dépôts / lhc / web / wiklou.git / blob
? search:


5c68b846e3ce15373ebe5c78cd58bccc46cbddaf
[lhc/web/wiklou.git] / includes / SpecialUserlogin.php
1 <?php
2
3 require_once('UserMailer.php');
4
5 function wfSpecialUserlogin()
6 {
7 global $wgCommandLineMode;
8 global $wgRequest;
9 if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
10 User::SetupSession();
11 }
12
13 $form = new LoginForm( $wgRequest );
14 $form->execute();
15 }
16
17 class LoginForm {
18 var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted;
19 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
20 var $mLoginattempt, $mRemember, $mEmail;
21
22 function LoginForm( &$request ) {
23 global $wgLang, $wgAllowRealName;
24
25 $this->mName = $request->getText( 'wpName' );
26 $this->mPassword = $request->getText( 'wpPassword' );
27 $this->mRetype = $request->getText( 'wpRetype' );
28 $this->mReturnto = $request->getVal( 'returnto' );
29 $this->mCookieCheck = $request->getVal( "wpCookieCheck" );
30 $this->mPosted = $request->wasPosted();
31 $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' );
32 $this->mCreateaccountMail = $request->getCheck( 'wpCreateaccountMail' );
33 $this->mMailmypassword = $request->getCheck( 'wpMailmypassword' );
34 $this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
35 $this->mAction = $request->getVal( 'action' );
36 $this->mRemember = $request->getCheck( 'wpRemember' );
37 $this->mEmail = $request->getText( 'wpEmail' );
38 if ($wgAllowRealName) {
39 $this->mRealName = $request->getText( 'wpRealName' );
40 } else {
41 $this->mRealName = '';
42 }
43
44 # When switching accounts, it sucks to get automatically logged out
45 if( $this->mReturnto == $wgLang->specialPage( "Userlogout" ) ) {
46 $this->mReturnto = "";
47 }
48 }
49
50 function execute() {
51 if ( !is_null( $this->mCookieCheck ) ) {
52 $this->onCookieRedirectCheck( $this->mCookieCheck );
53 } else if( $this->mPosted ) {
54 if( $this->mCreateaccount ) {
55 return $this->addNewAccount();
56 } else if ( $this->mCreateaccountMail ) {
57 return $this->addNewAccountMailPassword();
58 } else if ( $this->mMailmypassword ) {
59 return $this->mailPassword();
60 } else if ( ( "submit" == $this->mAction ) || $this->mLoginattempt ) {
61 return $this->processLogin();
62 }
63 }
64 $this->mainLoginForm( "" );
65 }
66
67 /* private */ function addNewAccountMailPassword()
68 {
69 global $wgOut;
70
71 if ("" == $this->mEmail) {
72 $this->mainLoginForm( wfMsg( "noemail", $this->mName ) );
73 return;
74 }
75
76 $u = $this->addNewaccountInternal();
77
78 if ($u == NULL) {
79 return;
80 }
81
82 $u->saveSettings();
83 $error = $this->mailPasswordInternal($u);
84
85 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
86 $wgOut->setRobotpolicy( "noindex,nofollow" );
87 $wgOut->setArticleRelated( false );
88
89 if ( $error === "" ) {
90 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
91 $wgOut->returnToMain( false );
92 } else {
93 $this->mainLoginForm( wfMsg( "mailerror", $error ) );
94 }
95
96 $u = 0;
97 }
98
99
100 /* private */ function addNewAccount()
101 {
102 global $wgUser, $wgOut;
103 global $wgDeferredUpdateList;
104
105 $u = $this->addNewAccountInternal();
106
107 if ($u == NULL) {
108 return;
109 }
110
111 $wgUser = $u;
112 $wgUser->setCookies();
113
114 $up = new UserUpdate();
115 array_push( $wgDeferredUpdateList, $up );
116
117 if( $this->hasSessionCookie() ) {
118 return $this->successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
