search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed error suppressing suggested in r58559 by Tim. Also fixed some warnings and...
[mediawiki.git] / includes / User.php
blob688146a7c3244b3b82c55e4d9e3ea99f175e61cb
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44
45 /**
46 * \type{\arrayof{\string}} A list of default user toggles, i.e., boolean user
47 * preferences that are displayed by Special:Preferences as checkboxes.
48 * This list can be extended via the UserToggles hook or by
49 * $wgContLang::getExtraUserToggles().
50 * @showinitializer
51 */
52 public static $mToggles = array(
53 'highlightbroken',
54 'justify',
55 'hideminor',
56 'extendwatchlist',
57 'usenewrc',
58 'numberheadings',
59 'showtoolbar',
60 'editondblclick',
61 'editsection',
62 'editsectiononrightclick',
63 'showtoc',
64 'rememberpassword',
65 'editwidth',
66 'watchcreations',
67 'watchdefault',
68 'watchmoves',
69 'watchdeletion',
70 'minordefault',
71 'previewontop',
72 'previewonfirst',
73 'nocache',
74 'enotifwatchlistpages',
75 'enotifusertalkpages',
76 'enotifminoredits',
77 'enotifrevealaddr',
78 'shownumberswatching',
79 'fancysig',
80 'externaleditor',
81 'externaldiff',
82 'showjumplinks',
83 'uselivepreview',
84 'forceeditsummary',
85 'watchlisthideminor',
86 'watchlisthidebots',
87 'watchlisthideown',
88 'watchlisthideanons',
89 'watchlisthideliu',
90 'ccmeonemails',
91 'diffonly',
92 'showhiddencats',
93 'noconvertlink',
94 'norollbackdiff',
95 );
96
97 /**
98 * \type{\arrayof{\string}} List of member variables which are saved to the
99 * shared cache (memcached). Any operation which changes the
100 * corresponding database fields must call a cache-clearing function.
101 * @showinitializer
102 */
103 static $mCacheVars = array(
104 // user table
105 'mId',
106 'mName',
107 'mRealName',
108 'mPassword',
109 'mNewpassword',
110 'mNewpassTime',
111 'mEmail',
112 'mTouched',
113 'mToken',
114 'mEmailAuthenticated',
115 'mEmailToken',
116 'mEmailTokenExpires',
117 'mRegistration',
118 'mEditCount',
119 // user_group table
120 'mGroups',
121 // user_properties table
122 'mOptionOverrides',
123 );
124
125 /**
126 * \type{\arrayof{\string}} Core rights.
127 * Each of these should have a corresponding message of the form
128 * "right-$right".
129 * @showinitializer
130 */
131 static $mCoreRights = array(
132 'apihighlimits',
133 'autoconfirmed',
134 'autopatrol',
135 'bigdelete',
136 'block',
137 'blockemail',
138 'bot',
139 'browsearchive',
140 'createaccount',
141 'createpage',
142 'createtalk',
143 'delete',
144 'deletedhistory',
145 'deletedtext',
146 'deleterevision',
147 'edit',
148 'editinterface',
149 'editusercssjs',
150 'hideuser',
151 'import',
152 'importupload',
153 'ipblock-exempt',
154 'markbotedits',
155 'minoredit',
156 'move',
157 'movefile',
158 'move-rootuserpages',
159 'move-subpages',
160 'nominornewtalk',
161 'noratelimit',
162 'override-export-depth',
163 'patrol',
164 'protect',
165 'proxyunbannable',
166 'purge',
167 'read',
168 'reupload',
169 'reupload-shared',
170 'rollback',
171 'sendemail',
172 'siteadmin',
173 'suppressionlog',
174 'suppressredirect',
175 'suppressrevision',
176 'trackback',
177 'undelete',
178 'unwatchedpages',
179 'upload',
180 'upload_by_url',
181 'userrights',
182 'userrights-interwiki',
183 'writeapi',
184 );
185 /**
186 * \string Cached results of getAllRights()
187 */
188 static $mAllRights = false;
189
190 /** @name Cache variables */
191 //@{
192 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
193 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
194 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
195 //@}
196
197 /**
198 * \bool Whether the cache variables have been loaded.
199 */
200 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
201
202 /**
203 * \string Initialization data source if mDataLoaded==false. May be one of:
204 * - 'defaults' anonymous user initialised from class defaults
205 * - 'name' initialise from mName
206 * - 'id' initialise from mId
207 * - 'session' log in from cookies or session if possible
208 *
209 * Use the User::newFrom*() family of functions to set this.
210 */
211 var $mFrom;
212
213 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
214 //@{
215 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
216 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
217 $mLocked, $mHideName, $mOptions;
218 //@}
219
220 static $idCacheByName = array();
221
222 /**
223 * Lightweight constructor for an anonymous user.
224 * Use the User::newFrom* factory functions for other kinds of users.
225 *
226 * @see newFromName()
227 * @see newFromId()
228 * @see newFromConfirmationCode()
229 * @see newFromSession()
230 * @see newFromRow()
231 */
232 function User() {
233 $this->clearInstanceCache( 'defaults' );
234 }
235
236 /**
237 * Load the user table data for this object from the source given by mFrom.
238 */
239 function load() {
240 if ( $this->mDataLoaded ) {
241 return;
242 }
243 wfProfileIn( __METHOD__ );
244
245 # Set it now to avoid infinite recursion in accessors
246 $this->mDataLoaded = true;
247
248 switch ( $this->mFrom ) {
249 case 'defaults':
250 $this->loadDefaults();
251 break;
252 case 'name':
253 $this->mId = self::idFromName( $this->mName );
254 if ( !$this->mId ) {
255 # Nonexistent user placeholder object
256 $this->loadDefaults( $this->mName );
257 } else {
258 $this->loadFromId();
259 }
260 break;
261 case 'id':
262 $this->loadFromId();
263 break;
264 case 'session':
265 $this->loadFromSession();
266 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
267 break;
268 default:
269 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
270 }
271 wfProfileOut( __METHOD__ );
272 }
273
274 /**
275 * Load user table data, given mId has already been set.
276 * @return \bool false if the ID does not exist, true otherwise
277 * @private
278 */
279 function loadFromId() {
280 global $wgMemc;
281 if ( $this->mId == 0 ) {
282 $this->loadDefaults();
283 return false;
284 }
285
286 # Try cache
287 $key = wfMemcKey( 'user', 'id', $this->mId );
288 $data = $wgMemc->get( $key );
289 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
290 # Object is expired, load from DB
291 $data = false;
292 }
293
294 if ( !$data ) {
295 wfDebug( "Cache miss for user {$this->mId}\n" );
296 # Load from DB
297 if ( !$this->loadFromDatabase() ) {
298 # Can't load from ID, user is anonymous
299 return false;
300 }
301 $this->saveToCache();
302 } else {
303 wfDebug( "Got user {$this->mId} from cache\n" );
304 # Restore from cache
305 foreach ( self::$mCacheVars as $name ) {
306 $this->$name = $data[$name];
307 }
308 }
309 return true;
310 }
311
312 /**
313 * Save user data to the shared cache
314 */
315 function saveToCache() {
316 $this->load();
317 $this->loadGroups();
318 $this->loadOptions();
319 if ( $this->isAnon() ) {
320 // Anonymous users are uncached
321 return;
322 }
323 $data = array();
324 foreach ( self::$mCacheVars as $name ) {
325 $data[$name] = $this->$name;
326 }
327 $data['mVersion'] = MW_USER_VERSION;
328 $key = wfMemcKey( 'user', 'id', $this->mId );
329 global $wgMemc;
330 $wgMemc->set( $key, $data );
331 }
332
333
334 /** @name newFrom*() static factory methods */
335 //@{
336
337 /**
338 * Static factory method for creation from username.
339 *
340 * This is slightly less efficient than newFromId(), so use newFromId() if
341 * you have both an ID and a name handy.
342 *
343 * @param $name \string Username, validated by Title::newFromText()
344 * @param $validate \mixed Validate username. Takes the same parameters as
345 * User::getCanonicalName(), except that true is accepted as an alias
346 * for 'valid', for BC.
347 *
348 * @return \type{User} The User object, or null if the username is invalid. If the
349 * username is not present in the database, the result will be a user object
350 * with a name, zero user ID and default settings.
351 */
352 static function newFromName( $name, $validate = 'valid' ) {
353 if ( $validate === true ) {
354 $validate = 'valid';
355 }
356 $name = self::getCanonicalName( $name, $validate );
357 if ( WikiError::isError( $name ) ) {
358 return $name;
359 } elseif ( $name === false ) {
360 return false;
361 } else {
362 # Create unloaded user object
363 $u = new User;
364 $u->mName = $name;
365 $u->mFrom = 'name';
366 return $u;
367 }
368 }
369
370 /**
371 * Static factory method for creation from a given user ID.
372 *
373 * @param $id \int Valid user ID
374 * @return \type{User} The corresponding User object
375 */
376 static function newFromId( $id ) {
377 $u = new User;
378 $u->mId = $id;
379 $u->mFrom = 'id';
380 return $u;
381 }
382
383 /**
384 * Factory method to fetch whichever user has a given email confirmation code.
385 * This code is generated when an account is created or its e-mail address
386 * has changed.
387 *
388 * If the code is invalid or has expired, returns NULL.
389 *
390 * @param $code \string Confirmation code
391 * @return \type{User}
392 */
393 static function newFromConfirmationCode( $code ) {
394 $dbr = wfGetDB( DB_SLAVE );
395 $id = $dbr->selectField( 'user', 'user_id', array(
396 'user_email_token' => md5( $code ),
397 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
398 ) );
399 if( $id !== false ) {
400 return User::newFromId( $id );
401 } else {
402 return null;
403 }
404 }
405
406 /**
407 * Create a new user object using data from session or cookies. If the
408 * login credentials are invalid, the result is an anonymous user.
409 *
410 * @return \type{User}
411 */
412 static function newFromSession() {
413 $user = new User;
414 $user->mFrom = 'session';
415 return $user;
416 }
417
418 /**
419 * Create a new user object from a user row.
420 * The row should have all fields from the user table in it.
421 * @param $row array A row from the user table
422 * @return \type{User}
423 */
424 static function newFromRow( $row ) {
425 $user = new User;
426 $user->loadFromRow( $row );
427 return $user;
428 }
429
430 //@}
431
432
433 /**
434 * Get the username corresponding to a given user ID
435 * @param $id \int User ID
436 * @return \string The corresponding username
437 */
438 static function whoIs( $id ) {
439 $dbr = wfGetDB( DB_SLAVE );
440 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), 'User::whoIs' );
441 }
442
443 /**
444 * Get the real name of a user given their user ID
445 *
446 * @param $id \int User ID
447 * @return \string The corresponding user's real name
448 */
449 static function whoIsReal( $id ) {
450 $dbr = wfGetDB( DB_SLAVE );
451 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
452 }
453
454 /**
455 * Get database id given a user name
456 * @param $name \string Username
457 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
458 */
459 static function idFromName( $name ) {
460 $nt = Title::makeTitleSafe( NS_USER, $name );
461 if( is_null( $nt ) ) {
462 # Illegal name
463 return null;
464 }
465
466 if ( isset( self::$idCacheByName[$name] ) ) {
467 return self::$idCacheByName[$name];
468 }
469
470 $dbr = wfGetDB( DB_SLAVE );
471 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
472
473 if ( $s === false ) {
474 $result = null;
475 } else {
476 $result = $s->user_id;
477 }
478
479 self::$idCacheByName[$name] = $result;
480
481 if ( count( self::$idCacheByName ) > 1000 ) {
482 self::$idCacheByName = array();
483 }
484
485 return $result;
486 }
487
488 /**
489 * Does the string match an anonymous IPv4 address?
490 *
491 * This function exists for username validation, in order to reject
492 * usernames which are similar in form to IP addresses. Strings such
493 * as 300.300.300.300 will return true because it looks like an IP
494 * address, despite not being strictly valid.
495 *
496 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
497 * address because the usemod software would "cloak" anonymous IP
498 * addresses like this, if we allowed accounts like this to be created
499 * new users could get the old edits of these anonymous users.
500 *
501 * @param $name \string String to match
502 * @return \bool True or false
503 */
504 static function isIP( $name ) {
505 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
506 }
507
508 /**
509 * Is the input a valid username?
510 *
511 * Checks if the input is a valid username, we don't want an empty string,
512 * an IP address, anything that containins slashes (would mess up subpages),
513 * is longer than the maximum allowed username size or doesn't begin with
514 * a capital letter.
515 *
516 * @param $name \string String to match
517 * @return \bool True or false
518 */
519 static function isValidUserName( $name ) {
520 global $wgContLang, $wgMaxNameChars;
521
522 if ( $name == ''
523 || User::isIP( $name )
524 || strpos( $name, '/' ) !== false
525 || strlen( $name ) > $wgMaxNameChars
526 || $name != $wgContLang->ucfirst( $name ) ) {
527 wfDebugLog( 'username', __METHOD__ .
528 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
529 return false;
530 }
531
532 // Ensure that the name can't be misresolved as a different title,
533 // such as with extra namespace keys at the start.
534 $parsed = Title::newFromText( $name );
535 if( is_null( $parsed )
536 || $parsed->getNamespace()
537 || strcmp( $name, $parsed->getPrefixedText() ) ) {
538 wfDebugLog( 'username', __METHOD__ .
