summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialUserlogin.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialUserlogin.php')
-rw-r--r--includes/specials/SpecialUserlogin.php330
1 files changed, 194 insertions, 136 deletions
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 58da77da..eef66914 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -95,9 +95,9 @@ class LoginForm extends SpecialPage {
$this->mReason = $request->getText( 'wpReason' );
$this->mCookieCheck = $request->getVal( 'wpCookieCheck' );
$this->mPosted = $request->wasPosted();
- $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' );
$this->mCreateaccountMail = $request->getCheck( 'wpCreateaccountMail' )
&& $wgEnableEmail;
+ $this->mCreateaccount = $request->getCheck( 'wpCreateaccount' ) && !$this->mCreateaccountMail;
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
@@ -149,6 +149,23 @@ class LoginForm extends SpecialPage {
$this->load();
$this->setHeaders();
+ global $wgSecureLogin;
+ if (
+ $this->mType !== 'signup' &&
+ $wgSecureLogin &&
+ WebRequest::detectProtocol() !== 'https'
+ ) {
+ $title = $this->getFullTitle();
+ $query = array(
+ 'returnto' => $this->mReturnTo,
+ 'returntoquery' => $this->mReturnToQuery,
+ 'wpStickHTTPS' => $this->mStickHTTPS
+ );
+ $url = $title->getFullURL( $query, false, PROTO_HTTPS );
+ $this->getOutput()->redirect( $url );
+ return;
+ }
+
if ( $par == 'signup' ) { # Check for [[Special:Userlogin/signup]]
$this->mType = 'signup';
}
@@ -180,19 +197,22 @@ class LoginForm extends SpecialPage {
return;
}
- $u = $this->addNewaccountInternal();
-
- if ( $u == null ) {
+ $status = $this->addNewaccountInternal();
+ if( !$status->isGood() ) {
+ $error = $this->getOutput()->parse( $status->getWikiText() );
+ $this->mainLoginForm( $error );
return;
}
+ $u = $status->getValue();
+
// Wipe the initial password and mail a temporary one
$u->setPassword( null );
$u->saveSettings();
$result = $this->mailPasswordInternal( $u, false, 'createaccount-title', 'createaccount-text' );
wfRunHooks( 'AddNewAccount', array( $u, true ) );
- $u->addNewUserLogEntry( true, $this->mReason );
+ $u->addNewUserLogEntry( 'byemail', $this->mReason );
$out = $this->getOutput();
$out->setPageTitle( $this->msg( 'accmailtitle' ) );
@@ -210,18 +230,34 @@ class LoginForm extends SpecialPage {
* @return bool
*/
function addNewAccount() {
- global $wgUser, $wgEmailAuthentication, $wgLoginLanguageSelector;
+ global $wgContLang, $wgUser, $wgEmailAuthentication, $wgLoginLanguageSelector;
# Create the account and abort if there's a problem doing so
- $u = $this->addNewAccountInternal();
- if( $u == null ) {
+ $status = $this->addNewAccountInternal();
+ if( !$status->isGood() ) {
+ $error = $this->getOutput()->parse( $status->getWikiText() );
+ $this->mainLoginForm( $error );
return false;
}
- # If we showed up language selection links, and one was in use, be
- # smart (and sensible) and save that language as the user's preference
- if( $wgLoginLanguageSelector && $this->mLanguage ) {
- $u->setOption( 'language', $this->mLanguage );
+ $u = $status->getValue();
+
+ # Only save preferences if the user is not creating an account for someone else.
+ if ( $this->getUser()->isAnon() ) {
+ # If we showed up language selection links, and one was in use, be
+ # smart (and sensible) and save that language as the user's preference
+ if( $wgLoginLanguageSelector && $this->mLanguage ) {
+ $u->setOption( 'language', $this->mLanguage );
+ } else {
+
+ # Otherwise the user's language preference defaults to $wgContLang,
+ # but it may be better to set it to their preferred $wgContLang variant,
+ # based on browser preferences or URL parameters.
+ $u->setOption( 'language', $wgContLang->getPreferredVariant() );
+ }
+ if ( $wgContLang->hasVariants() ) {
+ $u->setOption( 'variant', $wgContLang->getPreferredVariant() );
+ }
}
$out = $this->getOutput();
@@ -250,7 +286,7 @@ class LoginForm extends SpecialPage {
// wrong.
$this->getContext()->setUser( $u );
wfRunHooks( 'AddNewAccount', array( $u, false ) );
- $u->addNewUserLogEntry();
+ $u->addNewUserLogEntry( 'create' );
if( $this->hasSessionCookie() ) {
$this->successfulCreation();
} else {
@@ -262,23 +298,24 @@ class LoginForm extends SpecialPage {
$out->addWikiMsg( 'accountcreatedtext', $u->getName() );
$out->addReturnTo( $this->getTitle() );
wfRunHooks( 'AddNewAccount', array( $u, false ) );
- $u->addNewUserLogEntry( false, $this->mReason );
+ $u->addNewUserLogEntry( 'create2', $this->mReason );
}
return true;
}
/**
+ * Make a new user account using the loaded data.
* @private
- * @return bool|User
+ * @throws PermissionsError|ReadOnlyError
+ * @return Status
*/
- function addNewAccountInternal() {
+ public function addNewAccountInternal() {
global $wgAuth, $wgMemc, $wgAccountCreationThrottle,
$wgMinimalPasswordLength, $wgEmailConfirmToEdit;
// If the user passes an invalid domain, something is fishy
if( !$wgAuth->validDomain( $this->mDomain ) ) {
- $this->mainLoginForm( $this->msg( 'wrongpassword' )->text() );
- return false;
+ return Status::newFatal( 'wrongpassword' );
}
// If we are not allowing users to login locally, we should be checking
@@ -287,10 +324,14 @@ class LoginForm extends SpecialPage {
// create a local account and login as any domain user). We only need
// to check this for domains that aren't local.
if( 'local' != $this->mDomain && $this->mDomain != '' ) {
- if( !$wgAuth->canCreateAccounts() && ( !$wgAuth->userExists( $this->mUsername )
- || !$wgAuth->authenticate( $this->mUsername, $this->mPassword ) ) ) {
- $this->mainLoginForm( $this->msg( 'wrongpassword' )->text() );
- return false;
+ if(
+ !$wgAuth->canCreateAccounts() &&
+ (
+ !$wgAuth->userExists( $this->mUsername ) ||
+ !$wgAuth->authenticate( $this->mUsername, $this->mPassword )
+ )
+ ) {
+ return Status::newFatal( 'wrongpassword' );
}
}
@@ -301,28 +342,28 @@ class LoginForm extends SpecialPage {
# Request forgery checks.
if ( !self::getCreateaccountToken() ) {
self::setCreateaccountToken();
- $this->mainLoginForm( $this->msg( 'nocookiesfornew' )->parse() );
- return false;
+ return Status::newFatal( 'nocookiesfornew' );
}
# The user didn't pass a createaccount token
if ( !$this->mToken ) {
- $this->mainLoginForm( $this->msg( 'sessionfailure' )->text() );
- return false;
+ return Status::newFatal( 'sessionfailure' );
}
# Validate the createaccount token
if ( $this->mToken !== self::getCreateaccountToken() ) {
- $this->mainLoginForm( $this->msg( 'sessionfailure' )->text() );
- return false;
+ return Status::newFatal( 'sessionfailure' );
}
# Check permissions
$currentUser = $this->getUser();
+ $creationBlock = $currentUser->isBlockedFromCreateAccount();
if ( !$currentUser->isAllowed( 'createaccount' ) ) {
throw new PermissionsError( 'createaccount' );
- } elseif ( $currentUser->isBlockedFromCreateAccount() ) {
- $this->userBlockedMessage( $currentUser->isBlockedFromCreateAccount() );
+ } elseif ( $creationBlock instanceof Block ) {
+ // Throws an ErrorPageError.
