MediaWiki  1.23.2
Go to the documentation of this file.
1 <?php
30 class ApiCreateAccount extends ApiBase {
31  public function execute() {
32  // If we're in JSON callback mode, no tokens can be obtained
33  if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
34  $this->dieUsage( 'Cannot create account when using a callback', 'aborted' );
35  }
37  // $loginForm->addNewaccountInternal will throw exceptions
38  // if wiki is read only (already handled by api), user is blocked or does not have rights.
39  // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
40  $loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
41  if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
42  $this->dieUsage(
43  'You do not have the right to create a new account',
44  'permdenied-createaccount'
45  );
46  }
47  if ( $this->getUser()->isBlockedFromCreateAccount() ) {
48  $this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
49  }
51  $params = $this->extractRequestParams();
53  // Init session if necessary
54  if ( session_id() == '' ) {
56  }
58  if ( $params['mailpassword'] && !$params['email'] ) {
59  $this->dieUsageMsg( 'noemail' );
60  }
62  if ( $params['language'] && !Language::isSupportedLanguage( $params['language'] ) ) {
63  $this->dieUsage( 'Invalid language parameter', 'langinvalid' );
64  }
66  $context = new DerivativeContext( $this->getContext() );
67  $context->setRequest( new DerivativeRequest(
68  $this->getContext()->getRequest(),
69  array(
70  'type' => 'signup',
71  'uselang' => $params['language'],
72  'wpName' => $params['name'],
73  'wpPassword' => $params['password'],
74  'wpRetype' => $params['password'],
75  'wpDomain' => $params['domain'],
76  'wpEmail' => $params['email'],
77  'wpRealName' => $params['realname'],
78  'wpCreateaccountToken' => $params['token'],
79  'wpCreateaccount' => $params['mailpassword'] ? null : '1',
80  'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
81  )
82  ) );
84  $loginForm = new LoginForm();
85  $loginForm->setContext( $context );
86  wfRunHooks( 'AddNewAccountApiForm', array( $this, $loginForm ) );
87  $loginForm->load();
89  $status = $loginForm->addNewaccountInternal();
90  $result = array();
91  if ( $status->isGood() ) {
92  // Success!
93  global $wgEmailAuthentication;
94  $user = $status->getValue();
96  if ( $params['language'] ) {
97  $user->setOption( 'language', $params['language'] );
98  }
100  if ( $params['mailpassword'] ) {
101  // If mailpassword was set, disable the password and send an email.
102  $user->setPassword( null );
103  $status->merge( $loginForm->mailPasswordInternal(
104  $user,
105  false,
106  'createaccount-title',
107  'createaccount-text'
108  ) );
109  } elseif ( $wgEmailAuthentication && Sanitizer::validateEmail( $user->getEmail() ) ) {
110  // Send out an email authentication message if needed
111  $status->merge( $user->sendConfirmationMail() );
112  }
114  // Save settings (including confirmation token)
115  $user->saveSettings();
117  wfRunHooks( 'AddNewAccount', array( $user, $params['mailpassword'] ) );
119  if ( $params['mailpassword'] ) {
120  $logAction = 'byemail';
121  } elseif ( $this->getUser()->isLoggedIn() ) {
122  $logAction = 'create2';
123  } else {
124  $logAction = 'create';
125  }
126  $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
128  // Add username, id, and token to result.
129  $result['username'] = $user->getName();
130  $result['userid'] = $user->getId();
131  $result['token'] = $user->getToken();
132  }
134  $apiResult = $this->getResult();
136  if ( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
137  // Token was incorrect, so add it to result, but don't throw an exception
138  // since not having the correct token is part of the normal
139  // flow of events.
141  $result['result'] = 'NeedToken';
142  } elseif ( !$status->isOK() ) {
143  // There was an error. Die now.
144  $this->dieStatus( $status );
145  } elseif ( !$status->isGood() ) {
146  // Status is not good, but OK. This means warnings.
147  $result['result'] = 'Warning';
149  // Add any warnings to the result
150  $warnings = $status->getErrorsByType( 'warning' );
151  if ( $warnings ) {
152  foreach ( $warnings as &$warning ) {
153  $apiResult->setIndexedTagName( $warning['params'], 'param' );
154  }
155  $apiResult->setIndexedTagName( $warnings, 'warning' );
156  $result['warnings'] = $warnings;
157  }
158  } else {
159  // Everything was fine.
