| [ Index ] |
PHP Cross Reference of MediaWiki-1.24.0 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * 5 * Created on Sep 19, 2006 6 * 7 * Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com", 8 * Daniel Cannon (cannon dot danielc at gmail dot com) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, write to the Free Software Foundation, Inc., 22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 23 * http://www.gnu.org/copyleft/gpl.html 24 * 25 * @file 26 */ 27 28 /** 29 * Unit to authenticate log-in attempts to the current wiki. 30 * 31 * @ingroup API 32 */ 33 class ApiLogin extends ApiBase { 34 35 public function __construct( ApiMain $main, $action ) { 36 parent::__construct( $main, $action, 'lg' ); 37 } 38 39 /** 40 * Executes the log-in attempt using the parameters passed. If 41 * the log-in succeeds, it attaches a cookie to the session 42 * and outputs the user id, username, and session token. If a 43 * log-in fails, as the result of a bad password, a nonexistent 44 * user, or any other reason, the host is cached with an expiry 45 * and no log-in attempts will be accepted until that expiry 46 * is reached. The expiry is $this->mLoginThrottle. 47 */ 48 public function execute() { 49 // If we're in JSON callback mode, no tokens can be obtained 50 if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) { 51 $this->getResult()->addValue( null, 'login', array( 52 'result' => 'Aborted', 53 'reason' => 'Cannot log in when using a callback', 54 ) ); 55 56 return; 57 } 58 59 $params = $this->extractRequestParams(); 60 61 $result = array(); 62 63 // Init session if necessary 64 if ( session_id() == '' ) { 65 wfSetupSession(); 66 } 67 68 $context = new DerivativeContext( $this->getContext() ); 69 $context->setRequest( new DerivativeRequest( 70 $this->getContext()->getRequest(), 71 array( 72 'wpName' => $params['name'], 73 'wpPassword' => $params['password'], 74 'wpDomain' => $params['domain'], 75 'wpLoginToken' => $params['token'], 76 'wpRemember' => '' 77 ) 78 ) ); 79 $loginForm = new LoginForm(); 80 $loginForm->setContext( $context ); 81 82 $authRes = $loginForm->authenticateUserData(); 83 switch ( $authRes ) { 84 case LoginForm::SUCCESS: 85 $user = $context->getUser(); 86 $this->getContext()->setUser( $user ); 87 $user->setCookies( $this->getRequest(), null, true ); 88 89 ApiQueryInfo::resetTokenCache(); 90 91 // Run hooks. 92 // @todo FIXME: Split back and frontend from this hook. 93 // @todo FIXME: This hook should be placed in the backend 94 $injected_html = ''; 95 wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) ); 96 97 $result['result'] = 'Success'; 98 $result['lguserid'] = intval( $user->getId() ); 99 $result['lgusername'] = $user->getName(); 100 $result['lgtoken'] = $user->getToken(); 101 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' ); 102 $result['sessionid'] = session_id(); 103 break; 104 105 case LoginForm::NEED_TOKEN: 106 $result['result'] = 'NeedToken'; 107 $result['token'] = $loginForm->getLoginToken(); 108 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' ); 109 $result['sessionid'] = session_id(); 110 break; 111 112 case LoginForm::WRONG_TOKEN: 113 $result['result'] = 'WrongToken'; 114 break; 115 116 case LoginForm::NO_NAME: 117 $result['result'] = 'NoName'; 118 break; 119 120 case LoginForm::ILLEGAL: 121 $result['result'] = 'Illegal'; 122 break; 123 124 case LoginForm::WRONG_PLUGIN_PASS: 125 $result['result'] = 'WrongPluginPass'; 126 break; 127 128 case LoginForm::NOT_EXISTS: 129 $result['result'] = 'NotExists'; 130 break; 131 132 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: 133 // The e-mailed temporary password should not be used for actual logins. 134 case LoginForm::RESET_PASS: 135 case LoginForm::WRONG_PASS: 136 $result['result'] = 'WrongPass'; 137 break; 138 139 case LoginForm::EMPTY_PASS: 140 $result['result'] = 'EmptyPass'; 141 break; 142 143 case LoginForm::CREATE_BLOCKED: 144 $result['result'] = 'CreateBlocked'; 145 $result['details'] = 'Your IP address is blocked from account creation'; 146 break; 147 148 case LoginForm::THROTTLED: 149 $result['result'] = 'Throttled'; 150 $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' ); 151 $result['wait'] = intval( $throttle['seconds'] ); 152 break; 153 154 case LoginForm::USER_BLOCKED: 155 $result['result'] = 'Blocked'; 156 break; 157 158 case LoginForm::ABORTED: 159 $result['result'] = 'Aborted'; 160 $result['reason'] = $loginForm->mAbortLoginErrorMsg; 161 break; 162 163 default: 164 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" ); 165 } 166 167 $this->getResult()->addValue( null, 'login', $result ); 168 } 169 170 public function mustBePosted() { 171 return true; 172 } 173 174 public function isReadMode() { 175 return false; 176 } 177 178 public function getAllowedParams() { 179 return array( 180 'name' => null, 181 'password' => null, 182 'domain' => null, 183 'token' => null, 184 ); 185 } 186 187 public function getParamDescription() { 188 return array( 189 'name' => 'User Name', 190 'password' => 'Password', 191 'domain' => 'Domain (optional)', 192 'token' => 'Login token obtained in first request', 193 ); 194 } 195 196 public function getDescription() { 197 return array( 198 'Log in and get the authentication tokens.', 199 'In the event of a successful log-in, a cookie will be attached to your session.', 200 'In the event of a failed log-in, you will not be able to attempt another log-in', 201 'through this method for 5 seconds. This is to prevent password guessing by', 202 'automated password crackers.' 203 ); 204 } 205 206 public function getExamples() { 207 return array( 208 'api.php?action=login&lgname=user&lgpassword=password' 209 ); 210 } 211 212 public function getHelpUrls() { 213 return 'https://www.mediawiki.org/wiki/API:Login'; 214 } 215 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 14:03:12 2014 | Cross-referenced by PHPXref 0.7.1 |