* @ingroup SpecialPage
*/
use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\Session\SessionManager;
/**
* Implements Special:UserLogin
$wgUseMediaWikiUIEverywhere = true;
}
+ public function doesWrites() {
+ return true;
+ }
+
/**
* Returns an array of all valid error messages.
*
* @param string|null $subPage
*/
public function execute( $subPage ) {
- if ( session_id() == '' ) {
- wfSetupSession();
- }
+ // Make sure session is persisted
+ $session = MediaWiki\Session\SessionManager::getGlobalSession();
+ $session->persist();
$this->load();
}
$this->setHeaders();
+ // Make sure it's possible to log in
+ if ( $this->mType !== 'signup' && !$session->canSetUser() ) {
+ throw new ErrorPageError(
+ 'cannotloginnow-title',
+ 'cannotloginnow-text',
+ array(
+ $session->getProvider()->describe( RequestContext::getMain()->getLanguage() )
+ )
+ );
+ }
+
/**
* In the case where the user is already logged in, and was redirected to
* the login form from a page that requires login, do not show the login
}
# Request forgery checks.
- if ( !self::getCreateaccountToken() ) {
- self::setCreateaccountToken();
-
+ $token = self::getCreateaccountToken();
+ if ( $token->wasNew() ) {
return Status::newFatal( 'nocookiesfornew' );
}
}
# Validate the createaccount token
- if ( $this->mToken !== self::getCreateaccountToken() ) {
+ if ( !$token->match( $this->mToken ) ) {
return Status::newFatal( 'sessionfailure' );
}
// but wrong-token attempts do.
// If the user doesn't have a login token yet, set one.
- if ( !self::getLoginToken() ) {
- self::setLoginToken();
-
+ $token = self::getLoginToken();
+ if ( $token->wasNew() ) {
return self::NEED_TOKEN;
}
// If the user didn't pass a login token, tell them we need one
}
// Validate the login token
- if ( $this->mToken !== self::getLoginToken() ) {
+ if ( !$token->match( $this->mToken ) ) {
return self::WRONG_TOKEN;
}
if ( $user->isLoggedIn() ) {
$this->mUsername = $user->getName();
} else {
- $this->mUsername = $this->getRequest()->getCookie( 'UserName' );
+ $this->mUsername = $this->getRequest()->getSession()->suggestLoginUsername();
}
}
$template->set( 'loggedinuser', $user->getName() );
if ( $this->mType == 'signup' ) {
- if ( !self::getCreateaccountToken() ) {
- self::setCreateaccountToken();
- }
- $template->set( 'token', self::getCreateaccountToken() );
+ $template->set( 'token', self::getCreateaccountToken()->toString() );
} else {
- if ( !self::getLoginToken() ) {
- self::setLoginToken();
- }
- $template->set( 'token', self::getLoginToken() );
+ $template->set( 'token', self::getLoginToken()->toString() );
}
# Prepare language selection links as needed
* @return bool
*/
function hasSessionCookie() {
- global $wgDisableCookieCheck;
+ global $wgDisableCookieCheck, $wgInitialSessionId;
- return $wgDisableCookieCheck ? true : $this->getRequest()->checkSessionCookie();
+ return $wgDisableCookieCheck || (
+ $wgInitialSessionId &&
+ $this->getRequest()->getSession()->getId() === (string)$wgInitialSessionId
+ );
}
/**
* Get the login token from the current session
- * @return mixed
+ * @since 1.27 returns a MediaWiki\\Session\\Token instead of a string
+ * @return MediaWiki\\Session\\Token
*/
public static function getLoginToken() {
global $wgRequest;
-
- return $wgRequest->getSessionData( 'wsLoginToken' );
+ return $wgRequest->getSession()->getToken( '', 'login' );
}
/**
- * Randomly generate a new login token and attach it to the current session
+ * Formerly randomly generated a login token that would be returned by
+ * $this->getLoginToken().
+ *
+ * Since 1.27, this is a no-op. The token is generated as necessary by
+ * $this->getLoginToken().
+ *
+ * @deprecated since 1.27
*/
public static function setLoginToken() {
- global $wgRequest;
- // Generate a token directly instead of using $user->getEditToken()
- // because the latter reuses $_SESSION['wsEditToken']
- $wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) );
+ wfDeprecated( __METHOD__, '1.27' );
}
/**
*/
public static function clearLoginToken() {
global $wgRequest;
- $wgRequest->setSessionData( 'wsLoginToken', null );
+ $wgRequest->getSession()->resetToken( 'login' );
}
/**
* Get the createaccount token from the current session
- * @return mixed
+ * @since 1.27 returns a MediaWiki\\Session\\Token instead of a string
+ * @return MediaWiki\\Session\\Token
*/
public static function getCreateaccountToken() {
global $wgRequest;
- return $wgRequest->getSessionData( 'wsCreateaccountToken' );
+ return $wgRequest->getSession()->getToken( '', 'createaccount' );
}
/**
- * Randomly generate a new createaccount token and attach it to the current session
+ * Formerly randomly generated a createaccount token that would be returned
+ * by $this->getCreateaccountToken().
+ *
+ * Since 1.27, this is a no-op. The token is generated as necessary by
+ * $this->getCreateaccountToken().
+ *
+ * @deprecated since 1.27
*/
public static function setCreateaccountToken() {
- global $wgRequest;
- $wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32 ) );
+ wfDeprecated( __METHOD__, '1.27' );
}
/**
*/
public static function clearCreateaccountToken() {
global $wgRequest;
- $wgRequest->setSessionData( 'wsCreateaccountToken', null );
+ $wgRequest->getSession()->resetToken( 'createaccount' );
}
/**
$wgCookieSecure = false;
}
- wfResetSessionID();
+ MediaWiki\Session\SessionManager::getGlobalSession()->resetId();
}
/**
return $expired;
}
+ protected function getSubpagesForPrefixSearch() {
+ return array( 'signup' );
+ }
}