X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fspecials%2FSpecialUserlogin.php;h=671070b7d7b5f7e99353e22db73e66b48e78813b;hb=f1bb509dfc1d8cc7c10dd72386ebdf8b400394a4;hp=ce16b64448856448d0ae38dbf6fed9baebcc5f3b;hpb=758bbe8374e4cd3b6bbc067dee609fb172e9e664;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index ce16b64448..671070b7d7 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -34,18 +34,21 @@ class LoginForm { const ABORTED = 8; const CREATE_BLOCKED = 9; const THROTTLED = 10; + const USER_BLOCKED = 11; var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted; var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword; - var $mLoginattempt, $mRemember, $mEmail, $mDomain, $mLanguage, $mSkipCookieCheck; + var $mLoginattempt, $mRemember, $mEmail, $mDomain, $mLanguage; + var $mSkipCookieCheck, $mReturnToQuery; + + private $mExtUser = null; /** * Constructor * @param WebRequest $request A WebRequest object passed by reference */ function LoginForm( &$request, $par = '' ) { - global $wgLang, $wgAllowRealName, $wgEnableEmail; - global $wgAuth; + global $wgAuth, $wgHiddenPrefs, $wgEnableEmail, $wgRedirectOnLogin; $this->mType = ( $par == 'signup' ) ? $par : $request->getText( 'type' ); # Check for [[Special:Userlogin/signup]] $this->mName = $request->getText( 'wpName' ); @@ -53,6 +56,7 @@ class LoginForm { $this->mRetype = $request->getText( 'wpRetype' ); $this->mDomain = $request->getText( 'wpDomain' ); $this->mReturnTo = $request->getVal( 'returnto' ); + $this->mReturnToQuery = $request->getVal( 'returntoquery' ); $this->mCookieCheck = $request->getVal( 'wpCookieCheck' ); $this->mPosted = $request->wasPosted(); $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' ); @@ -66,12 +70,17 @@ class LoginForm { $this->mLanguage = $request->getText( 'uselang' ); $this->mSkipCookieCheck = $request->getCheck( 'wpSkipCookieCheck' ); + if ( $wgRedirectOnLogin ) { + $this->mReturnTo = $wgRedirectOnLogin; + $this->mReturnToQuery = ''; + } + if( $wgEnableEmail ) { $this->mEmail = $request->getText( 'wpEmail' ); } else { $this->mEmail = ''; } - if( $wgAllowRealName ) { + if( !in_array( 'realname', $wgHiddenPrefs ) ) { $this->mRealName = $request->getText( 'wpRealName' ); } else { $this->mRealName = ''; @@ -83,8 +92,10 @@ class LoginForm { $wgAuth->setDomain( $this->mDomain ); # When switching accounts, it sucks to get automatically logged out - if( $this->mReturnTo == $wgLang->specialPage( 'Userlogout' ) ) { + $returnToTitle = Title::newFromText( $this->mReturnTo ); + if( is_object( $returnToTitle ) && $returnToTitle->isSpecial( 'Userlogout' ) ) { $this->mReturnTo = ''; + $this->mReturnToQuery = ''; } } @@ -112,14 +123,14 @@ class LoginForm { function addNewAccountMailPassword() { global $wgOut; - if ('' == $this->mEmail) { + if ( $this->mEmail == '' ) { $this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName ) ) ); return; } $u = $this->addNewaccountInternal(); - if ($u == NULL) { + if ($u == null) { return; } @@ -153,7 +164,7 @@ class LoginForm { # Create the account and abort if there's a problem doing so $u = $this->addNewAccountInternal(); - if( $u == NULL ) + if( $u == null ) return; # If we showed up language selection links, and one was in use, be @@ -182,7 +193,7 @@ class LoginForm { if( $wgUser->isAnon() ) { $wgUser = $u; $wgUser->setCookies(); - wfRunHooks( 'AddNewAccount', array( $wgUser ) ); + wfRunHooks( 'AddNewAccount', array( $wgUser, false ) ); $wgUser->addNewUserLogEntry(); if( $this->hasSessionCookie() ) { return $this->successfulCreation(); @@ -198,7 +209,7 @@ class LoginForm { $wgOut->setRobotPolicy( 'noindex,nofollow' ); $wgOut->addHTML( wfMsgWikiHtml( 'accountcreatedtext', $u->getName() ) ); $wgOut->returnToMain( false, $self ); - wfRunHooks( 'AddNewAccount', array( $u ) ); + wfRunHooks( 'AddNewAccount', array( $u, false ) ); $u->addNewUserLogEntry(); return true; } @@ -209,7 +220,6 @@ class LoginForm { */ function addNewAccountInternal() { global $wgUser, $wgOut; - global $wgEnableSorbs, $wgProxyWhitelist; global $wgMemc, $wgAccountCreationThrottle; global $wgAuth, $wgMinimalPasswordLength; global $wgEmailConfirmToEdit; @@ -225,7 +235,7 @@ class LoginForm { // cation server before they create an account (otherwise, they can // create a local account and login as any domain user). We only need // to check this for domains that aren't local. - if( 'local' != $this->mDomain && '' != $this->mDomain ) { + if( 'local' != $this->mDomain && $this->mDomain != '' ) { if( !$wgAuth->canCreateAccounts() && ( !$wgAuth->userExists( $this->mName ) || !$wgAuth->authenticate( $this->mName, $this->mPassword ) ) ) { $this->mainLoginForm( wfMsg( 'wrongpassword' ) ); return false; @@ -247,9 +257,7 @@ class LoginForm { } $ip = wfGetIP(); - if ( $wgEnableSorbs && !in_array( $ip, $wgProxyWhitelist ) && - $wgUser->inSorbsBlacklist( $ip ) ) - { + if ( $wgUser->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) { $this->mainLoginForm( wfMsg( 'sorbs_create_account_reason' ) . ' (' . htmlspecialchars( $ip ) . ')' ); return; } @@ -257,7 +265,12 @@ class LoginForm { # Now create a dummy user ($u) and check if it is valid $name = trim( $this->mName ); $u = User::newFromName( $name, 'creatable' ); - if ( is_null( $u ) ) { + if ( WikiError::isError( $u ) ) { + $this->mainLoginForm( wfMsg( $u->getMessage() ) ); + return false; + } + + if ( !is_object( $u ) ) { $this->mainLoginForm( wfMsg( 'noname' ) ); return false; } @@ -273,9 +286,10 @@ class LoginForm { } # check for minimal password length - if ( !$u->isValidPassword( $this->mPassword ) ) { + $valid = $u->getPasswordValidity( $this->mPassword ); + if ( $valid !== true ) { if ( !$this->mCreateaccountMail ) { - $this->mainLoginForm( wfMsgExt( 'passwordtooshort', array( 'parsemag' ), $wgMinimalPasswordLength ) ); + $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) ); return false; } else { # do not force a password for account creation by email @@ -354,6 +368,14 @@ class LoginForm { $wgAuth->initUser( $u, $autocreate ); + if ( $this->mExtUser ) { + $this->mExtUser->linkToLocal( $u->getId() ); + $email = $this->mExtUser->getPref( 'emailaddress' ); + if ( $email && !