+ $this->userBlockedMessage( $creationBlock );
+ // This should never be reached.
return false;
}
@@ -334,58 +375,45 @@ class LoginForm extends SpecialPage {
$ip = $this->getRequest()->getIP();
if ( $currentUser->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) {
- $this->mainLoginForm( $this->msg( 'sorbs_create_account_reason' )->text() . ' ' . $this->msg( 'parentheses', $ip )->escaped() );
- return false;
+ return Status::newFatal( 'sorbs_create_account_reason' );
}
# Now create a dummy user ($u) and check if it is valid
$name = trim( $this->mUsername );
$u = User::newFromName( $name, 'creatable' );
if ( !is_object( $u ) ) {
- $this->mainLoginForm( $this->msg( 'noname' )->text() );
- return false;
- }
-
- if ( 0 != $u->idForName() ) {
- $this->mainLoginForm( $this->msg( 'userexists' )->text() );
- return false;
+ return Status::newFatal( 'noname' );
+ } elseif ( 0 != $u->idForName() ) {
+ return Status::newFatal( 'userexists' );
}
- if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
- $this->mainLoginForm( $this->msg( 'badretype' )->text() );
- return false;
- }
+ if ( $this->mCreateaccountMail ) {
+ # do not force a password for account creation by email
+ # set invalid password, it will be replaced later by a random generated password
+ $this->mPassword = null;
+ } else {
+ if ( $this->mPassword !== $this->mRetype ) {
+ return Status::newFatal( 'badretype' );
+ }
- # check for minimal password length
- $valid = $u->getPasswordValidity( $this->mPassword );
- if ( $valid !== true ) {
- if ( !$this->mCreateaccountMail ) {
- if ( is_array( $valid ) ) {
- $message = array_shift( $valid );
- $params = $valid;
- } else {
- $message = $valid;
- $params = array( $wgMinimalPasswordLength );
+ # check for minimal password length
+ $valid = $u->getPasswordValidity( $this->mPassword );
+ if ( $valid !== true ) {
+ if ( !is_array( $valid ) ) {
+ $valid = array( $valid, $wgMinimalPasswordLength );
}
- $this->mainLoginForm( $this->msg( $message, $params )->text() );
- return false;
- } else {
- # do not force a password for account creation by email
- # set invalid password, it will be replaced later by a random generated password
- $this->mPassword = null;
+ return call_user_func_array( 'Status::newFatal', $valid );
}
}
# if you need a confirmed email address to edit, then obviously you
# need an email address.
- if ( $wgEmailConfirmToEdit && empty( $this->mEmail ) ) {
- $this->mainLoginForm( $this->msg( 'noemailtitle' )->text() );
- return false;
+ if ( $wgEmailConfirmToEdit && strval( $this->mEmail ) === '' ) {
+ return Status::newFatal( 'noemailtitle' );
}
- if( !empty( $this->mEmail ) && !Sanitizer::validateEmail( $this->mEmail ) ) {
- $this->mainLoginForm( $this->msg( 'invalidemailaddress' )->text() );
- return false;
+ if ( strval( $this->mEmail ) !== '' && !Sanitizer::validateEmail( $this->mEmail ) ) {
+ return Status::newFatal( 'invalidemailaddress' );
}
# Set some additional data so the AbortNewAccount hook can be used for
@@ -397,8 +425,7 @@ class LoginForm extends SpecialPage {
if( !wfRunHooks( 'AbortNewAccount', array( $u, &$abortError ) ) ) {
// Hook point to add extra creation throttles and blocks
wfDebug( "LoginForm::addNewAccountInternal: a hook blocked creation\n" );
- $this->mainLoginForm( $abortError );
- return false;
+ return Status::newFatal( new RawMessage( $abortError ) );
}
// Hook point to check for exempt from account creation throttle
@@ -412,16 +439,14 @@ class LoginForm extends SpecialPage {
$wgMemc->set( $key, 0, 86400 );
}
if ( $value >= $wgAccountCreationThrottle ) {
- $this->throttleHit( $wgAccountCreationThrottle );
- return false;
+ return Status::newFatal( 'acct_creation_throttle_hit', $wgAccountCreationThrottle );
}
$wgMemc->incr( $key );
}
}
if( !$wgAuth->addUser( $u, $this->mPassword, $this->mEmail, $this->mRealName ) ) {
- $this->mainLoginForm( $this->msg( 'externaldberror' )->text() );
- return false;
+ return Status::newFatal( 'externaldberror' );
}
self::clearCreateaccountToken();
@@ -434,13 +459,16 @@ class LoginForm extends SpecialPage {
*
* @param $u User object.
