Instead of just giving an error message on login if a session cookie

is not detected, we now do a redirect. Some scripts and other tools go
straight to the login page, so they wouldn't have a cookie. If the
redirect cookie check fails, returns an appropriate message for new
accounts or for login.

Also, added two new messages to the language file, for cookie-check errors.

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index f84f640..fbe1e50 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -4,13 +4,17 @@ function wfSpecialUserlogin()
 {
        global $wpCreateaccount, $wpCreateaccountMail;
        global $wpLoginattempt, $wpMailmypassword;
-       global $action;
+       global $action, $_REQUEST;
 
        $fields = array( "wpName", "wpPassword", "wpName",
          "wpPassword", "wpRetype", "wpEmail" );
        wfCleanFormFields( $fields );
 
-       if ( isset( $wpCreateaccount ) ) {
+        $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
+
+       if ( isset( $wpCookieCheck ) ) {
+                onCookieRedirectCheck( $wpCookieCheck );
+        } else if ( isset( $wpCreateaccount ) ) {
                addNewAccount();
        } else if ( isset( $wpCreateaccountMail ) ) {
                addNewAccountMailPassword();
@@ -68,18 +72,23 @@ function wfSpecialUserlogin()
        }
 
        $wgUser = $u;
-       successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
+        $wgUser->setCookies();
+
+        $up = new UserUpdate();
+        array_push( $wgDeferredUpdateList, $up );
+  
+        if (hasSessionCookie()) {
+            return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
+        } else {
+            return cookieRedirectCheck("new");
+        }
 }
 
 
 /* private */ function addNewAccountInternal()
 {
        global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
-       global $wpEmail, $wgDeferredUpdateList;
-
-        if (!cookieCheck()) {
-                return;
-        }
+       global $wpEmail;
 
        if (!$wgUser->isAllowedToCreateAccount()) {
                userNotPrivilegedMessage();
@@ -124,12 +133,9 @@ function wfSpecialUserlogin()
 /* private */ function processLogin()
 {
        global $wgUser, $wpName, $wpPassword, $wpRemember;
+        global $wgDeferredUpdateList;
        global $returnto;
 
-        if (!cookieCheck()) {
-                return;
-        }
-
        if ( "" == $wpName ) {
                mainLoginForm( wfMsg( "noname" ) );
                return;
@@ -161,7 +167,16 @@ function wfSpecialUserlogin()
        $u->setOption( "rememberpassword", $r );
 
        $wgUser = $u;
-       successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+        $wgUser->setCookies();
+
+        $up = new UserUpdate();
+        array_push( $wgDeferredUpdateList, $up );
+  
+        if (hasSessionCookie()) {
+           return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+        } else {
+            return cookieRedirectCheck( "login" );
+        }
 }
 
 /* private */ function mailPassword()
@@ -225,24 +240,17 @@ function wfSpecialUserlogin()
 
 /* private */ function successfulLogin( $msg )
 {
-       global $wgUser, $wgOut, $returnto;
-       global $wgDeferredUpdateList;
-
-       $wgUser->setCookies();
-       $up = new UserUpdate();
-       array_push( $wgDeferredUpdateList, $up );
-
-       $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
-       $wgOut->setRobotpolicy( "noindex,nofollow" );
-       $wgOut->setArticleFlag( false );
-       $wgOut->addHTML( $msg . "\n<p>" );
-       $wgOut->returnToMain();
+  global $wgUser;
+  global $wgDeferredUpdateList;
+  global $wgOut, $returnto;
+
+  $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
+  $wgOut->setRobotpolicy( "noindex,nofollow" );
+  $wgOut->setArticleFlag( false );
+  $wgOut->addHTML( $msg . "\n<p>" );
+  $wgOut->returnToMain();
 }
 
-
-
-
-
 function userNotPrivilegedMessage()
 {
        global $wgOut, $wgUser, $wgLang;
@@ -255,9 +263,6 @@ function userNotPrivilegedMessage()
        $wgOut->returnToMain( false );
 }
 
-
-
-
 /* private */ function mainLoginForm( $err )
 {
        global $wgUser, $wgOut, $wgLang, $returnto;
@@ -293,7 +298,8 @@ function userNotPrivilegedMessage()
        $wgOut->setArticleFlag( false );
 
        if ( "" == $err ) {
-               $wgOut->addHTML( "<h2>$li:</h2>\n" );
+                $lp = wfMsg( "loginprompt" );
+               $wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
        } else {
                $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1' 
 color='red'>$err</font>\n" );
@@ -365,30 +371,41 @@ $cambutton
 
 }
 
-/* private */ function cookieCheck() {
-
-       global $HTTP_COOKIE_VARS, $wgOut, $returnto;
-       global $wgDisableCookieCheck;
-
-       if ( $wgDisableCookieCheck ) {
-               return true;
-       }
+/* private */ function hasSessionCookie()
+{
+  global $HTTP_COOKIE_VARS;
+  global $wgDisableCookieCheck;
+  
+  return ( $wgDisableCookieCheck ) ? true : ( "" != $HTTP_COOKIE_VARS[session_name()]);
+}
+  
+/* private */ function cookieRedirectCheck( $type )
+{
+  global $wgOut, $wgLang;
 
-       # XXX: kind of crude check to see if cookies are enabled, but it works OK
+  $check = wfLocalUrl( $wgLang->specialPage( "Userlogin" ),
+                       "wpCookieCheck=$type" );
 
-       if ( "" == $HTTP_COOKIE_VARS[session_name()])
-       {
-               # Don't go back to login page; they won't get time to
-               # enable cookies and send us one, so they'll get this msg again. Instead, 
-               # let them enable cookies on the error page, then go back to login page.
-               # XXX: wipes returnto, unfortunately.
-
-               $returnto = "Special:Userlogin";                
-               $wgOut->errorpage( "nocookies", "nocookiestext" );
-               return false;
-       }
+  return $wgOut->redirect( $check );
+}
 
-       return true;
+/* private */ function onCookieRedirectCheck( $type ) {
+
+  global $wgUser;
+
+  if (!hasSessionCookie()) {
+    if ( $type == "new" ) {
+      return mainLoginForm( wfMsg( "nocookiesnew" ) );
+    } else if ( $type == "login" ) {
+      return mainLoginForm( wfMsg( "nocookieslogin" ) );
+    } else {
+# shouldn't happen
+      return mainLoginForm( wfMsg( "error" ) );
+    }
+  } else {
+    return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+  }
 }
 
+
 ?>

diff --git a/languages/Language.php b/languages/Language.php
index b650364..16c4c89 100644 (file)
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -544,6 +544,7 @@ Your e-mail address is optional; if you lose your password you can request
 that it be to the address you give.<br>\n",
 
 "login"                        => "Log in",
+"loginprompt"           => "You must have cookies enabled to log in to $wgSitename.",
 "userlogin"            => "Log in",
 "logout"               => "Log out",
 "userlogout"   => "Log out",
@@ -559,8 +560,8 @@ contact you through the website without you having to reveal your
 email address to them, and it also helps you if you forget your   
 password.",
 "loginerror"   => "Login error",
-"nocookies"    => "Cookies disabled",
-"nocookiestext"        => "The wiki uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
+"nocookiesnew" => "The user account was created, but you are not logged in. $wgSitename uses cookies to log in users. You have cookies disabled. Please enable them, then log in with your new username and password.",
+"nocookieslogin"       => "$wgSitename uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
 "noname"               => "You have not specified a valid user name.",
 "loginsuccesstitle" => "Login successful",
 "loginsuccess" => "You are now logged in to $wgSitename as \"$1\".",