119 } else {
120 return $this->cookieRedirectCheck( "new" );
121 }
122 }
123
124
125 /* private */ function addNewAccountInternal()
126 {
127 global $wgUser, $wgOut;
128 global $wgMaxNameChars;
129 global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
130
131 if ( $wgAccountCreationThrottle ) {
132 $key = "$wgDBname:acctcreate:ip:$wgIP";
133 $value = $wgMemc->incr( $key );
134 if ( !$value ) {
135 $wgMemc->set( $key, 1, 86400 );
136 }
137 if ( $value > $wgAccountCreationThrottle ) {
138 $this->throttleHit( $wgAccountCreationThrottle );
139 return;
140 }
141 }
142
143 if (!$wgUser->isAllowedToCreateAccount()) {
144 $this->userNotPrivilegedMessage();
145 return;
146 }
147
148 if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
149 $this->mainLoginForm( wfMsg( "badretype" ) );
150 return;
151 }
152
153 $name = trim( $this->mName );
154 $u = User::newFromName( $name );
155 if ( ( "" == $name ) ||
156 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
157 (strpos( $name, "/" ) !== false) ||
158 (strlen( $name ) > $wgMaxNameChars) ||
159 ucFirst($name) != $u->getName() )
160 {
161 $this->mainLoginForm( wfMsg( "noname" ) );
162 return;
163 }
164 if ( wfReadOnly() ) {
165 $wgOut->readOnlyPage();
166 return;
167 }
168
169 if ( 0 != $u->idForName() ) {
170 $this->mainLoginForm( wfMsg( "userexists" ) );
171 return;
172 }
173 $u->addToDatabase();
174 $u->setPassword( $this->mPassword );
175 $u->setEmail( $this->mEmail );
176 $u->setRealName( $this->mRealName );
177
178 if ( $this->mRemember ) { $r = 1; }
179 else { $r = 0; }
180 $u->setOption( "rememberpassword", $r );
181
182 return $u;
183 }
184
185
186
187 /* private */ function processLogin()
188 {
189 global $wgUser;
190 global $wgDeferredUpdateList;
191
192 if ( "" == $this->mName ) {
193 $this->mainLoginForm( wfMsg( "noname" ) );
194 return;
195 }
196 $u = User::newFromName( $this->mName );
197 $id = $u->idForName();
198 if ( 0 == $id ) {
199 $this->mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
200 return;
201 }
202 $u->setId( $id );
203 $u->loadFromDatabase();
204 $ep = $u->encryptPassword( $this->mPassword );
205 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
206 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
207 $this->mainLoginForm( wfMsg( "wrongpassword" ) );
208 return;
209 }
210 }
211
212 # We've verified now, update the real record
213 #
214 if ( $this->mRemember ) {
215 $r = 1;
216 $u->setCookiePassword( $this->mPassword );
217 } else {
218 $r = 0;
219 }
220 $u->setOption( "rememberpassword", $r );
221
222 $wgUser = $u;
223 $wgUser->setCookies();
224
225 $up = new UserUpdate();
226 array_push( $wgDeferredUpdateList, $up );
227
228 if( $this->hasSessionCookie() ) {
229 return $this->successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
230 } else {
231 return $this->cookieRedirectCheck( "login" );
232 }
233 }
234
235 /* private */ function mailPassword()
236 {
237 global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
238 global $wgCookiePath, $wgCookieDomain, $wgDBname;
239
240 if ( "" == $this->mName ) {
241 $this->mainLoginForm( wfMsg( "noname" ) );
242 return;
243 }
244 $u = User::newFromName( $this->mName );
245 $id = $u->idForName();
246 if ( 0 == $id ) {
247 $this->mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
248 return;
249 }
250 $u->setId( $id );
251 $u->loadFromDatabase();
252
253 $error = $this->mailPasswordInternal( $u );
254 if ($error === "") {
