInternal(); + if ($u == NULL) { + return; + } -/* private */ function addNewAccount() -{ - global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember; - global $wpEmail, $wgDeferredUpdateList; + $u->saveSettings(); + $error = $this->mailPasswordInternal($u); - $u = addNewAccountInternal(); + $wgOut->setPageTitle( wfMsg( 'accmailtitle' ) ); + $wgOut->setRobotpolicy( 'noindex,nofollow' ); + $wgOut->setArticleRelated( false ); + + if ( $error === '' ) { + $wgOut->addWikiText( wfMsg( 'accmailtext', $u->getName(), $u->getEmail() ) ); + $wgOut->returnToMain( false ); + } else { + $this->mainLoginForm( wfMsg( 'mailerror', $error ) ); + } - if ($u == NULL) { - return; + $u = 0; } - $wgUser = $u; - $wgUser->setCookies(); - - $up = new UserUpdate(); - array_push( $wgDeferredUpdateList, $up ); - - if (hasSessionCookie()) { - return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) ); - } else { - return cookieRedirectCheck("new"); - } -} + /** + * @access private + */ + function addNewAccount() { + global $wgUser, $wgOut; + global $wgDeferredUpdateList; -/* private */ function addNewAccountInternal() -{ - global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember; - global $wpEmail; + $u = $this->addNewAccountInternal(); - if (!$wgUser->isAllowedToCreateAccount()) { - userNotPrivilegedMessage(); - return; - } + if ($u == NULL) { + return; + } - if ( 0 != strcmp( $wpPassword, $wpRetype ) ) { - mainLoginForm( wfMsg( "badretype" ) ); - return; - } - $wpName = trim( $wpName ); - if ( ( "" == $wpName ) || - preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $wpName ) || - (strpos( $wpName, "/" ) !== false) ) - { - mainLoginForm( wfMsg( "noname" ) ); - return; - } - if ( wfReadOnly() ) { - $wgOut->readOnlyPage(); - return; - } - $u = User::newFromName( $wpName ); + $wgUser = $u; + $wgUser->setCookies(); - if ( 0 != $u->idForName() ) { - mainLoginForm( wfMsg( "userexists" ) ); - return; - } - $u->addToDatabase(); - $u->setPassword( $wpPassword ); - $u->setEmail( $wpEmail ); - if ( 1 == $wpRemember ) { $r = 1; } - else { $r = 0; } - $u->setOption( "rememberpassword", $r ); - - return $u; -} + $up = new UserUpdate(); + array_push( $wgDeferredUpdateList, $up ); + if( $this->hasSessionCookie() ) { + return $this->successfulLogin( wfMsg( 'welcomecreation', $wgUser->getName() ) ); + } else { + return $this->cookieRedirectCheck( 'new' ); + } + } + /** + * @access private + */ + function addNewAccountInternal() { + global $wgUser, $wgOut; + global $wgMaxNameChars; + global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP; -/* private */ function processLogin() -{ - global $wgUser, $wpName, $wpPassword, $wpRemember; - global $wgDeferredUpdateList; - global $returnto; + if (!$wgUser->isAllowedToCreateAccount()) { + $this->userNotPrivilegedMessage(); + return; + } - if ( "" == $wpName ) { - mainLoginForm( wfMsg( "noname" ) ); - return; - } - $u = User::newFromName( $wpName ); - $id = $u->idForName(); - if ( 0 == $id ) { - mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) ); - return; - } - $u->setId( $id ); - $u->loadFromDatabase(); - $ep = $u->encryptPassword( $wpPassword ); - if ( 0 != strcmp( $ep, $u->getPassword() ) ) { - if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) { - mainLoginForm( wfMsg( "wrongpassword" ) ); + if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) { + $this->mainLoginForm( wfMsg( 'badretype' ) ); + return; + } + + $name = trim( $this->mName ); + $u = User::newFromName( $name ); + if ( is_null( $u ) || + ( '' == $name ) || + preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) || + (strpos( $name, "/" ) !