From 9ead07fe9ca52e2b78900bd3f58241cb352fc031 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evanprodromou@users.mediawiki.org>
Date: Sat, 29 Nov 2003 18:34:08 +0000
Subject: [PATCH] Instead of just giving an error message on login if a session
 cookie is not detected, we now do a redirect. Some scripts and other tools go
 straight to the login page, so they wouldn't have a cookie. If the redirect
 cookie check fails, returns an appropriate message for new accounts or for
 login.

Also, added two new messages to the language file, for cookie-check errors.
---
 includes/SpecialUserlogin.php | 125 +++++++++++++++++++---------------
 languages/Language.php        |   5 +-
 2 files changed, 74 insertions(+), 56 deletions(-)

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index f84f640224..fbe1e50c7f 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -4,13 +4,17 @@ function wfSpecialUserlogin()
 {
 	global $wpCreateaccount, $wpCreateaccountMail;
 	global $wpLoginattempt, $wpMailmypassword;
-	global $action;
+	global $action, $_REQUEST;
 
 	$fields = array( "wpName", "wpPassword", "wpName",
 	  "wpPassword", "wpRetype", "wpEmail" );
 	wfCleanFormFields( $fields );
 
-	if ( isset( $wpCreateaccount ) ) {
+        $wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
+
+	if ( isset( $wpCookieCheck ) ) {
+                onCookieRedirectCheck( $wpCookieCheck );
+        } else if ( isset( $wpCreateaccount ) ) {
 		addNewAccount();
 	} else if ( isset( $wpCreateaccountMail ) ) {
 		addNewAccountMailPassword();
@@ -68,18 +72,23 @@ function wfSpecialUserlogin()
 	}
 
 	$wgUser = $u;
-	successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
+        $wgUser->setCookies();
+
+        $up = new UserUpdate();
+        array_push( $wgDeferredUpdateList, $up );
+  
+        if (hasSessionCookie()) {
+            return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
+        } else {
+            return cookieRedirectCheck("new");
+        }
 }
 
 
 /* private */ function addNewAccountInternal()
 {
 	global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
-	global $wpEmail, $wgDeferredUpdateList;
-
-        if (!cookieCheck()) {
-                return;
-        }
+	global $wpEmail;
 
 	if (!$wgUser->isAllowedToCreateAccount()) {
 		userNotPrivilegedMessage();
@@ -124,12 +133,9 @@ function wfSpecialUserlogin()
 /* private */ function processLogin()
 {
 	global $wgUser, $wpName, $wpPassword, $wpRemember;
+        global $wgDeferredUpdateList;
 	global $returnto;
 
-        if (!cookieCheck()) {
-                return;
-        }
-
 	if ( "" == $wpName ) {
 		mainLoginForm( wfMsg( "noname" ) );
 		return;
@@ -161,7 +167,16 @@ function wfSpecialUserlogin()
 	$u->setOption( "rememberpassword", $r );
 
 	$wgUser = $u;
-	successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+        $wgUser->setCookies();
+
+        $up = new UserUpdate();
+        array_push( $wgDeferredUpdateList, $up );
+  
+        if (hasSessionCookie()) {
+	    return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+        } else {
+            return cookieRedirectCheck( "login" );
+        }
 }
 
 /* private */ function mailPassword()
@@ -225,24 +240,17 @@ function wfSpecialUserlogin()
 
 /* private */ function successfulLogin( $msg )
 {
-	global $wgUser, $wgOut, $returnto;
-	global $wgDeferredUpdateList;
-
-	$wgUser->setCookies();
-	$up = new UserUpdate();
-	array_push( $wgDeferredUpdateList, $up );
-
-	$wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
-	$wgOut->setRobotpolicy( "noindex,nofollow" );
-	$wgOut->setArticleFlag( false );
-	$wgOut->addHTML( $msg . "\n<p>" );
-	$wgOut->returnToMain();
+  global $wgUser;
+  global $wgDeferredUpdateList;
+  global $wgOut, $returnto;
+
+  $wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
+  $wgOut->setRobotpolicy( "noindex,nofollow" );
+  $wgOut->setArticleFlag( false );
+  $wgOut->addHTML( $msg . "\n<p>" );
+  $wgOut->returnToMain();
 }
 