539 ": '$name' invalid due to ambiguous prefixes" );
540 return false;
541 }
542
543 // Check an additional blacklist of troublemaker characters.
544 // Should these be merged into the title char list?
545 $unicodeBlacklist = '/[' .
546 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
547 '\x{00a0}' . # non-breaking space
548 '\x{2000}-\x{200f}' . # various whitespace
549 '\x{2028}-\x{202f}' . # breaks and control chars
550 '\x{3000}' . # ideographic space
551 '\x{e000}-\x{f8ff}' . # private use
552 ']/u';
553 if( preg_match( $unicodeBlacklist, $name ) ) {
554 wfDebugLog( 'username', __METHOD__ .
555 ": '$name' invalid due to blacklisted characters" );
556 return false;
557 }
558
559 return true;
560 }
561
562 /**
563 * Usernames which fail to pass this function will be blocked
564 * from user login and new account registrations, but may be used
565 * internally by batch processes.
566 *
567 * If an account already exists in this form, login will be blocked
568 * by a failure to pass this function.
569 *
570 * @param $name \string String to match
571 * @return \bool True or false
572 */
573 static function isUsableName( $name ) {
574 global $wgReservedUsernames;
575 // Must be a valid username, obviously ;)
576 if ( !self::isValidUserName( $name ) ) {
577 return false;
578 }
579
580 static $reservedUsernames = false;
581 if ( !$reservedUsernames ) {
582 $reservedUsernames = $wgReservedUsernames;
583 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
584 }
585
586 // Certain names may be reserved for batch processes.
587 foreach ( $reservedUsernames as $reserved ) {
588 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
589 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
590 }
591 if ( $reserved == $name ) {
592 return false;
593 }
594 }
595 return true;
596 }
597
598 /**
599 * Usernames which fail to pass this function will be blocked
600 * from new account registrations, but may be used internally
601 * either by batch processes or by user accounts which have
602 * already been created.
603 *
604 * Additional character blacklisting may be added here
605 * rather than in isValidUserName() to avoid disrupting
606 * existing accounts.
607 *
608 * @param $name \string String to match
609 * @return \bool True or false
610 */
611 static function isCreatableName( $name ) {
612 global $wgInvalidUsernameCharacters;
613 return
614 self::isUsableName( $name ) &&
615
616 // Registration-time character blacklisting...
617 !preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name );
618 }
619
620 /**
621 * Is the input a valid password for this user?
622 *
623 * @param $password String Desired password
624 * @return bool True or false
625 */
626 function isValidPassword( $password ) {
627 //simple boolean wrapper for getPasswordValidity
628 return $this->getPasswordValidity( $password ) === true;
629 }
630
631 /**
632 * Given unvalidated password input, return error message on failure.
633 *
634 * @param $password String Desired password
635 * @return mixed: true on success, string of error message on failure
636 */
637 function getPasswordValidity( $password ) {
638 global $wgMinimalPasswordLength, $wgContLang;
639
640 $result = false; //init $result to false for the internal checks
641
642 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
643 return $result;
644
645 if ( $result === false ) {
646 if( strlen( $password ) < $wgMinimalPasswordLength ) {
647 return 'passwordtooshort';
648 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
649 return 'password-name-match';
650 } else {
651 //it seems weird returning true here, but this is because of the
652 //initialization of $result to false above. If the hook is never run or it
653 //doesn't modify $result, then we will likely get down into this if with
654 //a valid password.
655 return true;
656 }
657 } elseif( $result === true ) {
658 return true;
659 } else {
660 return $result; //the isValidPassword hook set a string $result and returned true
661 }
662 }
663
664 /**
665 * Does a string look like an e-mail address?
666 *
667 * There used to be a regular expression here, it got removed because it
668 * rejected valid addresses. Actually just check if there is '@' somewhere
669 * in the given address.
670 *
671 * @todo Check for RFC 2822 compilance (bug 959)
672 *
673 * @param $addr \string E-mail address
674 * @return \bool True or false
675 */
676 public static function isValidEmailAddr( $addr ) {
677 $result = null;
678 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
679 return $result;
680 }
681
682 return strpos( $addr, '@' ) !== false;
683 }
684
685 /**
686 * Given unvalidated user input, return a canonical username, or false if
687 * the username is invalid.
688 * @param $name \string User input
689 * @param $validate \types{\string,\bool} Type of validation to use:
690 * - false No validation
691 * - 'valid' Valid for batch processes
692 * - 'usable' Valid for batch processes and login
693 * - 'creatable' Valid for batch processes, login and account creation
694 */
695 static function getCanonicalName( $name, $validate = 'valid' ) {
696 # Force usernames to capital
697 global $wgContLang;
698 $name = $wgContLang->ucfirst( $name );
699
700 # Reject names containing '#'; these will be cleaned up
701 # with title normalisation, but then it's too late to
702 # check elsewhere
703 if( strpos( $name, '#' ) !== false )
704 return new WikiError( 'usernamehasherror' );
705
706 # Clean up name according to title rules
707 $t = ( $validate === 'valid' ) ?
708 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
709 # Check for invalid titles
710 if( is_null( $t ) ) {
711 return false;
712 }
713
714 # Reject various classes of invalid names
715 $name = $t->getText();
716 global $wgAuth;
717 $name = $wgAuth->getCanonicalName( $t->getText() );
718
719 switch ( $validate ) {
720 case false:
721 break;
722 case 'valid':
723 if ( !User::isValidUserName( $name ) ) {
724 $name = false;
725 }
726 break;
727 case 'usable':
728 if ( !User::isUsableName( $name ) ) {
729 $name = false;
730 }
731 break;
732 case 'creatable':
733 if ( !User::isCreatableName( $name ) ) {
734 $name = false;
735 }
736 break;
737 default:
738 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
739 }
740 return $name;
741 }
742
743 /**
744 * Count the number of edits of a user
745 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
746 *
747 * @param $uid \int User ID to check
748 * @return \int The user's edit count
749 */
750 static function edits( $uid ) {
751 wfProfileIn( __METHOD__ );
752 $dbr = wfGetDB( DB_SLAVE );
753 // check if the user_editcount field has been initialized
754 $field = $dbr->selectField(
755 'user', 'user_editcount',
756 array( 'user_id' => $uid ),
757 __METHOD__
758 );
759
760 if( $field === null ) { // it has not been initialized. do so.
761 $dbw = wfGetDB( DB_MASTER );
762 $count = $dbr->selectField(
763 'revision', 'count(*)',
764 array( 'rev_user' => $uid ),
765 __METHOD__
766 );
767 $dbw->update(
768 'user',
769 array( 'user_editcount' => $count ),
770 array( 'user_id' => $uid ),
771 __METHOD__
772 );
773 } else {
774 $count = $field;
775 }
776 wfProfileOut( __METHOD__ );
777 return $count;
778 }
779
780 /**
781 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
782 * @todo hash random numbers to improve security, like generateToken()
783 *
784 * @return \string New random password
785 */
786 static function randomPassword() {
787 global $wgMinimalPasswordLength;
788 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
789 $l = strlen( $pwchars ) - 1;
790
791 $pwlength = max( 7, $wgMinimalPasswordLength );
792 $digit = mt_rand( 0, $pwlength - 1 );
793 $np = '';
794 for ( $i = 0; $i < $pwlength; $i++ ) {
795 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
796 }
797 return $np;
798 }
799
800 /**
801 * Set cached properties to default.
802 *
803 * @note This no longer clears uncached lazy-initialised properties;
804 * the constructor does that instead.
805 * @private
806 */
807 function loadDefaults( $name = false ) {
808 wfProfileIn( __METHOD__ );
809
810 global $wgCookiePrefix;
811
812 $this->mId = 0;
813 $this->mName = $name;
814 $this->mRealName = '';
815 $this->mPassword = $this->mNewpassword = '';
816 $this->mNewpassTime = null;
817 $this->mEmail = '';
818 $this->mOptionOverrides = null;
819 $this->mOptionsLoaded = false;
820
821 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
822 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
823 } else {
824 $this->mTouched = '0'; # Allow any pages to be cached
825 }
826
827 $this->setToken(); # Random
828 $this->mEmailAuthenticated = null;
829 $this->mEmailToken = '';
830 $this->mEmailTokenExpires = null;
831 $this->mRegistration = wfTimestamp( TS_MW );
832 $this->mGroups = array();
833
834 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
835
836 wfProfileOut( __METHOD__ );
837 }
838
839 /**
840 * @deprecated Use wfSetupSession().
841 */
842 function SetupSession() {
843 wfDeprecated( __METHOD__ );
844 wfSetupSession();
845 }
846
847 /**
848 * Load user data from the session or login cookie. If there are no valid
849 * credentials, initialises the user as an anonymous user.
850 * @return \bool True if the user is logged in, false otherwise.
851 */
852 private function loadFromSession() {
853 global $wgMemc, $wgCookiePrefix, $wgExternalAuthType, $wgAutocreatePolicy;
854
855 $result = null;
856 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
857 if ( $result !== null ) {
858 return $result;
859 }
860
861 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
862 $extUser = ExternalUser::newFromCookie();
863 if ( $extUser ) {
864 # TODO: Automatically create the user here (or probably a bit
865 # lower down, in fact)
866 }
867 }
868
869 if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
870 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
871 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
872 $this->loadDefaults(); // Possible collision!
873 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
874 cookie user ID ($sId) don't match!" );
875 return false;
876 }
877 $_SESSION['wsUserID'] = $sId;
878 } else if ( isset( $_SESSION['wsUserID'] ) ) {
879 if ( $_SESSION['wsUserID'] != 0 ) {
880 $sId = $_SESSION['wsUserID'];
881 } else {
882 $this->loadDefaults();
883 return false;
884 }
885 } else {
886 $this->loadDefaults();
887 return false;
888 }
889
890 if ( isset( $_SESSION['wsUserName'] ) ) {
891 $sName = $_SESSION['wsUserName'];
892 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
893 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
894 $_SESSION['wsUserName'] = $sName;
895 } else {
896 $this->loadDefaults();
897 return false;
898 }
899
900 $passwordCorrect = FALSE;
901 $this->mId = $sId;
902 if ( !$this->loadFromId() ) {
903 # Not a valid ID, loadFromId has switched the object to anon for us
904 return false;
905 }
906
907 if ( isset( $_SESSION['wsToken'] ) ) {
908 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
909 $from = 'session';
910 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
911 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
912 $from = 'cookie';
913 } else {
914 # No session or persistent login cookie
915 $this->loadDefaults();
916 return false;
917 }
918
919 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
920 $_SESSION['wsToken'] = $this->mToken;
921 wfDebug( "Logged in from $from\n" );
922 return true;
923 } else {
924 # Invalid credentials
925 wfDebug( "Can't log in from $from, invalid credentials\n" );
926 $this->loadDefaults();
927 return false;
928 }
929 }
930
931 /**
932 * Load user and user_group data from the database.
933 * $this::mId must be set, this is how the user is identified.
934 *
935 * @return \bool True if the user exists, false if the user is anonymous
936 * @private
937 */
938 function loadFromDatabase() {
939 # Paranoia
940 $this->mId = intval( $this->mId );
941
942 /** Anonymous user */
943 if( !$this->mId ) {
944 $this->loadDefaults();
945 return false;
946 }
947
948 $dbr = wfGetDB( DB_MASTER );
949 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
950
951 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
952
953 if ( $s !== false ) {
954 # Initialise user table data
955 $this->loadFromRow( $s );
956 $this->mGroups = null; // deferred
957 $this->getEditCount(); // revalidation for nulls
958 return true;
959 } else {
960 # Invalid user_id
961 $this->mId = 0;
962 $this->loadDefaults();
963 return false;
964 }
965 }
966
967 /**
968 * Initialize this object from a row from the user table.
969 *
970 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
971 */
972 function loadFromRow( $row ) {
973 $this->mDataLoaded = true;
974
975 if ( isset( $row->user_id ) ) {
976 $this->mId = intval( $row->user_id );
977 }
978 $this->mName = $row->user_name;
979 $this->mRealName = $row->user_real_name;
980 $this->mPassword = $row->user_password;
981 $this->mNewpassword = $row->user_newpassword;
982 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
983 $this->mEmail = $row->user_email;
984 $this->decodeOptions( $row->user_options );
985 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
986 $this->mToken = $row->user_token;
987 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
988 $this->mEmailToken = $row->user_email_token;
989 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
990 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
991 $this->mEditCount = $row->user_editcount;
992 }
993
994 /**
995 * Load the groups from the database if they aren't already loaded.
996 * @private
997 */
998 function loadGroups() {
999 if ( is_null( $this->mGroups ) ) {
1000 $dbr = wfGetDB( DB_MASTER );
1001 $res = $dbr->select( 'user_groups',
1002 array( 'ug_group' ),
1003 array( 'ug_user' => $this->mId ),
1004 __METHOD__ );
1005 $this->mGroups = array();
1006 while( $row = $dbr->fetchObject( $res ) ) {
1007 $this->mGroups[] = $row->ug_group;
1008 }
1009 }
1010 }
1011
1012 /**
1013 * Clear various cached data stored in this object.
1014 * @param $reloadFrom \string Reload user and user_groups table data from a
1015 * given source. May be "name", "id", "defaults", "session", or false for
1016 * no reload.
