- Generated on Sun Nov 11 2012 00:00:49 for MediaWiki by
1.7.6.1
|
MediaWiki
master
|
00001 <?php 00033 class ApiLogin extends ApiBase { 00034 00035 public function __construct( $main, $action ) { 00036 parent::__construct( $main, $action, 'lg' ); 00037 } 00038 00048 public function execute() { 00049 $params = $this->extractRequestParams(); 00050 00051 $result = array(); 00052 00053 // Init session if necessary 00054 if ( session_id() == '' ) { 00055 wfSetupSession(); 00056 } 00057 00058 $context = new DerivativeContext( $this->getContext() ); 00059 $context->setRequest( new DerivativeRequest( 00060 $this->getContext()->getRequest(), 00061 array( 00062 'wpName' => $params['name'], 00063 'wpPassword' => $params['password'], 00064 'wpDomain' => $params['domain'], 00065 'wpLoginToken' => $params['token'], 00066 'wpRemember' => '' 00067 ) 00068 ) ); 00069 $loginForm = new LoginForm(); 00070 $loginForm->setContext( $context ); 00071 00072 global $wgCookiePrefix, $wgPasswordAttemptThrottle; 00073 00074 $authRes = $loginForm->authenticateUserData(); 00075 switch ( $authRes ) { 00076 case LoginForm::SUCCESS: 00077 $user = $context->getUser(); 00078 $this->getContext()->setUser( $user ); 00079 $user->setOption( 'rememberpassword', 1 ); 00080 $user->setCookies( $this->getRequest() ); 00081 00082 ApiQueryInfo::resetTokenCache(); 00083 00084 // Run hooks. 00085 // @todo FIXME: Split back and frontend from this hook. 00086 // @todo FIXME: This hook should be placed in the backend 00087 $injected_html = ''; 00088 wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) ); 00089 00090 $result['result'] = 'Success'; 00091 $result['lguserid'] = intval( $user->getId() ); 00092 $result['lgusername'] = $user->getName(); 00093 $result['lgtoken'] = $user->getToken(); 00094 $result['cookieprefix'] = $wgCookiePrefix; 00095 $result['sessionid'] = session_id(); 00096 break; 00097 00098 case LoginForm::NEED_TOKEN: 00099 $result['result'] = 'NeedToken'; 00100 $result['token'] = $loginForm->getLoginToken(); 00101 $result['cookieprefix'] = $wgCookiePrefix; 00102 $result['sessionid'] = session_id(); 00103 break; 00104 00105 case LoginForm::WRONG_TOKEN: 00106 $result['result'] = 'WrongToken'; 00107 break; 00108 00109 case LoginForm::NO_NAME: 00110 $result['result'] = 'NoName'; 00111 break; 00112 00113 case LoginForm::ILLEGAL: 00114 $result['result'] = 'Illegal'; 00115 break; 00116 00117 case LoginForm::WRONG_PLUGIN_PASS: 00118 $result['result'] = 'WrongPluginPass'; 00119 break; 00120 00121 case LoginForm::NOT_EXISTS: 00122 $result['result'] = 'NotExists'; 00123 break; 00124 00125 case LoginForm::RESET_PASS: // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;" 00126 case LoginForm::WRONG_PASS: 00127 $result['result'] = 'WrongPass'; 00128 break; 00129 00130 case LoginForm::EMPTY_PASS: 00131 $result['result'] = 'EmptyPass'; 00132 break; 00133 00134 case LoginForm::CREATE_BLOCKED: 00135 $result['result'] = 'CreateBlocked'; 00136 $result['details'] = 'Your IP address is blocked from account creation'; 00137 break; 00138 00139 case LoginForm::THROTTLED: 00140 $result['result'] = 'Throttled'; 00141 $result['wait'] = intval( $wgPasswordAttemptThrottle['seconds'] ); 00142 break; 00143 00144 case LoginForm::USER_BLOCKED: 00145 $result['result'] = 'Blocked'; 00146 break; 00147 00148 case LoginForm::ABORTED: 00149 $result['result'] = 'Aborted'; 00150 $result['reason'] = $loginForm->mAbortLoginErrorMsg; 00151 break; 00152 00153 default: 00154 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" ); 00155 } 00156 00157 $this->getResult()->addValue( null, 'login', $result ); 00158 } 00159 00160 public function mustBePosted() { 00161 return true; 00162 } 00163 00164 public function isReadMode() { 00165 return false; 00166 } 00167 00168 public function getAllowedParams() { 00169 return array( 00170 'name' => null, 00171 