search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No more undefined usage of rev{Start,End}Id warnings
[mediawiki.git] / includes / User.php
blob566dcc74071793d63ae876ff36ae2697a48bd12e
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
27 define( 'USER_TOKEN_LENGTH', 32 );
28
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
33 define( 'MW_USER_VERSION', 8 );
34
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
40
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
45 class PasswordError extends MWException {
46 // NOP
47 }
48
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
67
68 /**
69 * Array of Strings List of member variables which are saved to the
70 * shared cache (memcached). Any operation which changes the
71 * corresponding database fields must call a cache-clearing function.
72 * @showinitializer
73 */
74 static $mCacheVars = array(
75 // user table
76 'mId',
77 'mName',
78 'mRealName',
79 'mPassword',
80 'mNewpassword',
81 'mNewpassTime',
82 'mEmail',
83 'mTouched',
84 'mToken',
85 'mEmailAuthenticated',
86 'mEmailToken',
87 'mEmailTokenExpires',
88 'mRegistration',
89 'mEditCount',
90 // user_groups table
91 'mGroups',
92 // user_properties table
93 'mOptionOverrides',
94 );
95
96 /**
97 * Array of Strings Core rights.
98 * Each of these should have a corresponding message of the form
99 * "right-$right".
100 * @showinitializer
101 */
102 static $mCoreRights = array(
103 'apihighlimits',
104 'autoconfirmed',
105 'autopatrol',
106 'bigdelete',
107 'block',
108 'blockemail',
109 'bot',
110 'browsearchive',
111 'createaccount',
112 'createpage',
113 'createtalk',
114 'delete',
115 'deletedhistory',
116 'deletedtext',
117 'deleterevision',
118 'edit',
119 'editinterface',
120 'editusercssjs', #deprecated
121 'editusercss',
122 'edituserjs',
123 'hideuser',
124 'import',
125 'importupload',
126 'ipblock-exempt',
127 'markbotedits',
128 'mergehistory',
129 'minoredit',
130 'move',
131 'movefile',
132 'move-rootuserpages',
133 'move-subpages',
134 'nominornewtalk',
135 'noratelimit',
136 'override-export-depth',
137 'patrol',
138 'protect',
139 'proxyunbannable',
140 'purge',
141 'read',
142 'reupload',
143 'reupload-shared',
144 'rollback',
145 'sendemail',
146 'siteadmin',
147 'suppressionlog',
148 'suppressredirect',
149 'suppressrevision',
150 'unblockself',
151 'undelete',
152 'unwatchedpages',
153 'upload',
154 'upload_by_url',
155 'userrights',
156 'userrights-interwiki',
157 'writeapi',
158 );
159 /**
160 * String Cached results of getAllRights()
161 */
162 static $mAllRights = false;
163
164 /** @name Cache variables */
165 //@{
166 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
167 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
168 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mEditCount,
169 $mGroups, $mOptionOverrides;
170 //@}
171
172 /**
173 * Bool Whether the cache variables have been loaded.
174 */
175 //@{
176 var $mOptionsLoaded;
177
178 /**
179 * Array with already loaded items or true if all items have been loaded.
180 */
181 private $mLoadedItems = array();
182 //@}
183
184 /**
185 * String Initialization data source if mLoadedItems!==true. May be one of:
186 * - 'defaults' anonymous user initialised from class defaults
187 * - 'name' initialise from mName
188 * - 'id' initialise from mId
189 * - 'session' log in from cookies or session if possible
190 *
191 * Use the User::newFrom*() family of functions to set this.
192 */
193 var $mFrom;
194
195 /**
196 * Lazy-initialized variables, invalidated with clearInstanceCache
197 */
198 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
199 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
200 $mLocked, $mHideName, $mOptions;
201
202 /**
203 * @var WebRequest
204 */
205 private $mRequest;
206
207 /**
208 * @var Block
209 */
210 var $mBlock;
211
212 /**
213 * @var bool
214 */
215 var $mAllowUsertalk;
216
217 /**
218 * @var Block
219 */
220 private $mBlockedFromCreateAccount = false;
221
222 static $idCacheByName = array();
223
224 /**
225 * Lightweight constructor for an anonymous user.
226 * Use the User::newFrom* factory functions for other kinds of users.
227 *
228 * @see newFromName()
229 * @see newFromId()
230 * @see newFromConfirmationCode()
231 * @see newFromSession()
232 * @see newFromRow()
233 */
234 function __construct() {
235 $this->clearInstanceCache( 'defaults' );
236 }
237
238 /**
239 * @return String
240 */
241 function __toString(){
242 return $this->getName();
243 }
244
245 /**
246 * Load the user table data for this object from the source given by mFrom.
247 */
248 public function load() {
249 if ( $this->mLoadedItems === true ) {
250 return;
251 }
252 wfProfileIn( __METHOD__ );
253
254 # Set it now to avoid infinite recursion in accessors
255 $this->mLoadedItems = true;
256
257 switch ( $this->mFrom ) {
258 case 'defaults':
259 $this->loadDefaults();
260 break;
261 case 'name':
262 $this->mId = self::idFromName( $this->mName );
263 if ( !$this->mId ) {
264 # Nonexistent user placeholder object
265 $this->loadDefaults( $this->mName );
266 } else {
267 $this->loadFromId();
268 }
269 break;
270 case 'id':
271 $this->loadFromId();
272 break;
273 case 'session':
274 $this->loadFromSession();
275 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
276 break;
277 default:
278 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
279 }
280 wfProfileOut( __METHOD__ );
281 }
282
283 /**
284 * Load user table data, given mId has already been set.
285 * @return Bool false if the ID does not exist, true otherwise
286 */
287 public function loadFromId() {
288 global $wgMemc;
289 if ( $this->mId == 0 ) {
290 $this->loadDefaults();
291 return false;
292 }
293
294 # Try cache
295 $key = wfMemcKey( 'user', 'id', $this->mId );
296 $data = $wgMemc->get( $key );
297 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
298 # Object is expired, load from DB
299 $data = false;
300 }
301
302 if ( !$data ) {
303 wfDebug( "User: cache miss for user {$this->mId}\n" );
304 # Load from DB
305 if ( !$this->loadFromDatabase() ) {
306 # Can't load from ID, user is anonymous
307 return false;
308 }
309 $this->saveToCache();
310 } else {
311 wfDebug( "User: got user {$this->mId} from cache\n" );
312 # Restore from cache
313 foreach ( self::$mCacheVars as $name ) {
314 $this->$name = $data[$name];
315 }
316 }
317 return true;
318 }
319
320 /**
321 * Save user data to the shared cache
322 */
323 public function saveToCache() {
324 $this->load();
325 $this->loadGroups();
326 $this->loadOptions();
327 if ( $this->isAnon() ) {
328 // Anonymous users are uncached
329 return;
330 }
331 $data = array();
332 foreach ( self::$mCacheVars as $name ) {
333 $data[$name] = $this->$name;
334 }
335 $data['mVersion'] = MW_USER_VERSION;
336 $key = wfMemcKey( 'user', 'id', $this->mId );
337 global $wgMemc;
338 $wgMemc->set( $key, $data );
339 }
340
341 /** @name newFrom*() static factory methods */
342 //@{
343
344 /**
345 * Static factory method for creation from username.
346 *
347 * This is slightly less efficient than newFromId(), so use newFromId() if
348 * you have both an ID and a name handy.
349 *
350 * @param $name String Username, validated by Title::newFromText()
351 * @param $validate String|Bool Validate username. Takes the same parameters as
352 * User::getCanonicalName(), except that true is accepted as an alias
353 * for 'valid', for BC.
354 *
355 * @return User object, or false if the username is invalid
356 * (e.g. if it contains illegal characters or is an IP address). If the
357 * username is not present in the database, the result will be a user object
358 * with a name, zero user ID and default settings.
359 */
360 public static function newFromName( $name, $validate = 'valid' ) {
361 if ( $validate === true ) {
362 $validate = 'valid';
363 }
364 $name = self::getCanonicalName( $name, $validate );
365 if ( $name === false ) {
366 return false;
367 } else {
368 # Create unloaded user object
369 $u = new User;
370 $u->mName = $name;
371 $u->mFrom = 'name';
372 $u->setItemLoaded( 'name' );
373 return $u;
374 }
375 }
376
377 /**
378 * Static factory method for creation from a given user ID.
379 *
380 * @param $id Int Valid user ID
381 * @return User The corresponding User object
382 */
383 public static function newFromId( $id ) {
384 $u = new User;
385 $u->mId = $id;
386 $u->mFrom = 'id';
387 $u->setItemLoaded( 'id' );
388 return $u;
389 }
390
391 /**
392 * Factory method to fetch whichever user has a given email confirmation code.
393 * This code is generated when an account is created or its e-mail address
394 * has changed.
395 *
396 * If the code is invalid or has expired, returns NULL.
397 *
398 * @param $code String Confirmation code
399 * @return User object, or null
400 */
401 public static function newFromConfirmationCode( $code ) {
402 $dbr = wfGetDB( DB_SLAVE );
403 $id = $dbr->selectField( 'user', 'user_id', array(
404 'user_email_token' => md5( $code ),
405 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
406 ) );
407 if( $id !== false ) {
408 return User::newFromId( $id );
409 } else {
410 return null;
411 }
412 }
413
414 /**
415 * Create a new user object using data from session or cookies. If the
416 * login credentials are invalid, the result is an anonymous user.
417 *
418 * @param $request WebRequest object to use; $wgRequest will be used if
419 * ommited.
420 * @return User object
421 */
422 public static function newFromSession( WebRequest $request = null ) {
423 $user = new User;
424 $user->mFrom = 'session';
425 $user->mRequest = $request;
426 return $user;
427 }
428
429 /**
430 * Create a new user object from a user row.
431 * The row should have the following fields from the user table in it:
432 * - either user_name or user_id to load further data if needed (or both)
433 * - user_real_name
434 * - all other fields (email, password, etc.)
435 * It is useless to provide the remaining fields if either user_id,
436 * user_name and user_real_name are not provided because the whole row
437 * will be loaded once more from the database when accessing them.
438 *
439 * @param $row Array A row from the user table
440 * @return User
441 */
442 public static function newFromRow( $row ) {
443 $user = new User;
444 $user->loadFromRow( $row );
445 return $user;
446 }
447
448 //@}
449
450 /**
451 * Get the username corresponding to a given user ID
452 * @param $id Int User ID
453 * @return String|bool The corresponding username
454 */
455 public static function whoIs( $id ) {
456 $dbr = wfGetDB( DB_SLAVE );
457 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
458 }
459
460 /**
461 * Get the real name of a user given their user ID
462 *
463 * @param $id Int User ID
464 * @return String|bool The corresponding user's real name
465 */
466 public static function whoIsReal( $id ) {
467 $dbr = wfGetDB( DB_SLAVE );
468 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
469 }
470
471 /**
472 * Get database id given a user name
473 * @param $name String Username
474 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
475 */
476 public static function idFromName( $name ) {
477 $nt = Title::makeTitleSafe( NS_USER, $name );
478 if( is_null( $nt ) ) {
479 # Illegal name
480 return null;
481 }
482
483 if ( isset( self::$idCacheByName[$name] ) ) {
484 return self::$idCacheByName[$name];
485 }
486
487 $dbr = wfGetDB( DB_SLAVE );
488 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
489
490 if ( $s === false ) {
491 $result = null;
492 } else {
493 $result = $s->user_id;
494 }
495
496 self::$idCacheByName[$name] = $result;
497
498 if ( count( self::$idCacheByName ) > 1000 ) {
499 self::$idCacheByName = array();
500 }
501
502 return $result;
503 }
504
505 /**
506 * Reset the cache used in idFromName(). For use in tests.
507 */
508 public static function resetIdByNameCache() {
509 self::$idCacheByName = array();
510 }
511
512 /**
513 * Does the string match an anonymous IPv4 address?
514 *
515 * This function exists for username validation, in order to reject
516 * usernames which are similar in form to IP addresses. Strings such
517 * as 300.300.300.300 will return true because it looks like an IP
518 * address, despite not being strictly valid.
519 *
520 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
521 * address because the usemod software would "cloak" anonymous IP
522 * addresses like this, if we allowed accounts like this to be created
523 * new users could get the old edits of these anonymous users.
524 *
525 * @param $name String to match
526 * @return Bool
527 */
528 public static function isIP( $name ) {
529 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
530 }
531
532 /**
533 * Is the input a valid username?
534 *
535 * Checks if the input is a valid username, we don't want an empty string,
536 * an IP address, anything that containins slashes (would mess up subpages),
537 * is longer than the maximum allowed username size or doesn't begin with
538 * a capital letter.
539 *
540 * @param $name String to match
541 * @return Bool
542 */
543 public static function isValidUserName( $name ) {
544 global $wgContLang, $wgMaxNameChars;
545
546 if ( $name == ''
547 || User::isIP( $name )
548 || strpos( $name, '/' ) !== false
549 || strlen( $name ) > $wgMaxNameChars
550 || $name != $wgContLang->ucfirst( $name ) ) {
551 wfDebugLog( 'username', __METHOD__ .
552 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
553 return false;
554 }
555
556
557 // Ensure that the name can't be misresolved as a different title,
558 // such as with extra namespace keys at the start.
559 $parsed = Title::newFromText( $name );
560 if( is_null( $parsed )
561 || $parsed->getNamespace()
562 || strcmp( $name, $parsed->getPrefixedText() ) ) {
563 wfDebugLog( 'username', __METHOD__ .
564 ": '$name' invalid due to ambiguous prefixes" );
565 return false;
566 }
567
568 // Check an additional blacklist of troublemaker characters.
569 // Should these be merged into the title char list?
570 $unicodeBlacklist = '/[' .
571 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
572 '\x{00a0}' . # non-breaking space
573 '\x{2000}-\x{200f}' . # various whitespace
574 '\x{2028}-\x{202f}' . # breaks and control chars
575 '\x{3000}' . # ideographic space
576 '\x{e000}-\x{f8ff}' . # private use
577 ']/u';
578 if( preg_match( $unicodeBlacklist, $name ) ) {
579 wfDebugLog( 'username', __METHOD__ .
580 ": '$name' invalid due to blacklisted characters" );
581 return false;
582 }
583
584 return true;
585 }
586
587 /**
588 * Usernames which fail to pass this function will be blocked
589 * from user login and new account registrations, but may be used
590 * internally by batch processes.
591 *
592 * If an account already exists in this form, login will be blocked
593 * by a failure to pass this function.
594 *
595 * @param $name String to match
596 * @return Bool
597 */
598 public static function isUsableName( $name ) {
599 global $wgReservedUsernames;
600 // Must be a valid username, obviously ;)
601 if ( !self::isValidUserName( $name ) ) {
602 return false;
603 }
604
605 static $reservedUsernames = false;
606 if ( !$reservedUsernames ) {
607 $reservedUsernames = $wgReservedUsernames;
608 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
609 }
610
611 // Certain names may be reserved for batch processes.
