enwikipedia-acc / waca

includes/Pages/Statistics/StatsReservedRequests.php

Indentation +11 added lines, -11 removed lines

@@ -13,11 +13,11 @@ 
 
 class StatsReservedRequests extends InternalPageBase
 {
-    public function main()
-    {
-        $this->setHtmlTitle('Reserved Requests :: Statistics');
+	public function main()
+	{
+		$this->setHtmlTitle('Reserved Requests :: Statistics');
 
-        $query = <<<sql
+		$query = <<<sql
 SELECT
     p.id AS requestid,
     p.name AS name,
@@ -29,11 +29,11 @@ 
 WHERE reserved != 0;
 sql;
 
-        $database = $this->getDatabase();
-        $statement = $database->query($query);
-        $data = $statement->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign('dataTable', $data);
-        $this->assign('statsPageTitle', 'All currently reserved requests');
-        $this->setTemplate('statistics/reserved-requests.tpl');
-    }
+		$database = $this->getDatabase();
+		$statement = $database->query($query);
+		$data = $statement->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign('dataTable', $data);
+		$this->assign('statsPageTitle', 'All currently reserved requests');
+		$this->setTemplate('statistics/reserved-requests.tpl');
+	}
 }

includes/Pages/RequestAction/PageBreakReservation.php

Indentation +64 added lines, -64 removed lines

@@ -19,79 +19,79 @@
 
 class PageBreakReservation extends RequestActionBase
 {
-    protected function main()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database);
+	protected function main()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database);
 
-        if ($request->getReserved() === null) {
-            throw new ApplicationLogicException('Request is not reserved!');
-        }
+		if ($request->getReserved() === null) {
+			throw new ApplicationLogicException('Request is not reserved!');
+		}
 
-        $currentUser = User::getCurrent($database);
+		$currentUser = User::getCurrent($database);
 
-        if ($currentUser->getId() === $request->getReserved()) {
-            $this->doUnreserve($request, $database);
-        }
-        else {
-            // not the same user!
-            if ($this->barrierTest('force', $currentUser)) {
-                $this->doBreakReserve($request, $database);
-            }
-            else {
-                throw new AccessDeniedException($this->getSecurityManager());
-            }
-        }
-    }
+		if ($currentUser->getId() === $request->getReserved()) {
+			$this->doUnreserve($request, $database);
+		}
+		else {
+			// not the same user!
+			if ($this->barrierTest('force', $currentUser)) {
+				$this->doBreakReserve($request, $database);
+			}
+			else {
+				throw new AccessDeniedException($this->getSecurityManager());
+			}
+		}
+	}
 
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     *
-     * @throws Exception
-     */
-    protected function doUnreserve(Request $request, PdoDatabase $database)
-    {
-        // same user! we allow people to unreserve their own stuff
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 *
+	 * @throws Exception
+	 */
+	protected function doUnreserve(Request $request, PdoDatabase $database)
+	{
+		// same user! we allow people to unreserve their own stuff
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
 
-        Logger::unreserve($database, $request);
-        $this->getNotificationHelper()->requestUnreserved($request);
+		Logger::unreserve($database, $request);
+		$this->getNotificationHelper()->requestUnreserved($request);
 
-        // Redirect home!
-        $this->redirect();
-    }
+		// Redirect home!
+		$this->redirect();
+	}
 
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     *
-     * @throws Exception
-     */
-    protected function doBreakReserve(Request $request, PdoDatabase $database)
-    {
-        if (!WebRequest::postBoolean("confirm")) {
-            $this->assignCSRFToken();
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 *
+	 * @throws Exception
+	 */
+	protected function doBreakReserve(Request $request, PdoDatabase $database)
+	{
+		if (!WebRequest::postBoolean("confirm")) {
+			$this->assignCSRFToken();
 
-            $this->assign("request", $request->getId());
-            $this->assign("reservedUser", User::getById($request->getReserved(), $database));
-            $this->assign("updateversion", WebRequest::postInt('updateversion'));
+			$this->assign("request", $request->getId());
+			$this->assign("reservedUser", User::getById($request->getReserved(), $database));
+			$this->assign("updateversion", WebRequest::postInt('updateversion'));
 
-            $this->setTemplate("confirmations/breakreserve.tpl");
-        }
-        else {
-            $request->setReserved(null);
-            $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $request->save();
+			$this->setTemplate("confirmations/breakreserve.tpl");
+		}
+		else {
+			$request->setReserved(null);
+			$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$request->save();
 
-            Logger::breakReserve($database, $request);
-            $this->getNotificationHelper()->requestReserveBroken($request);
+			Logger::breakReserve($database, $request);
+			$this->getNotificationHelper()->requestReserveBroken($request);
 
-            // Redirect home!
-            $this->redirect();
-        }
-    }
+			// Redirect home!
+			$this->redirect();
+		}
+	}
 }

includes/Pages/RequestAction/PageComment.php

Indentation +36 added lines, -36 removed lines

@@ -15,51 +15,51 @@
 
 class PageComment extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database);
 
