MediaWiki  1.23.1
ApiLogin.php
Go to the documentation of this file.
1 <?php
33 class ApiLogin extends ApiBase {
34 
35  public function __construct( $main, $action ) {
36  parent::__construct( $main, $action, 'lg' );
37  }
38 
48  public function execute() {
49  // If we're in JSON callback mode, no tokens can be obtained
50  if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
51  $this->getResult()->addValue( null, 'login', array(
52  'result' => 'Aborted',
53  'reason' => 'Cannot log in when using a callback',
54  ) );
55 
56  return;
57  }
58 
59  $params = $this->extractRequestParams();
60 
61  $result = array();
62 
63  // Init session if necessary
64  if ( session_id() == '' ) {
66  }
67 
68  $context = new DerivativeContext( $this->getContext() );
69  $context->setRequest( new DerivativeRequest(
70  $this->getContext()->getRequest(),
71  array(
72  'wpName' => $params['name'],
73  'wpPassword' => $params['password'],
74  'wpDomain' => $params['domain'],
75  'wpLoginToken' => $params['token'],
76  'wpRemember' => ''
77  )
78  ) );
79  $loginForm = new LoginForm();
80  $loginForm->setContext( $context );
81 
82  global $wgCookiePrefix, $wgPasswordAttemptThrottle;
83 
84  $authRes = $loginForm->authenticateUserData();
85  switch ( $authRes ) {
86  case LoginForm::SUCCESS:
87  $user = $context->getUser();
88  $this->getContext()->setUser( $user );
89  $user->setCookies( $this->getRequest() );
90 
92 
93  // Run hooks.
94  // @todo FIXME: Split back and frontend from this hook.
95  // @todo FIXME: This hook should be placed in the backend
96  $injected_html = '';
97  wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) );
98 
99  $result['result'] = 'Success';
100  $result['lguserid'] = intval( $user->getId() );
101  $result['lgusername'] = $user->getName();
102  $result['lgtoken'] = $user->getToken();
103  $result['cookieprefix'] = $wgCookiePrefix;
104  $result['sessionid'] = session_id();
105  break;
106 
108  $result['result'] = 'NeedToken';
109  $result['token'] = $loginForm->getLoginToken();
110  $result['cookieprefix'] = $wgCookiePrefix;
111  $result['sessionid'] = session_id();
112  break;
113 
115  $result['result'] = 'WrongToken';
116  break;
117 
118  case LoginForm::NO_NAME:
119  $result['result'] = 'NoName';
120  break;
121 
122  case LoginForm::ILLEGAL:
123  $result['result'] = 'Illegal';
124  break;
125 
127  $result['result'] = 'WrongPluginPass';
128  break;
129 
131  $result['result'] = 'NotExists';
132  break;
133 
134  // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
135  // The e-mailed temporary password should not be used for actual logins.
138  $result['result'] = 'WrongPass';
139  break;
140 
142  $result['result'] = 'EmptyPass';
143  break;
144 
146  $result['result'] = 'CreateBlocked';
147  $result['details'] = 'Your IP address is blocked from account creation';
148  break;
149 
151  $result['result'] = 'Throttled';
152  $result['wait'] = intval( $wgPasswordAttemptThrottle['seconds'] );
153  break;
154 
156  $result['result'] = 'Blocked';
157  break;
158 
159  case LoginForm::ABORTED:
160  $result['result'] = 'Aborted';
161  $result['reason'] = $loginForm->mAbortLoginErrorMsg;
162  break;
163 
164  default:
165  ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
166  }
167 
168  $this->getResult()->addValue( null, 'login', $result );
169  }
170 
171  public function mustBePosted() {
172  return true;
173  }
174 
175  public function isReadMode() {
176  return false;
177  }
178 
179  public function getAllowedParams() {
180  return array(
181  'name' => null,
182  'password' => null,
183  'domain' => null,
184  'token' => null,
185  );
186  }
187 
188  public function getParamDescription() {
189  return array(
190  'name' => 'User Name',
191  'password' => 'Password',
192  'domain' => 'Domain (optional)',
193  'token' => 'Login token obtained in first request',
194  );
195  }
196 
197  public function getResultProperties() {
198  return array(
199  '' => array(
200  'result' => array(
202  'Success',
203  'NeedToken',
204  'WrongToken',
205  'NoName',
206  'Illegal',
207  'WrongPluginPass',
208  'NotExists',
209  'WrongPass',
210  'EmptyPass',
211  'CreateBlocked',
212  'Throttled',
213  'Blocked',
214  'Aborted'
215  )
216  ),
217  'lguserid' => array(
218  ApiBase::PROP_TYPE => 'integer',
219  ApiBase::PROP_NULLABLE => true
220  ),
221  'lgusername' => array(
222  ApiBase::PROP_TYPE => 'string',
223  ApiBase::PROP_NULLABLE => true
224  ),
225  'lgtoken' => array(
226  ApiBase::PROP_TYPE => 'string',
227  ApiBase::PROP_NULLABLE => true
228  ),