* @param $autocreate boolean -- true if this is an autocreation via auth plugin
- * @return User object.
+ * @return Status object, with the User object in the value member on success
* @private
*/
function initUser( $u, $autocreate ) {
global $wgAuth;
- $u->addToDatabase();
+ $status = $u->addToDatabase();
+ if ( !$status->isOK() ) {
+ return $status;
+ }
if ( $wgAuth->allowPasswordChange() ) {
$u->setPassword( $this->mPassword );
@@ -464,10 +492,9 @@ class LoginForm extends SpecialPage {
$u->saveSettings();
# Update user count
- $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
- $ssUpdate->doUpdate();
+ DeferredUpdates::addUpdate( new SiteStatsUpdate( 0, 0, 0, 0, 1 ) );
- return $u;
+ return Status::newGood( $u );
}
/**
@@ -533,7 +560,7 @@ class LoginForm extends SpecialPage {
}
$isAutoCreated = false;
- if ( 0 == $u->getID() ) {
+ if ( $u->getID() == 0 ) {
$status = $this->attemptAutoCreate( $u );
if ( $status !== self::SUCCESS ) {
return $status;
@@ -543,8 +570,9 @@ class LoginForm extends SpecialPage {
} else {
global $wgExternalAuthType, $wgAutocreatePolicy;
if ( $wgExternalAuthType && $wgAutocreatePolicy != 'never'
- && is_object( $this->mExtUser )
- && $this->mExtUser->authenticate( $this->mPassword ) ) {
+ && is_object( $this->mExtUser )
+ && $this->mExtUser->authenticate( $this->mPassword )
+ ) {
# The external user and local user have the same name and
# password, so we assume they're the same.
$this->mExtUser->linkToLocal( $u->getID() );
@@ -588,7 +616,7 @@ class LoginForm extends SpecialPage {
// faces etc will probably just fail cleanly here.
$retval = self::RESET_PASS;
} else {
- $retval = ( $this->mPassword == '' ) ? self::EMPTY_PASS : self::WRONG_PASS;
+ $retval = ( $this->mPassword == '' ) ? self::EMPTY_PASS : self::WRONG_PASS;
}
} elseif ( $wgBlockDisablesLogin && $u->isBlocked() ) {
// If we've enabled it, make it so that a blocked user cannot login
@@ -620,7 +648,7 @@ class LoginForm extends SpecialPage {
/**
* Increment the login attempt throttle hit count for the (username,current IP)
* tuple unless the throttle was already reached.
- * @param $username string The user name
+ * @param string $username The user name
* @return Bool|Integer The integer hit count or True if it is already at the limit
*/
public static function incLoginThrottle( $username ) {
@@ -648,7 +676,7 @@ class LoginForm extends SpecialPage {
/**
* Clear the login attempt throttle hit count for the (username,current IP) tuple.