612 foreach ( $reservedUsernames as $reserved ) {
613 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
614 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
615 }
616 if ( $reserved == $name ) {
617 return false;
618 }
619 }
620 return true;
621 }
622
623 /**
624 * Usernames which fail to pass this function will be blocked
625 * from new account registrations, but may be used internally
626 * either by batch processes or by user accounts which have
627 * already been created.
628 *
629 * Additional blacklisting may be added here rather than in
630 * isValidUserName() to avoid disrupting existing accounts.
631 *
632 * @param $name String to match
633 * @return Bool
634 */
635 public static function isCreatableName( $name ) {
636 global $wgInvalidUsernameCharacters;
637
638 // Ensure that the username isn't longer than 235 bytes, so that
639 // (at least for the builtin skins) user javascript and css files
640 // will work. (bug 23080)
641 if( strlen( $name ) > 235 ) {
642 wfDebugLog( 'username', __METHOD__ .
643 ": '$name' invalid due to length" );
644 return false;
645 }
646
647 // Preg yells if you try to give it an empty string
648 if( $wgInvalidUsernameCharacters !== '' ) {
649 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
650 wfDebugLog( 'username', __METHOD__ .
651 ": '$name' invalid due to wgInvalidUsernameCharacters" );
652 return false;
653 }
654 }
655
656 return self::isUsableName( $name );
657 }
658
659 /**
660 * Is the input a valid password for this user?
661 *
662 * @param $password String Desired password
663 * @return Bool
664 */
665 public function isValidPassword( $password ) {
666 //simple boolean wrapper for getPasswordValidity
667 return $this->getPasswordValidity( $password ) === true;
668 }
669
670 /**
671 * Given unvalidated password input, return error message on failure.
672 *
673 * @param $password String Desired password
674 * @return mixed: true on success, string or array of error message on failure
675 */
676 public function getPasswordValidity( $password ) {
677 global $wgMinimalPasswordLength, $wgContLang;
678
679 static $blockedLogins = array(
680 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
681 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
682 );
683
684 $result = false; //init $result to false for the internal checks
685
686 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
687 return $result;
688
689 if ( $result === false ) {
690 if( strlen( $password ) < $wgMinimalPasswordLength ) {
691 return 'passwordtooshort';
692 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
693 return 'password-name-match';
694 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
695 return 'password-login-forbidden';
696 } else {
697 //it seems weird returning true here, but this is because of the
698 //initialization of $result to false above. If the hook is never run or it
699 //doesn't modify $result, then we will likely get down into this if with
700 //a valid password.
701 return true;
702 }
703 } elseif( $result === true ) {
704 return true;
705 } else {
706 return $result; //the isValidPassword hook set a string $result and returned true
707 }
708 }
709
710 /**
711 * Does a string look like an e-mail address?
712 *
713 * This validates an email address using an HTML5 specification found at:
714 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
715 * Which as of 2011-01-24 says:
716 *
717 * A valid e-mail address is a string that matches the ABNF production
718 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
719 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
720 * 3.5.
721 *
722 * This function is an implementation of the specification as requested in
723 * bug 22449.
724 *
725 * Client-side forms will use the same standard validation rules via JS or
726 * HTML 5 validation; additional restrictions can be enforced server-side
727 * by extensions via the 'isValidEmailAddr' hook.
728 *
729 * Note that this validation doesn't 100% match RFC 2822, but is believed
730 * to be liberal enough for wide use. Some invalid addresses will still
731 * pass validation here.
732 *
733 * @param $addr String E-mail address
734 * @return Bool
735 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
736 */
737 public static function isValidEmailAddr( $addr ) {
738 wfDeprecated( __METHOD__, '1.18' );
739 return Sanitizer::validateEmail( $addr );
740 }
741
742 /**
743 * Given unvalidated user input, return a canonical username, or false if
744 * the username is invalid.
745 * @param $name String User input
746 * @param $validate String|Bool type of validation to use:
747 * - false No validation
748 * - 'valid' Valid for batch processes
749 * - 'usable' Valid for batch processes and login
750 * - 'creatable' Valid for batch processes, login and account creation
751 *
752 * @return bool|string
753 */
754 public static function getCanonicalName( $name, $validate = 'valid' ) {
755 # Force usernames to capital
756 global $wgContLang;
757 $name = $wgContLang->ucfirst( $name );
758
759 # Reject names containing '#'; these will be cleaned up
760 # with title normalisation, but then it's too late to
761 # check elsewhere
762 if( strpos( $name, '#' ) !== false )
763 return false;
764
765 # Clean up name according to title rules
766 $t = ( $validate === 'valid' ) ?
767 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
768 # Check for invalid titles
769 if( is_null( $t ) ) {
770 return false;
771 }
772
773 # Reject various classes of invalid names
774 global $wgAuth;
775 $name = $wgAuth->getCanonicalName( $t->getText() );
776
777 switch ( $validate ) {
778 case false:
779 break;
780 case 'valid':
781 if ( !User::isValidUserName( $name ) ) {
782 $name = false;
783 }
784 break;
785 case 'usable':
786 if ( !User::isUsableName( $name ) ) {
787 $name = false;
788 }
789 break;
790 case 'creatable':
791 if ( !User::isCreatableName( $name ) ) {
792 $name = false;
793 }
794 break;
795 default:
796 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
797 }
798 return $name;
799 }
800
801 /**
802 * Count the number of edits of a user
803 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
804 *
805 * @param $uid Int User ID to check
806 * @return Int the user's edit count
807 */
808 public static function edits( $uid ) {
809 wfProfileIn( __METHOD__ );
810 $dbr = wfGetDB( DB_SLAVE );
811 // check if the user_editcount field has been initialized
812 $field = $dbr->selectField(
813 'user', 'user_editcount',
814 array( 'user_id' => $uid ),
815 __METHOD__
816 );
817
818 if( $field === null ) { // it has not been initialized. do so.
819 $dbw = wfGetDB( DB_MASTER );
820 $count = $dbr->selectField(
821 'revision', 'count(*)',
822 array( 'rev_user' => $uid ),
823 __METHOD__
824 );
825 $dbw->update(
826 'user',
827 array( 'user_editcount' => $count ),
828 array( 'user_id' => $uid ),
829 __METHOD__
830 );
831 } else {
832 $count = $field;
833 }
834 wfProfileOut( __METHOD__ );
835 return $count;
836 }
837
838 /**
839 * Return a random password.
840 *
841 * @return String new random password
842 */
843 public static function randomPassword() {
844 global $wgMinimalPasswordLength;
845 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
846 $length = max( 10, $wgMinimalPasswordLength );
847 // Multiply by 1.25 to get the number of hex characters we need
848 $length = $length * 1.25;
849 // Generate random hex chars
850 $hex = MWCryptRand::generateHex( $length );
851 // Convert from base 16 to base 32 to get a proper password like string
852 return wfBaseConvert( $hex, 16, 32 );
853 }
854
855 /**
856 * Set cached properties to default.
857 *
858 * @note This no longer clears uncached lazy-initialised properties;
859 * the constructor does that instead.
860 *
861 * @param $name string
862 */
863 public function loadDefaults( $name = false ) {
864 wfProfileIn( __METHOD__ );
865
866 $this->mId = 0;
867 $this->mName = $name;
868 $this->mRealName = '';
869 $this->mPassword = $this->mNewpassword = '';
870 $this->mNewpassTime = null;
871 $this->mEmail = '';
872 $this->mOptionOverrides = null;
873 $this->mOptionsLoaded = false;
874
875 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
876 if( $loggedOut !== null ) {
877 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
878 } else {
879 $this->mTouched = '0'; # Allow any pages to be cached
880 }
881
882 $this->mToken = null; // Don't run cryptographic functions till we need a token
883 $this->mEmailAuthenticated = null;
884 $this->mEmailToken = '';
885 $this->mEmailTokenExpires = null;
886 $this->mRegistration = wfTimestamp( TS_MW );
887 $this->mGroups = array();
888
889 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
890
891 wfProfileOut( __METHOD__ );
892 }
893
894 /**
895 * Return whether an item has been loaded.
896 *
897 * @param $item String: item to check. Current possibilities:
898 * - id
899 * - name
900 * - realname
901 * @param $all String: 'all' to check if the whole object has been loaded
902 * or any other string to check if only the item is available (e.g.
903 * for optimisation)
904 * @return Boolean
905 */
906 public function isItemLoaded( $item, $all = 'all' ) {
907 return ( $this->mLoadedItems === true && $all === 'all' ) ||
908 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
909 }
910
911 /**
912 * Set that an item has been loaded
913 *
914 * @param $item String
915 */
916 private function setItemLoaded( $item ) {
917 if ( is_array( $this->mLoadedItems ) ) {
918 $this->mLoadedItems[$item] = true;
919 }
920 }
921
922 /**
923 * Load user data from the session or login cookie. If there are no valid
924 * credentials, initialises the user as an anonymous user.
925 * @return Bool True if the user is logged in, false otherwise.
926 */
927 private function loadFromSession() {
928 global $wgExternalAuthType, $wgAutocreatePolicy;
929
930 $result = null;
931 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
932 if ( $result !== null ) {
933 return $result;
934 }
935
936 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
937 $extUser = ExternalUser::newFromCookie();
938 if ( $extUser ) {
939 # TODO: Automatically create the user here (or probably a bit
940 # lower down, in fact)
941 }
942 }
943
944 $request = $this->getRequest();
945
946 $cookieId = $request->getCookie( 'UserID' );
947 $sessId = $request->getSessionData( 'wsUserID' );
948
949 if ( $cookieId !== null ) {
950 $sId = intval( $cookieId );
951 if( $sessId !== null && $cookieId != $sessId ) {
952 $this->loadDefaults(); // Possible collision!
953 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
954 cookie user ID ($sId) don't match!" );
955 return false;
956 }
957 $request->setSessionData( 'wsUserID', $sId );
958 } elseif ( $sessId !== null && $sessId != 0 ) {
959 $sId = $sessId;
960 } else {
961 $this->loadDefaults();
962 return false;
963 }
964
965 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
966 $sName = $request->getSessionData( 'wsUserName' );
967 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
968 $sName = $request->getCookie( 'UserName' );
969 $request->setSessionData( 'wsUserName', $sName );
970 } else {
971 $this->loadDefaults();
972 return false;
973 }
974
975 $proposedUser = User::newFromId( $sId );
976 if ( !$proposedUser->isLoggedIn() ) {
977 # Not a valid ID
978 $this->loadDefaults();
979 return false;
980 }
981
982 global $wgBlockDisablesLogin;
983 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
984 # User blocked and we've disabled blocked user logins
985 $this->loadDefaults();
986 return false;
987 }
988
989 if ( $request->getSessionData( 'wsToken' ) ) {
990 $passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
991 $from = 'session';
992 } elseif ( $request->getCookie( 'Token' ) ) {
993 $passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
994 $from = 'cookie';
995 } else {
996 # No session or persistent login cookie
997 $this->loadDefaults();
998 return false;
999 }
1000
1001 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
1002 $this->loadFromUserObject( $proposedUser );
1003 $request->setSessionData( 'wsToken', $this->mToken );
1004 wfDebug( "User: logged in from $from\n" );
1005 return true;
1006 } else {
1007 # Invalid credentials
1008 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1009 $this->loadDefaults();
1010 return false;
1011 }
1012 }
1013
1014 /**
1015 * Load user and user_group data from the database.
1016 * $this->mId must be set, this is how the user is identified.
1017 *
1018 * @return Bool True if the user exists, false if the user is anonymous
1019 */
1020 public function loadFromDatabase() {
1021 # Paranoia
1022 $this->mId = intval( $this->mId );
1023
1024 /** Anonymous user */
1025 if( !$this->mId ) {
1026 $this->loadDefaults();
1027 return false;
1028 }
1029
1030 $dbr = wfGetDB( DB_MASTER );
1031 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
1032
1033 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1034
1035 if ( $s !== false ) {
1036 # Initialise user table data
1037 $this->loadFromRow( $s );
1038 $this->mGroups = null; // deferred
1039 $this->getEditCount(); // revalidation for nulls
1040 return true;
1041 } else {
1042 # Invalid user_id
1043 $this->mId = 0;
1044 $this->loadDefaults();
1045 return false;
1046 }
1047 }
1048
1049 /**
1050 * Initialize this object from a row from the user table.
1051 *
1052 * @param $row Array Row from the user table to load.
1053 */
1054 public function loadFromRow( $row ) {
1055 $all = true;
1056
1057 $this->mGroups = null; // deferred
1058
1059 if ( isset( $row->user_name ) ) {
1060 $this->mName = $row->user_name;
1061 $this->mFrom = 'name';
1062 $this->setItemLoaded( 'name' );
1063 } else {
1064 $all = false;
1065 }
1066
1067 if ( isset( $row->user_real_name ) ) {
1068 $this->mRealName = $row->user_real_name;
1069 $this->setItemLoaded( 'realname' );
1070 } else {
1071 $all = false;
1072 }
1073
1074 if ( isset( $row->user_id ) ) {
1075 $this->mId = intval( $row->user_id );
1076 $this->mFrom = 'id';
1077 $this->setItemLoaded( 'id' );
1078 } else {
1079 $all = false;
1080 }
1081
1082 if ( isset( $row->user_editcount ) ) {
1083 $this->mEditCount = $row->user_editcount;
1084 } else {
1085 $all = false;
1086 }
1087
1088 if ( isset( $row->user_password ) ) {
1089 $this->mPassword = $row->user_password;
1090 $this->mNewpassword = $row->user_newpassword;
1091 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1092 $this->mEmail = $row->user_email;
1093 if ( isset( $row->user_options ) ) {
1094 $this->decodeOptions( $row->user_options );
1095 }
1096 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1097 $this->mToken = $row->user_token;
1098 if ( $this->mToken == '' ) {
1099 $this->mToken = null;
1100 }
1101 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1102 $this->mEmailToken = $row->user_email_token;
1103 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1104 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1105 } else {
1106 $all = false;
1107 }
1108
1109 if ( $all ) {
1110 $this->mLoadedItems = true;
1111 }
1112 }
1113
1114 /**
1115 * Load the data for this user object from another user object.
1116 *
1117 * @param $user User
1118 */
1119 protected function loadFromUserObject( $user ) {
1120 $user->load();
1121 $user->loadGroups();
1122 $user->loadOptions();
1123 foreach ( self::$mCacheVars as $var ) {
1124 $this->$var = $user->$var;
1125 }
1126 }
1127
1128 /**
1129 * Load the groups from the database if they aren't already loaded.