-        $commentText = WebRequest::postString('comment');
-        if ($commentText === false || $commentText == '') {
-            $this->redirect('viewRequest', null, array('id' => $request->getId()));
+		$commentText = WebRequest::postString('comment');
+		if ($commentText === false || $commentText == '') {
+			$this->redirect('viewRequest', null, array('id' => $request->getId()));
 
-            return;
-        }
+			return;
+		}
 
-        //Look for and detect IPv4/IPv6 addresses in comment text, and warn the commenter.
-        $ipv4Regex = '/\b' . RegexConstants::IPV4 . '\b/';
-        $ipv6Regex = '/\b' . RegexConstants::IPV6 . '\b/';
+		//Look for and detect IPv4/IPv6 addresses in comment text, and warn the commenter.
+		$ipv4Regex = '/\b' . RegexConstants::IPV4 . '\b/';
+		$ipv6Regex = '/\b' . RegexConstants::IPV6 . '\b/';
 
-        $overridePolicy = WebRequest::postBoolean('privpol-check-override');
+		$overridePolicy = WebRequest::postBoolean('privpol-check-override');
 
-        if ((preg_match($ipv4Regex, $commentText) || preg_match($ipv6Regex, $commentText)) && !$overridePolicy) {
-            $this->assignCSRFToken();
-            $this->assign("request", $request);
-            $this->assign("comment", $commentText);
-            $this->setTemplate("privpol-warning.tpl");
+		if ((preg_match($ipv4Regex, $commentText) || preg_match($ipv6Regex, $commentText)) && !$overridePolicy) {
+			$this->assignCSRFToken();
+			$this->assign("request", $request);
+			$this->assign("comment", $commentText);
+			$this->setTemplate("privpol-warning.tpl");
 
-            return;
-        }
+			return;
+		}
 
-        $visibility = WebRequest::postBoolean('adminOnly') ? 'admin' : 'user';
+		$visibility = WebRequest::postBoolean('adminOnly') ? 'admin' : 'user';
 
-        $comment = new Comment();
-        $comment->setDatabase($database);
+		$comment = new Comment();
+		$comment->setDatabase($database);
 
-        $comment->setRequest($request->getId());
-        $comment->setVisibility($visibility);
-        $comment->setUser(User::getCurrent($database)->getId());
-        $comment->setComment($commentText);
+		$comment->setRequest($request->getId());
+		$comment->setVisibility($visibility);
+		$comment->setUser(User::getCurrent($database)->getId());
+		$comment->setComment($commentText);
 
-        $comment->save();
+		$comment->save();
 
-        $this->getNotificationHelper()->commentCreated($comment, $request);
-        $this->redirect('viewRequest', null, array('id' => $request->getId()));
-    }
+		$this->getNotificationHelper()->commentCreated($comment, $request);
+		$this->redirect('viewRequest', null, array('id' => $request->getId()));
+	}
 }

includes/Pages/RequestAction/PageReservation.php

Indentation +43 added lines, -43 removed lines

@@ -17,58 +17,58 @@
 
 class PageReservation extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database);
 
-        $closureDate = $request->getClosureDate();
+		$closureDate = $request->getClosureDate();
 
-        $date = new DateTime();
-        $date->modify("-7 days");
-        $oneweek = $date->format("Y-m-d H:i:s");
+		$date = new DateTime();
+		$date->modify("-7 days");
+		$oneweek = $date->format("Y-m-d H:i:s");
 
-        $currentUser = User::getCurrent($database);
-        if ($request->getStatus() == "Closed" && $closureDate < $oneweek) {
-            if (!$this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')) {
-                throw new ApplicationLogicException(
-                    "You are not allowed to reserve a request that has been closed for over a week.");
-            }
-        }
+		$currentUser = User::getCurrent($database);
+		if ($request->getStatus() == "Closed" && $closureDate < $oneweek) {
+			if (!$this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')) {
+				throw new ApplicationLogicException(
+					"You are not allowed to reserve a request that has been closed for over a week.");
+			}
+		}
 
-        if ($request->getReserved() !== null && $request->getReserved() != $currentUser->getId()) {
-            throw new ApplicationLogicException("Request is already reserved!");
-        }
+		if ($request->getReserved() !== null && $request->getReserved() != $currentUser->getId()) {
+			throw new ApplicationLogicException("Request is already reserved!");
+		}
 
-        if ($request->getReserved() === null) {
-            // Check the number of requests a user has reserved already
-            $doubleReserveCountQuery = $database->prepare("SELECT COUNT(*) FROM request WHERE reserved = :userid;");
-            $doubleReserveCountQuery->bindValue(":userid", $currentUser->getId());
-            $doubleReserveCountQuery->execute();
-            $doubleReserveCount = $doubleReserveCountQuery->fetchColumn();
-            $doubleReserveCountQuery->closeCursor();
+		if ($request->getReserved() === null) {
+			// Check the number of requests a user has reserved already
+			$doubleReserveCountQuery = $database->prepare("SELECT COUNT(*) FROM request WHERE reserved = :userid;");
+			$doubleReserveCountQuery->bindValue(":userid", $currentUser->getId());
+			$doubleReserveCountQuery->execute();
+			$doubleReserveCount = $doubleReserveCountQuery->fetchColumn();
+			$doubleReserveCountQuery->closeCursor();
 