1017 */
1018 function clearInstanceCache( $reloadFrom = false ) {
1019 $this->mNewtalk = -1;
1020 $this->mDatePreference = null;
1021 $this->mBlockedby = -1; # Unset
1022 $this->mHash = false;
1023 $this->mSkin = null;
1024 $this->mRights = null;
1025 $this->mEffectiveGroups = null;
1026 $this->mOptions = null;
1027
1028 if ( $reloadFrom ) {
1029 $this->mDataLoaded = false;
1030 $this->mFrom = $reloadFrom;
1031 }
1032 }
1033
1034 /**
1035 * Combine the language default options with any site-specific options
1036 * and add the default language variants.
1037 *
1038 * @return \type{\arrayof{\string}} Array of options
1039 */
1040 static function getDefaultOptions() {
1041 global $wgNamespacesToBeSearchedDefault;
1042 /**
1043 * Site defaults will override the global/language defaults
1044 */
1045 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1046 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1047
1048 /**
1049 * default language setting
1050 */
1051 $variant = $wgContLang->getPreferredVariant( false );
1052 $defOpt['variant'] = $variant;
1053 $defOpt['language'] = $variant;
1054 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1055 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1056 }
1057 $defOpt['skin'] = $wgDefaultSkin;
1058
1059 return $defOpt;
1060 }
1061
1062 /**
1063 * Get a given default option value.
1064 *
1065 * @param $opt \string Name of option to retrieve
1066 * @return \string Default option value
1067 */
1068 public static function getDefaultOption( $opt ) {
1069 $defOpts = self::getDefaultOptions();
1070 if( isset( $defOpts[$opt] ) ) {
1071 return $defOpts[$opt];
1072 } else {
1073 return null;
1074 }
1075 }
1076
1077 /**
1078 * Get a list of user toggle names
1079 * @return \type{\arrayof{\string}} Array of user toggle names
1080 */
1081 static function getToggles() {
1082 global $wgContLang, $wgUseRCPatrol;
1083 $extraToggles = array();
1084 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
1085 if( $wgUseRCPatrol ) {
1086 $extraToggles[] = 'hidepatrolled';
1087 $extraToggles[] = 'newpageshidepatrolled';
1088 $extraToggles[] = 'watchlisthidepatrolled';
1089 }
1090 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
1091 }
1092
1093
1094 /**
1095 * Get blocking information
1096 * @private
1097 * @param $bFromSlave \bool Whether to check the slave database first. To
1098 * improve performance, non-critical checks are done
1099 * against slaves. Check when actually saving should be
1100 * done against master.
1101 */
1102 function getBlockedStatus( $bFromSlave = true ) {
1103 global $wgProxyWhitelist, $wgUser;
1104
1105 if ( -1 != $this->mBlockedby ) {
1106 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1107 return;
1108 }
1109
1110 wfProfileIn( __METHOD__ );
1111 wfDebug( __METHOD__.": checking...\n" );
1112
1113 // Initialize data...
1114 // Otherwise something ends up stomping on $this->mBlockedby when
1115 // things get lazy-loaded later, causing false positive block hits
1116 // due to -1 !== 0. Probably session-related... Nothing should be
1117 // overwriting mBlockedby, surely?
1118 $this->load();
1119
1120 $this->mBlockedby = 0;
1121 $this->mHideName = 0;
1122 $this->mAllowUsertalk = 0;
1123
1124 # Check if we are looking at an IP or a logged-in user
1125 if ( $this->isIP( $this->getName() ) ) {
1126 $ip = $this->getName();
1127 } else {
1128 # Check if we are looking at the current user
1129 # If we don't, and the user is logged in, we don't know about
1130 # his IP / autoblock status, so ignore autoblock of current user's IP
1131 if ( $this->getID() != $wgUser->getID() ) {
1132 $ip = '';
1133 } else {
1134 # Get IP of current user
1135 $ip = wfGetIP();
1136 }
1137 }
1138
1139 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1140 # Exempt from all types of IP-block
1141 $ip = '';
1142 }
1143
1144 # User/IP blocking
1145 $this->mBlock = new Block();
1146 $this->mBlock->fromMaster( !$bFromSlave );
1147 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1148 wfDebug( __METHOD__ . ": Found block.\n" );
1149 $this->mBlockedby = $this->mBlock->mBy;
1150 $this->mBlockreason = $this->mBlock->mReason;
1151 $this->mHideName = $this->mBlock->mHideName;
1152 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1153 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1154 $this->spreadBlock();
1155 }
1156 } else {
1157 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1158 // apply to users. Note that the existence of $this->mBlock is not used to
1159 // check for edit blocks, $this->mBlockedby is instead.
1160 }
1161
1162 # Proxy blocking
1163 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1164 # Local list
1165 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1166 $this->mBlockedby = wfMsg( 'proxyblocker' );
1167 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1168 }
1169
1170 # DNSBL
1171 if ( !$this->mBlockedby && !$this->getID() ) {
1172 if ( $this->isDnsBlacklisted( $ip ) ) {
1173 $this->mBlockedby = wfMsg( 'sorbs' );
1174 $this->mBlockreason = wfMsg( 'sorbsreason' );
1175 }
1176 }
1177 }
1178
1179 # Extensions
1180 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1181
1182 wfProfileOut( __METHOD__ );
1183 }
1184
1185 /**
1186 * Whether the given IP is in a DNS blacklist.
1187 *
1188 * @param $ip \string IP to check
1189 * @param $checkWhitelist Boolean: whether to check the whitelist first
1190 * @return \bool True if blacklisted.
1191 */
1192 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1193 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1194 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1195
1196 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1197 return false;
1198
1199 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1200 return false;
1201
1202 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1203 return $this->inDnsBlacklist( $ip, $urls );
1204 }
1205
1206 /**
1207 * Whether the given IP is in a given DNS blacklist.
1208 *
1209 * @param $ip \string IP to check
1210 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1211 * @return \bool True if blacklisted.
1212 */
1213 function inDnsBlacklist( $ip, $bases ) {
1214 wfProfileIn( __METHOD__ );
1215
1216 $found = false;
1217 $host = '';
1218 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1219 if( IP::isIPv4( $ip ) ) {
1220 # Reverse IP, bug 21255
1221 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1222
1223 foreach( (array)$bases as $base ) {
1224 # Make hostname
1225 $host = "$ipReversed.$base";
1226
1227 # Send query
1228 $ipList = gethostbynamel( $host );
1229
1230 if( $ipList ) {
1231 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1232 $found = true;
1233 break;
1234 } else {
1235 wfDebug( "Requested $host, not found in $base.\n" );
1236 }
1237 }
1238 }
1239
1240 wfProfileOut( __METHOD__ );
1241 return $found;
1242 }
1243
1244 /**
1245 * Is this user subject to rate limiting?
1246 *
1247 * @return \bool True if rate limited
1248 */
1249 public function isPingLimitable() {
1250 global $wgRateLimitsExcludedGroups;
1251 global $wgRateLimitsExcludedIPs;
1252 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1253 // Deprecated, but kept for backwards-compatibility config
1254 return false;
1255 }
1256 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1257 // No other good way currently to disable rate limits
1258 // for specific IPs. :P
1259 // But this is a crappy hack and should die.
1260 return false;
1261 }
1262 return !$this->isAllowed('noratelimit');
1263 }
1264
1265 /**
1266 * Primitive rate limits: enforce maximum actions per time period
1267 * to put a brake on flooding.
1268 *
1269 * @note When using a shared cache like memcached, IP-address
1270 * last-hit counters will be shared across wikis.
1271 *
1272 * @param $action \string Action to enforce; 'edit' if unspecified
1273 * @return \bool True if a rate limiter was tripped
1274 */
1275 function pingLimiter( $action = 'edit' ) {
1276 # Call the 'PingLimiter' hook
1277 $result = false;
1278 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1279 return $result;
1280 }
1281
1282 global $wgRateLimits;
1283 if( !isset( $wgRateLimits[$action] ) ) {
1284 return false;
1285 }
1286
1287 # Some groups shouldn't trigger the ping limiter, ever
1288 if( !$this->isPingLimitable() )
1289 return false;
1290
1291 global $wgMemc, $wgRateLimitLog;
1292 wfProfileIn( __METHOD__ );
1293
1294 $limits = $wgRateLimits[$action];
1295 $keys = array();
1296 $id = $this->getId();
1297 $ip = wfGetIP();
1298 $userLimit = false;
1299
1300 if( isset( $limits['anon'] ) && $id == 0 ) {
1301 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1302 }
1303
1304 if( isset( $limits['user'] ) && $id != 0 ) {
1305 $userLimit = $limits['user'];
1306 }
1307 if( $this->isNewbie() ) {
1308 if( isset( $limits['newbie'] ) && $id != 0 ) {
1309 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1310 }
1311 if( isset( $limits['ip'] ) ) {
1312 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1313 }
1314 $matches = array();
1315 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1316 $subnet = $matches[1];
1317 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1318 }
1319 }
1320 // Check for group-specific permissions
1321 // If more than one group applies, use the group with the highest limit
1322 foreach ( $this->getGroups() as $group ) {
1323 if ( isset( $limits[$group] ) ) {
1324 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1325 $userLimit = $limits[$group];
1326 }
1327 }
1328 }
1329 // Set the user limit key
1330 if ( $userLimit !== false ) {
1331 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1332 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1333 }
1334
1335 $triggered = false;
1336 foreach( $keys as $key => $limit ) {
1337 list( $max, $period ) = $limit;
1338 $summary = "(limit $max in {$period}s)";
1339 $count = $wgMemc->get( $key );
1340 // Already pinged?
1341 if( $count ) {
1342 if( $count > $max ) {
1343 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1344 if( $wgRateLimitLog ) {
1345 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1346 }
1347 $triggered = true;
1348 } else {
1349 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1350 }
1351 } else {
1352 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1353 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1354 }
1355 $wgMemc->incr( $key );
1356 }
1357
1358 wfProfileOut( __METHOD__ );
1359 return $triggered;
1360 }
1361
1362 /**
1363 * Check if user is blocked
1364 *
1365 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1366 * @return \bool True if blocked, false otherwise
1367 */
1368 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1369 wfDebug( "User::isBlocked: enter\n" );
1370 $this->getBlockedStatus( $bFromSlave );
1371 return $this->mBlockedby !== 0;
1372 }
1373
1374 /**
1375 * Check if user is blocked from editing a particular article
1376 *
1377 * @param $title \string Title to check
1378 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1379 * @return \bool True if blocked, false otherwise
1380 */
1381 function isBlockedFrom( $title, $bFromSlave = false ) {
1382 global $wgBlockAllowsUTEdit;
1383 wfProfileIn( __METHOD__ );
1384 wfDebug( __METHOD__ . ": enter\n" );
1385
1386 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1387 $blocked = $this->isBlocked( $bFromSlave );
1388 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1389 # If a user's name is suppressed, they cannot make edits anywhere
1390 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1391 $title->getNamespace() == NS_USER_TALK ) {
1392 $blocked = false;
1393 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1394 }
1395
1396 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1397
1398 wfProfileOut( __METHOD__ );
1399 return $blocked;
1400 }
1401
1402 /**
1403 * If user is blocked, return the name of the user who placed the block
1404 * @return \string name of blocker
1405 */
1406 function blockedBy() {
1407 $this->getBlockedStatus();
1408 return $this->mBlockedby;
1409 }
1410
1411 /**
1412 * If user is blocked, return the specified reason for the block
1413 * @return \string Blocking reason
1414 */
1415 function blockedFor() {
1416 $this->getBlockedStatus();
1417 return $this->mBlockreason;
1418 }
1419
1420 /**
1421 * If user is blocked, return the ID for the block
1422 * @return \int Block ID
1423 */
1424 function getBlockId() {
1425 $this->getBlockedStatus();
1426 return ( $this->mBlock ? $this->mBlock->mId : false );
1427 }
1428
1429 /**
1430 * Check if user is blocked on all wikis.
1431 * Do not use for actual edit permission checks!
1432 * This is intented for quick UI checks.
1433 *
1434 * @param $ip \type{\string} IP address, uses current client if none given
1435 * @return \type{\bool} True if blocked, false otherwise
1436 */
1437 function isBlockedGlobally( $ip = '' ) {
1438 if( $this->mBlockedGlobally !== null ) {
1439 return $this->mBlockedGlobally;
1440 }
1441 // User is already an IP?
1442 if( IP::isIPAddress( $this->getName() ) ) {
1443 $ip = $this->getName();
1444 } else if( !$ip ) {
1445 $ip = wfGetIP();
1446 }
1447 $blocked = false;
1448 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1449 $this->mBlockedGlobally = (bool)$blocked;
1450 return $this->mBlockedGlobally;
1451 }
1452
1453 /**
1454 * Check if user account is locked
1455 *
1456 * @return \type{\bool} True if locked, false otherwise
1457 */
1458 function isLocked() {
1459 if( $this->mLocked !== null ) {
1460 return $this->mLocked;
1461 }
1462 global $wgAuth;
1463 $authUser = $wgAuth->getUserInstance( $this );
1464 $this->mLocked = (bool)$authUser->isLocked();
1465 return $this->mLocked;
1466 }
1467
1468 /**
1469 * Check if user account is hidden
1470 *
1471 * @return \type{\bool} True if hidden, false otherwise
1472 */
1473 function isHidden() {
1474 if( $this->mHideName !== null ) {
1475 return $this->mHideName;
1476 }
1477 $this->getBlockedStatus();
1478 if( !$this->mHideName ) {
1479 global $wgAuth;
1480 $authUser = $wgAuth->getUserInstance( $this );
1481 $this->mHideName = (bool)$authUser->isHidden();
1482 }
1483 return $this->mHideName;
1484 }
1485
1486 /**
1487 * Get the user's ID.