1130 */
1131 private function loadGroups() {
1132 if ( is_null( $this->mGroups ) ) {
1133 $dbr = wfGetDB( DB_MASTER );
1134 $res = $dbr->select( 'user_groups',
1135 array( 'ug_group' ),
1136 array( 'ug_user' => $this->mId ),
1137 __METHOD__ );
1138 $this->mGroups = array();
1139 foreach ( $res as $row ) {
1140 $this->mGroups[] = $row->ug_group;
1141 }
1142 }
1143 }
1144
1145 /**
1146 * Add the user to the group if he/she meets given criteria.
1147 *
1148 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1149 * possible to remove manually via Special:UserRights. In such case it
1150 * will not be re-added automatically. The user will also not lose the
1151 * group if they no longer meet the criteria.
1152 *
1153 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1154 *
1155 * @return array Array of groups the user has been promoted to.
1156 *
1157 * @see $wgAutopromoteOnce
1158 */
1159 public function addAutopromoteOnceGroups( $event ) {
1160 global $wgAutopromoteOnceLogInRC;
1161
1162 $toPromote = array();
1163 if ( $this->getId() ) {
1164 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1165 if ( count( $toPromote ) ) {
1166 $oldGroups = $this->getGroups(); // previous groups
1167 foreach ( $toPromote as $group ) {
1168 $this->addGroup( $group );
1169 }
1170 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1171
1172 $log = new LogPage( 'rights', $wgAutopromoteOnceLogInRC /* in RC? */ );
1173 $log->addEntry( 'autopromote',
1174 $this->getUserPage(),
1175 '', // no comment
1176 // These group names are "list to texted"-ed in class LogPage.
1177 array( implode( ', ', $oldGroups ), implode( ', ', $newGroups ) )
1178 );
1179 }
1180 }
1181 return $toPromote;
1182 }
1183
1184 /**
1185 * Clear various cached data stored in this object.
1186 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1187 * given source. May be "name", "id", "defaults", "session", or false for
1188 * no reload.
1189 */
1190 public function clearInstanceCache( $reloadFrom = false ) {
1191 $this->mNewtalk = -1;
1192 $this->mDatePreference = null;
1193 $this->mBlockedby = -1; # Unset
1194 $this->mHash = false;
1195 $this->mRights = null;
1196 $this->mEffectiveGroups = null;
1197 $this->mImplicitGroups = null;
1198 $this->mOptions = null;
1199
1200 if ( $reloadFrom ) {
1201 $this->mLoadedItems = array();
1202 $this->mFrom = $reloadFrom;
1203 }
1204 }
1205
1206 /**
1207 * Combine the language default options with any site-specific options
1208 * and add the default language variants.
1209 *
1210 * @return Array of String options
1211 */
1212 public static function getDefaultOptions() {
1213 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1214
1215 $defOpt = $wgDefaultUserOptions;
1216 # default language setting
1217 $variant = $wgContLang->getDefaultVariant();
1218 $defOpt['variant'] = $variant;
1219 $defOpt['language'] = $variant;
1220 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1221 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1222 }
1223 $defOpt['skin'] = $wgDefaultSkin;
1224
1225 // FIXME: Ideally we'd cache the results of this function so the hook is only run once,
1226 // but that breaks the parser tests because they rely on being able to change $wgContLang
1227 // mid-request and see that change reflected in the return value of this function.
1228 // Which is insane and would never happen during normal MW operation, but is also not
1229 // likely to get fixed unless and until we context-ify everything.
1230 // See also https://www.mediawiki.org/wiki/Special:Code/MediaWiki/101488#c25275
1231 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1232
1233 return $defOpt;
1234 }
1235
1236 /**
1237 * Get a given default option value.
1238 *
1239 * @param $opt String Name of option to retrieve
1240 * @return String Default option value
1241 */
1242 public static function getDefaultOption( $opt ) {
1243 $defOpts = self::getDefaultOptions();
1244 if( isset( $defOpts[$opt] ) ) {
1245 return $defOpts[$opt];
1246 } else {
1247 return null;
1248 }
1249 }
1250
1251
1252 /**
1253 * Get blocking information
1254 * @param $bFromSlave Bool Whether to check the slave database first. To
1255 * improve performance, non-critical checks are done
1256 * against slaves. Check when actually saving should be
1257 * done against master.
1258 */
1259 private function getBlockedStatus( $bFromSlave = true ) {
1260 global $wgProxyWhitelist, $wgUser;
1261
1262 if ( -1 != $this->mBlockedby ) {
1263 return;
1264 }
1265
1266 wfProfileIn( __METHOD__ );
1267 wfDebug( __METHOD__.": checking...\n" );
1268
1269 // Initialize data...
1270 // Otherwise something ends up stomping on $this->mBlockedby when
1271 // things get lazy-loaded later, causing false positive block hits
1272 // due to -1 !== 0. Probably session-related... Nothing should be
1273 // overwriting mBlockedby, surely?
1274 $this->load();
1275
1276 # We only need to worry about passing the IP address to the Block generator if the
1277 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1278 # know which IP address they're actually coming from
1279 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1280 $ip = $this->getRequest()->getIP();
1281 } else {
1282 $ip = null;
1283 }
1284
1285 # User/IP blocking
1286 $block = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
1287
1288 # Proxy blocking
1289 if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
1290 && !in_array( $ip, $wgProxyWhitelist ) )
1291 {
1292 # Local list
1293 if ( self::isLocallyBlockedProxy( $ip ) ) {
1294 $block = new Block;
1295 $block->setBlocker( wfMsg( 'proxyblocker' ) );
1296 $block->mReason = wfMsg( 'proxyblockreason' );
1297 $block->setTarget( $ip );
1298 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1299 $block = new Block;
1300 $block->setBlocker( wfMsg( 'sorbs' ) );
1301 $block->mReason = wfMsg( 'sorbsreason' );
1302 $block->setTarget( $ip );
1303 }
1304 }
1305
1306 if ( $block instanceof Block ) {
1307 wfDebug( __METHOD__ . ": Found block.\n" );
1308 $this->mBlock = $block;
1309 $this->mBlockedby = $block->getByName();
1310 $this->mBlockreason = $block->mReason;
1311 $this->mHideName = $block->mHideName;
1312 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1313 } else {
1314 $this->mBlockedby = '';
1315 $this->mHideName = 0;
1316 $this->mAllowUsertalk = false;
1317 }
1318
1319 # Extensions
1320 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1321
1322 wfProfileOut( __METHOD__ );
1323 }
1324
1325 /**
1326 * Whether the given IP is in a DNS blacklist.
1327 *
1328 * @param $ip String IP to check
1329 * @param $checkWhitelist Bool: whether to check the whitelist first
1330 * @return Bool True if blacklisted.
1331 */
1332 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1333 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1334 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1335
1336 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1337 return false;
1338
1339 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1340 return false;
1341
1342 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1343 return $this->inDnsBlacklist( $ip, $urls );
1344 }
1345
1346 /**
1347 * Whether the given IP is in a given DNS blacklist.
1348 *
1349 * @param $ip String IP to check
1350 * @param $bases String|Array of Strings: URL of the DNS blacklist
1351 * @return Bool True if blacklisted.
1352 */
1353 public function inDnsBlacklist( $ip, $bases ) {
1354 wfProfileIn( __METHOD__ );
1355
1356 $found = false;
1357 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1358 if( IP::isIPv4( $ip ) ) {
1359 # Reverse IP, bug 21255
1360 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1361
1362 foreach( (array)$bases as $base ) {
1363 # Make hostname
1364 # If we have an access key, use that too (ProjectHoneypot, etc.)
1365 if( is_array( $base ) ) {
1366 if( count( $base ) >= 2 ) {
1367 # Access key is 1, base URL is 0
1368 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1369 } else {
1370 $host = "$ipReversed.{$base[0]}";
1371 }
1372 } else {
1373 $host = "$ipReversed.$base";
1374 }
1375
1376 # Send query
1377 $ipList = gethostbynamel( $host );
1378
1379 if( $ipList ) {
1380 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1381 $found = true;
1382 break;
1383 } else {
1384 wfDebug( "Requested $host, not found in $base.\n" );
1385 }
1386 }
1387 }
1388
1389 wfProfileOut( __METHOD__ );
1390 return $found;
1391 }
1392
1393 /**
1394 * Check if an IP address is in the local proxy list
1395 *
1396 * @param $ip string
1397 *
1398 * @return bool
1399 */
1400 public static function isLocallyBlockedProxy( $ip ) {
1401 global $wgProxyList;
1402
1403 if ( !$wgProxyList ) {
1404 return false;
1405 }
1406 wfProfileIn( __METHOD__ );
1407
1408 if ( !is_array( $wgProxyList ) ) {
1409 # Load from the specified file
1410 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1411 }
1412
1413 if ( !is_array( $wgProxyList ) ) {
1414 $ret = false;
1415 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1416 $ret = true;
1417 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1418 # Old-style flipped proxy list
1419 $ret = true;
1420 } else {
1421 $ret = false;
1422 }
1423 wfProfileOut( __METHOD__ );
1424 return $ret;
1425 }
1426
1427 /**
1428 * Is this user subject to rate limiting?
1429 *
1430 * @return Bool True if rate limited
1431 */
1432 public function isPingLimitable() {
1433 global $wgRateLimitsExcludedIPs;
1434 if( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1435 // No other good way currently to disable rate limits
1436 // for specific IPs. :P
1437 // But this is a crappy hack and should die.
1438 return false;
1439 }
1440 return !$this->isAllowed('noratelimit');
1441 }
1442
1443 /**
1444 * Primitive rate limits: enforce maximum actions per time period
1445 * to put a brake on flooding.
1446 *
1447 * @note When using a shared cache like memcached, IP-address
1448 * last-hit counters will be shared across wikis.
1449 *
1450 * @param $action String Action to enforce; 'edit' if unspecified
1451 * @return Bool True if a rate limiter was tripped
1452 */
1453 public function pingLimiter( $action = 'edit' ) {
1454 # Call the 'PingLimiter' hook
1455 $result = false;
1456 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1457 return $result;
1458 }
1459
1460 global $wgRateLimits;
1461 if( !isset( $wgRateLimits[$action] ) ) {
1462 return false;
1463 }
1464
1465 # Some groups shouldn't trigger the ping limiter, ever
1466 if( !$this->isPingLimitable() )
1467 return false;
1468
1469 global $wgMemc, $wgRateLimitLog;
1470 wfProfileIn( __METHOD__ );
1471
1472 $limits = $wgRateLimits[$action];
1473 $keys = array();
1474 $id = $this->getId();
1475 $ip = $this->getRequest()->getIP();
1476 $userLimit = false;
1477
1478 if( isset( $limits['anon'] ) && $id == 0 ) {
1479 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1480 }
1481
1482 if( isset( $limits['user'] ) && $id != 0 ) {
1483 $userLimit = $limits['user'];
1484 }
1485 if( $this->isNewbie() ) {
1486 if( isset( $limits['newbie'] ) && $id != 0 ) {
1487 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1488 }
1489 if( isset( $limits['ip'] ) ) {
1490 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1491 }
1492 $matches = array();
1493 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1494 $subnet = $matches[1];
1495 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1496 }
1497 }
1498 // Check for group-specific permissions
1499 // If more than one group applies, use the group with the highest limit
1500 foreach ( $this->getGroups() as $group ) {
1501 if ( isset( $limits[$group] ) ) {
1502 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1503 $userLimit = $limits[$group];
1504 }
1505 }
1506 }
1507 // Set the user limit key
1508 if ( $userLimit !== false ) {
1509 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1510 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1511 }
1512
1513 $triggered = false;
1514 foreach( $keys as $key => $limit ) {
1515 list( $max, $period ) = $limit;
1516 $summary = "(limit $max in {$period}s)";
1517 $count = $wgMemc->get( $key );
1518 // Already pinged?
1519 if( $count ) {
1520 if( $count >= $max ) {
1521 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1522 if( $wgRateLimitLog ) {
1523 wfSuppressWarnings();
1524 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1525 wfRestoreWarnings();
1526 }
1527 $triggered = true;
1528 } else {
1529 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1530 }
1531 } else {
1532 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1533 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1534 }
1535 $wgMemc->incr( $key );
1536 }
1537
1538 wfProfileOut( __METHOD__ );
1539 return $triggered;
1540 }
1541
1542 /**
1543 * Check if user is blocked
1544 *
1545 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1546 * @return Bool True if blocked, false otherwise
1547 */
1548 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1549 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1550 }
1551
1552 /**
1553 * Get the block affecting the user, or null if the user is not blocked
1554 *
1555 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1556 * @return Block|null
1557 */
1558 public function getBlock( $bFromSlave = true ){
1559 $this->getBlockedStatus( $bFromSlave );
1560 return $this->mBlock instanceof Block ? $this->mBlock : null;
1561 }
1562
1563 /**
1564 * Check if user is blocked from editing a particular article
1565 *
1566 * @param $title Title to check
1567 * @param $bFromSlave Bool whether to check the slave database instead of the master
1568 * @return Bool
1569 */
1570 function isBlockedFrom( $title, $bFromSlave = false ) {
1571 global $wgBlockAllowsUTEdit;
1572 wfProfileIn( __METHOD__ );
1573
1574 $blocked = $this->isBlocked( $bFromSlave );
1575 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1576 # If a user's name is suppressed, they cannot make edits anywhere
1577 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1578 $title->getNamespace() == NS_USER_TALK ) {
1579 $blocked = false;
1580 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1581 }
1582
1583 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1584
1585 wfProfileOut( __METHOD__ );
1586 return $blocked;
1587 }
1588
1589 /**
1590 * If user is blocked, return the name of the user who placed the block
1591 * @return String name of blocker
1592 */
1593 public function blockedBy() {
1594 $this->getBlockedStatus();
1595 return $this->mBlockedby;
1596 }
1597
1598 /**
1599 * If user is blocked, return the specified reason for the block
1600 * @return String Blocking reason
1601 */
1602 public function blockedFor() {
1603 $this->getBlockedStatus();
1604 return $this->mBlockreason;
1605 }
1606
1607 /**
1608 * If user is blocked, return the ID for the block
1609 * @return Int Block ID
1610 */
1611 public function getBlockId() {
1612 $this->getBlockedStatus();
1613 return ( $this->mBlock ? $this->mBlock->getId() : false );
1614 }
1615
1616 /**
1617 * Check if user is blocked on all wikis.
1618 * Do not use for actual edit permission checks!
1619 * This is intented for quick UI checks.
1620 *
1621 * @param $ip String IP address, uses current client if none given
1622 * @return Bool True if blocked, false otherwise
1623 */
1624 public function isBlockedGlobally( $ip = '' ) {
1625 if( $this->mBlockedGlobally !== null ) {
1626 return $this->mBlockedGlobally;
1627 }
1628 // User is already an IP?