-            // User already has at least one reserved.
-            if ($doubleReserveCount != 0) {
-                SessionAlert::warning("You have multiple requests reserved!");
-            }
+			// User already has at least one reserved.
+			if ($doubleReserveCount != 0) {
+				SessionAlert::warning("You have multiple requests reserved!");
+			}
 
-            $request->setReserved($currentUser->getId());
-            $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $request->save();
+			$request->setReserved($currentUser->getId());
+			$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$request->save();
 
-            Logger::reserve($database, $request);
+			Logger::reserve($database, $request);
 
-            $this->getNotificationHelper()->requestReserved($request);
+			$this->getNotificationHelper()->requestReserved($request);
 
-            SessionAlert::success("Reserved request {$request->getId()}.");
-        }
+			SessionAlert::success("Reserved request {$request->getId()}.");
+		}
 
-        $this->redirect('viewRequest', null, array('id' => $request->getId()));
-    }
+		$this->redirect('viewRequest', null, array('id' => $request->getId()));
+	}
 }

includes/Pages/RequestAction/PageDeferRequest.php

Indentation +41 added lines, -41 removed lines

@@ -17,57 +17,57 @@
 
 class PageDeferRequest extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database);
-        $currentUser = User::getCurrent($database);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database);
+		$currentUser = User::getCurrent($database);
 
-        $target = WebRequest::postString('target');
-        $requestStates = $this->getSiteConfiguration()->getRequestStates();
+		$target = WebRequest::postString('target');
+		$requestStates = $this->getSiteConfiguration()->getRequestStates();
 
-        if (!array_key_exists($target, $requestStates)) {
-            throw new ApplicationLogicException('Defer target not valid');
-        }
+		if (!array_key_exists($target, $requestStates)) {
+			throw new ApplicationLogicException('Defer target not valid');
+		}
 
-        if ($request->getStatus() == $target) {
-            SessionAlert::warning('This request is already in the specified queue.');
-            $this->redirect('viewRequest', null, array('id' => $request->getId()));
+		if ($request->getStatus() == $target) {
+			SessionAlert::warning('This request is already in the specified queue.');
+			$this->redirect('viewRequest', null, array('id' => $request->getId()));
 
-            return;
-        }
+			return;
+		}
 
-        $closureDate = $request->getClosureDate();
-        $date = new DateTime();
-        $date->modify("-7 days");
-        $oneweek = $date->format("Y-m-d H:i:s");
+		$closureDate = $request->getClosureDate();
+		$date = new DateTime();
+		$date->modify("-7 days");
+		$oneweek = $date->format("Y-m-d H:i:s");
 
 
-        if ($request->getStatus() == "Closed" && $closureDate < $oneweek) {
-            if (!$this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')) {
-                throw new ApplicationLogicException(
-                    "You are not allowed to re-open a request that has been closed for over a week.");
-            }
-        }
+		if ($request->getStatus() == "Closed" && $closureDate < $oneweek) {
+			if (!$this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')) {
+				throw new ApplicationLogicException(
+					"You are not allowed to re-open a request that has been closed for over a week.");
+			}
+		}
 
-        $request->setReserved(null);
-        $request->setStatus($target);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
+		$request->setReserved(null);
+		$request->setStatus($target);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
 
-        $deto = $requestStates[$target]['deferto'];
-        $detolog = $requestStates[$target]['defertolog'];
+		$deto = $requestStates[$target]['deferto'];
+		$detolog = $requestStates[$target]['defertolog'];
 
-        Logger::deferRequest($database, $request, $detolog);
+		Logger::deferRequest($database, $request, $detolog);
 
-        $this->getNotificationHelper()->requestDeferred($request);
-        SessionAlert::success("Request {$request->getId()} deferred to {$deto}");
+		$this->getNotificationHelper()->requestDeferred($request);
+		SessionAlert::success("Request {$request->getId()} deferred to {$deto}");
 