229  'cookieprefix' => array(
230  ApiBase::PROP_TYPE => 'string',
231  ApiBase::PROP_NULLABLE => true
232  ),
233  'sessionid' => array(
234  ApiBase::PROP_TYPE => 'string',
235  ApiBase::PROP_NULLABLE => true
236  ),
237  'token' => array(
238  ApiBase::PROP_TYPE => 'string',
239  ApiBase::PROP_NULLABLE => true
240  ),
241  'details' => array(
242  ApiBase::PROP_TYPE => 'string',
243  ApiBase::PROP_NULLABLE => true
244  ),
245  'wait' => array(
246  ApiBase::PROP_TYPE => 'integer',
247  ApiBase::PROP_NULLABLE => true
248  ),
249  'reason' => array(
250  ApiBase::PROP_TYPE => 'string',
251  ApiBase::PROP_NULLABLE => true
252  )
253  )
254  );
255  }
256 
257  public function getDescription() {
258  return array(
259  'Log in and get the authentication tokens.',
260  'In the event of a successful log-in, a cookie will be attached to your session.',
261  'In the event of a failed log-in, you will not be able to attempt another log-in',
262  'through this method for 5 seconds. This is to prevent password guessing by',
263  'automated password crackers.'
264  );
265  }
266 
267  public function getPossibleErrors() {
268  return array_merge( parent::getPossibleErrors(), array(
269  array(
270  'code' => 'NeedToken', 'info' => 'You need to resubmit your ' .
271  'login with the specified token. See ' .
272  'https://bugzilla.wikimedia.org/show_bug.cgi?id=23076'
273  ),
274  array( 'code' => 'WrongToken', 'info' => 'You specified an invalid token' ),
275  array( 'code' => 'NoName', 'info' => 'You didn\'t set the lgname parameter' ),
276  array( 'code' => 'Illegal', 'info' => 'You provided an illegal username' ),
277  array( 'code' => 'NotExists', 'info' => 'The username you provided doesn\'t exist' ),
278  array(
279  'code' => 'EmptyPass',
280  'info' => 'You didn\'t set the lgpassword parameter or you left it empty'
281  ),
282  array( 'code' => 'WrongPass', 'info' => 'The password you provided is incorrect' ),
283  array(
284  'code' => 'WrongPluginPass',
285  'info' => 'Same as "WrongPass", returned when an authentication ' .
286  'plugin rather than MediaWiki itself rejected the password'
287  ),
288  array(
289  'code' => 'CreateBlocked',
290  'info' => 'The wiki tried to automatically create a new account ' .
291  'for you, but your IP address has been blocked from account creation'
292  ),
293  array( 'code' => 'Throttled', 'info' => 'You\'ve logged in too many times in a short time' ),
294  array( 'code' => 'Blocked', 'info' => 'User is blocked' ),
295  ) );
296  }
297 
298  public function getExamples() {
299  return array(
300  'api.php?action=login&lgname=user&lgpassword=password'
301  );
302  }
303 
304  public function getHelpUrls() {
305  return 'https://www.mediawiki.org/wiki/API:Login';
306  }
307 }
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: WebRequest.php:1455
ContextSource\$context
IContextSource $context
Definition: ContextSource.php:33
ApiLogin\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiLogin.php:175
$result
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. $reader:XMLReader object $logInfo:Array of information Return false to stop further processing of the tag 'ImportHandlePageXMLTag':When parsing a XML tag in a page. $reader:XMLReader object $pageInfo:Array of information Return false to stop further processing of the tag 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information Return false to stop further processing of the tag 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. $reader:XMLReader object Return false to stop further processing of the tag 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. $reader:XMLReader object $revisionInfo:Array of information Return false to stop further processing of the tag 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. $title:Title object for the current page $request:WebRequest $ignoreRedirect:boolean to skip redirect check $target:Title/string of redirect target $article:Article object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) $article:article(object) being checked 'IsTrustedProxy':Override the result of wfIsTrustedProxy() $ip:IP being check $result:Change this value to override the result of wfIsTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetMagic':DEPRECATED, use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetSpecialPageAliases':DEPRECATED, use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LinkBegin':Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition: hooks.txt:1528
ContextSource\getContext
getContext()
Get the RequestContext object.