1488 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1489 */
1490 function getId() {
1491 if( $this->mId === null and $this->mName !== null
1492 and User::isIP( $this->mName ) ) {
1493 // Special case, we know the user is anonymous
1494 return 0;
1495 } elseif( $this->mId === null ) {
1496 // Don't load if this was initialized from an ID
1497 $this->load();
1498 }
1499 return $this->mId;
1500 }
1501
1502 /**
1503 * Set the user and reload all fields according to a given ID
1504 * @param $v \int User ID to reload
1505 */
1506 function setId( $v ) {
1507 $this->mId = $v;
1508 $this->clearInstanceCache( 'id' );
1509 }
1510
1511 /**
1512 * Get the user name, or the IP of an anonymous user
1513 * @return \string User's name or IP address
1514 */
1515 function getName() {
1516 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1517 # Special case optimisation
1518 return $this->mName;
1519 } else {
1520 $this->load();
1521 if ( $this->mName === false ) {
1522 # Clean up IPs
1523 $this->mName = IP::sanitizeIP( wfGetIP() );
1524 }
1525 return $this->mName;
1526 }
1527 }
1528
1529 /**
1530 * Set the user name.
1531 *
1532 * This does not reload fields from the database according to the given
1533 * name. Rather, it is used to create a temporary "nonexistent user" for
1534 * later addition to the database. It can also be used to set the IP
1535 * address for an anonymous user to something other than the current
1536 * remote IP.
1537 *
1538 * @note User::newFromName() has rougly the same function, when the named user
1539 * does not exist.
1540 * @param $str \string New user name to set
1541 */
1542 function setName( $str ) {
1543 $this->load();
1544 $this->mName = $str;
1545 }
1546
1547 /**
1548 * Get the user's name escaped by underscores.
1549 * @return \string Username escaped by underscores.
1550 */
1551 function getTitleKey() {
1552 return str_replace( ' ', '_', $this->getName() );
1553 }
1554
1555 /**
1556 * Check if the user has new messages.
1557 * @return \bool True if the user has new messages
1558 */
1559 function getNewtalk() {
1560 $this->load();
1561
1562 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1563 if( $this->mNewtalk === -1 ) {
1564 $this->mNewtalk = false; # reset talk page status
1565
1566 # Check memcached separately for anons, who have no
1567 # entire User object stored in there.
1568 if( !$this->mId ) {
1569 global $wgMemc;
1570 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1571 $newtalk = $wgMemc->get( $key );
1572 if( strval( $newtalk ) !== '' ) {
1573 $this->mNewtalk = (bool)$newtalk;
1574 } else {
1575 // Since we are caching this, make sure it is up to date by getting it
1576 // from the master
1577 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1578 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1579 }
1580 } else {
1581 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1582 }
1583 }
1584
1585 return (bool)$this->mNewtalk;
1586 }
1587
1588 /**
1589 * Return the talk page(s) this user has new messages on.
1590 * @return \type{\arrayof{\string}} Array of page URLs
1591 */
1592 function getNewMessageLinks() {
1593 $talks = array();
1594 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1595 return $talks;
1596
1597 if( !$this->getNewtalk() )
1598 return array();
1599 $up = $this->getUserPage();
1600 $utp = $up->getTalkPage();
1601 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1602 }
1603
1604 /**
1605 * Internal uncached check for new messages
1606 *
1607 * @see getNewtalk()
1608 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1609 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1610 * @param $fromMaster \bool true to fetch from the master, false for a slave
1611 * @return \bool True if the user has new messages
1612 * @private
1613 */
1614 function checkNewtalk( $field, $id, $fromMaster = false ) {
1615 if ( $fromMaster ) {
1616 $db = wfGetDB( DB_MASTER );
1617 } else {
1618 $db = wfGetDB( DB_SLAVE );
1619 }
1620 $ok = $db->selectField( 'user_newtalk', $field,
1621 array( $field => $id ), __METHOD__ );
1622 return $ok !== false;
1623 }
1624
1625 /**
1626 * Add or update the new messages flag
1627 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1628 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1629 * @return \bool True if successful, false otherwise
1630 * @private
1631 */
1632 function updateNewtalk( $field, $id ) {
1633 $dbw = wfGetDB( DB_MASTER );
1634 $dbw->insert( 'user_newtalk',
1635 array( $field => $id ),
1636 __METHOD__,
1637 'IGNORE' );
1638 if ( $dbw->affectedRows() ) {
1639 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1640 return true;
1641 } else {
1642 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1643 return false;
1644 }
1645 }
1646
1647 /**
1648 * Clear the new messages flag for the given user
1649 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1650 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1651 * @return \bool True if successful, false otherwise
1652 * @private
1653 */
1654 function deleteNewtalk( $field, $id ) {
1655 $dbw = wfGetDB( DB_MASTER );
1656 $dbw->delete( 'user_newtalk',
1657 array( $field => $id ),
1658 __METHOD__ );
1659 if ( $dbw->affectedRows() ) {
1660 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1661 return true;
1662 } else {
1663 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1664 return false;
1665 }
1666 }
1667
1668 /**
1669 * Update the 'You have new messages!' status.
1670 * @param $val \bool Whether the user has new messages
1671 */
1672 function setNewtalk( $val ) {
1673 if( wfReadOnly() ) {
1674 return;
1675 }
1676
1677 $this->load();
1678 $this->mNewtalk = $val;
1679
1680 if( $this->isAnon() ) {
1681 $field = 'user_ip';
1682 $id = $this->getName();
1683 } else {
1684 $field = 'user_id';
1685 $id = $this->getId();
1686 }
1687 global $wgMemc;
1688
1689 if( $val ) {
1690 $changed = $this->updateNewtalk( $field, $id );
1691 } else {
1692 $changed = $this->deleteNewtalk( $field, $id );
1693 }
1694
1695 if( $this->isAnon() ) {
1696 // Anons have a separate memcached space, since
1697 // user records aren't kept for them.
1698 $key = wfMemcKey( 'newtalk', 'ip', $id );
1699 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1700 }
1701 if ( $changed ) {
1702 $this->invalidateCache();
1703 }
1704 }
1705
1706 /**
1707 * Generate a current or new-future timestamp to be stored in the
1708 * user_touched field when we update things.
1709 * @return \string Timestamp in TS_MW format
1710 */
1711 private static function newTouchedTimestamp() {
1712 global $wgClockSkewFudge;
1713 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1714 }
1715
1716 /**
1717 * Clear user data from memcached.
1718 * Use after applying fun updates to the database; caller's
1719 * responsibility to update user_touched if appropriate.
1720 *
1721 * Called implicitly from invalidateCache() and saveSettings().
1722 */
1723 private function clearSharedCache() {
1724 $this->load();
1725 if( $this->mId ) {
1726 global $wgMemc;
1727 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1728 }
1729 }
1730
1731 /**
1732 * Immediately touch the user data cache for this account.
1733 * Updates user_touched field, and removes account data from memcached
1734 * for reload on the next hit.
1735 */
1736 function invalidateCache() {
1737 if( wfReadOnly() ) {
1738 return;
1739 }
1740 $this->load();
1741 if( $this->mId ) {
1742 $this->mTouched = self::newTouchedTimestamp();
1743
1744 $dbw = wfGetDB( DB_MASTER );
1745 $dbw->update( 'user',
1746 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1747 array( 'user_id' => $this->mId ),
1748 __METHOD__ );
1749
1750 $this->clearSharedCache();
1751 }
1752 }
1753
1754 /**
1755 * Validate the cache for this account.
1756 * @param $timestamp \string A timestamp in TS_MW format
1757 */
1758 function validateCache( $timestamp ) {
1759 $this->load();
1760 return ( $timestamp >= $this->mTouched );
1761 }
1762
1763 /**
1764 * Get the user touched timestamp
1765 */
1766 function getTouched() {
1767 $this->load();
1768 return $this->mTouched;
1769 }
1770
1771 /**
1772 * Set the password and reset the random token.
1773 * Calls through to authentication plugin if necessary;
1774 * will have no effect if the auth plugin refuses to
1775 * pass the change through or if the legal password
1776 * checks fail.
1777 *
1778 * As a special case, setting the password to null
1779 * wipes it, so the account cannot be logged in until
1780 * a new password is set, for instance via e-mail.
1781 *
1782 * @param $str \string New password to set
1783 * @throws PasswordError on failure
1784 */
1785 function setPassword( $str ) {
1786 global $wgAuth;
1787
1788 if( $str !== null ) {
1789 if( !$wgAuth->allowPasswordChange() ) {
1790 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1791 }
1792
1793 if( !$this->isValidPassword( $str ) ) {
1794 global $wgMinimalPasswordLength;
1795 $valid = $this->getPasswordValidity( $str );
1796 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1797 $wgMinimalPasswordLength ) );
1798 }
1799 }
1800
1801 if( !$wgAuth->setPassword( $this, $str ) ) {
1802 throw new PasswordError( wfMsg( 'externaldberror' ) );
1803 }
1804
1805 $this->setInternalPassword( $str );
1806
1807 return true;
1808 }
1809
1810 /**
1811 * Set the password and reset the random token unconditionally.
1812 *
1813 * @param $str \string New password to set
1814 */
1815 function setInternalPassword( $str ) {
1816 $this->load();
1817 $this->setToken();
1818
1819 if( $str === null ) {
1820 // Save an invalid hash...
1821 $this->mPassword = '';
1822 } else {
1823 $this->mPassword = self::crypt( $str );
1824 }
1825 $this->mNewpassword = '';
1826 $this->mNewpassTime = null;
1827 }
1828
1829 /**
1830 * Get the user's current token.
1831 * @return \string Token
1832 */
1833 function getToken() {
1834 $this->load();
1835 return $this->mToken;
1836 }
1837
1838 /**
1839 * Set the random token (used for persistent authentication)
1840 * Called from loadDefaults() among other places.
1841 *
1842 * @param $token \string If specified, set the token to this value
1843 * @private
1844 */
1845 function setToken( $token = false ) {
1846 global $wgSecretKey, $wgProxyKey;
1847 $this->load();
1848 if ( !$token ) {
1849 if ( $wgSecretKey ) {
1850 $key = $wgSecretKey;
1851 } elseif ( $wgProxyKey ) {
1852 $key = $wgProxyKey;
1853 } else {
1854 $key = microtime();
1855 }
1856 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1857 } else {
1858 $this->mToken = $token;
1859 }
1860 }
1861
1862 /**
1863 * Set the cookie password
1864 *
1865 * @param $str \string New cookie password
1866 * @private
1867 */
1868 function setCookiePassword( $str ) {
1869 $this->load();
1870 $this->mCookiePassword = md5( $str );
1871 }
1872
1873 /**
1874 * Set the password for a password reminder or new account email
1875 *
1876 * @param $str \string New password to set
1877 * @param $throttle \bool If true, reset the throttle timestamp to the present
1878 */
1879 function setNewpassword( $str, $throttle = true ) {
1880 $this->load();
1881 $this->mNewpassword = self::crypt( $str );
1882 if ( $throttle ) {
1883 $this->mNewpassTime = wfTimestampNow();
1884 }
1885 }
1886
1887 /**
1888 * Has password reminder email been sent within the last
1889 * $wgPasswordReminderResendTime hours?
1890 * @return \bool True or false
1891 */
1892 function isPasswordReminderThrottled() {
1893 global $wgPasswordReminderResendTime;
1894 $this->load();
1895 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1896 return false;
1897 }
1898 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1899 return time() < $expiry;
1900 }
1901
1902 /**
1903 * Get the user's e-mail address
1904 * @return \string User's email address
1905 */
1906 function getEmail() {
1907 $this->load();
1908 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1909 return $this->mEmail;
1910 }
1911
1912 /**
1913 * Get the timestamp of the user's e-mail authentication
1914 * @return \string TS_MW timestamp
1915 */
1916 function getEmailAuthenticationTimestamp() {
1917 $this->load();
1918 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1919 return $this->mEmailAuthenticated;
1920 }
1921
1922 /**
1923 * Set the user's e-mail address
1924 * @param $str \string New e-mail address
1925 */
1926 function setEmail( $str ) {
1927 $this->load();
1928 $this->mEmail = $str;
1929 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1930 }
1931
1932 /**
1933 * Get the user's real name
1934 * @return \string User's real name
1935 */
1936 function getRealName() {
1937 $this->load();
1938 return $this->mRealName;
1939 }
1940
1941 /**
1942 * Set the user's real name
1943 * @param $str \string New real name
1944 */
1945 function setRealName( $str ) {
1946 $this->load();
1947 $this->mRealName = $str;
1948 }
1949
1950 /**
1951 * Get the user's current setting for a given option.
1952 *
1953 * @param $oname \string The option to check
1954 * @param $defaultOverride \string A default value returned if the option does not exist
1955 * @return \string User's current value for the option
1956 * @see getBoolOption()
1957 * @see getIntOption()
1958 */
1959 function getOption( $oname, $defaultOverride = null ) {
1960 $this->loadOptions();
1961
1962 if ( is_null( $this->mOptions ) ) {
1963 if($defaultOverride != '') {
1964 return $defaultOverride;
1965 }
1966 $this->mOptions = User::getDefaultOptions();
1967 }
1968
1969 if ( array_key_exists( $oname, $this->mOptions ) ) {
1970 return $this->mOptions[$oname];
1971 } else {
1972 return $defaultOverride;
1973 }
1974 }
1975
1976 /**
1977 * Get all user's options
1978 *
1979 * @return array
1980 */
1981 public function getOptions() {
1982 $this->loadOptions();
1983 return $this->mOptions;
1984 }
1985
1986 /**
1987 * Get the user's current setting for a given option, as a boolean value.