-
-
-
-
 function userNotPrivilegedMessage()
 {
 	global $wgOut, $wgUser, $wgLang;
@@ -255,9 +263,6 @@ function userNotPrivilegedMessage()
 	$wgOut->returnToMain( false );
 }
 
-
-
-
 /* private */ function mainLoginForm( $err )
 {
 	global $wgUser, $wgOut, $wgLang, $returnto;
@@ -293,7 +298,8 @@ function userNotPrivilegedMessage()
 	$wgOut->setArticleFlag( false );
 
 	if ( "" == $err ) {
-		$wgOut->addHTML( "<h2>$li:</h2>\n" );
+                $lp = wfMsg( "loginprompt" );
+		$wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
 	} else {
 		$wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1' 
 color='red'>$err</font>\n" );
@@ -365,30 +371,41 @@ $cambutton
 
 }
 
-/* private */ function cookieCheck() {
-
-	global $HTTP_COOKIE_VARS, $wgOut, $returnto;
-	global $wgDisableCookieCheck;
-
-	if ( $wgDisableCookieCheck ) {
-		return true;
-	}
+/* private */ function hasSessionCookie()
+{
+  global $HTTP_COOKIE_VARS;
+  global $wgDisableCookieCheck;
+  
+  return ( $wgDisableCookieCheck ) ? true : ( "" != $HTTP_COOKIE_VARS[session_name()]);
+}
+  
+/* private */ function cookieRedirectCheck( $type )
+{
+  global $wgOut, $wgLang;
 
-	# XXX: kind of crude check to see if cookies are enabled, but it works OK
+  $check = wfLocalUrl( $wgLang->specialPage( "Userlogin" ),
+                       "wpCookieCheck=$type" );
 
-	if ( "" == $HTTP_COOKIE_VARS[session_name()])
-	{
-		# Don't go back to login page; they won't get time to
-		# enable cookies and send us one, so they'll get this msg again. Instead, 
-		# let them enable cookies on the error page, then go back to login page.
-		# XXX: wipes returnto, unfortunately.
-
-		$returnto = "Special:Userlogin";                
-		$wgOut->errorpage( "nocookies", "nocookiestext" );
-		return false;
-	}
+  return $wgOut->redirect( $check );
+}
 
-	return true;
+/* private */ function onCookieRedirectCheck( $type ) {
+
+  global $wgUser;
+
+  if (!hasSessionCookie()) {
+    if ( $type == "new" ) {
+      return mainLoginForm( wfMsg( "nocookiesnew" ) );
+    } else if ( $type == "login" ) {
+      return mainLoginForm( wfMsg( "nocookieslogin" ) );
+    } else {
+# shouldn't happen
+      return mainLoginForm( wfMsg( "error" ) );
+    }
+  } else {
+    return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
+  }
 }
 
+
 ?>
diff --git a/languages/Language.php b/languages/Language.php
index b650364159..16c4c89c30 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -544,6 +544,7 @@ Your e-mail address is optional; if you lose your password you can request
 that it be to the address you give.<br>\n",
 
 "login"			=> "Log in",
+"loginprompt"           => "You must have cookies enabled to log in to $wgSitename.",
 "userlogin"		=> "Log in",
 "logout"		=> "Log out",
 "userlogout"	=> "Log out",
@@ -559,8 +560,8 @@ contact you through the website without you having to reveal your
 email address to them, and it also helps you if you forget your   
 password.",
 "loginerror"	=> "Login error",
-"nocookies"	=> "Cookies disabled",
-"nocookiestext"	=> "The wiki uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
+"nocookiesnew"	=> "The user account was created, but you are not logged in. $wgSitename uses cookies to log in users. You have cookies disabled. Please enable them, then log in with your new username and password.",
+"nocookieslogin"	=> "$wgSitename uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
 "noname"		=> "You have not specified a valid user name.",
 "loginsuccesstitle" => "Login successful",
 "loginsuccess"	=> "You are now logged in to $wgSitename as \"$1\".",
-- 
2.20.1