$this->mEmail ) { + $u->setEmail( $email ); + } + } + $u->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 ); $u->saveSettings(); @@ -370,25 +392,23 @@ class LoginForm { * This may create a local account as a side effect if the * authentication plugin allows transparent local account * creation. - * - * @public */ - function authenticateUserData() { + public function authenticateUserData() { global $wgUser, $wgAuth; - if ( '' == $this->mName ) { + if ( $this->mName == '' ) { return self::NO_NAME; } global $wgPasswordAttemptThrottle; - $throttleCount=0; - if ( is_array($wgPasswordAttemptThrottle) ) { + $throttleCount = 0; + if ( is_array( $wgPasswordAttemptThrottle ) ) { $throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $this->mName ) ); $count = $wgPasswordAttemptThrottle['count']; $period = $wgPasswordAttemptThrottle['seconds']; global $wgMemc; - $throttleCount = $wgMemc->get($throttleKey); + $throttleCount = $wgMemc->get( $throttleKey ); if ( !$throttleCount ) { $wgMemc->add( $throttleKey, 1, $period ); // start counter } else if ( $throttleCount < $count ) { @@ -408,6 +428,11 @@ class LoginForm { wfDebug( __METHOD__.": already logged in as {$this->mName}\n" ); return self::SUCCESS; } + + $this->mExtUser = ExternalUser::newFromName( $this->mName ); + + # TODO: Allow some magic here for invalid external names, e.g., let the + # user choose a different wiki name. $u = User::newFromName( $this->mName ); if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) { return self::ILLEGAL; @@ -422,6 +447,15 @@ class LoginForm { $isAutoCreated = true; } } else { + global $wgExternalAuthType, $wgAutocreatePolicy; + if ( $wgExternalAuthType && $wgAutocreatePolicy != 'never' + && is_object( $this->mExtUser ) + && $this->mExtUser->authenticate( $this->mPassword ) ) { + # The external user and local user have the same name and + # password, so we assume they're the same. + $this->mExtUser->linkToLocal( $u->getID() ); + } + $u->load(); } @@ -431,6 +465,7 @@ class LoginForm { return $abort; } + global $wgBlockDisablesLogin; if (!$u->checkPassword( $this->mPassword )) { if( $u->checkTemporaryPassword( $this->mPassword ) ) { // The e-mailed temporary password should not be used for actu- @@ -459,8 +494,11 @@ class LoginForm { // faces etc will probably just fail cleanly here. $retval = self::RESET_PASS; } else { - $retval = '' == $this->mPassword ? self::EMPTY_PASS : self::WRONG_PASS; + $retval = ($this->mPassword == '') ? self::EMPTY_PASS : self::WRONG_PASS; } + } elseif ( $wgBlockDisablesLogin && $u->isBlocked() ) { + // If we've enabled it, make it so that a blocked user cannot login + $retval = self::USER_BLOCKED; } else { $wgAuth->updateUser( $u ); $wgUser = $u; @@ -487,26 +525,40 @@ class LoginForm { * @return integer Status code */ function attemptAutoCreate( $user ) { - global $wgAuth, $wgUser; + global $wgAuth, $wgUser, $wgAutocreatePolicy; + + if ( $wgUser->isBlockedFromCreateAccount() ) { + wfDebug( __METHOD__.": user is blocked from account creation\n" ); + return self::CREATE_BLOCKED; + } + /** * If the external authentication plugin allows it, automatically cre- * ate a new account for users that are externally defined but have not * yet logged in. */ - if ( !$wgAuth->autoCreate() ) { - return self::NOT_EXISTS; - } - if ( !$wgAuth->userExists( $user->getName() ) ) { - wfDebug( __METHOD__.": user does not exist\n" ); - return self::NOT_EXISTS; - } - if ( !$wgAuth->authenticate( $user->getName(), $this->mPassword ) ) { - wfDebug( __METHOD__.": \$wgAuth->authenticate() returned false, aborting\n" ); - return self::WRONG_PLUGIN_PASS; - } - if ( $wgUser->isBlockedFromCreateAccount() ) { - wfDebug( __METHOD__.": user is blocked from account creation\n" ); - return self::CREATE_BLOCKED; + if ( $this->mExtUser ) { + # mExtUser is neither null nor false, so use the new ExternalAuth + # system. + if ( $wgAutocreatePolicy == 'never' ) { + return self::NOT_EXISTS; + } + if ( !