Instead of just giving an error message on login if a session cookie
is not detected, we now do a redirect. Some scripts and other tools go straight to the login page, so they wouldn't have a cookie. If the redirect cookie check fails, returns an appropriate message for new accounts or for login. Also, added two new messages to the language file, for cookie-check errors.
This commit is contained in:
Evan Prodromou
parent
52adc19872
commit
9ead07fe9c
2 changed files with 74 additions and 56 deletions
|
|
@ -4,13 +4,17 @@ function wfSpecialUserlogin()
|
|||
{
|
||||
global $wpCreateaccount, $wpCreateaccountMail;
|
||||
global $wpLoginattempt, $wpMailmypassword;
|
||||
global $action;
|
||||
global $action, $_REQUEST;
|
||||
|
||||
$fields = array( "wpName", "wpPassword", "wpName",
|
||||
"wpPassword", "wpRetype", "wpEmail" );
|
||||
wfCleanFormFields( $fields );
|
||||
|
||||
if ( isset( $wpCreateaccount ) ) {
|
||||
$wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
|
||||
|
||||
if ( isset( $wpCookieCheck ) ) {
|
||||
onCookieRedirectCheck( $wpCookieCheck );
|
||||
} else if ( isset( $wpCreateaccount ) ) {
|
||||
addNewAccount();
|
||||
} else if ( isset( $wpCreateaccountMail ) ) {
|
||||
addNewAccountMailPassword();
|
||||
|
|
@ -68,18 +72,23 @@ function wfSpecialUserlogin()
|
|||
}
|
||||
|
||||
$wgUser = $u;
|
||||
successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
|
||||
$wgUser->setCookies();
|
||||
|
||||
$up = new UserUpdate();
|
||||
array_push( $wgDeferredUpdateList, $up );
|
||||
|
||||
if (hasSessionCookie()) {
|
||||
return successfulLogin( wfMsg( "welcomecreation", $wgUser->getName() ) );
|
||||
} else {
|
||||
return cookieRedirectCheck("new");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* private */ function addNewAccountInternal()
|
||||
{
|
||||
global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
|
||||
global $wpEmail, $wgDeferredUpdateList;
|
||||
|
||||
if (!cookieCheck()) {
|
||||
return;
|
||||
}
|
||||
global $wpEmail;
|
||||
|
||||
if (!$wgUser->isAllowedToCreateAccount()) {
|
||||
userNotPrivilegedMessage();
|
||||
|
|
@ -124,12 +133,9 @@ function wfSpecialUserlogin()
|
|||
/* private */ function processLogin()
|
||||
{
|
||||
global $wgUser, $wpName, $wpPassword, $wpRemember;
|
||||
global $wgDeferredUpdateList;
|
||||
global $returnto;
|
||||
|
||||
if (!cookieCheck()) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( "" == $wpName ) {
|
||||
mainLoginForm( wfMsg( "noname" ) );
|
||||
return;
|
||||
|
|
@ -161,7 +167,16 @@ function wfSpecialUserlogin()
|
|||
$u->setOption( "rememberpassword", $r );
|
||||
|
||||
$wgUser = $u;
|
||||
successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
|
||||
$wgUser->setCookies();
|
||||
|
||||
$up = new UserUpdate();
|
||||
array_push( $wgDeferredUpdateList, $up );
|
||||
|
||||
if (hasSessionCookie()) {
|
||||
return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
|
||||
} else {
|
||||
return cookieRedirectCheck( "login" );
|
||||
}
|
||||
}
|
||||
|
||||
/* private */ function mailPassword()
|
||||
|
|
@ -225,24 +240,17 @@ function wfSpecialUserlogin()
|
|||
|
||||
/* private */ function successfulLogin( $msg )
|
||||
{
|
||||
global $wgUser, $wgOut, $returnto;
|
||||
global $wgDeferredUpdateList;
|
||||
global $wgUser;
|
||||
global $wgDeferredUpdateList;
|
||||
global $wgOut, $returnto;
|
||||
|
||||
$wgUser->setCookies();
|
||||
$up = new UserUpdate();
|
||||
array_push( $wgDeferredUpdateList, $up );
|
||||
|
||||
$wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
|
||||
$wgOut->setRobotpolicy( "noindex,nofollow" );
|
||||
$wgOut->setArticleFlag( false );
|
||||
$wgOut->addHTML( $msg . "\n<p>" );
|
||||
$wgOut->returnToMain();
|
||||
$wgOut->setPageTitle( wfMsg( "loginsuccesstitle" ) );
|
||||
$wgOut->setRobotpolicy( "noindex,nofollow" );
|
||||
$wgOut->setArticleFlag( false );
|
||||
$wgOut->addHTML( $msg . "\n<p>" );
|
||||
$wgOut->returnToMain();
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function userNotPrivilegedMessage()