- * @param $username string The user name
+ * @param string $username The user name
* @return void
*/
public static function clearLoginThrottle( $username ) {
@@ -713,24 +741,36 @@ class LoginForm extends SpecialPage {
}
wfDebug( __METHOD__ . ": creating account\n" );
- $this->initUser( $user, true );
+ $status = $this->initUser( $user, true );
+
+ if ( !$status->isOK() ) {
+ $errors = $status->getErrorsByType( 'error' );
+ $this->mAbortLoginErrorMsg = $errors[0]['message'];
+ return self::ABORTED;
+ }
+
return self::SUCCESS;
}
function processLogin() {
- global $wgMemc, $wgLang;
+ global $wgMemc, $wgLang, $wgSecureLogin;
switch ( $this->authenticateUserData() ) {
case self::SUCCESS:
# We've verified now, update the real record
$user = $this->getUser();
- if( (bool)$this->mRemember != (bool)$user->getOption( 'rememberpassword' ) ) {
+ if( (bool)$this->mRemember != $user->getBoolOption( 'rememberpassword' ) ) {
$user->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 );
$user->saveSettings();
} else {
$user->invalidateCache();
}
- $user->setCookies();
+
+ if( $wgSecureLogin && !$this->mStickHTTPS ) {
+ $user->setCookies( null, false );
+ } else {
+ $user->setCookies();
+ }
self::clearLoginToken();
// Reset the throttle
@@ -803,8 +843,11 @@ class LoginForm extends SpecialPage {
}
}
+ /**
+ * @param $error string
+ */
function resetLoginForm( $error ) {
- $this->getOutput()->addHTML( Xml::element('p', array( 'class' => 'error' ), $error ) );
+ $this->getOutput()->addHTML( Xml::element( 'p', array( 'class' => 'error' ), $error ) );
$reset = new SpecialChangePassword();
$reset->setContext( $this->getContext() );
$reset->execute( null );
@@ -813,12 +856,12 @@ class LoginForm extends SpecialPage {
/**
* @param $u User object
* @param $throttle Boolean
- * @param $emailTitle String: message name of email title
- * @param $emailText String: message name of email text
+ * @param string $emailTitle message name of email title
+ * @param string $emailText message name of email text
* @return Status object
*/
function mailPasswordInternal( $u, $throttle = true, $emailTitle = 'passwordremindertitle', $emailText = 'passwordremindertext' ) {
- global $wgServer, $wgScript, $wgNewPasswordExpiry;
+ global $wgCanonicalServer, $wgScript, $wgNewPasswordExpiry;
if ( $u->getEmail() == '' ) {
return Status::newFatal( 'noemail', $u->getName() );
@@ -835,14 +878,13 @@ class LoginForm extends SpecialPage {
$u->setNewpassword( $np, $throttle );
$u->saveSettings();
$userLanguage = $u->getOption( 'language' );
- $m = $this->msg( $emailText, $ip, $u->getName(), $np, $wgServer . $wgScript,
+ $m = $this->msg( $emailText, $ip, $u->getName(), $np, '<' . $wgCanonicalServer . $wgScript . '>',
round( $wgNewPasswordExpiry / 86400 ) )->inLanguage( $userLanguage )->text();
$result = $u->sendMail( $this->msg( $emailTitle )->inLanguage( $userLanguage )->text(), $m );
return $result;
}
-
/**
* Run any hooks registered for logins, then HTTP redirect to
* $this->mReturnTo (or Main Page if that's undefined). Formerly we had a
@@ -860,7 +902,8 @@ class LoginForm extends SpecialPage {
wfRunHooks( 'UserLoginComplete', array( &$currentUser, &$injected_html ) );
if( $injected_html !== '' ) {
- $this->displaySuccessfulLogin( 'loginsuccess', $injected_html );
+ $this->displaySuccessfulAction( $this->msg( 'loginsuccesstitle' ),
+ 'loginsuccess', $injected_html );
} else {
$this->executeReturnTo( 'successredirect' );
}
@@ -876,7 +919,7 @@ class LoginForm extends SpecialPage {
# Run any hooks; display injected HTML
$currentUser = $this->getUser();
$injected_html = '';
- $welcome_creation_msg = 'welcomecreation';
+ $welcome_creation_msg = 'welcomecreation-msg';
wfRunHooks( 'UserLoginComplete', array( &$currentUser, &$injected_html ) );
@@ -887,18 +930,21 @@ class LoginForm extends SpecialPage {
*/
wfRunHooks( 'BeforeWelcomeCreation', array( &$welcome_creation_msg, &$injected_html ) );
- $this->displaySuccessfulLogin( $welcome_creation_msg, $injected_html );
+ $this->displaySuccessfulAction( $this->msg( 'welcomeuser', $this->getUser()->getName() ),
+ $welcome_creation_msg, $injected_html );
}
/**
- * Display a "login successful" page.
