MediaWiki  master
SpecialCreateAccount.php
Go to the documentation of this file.
1 <?php
24 namespace MediaWiki\Specials;
25 
26 use ErrorPageError;
31 use Status;
32 use StatusValue;
33 
40  protected static $allowedActions = [
43  ];
44 
45  protected static $messages = [
46  'authform-newtoken' => 'nocookiesfornew',
47  'authform-notoken' => 'sessionfailure',
48  'authform-wrongtoken' => 'sessionfailure',
49  ];
50 
54  public function __construct( AuthManager $authManager ) {
55  parent::__construct( 'CreateAccount', 'createaccount' );
56 
57  $this->setAuthManager( $authManager );
58  }
59 
60  public function doesWrites() {
61  return true;
62  }
63 
64  public function checkPermissions() {
65  parent::checkPermissions();
66 
67  $performer = $this->getAuthority();
68  $authManager = $this->getAuthManager();
69 
70  $status = $this->mPosted ?
71  $authManager->authorizeCreateAccount( $performer ) :
72  $authManager->probablyCanCreateAccount( $performer );
73  if ( !$status->isGood() ) {
74  throw new ErrorPageError(
75  'createacct-error',
76  Status::wrap( $status )->getMessage()
77  );
78  }
79  }
80 
81  protected function getLoginSecurityLevel() {
82  return false;
83  }
84 
85  protected function getDefaultAction( $subPage ) {
87  }
88 
89  public function getDescription() {
90  return $this->msg( 'createaccount' )->text();
91  }
92 
93  protected function isSignup() {
94  return true;
95  }
96 
104  protected function successfulAction( $direct = false, $extraMessages = null ) {
105  $session = $this->getRequest()->getSession();
106  $user = $this->targetUser ?: $this->getUser();
107 
108  if ( $direct ) {
109  # Only save preferences if the user is not creating an account for someone else.
110  if ( !$this->proxyAccountCreation ) {
111  $this->getHookRunner()->onAddNewAccount( $user, false );
112 
113  // If the user does not have a session cookie at this point, they probably need to
114  // do something to their browser.
115  if ( !$this->hasSessionCookie() ) {
116  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
117  // TODO something more specific? This used to use nocookiesnew
118  // FIXME should redirect to login page instead?
119  return;
120  }
121  } else {
122  $byEmail = false; // FIXME no way to set this
123 
124  $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
125 
126  $out = $this->getOutput();
127  // @phan-suppress-next-line PhanImpossibleCondition
128  $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
129  // @phan-suppress-next-line PhanImpossibleCondition
130  if ( $byEmail ) {
131  $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
132  } else {
133  $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
134  }
135 
136  $rt = Title::newFromText( $this->mReturnTo );
137  $out->addReturnTo(
138  ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
139  wfCgiToArray( $this->mReturnToQuery )
140  );
141  return;
142  }
143  }
144 
145  $this->clearToken();
146 
147  # Run any hooks; display injected HTML
148  $injected_html = '';
149  $welcome_creation_msg = 'welcomecreation-msg';
150  $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
151 
157  $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
158 
159  $this->showSuccessPage( 'signup',
160  $this->msg( 'welcomeuser', $this->getUser()->getName() )->escaped(),
161  $welcome_creation_msg, $injected_html, $extraMessages );
162  }
163 
164  protected function getToken() {
165  return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
166  }
167 
168  protected function clearToken() {
169  $this->getRequest()->getSession()->resetToken( 'createaccount' );
170  }
171 
172  protected function getTokenName() {
173  return 'wpCreateaccountToken';
174  }
175 
176  protected function getGroupName() {
177  return 'users';
178  }
179 
180  protected function logAuthResult( $success, $status = null ) {
181  LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
182  'event' => 'accountcreation',
183  'successful' => $success,
184  'status' => strval( $status ),
185  ] );
186  }
187 }
188 
192 class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
$success
string $subPage
Subpage of the special page.
getRequest()
Get the WebRequest being used for this instance.
An error page which can definitely be safely rendered using the OutputPage.
Holds shared logic for login and account creation pages.
mainLoginForm(array $requests, $msg='', $msgtype='error')
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
hasSessionCookie()
Check if a session cookie is present.
This serves as the entry point to the authentication system.
const ACTION_CREATE_CONTINUE
Continue a user creation process that was interrupted by the need for user input or communication wit...
const ACTION_CREATE
Create a new user.
PSR-3 logger instance factory.
static getInstance( $channel)
Get a named logger instance from the currently configured logger factory.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
doesWrites()
Indicates whether this special page may perform database writes.
Represents a title within MediaWiki.
Definition: Title.php:82
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:425
getName()
Get the name of this Special Page.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getAuthority()
Shortcut to get the Authority executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: StatusValue.php:46
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:46
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:64