-        $this->redirect();
-    }
+		$this->redirect();
+	}
 }

includes/Pages/RequestAction/PageCustomClose.php

Indentation +260 added lines, -260 removed lines

@@ -23,264 +23,264 @@
 
 class PageCustomClose extends PageCloseRequest
 {
-    use RequestData;
-
-    protected function main()
-    {
-        $database = $this->getDatabase();
-
-        $request = $this->getRequest($database);
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        // Dual-mode page
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $this->doCustomClose($currentUser, $request, $database);
-
-            $this->redirect();
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->showCustomCloseForm($database, $request);
-        }
-    }
-
-    /**
-     * @param $database
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database)
-    {
-        $requestId = WebRequest::getInt('request');
-        if ($requestId === null) {
-            throw new ApplicationLogicException('Request ID not found');
-        }
-
-        /** @var Request $request */
-        $request = Request::getById($requestId, $database);
-
-        if ($request === false) {
-            throw new ApplicationLogicException('Request not found');
-        }
-
-        return $request;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate|null
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::getInt('template');
-        if ($templateId === null) {
-            return null;
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            return null;
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param $database
-     * @param $request
-     *
-     * @throws Exception
-     */
-    protected function showCustomCloseForm(PdoDatabase $database, Request $request)
-    {
-        $currentUser = User::getCurrent($database);
-        $config = $this->getSiteConfiguration();
-
-        $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
-        if (!$allowedPrivateData) {
-            // we probably shouldn't be showing the user this form if they're not allowed to access private data...
-            throw new AccessDeniedException($this->getSecurityManager());
-        }
-
-        $template = $this->getTemplate($database);
-
-        // Preload data
-        $this->assign('defaultAction', '');
-        $this->assign('preloadText', '');
-        $this->assign('preloadTitle', '');
-
-        if ($template !== null) {
-            $this->assign('defaultAction', $template->getDefaultAction());
-            $this->assign('preloadText', $template->getText());
-            $this->assign('preloadTitle', $template->getName());
-        }
-
-        // Static data
-        $this->assign('requeststates', $config->getRequestStates());
-
-        // request data
-        $this->assign('requestId', $request->getIp());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->setupBasicData($request, $config);
-        $this->setupReservationDetails($request->getReserved(), $database, $currentUser);
-        $this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
-
-        // IP location
-        $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
-
-        // Confirmations
-        $this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
-        $this->assign('confirmReserveOverride', $this->checkReserveOverride($request, $currentUser));
-
-        $this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
-
-        // template
-        $this->setTemplate('custom-close.tpl');
-    }
-
-    /**
-     * @param User        $currentUser
-     * @param Request     $request
-     * @param PdoDatabase $database
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
-    {
-        $messageBody = WebRequest::postString('msgbody');
-        if ($messageBody === null || trim($messageBody) === '') {
-            throw new ApplicationLogicException('Message body cannot be blank');
-        }
-
-        $ccMailingList = true;
-        if ($this->barrierTest('skipCcMailingList', $currentUser)) {
-            $ccMailingList = WebRequest::postBoolean('ccMailingList');
-        }
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        if (!(WebRequest::postBoolean('confirmEmailAlreadySent')
-            && WebRequest::postBoolean('confirmReserveOverride'))
-        ) {
-            throw new ApplicationLogicException('Not all confirmations checked');
-        }
-
-        $action = WebRequest::postString('action');
-        $availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
-            // Close request
-            $this->closeRequest($request, $database, $action, $messageBody);
-
-            // Send the mail after the save, since save can be rolled back
-            $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-        }
-        else {
-            if (array_key_exists($action, $availableRequestStates)) {
-                // Defer to other state
-                $this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
-
-                // Send the mail after the save, since save can be rolled back
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-            }
-            else {
-                $request->setReserved(null);
-                $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-                $request->save();
-
-                // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-                // and be rolled back.
-
-                // Send mail
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-
-                Logger::sentMail($database, $request, $messageBody);
-                Logger::unreserve($database, $request);
-
-                $this->getNotificationHelper()->sentMail($request);
-                SessionAlert::success("Sent mail to Request {$request->getId()}");
-            }
-        }
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
-    {
-        $request->setStatus('Closed');
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
-        // be rolled back.
-
-        if ($action == EmailTemplate::CREATED) {
-            $logCloseType = 'custom-y';
-            $notificationCloseType = "Custom, Created";
-        }
-        else {
-            $logCloseType = 'custom-n';
-            $notificationCloseType = "Custom, Not Created";
-        }
-
-        Logger::closeRequest($database, $request, $logCloseType, $messageBody);
-        $this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
-
-        $requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
-        SessionAlert::success("Request {$request->getId()} ({$requestName}) marked as 'Done'.");
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param             $availableRequestStates
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function deferRequest(
-        Request $request,
-        PdoDatabase $database,
