- Generated on Wed Oct 1 2014 21:50:56 for MediaWiki by
1.7.6.1
|
MediaWiki
REL1_23
|
00001 <?php 00033 class ApiLogin extends ApiBase { 00034 00035 public function __construct( $main, $action ) { 00036 parent::__construct( $main, $action, 'lg' ); 00037 } 00038 00048 public function execute() { 00049 // If we're in JSON callback mode, no tokens can be obtained 00050 if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) { 00051 $this->getResult()->addValue( null, 'login', array( 00052 'result' => 'Aborted', 00053 'reason' => 'Cannot log in when using a callback', 00054 ) ); 00055 00056 return; 00057 } 00058 00059 $params = $this->extractRequestParams(); 00060 00061 $result = array(); 00062 00063 // Init session if necessary 00064 if ( session_id() == '' ) { 00065 wfSetupSession(); 00066 } 00067 00068 $context = new DerivativeContext( $this->getContext() ); 00069 $context->setRequest( new DerivativeRequest( 00070 $this->getContext()->getRequest(), 00071 array( 00072 'wpName' => $params['name'], 00073 'wpPassword' => $params['password'], 00074 'wpDomain' => $params['domain'], 00075 'wpLoginToken' => $params['token'], 00076 'wpRemember' => '' 00077 ) 00078 ) ); 00079 $loginForm = new LoginForm(); 00080 $loginForm->setContext( $context ); 00081 00082 global $wgCookiePrefix, $wgPasswordAttemptThrottle; 00083 00084 $authRes = $loginForm->authenticateUserData(); 00085 switch ( $authRes ) { 00086 case LoginForm::SUCCESS: 00087 $user = $context->getUser(); 00088 $this->getContext()->setUser( $user ); 00089 $user->setCookies( $this->getRequest() ); 00090 00091 ApiQueryInfo::resetTokenCache(); 00092 00093 // Run hooks. 00094 // @todo FIXME: Split back and frontend from this hook. 00095 // @todo FIXME: This hook should be placed in the backend 00096 $injected_html = ''; 00097 wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) ); 00098 00099 $result['result'] = 'Success'; 00100 $result['lguserid'] = intval( $user->getId() ); 00101 $result['lgusername'] = $user->getName(); 00102 $result['lgtoken'] = $user->getToken(); 00103 $result['cookieprefix'] = $wgCookiePrefix; 00104 $result['sessionid'] = session_id(); 00105 break; 00106 00107 case LoginForm::NEED_TOKEN: 00108 $result['result'] = 'NeedToken'; 00109 $result['token'] = $loginForm->getLoginToken(); 00110 $result['cookieprefix'] = $wgCookiePrefix; 00111 $result['sessionid'] = session_id(); 00112 break; 00113 00114 case LoginForm::WRONG_TOKEN: 00115 $result['result'] = 'WrongToken'; 00116 break; 00117 00118 case LoginForm::NO_NAME: 00119 $result['result'] = 'NoName'; 00120 break; 00121 00122 case LoginForm::ILLEGAL: 00123 $result['result'] = 'Illegal'; 00124 break; 00125 00126 case LoginForm::WRONG_PLUGIN_PASS: 00127 $result['result'] = 'WrongPluginPass'; 00128 break; 00129 00130 case LoginForm::NOT_EXISTS: 00131 $result['result'] = 'NotExists'; 00132 break; 00133 00134 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: 00135 // The e-mailed temporary password should not be used for actual logins. 00136 case LoginForm::RESET_PASS: 00137 case LoginForm::WRONG_PASS: 00138 $result['result'] = 'WrongPass'; 00139 break; 00140 00141 case LoginForm::EMPTY_PASS: 00142 $result['result'] = 'EmptyPass'; 00143 break; 00144 00145 case LoginForm::CREATE_BLOCKED: 00146 $result['result'] = 'CreateBlocked'; 00147 $result['details'] = 'Your IP address is blocked from account creation'; 00148 break; 00149 00150 case LoginForm::THROTTLED: 00151 $result['result'] = 'Throttled'; 00152 $result['wait'] = intval( $wgPasswordAttemptThrottle['seconds'] ); 00153 break; 00154 00155 case LoginForm::USER_BLOCKED: 00156 $result['result'] = 'Blocked'; 00157 break; 00158 00159 case LoginForm::ABORTED: 00160 $result['result'] = 'Aborted'; 00161 $result['reason'] = $loginForm->mAbortLoginErrorMsg; 00162 break; 00163 00164 default: 00165 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" ); 00166 } 00167 00168 $this->getResult()->addValue( null, 'login', $result ); 00169 } 00170 00171 public function mustBePosted() { 00172 return true; 00173 } 00174 00175 public function