$this->mExtUser->authenticate( $this->mPassword ) ) { + return self::WRONG_PLUGIN_PASS; + } + } else { + # Old AuthPlugin. + if ( !$wgAuth->autoCreate() ) { + return self::NOT_EXISTS; + } + if ( !$wgAuth->userExists( $user->getName() ) ) { + wfDebug( __METHOD__.": user does not exist\n" ); + return self::NOT_EXISTS; + } + if ( !$wgAuth->authenticate( $user->getName(), $this->mPassword ) ) { + wfDebug( __METHOD__.": \$wgAuth->authenticate() returned false, aborting\n" ); + return self::WRONG_PLUGIN_PASS; + } } wfDebug( __METHOD__.": creating account\n" ); @@ -517,8 +569,7 @@ class LoginForm { function processLogin() { global $wgUser, $wgAuth; - switch ($this->authenticateUserData()) - { + switch ( $this->authenticateUserData() ) { case self::SUCCESS: # We've verified now, update the real record if( (bool)$this->mRemember != (bool)$wgUser->getOption( 'rememberpassword' ) ) { @@ -576,6 +627,9 @@ class LoginForm { case self::THROTTLED: $this->mainLoginForm( wfMsg( 'login-throttled' ) ); break; + case self::USER_BLOCKED: + $this->mainLoginForm( wfMsg( 'login-userblocked' ) ); + break; default: throw new MWException( "Unhandled case value" ); } @@ -610,6 +664,13 @@ class LoginForm { $this->mainLoginForm( wfMsg( 'blocked-mailpassword' ) ); return; } + + // Check for hooks + $error = null; + if ( ! wfRunHooks( 'UserLoginMailPassword', array( $this->mName, &$error ) ) ) { + $this->mainLoginForm( $error ); + return; + } # Check against the rate limiter if( $wgUser->pingLimiter( 'mailpassword' ) ) { @@ -617,7 +678,7 @@ class LoginForm { return; } - if ( '' == $this->mName ) { + if ( $this->mName == '' ) { $this->mainLoginForm( wfMsg( 'noname' ) ); return; } @@ -661,7 +722,7 @@ class LoginForm { function mailPasswordInternal( $u, $throttle = true, $emailTitle = 'passwordremindertitle', $emailText = 'passwordremindertext' ) { global $wgServer, $wgScript, $wgUser, $wgNewPasswordExpiry; - if ( '' == $u->getEmail() ) { + if ( $u->getEmail() == '' ) { return new WikiError( wfMsg( 'noemail', $u->getName() ) ); } $ip = wfGetIP(); @@ -674,10 +735,10 @@ class LoginForm { $np = $u->randomPassword(); $u->setNewpassword( $np, $throttle ); $u->saveSettings(); - - $m = wfMsgExt( $emailText, array( 'parsemag' ), $ip, $u->getName(), $np, + $userLanguage = $u->getOption( 'language' ); + $m = wfMsgExt( $emailText, array( 'parsemag', 'language' => $userLanguage ), $ip, $u->getName(), $np, $wgServer . $wgScript, round( $wgNewPasswordExpiry / 86400 ) ); - $result = $u->sendMail( wfMsg( $emailTitle ), $m ); + $result = $u->sendMail( wfMsgExt( $emailTitle, array( 'parsemag', 'language' => $userLanguage ) ), $m ); return $result; } @@ -707,8 +768,7 @@ class LoginForm { if ( !