-        $action,
-        $availableRequestStates,
-        $messageBody
-    ) {
-        $request->setStatus($action);
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-        // and be rolled back.
-
-        $deferToLog = $availableRequestStates[$action]['defertolog'];
-        Logger::sentMail($database, $request, $messageBody);
-        Logger::deferRequest($database, $request, $deferToLog);
-
-        $this->getNotificationHelper()->requestDeferredWithMail($request);
-
-        $deferTo = $availableRequestStates[$action]['deferto'];
-        SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
-    }
+	use RequestData;
+
+	protected function main()
+	{
+		$database = $this->getDatabase();
+
+		$request = $this->getRequest($database);
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		// Dual-mode page
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$this->doCustomClose($currentUser, $request, $database);
+
+			$this->redirect();
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->showCustomCloseForm($database, $request);
+		}
+	}
+
+	/**
+	 * @param $database
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database)
+	{
+		$requestId = WebRequest::getInt('request');
+		if ($requestId === null) {
+			throw new ApplicationLogicException('Request ID not found');
+		}
+
+		/** @var Request $request */
+		$request = Request::getById($requestId, $database);
+
+		if ($request === false) {
+			throw new ApplicationLogicException('Request not found');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate|null
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::getInt('template');
+		if ($templateId === null) {
+			return null;
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			return null;
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param $database
+	 * @param $request
+	 *
+	 * @throws Exception
+	 */
+	protected function showCustomCloseForm(PdoDatabase $database, Request $request)
+	{
+		$currentUser = User::getCurrent($database);
+		$config = $this->getSiteConfiguration();
+
+		$allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
+		if (!$allowedPrivateData) {
+			// we probably shouldn't be showing the user this form if they're not allowed to access private data...
+			throw new AccessDeniedException($this->getSecurityManager());
+		}
+
+		$template = $this->getTemplate($database);
+
+		// Preload data
+		$this->assign('defaultAction', '');
+		$this->assign('preloadText', '');
+		$this->assign('preloadTitle', '');
+
+		if ($template !== null) {
+			$this->assign('defaultAction', $template->getDefaultAction());
+			$this->assign('preloadText', $template->getText());
+			$this->assign('preloadTitle', $template->getName());
+		}
+
+		// Static data
+		$this->assign('requeststates', $config->getRequestStates());
+
+		// request data
+		$this->assign('requestId', $request->getIp());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->setupBasicData($request, $config);
+		$this->setupReservationDetails($request->getReserved(), $database, $currentUser);
+		$this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
+
+		// IP location
+		$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
+
+		// Confirmations
+		$this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
+		$this->assign('confirmReserveOverride', $this->checkReserveOverride($request, $currentUser));
+
+		$this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
+
+		// template
+		$this->setTemplate('custom-close.tpl');
+	}
+
+	/**
+	 * @param User        $currentUser
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
+	{
+		$messageBody = WebRequest::postString('msgbody');
+		if ($messageBody === null || trim($messageBody) === '') {
+			throw new ApplicationLogicException('Message body cannot be blank');
+		}
+
+		$ccMailingList = true;
+		if ($this->barrierTest('skipCcMailingList', $currentUser)) {
+			$ccMailingList = WebRequest::postBoolean('ccMailingList');
+		}
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		if (!(WebRequest::postBoolean('confirmEmailAlreadySent')
+			&& WebRequest::postBoolean('confirmReserveOverride'))
+		) {
+			throw new ApplicationLogicException('Not all confirmations checked');
+		}
+
+		$action = WebRequest::postString('action');
+		$availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
+			// Close request
+			$this->closeRequest($request, $database, $action, $messageBody);
+
+			// Send the mail after the save, since save can be rolled back
+			$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+		}
+		else {
+			if (array_key_exists($action, $availableRequestStates)) {
+				// Defer to other state
+				$this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
+
+				// Send the mail after the save, since save can be rolled back
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+			}
+			else {
+				$request->setReserved(null);
+				$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+				$request->save();
+
+				// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+				// and be rolled back.
+
+				// Send mail
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+
+				Logger::sentMail($database, $request, $messageBody);
+				Logger::unreserve($database, $request);
+
+				$this->getNotificationHelper()->sentMail($request);
+				SessionAlert::success("Sent mail to Request {$request->getId()}");
+			}
+		}
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
+	{
+		$request->setStatus('Closed');
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
+		// be rolled back.
+
+		if ($action == EmailTemplate::CREATED) {
+			$logCloseType = 'custom-y';
+			$notificationCloseType = "Custom, Created";
+		}
+		else {
+			$logCloseType = 'custom-n';
+			$notificationCloseType = "Custom, Not Created";
+		}
+
+		Logger::closeRequest($database, $request, $logCloseType, $messageBody);
+		$this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
+
+		$requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
+		SessionAlert::success("Request {$request->getId()} ({$requestName}) marked as 'Done'.");
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param             $availableRequestStates
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function deferRequest(
+		Request $request,
+		PdoDatabase $database,
+		$action,
+		$availableRequestStates,
+		$messageBody
+	) {
+		$request->setStatus($action);
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+		// and be rolled back.
+
+		$deferToLog = $availableRequestStates[$action]['defertolog'];
+		Logger::sentMail($database, $request, $messageBody);
+		Logger::deferRequest($database, $request, $deferToLog);
+
+		$this->getNotificationHelper()->requestDeferredWithMail($request);
+
+		$deferTo = $availableRequestStates[$action]['deferto'];
+		SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
+	}
 }