1988 *
1989 * @param $oname \string The option to check
1990 * @return \bool User's current value for the option
1991 * @see getOption()
1992 */
1993 function getBoolOption( $oname ) {
1994 return (bool)$this->getOption( $oname );
1995 }
1996
1997
1998 /**
1999 * Get the user's current setting for a given option, as a boolean value.
2000 *
2001 * @param $oname \string The option to check
2002 * @param $defaultOverride \int A default value returned if the option does not exist
2003 * @return \int User's current value for the option
2004 * @see getOption()
2005 */
2006 function getIntOption( $oname, $defaultOverride=0 ) {
2007 $val = $this->getOption( $oname );
2008 if( $val == '' ) {
2009 $val = $defaultOverride;
2010 }
2011 return intval( $val );
2012 }
2013
2014 /**
2015 * Set the given option for a user.
2016 *
2017 * @param $oname \string The option to set
2018 * @param $val \mixed New value to set
2019 */
2020 function setOption( $oname, $val ) {
2021 $this->load();
2022 $this->loadOptions();
2023
2024 if ( $oname == 'skin' ) {
2025 # Clear cached skin, so the new one displays immediately in Special:Preferences
2026 unset( $this->mSkin );
2027 }
2028
2029 // Explicitly NULL values should refer to defaults
2030 global $wgDefaultUserOptions;
2031 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2032 $val = $wgDefaultUserOptions[$oname];
2033 }
2034
2035 $this->mOptions[$oname] = $val;
2036 }
2037
2038 /**
2039 * Reset all options to the site defaults
2040 */
2041 function resetOptions() {
2042 $this->mOptions = User::getDefaultOptions();
2043 }
2044
2045 /**
2046 * Get the user's preferred date format.
2047 * @return \string User's preferred date format
2048 */
2049 function getDatePreference() {
2050 // Important migration for old data rows
2051 if ( is_null( $this->mDatePreference ) ) {
2052 global $wgLang;
2053 $value = $this->getOption( 'date' );
2054 $map = $wgLang->getDatePreferenceMigrationMap();
2055 if ( isset( $map[$value] ) ) {
2056 $value = $map[$value];
2057 }
2058 $this->mDatePreference = $value;
2059 }
2060 return $this->mDatePreference;
2061 }
2062
2063 /**
2064 * Get the permissions this user has.
2065 * @return \type{\arrayof{\string}} Array of permission names
2066 */
2067 function getRights() {
2068 if ( is_null( $this->mRights ) ) {
2069 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2070 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2071 // Force reindexation of rights when a hook has unset one of them
2072 $this->mRights = array_values( $this->mRights );
2073 }
2074 return $this->mRights;
2075 }
2076
2077 /**
2078 * Get the list of explicit group memberships this user has.
2079 * The implicit * and user groups are not included.
2080 * @return \type{\arrayof{\string}} Array of internal group names
2081 */
2082 function getGroups() {
2083 $this->load();
2084 return $this->mGroups;
2085 }
2086
2087 /**
2088 * Get the list of implicit group memberships this user has.
2089 * This includes all explicit groups, plus 'user' if logged in,
2090 * '*' for all accounts and autopromoted groups
2091 * @param $recache \bool Whether to avoid the cache
2092 * @return \type{\arrayof{\string}} Array of internal group names
2093 */
2094 function getEffectiveGroups( $recache = false ) {
2095 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2096 wfProfileIn( __METHOD__ );
2097 $this->mEffectiveGroups = $this->getGroups();
2098 $this->mEffectiveGroups[] = '*';
2099 if( $this->getId() ) {
2100 $this->mEffectiveGroups[] = 'user';
2101
2102 $this->mEffectiveGroups = array_unique( array_merge(
2103 $this->mEffectiveGroups,
2104 Autopromote::getAutopromoteGroups( $this )
2105 ) );
2106
2107 # Hook for additional groups
2108 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2109 }
2110 wfProfileOut( __METHOD__ );
2111 }
2112 return $this->mEffectiveGroups;
2113 }
2114
2115 /**
2116 * Get the user's edit count.
2117 * @return \int User'e edit count
2118 */
2119 function getEditCount() {
2120 if( $this->getId() ) {
2121 if ( !isset( $this->mEditCount ) ) {
2122 /* Populate the count, if it has not been populated yet */
2123 $this->mEditCount = User::edits( $this->mId );
2124 }
2125 return $this->mEditCount;
2126 } else {
2127 /* nil */
2128 return null;
2129 }
2130 }
2131
2132 /**
2133 * Add the user to the given group.
2134 * This takes immediate effect.
2135 * @param $group \string Name of the group to add
2136 */
2137 function addGroup( $group ) {
2138 $dbw = wfGetDB( DB_MASTER );
2139 if( $this->getId() ) {
2140 $dbw->insert( 'user_groups',
2141 array(
2142 'ug_user' => $this->getID(),
2143 'ug_group' => $group,
2144 ),
2145 'User::addGroup',
2146 array( 'IGNORE' ) );
2147 }
2148
2149 $this->loadGroups();
2150 $this->mGroups[] = $group;
2151 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2152
2153 $this->invalidateCache();
2154 }
2155
2156 /**
2157 * Remove the user from the given group.
2158 * This takes immediate effect.
2159 * @param $group \string Name of the group to remove
2160 */
2161 function removeGroup( $group ) {
2162 $this->load();
2163 $dbw = wfGetDB( DB_MASTER );
2164 $dbw->delete( 'user_groups',
2165 array(
2166 'ug_user' => $this->getID(),
2167 'ug_group' => $group,
2168 ),
2169 'User::removeGroup' );
2170
2171 $this->loadGroups();
2172 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2173 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2174
2175 $this->invalidateCache();
2176 }
2177
2178 /**
2179 * Get whether the user is logged in
2180 * @return \bool True or false
2181 */
2182 function isLoggedIn() {
2183 return $this->getID() != 0;
2184 }
2185
2186 /**
2187 * Get whether the user is anonymous
2188 * @return \bool True or false
2189 */
2190 function isAnon() {
2191 return !$this->isLoggedIn();
2192 }
2193
2194 /**
2195 * Get whether the user is a bot
2196 * @return \bool True or false
2197 * @deprecated
2198 */
2199 function isBot() {
2200 wfDeprecated( __METHOD__ );
2201 return $this->isAllowed( 'bot' );
2202 }
2203
2204 /**
2205 * Check if user is allowed to access a feature / make an action
2206 * @param $action \string action to be checked
2207 * @return \bool True if action is allowed, else false
2208 */
2209 function isAllowed( $action = '' ) {
2210 if ( $action === '' )
2211 return true; // In the spirit of DWIM
2212 # Patrolling may not be enabled
2213 if( $action === 'patrol' || $action === 'autopatrol' ) {
2214 global $wgUseRCPatrol, $wgUseNPPatrol;
2215 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2216 return false;
2217 }
2218 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2219 # by misconfiguration: 0 == 'foo'
2220 return in_array( $action, $this->getRights(), true );
2221 }
2222
2223 /**
2224 * Check whether to enable recent changes patrol features for this user
2225 * @return \bool True or false
2226 */
2227 public function useRCPatrol() {
2228 global $wgUseRCPatrol;
2229 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2230 }
2231
2232 /**
2233 * Check whether to enable new pages patrol features for this user
2234 * @return \bool True or false
2235 */
2236 public function useNPPatrol() {
2237 global $wgUseRCPatrol, $wgUseNPPatrol;
2238 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2239 }
2240
2241 /**
2242 * Get the current skin, loading it if required, and setting a title
2243 * @param $t Title: the title to use in the skin
2244 * @return Skin The current skin
2245 * @todo FIXME : need to check the old failback system [AV]
2246 */
2247 function &getSkin( $t = null ) {
2248 if ( !isset( $this->mSkin ) ) {
2249 wfProfileIn( __METHOD__ );
2250
2251 global $wgHiddenPrefs;
2252 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2253 # get the user skin
2254 global $wgRequest;
2255 $userSkin = $this->getOption( 'skin' );
2256 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2257 } else {
2258 # if we're not allowing users to override, then use the default
2259 global $wgDefaultSkin;
2260 $userSkin = $wgDefaultSkin;
2261 }
2262
2263 $this->mSkin =& Skin::newFromKey( $userSkin );
2264 wfProfileOut( __METHOD__ );
2265 }
2266 if( $t || !$this->mSkin->getTitle() ) {
2267 if ( !$t ) {
2268 global $wgOut;
2269 $t = $wgOut->getTitle();
2270 }
2271 $this->mSkin->setTitle( $t );
2272 }
2273 return $this->mSkin;
2274 }
2275
2276 /**
2277 * Check the watched status of an article.
2278 * @param $title \type{Title} Title of the article to look at
2279 * @return \bool True if article is watched
2280 */
2281 function isWatched( $title ) {
2282 $wl = WatchedItem::fromUserTitle( $this, $title );
2283 return $wl->isWatched();
2284 }
2285
2286 /**
2287 * Watch an article.
2288 * @param $title \type{Title} Title of the article to look at
2289 */
2290 function addWatch( $title ) {
2291 $wl = WatchedItem::fromUserTitle( $this, $title );
2292 $wl->addWatch();
2293 $this->invalidateCache();
2294 }
2295
2296 /**
2297 * Stop watching an article.
2298 * @param $title \type{Title} Title of the article to look at
2299 */
2300 function removeWatch( $title ) {
2301 $wl = WatchedItem::fromUserTitle( $this, $title );
2302 $wl->removeWatch();
2303 $this->invalidateCache();
2304 }
2305
2306 /**
2307 * Clear the user's notification timestamp for the given title.
2308 * If e-notif e-mails are on, they will receive notification mails on
2309 * the next change of the page if it's watched etc.
2310 * @param $title \type{Title} Title of the article to look at
2311 */
2312 function clearNotification( &$title ) {
2313 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2314
2315 # Do nothing if the database is locked to writes
2316 if( wfReadOnly() ) {
2317 return;
2318 }
2319
2320 if( $title->getNamespace() == NS_USER_TALK &&
2321 $title->getText() == $this->getName() ) {
2322 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2323 return;
2324 $this->setNewtalk( false );
2325 }
2326
2327 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2328 return;
2329 }
2330
2331 if( $this->isAnon() ) {
2332 // Nothing else to do...
2333 return;
2334 }
2335
2336 // Only update the timestamp if the page is being watched.
2337 // The query to find out if it is watched is cached both in memcached and per-invocation,
2338 // and when it does have to be executed, it can be on a slave
2339 // If this is the user's newtalk page, we always update the timestamp
2340 if( $title->getNamespace() == NS_USER_TALK &&
2341 $title->getText() == $wgUser->getName() )
2342 {
2343 $watched = true;
2344 } elseif ( $this->getId() == $wgUser->getId() ) {
2345 $watched = $title->userIsWatching();
2346 } else {
2347 $watched = true;
2348 }
2349
2350 // If the page is watched by the user (or may be watched), update the timestamp on any
2351 // any matching rows
2352 if ( $watched ) {
2353 $dbw = wfGetDB( DB_MASTER );
2354 $dbw->update( 'watchlist',
2355 array( /* SET */
2356 'wl_notificationtimestamp' => null
2357 ), array( /* WHERE */
2358 'wl_title' => $title->getDBkey(),
2359 'wl_namespace' => $title->getNamespace(),
2360 'wl_user' => $this->getID()
2361 ), __METHOD__
2362 );
2363 }
2364 }
2365
2366 /**
2367 * Resets all of the given user's page-change notification timestamps.
2368 * If e-notif e-mails are on, they will receive notification mails on
2369 * the next change of any watched page.
2370 *
2371 * @param $currentUser \int User ID
2372 */
2373 function clearAllNotifications( $currentUser ) {
2374 global $wgUseEnotif, $wgShowUpdatedMarker;
2375 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2376 $this->setNewtalk( false );
2377 return;
2378 }
2379 if( $currentUser != 0 ) {
2380 $dbw = wfGetDB( DB_MASTER );
2381 $dbw->update( 'watchlist',
2382 array( /* SET */
2383 'wl_notificationtimestamp' => null
2384 ), array( /* WHERE */
2385 'wl_user' => $currentUser
2386 ), __METHOD__
2387 );
2388 # We also need to clear here the "you have new message" notification for the own user_talk page
2389 # This is cleared one page view later in Article::viewUpdates();
2390 }
2391 }
2392
2393 /**
2394 * Set this user's options from an encoded string
2395 * @param $str \string Encoded options to import
2396 * @private
2397 */
2398 function decodeOptions( $str ) {
2399 if( !$str )
2400 return;
2401
2402 $this->mOptionsLoaded = true;
2403 $this->mOptionOverrides = array();
2404
2405 $this->mOptions = array();
2406 $a = explode( "\n", $str );
2407 foreach ( $a as $s ) {
2408 $m = array();
2409 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2410 $this->mOptions[$m[1]] = $m[2];
2411 $this->mOptionOverrides[$m[1]] = $m[2];
2412 }
2413 }
2414 }
2415
2416 /**
2417 * Set a cookie on the user's client. Wrapper for
2418 * WebResponse::setCookie
2419 * @param $name \string Name of the cookie to set
2420 * @param $value \string Value to set
2421 * @param $exp \int Expiration time, as a UNIX time value;
2422 * if 0 or not specified, use the default $wgCookieExpiration
2423 */
2424 protected function setCookie( $name, $value, $exp = 0 ) {
2425 global $wgRequest;
2426 $wgRequest->response()->setcookie( $name, $value, $exp );
2427 }
2428
2429 /**
2430 * Clear a cookie on the user's client
2431 * @param $name \string Name of the cookie to clear
2432 */
2433 protected function clearCookie( $name ) {
2434 $this->setCookie( $name, '', time() - 86400 );
2435 }
2436
2437 /**
2438 * Set the default cookies for this session on the user's client.
