dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove unused local variables
[lhc/web/wiklou.git] / includes / api / ApiCreateAccount.php
1 <?php
2 /**
3 * Created on August 7, 2012
4 *
5 * Copyright © 2012 Tyler Romeo <tylerromeo@gmail.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 * http://www.gnu.org/copyleft/gpl.html
21 *
22 * @file
23 */
24
25 /**
26 * Unit to authenticate account registration attempts to the current wiki.
27 *
28 * @ingroup API
29 */
30 class ApiCreateAccount extends ApiBase {
31 public function execute() {
32
33 // $loginForm->addNewaccountInternal will throw exceptions
34 // if wiki is read only (already handled by api), user is blocked or does not have rights.
35 // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
36 $loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
37 if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
38 $this->dieUsage( 'You do not have the right to create a new account', 'permdenied-createaccount' );
39 }
40 if ( $this->getUser()->isBlockedFromCreateAccount() ) {
41 $this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
42 }
43
44 $params = $this->extractRequestParams();
45
46 // Init session if necessary
47 if ( session_id() == '' ) {
48 wfSetupSession();
49 }
50
51 if( $params['mailpassword'] && !$params['email'] ) {
52 $this->dieUsageMsg( 'noemail' );
53 }
54
55 $context = new DerivativeContext( $this->getContext() );
56 $context->setRequest( new DerivativeRequest(
57 $this->getContext()->getRequest(),
58 array(
59 'type' => 'signup',
60 'uselang' => $params['language'],
61 'wpName' => $params['name'],
62 'wpPassword' => $params['password'],
63 'wpRetype' => $params['password'],
64 'wpDomain' => $params['domain'],
65 'wpEmail' => $params['email'],
66 'wpRealName' => $params['realname'],
67 'wpCreateaccountToken' => $params['token'],
68 'wpCreateaccount' => $params['mailpassword'] ? null : '1',
69 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
70 )
71 ) );
72
73 $loginForm = new LoginForm();
74 $loginForm->setContext( $context );
75 $loginForm->load();
76
77 $status = $loginForm->addNewaccountInternal();
78 $result = array();
79 if( $status->isGood() ) {
80 // Success!
81 $user = $status->getValue();
82
83 // If we showed up language selection links, and one was in use, be
84 // smart (and sensible) and save that language as the user's preference
85 global $wgLoginLanguageSelector, $wgEmailAuthentication;
86 if( $wgLoginLanguageSelector && $params['language'] ) {
87 $user->setOption( 'language', $params['language'] );
88 }
89
90 if( $params['mailpassword'] ) {
91 // If mailpassword was set, disable the password and send an email.
92 $user->setPassword( null );
93 $status->merge( $loginForm->mailPasswordInternal( $user, false, 'createaccount-title', 'createaccount-text' ) );
94 } elseif( $wgEmailAuthentication && Sanitizer::validateEmail( $user->getEmail() ) ) {
95 // Send out an email authentication message if needed
96 $status->merge( $user->sendConfirmationMail() );
97 }
98
99 // Save settings (including confirmation token)
100 $user->saveSettings();
101
102 wfRunHooks( 'AddNewAccount', array( $user, $params['mailpassword'] ) );
103
104 if ( $params['mailpassword'] ) {
105 $logAction = 'byemail';
106 } elseif ( $this->getUser()->isLoggedIn() ) {
107 $logAction = 'create2';
108 } else {
109 $logAction = 'create';
110 }
111 $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
112
113 // Add username, id, and token to result.
114 $result['username'] = $user->getName();
115 $result['userid'] = $user->getId();
116 $result['token'] = $user->getToken();
117 }
118
119 $apiResult = $this->getResult();
120
121 if( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
122 // Token was incorrect, so add it to result, but don't throw an exception
123 // since not having the correct token is part of the normal
124 // flow of events.
125 $result['token'] = LoginForm::getCreateaccountToken();
126 $result['result'] = 'needtoken';
127 } elseif( !$status->isOK() ) {
128 // There was an error. Die now.
129 // Cannot use dieUsageMsg() directly because extensions
130 // might return custom error messages.
131 $errors = $status->getErrorsArray();
132 if( $errors[0] instanceof Message ) {
133 $code = 'aborted';
134 $desc = $errors[0];
135 } else {
136 $code = array_shift( $errors[0] );
137 $desc = wfMessage( $code, $errors[0] );
138 }
139 $this->dieUsage( $desc, $code );
140 } elseif( !$status->isGood() ) {
141 // Status is not good, but OK. This means warnings.