includes/Pages/RequestAction/PageSendToUser.php

Indentation +39 added lines, -39 removed lines

@@ -17,43 +17,43 @@
 
 class PageSendToUser extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     * @throws Exception
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database);
-
-        if ($request->getReserved() !== User::getCurrent($database)->getId()) {
-            throw new ApplicationLogicException('You don\'t have this request reserved!');
-        }
-
-        $username = WebRequest::postString('user');
-        if ($username === null) {
-            throw new ApplicationLogicException('User must be specified');
-        }
-
-        $user = User::getByUsername($username, $database);
-        if ($user === false) {
-            throw new ApplicationLogicException('User not found');
-        }
-
-        if (!$user->isActive()) {
-            throw new ApplicationLogicException('User is currently not active on the tool');
-        }
-
-        $request->setReserved($user->getId());
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        Logger::sendReservation($database, $request, $user);
-        $this->getNotificationHelper()->requestReservationSent($request, $user);
-        SessionAlert::success("Reservation sent successfully");
-
-        $this->redirect('viewRequest', null, array('id' => $request->getId()));
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 * @throws Exception
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database);
+
+		if ($request->getReserved() !== User::getCurrent($database)->getId()) {
+			throw new ApplicationLogicException('You don\'t have this request reserved!');
+		}
+
+		$username = WebRequest::postString('user');
+		if ($username === null) {
+			throw new ApplicationLogicException('User must be specified');
+		}
+
+		$user = User::getByUsername($username, $database);
+		if ($user === false) {
+			throw new ApplicationLogicException('User not found');
+		}
+
+		if (!$user->isActive()) {
+			throw new ApplicationLogicException('User is currently not active on the tool');
+		}
+
+		$request->setReserved($user->getId());
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		Logger::sendReservation($database, $request, $user);
+		$this->getNotificationHelper()->requestReservationSent($request, $user);
+		SessionAlert::success("Reservation sent successfully");
+
+		$this->redirect('viewRequest', null, array('id' => $request->getId()));
+	}
 }

includes/Pages/PageForgotPassword.php

Indentation +145 added lines, -145 removed lines

@@ -17,149 +17,149 @@
 
 class PageForgotPassword extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     *
-     * This is the forgotten password reset form
-     * @category Security-Critical
-     */
-    protected function main()
-    {
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $username = WebRequest::postString('username');
-            $email = WebRequest::postEmail('email');
-            $database = $this->getDatabase();
-
-            if ($username === null || trim($username) === "" || $email === null || trim($email) === "") {
-                throw new ApplicationLogicException("Both username and email address must be specified!");
-            }
-
-            $user = User::getByUsername($username, $database);
-            $this->sendResetMail($user, $email);
-
-            SessionAlert::success('<strong>Your password reset request has been completed.</strong> Please check your e-mail.');
-
-            $this->redirect('login');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('forgot-password/forgotpw.tpl');
-        }
-    }
-
-    /**
-     * Sends a reset email if the user is authenticated
-     *
-     * @param User|boolean $user  The user located from the database, or false. Doesn't really matter, since we do the
-     *                            check anyway within this method and silently skip if we don't have a user.
-     * @param string       $email The provided email address
-     */
-    private function sendResetMail($user, $email)
-    {
-        // If the user isn't found, or the email address is wrong, skip sending the details silently.
-        if (!$user instanceof User) {
-            return;
-        }
-
-        if (strtolower($user->getEmail()) === strtolower($email)) {
-            $clientIp = $this->getXffTrustProvider()
-                ->getTrustedClientIp(WebRequest::remoteAddress(), WebRequest::forwardedAddress());
-
-            $this->assign("user", $user);
-            $this->assign("hash", $user->getForgottenPasswordHash());
-            $this->assign("remoteAddress", $clientIp);
-
-            $emailContent = $this->fetchTemplate('forgot-password/reset-mail.tpl');
-
-            $this->getEmailHelper()->sendMail($user->getEmail(), "", $emailContent);
-        }
-    }
-
-    /**
-     * Entry point for the reset action
-     *
-     * This is the reset password part of the form.
-     * @category Security-Critical
-     */
-    protected function reset()
-    {
-        $si = WebRequest::getString('si');
-        $id = WebRequest::getString('id');
-
-        if ($si === null || trim($si) === "" || $id === null || trim($id) === "") {
-            throw new ApplicationLogicException("Link not valid, please ensure it has copied correctly");
-        }
-
-        $database = $this->getDatabase();
-        $user = $this->getResettingUser($id, $database, $si);
-
-        // Dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            try {
-                $this->doReset($user);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('forgotPassword', 'reset', array('si' => $si, 'id' => $id));
-
-                return;
-            }