2439 */
2440 function setCookies() {
2441 $this->load();
2442 if ( 0 == $this->mId ) return;
2443 $session = array(
2444 'wsUserID' => $this->mId,
2445 'wsToken' => $this->mToken,
2446 'wsUserName' => $this->getName()
2447 );
2448 $cookies = array(
2449 'UserID' => $this->mId,
2450 'UserName' => $this->getName(),
2451 );
2452 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2453 $cookies['Token'] = $this->mToken;
2454 } else {
2455 $cookies['Token'] = false;
2456 }
2457
2458 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2459 #check for null, since the hook could cause a null value
2460 if ( !is_null( $session ) && isset( $_SESSION ) ){
2461 $_SESSION = $session + $_SESSION;
2462 }
2463 foreach ( $cookies as $name => $value ) {
2464 if ( $value === false ) {
2465 $this->clearCookie( $name );
2466 } else {
2467 $this->setCookie( $name, $value );
2468 }
2469 }
2470 }
2471
2472 /**
2473 * Log this user out.
2474 */
2475 function logout() {
2476 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2477 $this->doLogout();
2478 }
2479 }
2480
2481 /**
2482 * Clear the user's cookies and session, and reset the instance cache.
2483 * @private
2484 * @see logout()
2485 */
2486 function doLogout() {
2487 $this->clearInstanceCache( 'defaults' );
2488
2489 $_SESSION['wsUserID'] = 0;
2490
2491 $this->clearCookie( 'UserID' );
2492 $this->clearCookie( 'Token' );
2493
2494 # Remember when user logged out, to prevent seeing cached pages
2495 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2496 }
2497
2498 /**
2499 * Save this user's settings into the database.
2500 * @todo Only rarely do all these fields need to be set!
2501 */
2502 function saveSettings() {
2503 $this->load();
2504 if ( wfReadOnly() ) { return; }
2505 if ( 0 == $this->mId ) { return; }
2506
2507 $this->mTouched = self::newTouchedTimestamp();
2508
2509 $dbw = wfGetDB( DB_MASTER );
2510 $dbw->update( 'user',
2511 array( /* SET */
2512 'user_name' => $this->mName,
2513 'user_password' => $this->mPassword,
2514 'user_newpassword' => $this->mNewpassword,
2515 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2516 'user_real_name' => $this->mRealName,
2517 'user_email' => $this->mEmail,
2518 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2519 'user_options' => '',
2520 'user_touched' => $dbw->timestamp( $this->mTouched ),
2521 'user_token' => $this->mToken,
2522 'user_email_token' => $this->mEmailToken,
2523 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2524 ), array( /* WHERE */
2525 'user_id' => $this->mId
2526 ), __METHOD__
2527 );
2528
2529 $this->saveOptions();
2530
2531 wfRunHooks( 'UserSaveSettings', array( $this ) );
2532 $this->clearSharedCache();
2533 $this->getUserPage()->invalidateCache();
2534 }
2535
2536 /**
2537 * If only this user's username is known, and it exists, return the user ID.
2538 */
2539 function idForName() {
2540 $s = trim( $this->getName() );
2541 if ( $s === '' ) return 0;
2542
2543 $dbr = wfGetDB( DB_SLAVE );
2544 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2545 if ( $id === false ) {
2546 $id = 0;
2547 }
2548 return $id;
2549 }
2550
2551 /**
2552 * Add a user to the database, return the user object
2553 *
2554 * @param $name \string Username to add
2555 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2556 * - password The user's password. Password logins will be disabled if this is omitted.
2557 * - newpassword A temporary password mailed to the user
2558 * - email The user's email address
2559 * - email_authenticated The email authentication timestamp
2560 * - real_name The user's real name
2561 * - options An associative array of non-default options
2562 * - token Random authentication token. Do not set.
2563 * - registration Registration timestamp. Do not set.
2564 *
2565 * @return \type{User} A new User object, or null if the username already exists
2566 */
2567 static function createNew( $name, $params = array() ) {
2568 $user = new User;
2569 $user->load();
2570 if ( isset( $params['options'] ) ) {
2571 $user->mOptions = $params['options'] + (array)$user->mOptions;
2572 unset( $params['options'] );
2573 }
2574 $dbw = wfGetDB( DB_MASTER );
2575 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2576 $fields = array(
2577 'user_id' => $seqVal,
2578 'user_name' => $name,
2579 'user_password' => $user->mPassword,
2580 'user_newpassword' => $user->mNewpassword,
2581 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2582 'user_email' => $user->mEmail,
2583 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2584 'user_real_name' => $user->mRealName,
2585 'user_options' => '',
2586 'user_token' => $user->mToken,
2587 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2588 'user_editcount' => 0,
2589 );
2590 foreach ( $params as $name => $value ) {
2591 $fields["user_$name"] = $value;
2592 }
2593 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2594 if ( $dbw->affectedRows() ) {
2595 $newUser = User::newFromId( $dbw->insertId() );
2596 } else {
2597 $newUser = null;
2598 }
2599 return $newUser;
2600 }
2601
2602 /**
2603 * Add this existing user object to the database
2604 */
2605 function addToDatabase() {
2606 $this->load();
2607 $dbw = wfGetDB( DB_MASTER );
2608 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2609 $dbw->insert( 'user',
2610 array(
2611 'user_id' => $seqVal,
2612 'user_name' => $this->mName,
2613 'user_password' => $this->mPassword,
2614 'user_newpassword' => $this->mNewpassword,
2615 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2616 'user_email' => $this->mEmail,
2617 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2618 'user_real_name' => $this->mRealName,
2619 'user_options' => '',
2620 'user_token' => $this->mToken,
2621 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2622 'user_editcount' => 0,
2623 ), __METHOD__
2624 );
2625 $this->mId = $dbw->insertId();
2626
2627 // Clear instance cache other than user table data, which is already accurate
2628 $this->clearInstanceCache();
2629
2630 $this->saveOptions();
2631 }
2632
2633 /**
2634 * If this (non-anonymous) user is blocked, block any IP address
2635 * they've successfully logged in from.
2636 */
2637 function spreadBlock() {
2638 wfDebug( __METHOD__ . "()\n" );
2639 $this->load();
2640 if ( $this->mId == 0 ) {
2641 return;
2642 }
2643
2644 $userblock = Block::newFromDB( '', $this->mId );
2645 if ( !$userblock ) {
2646 return;
2647 }
2648
2649 $userblock->doAutoblock( wfGetIP() );
2650 }
2651
2652 /**
2653 * Generate a string which will be different for any combination of
2654 * user options which would produce different parser output.
2655 * This will be used as part of the hash key for the parser cache,
2656 * so users with the same options can share the same cached data
2657 * safely.
2658 *
2659 * Extensions which require it should install 'PageRenderingHash' hook,
2660 * which will give them a chance to modify this key based on their own
2661 * settings.
2662 *
2663 * @return \string Page rendering hash
2664 */
2665 function getPageRenderingHash() {
2666 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2667 if( $this->mHash ){
2668 return $this->mHash;
2669 }
2670
2671 // stubthreshold is only included below for completeness,
2672 // it will always be 0 when this function is called by parsercache.
2673
2674 $confstr = $this->getOption( 'math' );
2675 $confstr .= '!' . $this->getOption( 'stubthreshold' );
2676 if ( $wgUseDynamicDates ) {
2677 $confstr .= '!' . $this->getDatePreference();
2678 }
2679 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2680 $confstr .= '!' . $wgLang->getCode();
2681 $confstr .= '!' . $this->getOption( 'thumbsize' );
2682 // add in language specific options, if any
2683 $extra = $wgContLang->getExtraHashOptions();
2684 $confstr .= $extra;
2685
2686 $confstr .= $wgRenderHashAppend;
2687
2688 // Give a chance for extensions to modify the hash, if they have
2689 // extra options or other effects on the parser cache.
2690 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2691
2692 // Make it a valid memcached key fragment
2693 $confstr = str_replace( ' ', '_', $confstr );
2694 $this->mHash = $confstr;
2695 return $confstr;
2696 }
2697
2698 /**
2699 * Get whether the user is explicitly blocked from account creation.
2700 * @return \bool True if blocked
2701 */
2702 function isBlockedFromCreateAccount() {
2703 $this->getBlockedStatus();
2704 return $this->mBlock && $this->mBlock->mCreateAccount;
2705 }
2706
2707 /**
2708 * Get whether the user is blocked from using Special:Emailuser.
2709 * @return \bool True if blocked
2710 */
2711 function isBlockedFromEmailuser() {
2712 $this->getBlockedStatus();
2713 return $this->mBlock && $this->mBlock->mBlockEmail;
2714 }
2715
2716 /**
2717 * Get whether the user is allowed to create an account.
2718 * @return \bool True if allowed
2719 */
2720 function isAllowedToCreateAccount() {
2721 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2722 }
2723
2724 /**
2725 * @deprecated
2726 */
2727 function setLoaded( $loaded ) {
2728 wfDeprecated( __METHOD__ );
2729 }
2730
2731 /**
2732 * Get this user's personal page title.
2733 *
2734 * @return \type{Title} User's personal page title
2735 */
2736 function getUserPage() {
2737 return Title::makeTitle( NS_USER, $this->getName() );
2738 }
2739
2740 /**
2741 * Get this user's talk page title.
2742 *
2743 * @return \type{Title} User's talk page title
2744 */
2745 function getTalkPage() {
2746 $title = $this->getUserPage();
2747 return $title->getTalkPage();
2748 }
2749
2750 /**
2751 * Get the maximum valid user ID.
2752 * @return \int User ID
2753 * @static
2754 */
2755 function getMaxID() {
2756 static $res; // cache
2757
2758 if ( isset( $res ) )
2759 return $res;
2760 else {
2761 $dbr = wfGetDB( DB_SLAVE );
2762 return $res = $dbr->selectField( 'user', 'max(user_id)', false, 'User::getMaxID' );
2763 }
2764 }
2765
2766 /**
2767 * Determine whether the user is a newbie. Newbies are either
2768 * anonymous IPs, or the most recently created accounts.
2769 * @return \bool True if the user is a newbie
2770 */
2771 function isNewbie() {
2772 return !$this->isAllowed( 'autoconfirmed' );
2773 }
2774
2775 /**
2776 * Check to see if the given clear-text password is one of the accepted passwords
2777 * @param $password \string user password.
2778 * @return \bool True if the given password is correct, otherwise False.
2779 */
2780 function checkPassword( $password ) {
2781 global $wgAuth;
2782 $this->load();
2783
2784 // Even though we stop people from creating passwords that
2785 // are shorter than this, doesn't mean people wont be able
2786 // to. Certain authentication plugins do NOT want to save
2787 // domain passwords in a mysql database, so we should
2788 // check this (incase $wgAuth->strict() is false).
2789 if( !$this->isValidPassword( $password ) ) {
2790 return false;
2791 }
2792
2793 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2794 return true;
2795 } elseif( $wgAuth->strict() ) {
2796 /* Auth plugin doesn't allow local authentication */
2797 return false;
2798 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2799 /* Auth plugin doesn't allow local authentication for this user name */
2800 return false;
2801 }
2802 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2803 return true;
2804 } elseif ( function_exists( 'iconv' ) ) {
2805 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2806 # Check for this with iconv
2807 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2808 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2809 return true;
2810 }
2811 }
2812 return false;
2813 }
2814
2815 /**
2816 * Check if the given clear-text password matches the temporary password
2817 * sent by e-mail for password reset operations.
2818 * @return \bool True if matches, false otherwise
2819 */
2820 function checkTemporaryPassword( $plaintext ) {
2821 global $wgNewPasswordExpiry;
2822 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2823 $this->load();
2824 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2825 return ( time() < $expiry );
2826 } else {
2827 return false;
2828 }
2829 }
2830
2831 /**
2832 * Initialize (if necessary) and return a session token value
2833 * which can be used in edit forms to show that the user's
2834 * login credentials aren't being hijacked with a foreign form
2835 * submission.
2836 *
2837 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2838 * @return \string The new edit token
2839 */
2840 function editToken( $salt = '' ) {
2841 if ( $this->isAnon() ) {
2842 return EDIT_TOKEN_SUFFIX;
2843 } else {
2844 if( !isset( $_SESSION['wsEditToken'] ) ) {
2845 $token = $this->generateToken();
2846 $_SESSION['wsEditToken'] = $token;
2847 } else {
2848 $token = $_SESSION['wsEditToken'];
2849 }
2850 if( is_array( $salt ) ) {
2851 $salt = implode( '|', $salt );
2852 }
2853 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2854 }
2855 }
2856
2857 /**
2858 * Generate a looking random token for various uses.
