X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;ds=sidebyside;f=includes%2Fspecials%2FSpecialUserlogin.php;h=24e167599f23270499b8fd7da78951dabd03d263;hb=c50fb5444ee41c3e5591da7424621a0c843ca261;hp=6c6ba3b39a060d14617dbcaee36e2a4b67d6a2ed;hpb=e05e4b111ce743727957ed7da162349864dd1cd3;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 6c6ba3b39a..24e167599f 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -21,6 +21,7 @@ * @ingroup SpecialPage */ use MediaWiki\Logger\LoggerFactory; +use MediaWiki\Session\SessionManager; /** * Implements Special:UserLogin @@ -132,6 +133,10 @@ class LoginForm extends SpecialPage { $wgUseMediaWikiUIEverywhere = true; } + public function doesWrites() { + return true; + } + /** * Returns an array of all valid error messages. * @@ -263,9 +268,9 @@ class LoginForm extends SpecialPage { * @param string|null $subPage */ public function execute( $subPage ) { - if ( session_id() == '' ) { - wfSetupSession(); - } + // Make sure session is persisted + $session = MediaWiki\Session\SessionManager::getGlobalSession(); + $session->persist(); $this->load(); @@ -276,6 +281,17 @@ class LoginForm extends SpecialPage { } $this->setHeaders(); + // Make sure it's possible to log in + if ( $this->mType !== 'signup' && !$session->canSetUser() ) { + throw new ErrorPageError( + 'cannotloginnow-title', + 'cannotloginnow-text', + array( + $session->getProvider()->describe( RequestContext::getMain()->getLanguage() ) + ) + ); + } + /** * In the case where the user is already logged in, and was redirected to * the login form from a page that requires login, do not show the login @@ -372,6 +388,7 @@ class LoginForm extends SpecialPage { return; } + /** @var User $u */ $u = $status->getValue(); // Wipe the initial password and mail a temporary one @@ -567,7 +584,7 @@ class LoginForm extends SpecialPage { $cache = ObjectCache::getLocalClusterInstance(); # Make sure the user does not exist already - $lock = $cache->getScopedLock( wfGlobalCacheKey( 'account', md5( $this->mUsername ) ) ); + $lock = $cache->getScopedLock( $cache->makeGlobalKey( 'account', md5( $this->mUsername ) ) ); if ( !$lock ) { return Status::newFatal( 'usernameinprogress' ); } elseif ( $u->idForName( User::READ_LOCKING ) ) { @@ -784,7 +801,7 @@ class LoginForm extends SpecialPage { // Give general extensions, such as a captcha, a chance to abort logins $abort = self::ABORTED; if ( !Hooks::run( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$msg ) ) ) { - if ( !in_array( $abort, self::$statusCodes, true ) ) { + if ( !in_array( $abort, array_keys( self::$statusCodes ), true ) ) { throw new Exception( 'Invalid status code returned from AbortLogin hook: ' . $abort ); } $this->mAbortLoginErrorMsg = $msg; @@ -1375,7 +1392,7 @@ class LoginForm extends SpecialPage { if ( $user->isLoggedIn() ) { $this->mUsername = $user->getName(); } else { - $this->mUsername = $this->getRequest()->getCookie( 'UserName' ); + $this->mUsername = $this->getRequest()->getSession()->suggestLoginUsername(); } } @@ -1551,7 +1568,8 @@ class LoginForm extends SpecialPage { function hasSessionCookie() { global $wgDisableCookieCheck; - return $wgDisableCookieCheck ? true : $this->getRequest()->checkSessionCookie(); + return $wgDisableCookieCheck || + SessionManager::singleton()->getPersistedSessionId( $this->getRequest() ) !== null; } /** @@ -1570,7 +1588,7 @@ class LoginForm extends SpecialPage { public static function setLoginToken() { global $wgRequest; // Generate a token directly instead of using $user->getEditToken() - // because the latter reuses $_SESSION['wsEditToken'] + // because the latter reuses wsEditToken in the session $wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) ); } @@ -1616,7 +1634,7 @@ class LoginForm extends SpecialPage { $wgCookieSecure = false; } - wfResetSessionID(); + MediaWiki\Session\SessionManager::getGlobalSession()->resetId(); } /**