diff options
Diffstat (limited to 'includes/SpecialUserlogin.php')
-rw-r--r-- | includes/SpecialUserlogin.php | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index e8f33b8d..f358c1fd 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -8,7 +8,6 @@ * constructor */ function wfSpecialUserlogin() { - global $wgCommandLineMode; global $wgRequest; if( session_id() == '' ) { wfSetupSession(); @@ -32,6 +31,7 @@ class LoginForm { const WRONG_PASS = 5; const EMPTY_PASS = 6; const RESET_PASS = 7; + const ABORTED = 8; var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted; var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword; @@ -264,6 +264,11 @@ class LoginForm { $this->mainLoginForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) ); return false; } + + # Set some additional data so the AbortNewAccount hook can be + # used for more than just username validation + $u->setEmail( $this->mEmail ); + $u->setRealName( $this->mRealName ); $abortError = ''; if( !wfRunHooks( 'AbortNewAccount', array( $u, &$abortError ) ) ) { @@ -290,7 +295,7 @@ class LoginForm { return false; } - return $this->initUser( $u ); + return $this->initUser( $u, false ); } /** @@ -298,10 +303,11 @@ class LoginForm { * Give it a User object that has been initialised with a name. * * @param $u User object. + * @param $autocreate boolean -- true if this is an autocreation via auth plugin * @return User object. * @private */ - function initUser( $u ) { + function initUser( $u, $autocreate ) { global $wgAuth; $u->addToDatabase(); @@ -314,7 +320,7 @@ class LoginForm { $u->setRealName( $this->mRealName ); $u->setToken(); - $wgAuth->initUser( $u ); + $wgAuth->initUser( $u, $autocreate ); $u->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 ); $u->saveSettings(); @@ -353,7 +359,7 @@ class LoginForm { */ if ( $wgAuth->autoCreate() && $wgAuth->userExists( $u->getName() ) ) { if ( $wgAuth->authenticate( $u->getName(), $this->mPassword ) ) { - $u = $this->initUser( $u ); + $u = $this->initUser( $u, true ); } else { return self::WRONG_PLUGIN_PASS; } @@ -364,8 +370,13 @@ class LoginForm { $u->load(); } - if (!$u->checkPassword( $this->mPassword )) { + // Give general extensions, such as a captcha, a chance to abort logins + $abort = self::ABORTED; + if( !wfRunHooks( 'AbortLogin', array( $u, $this->mPassword, &$abort ) ) ) { + return $abort; + } + if (!$u->checkPassword( $this->mPassword )) { if( $u->checkTemporaryPassword( $this->mPassword ) ) { // The e-mailed temporary password should not be used // for actual logins; that's a very sloppy habit, @@ -394,16 +405,18 @@ class LoginForm { // reset form; bot interfaces etc will probably just // fail cleanly here. // - return self::RESET_PASS; + $retval = self::RESET_PASS; } else { - return '' == $this->mPassword ? self::EMPTY_PASS : self::WRONG_PASS; + $retval = '' == $this->mPassword ? self::EMPTY_PASS : self::WRONG_PASS; } } else { $wgAuth->updateUser( $u ); $wgUser = $u; - return self::SUCCESS; + $retval = self::SUCCESS; } + wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $retval ) ); + return $retval; } function processLogin() { @@ -697,6 +710,7 @@ class LoginForm { $wgOut->setPageTitle( wfMsg( 'userlogin' ) ); $wgOut->setRobotpolicy( 'noindex,nofollow' ); $wgOut->setArticleRelated( false ); + $wgOut->disallowUserJs(); // just in case... $wgOut->addTemplate( $template ); } @@ -809,4 +823,4 @@ class LoginForm { return $skin->makeKnownLinkObj( $self, htmlspecialchars( $text ), implode( '&', $attr ) ); } } -?> + |