includes/specials/SpecialUserlogout.php

   1 <?php
   2 /**
   3  * Implements Special:Userlogout
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 /**
  25  * Implements Special:Userlogout
  26  *
  27  * @ingroup SpecialPage
  28  */
  29 class SpecialUserLogout extends UnlistedSpecialPage {
  30         function __construct() {
  31                 parent::__construct( 'Userlogout' );
  32         }
  33
  34         public function doesWrites() {
  35                 return true;
  36         }
  37
  38         function execute( $par ) {
  39                 /**
  40                  * Some satellite ISPs use broken precaching schemes that log people out straight after
  41                  * they're logged in (T19790). Luckily, there's a way to detect such requests.
  42                  */
  43                 if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&amp;' ) !== false ) {
  44                         wfDebug( "Special:UserLogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
  45                         throw new HttpError( 400, $this->msg( 'suspicious-userlogout' ), $this->msg( 'loginerror' ) );
  46                 }
  47
  48                 $this->setHeaders();
  49                 $this->outputHeader();
  50
  51                 $out = $this->getOutput();
  52                 $user = $this->getUser();
  53                 $request = $this->getRequest();
  54
  55                 $logoutToken = $request->getVal( 'logoutToken' );
  56                 $urlParams = [
  57                         'logoutToken' => $user->getEditToken( 'logoutToken', $request )
  58                 ] + $request->getValues();
  59                 unset( $urlParams['title'] );
  60                 $continueLink = $this->getFullTitle()->getFullUrl( $urlParams );
  61
  62                 if ( $logoutToken === null ) {
  63                         $this->getOutput()->addWikiMsg( 'userlogout-continue', $continueLink );
  64                         return;
  65                 }
  66                 if ( !$this->getUser()->matchEditToken(
  67                         $logoutToken, 'logoutToken', $this->getRequest(), 24 * 60 * 60
  68                 ) ) {
  69                         $this->getOutput()->addWikiMsg( 'userlogout-sessionerror', $continueLink );
  70                         return;
  71                 }
  72
  73                 // Make sure it's possible to log out
  74                 $session = MediaWiki\Session\SessionManager::getGlobalSession();
  75                 if ( !$session->canSetUser() ) {
  76                         throw new ErrorPageError(
  77                                 'cannotlogoutnow-title',
  78                                 'cannotlogoutnow-text',
  79                                 [
  80                                         $session->getProvider()->describe( RequestContext::getMain()->getLanguage() )
  81                                 ]
  82                         );
  83                 }
  84
  85                 $user = $this->getUser();
  86                 $oldName = $user->getName();
  87
  88                 $user->logout();
  89
  90                 $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL(
  91                         $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
  92
  93                 $out = $this->getOutput();
  94                 $out->addWikiMsg( 'logouttext', $loginURL );
  95
  96                 // Hook.
  97                 $injected_html = '';
  98                 Hooks::run( 'UserLogoutComplete', [ &$user, &$injected_html, $oldName ] );
  99                 $out->addHTML( $injected_html );
 100
 101                 $out->returnToMain();
 102         }
 103
 104         protected function getGroupName() {
 105                 return 'login';
 106         }
 107 }