142 $result['result'] = 'warning';
143
144 // Add any warnings to the result
145 $warnings = $status->getErrorsByType( 'warning' );
146 if( $warnings ) {
147 foreach( $warnings as &$warning ) {
148 $apiResult->setIndexedTagName( $warning['params'], 'param' );
149 }
150 $apiResult->setIndexedTagName( $warnings, 'warning' );
151 $result['warnings'] = $warnings;
152 }
153 } else {
154 // Everything was fine.
155 $result['result'] = 'success';
156 }
157
158 $apiResult->addValue( null, 'createaccount', $result );
159 }
160
161 public function getDescription() {
162 return 'Create a new user account.';
163 }
164
165 public function mustBePosted() {
166 return true;
167 }
168
169 public function isReadMode() {
170 return false;
171 }
172
173 public function isWriteMode() {
174 return true;
175 }
176
177 public function getAllowedParams() {
178 global $wgEmailConfirmToEdit;
179 return array(
180 'name' => array(
181 ApiBase::PARAM_TYPE => 'user',
182 ApiBase::PARAM_REQUIRED => true
183 ),
184 'password' => null,
185 'domain' => null,
186 'token' => null,
187 'email' => array(
188 ApiBase::PARAM_TYPE => 'string',
189 ApiBase::PARAM_REQUIRED => $wgEmailConfirmToEdit
190 ),
191 'realname' => null,
192 'mailpassword' => array(
193 ApiBase::PARAM_TYPE => 'boolean',
194 ApiBase::PARAM_DFLT => false
195 ),
196 'reason' => null,
197 'language' => null
198 );
199 }
200
201 public function getParamDescription() {
202 $p = $this->getModulePrefix();
203 return array(
204 'name' => 'Username',
205 'password' => "Password (ignored if {$p}mailpassword is set)",
206 'domain' => 'Domain for external authentication (optional)',
207 'token' => 'Account creation token obtained in first request',
208 'email' => 'Email address of user (optional)',
209 'realname' => 'Real name of user (optional)',
210 'mailpassword' => 'If set to any value, a random password will be emailed to the user',
211 'reason' => 'Optional reason for creating the account to be put in the logs',
212 'language' => 'Language code to set as default for the user (optional, defaults to content language)'
213 );
214 }
215
216 public function getResultProperties() {
217 return array(
218 'createaccount' => array(
219 'result' => array(
220 ApiBase::PROP_TYPE => array(
221 'success',
222 'warning',
223 'needtoken'
224 )
225 ),
226 'username' => array(
227 ApiBase::PROP_TYPE => 'string',
228 ApiBase::PROP_NULLABLE => true
229 ),
230 'userid' => array(
231 ApiBase::PROP_TYPE => 'int',
232 ApiBase::PROP_NULLABLE => true
233 ),
234 'token' => array(
235 ApiBase::PROP_TYPE => 'string',
236 ApiBase::PROP_NULLABLE => true
237 ),
238 )
239 );
240 }
241
242 public function getPossibleErrors() {
243 // Note the following errors aren't possible and don't need to be listed:
244 // sessionfailure, nocookiesfornew, badretype
245 $localErrors = array(
246 'wrongpassword', // Actually caused by wrong domain field. Riddle me that...
247 'sorbs_create_account_reason',
248 'noname',
249 'userexists',
250 'password-name-match', // from User::getPasswordValidity
251 'password-login-forbidden', // from User::getPasswordValidity
252 'noemailtitle',
253 'invalidemailaddress',
254 'externaldberror',
255 'acct_creation_throttle_hit',
256 );
257
258 $errors = parent::getPossibleErrors();
259 // All local errors are from LoginForm, which means they're actually message keys.
260 foreach( $localErrors as $error ) {
261 $errors[] = array( 'code' => $error, 'info' => wfMessage( $error )->parse() );
262 }
263
264 $errors[] = array(
265 'code' => 'permdenied-createaccount',
266 'info' => 'You do not have the right to create a new account'
267 );
268 $errors[] = array(
269 'code' => 'blocked',
270 'info' => 'You cannot create a new account because you are blocked'
271 );
272 $errors[] = array(
273 'code' => 'aborted',
274 'info' => 'Account creation aborted by hook (info may vary)'
275 );
276
277 // 'passwordtooshort' has parameters. :(
278 global $wgMinimalPasswordLength;
279 $errors[] = array(
280 'code' => 'passwordtooshort',
281 'info' => wfMessage( 'passwordtooshort', $wgMinimalPasswordLength )->parse()
282 );
283 return $errors;
284 }
285
286 public function getExamples() {
287 return array(
288 'api.php?action=createaccount&name=testuser&password=test123',
289 'api.php?action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason',
290 );
291 }
292
293 public function getHelpUrls() {
294 return 'https://www.mediawiki.org/wiki/API:Account_creation';
295 }
296 }
Wiklou, le Wiki du Wiklou