MediaWiki  master
SpecialCreateAccount.php
Go to the documentation of this file.
1 <?php
26 
33  protected static $allowedActions = [
34  AuthManager::ACTION_CREATE,
35  AuthManager::ACTION_CREATE_CONTINUE
36  ];
37 
38  protected static $messages = [
39  'authform-newtoken' => 'nocookiesfornew',
40  'authform-notoken' => 'sessionfailure',
41  'authform-wrongtoken' => 'sessionfailure',
42  ];
43 
47  public function __construct( AuthManager $authManager ) {
48  parent::__construct( 'CreateAccount', 'createaccount' );
49 
50  $this->setAuthManager( $authManager );
51  }
52 
53  public function doesWrites() {
54  return true;
55  }
56 
57  public function checkPermissions() {
58  parent::checkPermissions();
59 
60  $user = $this->getUser();
61  $status = $this->getAuthManager()->checkAccountCreatePermissions( $user );
62  if ( !$status->isGood() ) {
63  throw new ErrorPageError( 'createacct-error', $status->getMessage() );
64  }
65  }
66 
67  protected function getLoginSecurityLevel() {
68  return false;
69  }
70 
71  protected function getDefaultAction( $subPage ) {
72  return AuthManager::ACTION_CREATE;
73  }
74 
75  public function getDescription() {
76  return $this->msg( 'createaccount' )->text();
77  }
78 
79  protected function isSignup() {
80  return true;
81  }
82 
90  protected function successfulAction( $direct = false, $extraMessages = null ) {
91  $session = $this->getRequest()->getSession();
92  $user = $this->targetUser ?: $this->getUser();
93 
94  if ( $direct ) {
95  # Only save preferences if the user is not creating an account for someone else.
96  if ( !$this->proxyAccountCreation ) {
97  $this->getHookRunner()->onAddNewAccount( $user, false );
98 
99  // If the user does not have a session cookie at this point, they probably need to
100  // do something to their browser.
101  if ( !$this->hasSessionCookie() ) {
102  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
103  // TODO something more specific? This used to use nocookiesnew
104  // FIXME should redirect to login page instead?
105  return;
106  }
107  } else {
108  $byEmail = false; // FIXME no way to set this
109 
110  $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
111 
112  $out = $this->getOutput();
113  // @phan-suppress-next-line PhanImpossibleCondition
114  $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
115  // @phan-suppress-next-line PhanImpossibleCondition
116  if ( $byEmail ) {
117  $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
118  } else {
119  $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
120  }
121 
122  $rt = Title::newFromText( $this->mReturnTo );
123  $out->addReturnTo(
124  ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
125  wfCgiToArray( $this->mReturnToQuery )
126  );
127  return;
128  }
129  }
130 
131  $this->clearToken();
132 
133  # Run any hooks; display injected HTML
134  $injected_html = '';
135  $welcome_creation_msg = 'welcomecreation-msg';
136  $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
137 
143  $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
144 
145  $this->showSuccessPage( 'signup', $this->msg( 'welcomeuser', $this->getUser()->getName() ),
146  $welcome_creation_msg, $injected_html, $extraMessages );
147  }
148 
149  protected function getToken() {
150  return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
151  }
152 
153  protected function clearToken() {
154  return $this->getRequest()->getSession()->resetToken( 'createaccount' );
155  }
156 
157  protected function getTokenName() {
158  return 'wpCreateaccountToken';
159  }
160 
161  protected function getGroupName() {
162  return 'login';
163  }
164 
165  protected function logAuthResult( $success, $status = null ) {
166  LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
167  'event' => 'accountcreation',
168  'successful' => $success,
169  'status' => strval( $status ),
170  ] );
171  }
172 }
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:912
Title\newFromText
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:382
SpecialCreateAccount\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition: SpecialCreateAccount.php:71
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:790
LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition: LoginSignupSpecialPage.php:439
SpecialCreateAccount\$messages
static $messages
Definition: SpecialCreateAccount.php:38
SpecialCreateAccount\isSignup
isSignup()
Definition: SpecialCreateAccount.php:79
SpecialCreateAccount\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition: SpecialCreateAccount.php:157
SpecialCreateAccount\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition: SpecialCreateAccount.php:53
$success
$success
Definition: NoLocalSettings.php:42
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition: SpecialPage.php:179
SpecialCreateAccount\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
Definition: SpecialCreateAccount.php:90
SpecialPage\$authManager
AuthManager null $authManager
Definition: SpecialPage.php:88
SpecialCreateAccount\clearToken
clearToken()
Definition: SpecialCreateAccount.php:153
SpecialCreateAccount
Implements Special:CreateAccount.
Definition: SpecialCreateAccount.php:32
SpecialCreateAccount\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition: SpecialCreateAccount.php:75
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:39
SpecialPage\getHookRunner
getHookRunner()
Definition: SpecialPage.php:1095
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition: LoginSignupSpecialPage.php:38
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition: SpecialPage.php:510
SpecialCreateAccount\getLoginSecurityLevel
getLoginSecurityLevel()
Definition: SpecialCreateAccount.php:67
wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition: GlobalFunctions.php:375
LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition: LoginSignupSpecialPage.php:518
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:800
SpecialCreateAccount\__construct
__construct(AuthManager $authManager)
Definition: SpecialCreateAccount.php:47
LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition: LoginSignupSpecialPage.php:1064
SpecialCreateAccount\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition: SpecialCreateAccount.php:165
SpecialCreateAccount\$allowedActions
static $allowedActions
Definition: SpecialCreateAccount.php:33
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:102
SpecialCreateAccount\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialCreateAccount.php:161
SpecialCreateAccount\getToken
getToken()
Returns the CSRF token.
Definition: SpecialCreateAccount.php:149
SpecialCreateAccount\checkPermissions
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
Definition: SpecialCreateAccount.php:57
SpecialPage\getAuthManager
getAuthManager()
Definition: SpecialPage.php:520
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: AuthManagerSpecialPage.php:72
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition: ErrorPageError.php:30