00001 <?php
00002
00027 if ( !defined( 'MEDIAWIKI' ) ) {
00028
00029 require_once( 'ApiBase.php' );
00030 }
00031
00037 class ApiLogin extends ApiBase {
00038
00039 public function __construct( $main, $action ) {
00040 parent::__construct( $main, $action, 'lg' );
00041 }
00042
00052 public function execute() {
00053 $params = $this->extractRequestParams();
00054
00055 $result = array();
00056
00057 $req = new FauxRequest( array(
00058 'wpName' => $params['name'],
00059 'wpPassword' => $params['password'],
00060 'wpDomain' => $params['domain'],
00061 'wpLoginToken' => $params['token'],
00062 'wpRemember' => ''
00063 ) );
00064
00065
00066 if ( session_id() == '' ) {
00067 wfSetupSession();
00068 }
00069
00070 $loginForm = new LoginForm( $req );
00071 switch ( $authRes = $loginForm->authenticateUserData() ) {
00072 case LoginForm::SUCCESS:
00073 global $wgUser, $wgCookiePrefix;
00074
00075 $wgUser->setOption( 'rememberpassword', 1 );
00076 $wgUser->setCookies();
00077
00078
00079
00080 $injected_html = '';
00081 wfRunHooks( 'UserLoginComplete', array( &$wgUser, &$injected_html ) );
00082
00083 $result['result'] = 'Success';
00084 $result['lguserid'] = intval( $wgUser->getId() );
00085 $result['lgusername'] = $wgUser->getName();
00086 $result['lgtoken'] = $wgUser->getToken();
00087 $result['cookieprefix'] = $wgCookiePrefix;
00088 $result['sessionid'] = session_id();
00089 break;
00090
00091 case LoginForm::NEED_TOKEN:
00092 global $wgCookiePrefix;
00093 $result['result'] = 'NeedToken';
00094 $result['token'] = $loginForm->getLoginToken();
00095 $result['cookieprefix'] = $wgCookiePrefix;
00096 $result['sessionid'] = session_id();
00097 break;
00098
00099 case LoginForm::WRONG_TOKEN:
00100 $result['result'] = 'WrongToken';
00101 break;
00102
00103 case LoginForm::NO_NAME:
00104 $result['result'] = 'NoName';
00105 break;
00106
00107 case LoginForm::ILLEGAL:
00108 $result['result'] = 'Illegal';
00109 break;
00110
00111 case LoginForm::WRONG_PLUGIN_PASS:
00112 $result['result'] = 'WrongPluginPass';
00113 break;
00114
00115 case LoginForm::NOT_EXISTS:
00116 $result['result'] = 'NotExists';
00117 break;
00118
00119 case LoginForm::RESET_PASS:
00120 case LoginForm::WRONG_PASS:
00121 $result['result'] = 'WrongPass';
00122 break;
00123
00124 case LoginForm::EMPTY_PASS:
00125 $result['result'] = 'EmptyPass';
00126 break;
00127
00128 case LoginForm::CREATE_BLOCKED:
00129 $result['result'] = 'CreateBlocked';
00130 $result['details'] = 'Your IP address is blocked from account creation';
00131 break;
00132
00133 case LoginForm::THROTTLED:
00134 global $wgPasswordAttemptThrottle;
00135 $result['result'] = 'Throttled';
00136 $result['wait'] = intval( $wgPasswordAttemptThrottle['seconds'] );
00137 break;
00138
00139 case LoginForm::USER_BLOCKED:
00140 $result['result'] = 'Blocked';
00141 break;
00142
00143 default:
00144 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
00145 }
00146
00147 $this->getResult()->addValue( null, 'login', $result );
00148 }
00149
00150 public function mustBePosted() {
00151 return true;
00152 }
00153
00154 public function isReadMode() {
00155 return false;
00156 }
00157
00158 public function getAllowedParams() {
00159 return array(
00160 'name' => null,
00161 'password' => null,
00162 'domain' => null,
00163 'token' => null,
00164 );
00165 }
00166
00167 public function getParamDescription() {
00168 return array(
00169 'name' => 'User Name',
00170 'password' => 'Password',
00171 'domain' => 'Domain (optional)',
00172 'token' => 'Login token obtained in first request',
00173 );
00174 }
00175
00176 public function getDescription() {
00177 return array(
00178 'This module is used to login and get the authentication tokens. ',
00179 'In the event of a successful log-in, a cookie will be attached',
00180 'to your session. In the event of a failed log-in, you will not ',
00181 'be able to attempt another log-in through this method for 5 seconds.',
00182 'This is to prevent password guessing by automated password crackers.'
00183 );
00184 }
00185
00186 public function getPossibleErrors() {
00187 return array_merge( parent::getPossibleErrors(), array(
00188 array( 'code' => 'NeedToken', 'info' => 'You need to resubmit your login with the specified token. See https://bugzilla.wikimedia.org/show_bug.cgi?id=23076' ),
00189 array( 'code' => 'WrongToken', 'info' => 'You specified an invalid token' ),
00190 array( 'code' => 'NoName', 'info' => 'You didn\'t set the lgname parameter' ),
00191 array( 'code' => 'Illegal', 'info' => ' You provided an illegal username' ),
00192 array( 'code' => 'NotExists', 'info' => ' The username you provided doesn\'t exist' ),
00193 array( 'code' => 'EmptyPass', 'info' => ' You didn\'t set the lgpassword parameter or you left it empty' ),
00194 array( 'code' => 'WrongPass', 'info' => ' The password you provided is incorrect' ),
00195 array( 'code' => 'WrongPluginPass', 'info' => 'Same as `WrongPass", returned when an authentication plugin rather than MediaWiki itself rejected the password' ),
00196 array( 'code' => 'CreateBlocked', 'info' => 'The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation' ),
00197 array( 'code' => 'Throttled', 'info' => 'You\'ve logged in too many times in a short time' ),
00198 array( 'code' => 'Blocked', 'info' => 'User is blocked' ),
00199 ) );
00200 }
00201
00202 protected function getExamples() {
00203 return array(
00204 'api.php?action=login&lgname=user&lgpassword=password'
00205 );
00206 }
00207
00208 public function getVersion() {
00209 return __CLASS__ . ': $Id: ApiLogin.php 64697 2010-04-07 09:05:05Z catrope $';
00210 }
00211 }