MediaWiki  1.23.5
ApiCreateAccount.php
Go to the documentation of this file.
1 <?php
30 class ApiCreateAccount extends ApiBase {
31  public function execute() {
32  // If we're in JSON callback mode, no tokens can be obtained
33  if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
34  $this->dieUsage( 'Cannot create account when using a callback', 'aborted' );
35  }
36 
37  // $loginForm->addNewaccountInternal will throw exceptions
38  // if wiki is read only (already handled by api), user is blocked or does not have rights.
39  // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
40  $loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
41  if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
42  $this->dieUsage(
43  'You do not have the right to create a new account',
44  'permdenied-createaccount'
45  );
46  }
47  if ( $this->getUser()->isBlockedFromCreateAccount() ) {
48  $this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
49  }
50 
51  $params = $this->extractRequestParams();
52 
53  // Init session if necessary
54  if ( session_id() == '' ) {
55  wfSetupSession();
56  }
57 
58  if ( $params['mailpassword'] && !$params['email'] ) {
59  $this->dieUsageMsg( 'noemail' );
60  }
61 
62  if ( $params['language'] && !Language::isSupportedLanguage( $params['language'] ) ) {
63  $this->dieUsage( 'Invalid language parameter', 'langinvalid' );
64  }
65 
66  $context = new DerivativeContext( $this->getContext() );
67  $context->setRequest( new DerivativeRequest(
68  $this->getContext()->getRequest(),
69  array(
70  'type' => 'signup',
71  'uselang' => $params['language'],
72  'wpName' => $params['name'],
73  'wpPassword' => $params['password'],
74  'wpRetype' => $params['password'],
75  'wpDomain' => $params['domain'],
76  'wpEmail' => $params['email'],
77  'wpRealName' => $params['realname'],
78  'wpCreateaccountToken' => $params['token'],
79  'wpCreateaccount' => $params['mailpassword'] ? null : '1',
80  'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
81  )
82  ) );
83 
84  $loginForm = new LoginForm();
85  $loginForm->setContext( $context );
86  wfRunHooks( 'AddNewAccountApiForm', array( $this, $loginForm ) );
87  $loginForm->load();
88 
89  $status = $loginForm->addNewaccountInternal();
90  $result = array();
91  if ( $status->isGood() ) {
92  // Success!
93  global $wgEmailAuthentication;
94  $user = $status->getValue();
95 
96  if ( $params['language'] ) {
97  $user->setOption( 'language', $params['language'] );
98  }
99 
100  if ( $params['mailpassword'] ) {
101  // If mailpassword was set, disable the password and send an email.
102  $user->setPassword( null );
103  $status->merge( $loginForm->mailPasswordInternal(
104  $user,
105  false,
106  'createaccount-title',
107  'createaccount-text'
108  ) );
109  } elseif ( $wgEmailAuthentication && Sanitizer::validateEmail( $user->getEmail() ) ) {
110  // Send out an email authentication message if needed
111  $status->merge( $user->sendConfirmationMail() );
112  }
113 
114  // Save settings (including confirmation token)
115  $user->saveSettings();
116 
117  wfRunHooks( 'AddNewAccount', array( $user, $params['mailpassword'] ) );
118 
119  if ( $params['mailpassword'] ) {
120  $logAction = 'byemail';
121  } elseif ( $this->getUser()->isLoggedIn() ) {
122  $logAction = 'create2';
123  } else {
124  $logAction = 'create';
125  }
126  $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
127 
128  // Add username, id, and token to result.
129  $result['username'] = $user->getName();
130  $result['userid'] = $user->getId();
131  $result['token'] = $user->getToken();
132  }
133 
134  $apiResult = $this->getResult();
135 
136  if ( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
137  // Token was incorrect, so add it to result, but don't throw an exception
138  // since not having the correct token is part of the normal
139  // flow of events.