1629 if( IP::isIPAddress( $this->getName() ) ) {
1630 $ip = $this->getName();
1631 } elseif( !$ip ) {
1632 $ip = $this->getRequest()->getIP();
1633 }
1634 $blocked = false;
1635 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1636 $this->mBlockedGlobally = (bool)$blocked;
1637 return $this->mBlockedGlobally;
1638 }
1639
1640 /**
1641 * Check if user account is locked
1642 *
1643 * @return Bool True if locked, false otherwise
1644 */
1645 public function isLocked() {
1646 if( $this->mLocked !== null ) {
1647 return $this->mLocked;
1648 }
1649 global $wgAuth;
1650 $authUser = $wgAuth->getUserInstance( $this );
1651 $this->mLocked = (bool)$authUser->isLocked();
1652 return $this->mLocked;
1653 }
1654
1655 /**
1656 * Check if user account is hidden
1657 *
1658 * @return Bool True if hidden, false otherwise
1659 */
1660 public function isHidden() {
1661 if( $this->mHideName !== null ) {
1662 return $this->mHideName;
1663 }
1664 $this->getBlockedStatus();
1665 if( !$this->mHideName ) {
1666 global $wgAuth;
1667 $authUser = $wgAuth->getUserInstance( $this );
1668 $this->mHideName = (bool)$authUser->isHidden();
1669 }
1670 return $this->mHideName;
1671 }
1672
1673 /**
1674 * Get the user's ID.
1675 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1676 */
1677 public function getId() {
1678 if( $this->mId === null && $this->mName !== null
1679 && User::isIP( $this->mName ) ) {
1680 // Special case, we know the user is anonymous
1681 return 0;
1682 } elseif( !$this->isItemLoaded( 'id' ) ) {
1683 // Don't load if this was initialized from an ID
1684 $this->load();
1685 }
1686 return $this->mId;
1687 }
1688
1689 /**
1690 * Set the user and reload all fields according to a given ID
1691 * @param $v Int User ID to reload
1692 */
1693 public function setId( $v ) {
1694 $this->mId = $v;
1695 $this->clearInstanceCache( 'id' );
1696 }
1697
1698 /**
1699 * Get the user name, or the IP of an anonymous user
1700 * @return String User's name or IP address
1701 */
1702 public function getName() {
1703 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1704 # Special case optimisation
1705 return $this->mName;
1706 } else {
1707 $this->load();
1708 if ( $this->mName === false ) {
1709 # Clean up IPs
1710 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1711 }
1712 return $this->mName;
1713 }
1714 }
1715
1716 /**
1717 * Set the user name.
1718 *
1719 * This does not reload fields from the database according to the given
1720 * name. Rather, it is used to create a temporary "nonexistent user" for
1721 * later addition to the database. It can also be used to set the IP
1722 * address for an anonymous user to something other than the current
1723 * remote IP.
1724 *
1725 * @note User::newFromName() has rougly the same function, when the named user
1726 * does not exist.
1727 * @param $str String New user name to set
1728 */
1729 public function setName( $str ) {
1730 $this->load();
1731 $this->mName = $str;
1732 }
1733
1734 /**
1735 * Get the user's name escaped by underscores.
1736 * @return String Username escaped by underscores.
1737 */
1738 public function getTitleKey() {
1739 return str_replace( ' ', '_', $this->getName() );
1740 }
1741
1742 /**
1743 * Check if the user has new messages.
1744 * @return Bool True if the user has new messages
1745 */
1746 public function getNewtalk() {
1747 $this->load();
1748
1749 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1750 if( $this->mNewtalk === -1 ) {
1751 $this->mNewtalk = false; # reset talk page status
1752
1753 # Check memcached separately for anons, who have no
1754 # entire User object stored in there.
1755 if( !$this->mId ) {
1756 global $wgMemc;
1757 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1758 $newtalk = $wgMemc->get( $key );
1759 if( strval( $newtalk ) !== '' ) {
1760 $this->mNewtalk = (bool)$newtalk;
1761 } else {
1762 // Since we are caching this, make sure it is up to date by getting it
1763 // from the master
1764 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1765 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1766 }
1767 } else {
1768 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1769 }
1770 }
1771
1772 return (bool)$this->mNewtalk;
1773 }
1774
1775 /**
1776 * Return the talk page(s) this user has new messages on.
1777 * @return Array of String page URLs
1778 */
1779 public function getNewMessageLinks() {
1780 $talks = array();
1781 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1782 return $talks;
1783
1784 if( !$this->getNewtalk() )
1785 return array();
1786 $up = $this->getUserPage();
1787 $utp = $up->getTalkPage();
1788 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1789 }
1790
1791 /**
1792 * Internal uncached check for new messages
1793 *
1794 * @see getNewtalk()
1795 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1796 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1797 * @param $fromMaster Bool true to fetch from the master, false for a slave
1798 * @return Bool True if the user has new messages
1799 */
1800 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1801 if ( $fromMaster ) {
1802 $db = wfGetDB( DB_MASTER );
1803 } else {
1804 $db = wfGetDB( DB_SLAVE );
1805 }
1806 $ok = $db->selectField( 'user_newtalk', $field,
1807 array( $field => $id ), __METHOD__ );
1808 return $ok !== false;
1809 }
1810
1811 /**
1812 * Add or update the new messages flag
1813 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1814 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1815 * @return Bool True if successful, false otherwise
1816 */
1817 protected function updateNewtalk( $field, $id ) {
1818 $dbw = wfGetDB( DB_MASTER );
1819 $dbw->insert( 'user_newtalk',
1820 array( $field => $id ),
1821 __METHOD__,
1822 'IGNORE' );
1823 if ( $dbw->affectedRows() ) {
1824 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1825 return true;
1826 } else {
1827 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1828 return false;
1829 }
1830 }
1831
1832 /**
1833 * Clear the new messages flag for the given user
1834 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1835 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1836 * @return Bool True if successful, false otherwise
1837 */
1838 protected function deleteNewtalk( $field, $id ) {
1839 $dbw = wfGetDB( DB_MASTER );
1840 $dbw->delete( 'user_newtalk',
1841 array( $field => $id ),
1842 __METHOD__ );
1843 if ( $dbw->affectedRows() ) {
1844 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1845 return true;
1846 } else {
1847 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1848 return false;
1849 }
1850 }
1851
1852 /**
1853 * Update the 'You have new messages!' status.
1854 * @param $val Bool Whether the user has new messages
1855 */
1856 public function setNewtalk( $val ) {
1857 if( wfReadOnly() ) {
1858 return;
1859 }
1860
1861 $this->load();
1862 $this->mNewtalk = $val;
1863
1864 if( $this->isAnon() ) {
1865 $field = 'user_ip';
1866 $id = $this->getName();
1867 } else {
1868 $field = 'user_id';
1869 $id = $this->getId();
1870 }
1871 global $wgMemc;
1872
1873 if( $val ) {
1874 $changed = $this->updateNewtalk( $field, $id );
1875 } else {
1876 $changed = $this->deleteNewtalk( $field, $id );
1877 }
1878
1879 if( $this->isAnon() ) {
1880 // Anons have a separate memcached space, since
1881 // user records aren't kept for them.
1882 $key = wfMemcKey( 'newtalk', 'ip', $id );
1883 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1884 }
1885 if ( $changed ) {
1886 $this->invalidateCache();
1887 }
1888 }
1889
1890 /**
1891 * Generate a current or new-future timestamp to be stored in the
1892 * user_touched field when we update things.
1893 * @return String Timestamp in TS_MW format
1894 */
1895 private static function newTouchedTimestamp() {
1896 global $wgClockSkewFudge;
1897 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1898 }
1899
1900 /**
1901 * Clear user data from memcached.
1902 * Use after applying fun updates to the database; caller's
1903 * responsibility to update user_touched if appropriate.
1904 *
1905 * Called implicitly from invalidateCache() and saveSettings().
1906 */
1907 private function clearSharedCache() {
1908 $this->load();
1909 if( $this->mId ) {
1910 global $wgMemc;
1911 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1912 }
1913 }
1914
1915 /**
1916 * Immediately touch the user data cache for this account.
1917 * Updates user_touched field, and removes account data from memcached
1918 * for reload on the next hit.
1919 */
1920 public function invalidateCache() {
1921 if( wfReadOnly() ) {
1922 return;
1923 }
1924 $this->load();
1925 if( $this->mId ) {
1926 $this->mTouched = self::newTouchedTimestamp();
1927
1928 $dbw = wfGetDB( DB_MASTER );
1929 $dbw->update( 'user',
1930 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1931 array( 'user_id' => $this->mId ),
1932 __METHOD__ );
1933
1934 $this->clearSharedCache();
1935 }
1936 }
1937
1938 /**
1939 * Validate the cache for this account.
1940 * @param $timestamp String A timestamp in TS_MW format
1941 *
1942 * @return bool
1943 */
1944 public function validateCache( $timestamp ) {
1945 $this->load();
1946 return ( $timestamp >= $this->mTouched );
1947 }
1948
1949 /**
1950 * Get the user touched timestamp
1951 * @return String timestamp
1952 */
1953 public function getTouched() {
1954 $this->load();
1955 return $this->mTouched;
1956 }
1957
1958 /**
1959 * Set the password and reset the random token.
1960 * Calls through to authentication plugin if necessary;
1961 * will have no effect if the auth plugin refuses to
1962 * pass the change through or if the legal password
1963 * checks fail.
1964 *
1965 * As a special case, setting the password to null
1966 * wipes it, so the account cannot be logged in until
1967 * a new password is set, for instance via e-mail.
1968 *
1969 * @param $str String New password to set
1970 * @throws PasswordError on failure
1971 *
1972 * @return bool
1973 */
1974 public function setPassword( $str ) {
1975 global $wgAuth;
1976
1977 if( $str !== null ) {
1978 if( !$wgAuth->allowPasswordChange() ) {
1979 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1980 }
1981
1982 if( !$this->isValidPassword( $str ) ) {
1983 global $wgMinimalPasswordLength;
1984 $valid = $this->getPasswordValidity( $str );
1985 if ( is_array( $valid ) ) {
1986 $message = array_shift( $valid );
1987 $params = $valid;
1988 } else {
1989 $message = $valid;
1990 $params = array( $wgMinimalPasswordLength );
1991 }
1992 throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
1993 }
1994 }
1995
1996 if( !$wgAuth->setPassword( $this, $str ) ) {
1997 throw new PasswordError( wfMsg( 'externaldberror' ) );
1998 }
1999
2000 $this->setInternalPassword( $str );
2001
2002 return true;
2003 }
2004
2005 /**
2006 * Set the password and reset the random token unconditionally.
2007 *
2008 * @param $str String New password to set
2009 */
2010 public function setInternalPassword( $str ) {
2011 $this->load();
2012 $this->setToken();
2013
2014 if( $str === null ) {
2015 // Save an invalid hash...
2016 $this->mPassword = '';
2017 } else {
2018 $this->mPassword = self::crypt( $str );
2019 }
2020 $this->mNewpassword = '';
2021 $this->mNewpassTime = null;
2022 }
2023
2024 /**
2025 * Get the user's current token.
2026 * @param $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2027 * @return String Token
2028 */
2029 public function getToken( $forceCreation = true ) {
2030 $this->load();
2031 if ( !$this->mToken && $forceCreation ) {
2032 $this->setToken();
2033 }
2034 return $this->mToken;
2035 }
2036
2037 /**
2038 * Set the random token (used for persistent authentication)
2039 * Called from loadDefaults() among other places.
2040 *
2041 * @param $token String|bool If specified, set the token to this value
2042 */
2043 public function setToken( $token = false ) {
2044 global $wgSecretKey, $wgProxyKey;
2045 $this->load();
2046 if ( !$token ) {
2047 $this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
2048 } else {
2049 $this->mToken = $token;
2050 }
2051 }
2052
2053 /**
2054 * Set the password for a password reminder or new account email
2055 *
2056 * @param $str String New password to set
2057 * @param $throttle Bool If true, reset the throttle timestamp to the present
2058 */
2059 public function setNewpassword( $str, $throttle = true ) {
2060 $this->load();
2061 $this->mNewpassword = self::crypt( $str );
2062 if ( $throttle ) {
2063 $this->mNewpassTime = wfTimestampNow();
2064 }
2065 }
2066
2067 /**
2068 * Has password reminder email been sent within the last
2069 * $wgPasswordReminderResendTime hours?
2070 * @return Bool
2071 */
2072 public function isPasswordReminderThrottled() {
2073 global $wgPasswordReminderResendTime;
2074 $this->load();
2075 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2076 return false;
2077 }
2078 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2079 return time() < $expiry;
2080 }
2081
2082 /**
2083 * Get the user's e-mail address
2084 * @return String User's email address
2085 */
2086 public function getEmail() {
2087 $this->load();
2088 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2089 return $this->mEmail;
2090 }
2091
2092 /**
2093 * Get the timestamp of the user's e-mail authentication
2094 * @return String TS_MW timestamp
2095 */
2096 public function getEmailAuthenticationTimestamp() {
2097 $this->load();
2098 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2099 return $this->mEmailAuthenticated;
2100 }
2101
2102 /**
2103 * Set the user's e-mail address
2104 * @param $str String New e-mail address
2105 */
2106 public function setEmail( $str ) {
2107 $this->load();
2108 if( $str == $this->mEmail ) {
2109 return;
2110 }
2111 $this->mEmail = $str;
2112 $this->invalidateEmail();
2113 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2114 }
2115
2116 /**
2117 * Get the user's real name
2118 * @return String User's real name
2119 */
2120 public function getRealName() {
2121 if ( !$this->isItemLoaded( 'realname' ) ) {
2122 $this->load();
2123 }
2124
2125 return $this->mRealName;
2126 }
2127
2128 /**
2129 * Set the user's real name
2130 * @param $str String New real name
2131 */
2132 public function setRealName( $str ) {
2133 $this->load();
2134 $this->mRealName = $str;
2135 }
2136
2137 /**
2138 * Get the user's current setting for a given option.