2859 *
2860 * @param $salt \string Optional salt value
2861 * @return \string The new random token
2862 */
2863 function generateToken( $salt = '' ) {
2864 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2865 return md5( $token . $salt );
2866 }
2867
2868 /**
2869 * Check given value against the token value stored in the session.
2870 * A match should confirm that the form was submitted from the
2871 * user's own login session, not a form submission from a third-party
2872 * site.
2873 *
2874 * @param $val \string Input value to compare
2875 * @param $salt \string Optional function-specific data for hashing
2876 * @return \bool Whether the token matches
2877 */
2878 function matchEditToken( $val, $salt = '' ) {
2879 $sessionToken = $this->editToken( $salt );
2880 if ( $val != $sessionToken ) {
2881 wfDebug( "User::matchEditToken: broken session data\n" );
2882 }
2883 return $val == $sessionToken;
2884 }
2885
2886 /**
2887 * Check given value against the token value stored in the session,
2888 * ignoring the suffix.
2889 *
2890 * @param $val \string Input value to compare
2891 * @param $salt \string Optional function-specific data for hashing
2892 * @return \bool Whether the token matches
2893 */
2894 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2895 $sessionToken = $this->editToken( $salt );
2896 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2897 }
2898
2899 /**
2900 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2901 * mail to the user's given address.
2902 *
2903 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2904 */
2905 function sendConfirmationMail() {
2906 global $wgLang;
2907 $expiration = null; // gets passed-by-ref and defined in next line.
2908 $token = $this->confirmationToken( $expiration );
2909 $url = $this->confirmationTokenUrl( $token );
2910 $invalidateURL = $this->invalidationTokenUrl( $token );
2911 $this->saveSettings();
2912
2913 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2914 wfMsg( 'confirmemail_body',
2915 wfGetIP(),
2916 $this->getName(),
2917 $url,
2918 $wgLang->timeanddate( $expiration, false ),
2919 $invalidateURL,
2920 $wgLang->date( $expiration, false ),
2921 $wgLang->time( $expiration, false ) ) );
2922 }
2923
2924 /**
2925 * Send an e-mail to this user's account. Does not check for
2926 * confirmed status or validity.
2927 *
2928 * @param $subject \string Message subject
2929 * @param $body \string Message body
2930 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2931 * @param $replyto \string Reply-To address
2932 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2933 */
2934 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2935 if( is_null( $from ) ) {
2936 global $wgPasswordSender;
2937 $from = $wgPasswordSender;
2938 }
2939
2940 $to = new MailAddress( $this );
2941 $sender = new MailAddress( $from );
2942 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2943 }
2944
2945 /**
2946 * Generate, store, and return a new e-mail confirmation code.
2947 * A hash (unsalted, since it's used as a key) is stored.
2948 *
2949 * @note Call saveSettings() after calling this function to commit
2950 * this change to the database.
2951 *
2952 * @param[out] &$expiration \mixed Accepts the expiration time
2953 * @return \string New token
2954 * @private
2955 */
2956 function confirmationToken( &$expiration ) {
2957 $now = time();
2958 $expires = $now + 7 * 24 * 60 * 60;
2959 $expiration = wfTimestamp( TS_MW, $expires );
2960 $token = $this->generateToken( $this->mId . $this->mEmail . $expires );
2961 $hash = md5( $token );
2962 $this->load();
2963 $this->mEmailToken = $hash;
2964 $this->mEmailTokenExpires = $expiration;
2965 return $token;
2966 }
2967
2968 /**
2969 * Return a URL the user can use to confirm their email address.
2970 * @param $token \string Accepts the email confirmation token
2971 * @return \string New token URL
2972 * @private
2973 */
2974 function confirmationTokenUrl( $token ) {
2975 return $this->getTokenUrl( 'ConfirmEmail', $token );
2976 }
2977
2978 /**
2979 * Return a URL the user can use to invalidate their email address.
2980 * @param $token \string Accepts the email confirmation token
2981 * @return \string New token URL
2982 * @private
2983 */
2984 function invalidationTokenUrl( $token ) {
2985 return $this->getTokenUrl( 'Invalidateemail', $token );
2986 }
2987
2988 /**
2989 * Internal function to format the e-mail validation/invalidation URLs.
2990 * This uses $wgArticlePath directly as a quickie hack to use the
2991 * hardcoded English names of the Special: pages, for ASCII safety.
2992 *
2993 * @note Since these URLs get dropped directly into emails, using the
2994 * short English names avoids insanely long URL-encoded links, which
2995 * also sometimes can get corrupted in some browsers/mailers
2996 * (bug 6957 with Gmail and Internet Explorer).
2997 *
2998 * @param $page \string Special page
2999 * @param $token \string Token
3000 * @return \string Formatted URL
3001 */
3002 protected function getTokenUrl( $page, $token ) {
3003 global $wgArticlePath;
3004 return wfExpandUrl(
3005 str_replace(
3006 '$1',
3007 "Special:$page/$token",
3008 $wgArticlePath ) );
3009 }
3010
3011 /**
3012 * Mark the e-mail address confirmed.
3013 *
3014 * @note Call saveSettings() after calling this function to commit the change.
3015 */
3016 function confirmEmail() {
3017 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3018 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3019 return true;
3020 }
3021
3022 /**
3023 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3024 * address if it was already confirmed.
3025 *
3026 * @note Call saveSettings() after calling this function to commit the change.
3027 */
3028 function invalidateEmail() {
3029 $this->load();
3030 $this->mEmailToken = null;
3031 $this->mEmailTokenExpires = null;
3032 $this->setEmailAuthenticationTimestamp( null );
3033 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3034 return true;
3035 }
3036
3037 /**
3038 * Set the e-mail authentication timestamp.
3039 * @param $timestamp \string TS_MW timestamp
3040 */
3041 function setEmailAuthenticationTimestamp( $timestamp ) {
3042 $this->load();
3043 $this->mEmailAuthenticated = $timestamp;
3044 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3045 }
3046
3047 /**
3048 * Is this user allowed to send e-mails within limits of current
3049 * site configuration?
3050 * @return \bool True if allowed
3051 */
3052 function canSendEmail() {
3053 global $wgEnableEmail, $wgEnableUserEmail, $wgUser;
3054 if( !$wgEnableEmail || !$wgEnableUserEmail || !$wgUser->isAllowed( 'sendemail' ) ) {
3055 return false;
3056 }
3057 $canSend = $this->isEmailConfirmed();
3058 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3059 return $canSend;
3060 }
3061
3062 /**
3063 * Is this user allowed to receive e-mails within limits of current
3064 * site configuration?
3065 * @return \bool True if allowed
3066 */
3067 function canReceiveEmail() {
3068 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3069 }
3070
3071 /**
3072 * Is this user's e-mail address valid-looking and confirmed within
3073 * limits of the current site configuration?
3074 *
3075 * @note If $wgEmailAuthentication is on, this may require the user to have
3076 * confirmed their address by returning a code or using a password
3077 * sent to the address from the wiki.
3078 *
3079 * @return \bool True if confirmed
3080 */
3081 function isEmailConfirmed() {
3082 global $wgEmailAuthentication;
3083 $this->load();
3084 $confirmed = true;
3085 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3086 if( $this->isAnon() )
3087 return false;
3088 if( !self::isValidEmailAddr( $this->mEmail ) )
3089 return false;
3090 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3091 return false;
3092 return true;
3093 } else {
3094 return $confirmed;
3095 }
3096 }
3097
3098 /**
3099 * Check whether there is an outstanding request for e-mail confirmation.
3100 * @return \bool True if pending
3101 */
3102 function isEmailConfirmationPending() {
3103 global $wgEmailAuthentication;
3104 return $wgEmailAuthentication &&
3105 !$this->isEmailConfirmed() &&
3106 $this->mEmailToken &&
3107 $this->mEmailTokenExpires > wfTimestamp();
3108 }
3109
3110 /**
3111 * Get the timestamp of account creation.
3112 *
3113 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3114 * non-existent/anonymous user accounts.
3115 */
3116 public function getRegistration() {
3117 return $this->getId() > 0
3118 ? $this->mRegistration
3119 : false;
3120 }
3121
3122 /**
3123 * Get the timestamp of the first edit
3124 *
3125 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3126 * non-existent/anonymous user accounts.
3127 */
3128 public function getFirstEditTimestamp() {
3129 if( $this->getId() == 0 ) return false; // anons
3130 $dbr = wfGetDB( DB_SLAVE );
3131 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3132 array( 'rev_user' => $this->getId() ),
3133 __METHOD__,
3134 array( 'ORDER BY' => 'rev_timestamp ASC' )
3135 );
3136 if( !$time ) return false; // no edits
3137 return wfTimestamp( TS_MW, $time );
3138 }
3139
3140 /**
3141 * Get the permissions associated with a given list of groups
3142 *
3143 * @param $groups \type{\arrayof{\string}} List of internal group names
3144 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3145 */
3146 static function getGroupPermissions( $groups ) {
3147 global $wgGroupPermissions, $wgRevokePermissions;
3148 $rights = array();
3149 // grant every granted permission first
3150 foreach( $groups as $group ) {
3151 if( isset( $wgGroupPermissions[$group] ) ) {
3152 $rights = array_merge( $rights,
3153 // array_filter removes empty items
3154 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3155 }
3156 }
3157 // now revoke the revoked permissions
3158 foreach( $groups as $group ) {
3159 if( isset( $wgRevokePermissions[$group] ) ) {
3160 $rights = array_diff( $rights,
3161 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3162 }
3163 }
3164 return array_unique( $rights );
3165 }
3166
3167 /**
3168 * Get all the groups who have a given permission
3169 *
3170 * @param $role \string Role to check
3171 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3172 */
3173 static function getGroupsWithPermission( $role ) {
3174 global $wgGroupPermissions;
3175 $allowedGroups = array();
3176 foreach ( $wgGroupPermissions as $group => $rights ) {
3177 if ( isset( $rights[$role] ) && $rights[$role] ) {
3178 $allowedGroups[] = $group;
3179 }
3180 }
3181 return $allowedGroups;
3182 }
3183
3184 /**
3185 * Get the localized descriptive name for a group, if it exists
3186 *
3187 * @param $group \string Internal group name
3188 * @return \string Localized descriptive group name
3189 */
3190 static function getGroupName( $group ) {
3191 global $wgMessageCache;
3192 $wgMessageCache->loadAllMessages();
3193 $key = "group-$group";
3194 $name = wfMsg( $key );
3195 return $name == '' || wfEmptyMsg( $key, $name )
3196 ? $group
3197 : $name;
3198 }
3199
3200 /**
3201 * Get the localized descriptive name for a member of a group, if it exists
3202 *
3203 * @param $group \string Internal group name
3204 * @return \string Localized name for group member
3205 */
3206 static function getGroupMember( $group ) {
3207 global $wgMessageCache;
3208 $wgMessageCache->loadAllMessages();
3209 $key = "group-$group-member";
3210 $name = wfMsg( $key );
3211 return $name == '' || wfEmptyMsg( $key, $name )
3212 ? $group
3213 : $name;
3214 }
3215
3216 /**
3217 * Return the set of defined explicit groups.
3218 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3219 * are not included, as they are defined automatically, not in the database.
3220 * @return \type{\arrayof{\string}} Array of internal group names
3221 */
3222 static function getAllGroups() {
3223 global $wgGroupPermissions, $wgRevokePermissions;
3224 return array_diff(
3225 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3226 self::getImplicitGroups()
3227 );
3228 }
3229
3230 /**
3231 * Get a list of all available permissions.
3232 * @return \type{\arrayof{\string}} Array of permission names
3233 */
3234 static function getAllRights() {
3235 if ( self::$mAllRights === false ) {
3236 global $wgAvailableRights;
3237 if ( count( $wgAvailableRights ) ) {
3238 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3239 } else {
3240 self::$mAllRights = self::$mCoreRights;
3241 }
3242 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3243 }
3244 return self::$mAllRights;
3245 }
3246
3247 /**
3248 * Get a list of implicit groups
3249 * @return \type{\arrayof{\string}} Array of internal group names
3250 */
3251 public static function getImplicitGroups() {
3252 global $wgImplicitGroups;
3253 $groups = $wgImplicitGroups;
3254 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3255 return $groups;
3256 }
3257
3258 /**
3259 * Get the title of a page describing a particular group
3260 *
3261 * @param $group \string Internal group name
3262 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3263 */
3264 static function getGroupPage( $group ) {
3265 global $wgMessageCache;
3266 $wgMessageCache->loadAllMessages();
3267 $page = wfMsgForContent( 'grouppage-' . $group );
3268 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3269 $title = Title::newFromText( $page );
3270 if( is_object( $title ) )
3271 return $title;
3272 }
3273 return false;
3274 }
3275
3276 /**
3277 * Create a link to the group in HTML, if available;
3278 * else return the group name.
3279 *
3280 * @param $group \string Internal name of the group
3281 * @param $text \string The text of the link
3282 * @return \string HTML link to the group
3283 */
3284 static function makeGroupLinkHTML( $group, $text = '' ) {
3285 if( $text == '' ) {
3286 $text = self::getGroupName( $group );
3287 }
3288 $title = self::getGroupPage( $group );
3289 if( $title ) {
3290 global $wgUser;
3291 $sk = $wgUser->getSkin();
3292 return $sk->link( $title, htmlspecialchars( $text ) );
3293 } else {
3294 return $text;
3295 }
3296 }
3297
3298 /**
3299 * Create a link to the group in Wikitext, if available;
3300 * else return the group name.