140  $result['token'] = LoginForm::getCreateaccountToken();
141  $result['result'] = 'NeedToken';
142  } elseif ( !$status->isOK() ) {
143  // There was an error. Die now.
144  $this->dieStatus( $status );
145  } elseif ( !$status->isGood() ) {
146  // Status is not good, but OK. This means warnings.
147  $result['result'] = 'Warning';
148 
149  // Add any warnings to the result
150  $warnings = $status->getErrorsByType( 'warning' );
151  if ( $warnings ) {
152  foreach ( $warnings as &$warning ) {
153  $apiResult->setIndexedTagName( $warning['params'], 'param' );
154  }
155  $apiResult->setIndexedTagName( $warnings, 'warning' );
156  $result['warnings'] = $warnings;
157  }
158  } else {
159  // Everything was fine.
160  $result['result'] = 'Success';
161  }
162 
163  // Give extensions a chance to modify the API result data
164  wfRunHooks( 'AddNewAccountApiResult', array( $this, $loginForm, &$result ) );
165 
166  $apiResult->addValue( null, 'createaccount', $result );
167  }
168 
169  public function getDescription() {
170  return 'Create a new user account.';
171  }
172 
173  public function mustBePosted() {
174  return true;
175  }
176 
177  public function isReadMode() {
178  return false;
179  }
180 
181  public function isWriteMode() {
182  return true;
183  }
184 
185  public function getAllowedParams() {
186  global $wgEmailConfirmToEdit;
187 
188  return array(
189  'name' => array(
190  ApiBase::PARAM_TYPE => 'user',
191  ApiBase::PARAM_REQUIRED => true
192  ),
193  'password' => null,
194  'domain' => null,
195  'token' => null,
196  'email' => array(
197  ApiBase::PARAM_TYPE => 'string',
198  ApiBase::PARAM_REQUIRED => $wgEmailConfirmToEdit
199  ),
200  'realname' => null,
201  'mailpassword' => array(
202  ApiBase::PARAM_TYPE => 'boolean',
203  ApiBase::PARAM_DFLT => false
204  ),
205  'reason' => null,
206  'language' => null
207  );
208  }
209 
210  public function getParamDescription() {
211  $p = $this->getModulePrefix();
212 
213  return array(
214  'name' => 'Username',
215  'password' => "Password (ignored if {$p}mailpassword is set)",
216  'domain' => 'Domain for external authentication (optional)',
217  'token' => 'Account creation token obtained in first request',
218  'email' => 'Email address of user (optional)',
219  'realname' => 'Real name of user (optional)',
220  'mailpassword' => 'If set to any value, a random password will be emailed to the user',
221  'reason' => 'Optional reason for creating the account to be put in the logs',
222  'language'
223  => 'Language code to set as default for the user (optional, defaults to content language)'
224  );
225  }
226 
227  public function getResultProperties() {
228  return array(
229  'createaccount' => array(
230  'result' => array(
231  ApiBase::PROP_TYPE => array(
232  'Success',
233  'Warning',
234  'NeedToken'
235  )
236  ),
237  'username' => array(
238  ApiBase::PROP_TYPE => 'string',
239  ApiBase::PROP_NULLABLE => true
240  ),
241  'userid' => array(
242  ApiBase::PROP_TYPE => 'int',
243  ApiBase::PROP_NULLABLE => true
244  ),
245  'token' => array(
246  ApiBase::PROP_TYPE => 'string',
247  ApiBase::PROP_NULLABLE => true
248  ),
249  )
250  );
251  }
252 
253  public function getPossibleErrors() {
254  // Note the following errors aren't possible and don't need to be listed:
255  // sessionfailure, nocookiesfornew, badretype
256  $localErrors = array(
257  'wrongpassword', // Actually caused by wrong domain field. Riddle me that...