2139 *
2140 * @param $oname String The option to check
2141 * @param $defaultOverride String A default value returned if the option does not exist
2142 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2143 * @return String User's current value for the option
2144 * @see getBoolOption()
2145 * @see getIntOption()
2146 */
2147 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2148 global $wgHiddenPrefs;
2149 $this->loadOptions();
2150
2151 if ( is_null( $this->mOptions ) ) {
2152 if($defaultOverride != '') {
2153 return $defaultOverride;
2154 }
2155 $this->mOptions = User::getDefaultOptions();
2156 }
2157
2158 # We want 'disabled' preferences to always behave as the default value for
2159 # users, even if they have set the option explicitly in their settings (ie they
2160 # set it, and then it was disabled removing their ability to change it). But
2161 # we don't want to erase the preferences in the database in case the preference
2162 # is re-enabled again. So don't touch $mOptions, just override the returned value
2163 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2164 return self::getDefaultOption( $oname );
2165 }
2166
2167 if ( array_key_exists( $oname, $this->mOptions ) ) {
2168 return $this->mOptions[$oname];
2169 } else {
2170 return $defaultOverride;
2171 }
2172 }
2173
2174 /**
2175 * Get all user's options
2176 *
2177 * @return array
2178 */
2179 public function getOptions() {
2180 global $wgHiddenPrefs;
2181 $this->loadOptions();
2182 $options = $this->mOptions;
2183
2184 # We want 'disabled' preferences to always behave as the default value for
2185 # users, even if they have set the option explicitly in their settings (ie they
2186 # set it, and then it was disabled removing their ability to change it). But
2187 # we don't want to erase the preferences in the database in case the preference
2188 # is re-enabled again. So don't touch $mOptions, just override the returned value
2189 foreach( $wgHiddenPrefs as $pref ){
2190 $default = self::getDefaultOption( $pref );
2191 if( $default !== null ){
2192 $options[$pref] = $default;
2193 }
2194 }
2195
2196 return $options;
2197 }
2198
2199 /**
2200 * Get the user's current setting for a given option, as a boolean value.
2201 *
2202 * @param $oname String The option to check
2203 * @return Bool User's current value for the option
2204 * @see getOption()
2205 */
2206 public function getBoolOption( $oname ) {
2207 return (bool)$this->getOption( $oname );
2208 }
2209
2210 /**
2211 * Get the user's current setting for a given option, as a boolean value.
2212 *
2213 * @param $oname String The option to check
2214 * @param $defaultOverride Int A default value returned if the option does not exist
2215 * @return Int User's current value for the option
2216 * @see getOption()
2217 */
2218 public function getIntOption( $oname, $defaultOverride=0 ) {
2219 $val = $this->getOption( $oname );
2220 if( $val == '' ) {
2221 $val = $defaultOverride;
2222 }
2223 return intval( $val );
2224 }
2225
2226 /**
2227 * Set the given option for a user.
2228 *
2229 * @param $oname String The option to set
2230 * @param $val mixed New value to set
2231 */
2232 public function setOption( $oname, $val ) {
2233 $this->load();
2234 $this->loadOptions();
2235
2236 // Explicitly NULL values should refer to defaults
2237 global $wgDefaultUserOptions;
2238 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2239 $val = $wgDefaultUserOptions[$oname];
2240 }
2241
2242 $this->mOptions[$oname] = $val;
2243 }
2244
2245 /**
2246 * Reset all options to the site defaults
2247 */
2248 public function resetOptions() {
2249 $this->mOptions = self::getDefaultOptions();
2250 }
2251
2252 /**
2253 * Get the user's preferred date format.
2254 * @return String User's preferred date format
2255 */
2256 public function getDatePreference() {
2257 // Important migration for old data rows
2258 if ( is_null( $this->mDatePreference ) ) {
2259 global $wgLang;
2260 $value = $this->getOption( 'date' );
2261 $map = $wgLang->getDatePreferenceMigrationMap();
2262 if ( isset( $map[$value] ) ) {
2263 $value = $map[$value];
2264 }
2265 $this->mDatePreference = $value;
2266 }
2267 return $this->mDatePreference;
2268 }
2269
2270 /**
2271 * Get the user preferred stub threshold
2272 *
2273 * @return int
2274 */
2275 public function getStubThreshold() {
2276 global $wgMaxArticleSize; # Maximum article size, in Kb
2277 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2278 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2279 # If they have set an impossible value, disable the preference
2280 # so we can use the parser cache again.
2281 $threshold = 0;
2282 }
2283 return $threshold;
2284 }
2285
2286 /**
2287 * Get the permissions this user has.
2288 * @return Array of String permission names
2289 */
2290 public function getRights() {
2291 if ( is_null( $this->mRights ) ) {
2292 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2293 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2294 // Force reindexation of rights when a hook has unset one of them
2295 $this->mRights = array_values( $this->mRights );
2296 }
2297 return $this->mRights;
2298 }
2299
2300 /**
2301 * Get the list of explicit group memberships this user has.
2302 * The implicit * and user groups are not included.
2303 * @return Array of String internal group names
2304 */
2305 public function getGroups() {
2306 $this->load();
2307 $this->loadGroups();
2308 return $this->mGroups;
2309 }
2310
2311 /**
2312 * Get the list of implicit group memberships this user has.
2313 * This includes all explicit groups, plus 'user' if logged in,
2314 * '*' for all accounts, and autopromoted groups
2315 * @param $recache Bool Whether to avoid the cache
2316 * @return Array of String internal group names
2317 */
2318 public function getEffectiveGroups( $recache = false ) {
2319 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2320 wfProfileIn( __METHOD__ );
2321 $this->mEffectiveGroups = array_unique( array_merge(
2322 $this->getGroups(), // explicit groups
2323 $this->getAutomaticGroups( $recache ) // implicit groups
2324 ) );
2325 # Hook for additional groups
2326 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2327 wfProfileOut( __METHOD__ );
2328 }
2329 return $this->mEffectiveGroups;
2330 }
2331
2332 /**
2333 * Get the list of implicit group memberships this user has.
2334 * This includes 'user' if logged in, '*' for all accounts,
2335 * and autopromoted groups
2336 * @param $recache Bool Whether to avoid the cache
2337 * @return Array of String internal group names
2338 */
2339 public function getAutomaticGroups( $recache = false ) {
2340 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2341 wfProfileIn( __METHOD__ );
2342 $this->mImplicitGroups = array( '*' );
2343 if ( $this->getId() ) {
2344 $this->mImplicitGroups[] = 'user';
2345
2346 $this->mImplicitGroups = array_unique( array_merge(
2347 $this->mImplicitGroups,
2348 Autopromote::getAutopromoteGroups( $this )
2349 ) );
2350 }
2351 if ( $recache ) {
2352 # Assure data consistency with rights/groups,
2353 # as getEffectiveGroups() depends on this function
2354 $this->mEffectiveGroups = null;
2355 }
2356 wfProfileOut( __METHOD__ );
2357 }
2358 return $this->mImplicitGroups;
2359 }
2360
2361 /**
2362 * Returns the groups the user has belonged to.
2363 *
2364 * The user may still belong to the returned groups. Compare with getGroups().
2365 *
2366 * The function will not return groups the user had belonged to before MW 1.17
2367 *
2368 * @return array Names of the groups the user has belonged to.
2369 */
2370 public function getFormerGroups() {
2371 if( is_null( $this->mFormerGroups ) ) {
2372 $dbr = wfGetDB( DB_MASTER );
2373 $res = $dbr->select( 'user_former_groups',
2374 array( 'ufg_group' ),
2375 array( 'ufg_user' => $this->mId ),
2376 __METHOD__ );
2377 $this->mFormerGroups = array();
2378 foreach( $res as $row ) {
2379 $this->mFormerGroups[] = $row->ufg_group;
2380 }
2381 }
2382 return $this->mFormerGroups;
2383 }
2384
2385 /**
2386 * Get the user's edit count.
2387 * @return Int
2388 */
2389 public function getEditCount() {
2390 if( $this->getId() ) {
2391 if ( !isset( $this->mEditCount ) ) {
2392 /* Populate the count, if it has not been populated yet */
2393 $this->mEditCount = User::edits( $this->mId );
2394 }
2395 return $this->mEditCount;
2396 } else {
2397 /* nil */
2398 return null;
2399 }
2400 }
2401
2402 /**
2403 * Add the user to the given group.
2404 * This takes immediate effect.
2405 * @param $group String Name of the group to add
2406 */
2407 public function addGroup( $group ) {
2408 if( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2409 $dbw = wfGetDB( DB_MASTER );
2410 if( $this->getId() ) {
2411 $dbw->insert( 'user_groups',
2412 array(
2413 'ug_user' => $this->getID(),
2414 'ug_group' => $group,
2415 ),
2416 __METHOD__,
2417 array( 'IGNORE' ) );
2418 }
2419 }
2420 $this->loadGroups();
2421 $this->mGroups[] = $group;
2422 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2423
2424 $this->invalidateCache();
2425 }
2426
2427 /**
2428 * Remove the user from the given group.
2429 * This takes immediate effect.
2430 * @param $group String Name of the group to remove
2431 */
2432 public function removeGroup( $group ) {
2433 $this->load();
2434 if( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2435 $dbw = wfGetDB( DB_MASTER );
2436 $dbw->delete( 'user_groups',
2437 array(
2438 'ug_user' => $this->getID(),
2439 'ug_group' => $group,
2440 ), __METHOD__ );
2441 // Remember that the user was in this group
2442 $dbw->insert( 'user_former_groups',
2443 array(
2444 'ufg_user' => $this->getID(),
2445 'ufg_group' => $group,
2446 ),
2447 __METHOD__,
2448 array( 'IGNORE' ) );
2449 }
2450 $this->loadGroups();
2451 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2452 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2453
2454 $this->invalidateCache();
2455 }
2456
2457 /**
2458 * Get whether the user is logged in
2459 * @return Bool
2460 */
2461 public function isLoggedIn() {
2462 return $this->getID() != 0;
2463 }
2464
2465 /**
2466 * Get whether the user is anonymous
2467 * @return Bool
2468 */
2469 public function isAnon() {
2470 return !$this->isLoggedIn();
2471 }
2472
2473 /**
2474 * Check if user is allowed to access a feature / make an action
2475 *
2476 * @internal param \String $varargs permissions to test
2477 * @return Boolean: True if user is allowed to perform *any* of the given actions
2478 *
2479 * @return bool
2480 */
2481 public function isAllowedAny( /*...*/ ){
2482 $permissions = func_get_args();
2483 foreach( $permissions as $permission ){
2484 if( $this->isAllowed( $permission ) ){
2485 return true;
2486 }
2487 }
2488 return false;
2489 }
2490
2491 /**
2492 *
2493 * @internal param $varargs string
2494 * @return bool True if the user is allowed to perform *all* of the given actions
2495 */
2496 public function isAllowedAll( /*...*/ ){
2497 $permissions = func_get_args();
2498 foreach( $permissions as $permission ){
2499 if( !$this->isAllowed( $permission ) ){
2500 return false;
2501 }
2502 }
2503 return true;
2504 }
2505
2506 /**
2507 * Internal mechanics of testing a permission
2508 * @param $action String
2509 * @return bool
2510 */
2511 public function isAllowed( $action = '' ) {
2512 if ( $action === '' ) {
2513 return true; // In the spirit of DWIM
2514 }
2515 # Patrolling may not be enabled
2516 if( $action === 'patrol' || $action === 'autopatrol' ) {
2517 global $wgUseRCPatrol, $wgUseNPPatrol;
2518 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2519 return false;
2520 }
2521 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2522 # by misconfiguration: 0 == 'foo'
2523 return in_array( $action, $this->getRights(), true );
2524 }
2525
2526 /**
2527 * Check whether to enable recent changes patrol features for this user
2528 * @return Boolean: True or false
2529 */
2530 public function useRCPatrol() {
2531 global $wgUseRCPatrol;
2532 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2533 }
2534
2535 /**
2536 * Check whether to enable new pages patrol features for this user
2537 * @return Bool True or false
2538 */
2539 public function useNPPatrol() {
2540 global $wgUseRCPatrol, $wgUseNPPatrol;
2541 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2542 }
2543
2544 /**
2545 * Get the WebRequest object to use with this object
2546 *
2547 * @return WebRequest
2548 */
2549 public function getRequest() {
2550 if ( $this->mRequest ) {
2551 return $this->mRequest;
2552 } else {
2553 global $wgRequest;
2554 return $wgRequest;
2555 }
2556 }
2557
2558 /**
2559 * Get the current skin, loading it if required
2560 * @return Skin The current skin
2561 * @todo FIXME: Need to check the old failback system [AV]
2562 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2563 */
2564 public function getSkin() {
2565 wfDeprecated( __METHOD__, '1.18' );
2566 return RequestContext::getMain()->getSkin();
2567 }
2568
2569 /**
2570 * Check the watched status of an article.
2571 * @param $title Title of the article to look at
2572 * @return Bool
2573 */
2574 public function isWatched( $title ) {
2575 $wl = WatchedItem::fromUserTitle( $this, $title );
2576 return $wl->isWatched();
2577 }
2578
2579 /**
2580 * Watch an article.
2581 * @param $title Title of the article to look at
2582 */
2583 public function addWatch( $title ) {
2584 $wl = WatchedItem::fromUserTitle( $this, $title );
2585 $wl->addWatch();
2586 $this->invalidateCache();
2587 }
2588
2589 /**
2590 * Stop watching an article.
2591 * @param $title Title of the article to look at
2592 */
2593 public function removeWatch( $title ) {
2594 $wl = WatchedItem::fromUserTitle( $this, $title );
2595 $wl->removeWatch();
2596 $this->invalidateCache();
2597 }
2598
2599 /**
2600 * Clear the user's notification timestamp for the given title.
2601 * If e-notif e-mails are on, they will receive notification mails on
2602 * the next change of the page if it's watched etc.
2603 * @param $title Title of the article to look at
2604 */
2605 public function clearNotification( &$title ) {
2606 global $wgUseEnotif, $wgShowUpdatedMarker;
2607
2608 # Do nothing if the database is locked to writes
2609 if( wfReadOnly() ) {
2610 return;
2611 }
2612
2613 if( $title->getNamespace() == NS_USER_TALK &&
2614 $title->getText() == $this->getName() ) {
2615 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2616 return;
2617 $this->setNewtalk( false );
2618 }
2619
2620 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2621 return;
2622 }
2623
2624 if( $this->isAnon() ) {
2625 // Nothing else to do...
2626 return;
2627 }
2628
2629 // Only update the timestamp if the page is being watched.
2630 // The query to find out if it is watched is cached both in memcached and per-invocation,
2631 // and when it does have to be executed, it can be on a slave
2632 // If this is the user's newtalk page, we always update the timestamp
2633 $force = '';
2634 if ( $title->getNamespace() == NS_USER_TALK &&
2635 $title->getText() == $this->getName() )
2636 {
2637 $force = 'force';
2638 }
2639
2640 $wi = WatchedItem::fromUserTitle( $this, $title );
2641 $wi->resetNotificationTimestamp( $force );
2642 }
2643
2644 /**
2645 * Resets all of the given user's page-change notification timestamps.
2646 * If e-notif e-mails are on, they will receive notification mails on
2647 * the next change of any watched page.