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('user', $user);
-            $this->setTemplate('forgot-password/forgotpwreset.tpl');
-        }
-    }
-
-    /**
-     * Gets the user resetting their password from the database, or throwing an exception if that is not possible.
-     *
-     * @param integer     $id       The ID of the user to retrieve
-     * @param PdoDatabase $database The database object to use
-     * @param string      $si       The reset hash provided
-     *
-     * @return User
-     * @throws ApplicationLogicException
-     */
-    private function getResettingUser($id, $database, $si)
-    {
-        $user = User::getById($id, $database);
-
-        if ($user === false || $user->getForgottenPasswordHash() !== $si || $user->isCommunityUser()) {
-            throw new ApplicationLogicException("User not found");
-        }
-
-        return $user;
-    }
-
-    /**
-     * Performs the setting of the new password
-     *
-     * @param User $user The user to set the password for
-     *
-     * @throws ApplicationLogicException
-     */
-    private function doReset(User $user)
-    {
-        $pw = WebRequest::postString('pw');
-        $pw2 = WebRequest::postString('pw2');
-
-        if ($pw !== $pw2) {
-            throw new ApplicationLogicException('Passwords do not match!');
-        }
-
-        $user->setPassword($pw);
-        $user->save();
-
-        SessionAlert::success('You may now log in!');
-        $this->redirect('login');
-    }
-
-    protected function isProtectedPage()
-    {
-        return false;
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 *
+	 * This is the forgotten password reset form
+	 * @category Security-Critical
+	 */
+	protected function main()
+	{
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$username = WebRequest::postString('username');
+			$email = WebRequest::postEmail('email');
+			$database = $this->getDatabase();
+
+			if ($username === null || trim($username) === "" || $email === null || trim($email) === "") {
+				throw new ApplicationLogicException("Both username and email address must be specified!");
+			}
+
+			$user = User::getByUsername($username, $database);
+			$this->sendResetMail($user, $email);
+
+			SessionAlert::success('<strong>Your password reset request has been completed.</strong> Please check your e-mail.');
+
+			$this->redirect('login');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('forgot-password/forgotpw.tpl');
+		}
+	}
+
+	/**
+	 * Sends a reset email if the user is authenticated
+	 *
+	 * @param User|boolean $user  The user located from the database, or false. Doesn't really matter, since we do the
+	 *                            check anyway within this method and silently skip if we don't have a user.
+	 * @param string       $email The provided email address
+	 */
+	private function sendResetMail($user, $email)
+	{
+		// If the user isn't found, or the email address is wrong, skip sending the details silently.
+		if (!$user instanceof User) {
+			return;
+		}
+
+		if (strtolower($user->getEmail()) === strtolower($email)) {
+			$clientIp = $this->getXffTrustProvider()
+				->getTrustedClientIp(WebRequest::remoteAddress(), WebRequest::forwardedAddress());
+
+			$this->assign("user", $user);
+			$this->assign("hash", $user->getForgottenPasswordHash());
+			$this->assign("remoteAddress", $clientIp);
+
+			$emailContent = $this->fetchTemplate('forgot-password/reset-mail.tpl');
+
+			$this->getEmailHelper()->sendMail($user->getEmail(), "", $emailContent);
+		}
+	}
+
+	/**
+	 * Entry point for the reset action
+	 *
+	 * This is the reset password part of the form.
+	 * @category Security-Critical
+	 */
+	protected function reset()
+	{
+		$si = WebRequest::getString('si');
+		$id = WebRequest::getString('id');
+
+		if ($si === null || trim($si) === "" || $id === null || trim($id) === "") {
+			throw new ApplicationLogicException("Link not valid, please ensure it has copied correctly");
+		}
+
+		$database = $this->getDatabase();
+		$user = $this->getResettingUser($id, $database, $si);
+
+		// Dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			try {
+				$this->doReset($user);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('forgotPassword', 'reset', array('si' => $si, 'id' => $id));
+
+				return;
+			}
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('user', $user);
+			$this->setTemplate('forgot-password/forgotpwreset.tpl');
+		}
+	}
+
+	/**
+	 * Gets the user resetting their password from the database, or throwing an exception if that is not possible.
+	 *
+	 * @param integer     $id       The ID of the user to retrieve
+	 * @param PdoDatabase $database The database object to use
+	 * @param string      $si       The reset hash provided
+	 *
+	 * @return User
+	 * @throws ApplicationLogicException
+	 */
+	private function getResettingUser($id, $database, $si)
+	{
+		$user = User::getById($id, $database);
+
+		if ($user === false || $user->getForgottenPasswordHash() !== $si || $user->isCommunityUser()) {
+			throw new ApplicationLogicException("User not found");
+		}
+
+		return $user;
+	}
+
+	/**
+	 * Performs the setting of the new password
+	 *
+	 * @param User $user The user to set the password for
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function doReset(User $user)
+	{
+		$pw = WebRequest::postString('pw');
+		$pw2 = WebRequest::postString('pw2');
+
+		if ($pw !== $pw2) {
+			throw new ApplicationLogicException('Passwords do not match!');
+		}
+
+		$user->setPassword($pw);
+		$user->save();
+
+		SessionAlert::success('You may now log in!');
+		$this->redirect('login');
+	}
+
+	protected function isProtectedPage()
+	{
+		return false;
+	}
 }

includes/Pages/PageLogin.php

Indentation +133 added lines, -133 removed lines

@@ -20,137 +20,137 @@
  */
 class PageLogin extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        // Start by enforcing HTTPS
-        if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
-            if (WebRequest::isHttps()) {
-                // Client can clearly use HTTPS, so let's enforce it for all connections.
-                if (!headers_sent()) {
-                    header("Strict-Transport-Security: max-age=15768000");
-                }
-            }
-            else {
-                // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
-
-                return;
-            }
-        }
-
-        if (WebRequest::wasPosted()) {
-            // POST. Do some authentication.
-            $this->validateCSRFToken();
-
-            $user = null;
-            try {
-                $user = $this->getAuthenticatingUser();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('login');
-
-                return;
-            }
-
-            // Touch force logout
-            $user->setForceLogout(false);
-            $user->save();
-
-            if ($this->getSiteConfiguration()->getEnforceOAuth()) {
-                if (!$user->isOAuthLinked()) {
-                    $oauthHelper = $this->getOAuthHelper();
-
-                    $requestToken = $oauthHelper->getRequestToken();
-                    $user->setOAuthRequestToken($requestToken->key);
-                    $user->setOAuthRequestSecret($requestToken->secret);
-                    $user->save();
-
-                    WebRequest::setPartialLogin($user);
-                    $this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
-
-                    return;
-                }
-            }
-
-            // User is partially linked to OAuth. This is not allowed. Enforce it for this user.
-            if ($user->getOnWikiName() === '##OAUTH##') {
-                $oauthHelper = $this->getOAuthHelper();
-
-                $requestToken = $oauthHelper->getRequestToken();
-                $user->setOAuthRequestToken($requestToken->key);
-                $user->setOAuthRequestSecret($requestToken->secret);
-                $user->save();
-
-                WebRequest::setPartialLogin($user);
-                $this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
-
-                return;
-            }
-
-            WebRequest::setLoggedInUser($user);
-
-            $this->goBackWhenceYouCame($user);
-        }
-        else {
-            // GET. Show the form
-            $this->assignCSRFToken();
-            $this->setTemplate("login.tpl");
-        }
-    }
-
-    /**
-     * @return User
-     * @throws ApplicationLogicException
-     */
-    private function getAuthenticatingUser()
-    {
-        $username = WebRequest::postString("username");
-        $password = WebRequest::postString("password");
-
-        if ($username === null || $password === null || $username === "" || $password === "") {
-            throw new ApplicationLogicException("No username/password specified");
-        }
-
-        /** @var User $user */
-        $user = User::getByUsername($username, $this->getDatabase());
-
-        if ($user == false || !$user->authenticate($password)) {
-            throw new ApplicationLogicException("Authentication failed");
-        }
-
-        return $user;
-    }
-
-    protected function isProtectedPage()
-    {
-        return false;
-    }
-
-    /**
-     * Redirect the user back to wherever they came from after a successful login
-     *
-     * @param User $user
-     */
-    private function goBackWhenceYouCame(User $user)
-    {
-        // Redirect to wherever the user came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            if ($user->isNewUser()) {
-                // home page isn't allowed, go to preferences instead
-                $this->redirect('preferences');
-            }
-            else {
-                // go to the home page
-                $this->redirect('');
-            }
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		// Start by enforcing HTTPS
+		if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
+			if (WebRequest::isHttps()) {
+				// Client can clearly use HTTPS, so let's enforce it for all connections.
+				if (!headers_sent()) {
+					header("Strict-Transport-Security: max-age=15768000");
+				}
+			}
+			else {
+				// This is the login form, not the request form. We need protection here.
+				$this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+
+				return;
+			}
+		}
+
+		if (WebRequest::wasPosted()) {
+			// POST. Do some authentication.
+			$this->validateCSRFToken();
+
+			$user = null;
+			try {
+				$user = $this->getAuthenticatingUser();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('login');
+
+				return;
+			}
+
+			// Touch force logout
+			$user->setForceLogout(false);
+			$user->save();
+
+			if ($this->getSiteConfiguration()->getEnforceOAuth()) {
+				if (!$user->isOAuthLinked()) {
+					$oauthHelper = $this->getOAuthHelper();
+
+					$requestToken = $oauthHelper->getRequestToken();
+					$user->setOAuthRequestToken($requestToken->key);
+					$user->setOAuthRequestSecret($requestToken->secret);
+					$user->save();
+
+					WebRequest::setPartialLogin($user);
+					$this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
+
+					return;
+				}
+			}
+
+			// User is partially linked to OAuth. This is not allowed. Enforce it for this user.
+			if ($user->getOnWikiName() === '##OAUTH##') {
+				$oauthHelper = $this->getOAuthHelper();
+
+				$requestToken = $oauthHelper->getRequestToken();
+				$user->setOAuthRequestToken($requestToken->key);
+				$user->setOAuthRequestSecret($requestToken->secret);
+				$user->save();
+
+				WebRequest::setPartialLogin($user);
+				$this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
+
+				return;
+			}
+
+			WebRequest::setLoggedInUser($user);
+
+			$this->goBackWhenceYouCame($user);
+		}
+		else {
+			// GET. Show the form
+			$this->assignCSRFToken();
+			$this->setTemplate("login.tpl");
+		}
+	}
+
+	/**
+	 * @return User
+	 * @throws ApplicationLogicException
+	 */
+	private function getAuthenticatingUser()
+	{
+		$username = WebRequest::postString("username");
+		$password = WebRequest::postString("password");
+
+		if ($username === null || $password === null || $username === "" || $password === "") {
+			throw new ApplicationLogicException("No username/password specified");
+		}
+
+		/** @var User $user */
+		$user = User::getByUsername($username, $this->getDatabase());
+
+		if ($user == false || !$user->authenticate($password)) {
+			throw new ApplicationLogicException("Authentication failed");
+		}
+
+		return $user;
+	}
+
+	protected function isProtectedPage()
+	{
+		return false;
+	}
+
+	/**
+	 * Redirect the user back to wherever they came from after a successful login
+	 *
+	 * @param User $user
+	 */
+	private function goBackWhenceYouCame(User $user)
+	{
+		// Redirect to wherever the user came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			if ($user->isNewUser()) {
+				// home page isn't allowed, go to preferences instead
+				$this->redirect('preferences');
+			}
+			else {
+				// go to the home page
+				$this->redirect('');
+			}
+		}
+	}
 }