includes/specials/SpecialCreateAccount.php

   1 <?php
   2 /**
   3  * Implements Special:CreateAccount
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 use MediaWiki\Auth\AuthManager;
  25 use MediaWiki\Logger\LoggerFactory;
  26
  27 /**
  28  * Implements Special:CreateAccount
  29  *
  30  * @ingroup SpecialPage
  31  */
  32 class SpecialCreateAccount extends LoginSignupSpecialPage {
  33         protected static $allowedActions = [
  34                 AuthManager::ACTION_CREATE,
  35                 AuthManager::ACTION_CREATE_CONTINUE
  36         ];
  37
  38         protected static $messages = [
  39                 'authform-newtoken' => 'nocookiesfornew',
  40                 'authform-notoken' => 'sessionfailure',
  41                 'authform-wrongtoken' => 'sessionfailure',
  42         ];
  43
  44         public function __construct() {
  45                 parent::__construct( 'CreateAccount' );
  46         }
  47
  48         public function doesWrites() {
  49                 return true;
  50         }
  51
  52         public function isRestricted() {
  53                 return !User::groupHasPermission( '*', 'createaccount' );
  54         }
  55
  56         public function userCanExecute( User $user ) {
  57                 return $user->isAllowed( 'createaccount' );
  58         }
  59
  60         public function checkPermissions() {
  61                 parent::checkPermissions();
  62
  63                 $user = $this->getUser();
  64                 $status = AuthManager::singleton()->checkAccountCreatePermissions( $user );
  65                 if ( !$status->isGood() ) {
  66                         throw new ErrorPageError( 'createacct-error', $status->getMessage() );
  67                 }
  68         }
  69
  70         protected function getLoginSecurityLevel() {
  71                 return false;
  72         }
  73
  74         protected function getDefaultAction( $subPage ) {
  75                 return AuthManager::ACTION_CREATE;
  76         }
  77
  78         public function getDescription() {
  79                 return $this->msg( 'createaccount' )->text();
  80         }
  81
  82         protected function isSignup() {
  83                 return true;
  84         }
  85
  86         /**
  87          * Run any hooks registered for logins, then display a message welcoming
  88          * the user.
  89          * @param bool $direct True if the action was successful just now; false if that happened
  90          *    pre-redirection (so this handler was called already)
  91          * @param StatusValue|null $extraMessages
  92          */
  93         protected function successfulAction( $direct = false, $extraMessages = null ) {
  94                 $session = $this->getRequest()->getSession();
  95                 $user = $this->targetUser ?: $this->getUser();
  96
  97                 if ( $direct ) {
  98                         # Only save preferences if the user is not creating an account for someone else.
  99                         if ( !$this->proxyAccountCreation ) {
 100                                 Hooks::run( 'AddNewAccount', [ $user, false ] );
 101
 102                                 // If the user does not have a session cookie at this point, they probably need to
 103                                 // do something to their browser.
 104                                 if ( !$this->hasSessionCookie() ) {
 105                                         $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
 106                                         // TODO something more specific? This used to use nocookiesnew
 107                                         // FIXME should redirect to login page instead?
 108                                         return;
 109                                 }
 110                         } else {
 111                                 $byEmail = false; // FIXME no way to set this
 112
 113                                 Hooks::run( 'AddNewAccount', [ $user, $byEmail ] );
 114
 115                                 $out = $this->getOutput();
 116                                 $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
 117                                 if ( $byEmail ) {
 118                                         $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
 119                                 } else {
 120                                         $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
 121                                 }
 122
 123                                 $rt = Title::newFromText( $this->mReturnTo );
 124                                 $out->addReturnTo(
 125                                         ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
 126                                         wfCgiToArray( $this->mReturnToQuery )
 127                                 );
 128                                 return;
 129                         }
 130                 }
 131
 132                 $this->clearToken();
 133
 134                 # Run any hooks; display injected HTML
 135                 $injected_html = '';
 136                 $welcome_creation_msg = 'welcomecreation-msg';
 137                 Hooks::run( 'UserLoginComplete', [ &$user, &$injected_html, $direct ] );
 138
 139                 /**
 140                  * Let any extensions change what message is shown.
 141                  * @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation
 142                  * @since 1.18
 143                  */
 144                 Hooks::run( 'BeforeWelcomeCreation', [ &$welcome_creation_msg, &$injected_html ] );
 145
 146                 $this->showSuccessPage( 'signup', $this->msg( 'welcomeuser', $this->getUser()->getName() ),
 147                         $welcome_creation_msg, $injected_html, $extraMessages );
 148         }
 149
 150         protected function getToken() {
 151                 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
 152         }
 153
 154         protected function clearToken() {
 155                 return $this->getRequest()->getSession()->resetToken( 'createaccount' );
 156         }
 157
 158         protected function getTokenName() {
 159                 return 'wpCreateaccountToken';
 160         }
 161
 162         protected function getGroupName() {
 163                 return 'login';
 164         }
 165
 166         protected function logAuthResult( $success, $status = null ) {
 167                 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
 168                         'event' => 'accountcreation',
 169                         'successful' => $success,
 170                         'status' => $status,
 171                 ] );
 172         }
 173 }