2648 */
2649 public function clearAllNotifications() {
2650 global $wgUseEnotif, $wgShowUpdatedMarker;
2651 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2652 $this->setNewtalk( false );
2653 return;
2654 }
2655 $id = $this->getId();
2656 if( $id != 0 ) {
2657 $dbw = wfGetDB( DB_MASTER );
2658 $dbw->update( 'watchlist',
2659 array( /* SET */
2660 'wl_notificationtimestamp' => null
2661 ), array( /* WHERE */
2662 'wl_user' => $id
2663 ), __METHOD__
2664 );
2665 # We also need to clear here the "you have new message" notification for the own user_talk page
2666 # This is cleared one page view later in Article::viewUpdates();
2667 }
2668 }
2669
2670 /**
2671 * Set this user's options from an encoded string
2672 * @param $str String Encoded options to import
2673 *
2674 * @deprecated in 1.19 due to removal of user_options from the user table
2675 */
2676 private function decodeOptions( $str ) {
2677 wfDeprecated( __METHOD__, '1.19' );
2678 if( !$str )
2679 return;
2680
2681 $this->mOptionsLoaded = true;
2682 $this->mOptionOverrides = array();
2683
2684 // If an option is not set in $str, use the default value
2685 $this->mOptions = self::getDefaultOptions();
2686
2687 $a = explode( "\n", $str );
2688 foreach ( $a as $s ) {
2689 $m = array();
2690 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2691 $this->mOptions[$m[1]] = $m[2];
2692 $this->mOptionOverrides[$m[1]] = $m[2];
2693 }
2694 }
2695 }
2696
2697 /**
2698 * Set a cookie on the user's client. Wrapper for
2699 * WebResponse::setCookie
2700 * @param $name String Name of the cookie to set
2701 * @param $value String Value to set
2702 * @param $exp Int Expiration time, as a UNIX time value;
2703 * if 0 or not specified, use the default $wgCookieExpiration
2704 */
2705 protected function setCookie( $name, $value, $exp = 0 ) {
2706 $this->getRequest()->response()->setcookie( $name, $value, $exp );
2707 }
2708
2709 /**
2710 * Clear a cookie on the user's client
2711 * @param $name String Name of the cookie to clear
2712 */
2713 protected function clearCookie( $name ) {
2714 $this->setCookie( $name, '', time() - 86400 );
2715 }
2716
2717 /**
2718 * Set the default cookies for this session on the user's client.
2719 *
2720 * @param $request WebRequest object to use; $wgRequest will be used if null
2721 * is passed.
2722 */
2723 public function setCookies( $request = null ) {
2724 if ( $request === null ) {
2725 $request = $this->getRequest();
2726 }
2727
2728 $this->load();
2729 if ( 0 == $this->mId ) return;
2730 if ( !$this->mToken ) {
2731 // When token is empty or NULL generate a new one and then save it to the database
2732 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
2733 // Simply by setting every cell in the user_token column to NULL and letting them be
2734 // regenerated as users log back into the wiki.
2735 $this->setToken();
2736 $this->saveSettings();
2737 }
2738 $session = array(
2739 'wsUserID' => $this->mId,
2740 'wsToken' => $this->mToken,
2741 'wsUserName' => $this->getName()
2742 );
2743 $cookies = array(
2744 'UserID' => $this->mId,
2745 'UserName' => $this->getName(),
2746 );
2747 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2748 $cookies['Token'] = $this->mToken;
2749 } else {
2750 $cookies['Token'] = false;
2751 }
2752
2753 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2754
2755 foreach ( $session as $name => $value ) {
2756 $request->setSessionData( $name, $value );
2757 }
2758 foreach ( $cookies as $name => $value ) {
2759 if ( $value === false ) {
2760 $this->clearCookie( $name );
2761 } else {
2762 $this->setCookie( $name, $value );
2763 }
2764 }
2765 }
2766
2767 /**
2768 * Log this user out.
2769 */
2770 public function logout() {
2771 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2772 $this->doLogout();
2773 }
2774 }
2775
2776 /**
2777 * Clear the user's cookies and session, and reset the instance cache.
2778 * @see logout()
2779 */
2780 public function doLogout() {
2781 $this->clearInstanceCache( 'defaults' );
2782
2783 $this->getRequest()->setSessionData( 'wsUserID', 0 );
2784
2785 $this->clearCookie( 'UserID' );
2786 $this->clearCookie( 'Token' );
2787
2788 # Remember when user logged out, to prevent seeing cached pages
2789 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2790 }
2791
2792 /**
2793 * Save this user's settings into the database.
2794 * @todo Only rarely do all these fields need to be set!
2795 */
2796 public function saveSettings() {
2797 $this->load();
2798 if ( wfReadOnly() ) { return; }
2799 if ( 0 == $this->mId ) { return; }
2800
2801 $this->mTouched = self::newTouchedTimestamp();
2802
2803 $dbw = wfGetDB( DB_MASTER );
2804 $dbw->update( 'user',
2805 array( /* SET */
2806 'user_name' => $this->mName,
2807 'user_password' => $this->mPassword,
2808 'user_newpassword' => $this->mNewpassword,
2809 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2810 'user_real_name' => $this->mRealName,
2811 'user_email' => $this->mEmail,
2812 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2813 'user_touched' => $dbw->timestamp( $this->mTouched ),
2814 'user_token' => strval( $this->mToken ),
2815 'user_email_token' => $this->mEmailToken,
2816 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2817 ), array( /* WHERE */
2818 'user_id' => $this->mId
2819 ), __METHOD__
2820 );
2821
2822 $this->saveOptions();
2823
2824 wfRunHooks( 'UserSaveSettings', array( $this ) );
2825 $this->clearSharedCache();
2826 $this->getUserPage()->invalidateCache();
2827 }
2828
2829 /**
2830 * If only this user's username is known, and it exists, return the user ID.
2831 * @return Int
2832 */
2833 public function idForName() {
2834 $s = trim( $this->getName() );
2835 if ( $s === '' ) return 0;
2836
2837 $dbr = wfGetDB( DB_SLAVE );
2838 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2839 if ( $id === false ) {
2840 $id = 0;
2841 }
2842 return $id;
2843 }
2844
2845 /**
2846 * Add a user to the database, return the user object
2847 *
2848 * @param $name String Username to add
2849 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2850 * - password The user's password hash. Password logins will be disabled if this is omitted.
2851 * - newpassword Hash for a temporary password that has been mailed to the user
2852 * - email The user's email address
2853 * - email_authenticated The email authentication timestamp
2854 * - real_name The user's real name
2855 * - options An associative array of non-default options
2856 * - token Random authentication token. Do not set.
2857 * - registration Registration timestamp. Do not set.
2858 *
2859 * @return User object, or null if the username already exists
2860 */
2861 public static function createNew( $name, $params = array() ) {
2862 $user = new User;
2863 $user->load();
2864 if ( isset( $params['options'] ) ) {
2865 $user->mOptions = $params['options'] + (array)$user->mOptions;
2866 unset( $params['options'] );
2867 }
2868 $dbw = wfGetDB( DB_MASTER );
2869 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2870
2871 $fields = array(
2872 'user_id' => $seqVal,
2873 'user_name' => $name,
2874 'user_password' => $user->mPassword,
2875 'user_newpassword' => $user->mNewpassword,
2876 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2877 'user_email' => $user->mEmail,
2878 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2879 'user_real_name' => $user->mRealName,
2880 'user_token' => strval( $user->mToken ),
2881 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2882 'user_editcount' => 0,
2883 'user_touched' => $dbw->timestamp( self::newTouchedTimestamp() ),
2884 );
2885 foreach ( $params as $name => $value ) {
2886 $fields["user_$name"] = $value;
2887 }
2888 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2889 if ( $dbw->affectedRows() ) {
2890 $newUser = User::newFromId( $dbw->insertId() );
2891 } else {
2892 $newUser = null;
2893 }
2894 return $newUser;
2895 }
2896
2897 /**
2898 * Add this existing user object to the database
2899 */
2900 public function addToDatabase() {
2901 $this->load();
2902
2903 $this->mTouched = self::newTouchedTimestamp();
2904
2905 $dbw = wfGetDB( DB_MASTER );
2906 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2907 $dbw->insert( 'user',
2908 array(
2909 'user_id' => $seqVal,
2910 'user_name' => $this->mName,
2911 'user_password' => $this->mPassword,
2912 'user_newpassword' => $this->mNewpassword,
2913 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2914 'user_email' => $this->mEmail,
2915 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2916 'user_real_name' => $this->mRealName,
2917 'user_token' => strval( $this->mToken ),
2918 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2919 'user_editcount' => 0,
2920 'user_touched' => $dbw->timestamp( $this->mTouched ),
2921 ), __METHOD__
2922 );
2923 $this->mId = $dbw->insertId();
2924
2925 // Clear instance cache other than user table data, which is already accurate
2926 $this->clearInstanceCache();
2927
2928 $this->saveOptions();
2929 }
2930
2931 /**
2932 * If this user is logged-in and blocked,
2933 * block any IP address they've successfully logged in from.
2934 * @return bool A block was spread
2935 */
2936 public function spreadAnyEditBlock() {
2937 if ( $this->isLoggedIn() && $this->isBlocked() ) {
2938 return $this->spreadBlock();
2939 }
2940 return false;
2941 }
2942
2943 /**
2944 * If this (non-anonymous) user is blocked,
2945 * block the IP address they've successfully logged in from.
2946 * @return bool A block was spread
2947 */
2948 protected function spreadBlock() {
2949 wfDebug( __METHOD__ . "()\n" );
2950 $this->load();
2951 if ( $this->mId == 0 ) {
2952 return false;
2953 }
2954
2955 $userblock = Block::newFromTarget( $this->getName() );
2956 if ( !$userblock ) {
2957 return false;
2958 }
2959
2960 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
2961 }
2962
2963 /**
2964 * Generate a string which will be different for any combination of
2965 * user options which would produce different parser output.
2966 * This will be used as part of the hash key for the parser cache,
2967 * so users with the same options can share the same cached data
2968 * safely.
2969 *
2970 * Extensions which require it should install 'PageRenderingHash' hook,
2971 * which will give them a chance to modify this key based on their own
2972 * settings.
2973 *
2974 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2975 * @return String Page rendering hash
2976 */
2977 public function getPageRenderingHash() {
2978 wfDeprecated( __METHOD__, '1.17' );
2979
2980 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2981 if( $this->mHash ){
2982 return $this->mHash;
2983 }
2984
2985 // stubthreshold is only included below for completeness,
2986 // since it disables the parser cache, its value will always
2987 // be 0 when this function is called by parsercache.
2988
2989 $confstr = $this->getOption( 'math' );
2990 $confstr .= '!' . $this->getStubThreshold();
2991 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2992 $confstr .= '!' . $this->getDatePreference();
2993 }
2994 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2995 $confstr .= '!' . $wgLang->getCode();
2996 $confstr .= '!' . $this->getOption( 'thumbsize' );
2997 // add in language specific options, if any
2998 $extra = $wgContLang->getExtraHashOptions();
2999 $confstr .= $extra;
3000
3001 // Since the skin could be overloading link(), it should be
3002 // included here but in practice, none of our skins do that.
3003
3004 $confstr .= $wgRenderHashAppend;
3005
3006 // Give a chance for extensions to modify the hash, if they have
3007 // extra options or other effects on the parser cache.
3008 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3009
3010 // Make it a valid memcached key fragment
3011 $confstr = str_replace( ' ', '_', $confstr );
3012 $this->mHash = $confstr;
3013 return $confstr;
3014 }
3015
3016 /**
3017 * Get whether the user is explicitly blocked from account creation.
3018 * @return Bool|Block
3019 */
3020 public function isBlockedFromCreateAccount() {
3021 $this->getBlockedStatus();
3022 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
3023 return $this->mBlock;
3024 }
3025
3026 # bug 13611: if the IP address the user is trying to create an account from is
3027 # blocked with createaccount disabled, prevent new account creation there even
3028 # when the user is logged in
3029 if( $this->mBlockedFromCreateAccount === false ){
3030 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3031 }
3032 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3033 ? $this->mBlockedFromCreateAccount
3034 : false;
3035 }
3036
3037 /**
3038 * Get whether the user is blocked from using Special:Emailuser.
3039 * @return Bool
3040 */
3041 public function isBlockedFromEmailuser() {
3042 $this->getBlockedStatus();
3043 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3044 }
3045
3046 /**
3047 * Get whether the user is allowed to create an account.
3048 * @return Bool
3049 */
3050 function isAllowedToCreateAccount() {
3051 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3052 }
3053
3054 /**
3055 * Get this user's personal page title.
3056 *
3057 * @return Title: User's personal page title
3058 */
3059 public function getUserPage() {
3060 return Title::makeTitle( NS_USER, $this->getName() );
3061 }
3062
3063 /**
3064 * Get this user's talk page title.
3065 *
3066 * @return Title: User's talk page title
3067 */
3068 public function getTalkPage() {
3069 $title = $this->getUserPage();
3070 return $title->getTalkPage();
3071 }
3072
3073 /**
3074 * Determine whether the user is a newbie. Newbies are either
3075 * anonymous IPs, or the most recently created accounts.
3076 * @return Bool
3077 */
3078 public function isNewbie() {
3079 return !$this->isAllowed( 'autoconfirmed' );
3080 }
3081
3082 /**
3083 * Check to see if the given clear-text password is one of the accepted passwords
3084 * @param $password String: user password.
3085 * @return Boolean: True if the given password is correct, otherwise False.
3086 */
3087 public function checkPassword( $password ) {
3088 global $wgAuth, $wgLegacyEncoding;
3089 $this->load();
3090
3091 // Even though we stop people from creating passwords that
3092 // are shorter than this, doesn't mean people wont be able
3093 // to. Certain authentication plugins do NOT want to save
3094 // domain passwords in a mysql database, so we should
3095 // check this (in case $wgAuth->strict() is false).
3096 if( !$this->isValidPassword( $password ) ) {
3097 return false;
3098 }
3099
3100 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
3101 return true;
3102 } elseif( $wgAuth->strict() ) {
3103 /* Auth plugin doesn't allow local authentication */
3104 return false;
3105 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
3106 /* Auth plugin doesn't allow local authentication for this user name */
3107 return false;
3108 }
3109 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3110 return true;
3111 } elseif ( $wgLegacyEncoding ) {
3112 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3113 # Check for this with iconv
3114 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3115 if ( $cp1252Password != $password &&
3116 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3117 {
3118 return true;
3119 }
3120 }
3121 return false;
3122 }
3123
3124 /**
3125 * Check if the given clear-text password matches the temporary password
3126 * sent by e-mail for password reset operations.
