MediaWiki REL1_35
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
26
33 protected static $allowedActions = [
34 AuthManager::ACTION_LOGIN,
35 AuthManager::ACTION_LOGIN_CONTINUE
36 ];
37
38 protected static $messages = [
39 'authform-newtoken' => 'nocookiesforlogin',
40 'authform-notoken' => 'sessionfailure',
41 'authform-wrongtoken' => 'sessionfailure',
42 ];
43
44 public function __construct() {
45 parent::__construct( 'Userlogin' );
46 }
47
48 public function doesWrites() {
49 return true;
50 }
51
52 protected function getLoginSecurityLevel() {
53 return false;
54 }
55
56 protected function getDefaultAction( $subPage ) {
57 return AuthManager::ACTION_LOGIN;
58 }
59
60 public function getDescription() {
61 return $this->msg( 'login' )->text();
62 }
63
64 public function setHeaders() {
65 // override the page title if we are doing a forced reauthentication
66 parent::setHeaders();
67 if ( $this->securityLevel && $this->getUser()->isLoggedIn() ) {
68 $this->getOutput()->setPageTitle( $this->msg( 'login-security' ) );
69 }
70 }
71
72 protected function isSignup() {
73 return false;
74 }
75
76 protected function beforeExecute( $subPage ) {
77 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
78 // B/C for old account creation URLs
79 $title = SpecialPage::getTitleFor( 'CreateAccount' );
80 $query = array_diff_key( $this->getRequest()->getValues(),
81 array_fill_keys( [ 'type', 'title' ], true ) );
82 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
83 $this->getOutput()->redirect( $url );
84 return false;
85 }
86 return parent::beforeExecute( $subPage );
87 }
88
100 protected function successfulAction( $direct = false, $extraMessages = null ) {
101 global $wgSecureLogin;
102
103 $user = $this->targetUser ?: $this->getUser();
104 $session = $this->getRequest()->getSession();
105
106 if ( $direct ) {
107 $user->touch();
108
109 $this->clearToken();
110
111 if ( $user->requiresHTTPS() ) {
112 $this->mStickHTTPS = true;
113 }
114 $session->setForceHTTPS( $wgSecureLogin && $this->mStickHTTPS );
115
116 // If the user does not have a session cookie at this point, they probably need to
117 // do something to their browser.
118 if ( !$this->hasSessionCookie() ) {
119 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
120 // TODO something more specific? This used to use nocookieslogin
121 return;
122 }
123 }
124
125 # Run any hooks; display injected HTML if any, else redirect
126 $injected_html = '';
127 $this->getHookRunner()->onUserLoginComplete(
128 $user, $injected_html, $direct );
129
130 if ( $injected_html !== '' || $extraMessages ) {
131 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
132 'loginsuccess', $injected_html, $extraMessages );
133 } else {
134 $helper = new LoginHelper( $this->getContext() );
135 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
136 $this->mStickHTTPS );
137 }
138 }
139
140 protected function getToken() {
141 return $this->getRequest()->getSession()->getToken( '', 'login' );
142 }
143
144 protected function clearToken() {
145 return $this->getRequest()->getSession()->resetToken( 'login' );
146 }
147
148 protected function getTokenName() {
149 return 'wpLoginToken';
150 }
151
152 protected function getGroupName() {
153 return 'login';
154 }
155
156 protected function logAuthResult( $success, $status = null ) {
157 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
158 'event' => 'login',
159 'successful' => $success,
160 'status' => strval( $status ),
161 ] );
162 }
163}
$wgSecureLogin
This is to let user authenticate using https when they come from http.
string $subPage
Subpage of the special page.
getRequest()
Get the WebRequest being used for this instance.
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Holds shared logic for login and account creation pages.
mainLoginForm(array $requests, $msg='', $msgtype='error')
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
hasSessionCookie()
Check if a session cookie is present.
This serves as the entry point to the authentication system.
PSR-3 logger instance factory.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Implements Special:UserLogin.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
beforeExecute( $subPage)
Stable to override.
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getLoginSecurityLevel()
Stable to override.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!...
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
doesWrites()
Indicates whether this special page may perform database writes.
getToken()
Returns the CSRF token.
const PROTO_CURRENT
Definition Defines.php:212