dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Commit JeLuF's register_globals fixes, first phase
[lhc/web/wiklou.git] / includes / SpecialUserlogin.php
1 <?
2
3 function wfSpecialUserlogin()
4 {
5 global $wpCreateaccount, $wpCreateaccountMail;
6 global $wpLoginattempt, $wpMailmypassword;
7 global $action;
8 $wpCreateaccount = $_REQUEST["wpCreateaccount"];
9 $wpCreateaccountMail = $_REQUEST["wpCreateaccountMail"];
10 $wpLoginattempt = $_REQUEST["wpLoginattempt"];
11 $wpMailmypassword = $_REQUEST["wpMailmypassword"];
12
13 $fields = array( "wpName", "wpPassword", "wpName",
14 "wpPassword", "wpRetype", "wpEmail" );
15 wfCleanFormFields( $fields );
16
17 if ( isset( $wpCreateaccount ) ) {
18 addNewAccount();
19 } else if ( isset( $wpCreateaccountMail ) ) {
20 addNewAccountMailPassword();
21 } else if ( isset( $wpMailmypassword ) ) {
22 mailPassword();
23 } else if ( "submit" == $action || isset( $wpLoginattempt ) ) {
24 processLogin();
25 } else {
26 mainLoginForm( "" );
27 }
28 }
29
30
31 /* private */ function addNewAccountMailPassword()
32 {
33 global $wgOut, $wpEmail, $wpName;
34 $wpEmail = $_REQUEST["wpEmail"];
35 $wpName = $_REQUEST["wpName"];
36
37 if ("" == $wpEmail) {
38 mainLoginForm( wfMsg( "noemail", $wpName ) );
39 return;
40 }
41
42 $u = addNewaccountInternal();
43
44 if ($u == NULL) {
45 return;
46 }
47
48 $u->saveSettings();
49 if (mailPasswordInternal($u) == NULL)
50 {
51 return;
52 }
53
54 $wgOut->setPageTitle( wfMsg( "accmailtitle" ) );
55 $wgOut->setRobotpolicy( "noindex,nofollow" );
56 $wgOut->setArticleFlag( false );
57
58 $wgOut->addWikiText( wfMsg( "accmailtext", $u->getName(), $u->getEmail() ) );
59 $wgOut->returnToMain( false );
60
61 $u = 0;
62 }
63
64
65 /* private */ function addNewAccount()
66 {
67 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
68 global $wpEmail, $wgDeferredUpdateList;
69 $wpPassword = $_REQUEST["wpPassword"];
70 $wpRetype = $_REQUEST["wpRetype"];
71 $wpName = $_REQUEST["wpName"];
72 $wpRemember = $_REQUEST["wpRemember"];
73 $wpEmail = $_REQUEST["wpEmail"];
74
75 $u = addNewAccountInternal();
76
77 if ($u == NULL) {
78 return;
79 }
80
81 $wgUser = $u;
82 successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
83 }
84
85
86 /* private */ function addNewAccountInternal()
87 {
88 global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
89 global $wpEmail, $wgDeferredUpdateList;
90
91 if (!cookieCheck()) {
92 return;
93 }
94
95
96 if (!$wgUser->isAllowedToCreateAccount()) {
97 userNotPrivilegedMessage();
98 return;
99 }
100
101 if ( 0 != strcmp( $wpPassword, $wpRetype ) ) {
102 mainLoginForm( wfMsg( "badretype" ) );
103 return;
104 }
105 $wpName = trim( $wpName );
106 if ( ( "" == $wpName ) ||
107 preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $wpName ) ||
108 (strpos( $wpName, "/" ) !== false) )
109 {
110 mainLoginForm( wfMsg( "noname" ) );
111 return;
112 }
113 if ( wfReadOnly() ) {
114 $wgOut->readOnlyPage();
115 return;
116 }
117 $u = User::newFromName( $wpName );
118
119 if ( 0 != $u->idForName() ) {
120 mainLoginForm( wfMsg( "userexists" ) );
121 return;
122 }
123 $u->addToDatabase();
124 $u->setPassword( $wpPassword );
125 $u->setEmail( $wpEmail );
126 if ( 1 == $wpRemember ) { $r = 1; }
127 else { $r = 0; }
128 $u->setOption( "rememberpassword", $r );
129
130 return $u;
131 }
132
133
134
135
136 /* private */ function processLogin()
137 {
138 global $wgUser, $wpName, $wpPassword, $wpRemember;
139 global $returnto;
140 $wpPassword = $_REQUEST["wpPassword"];
141 $wpName = $_REQUEST["wpName"];
142 $wpRemember = $_REQUEST["wpRemember"];
143
144 if (!cookieCheck()) {