+ * Display an "successful action" page.
+ *
+ * @param string|Message $title page's title
* @param $msgname string
* @param $injected_html string
*/
- private function displaySuccessfulLogin( $msgname, $injected_html ) {
+ private function displaySuccessfulAction( $title, $msgname, $injected_html ) {
$out = $this->getOutput();
- $out->setPageTitle( $this->msg( 'loginsuccesstitle' ) );
- if( $msgname ){
+ $out->setPageTitle( $title );
+ if ( $msgname ) {
$out->addWikiMsg( $msgname, wfEscapeWikiText( $this->getUser()->getName() ) );
}
@@ -913,6 +959,7 @@ class LoginForm extends SpecialPage {
* User::isBlockedFromCreateAccount(), which gets this block, ignores the 'hardblock'
* setting on blocks (bug 13611).
* @param $block Block the block causing this error
+ * @throws ErrorPageError
*/
function userBlockedMessage( Block $block ) {
# Let's be nice about this, it's likely that this feature will be used
@@ -922,23 +969,15 @@ class LoginForm extends SpecialPage {
# haven't bothered to log out before trying to create an account to
# evade it, but we'll leave that to their guilty conscience to figure
# out.
-
- $out = $this->getOutput();
- $out->setPageTitle( $this->msg( 'cantcreateaccounttitle' ) );
-
- $block_reason = $block->mReason;
- if ( strval( $block_reason ) === '' ) {
- $block_reason = $this->msg( 'blockednoreason' )->text();
- }
-
- $out->addWikiMsg(
+ throw new ErrorPageError(
+ 'cantcreateaccounttitle',
'cantcreateaccount-text',
- $block->getTarget(),
- $block_reason,
- $block->getByName()
+ array(
+ $block->getTarget(),
+ $block->mReason ? $block->mReason : $this->msg( 'blockednoreason' )->text(),
+ $block->getByName()
+ )
);
-
- $this->executeReturnTo( 'error' );
}
/**
@@ -965,14 +1004,22 @@ class LoginForm extends SpecialPage {
$returnToTitle = Title::newMainPage();
}
+ if ( $wgSecureLogin && !$this->mStickHTTPS ) {
+ $options = array( 'http' );
+ $proto = PROTO_HTTP;
+ } elseif( $wgSecureLogin ) {
+ $options = array( 'https' );
+ $proto = PROTO_HTTPS;
+ } else {
+ $options = array();
+ $proto = PROTO_RELATIVE;
+ }
+
if ( $type == 'successredirect' ) {
- $redirectUrl = $returnToTitle->getFullURL( $returnToQuery );
- if( $wgSecureLogin && !$this->mStickHTTPS ) {
- $redirectUrl = preg_replace( '/^https:/', 'http:', $redirectUrl );
- }
+ $redirectUrl = $returnToTitle->getFullURL( $returnToQuery, false, $proto );
$this->getOutput()->redirect( $redirectUrl );
} else {
- $this->getOutput()->addReturnTo( $returnToTitle, $returnToQuery );
+ $this->getOutput()->addReturnTo( $returnToTitle, $returnToQuery, null, $options );
}
}
@@ -983,7 +1030,7 @@ class LoginForm extends SpecialPage {
global $wgEnableEmail, $wgEnableUserEmail;
global $wgHiddenPrefs, $wgLoginLanguageSelector;
global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
- global $wgSecureLogin, $wgPasswordResetRoutes;
+ global $wgSecureLogin, $wgSecureLoginDefaultHTTPS, $wgPasswordResetRoutes;
$titleObj = $this->getTitle();
$user = $this->getUser();
@@ -1003,7 +1050,8 @@ class LoginForm extends SpecialPage {
}
}
- if ( $this->mUsername == '' ) {
+ // Pre-fill username (if not creating an account, bug 44775).
+ if ( $this->mUsername == '' && $this->mType != 'signup' ) {
if ( $user->isLoggedIn() ) {
$this->mUsername = $user->getName();
} else {
@@ -1016,6 +1064,7 @@ class LoginForm extends SpecialPage {
$q = 'action=submitlogin&type=signup';
$linkq = 'type=login';
$linkmsg = 'gotaccount';
+ $this->getOutput()->addModules( 'mediawiki.special.userlogin.signup' );
} else {
$template = new UserloginTemplate();
$q = 'action=submitlogin&type=login';
@@ -1047,6 +1096,11 @@ class LoginForm extends SpecialPage {
$template->set( 'link', '' );
}
+ // Decide if we default stickHTTPS on
+ if ( $wgSecureLoginDefaultHTTPS && $this->mAction != 'submitlogin' && !$this->mLoginattempt ) {
+ $this->mStickHTTPS = true;
+ }
+
$resetLink = $this->mType == 'signup'
? null
: is_array( $wgPasswordResetRoutes ) && in_array( true, array_values( $wgPasswordResetRoutes ) );
@@ -1055,6 +1109,7 @@ class LoginForm extends SpecialPage {
$template->set( 'name', $this->mUsername );
$template->set( 'password', $this->mPassword );
$template->set( 'retype', $this->mRetype );
+ $template->set( 'createemailset', $this->mCreateaccountMail );
$template->set( 'email', $this->mEmail );
$template->set( 'realname', $this->mRealName );
$template->set( 'domain', $this->mDomain );
@@ -1213,15 +1268,21 @@ class LoginForm extends SpecialPage {
* Renew the user's session id, using strong entropy
*/
private function renewSessionId() {
- if ( wfCheckEntropy() ) {
+ global $wgSecureLogin, $wgCookieSecure;
+ if( $wgSecureLogin && !$this->mStickHTTPS ) {
+ $wgCookieSecure = false;
+ }
+
+ // If either we don't trust PHP's entropy, or if we need
+ // to change cookie settings when logging in because of
+ // wpStickHTTPS, then change the session ID manually.
+ $cookieParams = session_get_cookie_params();
+ if ( wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure'] ) {
session_regenerate_id( false );
} else {
- //If we don't trust PHP's entropy, we have to replace the session manually
$tmp = $_SESSION;
- session_unset();
- session_write_close();
- session_id( MWCryptRand::generateHex( 32 ) );
- session_start();
+ session_destroy();
+ wfSetupSession( MWCryptRand::generateHex( 32 ) );
$_SESSION = $tmp;
}
}
@@ -1260,13 +1321,6 @@ class LoginForm extends SpecialPage {
}
/**
- * @private
- */
- function throttleHit( $limit ) {
- $this->mainLoginForm( $this->msg( 'acct_creation_throttle_hit' )->numParams( $limit )->parse() );
- }
-
- /**
* Produce a bar of links which allow the user to select another language
* during login/registration but retain "returnto"
*
@@ -1295,8 +1349,8 @@ class LoginForm extends SpecialPage {
* Create a language selector link for a particular language
* Links back to this page preserving type and returnto
*
- * @param $text Link text
- * @param $lang Language code
+ * @param string $text Link text
+ * @param string $lang Language code
* @return string
*/
function makeLanguageSelectorLink( $text, $lang ) {
@@ -1324,4 +1378,8 @@ class LoginForm extends SpecialPage {
$query
);
}
+
+ protected function getGroupName() {
+ return 'login';
+ }
}