dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Removed old HTMLCacheUpdateJob b/c code"
[lhc/web/wiklou.git] / includes / api / ApiCreateAccount.php
1 <?php
2 /**
3 * Created on August 7, 2012
4 *
5 * Copyright © 2012 Tyler Romeo <tylerromeo@gmail.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 * http://www.gnu.org/copyleft/gpl.html
21 *
22 * @file
23 */
24
25 /**
26 * Unit to authenticate account registration attempts to the current wiki.
27 *
28 * @ingroup API
29 */
30 class ApiCreateAccount extends ApiBase {
31 public function execute() {
32 // If we're in a mode that breaks the same-origin policy, no tokens can
33 // be obtained
34 if ( $this->lacksSameOriginSecurity() ) {
35 $this->dieUsage(
36 'Cannot create account when the same-origin policy is not applied', 'aborted'
37 );
38 }
39
40 // $loginForm->addNewaccountInternal will throw exceptions
41 // if wiki is read only (already handled by api), user is blocked or does not have rights.
42 // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
43 $loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
44 if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
45 $this->dieUsage(
46 'You do not have the right to create a new account',
47 'permdenied-createaccount'
48 );
49 }
50 if ( $this->getUser()->isBlockedFromCreateAccount() ) {
51 $this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
52 }
53
54 $params = $this->extractRequestParams();
55
56 // Init session if necessary
57 if ( session_id() == '' ) {
58 wfSetupSession();
59 }
60
61 if ( $params['mailpassword'] && !$params['email'] ) {
62 $this->dieUsageMsg( 'noemail' );
63 }
64
65 if ( $params['language'] && !Language::isSupportedLanguage( $params['language'] ) ) {
66 $this->dieUsage( 'Invalid language parameter', 'langinvalid' );
67 }
68
69 $context = new DerivativeContext( $this->getContext() );
70 $context->setRequest( new DerivativeRequest(
71 $this->getContext()->getRequest(),
72 array(
73 'type' => 'signup',
74 'uselang' => $params['language'],
75 'wpName' => $params['name'],
76 'wpPassword' => $params['password'],
77 'wpRetype' => $params['password'],
78 'wpDomain' => $params['domain'],
79 'wpEmail' => $params['email'],
80 'wpRealName' => $params['realname'],
81 'wpCreateaccountToken' => $params['token'],
82 'wpCreateaccount' => $params['mailpassword'] ? null : '1',
83 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
84 )
85 ) );
86
87 $loginForm = new LoginForm();
88 $loginForm->setContext( $context );
89 Hooks::run( 'AddNewAccountApiForm', array( $this, $loginForm ) );
90 $loginForm->load();
91
92 $status = $loginForm->addNewaccountInternal();
93 $result = array();
94 if ( $status->isGood() ) {
95 // Success!
96 $user = $status->getValue();
97
98 if ( $params['language'] ) {
99 $user->setOption( 'language', $params['language'] );
100 }
101
102 if ( $params['mailpassword'] ) {
103 // If mailpassword was set, disable the password and send an email.
104 $user->setPassword( null );
105 $status->merge( $loginForm->mailPasswordInternal(
106 $user,
107 false,
108 'createaccount-title',
109 'createaccount-text'
110 ) );
111 } elseif ( $this->getConfig()->get( 'EmailAuthentication' ) && Sanitizer::validateEmail( $user->getEmail() ) ) {
112 // Send out an email authentication message if needed
113 $status->merge( $user->sendConfirmationMail() );
114 }
115
116 // Save settings (including confirmation token)
117 $user->saveSettings();
118
119 Hooks::run( 'AddNewAccount', array( $user, $params['mailpassword'] ) );
120
121 if ( $params['mailpassword'] ) {
122 $logAction = 'byemail';
123 } elseif ( $this->getUser()->isLoggedIn() ) {
124 $logAction = 'create2';
125 } else {
126 $logAction = 'create';
127 }
128 $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
129
130 // Add username, id, and token to result.
131 $result['username'] = $user->getName();
132 $result['userid'] = $user->getId();
133 $result['token'] = $user->getToken();
134 }
135
136 $apiResult = $this->getResult();
137
138 if ( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
139 // Token was incorrect, so add it to result, but don't throw an exception
140 // since not having the correct token is part of the normal
141 // flow of events.
142 $result['token'] = LoginForm::getCreateaccountToken();
143 $result['result'] = 'NeedToken';
144 } elseif ( !$status->isOK() ) {
145 // There was an error. Die now.
146 $this->dieStatus( $status );
147 } elseif ( !$status->isGood() ) {
148 // Status is not good, but OK. This means warnings.
149 $result['result'] = 'Warning';
150
151 // Add any warnings to the result
152 $warnings = $status->getErrorsByType( 'warning' );
153 if ( $warnings ) {
154 foreach ( $warnings as &$warning ) {
155 $apiResult->setIndexedTagName( $warning['params'], 'param' );
156 }
157 $apiResult->setIndexedTagName( $warnings, 'warning' );
158 $result['warnings'] = $warnings;
159 }
160 } else {
161 // Everything was fine.
162 $result['result'] = 'Success';
163 }
164
165 // Give extensions a chance to modify the API result data
166 Hooks::run( 'AddNewAccountApiResult', array( $this, $loginForm, &$result ) );
167
168 $apiResult->addValue( null, 'createaccount', $result );
169 }
170
171 public function mustBePosted() {
172 return true;
173 }
174
175 public function isReadMode() {
176 return false;
177 }
178
179 public function isWriteMode() {
180 return true;
181 }
182
183 public function getAllowedParams() {
184 return array(
185 'name' => array(
186 ApiBase::PARAM_TYPE => 'user',
187 ApiBase::PARAM_REQUIRED => true
188 ),
189 'password' => null,
190 'domain' => null,
191 'token' => null,
192 'email' => array(
193 ApiBase::PARAM_TYPE => 'string',
194 ApiBase::PARAM_REQUIRED => $this->getConfig()->get( 'EmailConfirmToEdit' ),
195 ),
196 'realname' => null,
197 'mailpassword' => array(
198 ApiBase::PARAM_TYPE => 'boolean',
199 ApiBase::PARAM_DFLT => false
200 ),
201 'reason' => null,
202 'language' => null
203 );
204 }
205
206 protected function getExamplesMessages() {
207 return array(
208 'action=createaccount&name=testuser&password=test123'
209 => 'apihelp-createaccount-example-pass',
210 'action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason'
211 => 'apihelp-createaccount-example-mail',
212 );
213 }
214
215 public function getHelpUrls() {
216 return 'https://www.mediawiki.org/wiki/API:Account_creation';
217 }
218 }
Wiklou, le Wiki du Wiklou