3301 *
3302 * @param $group \string Internal name of the group
3303 * @param $text \string The text of the link
3304 * @return \string Wikilink to the group
3305 */
3306 static function makeGroupLinkWiki( $group, $text = '' ) {
3307 if( $text == '' ) {
3308 $text = self::getGroupName( $group );
3309 }
3310 $title = self::getGroupPage( $group );
3311 if( $title ) {
3312 $page = $title->getPrefixedText();
3313 return "[[$page|$text]]";
3314 } else {
3315 return $text;
3316 }
3317 }
3318
3319 /**
3320 * Returns an array of the groups that a particular group can add/remove.
3321 *
3322 * @param $group String: the group to check for whether it can add/remove
3323 * @return Array array( 'add' => array( addablegroups ),
3324 * 'remove' => array( removablegroups ),
3325 * 'add-self' => array( addablegroups to self),
3326 * 'remove-self' => array( removable groups from self) )
3327 */
3328 static function changeableByGroup( $group ) {
3329 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3330
3331 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3332 if( empty( $wgAddGroups[$group] ) ) {
3333 // Don't add anything to $groups
3334 } elseif( $wgAddGroups[$group] === true ) {
3335 // You get everything
3336 $groups['add'] = self::getAllGroups();
3337 } elseif( is_array( $wgAddGroups[$group] ) ) {
3338 $groups['add'] = $wgAddGroups[$group];
3339 }
3340
3341 // Same thing for remove
3342 if( empty( $wgRemoveGroups[$group] ) ) {
3343 } elseif( $wgRemoveGroups[$group] === true ) {
3344 $groups['remove'] = self::getAllGroups();
3345 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3346 $groups['remove'] = $wgRemoveGroups[$group];
3347 }
3348
3349 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3350 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3351 foreach( $wgGroupsAddToSelf as $key => $value ) {
3352 if( is_int( $key ) ) {
3353 $wgGroupsAddToSelf['user'][] = $value;
3354 }
3355 }
3356 }
3357
3358 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3359 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3360 if( is_int( $key ) ) {
3361 $wgGroupsRemoveFromSelf['user'][] = $value;
3362 }
3363 }
3364 }
3365
3366 // Now figure out what groups the user can add to him/herself
3367 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3368 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3369 // No idea WHY this would be used, but it's there
3370 $groups['add-self'] = User::getAllGroups();
3371 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3372 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3373 }
3374
3375 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3376 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3377 $groups['remove-self'] = User::getAllGroups();
3378 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3379 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3380 }
3381
3382 return $groups;
3383 }
3384
3385 /**
3386 * Returns an array of groups that this user can add and remove
3387 * @return Array array( 'add' => array( addablegroups ),
3388 * 'remove' => array( removablegroups ),
3389 * 'add-self' => array( addablegroups to self),
3390 * 'remove-self' => array( removable groups from self) )
3391 */
3392 function changeableGroups() {
3393 if( $this->isAllowed( 'userrights' ) ) {
3394 // This group gives the right to modify everything (reverse-
3395 // compatibility with old "userrights lets you change
3396 // everything")
3397 // Using array_merge to make the groups reindexed
3398 $all = array_merge( User::getAllGroups() );
3399 return array(
3400 'add' => $all,
3401 'remove' => $all,
3402 'add-self' => array(),
3403 'remove-self' => array()
3404 );
3405 }
3406
3407 // Okay, it's not so simple, we will have to go through the arrays
3408 $groups = array(
3409 'add' => array(),
3410 'remove' => array(),
3411 'add-self' => array(),
3412 'remove-self' => array()
3413 );
3414 $addergroups = $this->getEffectiveGroups();
3415
3416 foreach( $addergroups as $addergroup ) {
3417 $groups = array_merge_recursive(
3418 $groups, $this->changeableByGroup( $addergroup )
3419 );
3420 $groups['add'] = array_unique( $groups['add'] );
3421 $groups['remove'] = array_unique( $groups['remove'] );
3422 $groups['add-self'] = array_unique( $groups['add-self'] );
3423 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3424 }
3425 return $groups;
3426 }
3427
3428 /**
3429 * Increment the user's edit-count field.
3430 * Will have no effect for anonymous users.
3431 */
3432 function incEditCount() {
3433 if( !$this->isAnon() ) {
3434 $dbw = wfGetDB( DB_MASTER );
3435 $dbw->update( 'user',
3436 array( 'user_editcount=user_editcount+1' ),
3437 array( 'user_id' => $this->getId() ),
3438 __METHOD__ );
3439
3440 // Lazy initialization check...
3441 if( $dbw->affectedRows() == 0 ) {
3442 // Pull from a slave to be less cruel to servers
3443 // Accuracy isn't the point anyway here
3444 $dbr = wfGetDB( DB_SLAVE );
3445 $count = $dbr->selectField( 'revision',
3446 'COUNT(rev_user)',
3447 array( 'rev_user' => $this->getId() ),
3448 __METHOD__ );
3449
3450 // Now here's a goddamn hack...
3451 if( $dbr !== $dbw ) {
3452 // If we actually have a slave server, the count is
3453 // at least one behind because the current transaction
3454 // has not been committed and replicated.
3455 $count++;
3456 } else {
3457 // But if DB_SLAVE is selecting the master, then the
3458 // count we just read includes the revision that was
3459 // just added in the working transaction.
3460 }
3461
3462 $dbw->update( 'user',
3463 array( 'user_editcount' => $count ),
3464 array( 'user_id' => $this->getId() ),
3465 __METHOD__ );
3466 }
3467 }
3468 // edit count in user cache too
3469 $this->invalidateCache();
3470 }
3471
3472 /**
3473 * Get the description of a given right
3474 *
3475 * @param $right \string Right to query
3476 * @return \string Localized description of the right
3477 */
3478 static function getRightDescription( $right ) {
3479 global $wgMessageCache;
3480 $wgMessageCache->loadAllMessages();
3481 $key = "right-$right";
3482 $name = wfMsg( $key );
3483 return $name == '' || wfEmptyMsg( $key, $name )
3484 ? $right
3485 : $name;
3486 }
3487
3488 /**
3489 * Make an old-style password hash
3490 *
3491 * @param $password \string Plain-text password
3492 * @param $userId \string User ID
3493 * @return \string Password hash
3494 */
3495 static function oldCrypt( $password, $userId ) {
3496 global $wgPasswordSalt;
3497 if ( $wgPasswordSalt ) {
3498 return md5( $userId . '-' . md5( $password ) );
3499 } else {
3500 return md5( $password );
3501 }
3502 }
3503
3504 /**
3505 * Make a new-style password hash
3506 *
3507 * @param $password \string Plain-text password
3508 * @param $salt \string Optional salt, may be random or the user ID.
3509 * If unspecified or false, will generate one automatically
3510 * @return \string Password hash
3511 */
3512 static function crypt( $password, $salt = false ) {
3513 global $wgPasswordSalt;
3514
3515 $hash = '';
3516 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3517 return $hash;
3518 }
3519
3520 if( $wgPasswordSalt ) {
3521 if ( $salt === false ) {
3522 $salt = substr( wfGenerateToken(), 0, 8 );
3523 }
3524 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3525 } else {
3526 return ':A:' . md5( $password );
3527 }
3528 }
3529
3530 /**
3531 * Compare a password hash with a plain-text password. Requires the user
3532 * ID if there's a chance that the hash is an old-style hash.
3533 *
3534 * @param $hash \string Password hash
3535 * @param $password \string Plain-text password to compare
3536 * @param $userId \string User ID for old-style password salt
3537 * @return \bool
3538 */
3539 static function comparePasswords( $hash, $password, $userId = false ) {
3540 $m = false;
3541 $type = substr( $hash, 0, 3 );
3542
3543 $result = false;
3544 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3545 return $result;
3546 }
3547
3548 if ( $type == ':A:' ) {
3549 # Unsalted
3550 return md5( $password ) === substr( $hash, 3 );
3551 } elseif ( $type == ':B:' ) {
3552 # Salted
3553 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3554 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3555 } else {
3556 # Old-style
3557 return self::oldCrypt( $password, $userId ) === $hash;
3558 }
3559 }
3560
3561 /**
3562 * Add a newuser log entry for this user
3563 * @param $byEmail Boolean: account made by email?
3564 */
3565 public function addNewUserLogEntry( $byEmail = false ) {
3566 global $wgUser, $wgNewUserLog;
3567 if( empty( $wgNewUserLog ) ) {
3568 return true; // disabled
3569 }
3570
3571 if( $this->getName() == $wgUser->getName() ) {
3572 $action = 'create';
3573 $message = '';
3574 } else {
3575 $action = 'create2';
3576 $message = $byEmail
3577 ? wfMsgForContent( 'newuserlog-byemail' )
3578 : '';
3579 }
3580 $log = new LogPage( 'newusers' );
3581 $log->addEntry(
3582 $action,
3583 $this->getUserPage(),
3584 $message,
3585 array( $this->getId() )
3586 );
3587 return true;
3588 }
3589
3590 /**
3591 * Add an autocreate newuser log entry for this user
3592 * Used by things like CentralAuth and perhaps other authplugins.
3593 */
3594 public function addNewUserLogEntryAutoCreate() {
3595 global $wgNewUserLog;
3596 if( empty( $wgNewUserLog ) ) {
3597 return true; // disabled
3598 }
3599 $log = new LogPage( 'newusers', false );
3600 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3601 return true;
3602 }
3603
3604 protected function loadOptions() {
3605 $this->load();
3606 if ( $this->mOptionsLoaded || !$this->getId() )
3607 return;
3608
3609 $this->mOptions = self::getDefaultOptions();
3610
3611 // Maybe load from the object
3612 if ( !is_null( $this->mOptionOverrides ) ) {
3613 wfDebug( "Loading options for user " . $this->getId() . " from override cache.\n" );
3614 foreach( $this->mOptionOverrides as $key => $value ) {
3615 $this->mOptions[$key] = $value;
3616 }
3617 } else {
3618 wfDebug( "Loading options for user " . $this->getId() . " from database.\n" );
3619 // Load from database
3620 $dbr = wfGetDB( DB_SLAVE );
3621
3622 $res = $dbr->select(
3623 'user_properties',
3624 '*',
3625 array( 'up_user' => $this->getId() ),
3626 __METHOD__
3627 );
3628
3629 while( $row = $dbr->fetchObject( $res ) ) {
3630 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3631 $this->mOptions[$row->up_property] = $row->up_value;
3632 }
3633 }
3634
3635 $this->mOptionsLoaded = true;
3636
3637 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3638 }
3639
3640 protected function saveOptions() {
3641 global $wgAllowPrefChange;
3642
3643 $extuser = ExternalUser::newFromUser( $this );
3644
3645 $this->loadOptions();
3646 $dbw = wfGetDB( DB_MASTER );
3647
3648 $insert_rows = array();
3649
3650 $saveOptions = $this->mOptions;
3651
3652 // Allow hooks to abort, for instance to save to a global profile.
3653 // Reset options to default state before saving.
3654 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3655 return;
3656
3657 foreach( $saveOptions as $key => $value ) {
3658 # Don't bother storing default values
3659 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3660 !( $value === false || is_null($value) ) ) ||
3661 $value != self::getDefaultOption( $key ) ) {
3662 $insert_rows[] = array(
3663 'up_user' => $this->getId(),
3664 'up_property' => $key,
3665 'up_value' => $value,
3666 );
3667 }
3668 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3669 switch ( $wgAllowPrefChange[$key] ) {
3670 case 'local':
3671 case 'message':
3672 break;
3673 case 'semiglobal':
3674 case 'global':
3675 $extuser->setPref( $key, $value );
3676 }
3677 }
3678 }
3679
3680 $dbw->begin();
3681 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3682 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3683 $dbw->commit();
3684 }
3685
3686 /**
3687 * Provide an array of HTML5 attributes to put on an input element
3688 * intended for the user to enter a new password. This may include
3689 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3690 *
3691 * Do *not* use this when asking the user to enter his current password!
3692 * Regardless of configuration, users may have invalid passwords for whatever
3693 * reason (e.g., they were set before requirements were tightened up).
3694 * Only use it when asking for a new password, like on account creation or
3695 * ResetPass.
3696 *
3697 * Obviously, you still need to do server-side checking.
3698 *
3699 * @return array Array of HTML attributes suitable for feeding to
3700 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3701 * That will potentially output invalid XHTML 1.0 Transitional, and will
3702 * get confused by the boolean attribute syntax used.)
3703 */
3704 public static function passwordChangeInputAttribs() {
3705 global $wgMinimalPasswordLength;
3706
3707 if ( $wgMinimalPasswordLength == 0 ) {
3708 return array();
3709 }
3710
3711 # Note that the pattern requirement will always be satisfied if the
3712 # input is empty, so we need required in all cases.
3713 $ret = array( 'required' );
3714
3715 # We can't actually do this right now, because Opera 9.6 will print out
3716 # the entered password visibly in its error message! When other
3717 # browsers add support for this attribute, or Opera fixes its support,
3718 # we can add support with a version check to avoid doing this on Opera
3719 # versions where it will be a problem. