MediaWiki master
SpecialCreateAccount.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
29use StatusValue;
30
38 protected static $allowedActions = [
39 AuthManager::ACTION_CREATE,
40 AuthManager::ACTION_CREATE_CONTINUE
41 ];
42
43 protected static $messages = [
44 'authform-newtoken' => 'nocookiesfornew',
45 'authform-notoken' => 'sessionfailure',
46 'authform-wrongtoken' => 'sessionfailure',
47 ];
48
49 private FormatterFactory $formatterFactory;
50
55 public function __construct( AuthManager $authManager, FormatterFactory $formatterFactory ) {
56 parent::__construct( 'CreateAccount', 'createaccount' );
57
58 $this->setAuthManager( $authManager );
59 $this->formatterFactory = $formatterFactory;
60 }
61
62 public function doesWrites() {
63 return true;
64 }
65
66 public function checkPermissions() {
67 parent::checkPermissions();
68
69 $performer = $this->getAuthority();
70 $authManager = $this->getAuthManager();
71
72 $status = $this->mPosted ?
73 $authManager->authorizeCreateAccount( $performer ) :
74 $authManager->probablyCanCreateAccount( $performer );
75
76 if ( !$status->isGood() ) {
77 $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
78 throw new ErrorPageError(
79 'createacct-error',
80 $formatter->getMessage( $status )
81 );
82 }
83 }
84
85 protected function getLoginSecurityLevel() {
86 return false;
87 }
88
89 protected function getDefaultAction( $subPage ) {
90 return AuthManager::ACTION_CREATE;
91 }
92
93 public function getDescription() {
94 return $this->msg( 'createaccount' );
95 }
96
97 protected function isSignup() {
98 return true;
99 }
100
108 protected function successfulAction( $direct = false, $extraMessages = null ) {
109 $session = $this->getRequest()->getSession();
110 $user = $this->targetUser ?: $this->getUser();
111
112 $injected_html = '';
113 if ( $direct ) {
114 # Only save preferences if the user is not creating an account for someone else.
115 if ( !$this->proxyAccountCreation ) {
116 $this->getHookRunner()->onAddNewAccount( $user, false );
117
118 // If the user does not have a session cookie at this point, they probably need to
119 // do something to their browser.
120 if ( !$this->hasSessionCookie() ) {
121 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
122 // TODO something more specific? This used to use nocookiesnew
123 // FIXME should redirect to login page instead?
124 return;
125 }
126 } else {
127 $byEmail = false; // FIXME no way to set this
128
129 $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
130
131 $out = $this->getOutput();
132 // @phan-suppress-next-line PhanImpossibleCondition
133 $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
134 // @phan-suppress-next-line PhanImpossibleCondition
135 if ( $byEmail ) {
136 $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
137 } else {
138 $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
139 }
140
141 $rt = Title::newFromText( $this->mReturnTo );
142 $out->addReturnTo(
143 ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
144 wfCgiToArray( $this->mReturnToQuery )
145 );
146 return;
147 }
148 $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
149 }
150
151 $this->clearToken();
152
153 # Run any hooks; display injected HTML
154 $welcome_creation_msg = 'welcomecreation-msg';
160 $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
161
162 $this->showSuccessPage( 'signup',
163 // T308471: ensure username is plaintext (aka escaped)
164 $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
165 $welcome_creation_msg, $injected_html, $extraMessages );
166 }
167
168 protected function getToken() {
169 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
170 }
171
172 protected function clearToken() {
173 $this->getRequest()->getSession()->resetToken( 'createaccount' );
174 }
175
176 protected function getTokenName() {
177 return 'wpCreateaccountToken';
178 }
179
180 protected function getGroupName() {
181 return 'users';
182 }
183
184 protected function logAuthResult( $success, $status = null ) {
185 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
186 'event' => 'accountcreation',
187 'successful' => $success,
188 'status' => strval( $status ),
189 ] );
190 }
191}
192
194class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
An error page which can definitely be safely rendered using the OutputPage.
This serves as the entry point to the authentication system.
Factory for formatters of common complex objects.
Create PSR-3 logger objects.
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
getAuthority()
Shortcut to get the Authority executing this instance.
getName()
Get the canonical, unlocalized name of this special page without namespace.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
__construct(AuthManager $authManager, FormatterFactory $formatterFactory)
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
doesWrites()
Indicates whether this special page may perform database writes.
Represents a title within MediaWiki.
Definition Title.php:78
Generic operation result class Has warning/error list, boolean status and arbitrary value.