145 return;
146 }
147
148 if ( "" == $wpName ) {
149 mainLoginForm( wfMsg( "noname" ) );
150 return;
151 }
152 $u = User::newFromName( $wpName );
153 $id = $u->idForName();
154 if ( 0 == $id ) {
155 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
156 return;
157 }
158 $u->setId( $id );
159 $u->loadFromDatabase();
160 $ep = $u->encryptPassword( $wpPassword );
161 if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
162 if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
163 mainLoginForm( wfMsg( "wrongpassword" ) );
164 return;
165 }
166 }
167
168 # We've verified now, update the real record
169 #
170 if ( 1 == $wpRemember ) {
171 $r = 1;
172 $u->setCookiePassword( $wpPassword );
173 } else {
174 $r = 0;
175 }
176 $u->setOption( "rememberpassword", $r );
177
178 $wgUser = $u;
179 successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
180 }
181
182 /* private */ function mailPassword()
183 {
184 global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
185 global $wgCookiePath, $wgCookieDomain, $wgDBname;
186
187 if ( "" == $wpName ) {
188 mainLoginForm( wfMsg( "noname" ) );
189 return;
190 }
191 $u = User::newFromName( $wpName );
192 $id = $u->idForName();
193 if ( 0 == $id ) {
194 mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
195 return;
196 }
197 $u->setId( $id );
198 $u->loadFromDatabase();
199
200 if (mailPasswordInternal($u) == NULL) {
201 return;
202 }
203
204 mainLoginForm( wfMsg( "passwordsent", $u->getName() ) );
205 }
206
207
208 /* private */ function mailPasswordInternal( $u )
209 {
210 global $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
211 global $wgPasswordSender;
212
213 if ( "" == $u->getEmail() ) {
214 mainLoginForm( wfMsg( "noemail", $u->getName() ) );
215 return;
216 }
217 $np = User::randomPassword();
218 $u->setNewpassword( $np );
219
220 setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
221 $u->saveSettings();
222
223 $ip = getenv( "REMOTE_ADDR" );
224 if ( "" == $ip ) { $ip = "(Unknown)"; }
225
226 $m = wfMsg( "passwordremindertext", $ip, $u->getName(), $np );
227
228 mail( $u->getEmail(), wfMsg( "passwordremindertitle" ), $m,
229 "MIME-Version: 1.0\r\n" .
230 "Content-type: text/plain; charset={$wgOutputEncoding}\r\n" .
231 "Content-transfer-encoding: 8bit\r\n" .
232 "From: $wgPasswordSender" );
233
234 return $u;
235 }
236
237
238
239
240
241 /* private */ function successfulLogin( $msg )
242 {
243 global $wgUser, $wgOut, $returnto;
244 global $wgDeferredUpdateList;
245
246 $wgUser->setCookies();
247 $up = new UserUpdate();
248 array_push( $wgDeferredUpdateList, $up );
249
250 $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
251 $wgOut->setRobotpolicy( "noindex,nofollow" );
252 $wgOut->setArticleFlag( false );
253 $wgOut->addHTML( $msg . "\n<p>" );
254 $wgOut->returnToMain();
255 }
256
257
258
259
260
261 function userNotPrivilegedMessage()
262 {
263 global $wgOut, $wgUser, $wgLang;
264
265 $wgOut->setPageTitle( wfMsg( "whitelistacctitle" ) );
266 $wgOut->setRobotpolicy( "noindex,nofollow" );
267 $wgOut->setArticleFlag( false );
268
269 $wgOut->addWikiText( wfMsg( "whitelistacctext" ) );
270 $wgOut->returnToMain( false );
271 }
272
273
274
275
276 /* private */ function mainLoginForm( $err )
277 {
278 global $wgUser, $wgOut, $wgLang, $returnto;
279 global $wpName, $wpPassword, $wpRetype, $wpRemember;
280 global $wpEmail, $HTTP_COOKIE_VARS, $wgDBname;
281
282 $le = wfMsg( "loginerror" );
283 $yn = wfMsg( "yourname" );
284 $yp = wfMsg( "yourpassword" );
285 $ypa = wfMsg( "yourpasswordagain" );
286 $rmp = wfMsg( "remembermypassword" );
287 $ayn = wfMsg( "areyounew" );
288 $nuo = wfMsg( "newusersonly" );
289 $li = wfMsg( "login" );
290 $ca = wfMsg( "createaccount" );
291 $cam = wfMsg( "createaccountmail" );
292 $ye = wfMsg( "youremail" );
293 $efl = wfMsg( "emailforlost" );
294 $mmp = wfMsg( "mailmypassword" );
295
296 $name = $wpName;
297 if ( "" == $name ) {
298 if ( 0 != $wgUser->getID() ) {
299 $name = $wgUser->getName();
300 } else {
301 $name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
302 }
303 }
304 $pwd = $wpPassword;
305
306 $wgOut->setPageTitle( wfMsg( "userlogin" ) );
307 $wgOut->setRobotpolicy( "noindex,nofollow" );
308 $wgOut->setArticleFlag( false );
309
310 if ( "" == $err ) {
311 $wgOut->addHTML( "<h2>$li:</h2>\n" );
312 } else {
313 $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
314 color='red'>$err</font>\n" );
315 }
316 if ( 1 == $wgUser->getOption( "rememberpassword" ) ) {
317 $checked = " checked";
318 } else {
319 $checked = "";
320 }
321 $q = "action=submit";
322 if ( "" != $returnto ) { $q .= "&returnto=" . wfUrlencode($returnto); }
323 $action = wfLocalUrlE( $wgLang->specialPage( "Userlogin" ), $q );
324
325 $wpName = wfEscapeHTML( $wpName );
326 $wpPassword = wfEscapeHTML( $wpPassword );
327 $wpRetype = wfEscapeHTML( $wpRetype );
328 $wpEmail = wfEscapeHTML( $wpEmail );
329
330 if ($wgUser->getID() != 0) {
331 $cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
332 }
333
334 $wgOut->addHTML( "
335 <form name=\"userlogin\" id=\"userlogin\" method=\"post\" action=\"{$action}\">
336 <table border=0><tr>
337 <td align=right>$yn:</td>
338 <td colspan=2 align=left>
339 <input tabindex=1 type=text name=\"wpName\" value=\"{$name}\" size=20>
340 </td></tr><tr>
341 <td align=right>$yp:</td>
342 <td align=left>
343 <input tabindex=2 type=password name=\"wpPassword\" value=\"{$pwd}\" size=20>
344 </td>
345 <td align=left>
346 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
347 </td></tr>");
348
349 if ($wgUser->isAllowedToCreateAccount()) {
350
351 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
352 <td align=right>$ypa:</td>
353 <td align=left>
354 <input tabindex=4 type=password name=\"wpRetype\" value=\"{$wpRetype}\"
355 size=20>
356 </td><td>$nuo</td></tr>
357 <tr>
358 <td align=right>$ye:</td>
359 <td align=left>
360 <input tabindex=5 type=text name=\"wpEmail\" value=\"{$wpEmail}\" size=20>
361 </td><td align=left>
362 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
363 $cambutton
364 </td></tr>");
365 }
366
367 $wgOut->addHTML("
368 <tr>
369 <td colspan=3 align=left>
370 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
371 </td></tr>
372 <tr><td colspan=3>&nbsp;</td></tr><tr>
373 <td colspan=3 align=left>
374 <p>$efl<br>
375 <input tabindex=8 type=submit name=\"wpMailmypassword\" value=\"{$mmp}\">
376 </td></tr></table>
377 </form>\n" );
378
379
380
381 }
382
383 /* private */ function cookieCheck() {
384
385 global $HTTP_COOKIE_VARS, $wgOut, $returnto;
386 global $wgDisableCookieCheck;
387
388 if ( $wgDisableCookieCheck ) {
389 return true;
390 }
391
392 # XXX: kind of crude check to see if cookies are enabled, but it works OK
393
394 if ( "" == $HTTP_COOKIE_VARS[session_name()])
395 {
396 # Don't go back to login page; they won't get time to
397 # enable cookies and send us one, so they'll get this msg again. Instead,
398 # let them enable cookies on the error page, then go back to login page.
399 # XXX: wipes returnto, unfortunately.
400
401 $returnto = "Special:Userlogin";
402 $wgOut->errorpage( "nocookies", "nocookiestext" );
403 return false;
404 }
405
406 return true;
407 }
408
409 ?>
Wiklou, le Wiki du Wiklou