'password' => null, 00172 'domain' => null, 00173 'token' => null, 00174 ); 00175 } 00176 00177 public function getParamDescription() { 00178 return array( 00179 'name' => 'User Name', 00180 'password' => 'Password', 00181 'domain' => 'Domain (optional)', 00182 'token' => 'Login token obtained in first request', 00183 ); 00184 } 00185 00186 public function getResultProperties() { 00187 return array( 00188 '' => array( 00189 'result' => array( 00190 ApiBase::PROP_TYPE => array( 00191 'Success', 00192 'NeedToken', 00193 'WrongToken', 00194 'NoName', 00195 'Illegal', 00196 'WrongPluginPass', 00197 'NotExists', 00198 'WrongPass', 00199 'EmptyPass', 00200 'CreateBlocked', 00201 'Throttled', 00202 'Blocked', 00203 'Aborted' 00204 ) 00205 ), 00206 'lguserid' => array( 00207 ApiBase::PROP_TYPE => 'integer', 00208 ApiBase::PROP_NULLABLE => true 00209 ), 00210 'lgusername' => array( 00211 ApiBase::PROP_TYPE => 'string', 00212 ApiBase::PROP_NULLABLE => true 00213 ), 00214 'lgtoken' => array( 00215 ApiBase::PROP_TYPE => 'string', 00216 ApiBase::PROP_NULLABLE => true 00217 ), 00218 'cookieprefix' => array( 00219 ApiBase::PROP_TYPE => 'string', 00220 ApiBase::PROP_NULLABLE => true 00221 ), 00222 'sessionid' => array( 00223 ApiBase::PROP_TYPE => 'string', 00224 ApiBase::PROP_NULLABLE => true 00225 ), 00226 'token' => array( 00227 ApiBase::PROP_TYPE => 'string', 00228 ApiBase::PROP_NULLABLE => true 00229 ), 00230 'details' => array( 00231 ApiBase::PROP_TYPE => 'string', 00232 ApiBase::PROP_NULLABLE => true 00233 ), 00234 'wait' => array( 00235 ApiBase::PROP_TYPE => 'integer', 00236 ApiBase::PROP_NULLABLE => true 00237 ), 00238 'reason' => array( 00239 ApiBase::PROP_TYPE => 'string', 00240 ApiBase::PROP_NULLABLE => true 00241 ) 00242 ) 00243 ); 00244 } 00245 00246 public function getDescription() { 00247 return array( 00248 'Log in and get the authentication tokens. ', 00249 'In the event of a successful log-in, a cookie will be attached', 00250 'to your session. In the event of a failed log-in, you will not ', 00251 'be able to attempt another log-in through this method for 5 seconds.', 00252 'This is to prevent password guessing by automated password crackers' 00253 ); 00254 } 00255 00256 public function getPossibleErrors() { 00257 return array_merge( parent::getPossibleErrors(), array( 00258 array( 'code' => 'NeedToken', 'info' => 'You need to resubmit your login with the specified token. See https://bugzilla.wikimedia.org/show_bug.cgi?id=23076' ), 00259 array( 'code' => 'WrongToken', 'info' => 'You specified an invalid token' ), 00260 array( 'code' => 'NoName', 'info' => 'You didn\'t set the lgname parameter' ), 00261 array( 'code' => 'Illegal', 'info' => ' You provided an illegal username' ), 00262 array( 'code' => 'NotExists', 'info' => ' The username you provided doesn\'t exist' ), 00263 array( 'code' => 'EmptyPass', 'info' => ' You didn\'t set the lgpassword parameter or you left it empty' ), 00264 array( 'code' => 'WrongPass', 'info' => ' The password you provided is incorrect' ), 00265 array( 'code' => 'WrongPluginPass', 'info' => 'Same as "WrongPass", returned when an authentication plugin rather than MediaWiki itself rejected the password' ), 00266 array( 'code' => 'CreateBlocked', 'info' => 'The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation' ), 00267 array( 'code' => 'Throttled', 'info' => 'You\'ve logged in too many times in a short time' ), 00268 array( 'code' => 'Blocked', 'info' => 'User is blocked' ), 00269 ) ); 00270 } 00271 00272 public function getExamples() { 00273 return array( 00274 'api.php?action=login&lgname=user&lgpassword=password' 00275 ); 00276 } 00277 00278 public function getHelpUrls() { 00279 return 'https://www.mediawiki.org/wiki/API:Login'; 00280 } 00281 00282 public function getVersion() { 00283 return __CLASS__ . ': $Id$'; 00284 } 00285 }
1.7.6.1