$titleObj instanceof Title ) { $titleObj = Title::newMainPage(); } - - $wgOut->redirect( $titleObj->getFullURL() ); + $wgOut->redirect( $titleObj->getFullURL( $this->mReturnToQuery ) ); } } @@ -741,7 +801,7 @@ class LoginForm { $wgOut->addHTML( $injected_html ); if ( !empty( $this->mReturnTo ) ) { - $wgOut->returnToMain( null, $this->mReturnTo ); + $wgOut->returnToMain( null, $this->mReturnTo, $this->mReturnToQuery ); } else { $wgOut->returnToMain( null ); } @@ -794,7 +854,7 @@ class LoginForm { * @private */ function mainLoginForm( $msg, $msgtype = 'error' ) { - global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail; + global $wgUser, $wgOut, $wgHiddenPrefs, $wgEnableEmail; global $wgCookiePrefix, $wgLoginLanguageSelector; global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration; @@ -816,7 +876,7 @@ class LoginForm { } } - if ( '' == $this->mName ) { + if ( $this->mName == '' ) { if ( $wgUser->isLoggedIn() ) { $this->mName = $wgUser->getName(); } else { @@ -840,6 +900,9 @@ class LoginForm { if ( !empty( $this->mReturnTo ) ) { $returnto = '&returnto=' . wfUrlencode( $this->mReturnTo ); + if ( !empty( $this->mReturnToQuery ) ) + $returnto .= '&returntoquery=' . + wfUrlencode( $this->mReturnToQuery ); $q .= $returnto; $linkq .= $returnto; } @@ -854,7 +917,7 @@ class LoginForm { # Don't show a "create account" link if the user can't if( $this->showCreateOrLoginLink( $wgUser ) ) - $template->set( 'link', wfMsgHtml( $linkmsg, $link ) ); + $template->set( 'link', wfMsgWikiHtml( $linkmsg, $link ) ); else $template->set( 'link', '' ); @@ -870,7 +933,7 @@ class LoginForm { $template->set( 'message', $msg ); $template->set( 'messagetype', $msgtype ); $template->set( 'createemail', $wgEnableEmail && $wgUser->isLoggedIn() ); - $template->set( 'userealname', $wgAllowRealName ); + $template->set( 'userealname', !in_array( 'realname', $wgHiddenPrefs ) ); $template->set( 'useemail', $wgEnableEmail ); $template->set( 'emailrequired', $wgEmailConfirmToEdit ); $template->set( 'canreset', $wgAuth->allowPasswordChange() ); @@ -885,14 +948,20 @@ class LoginForm { } // Give authentication and captcha plugins a chance to modify the form - $wgAuth->modifyUITemplate( $template ); + $wgAuth->modifyUITemplate( $template, $this->mType ); if ( $this->mType == 'signup' ) { wfRunHooks( 'UserCreateForm', array( &$template ) ); } else { wfRunHooks( 'UserLoginForm', array( &$template ) ); } - $wgOut->setPageTitle( wfMsg( 'userlogin' ) ); + //Changes the title depending on permissions for creating account + if ( $wgUser->isAllowed( 'createaccount' ) ) { + $wgOut->setPageTitle( wfMsg( 'userlogin' ) ); + } else { + $wgOut->setPageTitle( wfMsg( 'userloginnocreate' ) ); + } + $wgOut->setRobotPolicy( 'noindex,nofollow' ); $wgOut->setArticleRelated( false ); $wgOut->disallowUserJs(); // just in case... @@ -944,8 +1013,6 @@ class LoginForm { * @private */ function onCookieRedirectCheck( $type ) { - global $wgUser; - if ( !$this->hasSessionCookie() ) { if ( $type == 'new' ) { return $this->mainLoginForm( wfMsgExt( 'nocookiesnew', array( 'parseinline' ) ) ); @@ -1003,12 +1070,17 @@ class LoginForm { function makeLanguageSelectorLink( $text, $lang ) { global $wgUser; $self = SpecialPage::getTitleFor( 'Userlogin' ); - $attr[] = 'uselang=' . $lang; + $attr = array( 'uselang' => $lang ); if( $this->mType == 'signup' ) - $attr[] = 'type=signup'; + $attr['type'] = 'signup'; if( $this->mReturnTo ) - $attr[] = 'returnto=' . $this->mReturnTo; + $attr['returnto'] = $this->mReturnTo; $skin = $wgUser->getSkin(); - return $skin->makeKnownLinkObj( $self, htmlspecialchars( $text ), implode( '&', $attr ) ); + return $skin->linkKnown( + $self, + htmlspecialchars( $text ), + array(), + $attr + ); } }