258  'sorbs_create_account_reason',
259  'noname',
260  'userexists',
261  'password-name-match', // from User::getPasswordValidity
262  'password-login-forbidden', // from User::getPasswordValidity
263  'noemailtitle',
264  'invalidemailaddress',
265  'externaldberror',
266  'acct_creation_throttle_hit',
267  );
268 
269  $errors = parent::getPossibleErrors();
270  // All local errors are from LoginForm, which means they're actually message keys.
271  foreach ( $localErrors as $error ) {
272  $errors[] = array(
273  'code' => $error,
274  'info' => wfMessage( $error )->inLanguage( 'en' )->useDatabase( false )->parse()
275  );
276  }
277 
278  $errors[] = array(
279  'code' => 'permdenied-createaccount',
280  'info' => 'You do not have the right to create a new account'
281  );
282  $errors[] = array(
283  'code' => 'blocked',
284  'info' => 'You cannot create a new account because you are blocked'
285  );
286  $errors[] = array(
287  'code' => 'aborted',
288  'info' => 'Account creation aborted by hook (info may vary)'
289  );
290  $errors[] = array(
291  'code' => 'langinvalid',
292  'info' => 'Invalid language parameter'
293  );
294 
295  // 'passwordtooshort' has parameters. :(
296  global $wgMinimalPasswordLength;
297  $errors[] = array(
298  'code' => 'passwordtooshort',
299  'info' => wfMessage( 'passwordtooshort', $wgMinimalPasswordLength )
300  ->inLanguage( 'en' )->useDatabase( false )->parse()
301  );
302 
303  return $errors;
304  }
305 
306  public function getExamples() {
307  return array(
308  'api.php?action=createaccount&name=testuser&password=test123',
309  'api.php?action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason',
310  );
311  }
312 
313  public function getHelpUrls() {
314  return 'https://www.mediawiki.org/wiki/API:Account_creation';
315  }
316 }
ApiCreateAccount\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiCreateAccount.php:177
ApiBase\dieStatus
dieStatus( $status)
Throw a UsageException based on the errors in the Status object.
Definition: ApiBase.php:1419
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: WebRequest.php:1455
ContextSource\$context
IContextSource $context
Definition: ContextSource.php:33
$result
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. $reader:XMLReader object $logInfo:Array of information Return false to stop further processing of the tag 'ImportHandlePageXMLTag':When parsing a XML tag in a page. $reader:XMLReader object $pageInfo:Array of information Return false to stop further processing of the tag 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information Return false to stop further processing of the tag 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. $reader:XMLReader object Return false to stop further processing of the tag 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. $reader:XMLReader object $revisionInfo:Array of information Return false to stop further processing of the tag 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. $title:Title object for the current page $request:WebRequest $ignoreRedirect:boolean to skip redirect check $target:Title/string of redirect target $article:Article object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) $article:article(object) being checked 'IsTrustedProxy':Override the result of wfIsTrustedProxy() $ip:IP being check $result:Change this value to override the result of wfIsTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetMagic':DEPRECATED, use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetSpecialPageAliases':DEPRECATED, use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LinkBegin':Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition: hooks.txt:1528
ContextSource\getContext
getContext()
Get the RequestContext object.
Definition: ContextSource.php:40
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
ApiBase\PARAM_REQUIRED
const PARAM_REQUIRED
Definition: ApiBase.php:62
wfSetupSession
wfSetupSession( $sessionId=false)
Initialise php session.
Definition: GlobalFunctions.php:3532
ApiBase\dieUsageMsg
dieUsageMsg( $error)
Output the error message related to a certain array.
Definition: ApiBase.php:1929
ApiCreateAccount\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition: ApiCreateAccount.php:173
ApiBase\PARAM_TYPE
const PARAM_TYPE
Definition: ApiBase.php:50
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:205
Sanitizer\validateEmail
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:1847
$params
$params
Definition: styleTest.css.php:40
LoginForm\getCreateaccountToken
static getCreateaccountToken()
Get the createaccount token from the current session.