160  $result['result'] = 'Success';
161  }
163  // Give extensions a chance to modify the API result data
164  wfRunHooks( 'AddNewAccountApiResult', array( $this, $loginForm, &$result ) );
166  $apiResult->addValue( null, 'createaccount', $result );
167  }
169  public function getDescription() {
170  return 'Create a new user account.';
171  }
173  public function mustBePosted() {
174  return true;
175  }
177  public function isReadMode() {
178  return false;
179  }
181  public function isWriteMode() {
182  return true;
183  }
185  public function getAllowedParams() {
186  global $wgEmailConfirmToEdit;
188  return array(
189  'name' => array(
190  ApiBase::PARAM_TYPE => 'user',
192  ),
193  'password' => null,
194  'domain' => null,
195  'token' => null,
196  'email' => array(
197  ApiBase::PARAM_TYPE => 'string',
198  ApiBase::PARAM_REQUIRED => $wgEmailConfirmToEdit
199  ),
200  'realname' => null,
201  'mailpassword' => array(
202  ApiBase::PARAM_TYPE => 'boolean',
203  ApiBase::PARAM_DFLT => false
204  ),
205  'reason' => null,
206  'language' => null
207  );
208  }
210  public function getParamDescription() {
211  $p = $this->getModulePrefix();
213  return array(
214  'name' => 'Username',
215  'password' => "Password (ignored if {$p}mailpassword is set)",
216  'domain' => 'Domain for external authentication (optional)',
217  'token' => 'Account creation token obtained in first request',
218  'email' => 'Email address of user (optional)',
219  'realname' => 'Real name of user (optional)',
220  'mailpassword' => 'If set to any value, a random password will be emailed to the user',
221  'reason' => 'Optional reason for creating the account to be put in the logs',
222  'language'
223  => 'Language code to set as default for the user (optional, defaults to content language)'
224  );
225  }
227  public function getResultProperties() {
228  return array(
229  'createaccount' => array(
230  'result' => array(
232  'Success',
233  'Warning',
234  'NeedToken'
235  )
236  ),
237  'username' => array(
238  ApiBase::PROP_TYPE => 'string',
239  ApiBase::PROP_NULLABLE => true
240  ),
241  'userid' => array(
242  ApiBase::PROP_TYPE => 'int',
243  ApiBase::PROP_NULLABLE => true
244  ),
245  'token' => array(
246  ApiBase::PROP_TYPE => 'string',
247  ApiBase::PROP_NULLABLE => true
248  ),
249  )
250  );
251  }
253  public function getPossibleErrors() {
254  // Note the following errors aren't possible and don't need to be listed:
255  // sessionfailure, nocookiesfornew, badretype
256  $localErrors = array(
257  'wrongpassword', // Actually caused by wrong domain field. Riddle me that...
258  'sorbs_create_account_reason',
259  'noname',
260  'userexists',
261  'password-name-match', // from User::getPasswordValidity
262  'password-login-forbidden', // from User::getPasswordValidity
263  'noemailtitle',
264  'invalidemailaddress',
265  'externaldberror',
266  'acct_creation_throttle_hit',
267  );
269  $errors = parent::getPossibleErrors();
270  // All local errors are from LoginForm, which means they're actually message keys.
271  foreach ( $localErrors as $error ) {
272  $errors[] = array(
273  'code' => $error,
274  'info' => wfMessage( $error )->inLanguage( 'en' )->useDatabase( false )->parse()
275  );
276  }
278  $errors[] = array(
279  'code' => 'permdenied-createaccount',
280  'info' => 'You do not have the right to create a new account'
281  );
282  $errors[] = array(
283  'code' => 'blocked',
284  'info' => 'You cannot create a new account because you are blocked'
285  );
286  $errors[] = array(
287  'code' => 'aborted',
288  'info' => 'Account creation aborted by hook (info may vary)'
289  );
290  $errors[] = array(
291  'code' => 'langinvalid',
292  'info' => 'Invalid language parameter'
293  );
295  // 'passwordtooshort' has parameters. :(
296  global $wgMinimalPasswordLength;
297  $errors[] = array(
298  'code' => 'passwordtooshort',
299  'info' => wfMessage( 'passwordtooshort', $wgMinimalPasswordLength )
300  ->inLanguage( 'en' )->useDatabase( false )->parse()
301  );
303  return $errors;
304  }
306  public function getExamples() {
307  return array(
308  'api.php?action=createaccount&name=testuser&password=test123',
309  'api.php?action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason',
310  );
311  }
313  public function getHelpUrls() {
314  return '';
315  }
316 }
Indicates whether this module requires read rights.