3127 *
3128 * @param $plaintext string
3129 *
3130 * @return Boolean: True if matches, false otherwise
3131 */
3132 public function checkTemporaryPassword( $plaintext ) {
3133 global $wgNewPasswordExpiry;
3134
3135 $this->load();
3136 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3137 if ( is_null( $this->mNewpassTime ) ) {
3138 return true;
3139 }
3140 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3141 return ( time() < $expiry );
3142 } else {
3143 return false;
3144 }
3145 }
3146
3147 /**
3148 * Alias for getEditToken.
3149 * @deprecated since 1.19, use getEditToken instead.
3150 *
3151 * @param $salt String|Array of Strings Optional function-specific data for hashing
3152 * @param $request WebRequest object to use or null to use $wgRequest
3153 * @return String The new edit token
3154 */
3155 public function editToken( $salt = '', $request = null ) {
3156 wfDeprecated( __METHOD__, '1.19' );
3157 return $this->getEditToken( $salt, $request );
3158 }
3159
3160 /**
3161 * Initialize (if necessary) and return a session token value
3162 * which can be used in edit forms to show that the user's
3163 * login credentials aren't being hijacked with a foreign form
3164 * submission.
3165 *
3166 * @since 1.19
3167 *
3168 * @param $salt String|Array of Strings Optional function-specific data for hashing
3169 * @param $request WebRequest object to use or null to use $wgRequest
3170 * @return String The new edit token
3171 */
3172 public function getEditToken( $salt = '', $request = null ) {
3173 if ( $request == null ) {
3174 $request = $this->getRequest();
3175 }
3176
3177 if ( $this->isAnon() ) {
3178 return EDIT_TOKEN_SUFFIX;
3179 } else {
3180 $token = $request->getSessionData( 'wsEditToken' );
3181 if ( $token === null ) {
3182 $token = MWCryptRand::generateHex( 32 );
3183 $request->setSessionData( 'wsEditToken', $token );
3184 }
3185 if( is_array( $salt ) ) {
3186 $salt = implode( '|', $salt );
3187 }
3188 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3189 }
3190 }
3191
3192 /**
3193 * Generate a looking random token for various uses.
3194 *
3195 * @param $salt String Optional salt value
3196 * @return String The new random token
3197 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
3198 */
3199 public static function generateToken( $salt = '' ) {
3200 return MWCryptRand::generateHex( 32 );
3201 }
3202
3203 /**
3204 * Check given value against the token value stored in the session.
3205 * A match should confirm that the form was submitted from the
3206 * user's own login session, not a form submission from a third-party
3207 * site.
3208 *
3209 * @param $val String Input value to compare
3210 * @param $salt String Optional function-specific data for hashing
3211 * @param $request WebRequest object to use or null to use $wgRequest
3212 * @return Boolean: Whether the token matches
3213 */
3214 public function matchEditToken( $val, $salt = '', $request = null ) {
3215 $sessionToken = $this->getEditToken( $salt, $request );
3216 if ( $val != $sessionToken ) {
3217 wfDebug( "User::matchEditToken: broken session data\n" );
3218 }
3219 return $val == $sessionToken;
3220 }
3221
3222 /**
3223 * Check given value against the token value stored in the session,
3224 * ignoring the suffix.
3225 *
3226 * @param $val String Input value to compare
3227 * @param $salt String Optional function-specific data for hashing
3228 * @param $request WebRequest object to use or null to use $wgRequest
3229 * @return Boolean: Whether the token matches
3230 */
3231 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3232 $sessionToken = $this->getEditToken( $salt, $request );
3233 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3234 }
3235
3236 /**
3237 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3238 * mail to the user's given address.
3239 *
3240 * @param $type String: message to send, either "created", "changed" or "set"
3241 * @return Status object
3242 */
3243 public function sendConfirmationMail( $type = 'created' ) {
3244 global $wgLang;
3245 $expiration = null; // gets passed-by-ref and defined in next line.
3246 $token = $this->confirmationToken( $expiration );
3247 $url = $this->confirmationTokenUrl( $token );
3248 $invalidateURL = $this->invalidationTokenUrl( $token );
3249 $this->saveSettings();
3250
3251 if ( $type == 'created' || $type === false ) {
3252 $message = 'confirmemail_body';
3253 } elseif ( $type === true ) {
3254 $message = 'confirmemail_body_changed';
3255 } else {
3256 $message = 'confirmemail_body_' . $type;
3257 }
3258
3259 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
3260 wfMsg( $message,
3261 $this->getRequest()->getIP(),
3262 $this->getName(),
3263 $url,
3264 $wgLang->timeanddate( $expiration, false ),
3265 $invalidateURL,
3266 $wgLang->date( $expiration, false ),
3267 $wgLang->time( $expiration, false ) ) );
3268 }
3269
3270 /**
3271 * Send an e-mail to this user's account. Does not check for
3272 * confirmed status or validity.
3273 *
3274 * @param $subject String Message subject
3275 * @param $body String Message body
3276 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3277 * @param $replyto String Reply-To address
3278 * @return Status
3279 */
3280 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3281 if( is_null( $from ) ) {
3282 global $wgPasswordSender, $wgPasswordSenderName;
3283 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3284 } else {
3285 $sender = new MailAddress( $from );
3286 }
3287
3288 $to = new MailAddress( $this );
3289 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3290 }
3291
3292 /**
3293 * Generate, store, and return a new e-mail confirmation code.
3294 * A hash (unsalted, since it's used as a key) is stored.
3295 *
3296 * @note Call saveSettings() after calling this function to commit
3297 * this change to the database.
3298 *
3299 * @param &$expiration \mixed Accepts the expiration time
3300 * @return String New token
3301 */
3302 private function confirmationToken( &$expiration ) {
3303 global $wgUserEmailConfirmationTokenExpiry;
3304 $now = time();
3305 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3306 $this->load();
3307 $token = MWCryptRand::generateHex( 32 );
3308 $hash = md5( $token );
3309 $this->mEmailToken = $hash;
3310 $this->mEmailTokenExpires = wfTimestamp( TS_MW, $expires );
3311 return $token;
3312 }
3313
3314 /**
3315 * Return a URL the user can use to confirm their email address.
3316 * @param $token String Accepts the email confirmation token
3317 * @return String New token URL
3318 */
3319 private function confirmationTokenUrl( $token ) {
3320 return $this->getTokenUrl( 'ConfirmEmail', $token );
3321 }
3322
3323 /**
3324 * Return a URL the user can use to invalidate their email address.
3325 * @param $token String Accepts the email confirmation token
3326 * @return String New token URL
3327 */
3328 private function invalidationTokenUrl( $token ) {
3329 return $this->getTokenUrl( 'Invalidateemail', $token );
3330 }
3331
3332 /**
3333 * Internal function to format the e-mail validation/invalidation URLs.
3334 * This uses a quickie hack to use the
3335 * hardcoded English names of the Special: pages, for ASCII safety.
3336 *
3337 * @note Since these URLs get dropped directly into emails, using the
3338 * short English names avoids insanely long URL-encoded links, which
3339 * also sometimes can get corrupted in some browsers/mailers
3340 * (bug 6957 with Gmail and Internet Explorer).
3341 *
3342 * @param $page String Special page
3343 * @param $token String Token
3344 * @return String Formatted URL
3345 */
3346 protected function getTokenUrl( $page, $token ) {
3347 // Hack to bypass localization of 'Special:'
3348 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3349 return $title->getCanonicalUrl();
3350 }
3351
3352 /**
3353 * Mark the e-mail address confirmed.
3354 *
3355 * @note Call saveSettings() after calling this function to commit the change.
3356 *
3357 * @return bool
3358 */
3359 public function confirmEmail() {
3360 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3361 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3362 return true;
3363 }
3364
3365 /**
3366 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3367 * address if it was already confirmed.
3368 *
3369 * @note Call saveSettings() after calling this function to commit the change.
3370 * @return bool Returns true
3371 */
3372 function invalidateEmail() {
3373 $this->load();
3374 $this->mEmailToken = null;
3375 $this->mEmailTokenExpires = null;
3376 $this->setEmailAuthenticationTimestamp( null );
3377 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3378 return true;
3379 }
3380
3381 /**
3382 * Set the e-mail authentication timestamp.
3383 * @param $timestamp String TS_MW timestamp
3384 */
3385 function setEmailAuthenticationTimestamp( $timestamp ) {
3386 $this->load();
3387 $this->mEmailAuthenticated = $timestamp;
3388 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3389 }
3390
3391 /**
3392 * Is this user allowed to send e-mails within limits of current
3393 * site configuration?
3394 * @return Bool
3395 */
3396 public function canSendEmail() {
3397 global $wgEnableEmail, $wgEnableUserEmail;
3398 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3399 return false;
3400 }
3401 $canSend = $this->isEmailConfirmed();
3402 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3403 return $canSend;
3404 }
3405
3406 /**
3407 * Is this user allowed to receive e-mails within limits of current
3408 * site configuration?
3409 * @return Bool
3410 */
3411 public function canReceiveEmail() {
3412 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3413 }
3414
3415 /**
3416 * Is this user's e-mail address valid-looking and confirmed within
3417 * limits of the current site configuration?
3418 *
3419 * @note If $wgEmailAuthentication is on, this may require the user to have
3420 * confirmed their address by returning a code or using a password
3421 * sent to the address from the wiki.
3422 *
3423 * @return Bool
3424 */
3425 public function isEmailConfirmed() {
3426 global $wgEmailAuthentication;
3427 $this->load();
3428 $confirmed = true;
3429 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3430 if( $this->isAnon() ) {
3431 return false;
3432 }
3433 if( !Sanitizer::validateEmail( $this->mEmail ) ) {
3434 return false;
3435 }
3436 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3437 return false;
3438 }
3439 return true;
3440 } else {
3441 return $confirmed;
3442 }
3443 }
3444
3445 /**
3446 * Check whether there is an outstanding request for e-mail confirmation.
3447 * @return Bool
3448 */
3449 public function isEmailConfirmationPending() {
3450 global $wgEmailAuthentication;
3451 return $wgEmailAuthentication &&
3452 !$this->isEmailConfirmed() &&
3453 $this->mEmailToken &&
3454 $this->mEmailTokenExpires > wfTimestamp();
3455 }
3456
3457 /**
3458 * Get the timestamp of account creation.
3459 *
3460 * @return String|Bool Timestamp of account creation, or false for
3461 * non-existent/anonymous user accounts.
3462 */
3463 public function getRegistration() {
3464 if ( $this->isAnon() ) {
3465 return false;
3466 }
3467 $this->load();
3468 return $this->mRegistration;
3469 }
3470
3471 /**
3472 * Get the timestamp of the first edit
3473 *
3474 * @return String|Bool Timestamp of first edit, or false for
3475 * non-existent/anonymous user accounts.
3476 */
3477 public function getFirstEditTimestamp() {
3478 if( $this->getId() == 0 ) {
3479 return false; // anons
3480 }
3481 $dbr = wfGetDB( DB_SLAVE );
3482 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3483 array( 'rev_user' => $this->getId() ),
3484 __METHOD__,
3485 array( 'ORDER BY' => 'rev_timestamp ASC' )
3486 );
3487 if( !$time ) {
3488 return false; // no edits
3489 }
3490 return wfTimestamp( TS_MW, $time );
3491 }
3492
3493 /**
3494 * Get the permissions associated with a given list of groups
3495 *
3496 * @param $groups Array of Strings List of internal group names
3497 * @return Array of Strings List of permission key names for given groups combined
3498 */
3499 public static function getGroupPermissions( $groups ) {
3500 global $wgGroupPermissions, $wgRevokePermissions;
3501 $rights = array();
3502 // grant every granted permission first
3503 foreach( $groups as $group ) {
3504 if( isset( $wgGroupPermissions[$group] ) ) {
3505 $rights = array_merge( $rights,
3506 // array_filter removes empty items
3507 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3508 }
3509 }
3510 // now revoke the revoked permissions
3511 foreach( $groups as $group ) {
3512 if( isset( $wgRevokePermissions[$group] ) ) {
3513 $rights = array_diff( $rights,
3514 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3515 }
3516 }
3517 return array_unique( $rights );
3518 }
3519
3520 /**
3521 * Get all the groups who have a given permission
3522 *
3523 * @param $role String Role to check
3524 * @return Array of Strings List of internal group names with the given permission
3525 */
3526 public static function getGroupsWithPermission( $role ) {
3527 global $wgGroupPermissions;
3528 $allowedGroups = array();
3529 foreach ( $wgGroupPermissions as $group => $rights ) {
3530 if ( isset( $rights[$role] ) && $rights[$role] ) {
3531 $allowedGroups[] = $group;
3532 }
3533 }
3534 return $allowedGroups;
3535 }
3536
3537 /**
3538 * Get the localized descriptive name for a group, if it exists
3539 *
3540 * @param $group String Internal group name
3541 * @return String Localized descriptive group name
3542 */
3543 public static function getGroupName( $group ) {
3544 $msg = wfMessage( "group-$group" );
3545 return $msg->isBlank() ? $group : $msg->text();
3546 }
3547
3548 /**
3549 * Get the localized descriptive name for a member of a group, if it exists
3550 *
3551 * @param $group String Internal group name
3552 * @param $username String Username for gender (since 1.19)
3553 * @return String Localized name for group member
3554 */
3555 public static function getGroupMember( $group, $username = '#' ) {
3556 $msg = wfMessage( "group-$group-member", $username );
3557 return $msg->isBlank() ? $group : $msg->text();
3558 }
3559
3560 /**
3561 * Return the set of defined explicit groups.
3562 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3563 * are not included, as they are defined automatically, not in the database.
3564 * @return Array of internal group names
3565 */
3566 public static function getAllGroups() {
3567 global $wgGroupPermissions, $wgRevokePermissions;
3568 return array_diff(
3569 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3570 self::getImplicitGroups()
3571 );
3572 }
3573
3574 /**
3575 * Get a list of all available permissions.
3576 * @return Array of permission names
3577 */
3578 public static function getAllRights() {
3579 if ( self::$mAllRights === false ) {
3580 global $wgAvailableRights;
3581 if ( count( $wgAvailableRights ) ) {
3582 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3583 } else {
3584 self::$mAllRights = self::$mCoreRights;
3585 }
3586 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3587 }
3588 return self::$mAllRights;
3589 }
3590
3591 /**
3592 * Get a list of implicit groups
3593 * @return Array of Strings Array of internal group names
3594 */
3595 public static function getImplicitGroups() {
3596 global $wgImplicitGroups;
3597 $groups = $wgImplicitGroups;
3598 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3599 return $groups;
3600 }
3601
3602 /**
3603 * Get the title of a page describing a particular group
3604 *
3605 * @param $group String Internal group name
3606 * @return Title|Bool Title of the page if it exists, false otherwise
3607 */
3608 public static function getGroupPage( $group ) {
3609 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3610 if( $msg->exists() ) {
3611 $title = Title::newFromText( $msg->text() );
3612 if( is_object( $title ) )
3613 return $title;
3614 }
3615 return false;
3616 }
3617
3618 /**
3619 * Create a link to the group in HTML, if available;
3620 * else return the group name.