|
||||
{
|
||||
global $wgOut, $wgUser, $wgLang;
|
||||
|
|
@ -255,9 +263,6 @@ function userNotPrivilegedMessage()
|
|||
$wgOut->returnToMain( false );
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* private */ function mainLoginForm( $err )
|
||||
{
|
||||
global $wgUser, $wgOut, $wgLang, $returnto;
|
||||
|
|
@ -293,7 +298,8 @@ function userNotPrivilegedMessage()
|
|||
$wgOut->setArticleFlag( false );
|
||||
|
||||
if ( "" == $err ) {
|
||||
$wgOut->addHTML( "<h2>$li:</h2>\n" );
|
||||
$lp = wfMsg( "loginprompt" );
|
||||
$wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" );
|
||||
} else {
|
||||
$wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
|
||||
color='red'>$err</font>\n" );
|
||||
|
|
@ -365,30 +371,41 @@ $cambutton
|
|||
|
||||
}
|
||||
|
||||
/* private */ function cookieCheck() {
|
||||
/* private */ function hasSessionCookie()
|
||||
{
|
||||
global $HTTP_COOKIE_VARS;
|
||||
global $wgDisableCookieCheck;
|
||||
|
||||
return ( $wgDisableCookieCheck ) ? true : ( "" != $HTTP_COOKIE_VARS[session_name()]);
|
||||
}
|
||||
|
||||
/* private */ function cookieRedirectCheck( $type )
|
||||
{
|
||||
global $wgOut, $wgLang;
|
||||
|
||||
global $HTTP_COOKIE_VARS, $wgOut, $returnto;
|
||||
global $wgDisableCookieCheck;
|
||||
$check = wfLocalUrl( $wgLang->specialPage( "Userlogin" ),
|
||||
"wpCookieCheck=$type" );
|
||||
|
||||
if ( $wgDisableCookieCheck ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
# XXX: kind of crude check to see if cookies are enabled, but it works OK
|
||||
|
||||
if ( "" == $HTTP_COOKIE_VARS[session_name()])
|
||||
{
|
||||
# Don't go back to login page; they won't get time to
|
||||
# enable cookies and send us one, so they'll get this msg again. Instead,
|
||||
# let them enable cookies on the error page, then go back to login page.
|
||||
# XXX: wipes returnto, unfortunately.
|
||||
|
||||
$returnto = "Special:Userlogin";
|
||||
$wgOut->errorpage( "nocookies", "nocookiestext" );
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
return $wgOut->redirect( $check );
|
||||
}
|
||||
|
||||
/* private */ function onCookieRedirectCheck( $type ) {
|
||||
|
||||
global $wgUser;
|
||||
|
||||
if (!hasSessionCookie()) {
|
||||
if ( $type == "new" ) {
|
||||
return mainLoginForm( wfMsg( "nocookiesnew" ) );
|
||||
} else if ( $type == "login" ) {
|
||||
return mainLoginForm( wfMsg( "nocookieslogin" ) );
|
||||
} else {
|
||||
# shouldn't happen
|
||||
return mainLoginForm( wfMsg( "error" ) );
|
||||
}
|
||||
} else {
|
||||
return successfulLogin( wfMsg( "loginsuccess", $wgUser->getName() ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -544,6 +544,7 @@ Your e-mail address is optional; if you lose your password you can request
|
|||
that it be to the address you give.<br>\n",
|
||||
|
||||
"login" => "Log in",
|
||||
"loginprompt" => "You must have cookies enabled to log in to $wgSitename.",
|
||||
"userlogin" => "Log in",
|
||||
"logout" => "Log out",
|
||||
"userlogout" => "Log out",
|
||||
|
|
@ -559,8 +560,8 @@ contact you through the website without you having to reveal your
|
|||
email address to them, and it also helps you if you forget your
|
||||
password.",
|
||||
"loginerror" => "Login error",
|
||||
"nocookies" => "Cookies disabled",
|
||||
"nocookiestext" => "The wiki uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
|
||||
"nocookiesnew" => "The user account was created, but you are not logged in. $wgSitename uses cookies to log in users. You have cookies disabled. Please enable them, then log in with your new username and password.",
|
||||
"nocookieslogin" => "$wgSitename uses cookies to log in users. You have cookies disabled. Please enable them and try again.",
|
||||
"noname" => "You have not specified a valid user name.",
|
||||
"loginsuccesstitle" => "Login successful",
|
||||
"loginsuccess" => "You are now logged in to $wgSitename as \"$1\".",
|
||||
|
|
|
|||
Loading…
Reference in a new issue