Definition: ApiCreateAccount.php:177
dieStatus( $status)
Throw a UsageException based on the errors in the Status object.
Definition: ApiBase.php:1419
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: WebRequest.php:1455
IContextSource $context
Definition: ContextSource.php:33
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. $reader:XMLReader object $logInfo:Array of information Return false to stop further processing of the tag 'ImportHandlePageXMLTag':When parsing a XML tag in a page. $reader:XMLReader object $pageInfo:Array of information Return false to stop further processing of the tag 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information Return false to stop further processing of the tag 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. $reader:XMLReader object Return false to stop further processing of the tag 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. $reader:XMLReader object $revisionInfo:Array of information Return false to stop further processing of the tag 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. $title:Title object for the current page $request:WebRequest $ignoreRedirect:boolean to skip redirect check $target:Title/string of redirect target $article:Article object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) $article:article(object) being checked 'IsTrustedProxy':Override the result of wfIsTrustedProxy() $ip:IP being check $result:Change this value to override the result of wfIsTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetMagic':DEPRECATED, use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetSpecialPageAliases':DEPRECATED, use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LinkBegin':Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition: hooks.txt:1528
Get the RequestContext object.
Definition: ContextSource.php:40
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
Definition: ApiBase.php:62
wfSetupSession( $sessionId=false)
Initialise php session.
Definition: GlobalFunctions.php:3523
dieUsageMsg( $error)
Output the error message related to a certain array.
Definition: ApiBase.php:1929
Indicates whether this module must be called with a POST request.
Definition: ApiCreateAccount.php:173
Definition: ApiBase.php:50
Get the result object.
Definition: ApiBase.php:205
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:1830
Definition: styleTest.css.php:40
static getCreateaccountToken()
Get the createaccount token from the current session.
Definition: SpecialUserlogin.php:1406
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name.
Definition: SpecialPage.php:74
Get the WebRequest object.
Definition: ContextSource.php:77
Get the User object.
Definition: ContextSource.php:132
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiCreateAccount.php:31
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
Unit to authenticate account registration attempts to the current wiki.
Definition: ApiCreateAccount.php:30
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:32
Returns the description string for this module.
Definition: ApiCreateAccount.php:169
Returns a list of all possible errors returned by the module.
Definition: ApiCreateAccount.php:253
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned and may include noclasses after processing after in associative array form externallinks including delete and has completed for all link tables default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
Definition: GlobalFunctions.php:4001
Returns possible properties in the result, grouped by the value of the prop parameter that shows them...
Definition: ApiCreateAccount.php:227
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiCreateAccount.php:185
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
Implements Special:UserLogin.
Definition: SpecialUserlogin.php:29
Definition: ApiBase.php:74
Definition: ApiCreateAccount.php:313
Get parameter prefix (usually two letters or an empty string).
Definition: ApiBase.php:165
extractRequestParams( $parseLimit=true)
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:687
dieUsage( $description, $errorCode, $httpRespCode=0, $extradata=null)
Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an...
Definition: ApiBase.php:1363
Returns an array of parameter descriptions.
Definition: ApiCreateAccount.php:210
Definition: ApiBase.php:76
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:237
Definition: ApiBase.php:46
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
Get the main module.
Definition: ApiBase.php:188
usually copyright or history_copyright This message must be in HTML not wikitext $subpages will be ignored and the rest of subPageSubtitle() will run. 'SkinTemplateBuildNavUrlsNav_urlsAfterPermalink' whether MediaWiki currently thinks this is a CSS JS page Hooks may change this value to override the return value of Title::isCssOrJsPage(). 'TitleIsAlwaysKnown' whether MediaWiki currently thinks this page is known isMovable() always returns false. $title whether MediaWiki currently thinks this page is movable Hooks may change this value to override the return value of Title::isMovable(). 'TitleIsWikitextPage' whether MediaWiki currently thinks this is a wikitext page Hooks may change this value to override the return value of Title::isWikitextPage() 'TitleMove' use UploadVerification and UploadVerifyFile instead where the first element is the message key and the remaining elements are used as parameters to the message based on mime etc Preferred in most cases over UploadVerification object with all info about the upload string as detected by MediaWiki Handlers will typically only apply for specific mime types object & $error
Definition: hooks.txt:2573
static isSupportedLanguage( $code)
Checks whether any localisation is available for that language tag in MediaWiki (MessagesXx....
Definition: Language.php:261
Returns usage examples for this module.
Definition: ApiCreateAccount.php:306
Indicates whether this module requires write mode.
Definition: ApiCreateAccount.php:181