}
if ( $config->get( 'UserEmailUseReplyTo' ) ) {
- // Put the generic wiki autogenerated address in the From:
- // header and reserve the user for Reply-To.
- //
- // This is a bit ugly, but will serve to differentiate
- // wiki-borne mails from direct mails and protects against
- // SPF and bounce problems with some mailers (see below).
+ /**
+ * Put the generic wiki autogenerated address in the From:
+ * header and reserve the user for Reply-To.
+ *
+ * This is a bit ugly, but will serve to differentiate
+ * wiki-borne mails from direct mails and protects against
+ * SPF and bounce problems with some mailers (see below).
+ */
$mailFrom = new MailAddress( $config->get( 'PasswordSender' ),
wfMessage( 'emailsender' )->inContentLanguage()->text() );
$replyTo = $from;
} else {
- // Put the sending user's e-mail address in the From: header.
- //
- // This is clean-looking and convenient, but has issues.
- // One is that it doesn't as clearly differentiate the wiki mail
- // from "directly" sent mails.
- //
- // Another is that some mailers (like sSMTP) will use the From
- // address as the envelope sender as well. For open sites this
- // can cause mails to be flunked for SPF violations (since the
- // wiki server isn't an authorized sender for various users'
- // domains) as well as creating a privacy issue as bounces
- // containing the recipient's e-mail address may get sent to
- // the sending user.
+ /**
+ * Put the sending user's e-mail address in the From: header.
+ *
+ * This is clean-looking and convenient, but has issues.
+ * One is that it doesn't as clearly differentiate the wiki mail
+ * from "directly" sent mails.
+ *
+ * Another is that some mailers (like sSMTP) will use the From
+ * address as the envelope sender as well. For open sites this
+ * can cause mails to be flunked for SPF violations (since the
+ * wiki server isn't an authorized sender for various users'
+ * domains) as well as creating a privacy issue as bounces
+ * containing the recipient's e-mail address may get sent to
+ * the sending user.
+ */
$mailFrom = $from;
$replyTo = null;
}
$this->moveSubpages = false;
}
- # Next make a list of id's. This might be marginally less efficient
- # than a more direct method, but this is not a highly performance-cri-
- # tical code path and readable code is more important here.
- #
- # Note: this query works nicely on MySQL 5, but the optimizer in MySQL
- # 4 might get confused. If so, consider rewriting as a UNION.
- #
- # If the target namespace doesn't allow subpages, moving with subpages
- # would mean that you couldn't move them back in one operation, which
- # is bad.
- # @todo FIXME: A specific error message should be given in this case.
+ /**
+ * Next make a list of id's. This might be marginally less efficient
+ * than a more direct method, but this is not a highly performance-cri-
+ * tical code path and readable code is more important here.
+ *
+ * Note: this query works nicely on MySQL 5, but the optimizer in MySQL
+ * 4 might get confused. If so, consider rewriting as a UNION.
+ *
+ * If the target namespace doesn't allow subpages, moving with subpages
+ * would mean that you couldn't move them back in one operation, which
+ * is bad.
+ * @todo FIXME: A specific error message should be given in this case.
+ */
// @todo FIXME: Use Title::moveSubpages() here
$dbr = wfGetDB( DB_MASTER );
}
$this->setHeaders();
- // In the case where the user is already logged in, and was redirected to the login form from a
- // page that requires login, do not show the login page. The use case scenario for this is when
- // a user opens a large number of tabs, is redirected to the login page on all of them, and then
- // logs in on one, expecting all the others to work properly.
- //
- // However, do show the form if it was visited intentionally (no 'returnto' is present). People
- // who often switch between several accounts have grown accustomed to this behavior.
+ /**
+ * In the case where the user is already logged in, and was redirected to
+ * the login form from a page that requires login, do not show the login
+ * page. The use case scenario for this is when a user opens a large number
+ * of tabs, is redirected to the login page on all of them, and then logs
+ * in on one, expecting all the others to work properly.
+ *
+ * However, do show the form if it was visited intentionally (no 'returnto'
+ * is present). People who often switch between several accounts have grown
+ * accustomed to this behavior.
+ */
if (
$this->mType !== 'signup' &&
!$this->mPosted &&
}
$status = $this->addNewAccountInternal();
- LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt with mailed password', array(
- 'event' => 'accountcreation',
- 'status' => $status,
- ) );
+ LoggerFactory::getInstance( 'authmanager' )->info(
+ 'Account creation attempt with mailed password',
+ array( 'event' => 'accountcreation', 'status' => $status )
+ );
if ( !$status->isGood() ) {
$error = $status->getMessage();
$this->mainLoginForm( $error->toString() );
global $wgBlockDisablesLogin;
if ( !$u->checkPassword( $this->mPassword ) ) {
if ( $u->checkTemporaryPassword( $this->mPassword ) ) {
- // The e-mailed temporary password should not be used for actu-
- // al logins; that's a very sloppy habit, and insecure if an
- // attacker has a few seconds to click "search" on someone's o-
- // pen mail reader.
- //
- // Allow it to be used only to reset the password a single time
- // to a new value, which won't be in the user's e-mail ar-
- // chives.
- //
- // For backwards compatibility, we'll still recognize it at the
- // login form to minimize surprises for people who have been
- // logging in with a temporary password for some time.
- //
- // As a side-effect, we can authenticate the user's e-mail ad-
- // dress if it's not already done, since the temporary password
- // was sent via e-mail.
+ /**
+ * The e-mailed temporary password should not be used for actu-
+ * al logins; that's a very sloppy habit, and insecure if an
+ * attacker has a few seconds to click "search" on someone's
+ * open mail reader.
+ *
+ * Allow it to be used only to reset the password a single time
+ * to a new value, which won't be in the user's e-mail ar-
+ * chives.
+ *
+ * For backwards compatibility, we'll still recognize it at the
+ * login form to minimize surprises for people who have been
+ * logging in with a temporary password for some time.
+ *
+ * As a side-effect, we can authenticate the user's e-mail ad-
+ * dress if it's not already done, since the temporary password
+ * was sent via e-mail.
+ */
if ( !$u->isEmailConfirmed() && !wfReadOnly() ) {
$u->confirmEmail();
$u->saveSettings();
$template->set( 'emailothers', $wgEnableUserEmail );
$template->set( 'canreset', $wgAuth->allowPasswordChange() );
$template->set( 'resetlink', $resetLink );
- $template->set( 'canremember', $wgExtendedLoginCookieExpiration === null ? ( $wgCookieExpiration > 0 ) : ( $wgExtendedLoginCookieExpiration > 0 ) );
+ $template->set( 'canremember', $wgExtendedLoginCookieExpiration === null ?
+ ( $wgCookieExpiration > 0 ) :
+ ( $wgExtendedLoginCookieExpiration > 0 ) );
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );