MediaWiki fundraising/REL1_35
SpecialCreateAccount.php
Go to the documentation of this file.
1<?php
27
34 protected static $allowedActions = [
35 AuthManager::ACTION_CREATE,
36 AuthManager::ACTION_CREATE_CONTINUE
37 ];
38
39 protected static $messages = [
40 'authform-newtoken' => 'nocookiesfornew',
41 'authform-notoken' => 'sessionfailure',
42 'authform-wrongtoken' => 'sessionfailure',
43 ];
44
45 public function __construct() {
46 parent::__construct( 'CreateAccount' );
47 }
48
49 public function doesWrites() {
50 return true;
51 }
52
53 public function isRestricted() {
54 return !MediaWikiServices::getInstance()
55 ->getPermissionManager()
56 ->groupHasPermission( '*', 'createaccount' );
57 }
58
59 public function userCanExecute( User $user ) {
60 return MediaWikiServices::getInstance()
61 ->getPermissionManager()
62 ->userHasRight( $user, 'createaccount' );
63 }
64
65 public function checkPermissions() {
66 parent::checkPermissions();
67
68 $user = $this->getUser();
69 $status = MediaWikiServices::getInstance()->getAuthManager()
70 ->checkAccountCreatePermissions( $user );
71 if ( !$status->isGood() ) {
72 throw new ErrorPageError( 'createacct-error', $status->getMessage() );
73 }
74 }
75
76 protected function getLoginSecurityLevel() {
77 return false;
78 }
79
80 protected function getDefaultAction( $subPage ) {
81 return AuthManager::ACTION_CREATE;
82 }
83
84 public function getDescription() {
85 return $this->msg( 'createaccount' )->text();
86 }
87
88 protected function isSignup() {
89 return true;
90 }
91
99 protected function successfulAction( $direct = false, $extraMessages = null ) {
100 $session = $this->getRequest()->getSession();
101 $user = $this->targetUser ?: $this->getUser();
102
103 if ( $direct ) {
104 # Only save preferences if the user is not creating an account for someone else.
105 if ( !$this->proxyAccountCreation ) {
106 $this->getHookRunner()->onAddNewAccount( $user, false );
107
108 // If the user does not have a session cookie at this point, they probably need to
109 // do something to their browser.
110 if ( !$this->hasSessionCookie() ) {
111 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
112 // TODO something more specific? This used to use nocookiesnew
113 // FIXME should redirect to login page instead?
114 return;
115 }
116 } else {
117 $byEmail = false; // FIXME no way to set this
118
119 $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
120
121 $out = $this->getOutput();
122 // @phan-suppress-next-line PhanImpossibleCondition
123 $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
124 // @phan-suppress-next-line PhanImpossibleCondition
125 if ( $byEmail ) {
126 $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
127 } else {
128 $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
129 }
130
131 $rt = Title::newFromText( $this->mReturnTo );
132 $out->addReturnTo(
133 ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
134 wfCgiToArray( $this->mReturnToQuery )
135 );
136 return;
137 }
138 }
139
140 $this->clearToken();
141
142 # Run any hooks; display injected HTML
143 $injected_html = '';
144 $welcome_creation_msg = 'welcomecreation-msg';
145 $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
146
152 $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
153
154 $this->showSuccessPage( 'signup',
155 $this->msg( 'welcomeuser', $this->getUser()->getName() )->escaped(),
156 $welcome_creation_msg, $injected_html, $extraMessages );
157 }
158
159 protected function getToken() {
160 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
161 }
162
163 protected function clearToken() {
164 return $this->getRequest()->getSession()->resetToken( 'createaccount' );
165 }
166
167 protected function getTokenName() {
168 return 'wpCreateaccountToken';
169 }
170
171 protected function getGroupName() {
172 return 'login';
173 }
174
175 protected function logAuthResult( $success, $status = null ) {
176 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
177 'event' => 'accountcreation',
178 'successful' => $success,
179 'status' => strval( $status ),
180 ] );
181 }
182}
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
string $subPage
Subpage of the special page.
getRequest()
Get the WebRequest being used for this instance.
An error page which can definitely be safely rendered using the OutputPage.
Holds shared logic for login and account creation pages.
mainLoginForm(array $requests, $msg='', $msgtype='error')
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
hasSessionCookie()
Check if a session cookie is present.
This serves as the entry point to the authentication system.
PSR-3 logger instance factory.
MediaWikiServices is the service locator for the application scope of MediaWiki.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
getToken()
Returns the CSRF token.
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
doesWrites()
Indicates whether this special page may perform database writes.
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
isRestricted()
Can be overridden by subclasses with more complicated permissions schemes.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
userCanExecute(User $user)
Checks if the given user (identified by an object) can execute this special page (as defined by $mRes...
getLoginSecurityLevel()
Stable to override.
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
getName()
Get the name of this Special Page.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getPageTitle( $subpage=false)
Get a self-referential title object.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:60