User:Legoktm/authn

LoginForm::execute LoginForm::processLogin LoginForm::authenticateUserData LoginForm::attemptAutoCreate * AbuseFilter, Titleblacklist hook in here to stop bad accounts * CentralAuth hooks in to stop new account creation if a global rename is in progress...why???? * CentralAuthHooks::attemptAddUser calls this hook and appears to replicate logic from LoginForm (LdapAutoAuthentication::attemptAddUser also looks similar) LoginForm::initUser
 * If no session exists, wfSetupSession is called
 * LoginForm::load calls $wgAuth->setDomain if the wpDomain parameter was passed
 * Redirect to HTTPS happens if necessary ($wgSecureLogin/wfCanIPUseHTTPS)
 * Check to make sure the client supports cookies
 * Validate non-empty username, token is valid, and checks login throttle (which is different from the normal MW ping limiter system)
 * Load the current user from the session, invoking the UserLoadFromSession hook which might auto-create the user. Tim calls this hook evil, more on it later.
 * LoginUserMigrated hook is run, which was for CentralAuth to say a user had been renamed
 * If the user still does not exist, LoginForm::attemptAutoCreate is called.
 * Checks to see if User::isBlockedFromCreateAccount, then if $wgAuth->autoCreate, $wgAuth->userExists, and $wgAuth->AbortAutoAccount.
 * AbortAutoAccount hook is called:
 * Add user object to database, then set email, realname, token
 * Call $wgAuth->initUser
 * Update SiteStats and add user's userpage+talk page to watchlist