Definition: SpecialUserlogin.php:1406
SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name.
Definition: SpecialPage.php:74
ContextSource\getRequest
getRequest()
Get the WebRequest object.
Definition: ContextSource.php:77
ContextSource\getUser
getUser()
Get the User object.
Definition: ContextSource.php:132
ApiCreateAccount\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiCreateAccount.php:31
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
ApiCreateAccount
Unit to authenticate account registration attempts to the current wiki.
Definition: ApiCreateAccount.php:30
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:32
ApiCreateAccount\getDescription
getDescription()
Returns the description string for this module.
Definition: ApiCreateAccount.php:169
ApiCreateAccount\getPossibleErrors
getPossibleErrors()
Returns a list of all possible errors returned by the module.
Definition: ApiCreateAccount.php:253
wfMessage
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned and may include noclasses after processing after in associative array form externallinks including delete and has completed for all link tables default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
wfRunHooks
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
Definition: GlobalFunctions.php:4010
ApiCreateAccount\getResultProperties
getResultProperties()
Returns possible properties in the result, grouped by the value of the prop parameter that shows them...
Definition: ApiCreateAccount.php:227
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
ApiCreateAccount\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiCreateAccount.php:185
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
LoginForm
Implements Special:UserLogin.
Definition: SpecialUserlogin.php:29
ApiBase\PROP_TYPE
const PROP_TYPE
Definition: ApiBase.php:74
ApiCreateAccount\getHelpUrls
getHelpUrls()
Definition: ApiCreateAccount.php:313
ApiBase\getModulePrefix
getModulePrefix()
Get parameter prefix (usually two letters or an empty string).
Definition: ApiBase.php:165
ApiBase\extractRequestParams
extractRequestParams( $parseLimit=true)
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:687
ApiBase\dieUsage
dieUsage( $description, $errorCode, $httpRespCode=0, $extradata=null)
Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an...
Definition: ApiBase.php:1363
ApiCreateAccount\getParamDescription
getParamDescription()
Returns an array of parameter descriptions.
Definition: ApiCreateAccount.php:210
ApiBase\PROP_NULLABLE
const PROP_NULLABLE
Definition: ApiBase.php:76
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:237
ApiBase\PARAM_DFLT
const PARAM_DFLT
Definition: ApiBase.php:46
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
ApiBase\getMain
getMain()
Get the main module.
Definition: ApiBase.php:188
$error
usually copyright or history_copyright This message must be in HTML not wikitext $subpages will be ignored and the rest of subPageSubtitle() will run. 'SkinTemplateBuildNavUrlsNav_urlsAfterPermalink' whether MediaWiki currently thinks this is a CSS JS page Hooks may change this value to override the return value of Title::isCssOrJsPage(). 'TitleIsAlwaysKnown' whether MediaWiki currently thinks this page is known isMovable() always returns false. $title whether MediaWiki currently thinks this page is movable Hooks may change this value to override the return value of Title::isMovable(). 'TitleIsWikitextPage' whether MediaWiki currently thinks this is a wikitext page Hooks may change this value to override the return value of Title::isWikitextPage() 'TitleMove' use UploadVerification and UploadVerifyFile instead where the first element is the message key and the remaining elements are used as parameters to the message based on mime etc Preferred in most cases over UploadVerification object with all info about the upload string as detected by MediaWiki Handlers will typically only apply for specific mime types object & $error
Definition: hooks.txt:2573
Language\isSupportedLanguage
static isSupportedLanguage( $code)
Checks whether any localisation is available for that language tag in MediaWiki (MessagesXx....
Definition: Language.php:261
ApiCreateAccount\getExamples
getExamples()
Returns usage examples for this module.
Definition: ApiCreateAccount.php:306
ApiCreateAccount\isWriteMode
isWriteMode()
Indicates whether this module requires write mode.
Definition: ApiCreateAccount.php:181