Definition: ContextSource.php:40
ApiLogin\execute
execute()
Executes the log-in attempt using the parameters passed.
Definition: ApiLogin.php:48
LoginForm\USER_BLOCKED
const USER_BLOCKED
Definition: SpecialUserlogin.php:41
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
LoginForm\WRONG_PASS
const WRONG_PASS
Definition: SpecialUserlogin.php:35
LoginForm\CREATE_BLOCKED
const CREATE_BLOCKED
Definition: SpecialUserlogin.php:39
wfSetupSession
wfSetupSession( $sessionId=false)
Initialise php session.
Definition: GlobalFunctions.php:3523
LoginForm\ILLEGAL
const ILLEGAL
Definition: SpecialUserlogin.php:32
LoginForm\SUCCESS
const SUCCESS
Definition: SpecialUserlogin.php:30
ApiLogin\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition: ApiLogin.php:171
ApiQueryInfo\resetTokenCache
static resetTokenCache()
Definition: ApiQueryInfo.php:114
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:205
$wgCookiePrefix
if( $wgRCFilterByAge) if( $wgSkipSkin) if( $wgLocalInterwiki) if( $wgSharedPrefix===false) if(! $wgCookiePrefix) $wgCookiePrefix
Definition: Setup.php:286
ApiLogin\getDescription
getDescription()
Returns the description string for this module.
Definition: ApiLogin.php:257
$params
$params
Definition: styleTest.css.php:40
LoginForm\RESET_PASS
const RESET_PASS
Definition: SpecialUserlogin.php:37
ApiLogin\getPossibleErrors
getPossibleErrors()
Returns a list of all possible errors returned by the module.
Definition: ApiLogin.php:267
LoginForm\THROTTLED
const THROTTLED
Definition: SpecialUserlogin.php:40
ContextSource\getRequest
getRequest()
Get the WebRequest object.
Definition: ContextSource.php:77
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
ApiLogin\getParamDescription
getParamDescription()
Returns an array of parameter descriptions.
Definition: ApiLogin.php:188
LoginForm\EMPTY_PASS
const EMPTY_PASS
Definition: SpecialUserlogin.php:36
ApiLogin\getHelpUrls
getHelpUrls()
Definition: ApiLogin.php:304
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:32
LoginForm\ABORTED
const ABORTED
Definition: SpecialUserlogin.php:38
LoginForm\NOT_EXISTS
const NOT_EXISTS
Definition: SpecialUserlogin.php:34
wfRunHooks
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
Definition: GlobalFunctions.php:4001
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
LoginForm
Implements Special:UserLogin.
Definition: SpecialUserlogin.php:29
ApiBase\PROP_TYPE
const PROP_TYPE
Definition: ApiBase.php:74
ApiLogin\__construct
__construct( $main, $action)
Definition: ApiLogin.php:35
ApiBase\extractRequestParams
extractRequestParams( $parseLimit=true)
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:687
ApiLogin\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiLogin.php:179
LoginForm\WRONG_TOKEN
const WRONG_TOKEN
Definition: SpecialUserlogin.php:43
ApiBase\PROP_NULLABLE
const PROP_NULLABLE
Definition: ApiBase.php:76
IContextSource\getUser
getUser()
Get the User object.
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:237
ApiLogin\getResultProperties
getResultProperties()
Returns possible properties in the result, grouped by the value of the prop parameter that shows them...
Definition: ApiLogin.php:197
ApiLogin\getExamples
getExamples()
Returns usage examples for this module.
Definition: ApiLogin.php:298
LoginForm\NEED_TOKEN
const NEED_TOKEN
Definition: SpecialUserlogin.php:42
LoginForm\NO_NAME
const NO_NAME
Definition: SpecialUserlogin.php:31
ApiBase\getMain
getMain()
Get the main module.
Definition: ApiBase.php:188
ApiLogin
Unit to authenticate log-in attempts to the current wiki.
Definition: ApiLogin.php:33
ApiBase\dieDebug
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
Definition: ApiBase.php:2006
LoginForm\WRONG_PLUGIN_PASS
const WRONG_PLUGIN_PASS
Definition: SpecialUserlogin.php:33