255 $this->mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
256 } else {
257 $this->mainLoginForm( wfMsg( "mailerror", $error ) );
258 }
259
260 }
261
262
263 /* private */ function mailPasswordInternal( $u )
264 {
265 global $wgDeferredUpdateList, $wgOutputEncoding;
266 global $wgPasswordSender, $wgDBname, $wgIP;
267 global $wgCookiePath, $wgCookieDomain;
268
269 if ( "" == $u->getEmail() ) {
270 $this->mainLoginForm( wfMsg( "noemail", $u->getName() ) );
271 return;
272 }
273 $np = User::randomPassword();
274 $u->setNewpassword( $np );
275
276 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
277 $u->saveSettings();
278
279 $ip = $wgIP;
280 if ( "" == $ip ) { $ip = "(Unknown)"; }
281
282 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
283
284 $error = userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( "passwordremindertitle" ), $m );
285
286 return $error;
287 }
288
289
290
291
292
293 /* private */ function successfulLogin( $msg )
294 {
295 global $wgUser;
296 global $wgDeferredUpdateList;
297 global $wgOut;
298
299 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
300 $wgOut->setRobotpolicy( "noindex,nofollow" );
301 $wgOut->setArticleRelated( false );
302 $wgOut->addHTML( $msg );
303 $wgOut->returnToMain();
304 }
305
306 function userNotPrivilegedMessage()
307 {
308 global $wgOut, $wgUser, $wgLang;
309
310 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
311 $wgOut->setRobotpolicy( "noindex,nofollow" );
312 $wgOut->setArticleRelated( false );
313
314 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
315
316 $wgOut->returnToMain( false );
317 }
318
319 /* private */ function mainLoginForm( $err )
320 {
321 global $wgUser, $wgOut, $wgLang;
322 global $wgDBname, $wgAllowRealName;
323
324 $le = wfMsg( "loginerror" );
325 $yn = wfMsg( "yourname" );
326 $yp = wfMsg( "yourpassword" );
327 $ypa = wfMsg( "yourpasswordagain" );
328 $rmp = wfMsg( "remembermypassword" );
329 $nuo = wfMsg( "newusersonly" );
330 $li = wfMsg( "login" );
331 $ca = wfMsg( "createaccount" );
332 $cam = wfMsg( "createaccountmail" );
333 $ye = wfMsg( "youremail" );
334 if ($wgAllowRealName) {
335 $yrn = wfMsg( "yourrealname" );
336 } else {
337 $yrn = '';
338 }
339 $efl = wfMsg( "emailforlost" );
340 $mmp = wfMsg( "mailmypassword" );
341 $endText = wfMsg( "loginend" );
342
343 if ( $endText = "&lt;loginend&gt;" ) {
344 $endText = "";
345 }
346
347 if ( "" == $this->mName ) {
348 if ( 0 != $wgUser->getID() ) {
349 $this->mName = $wgUser->getName();
350 } else {
351 $this->mName = @$_COOKIE["{$wgDBname}UserName"];
352 }
353 }
354
355 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
356 $wgOut->setRobotpolicy( "noindex,nofollow" );
357 $wgOut->setArticleRelated( false );
358
359 if ( "" == $err ) {
360 $lp = wfMsg( "loginprompt" );
361 $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
362 } else {
363 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
364 color='red'>$err</font>\n" );
365 }
366 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
367 $checked = " checked";
368 } else {
369 $checked = "";
370 }
371
372 $q = "action=submit";
373 if ( !empty( $this->mReturnto ) ) {
374 $q .= "&returnto=" . wfUrlencode( $this->mReturnto );
375 }
376
377 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
378 $action = $titleObj->escapeLocalUrl( $q );
379
380 $encName = wfEscapeHTML( $this->mName );
381 $encPassword = wfEscapeHTML( $this->mPassword );
382 $encRetype = wfEscapeHTML( $this->mRetype );
383 $encEmail = wfEscapeHTML( $this->mEmail );
384 $encRealName = wfEscapeHTML( $this->mRealName );
385
386 if ($wgUser->getID() != 0) {
387 $cambutton = "<input tabindex='6' type='submit' name=\"wpCreateaccountMail\" value=\"{$cam}\" />";
388 } else {
389 $cambutton = "";
390 }
391
392 $wgOut->addHTML( "
393 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
394 <table border='0'><tr>
395 <td align='right'>$yn:</td>
396 <td align='left'>
397 <input tabindex='1' type='text' name=\"wpName\" value=\"{$encName}\" size='20' />
398 </td>
399 <td align='left'>
400 <input tabindex='3' type='submit' name=\"wpLoginattempt\" value=\"{$li}\" />
401 </td>
402 </tr>
403 <tr>
404 <td align='right'>$yp:</td>
405 <td align='left'>
406 <input tabindex='2' type='password' name=\"wpPassword\" value=\"{$encPassword}\" size='20' />
407 </td>
408 <td align='left'>
409 <input tabindex='7' type='checkbox' name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked /><label for=\"wpRemember\">$rmp</label>
410 </td>
411 </tr>");
412
413 if ($wgUser->isAllowedToCreateAccount()) {
414 $encRetype = htmlspecialchars( $this->mRetype );
415 $encEmail = htmlspecialchars( $this->mEmail );
416 $wgOut->addHTML("<tr><td colspan='3'>&nbsp;</td></tr><tr>
417 <td align='right'>$ypa:</td>
418 <td align='left'>
419 <input tabindex='4' type='password' name=\"wpRetype\" value=\"{$encRetype}\"
420 size='20' />
421 </td><td>$nuo</td></tr>
422 <tr>
423 <td align='right'>$ye:</td>
424 <td align='left'>
425 <input tabindex='6' type='text' name=\"wpEmail\" value=\"{$encEmail}\" size='20' />
426 </td>");
427
428 if ($wgAllowRealName) {
429 $wgOut->addHTML("<td>&nbsp;</td>
430 </tr><tr>
431 <td align='right'>$yrn:</td>
432 <td align='left'>
433 <input tabindex='6' type='text' name=\"wpRealName\" value=\"{$encRealName}\" size='20' />
434 </td>");
435 }
436
437 $wgOut->addHTML("<td align='left'>
438 <input tabindex='7' type='submit' name=\"wpCreateaccount\" value=\"{$ca}\" />
439 $cambutton
440 </td></tr>");
441 }
442
443 $wgOut->addHTML("
444 <tr><td colspan='3'>&nbsp;</td></tr><tr>
445 <td colspan='3' align='left'>
446 <p>$efl<br />
447 <input tabindex='8' type='submit' name=\"wpMailmypassword\" value=\"{$mmp}\" /></p>
448 </td></tr></table>
449 </form>\n" );
450 $wgOut->addHTML( $endText );
451 }
452
453 /* private */ function hasSessionCookie()
454 {
455 global $wgDisableCookieCheck;
456 return ( $wgDisableCookieCheck ) ? true : ( "" != $_COOKIE[session_name()] );
457 }
458
459 /* private */ function cookieRedirectCheck( $type )
460 {
461 global $wgOut, $wgLang;
462
463 $titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
464 $check = $titleObj->getFullURL( "wpCookieCheck=$type" );
465
466 return $wgOut->redirect( $check );
467 }
468
469 /* private */ function onCookieRedirectCheck( $type ) {
470 global $wgUser;
471
472 if ( !$this->hasSessionCookie() ) {
473 if ( $type == "new" ) {
474 return $this->mainLoginForm( wfMsg( "nocookiesnew" ) );
475 } else if ( $type == "login" ) {
476 return $this->mainLoginForm( wfMsg( "nocookieslogin" ) );
477 } else {
478 # shouldn't happen
479 return $this->mainLoginForm( wfMsg( "error" ) );
480 }
481 } else {
482 return $this->successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
483 }
484 }
485
486 /* private */ function throttleHit( $limit ) {
487 global $wgOut;
488
489 $wgOut->addWikiText( wfMsg( 'acct_creation_throttle_hit', $limit ) );
490 }
491 }
492 ?>
Wiklou, le Wiki du Wiklou