isReadMode() { 00176 return false; 00177 } 00178 00179 public function getAllowedParams() { 00180 return array( 00181 'name' => null, 00182 'password' => null, 00183 'domain' => null, 00184 'token' => null, 00185 ); 00186 } 00187 00188 public function getParamDescription() { 00189 return array( 00190 'name' => 'User Name', 00191 'password' => 'Password', 00192 'domain' => 'Domain (optional)', 00193 'token' => 'Login token obtained in first request', 00194 ); 00195 } 00196 00197 public function getResultProperties() { 00198 return array( 00199 '' => array( 00200 'result' => array( 00201 ApiBase::PROP_TYPE => array( 00202 'Success', 00203 'NeedToken', 00204 'WrongToken', 00205 'NoName', 00206 'Illegal', 00207 'WrongPluginPass', 00208 'NotExists', 00209 'WrongPass', 00210 'EmptyPass', 00211 'CreateBlocked', 00212 'Throttled', 00213 'Blocked', 00214 'Aborted' 00215 ) 00216 ), 00217 'lguserid' => array( 00218 ApiBase::PROP_TYPE => 'integer', 00219 ApiBase::PROP_NULLABLE => true 00220 ), 00221 'lgusername' => array( 00222 ApiBase::PROP_TYPE => 'string', 00223 ApiBase::PROP_NULLABLE => true 00224 ), 00225 'lgtoken' => array( 00226 ApiBase::PROP_TYPE => 'string', 00227 ApiBase::PROP_NULLABLE => true 00228 ), 00229 'cookieprefix' => array( 00230 ApiBase::PROP_TYPE => 'string', 00231 ApiBase::PROP_NULLABLE => true 00232 ), 00233 'sessionid' => array( 00234 ApiBase::PROP_TYPE => 'string', 00235 ApiBase::PROP_NULLABLE => true 00236 ), 00237 'token' => array( 00238 ApiBase::PROP_TYPE => 'string', 00239 ApiBase::PROP_NULLABLE => true 00240 ), 00241 'details' => array( 00242 ApiBase::PROP_TYPE => 'string', 00243 ApiBase::PROP_NULLABLE => true 00244 ), 00245 'wait' => array( 00246 ApiBase::PROP_TYPE => 'integer', 00247 ApiBase::PROP_NULLABLE => true 00248 ), 00249 'reason' => array( 00250 ApiBase::PROP_TYPE => 'string', 00251 ApiBase::PROP_NULLABLE => true 00252 ) 00253 ) 00254 ); 00255 } 00256 00257 public function getDescription() { 00258 return array( 00259 'Log in and get the authentication tokens.', 00260 'In the event of a successful log-in, a cookie will be attached to your session.', 00261 'In the event of a failed log-in, you will not be able to attempt another log-in', 00262 'through this method for 5 seconds. This is to prevent password guessing by', 00263 'automated password crackers.' 00264 ); 00265 } 00266 00267 public function getPossibleErrors() { 00268 return array_merge( parent::getPossibleErrors(), array( 00269 array( 00270 'code' => 'NeedToken', 'info' => 'You need to resubmit your ' . 00271 'login with the specified token. See ' . 00272 'https://bugzilla.wikimedia.org/show_bug.cgi?id=23076' 00273 ), 00274 array( 'code' => 'WrongToken', 'info' => 'You specified an invalid token' ), 00275 array( 'code' => 'NoName', 'info' => 'You didn\'t set the lgname parameter' ), 00276 array( 'code' => 'Illegal', 'info' => 'You provided an illegal username' ), 00277 array( 'code' => 'NotExists', 'info' => 'The username you provided doesn\'t exist' ), 00278 array( 00279 'code' => 'EmptyPass', 00280 'info' => 'You didn\'t set the lgpassword parameter or you left it empty' 00281 ), 00282 array( 'code' => 'WrongPass', 'info' => 'The password you provided is incorrect' ), 00283 array( 00284 'code' => 'WrongPluginPass', 00285 'info' => 'Same as "WrongPass", returned when an authentication ' . 00286 'plugin rather than MediaWiki itself rejected the password' 00287 ), 00288 array( 00289 'code' => 'CreateBlocked', 00290 'info' => 'The wiki tried to automatically create a new account ' . 00291 'for you, but your IP address has been blocked from account creation' 00292 ), 00293 array( 'code' => 'Throttled', 'info' => 'You\'ve logged in too many times in a short time' ), 00294 array( 'code' => 'Blocked', 'info' => 'User is blocked' ), 00295 ) ); 00296 } 00297 00298 public function getExamples() { 00299 return array( 00300 'api.php?action=login&lgname=user&lgpassword=password' 00301 ); 00302 } 00303 00304 public function getHelpUrls() { 00305 return 'https://www.mediawiki.org/wiki/API:Login'; 00306 } 00307 }
1.7.6.1