== false) || + (strlen( $name ) > $wgMaxNameChars) || + ucFirst($name) != $u->getName() ) + { + $this->mainLoginForm( wfMsg( 'noname' ) ); + return; + } + if ( wfReadOnly() ) { + $wgOut->readOnlyPage(); + return; + } + + if ( 0 != $u->idForName() ) { + $this->mainLoginForm( wfMsg( 'userexists' ) ); return; } - } - # We've verified now, update the real record - # - if ( 1 == $wpRemember ) { - $r = 1; - $u->setCookiePassword( $wpPassword ); - } else { - $r = 0; - } - $u->setOption( "rememberpassword", $r ); - - $wgUser = $u; - $wgUser->setCookies(); - - $up = new UserUpdate(); - array_push( $wgDeferredUpdateList, $up ); - - if (hasSessionCookie()) { - return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) ); - } else { - return cookieRedirectCheck( "login" ); - } -} + if ( $wgAccountCreationThrottle ) { + $key = $wgDBname.':acctcreate:ip:'.$wgIP; + $value = $wgMemc->incr( $key ); + if ( !$value ) { + $wgMemc->set( $key, 1, 86400 ); + } + if ( $value > $wgAccountCreationThrottle ) { + $this->throttleHit( $wgAccountCreationThrottle ); + return; + } + } -/* private */ function mailPassword() -{ - global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding; - global $wgCookiePath, $wgCookieDomain, $wgDBname; + $u->addToDatabase(); + $u->setPassword( $this->mPassword ); + $u->setEmail( $this->mEmail ); + $u->setRealName( $this->mRealName ); - if ( "" == $wpName ) { - mainLoginForm( wfMsg( "noname" ) ); - return; - } - $u = User::newFromName( $wpName ); - $id = $u->idForName(); - if ( 0 == $id ) { - mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) ); - return; + if ( $this->mRemember ) { $r = 1; } + else { $r = 0; } + $u->setOption( 'rememberpassword', $r ); + + return $u; } - $u->setId( $id ); - $u->loadFromDatabase(); - if (mailPasswordInternal($u) == NULL) { - return; - } + /** + * @access private + */ + function processLogin() { + global $wgUser; + global $wgDeferredUpdateList; - mainLoginForm( wfMsg( "passwordsent", $u->getName() ) ); -} + if ( '' == $this->mName ) { + $this->mainLoginForm( wfMsg( 'noname' ) ); + return; + } + $u = User::newFromName( $this->mName ); + if( is_null( $u ) ) { + $this->mainLoginForm( wfMsg( 'noname' ) ); + return; + } + $id = $u->idForName(); + if ( 0 == $id ) { + $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) ); + return; + } + $u->setId( $id ); + $u->loadFromDatabase(); + if (!$u->checkPassword( $this->mPassword )) { + $this->mainLoginForm( wfMsg( 'wrongpassword' ) ); + return; + } + # We've verified now, update the real record + # + if ( $this->mRemember ) { + $r = 1; + } else { + $r = 0; + } + $u->setOption( 'rememberpassword', $r ); + + $wgUser = $u; + $wgUser->setCookies(); -/* private */ function mailPasswordInternal( $u ) -{ - global $wpName, $wgDeferredUpdateList, $wgOutputEncoding; - global $wgPasswordSender; + $up = new UserUpdate(); + array_push( $wgDeferredUpdateList, $up ); - if ( "" == $u->getEmail() ) { - mainLoginForm( wfMsg( "noemail", $u->getName() ) ); - return; + if( $this->hasSessionCookie() ) { + return $this->successfulLogin( wfMsg( 'loginsuccess', $wgUser->getName() ) ); + } else { + return $this->cookieRedirectCheck( 'login' ); + } } - $np = User::randomPassword(); - $u->setNewpassword( $np ); - setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain ); - $u->saveSettings(); + /** + * @access private + */ + function mailPassword() { + global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding; + global $wgCookiePath, $wgCookieDomain, $wgDBname; - $ip = getenv( "REMOTE_ADDR" ); - if ( "" == $ip ) { $ip = "(Unknown)"; } + if ( '' == $this->mName ) { + $this->mainLoginForm( wfMsg( 'noname' ) ); + return; + } + $u = User::newFromName( $this->mName ); + if( is_null( $u ) ) { + $this->mainLoginForm( wfMsg( 'noname' ) ); + return; + } + $id = $u->idForName(); + if ( 0 == $id ) { + $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) ); + return; + } + $u->setId( $id ); + $u->loadFromDatabase(); - $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np ); + $error = $this->mailPasswordInternal( $u ); + if ($error === '') { + $this->mainLoginForm( wfMsg( 'passwordsent', $u->getName() ) ); + } else { + $this->mainLoginForm( wfMsg( 'mailerror', $error ) ); + } - mail( $u->getEmail(), wfMsg( "passwordremindertitle" ), $m, - "MIME-Version: 1.0\r\n" . - "Content-type: text/plain; charset={$wgOutputEncoding}\r\n" . - "Content-transfer-encoding: 8bit\r\n" . - "From: $wgPasswordSender" ); - - return $u; -} + } + /** + * @access private + */ + function mailPasswordInternal( $u ) { + global $wgDeferredUpdateList, $wgOutputEncoding; + global $wgPasswordSender, $wgDBname, $wgIP; + global $wgCookiePath, $wgCookieDomain; + if ( '' == $u->getEmail() ) { + return wfMsg( 'noemail', $u->getName() ); + } + $np = User::randomPassword(); + $u->setNewpassword( $np ); + setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain ); + $u->saveSettings(); -/* private */ function successfulLogin( $msg ) -{ - global $wgUser; - global $wgDeferredUpdateList; - global $wgOut, $returnto; + $ip = $wgIP; + if ( '' == $ip ) { $ip = '(Unknown)'; } - $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) ); - $wgOut->setRobotpolicy( "noindex,nofollow" ); - $wgOut->setArticleFlag( false ); - $wgOut->addHTML( $msg . "\n
" ); - $wgOut->returnToMain(); -} + $m = wfMsg( 'passwordremindertext', $ip, $u->getName(), $np ); -function userNotPrivilegedMessage() -{ - global $wgOut, $wgUser, $wgLang; + $error = userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( 'passwordremindertitle' ), $m ); + + return htmlspecialchars( $error ); + } - $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) ); - $wgOut->setRobotpolicy( "noindex,nofollow" ); - $wgOut->setArticleFlag( false ); - $wgOut->addWikiText( wfMsg( "whitelistacctext" ) ); - $wgOut->returnToMain( false ); -} + /** + * @access private + */ + function successfulLogin( $msg ) { + global $wgUser; + global $wgDeferredUpdateList; + global $wgOut; -/* private */ function mainLoginForm( $err ) -{ - global $wgUser, $wgOut, $wgLang, $returnto; - global $wpName, $wpPassword, $wpRetype, $wpRemember; - global $wpEmail, $HTTP_COOKIE_VARS, $wgDBname; - - $le = wfMsg( "loginerror" ); - $yn = wfMsg( "yourname" ); - $yp = wfMsg( "yourpassword" ); - $ypa = wfMsg( "yourpasswordagain" ); - $rmp = wfMsg( "remembermypassword" ); - $ayn = wfMsg( "areyounew" ); - $nuo = wfMsg( "newusersonly" ); - $li = wfMsg( "login" ); - $ca = wfMsg( "createaccount" ); - $cam = wfMsg( "createaccountmail" ); - $ye = wfMsg( "youremail" ); - $efl = wfMsg( "emailforlost" ); - $mmp = wfMsg( "mailmypassword" ); - - $name = $wpName; - if ( "" == $name ) { - if ( 0 != $wgUser->getID() ) { - $name = $wgUser->getName(); - } else { - $name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"]; - } - } - $pwd = $wpPassword; - - $wgOut->setPageTitle( wfMsg( "userlogin" ) ); - $wgOut->setRobotpolicy( "noindex,nofollow" ); - $wgOut->setArticleFlag( false ); - - if ( "" == $err ) { - $lp = wfMsg( "loginprompt" ); - $wgOut->addHTML( "
$lp
" ); - } else { - $wgOut->addHTML( "$lp
" ); + } else { + $wgOut->addHTML( "