MediaWiki  master
SpecialUserLogin.php
Go to the documentation of this file.
1 <?php
26 
33  protected static $allowedActions = [
34  AuthManager::ACTION_LOGIN,
35  AuthManager::ACTION_LOGIN_CONTINUE
36  ];
37 
38  protected static $messages = [
39  'authform-newtoken' => 'nocookiesforlogin',
40  'authform-notoken' => 'sessionfailure',
41  'authform-wrongtoken' => 'sessionfailure',
42  ];
43 
44  public function __construct() {
45  parent::__construct( 'Userlogin' );
46  }
47 
48  public function doesWrites() {
49  return true;
50  }
51 
52  protected function getLoginSecurityLevel() {
53  return false;
54  }
55 
56  protected function getDefaultAction( $subPage ) {
57  return AuthManager::ACTION_LOGIN;
58  }
59 
60  public function getDescription() {
61  return $this->msg( 'login' )->text();
62  }
63 
64  public function setHeaders() {
65  // override the page title if we are doing a forced reauthentication
66  parent::setHeaders();
67  if ( $this->securityLevel && $this->getUser()->isLoggedIn() ) {
68  $this->getOutput()->setPageTitle( $this->msg( 'login-security' ) );
69  }
70  }
71 
72  protected function isSignup() {
73  return false;
74  }
75 
76  protected function beforeExecute( $subPage ) {
77  if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
78  // B/C for old account creation URLs
79  $title = SpecialPage::getTitleFor( 'CreateAccount' );
80  $query = array_diff_key( $this->getRequest()->getValues(),
81  array_fill_keys( [ 'type', 'title' ], true ) );
82  $url = $title->getFullURL( $query, false, PROTO_CURRENT );
83  $this->getOutput()->redirect( $url );
84  return false;
85  }
86  return parent::beforeExecute( $subPage );
87  }
88 
100  protected function successfulAction( $direct = false, $extraMessages = null ) {
101  global $wgSecureLogin;
102 
103  $user = $this->targetUser ?: $this->getUser();
104  $session = $this->getRequest()->getSession();
105 
106  if ( $direct ) {
107  $user->touch();
108 
109  $this->clearToken();
110 
111  if ( $user->requiresHTTPS() ) {
112  $this->mStickHTTPS = true;
113  }
114  $session->setForceHTTPS( $wgSecureLogin && $this->mStickHTTPS );
115 
116  // If the user does not have a session cookie at this point, they probably need to
117  // do something to their browser.
118  if ( !$this->hasSessionCookie() ) {
119  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
120  // TODO something more specific? This used to use nocookieslogin
121  return;
122  }
123  }
124 
125  # Run any hooks; display injected HTML if any, else redirect
126  $injected_html = '';
127  Hooks::run( 'UserLoginComplete', [ &$user, &$injected_html, $direct ] );
128 
129  if ( $injected_html !== '' || $extraMessages ) {
130  $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
131  'loginsuccess', $injected_html, $extraMessages );
132  } else {
133  $helper = new LoginHelper( $this->getContext() );
134  $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
135  $this->mStickHTTPS );
136  }
137  }
138 
139  protected function getToken() {
140  return $this->getRequest()->getSession()->getToken( '', 'login' );
141  }
142 
143  protected function clearToken() {
144  return $this->getRequest()->getSession()->resetToken( 'login' );
145  }
146 
147  protected function getTokenName() {
148  return 'wpLoginToken';
149  }
150 
151  protected function getGroupName() {
152  return 'login';
153  }
154 
155  protected function logAuthResult( $success, $status = null ) {
156  LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
157  'event' => 'login',
158  'successful' => $success,
159  'status' => $status,
160  ] );
161  }
162 }
getDefaultAction( $subPage)
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that&#39;s u...
getContext()
Gets the context this SpecialPage is executed in.
$success
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
$wgSecureLogin
This is to let user authenticate using https when they come from http.
const PROTO_CURRENT
Definition: Defines.php:202
getOutput()
Get the OutputPage being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
logAuthResult( $success, $status=null)
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition: LoginHelper.php:8
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don&#39;t need a full Title object...
Definition: SpecialPage.php:83
beforeExecute( $subPage)
getUser()
Shortcut to get the User executing this instance.
string $subPage
Subpage of the special page.
Implements Special:UserLogin.
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200