3621 *
3622 * @param $group String Internal name of the group
3623 * @param $text String The text of the link
3624 * @return String HTML link to the group
3625 */
3626 public static function makeGroupLinkHTML( $group, $text = '' ) {
3627 if( $text == '' ) {
3628 $text = self::getGroupName( $group );
3629 }
3630 $title = self::getGroupPage( $group );
3631 if( $title ) {
3632 return Linker::link( $title, htmlspecialchars( $text ) );
3633 } else {
3634 return $text;
3635 }
3636 }
3637
3638 /**
3639 * Create a link to the group in Wikitext, if available;
3640 * else return the group name.
3641 *
3642 * @param $group String Internal name of the group
3643 * @param $text String The text of the link
3644 * @return String Wikilink to the group
3645 */
3646 public static function makeGroupLinkWiki( $group, $text = '' ) {
3647 if( $text == '' ) {
3648 $text = self::getGroupName( $group );
3649 }
3650 $title = self::getGroupPage( $group );
3651 if( $title ) {
3652 $page = $title->getPrefixedText();
3653 return "[[$page|$text]]";
3654 } else {
3655 return $text;
3656 }
3657 }
3658
3659 /**
3660 * Returns an array of the groups that a particular group can add/remove.
3661 *
3662 * @param $group String: the group to check for whether it can add/remove
3663 * @return Array array( 'add' => array( addablegroups ),
3664 * 'remove' => array( removablegroups ),
3665 * 'add-self' => array( addablegroups to self),
3666 * 'remove-self' => array( removable groups from self) )
3667 */
3668 public static function changeableByGroup( $group ) {
3669 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3670
3671 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3672 if( empty( $wgAddGroups[$group] ) ) {
3673 // Don't add anything to $groups
3674 } elseif( $wgAddGroups[$group] === true ) {
3675 // You get everything
3676 $groups['add'] = self::getAllGroups();
3677 } elseif( is_array( $wgAddGroups[$group] ) ) {
3678 $groups['add'] = $wgAddGroups[$group];
3679 }
3680
3681 // Same thing for remove
3682 if( empty( $wgRemoveGroups[$group] ) ) {
3683 } elseif( $wgRemoveGroups[$group] === true ) {
3684 $groups['remove'] = self::getAllGroups();
3685 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3686 $groups['remove'] = $wgRemoveGroups[$group];
3687 }
3688
3689 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3690 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3691 foreach( $wgGroupsAddToSelf as $key => $value ) {
3692 if( is_int( $key ) ) {
3693 $wgGroupsAddToSelf['user'][] = $value;
3694 }
3695 }
3696 }
3697
3698 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3699 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3700 if( is_int( $key ) ) {
3701 $wgGroupsRemoveFromSelf['user'][] = $value;
3702 }
3703 }
3704 }
3705
3706 // Now figure out what groups the user can add to him/herself
3707 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3708 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3709 // No idea WHY this would be used, but it's there
3710 $groups['add-self'] = User::getAllGroups();
3711 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3712 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3713 }
3714
3715 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3716 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3717 $groups['remove-self'] = User::getAllGroups();
3718 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3719 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3720 }
3721
3722 return $groups;
3723 }
3724
3725 /**
3726 * Returns an array of groups that this user can add and remove
3727 * @return Array array( 'add' => array( addablegroups ),
3728 * 'remove' => array( removablegroups ),
3729 * 'add-self' => array( addablegroups to self),
3730 * 'remove-self' => array( removable groups from self) )
3731 */
3732 public function changeableGroups() {
3733 if( $this->isAllowed( 'userrights' ) ) {
3734 // This group gives the right to modify everything (reverse-
3735 // compatibility with old "userrights lets you change
3736 // everything")
3737 // Using array_merge to make the groups reindexed
3738 $all = array_merge( User::getAllGroups() );
3739 return array(
3740 'add' => $all,
3741 'remove' => $all,
3742 'add-self' => array(),
3743 'remove-self' => array()
3744 );
3745 }
3746
3747 // Okay, it's not so simple, we will have to go through the arrays
3748 $groups = array(
3749 'add' => array(),
3750 'remove' => array(),
3751 'add-self' => array(),
3752 'remove-self' => array()
3753 );
3754 $addergroups = $this->getEffectiveGroups();
3755
3756 foreach( $addergroups as $addergroup ) {
3757 $groups = array_merge_recursive(
3758 $groups, $this->changeableByGroup( $addergroup )
3759 );
3760 $groups['add'] = array_unique( $groups['add'] );
3761 $groups['remove'] = array_unique( $groups['remove'] );
3762 $groups['add-self'] = array_unique( $groups['add-self'] );
3763 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3764 }
3765 return $groups;
3766 }
3767
3768 /**
3769 * Increment the user's edit-count field.
3770 * Will have no effect for anonymous users.
3771 */
3772 public function incEditCount() {
3773 if( !$this->isAnon() ) {
3774 $dbw = wfGetDB( DB_MASTER );
3775 $dbw->update( 'user',
3776 array( 'user_editcount=user_editcount+1' ),
3777 array( 'user_id' => $this->getId() ),
3778 __METHOD__ );
3779
3780 // Lazy initialization check...
3781 if( $dbw->affectedRows() == 0 ) {
3782 // Pull from a slave to be less cruel to servers
3783 // Accuracy isn't the point anyway here
3784 $dbr = wfGetDB( DB_SLAVE );
3785 $count = $dbr->selectField( 'revision',
3786 'COUNT(rev_user)',
3787 array( 'rev_user' => $this->getId() ),
3788 __METHOD__ );
3789
3790 // Now here's a goddamn hack...
3791 if( $dbr !== $dbw ) {
3792 // If we actually have a slave server, the count is
3793 // at least one behind because the current transaction
3794 // has not been committed and replicated.
3795 $count++;
3796 } else {
3797 // But if DB_SLAVE is selecting the master, then the
3798 // count we just read includes the revision that was
3799 // just added in the working transaction.
3800 }
3801
3802 $dbw->update( 'user',
3803 array( 'user_editcount' => $count ),
3804 array( 'user_id' => $this->getId() ),
3805 __METHOD__ );
3806 }
3807 }
3808 // edit count in user cache too
3809 $this->invalidateCache();
3810 }
3811
3812 /**
3813 * Get the description of a given right
3814 *
3815 * @param $right String Right to query
3816 * @return String Localized description of the right
3817 */
3818 public static function getRightDescription( $right ) {
3819 $key = "right-$right";
3820 $msg = wfMessage( $key );
3821 return $msg->isBlank() ? $right : $msg->text();
3822 }
3823
3824 /**
3825 * Make an old-style password hash
3826 *
3827 * @param $password String Plain-text password
3828 * @param $userId String User ID
3829 * @return String Password hash
3830 */
3831 public static function oldCrypt( $password, $userId ) {
3832 global $wgPasswordSalt;
3833 if ( $wgPasswordSalt ) {
3834 return md5( $userId . '-' . md5( $password ) );
3835 } else {
3836 return md5( $password );
3837 }
3838 }
3839
3840 /**
3841 * Make a new-style password hash
3842 *
3843 * @param $password String Plain-text password
3844 * @param bool|string $salt Optional salt, may be random or the user ID.
3845
3846 * If unspecified or false, will generate one automatically
3847 * @return String Password hash
3848 */
3849 public static function crypt( $password, $salt = false ) {
3850 global $wgPasswordSalt;
3851
3852 $hash = '';
3853 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3854 return $hash;
3855 }
3856
3857 if( $wgPasswordSalt ) {
3858 if ( $salt === false ) {
3859 $salt = MWCryptRand::generateHex( 8 );
3860 }
3861 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3862 } else {
3863 return ':A:' . md5( $password );
3864 }
3865 }
3866
3867 /**
3868 * Compare a password hash with a plain-text password. Requires the user
3869 * ID if there's a chance that the hash is an old-style hash.
3870 *
3871 * @param $hash String Password hash
3872 * @param $password String Plain-text password to compare
3873 * @param $userId String|bool User ID for old-style password salt
3874 *
3875 * @return Boolean
3876 */
3877 public static function comparePasswords( $hash, $password, $userId = false ) {
3878 $type = substr( $hash, 0, 3 );
3879
3880 $result = false;
3881 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3882 return $result;
3883 }
3884
3885 if ( $type == ':A:' ) {
3886 # Unsalted
3887 return md5( $password ) === substr( $hash, 3 );
3888 } elseif ( $type == ':B:' ) {
3889 # Salted
3890 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3891 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3892 } else {
3893 # Old-style
3894 return self::oldCrypt( $password, $userId ) === $hash;
3895 }
3896 }
3897
3898 /**
3899 * Add a newuser log entry for this user. Before 1.19 the return value was always true.
3900 *
3901 * @param $byEmail Boolean: account made by email?
3902 * @param $reason String: user supplied reason
3903 *
3904 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
3905 */
3906 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3907 global $wgUser, $wgContLang, $wgNewUserLog;
3908 if( empty( $wgNewUserLog ) ) {
3909 return true; // disabled
3910 }
3911
3912 if( $this->getName() == $wgUser->getName() ) {
3913 $action = 'create';
3914 } else {
3915 $action = 'create2';
3916 if ( $byEmail ) {
3917 if ( $reason === '' ) {
3918 $reason = wfMsgForContent( 'newuserlog-byemail' );
3919 } else {
3920 $reason = $wgContLang->commaList( array(
3921 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3922 }
3923 }
3924 }
3925 $log = new LogPage( 'newusers' );
3926 return (int)$log->addEntry(
3927 $action,
3928 $this->getUserPage(),
3929 $reason,
3930 array( $this->getId() )
3931 );
3932 }
3933
3934 /**
3935 * Add an autocreate newuser log entry for this user
3936 * Used by things like CentralAuth and perhaps other authplugins.
3937 *
3938 * @return bool
3939 */
3940 public function addNewUserLogEntryAutoCreate() {
3941 global $wgNewUserLog;
3942 if( !$wgNewUserLog ) {
3943 return true; // disabled
3944 }
3945 $log = new LogPage( 'newusers', false );
3946 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ), $this );
3947 return true;
3948 }
3949
3950 /**
3951 * @todo document
3952 */
3953 protected function loadOptions() {
3954 $this->load();
3955 if ( $this->mOptionsLoaded || !$this->getId() )
3956 return;
3957
3958 $this->mOptions = self::getDefaultOptions();
3959
3960 // Maybe load from the object
3961 if ( !is_null( $this->mOptionOverrides ) ) {
3962 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3963 foreach( $this->mOptionOverrides as $key => $value ) {
3964 $this->mOptions[$key] = $value;
3965 }
3966 } else {
3967 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3968 // Load from database
3969 $dbr = wfGetDB( DB_SLAVE );
3970
3971 $res = $dbr->select(
3972 'user_properties',
3973 '*',
3974 array( 'up_user' => $this->getId() ),
3975 __METHOD__
3976 );
3977
3978 $this->mOptionOverrides = array();
3979 foreach ( $res as $row ) {
3980 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3981 $this->mOptions[$row->up_property] = $row->up_value;
3982 }
3983 }
3984
3985 $this->mOptionsLoaded = true;
3986
3987 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3988 }
3989
3990 /**
3991 * @todo document
3992 */
3993 protected function saveOptions() {
3994 global $wgAllowPrefChange;
3995
3996 $extuser = ExternalUser::newFromUser( $this );
3997
3998 $this->loadOptions();
3999 $dbw = wfGetDB( DB_MASTER );
4000
4001 $insert_rows = array();
4002
4003 $saveOptions = $this->mOptions;
4004
4005 // Allow hooks to abort, for instance to save to a global profile.
4006 // Reset options to default state before saving.
4007 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4008 return;
4009 }
4010
4011 foreach( $saveOptions as $key => $value ) {
4012 # Don't bother storing default values
4013 if ( ( is_null( self::getDefaultOption( $key ) ) &&
4014 !( $value === false || is_null($value) ) ) ||
4015 $value != self::getDefaultOption( $key ) ) {
4016 $insert_rows[] = array(
4017 'up_user' => $this->getId(),
4018 'up_property' => $key,
4019 'up_value' => $value,
4020 );
4021 }
4022 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
4023 switch ( $wgAllowPrefChange[$key] ) {
4024 case 'local':
4025 case 'message':
4026 break;
4027 case 'semiglobal':
4028 case 'global':
4029 $extuser->setPref( $key, $value );
4030 }
4031 }
4032 }
4033
4034 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
4035 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
4036 }
4037
4038 /**
4039 * Provide an array of HTML5 attributes to put on an input element
4040 * intended for the user to enter a new password. This may include
4041 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4042 *
4043 * Do *not* use this when asking the user to enter his current password!
4044 * Regardless of configuration, users may have invalid passwords for whatever
4045 * reason (e.g., they were set before requirements were tightened up).
4046 * Only use it when asking for a new password, like on account creation or
4047 * ResetPass.
4048 *
4049 * Obviously, you still need to do server-side checking.
4050 *
4051 * NOTE: A combination of bugs in various browsers means that this function
4052 * actually just returns array() unconditionally at the moment. May as
4053 * well keep it around for when the browser bugs get fixed, though.
4054 *
4055 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4056 *
4057 * @return array Array of HTML attributes suitable for feeding to
4058 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4059 * That will potentially output invalid XHTML 1.0 Transitional, and will
4060 * get confused by the boolean attribute syntax used.)
4061 */
4062 public static function passwordChangeInputAttribs() {
4063 global $wgMinimalPasswordLength;
4064
4065 if ( $wgMinimalPasswordLength == 0 ) {
4066 return array();
4067 }
4068
4069 # Note that the pattern requirement will always be satisfied if the
4070 # input is empty, so we need required in all cases.
4071 #
4072 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4073 # if e-mail confirmation is being used. Since HTML5 input validation
4074 # is b0rked anyway in some browsers, just return nothing. When it's
4075 # re-enabled, fix this code to not output required for e-mail
4076 # registration.
4077 #$ret = array( 'required' );
4078 $ret = array();
4079
4080 # We can't actually do this right now, because Opera 9.6 will print out
4081 # the entered password visibly in its error message! When other
4082 # browsers add support for this attribute, or Opera fixes its support,
4083 # we can add support with a version check to avoid doing this on Opera
4084 # versions where it will be a problem. Reported to Opera as
4085 # DSK-262266, but they don't have a public bug tracker for us to follow.
4086 /*
4087 if ( $wgMinimalPasswordLength > 1 ) {
4088 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4089 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
4090 $wgMinimalPasswordLength );
4091 }
4092 */
4093
4094 return $ret;
4095 }
4096 }
MediaWiki Core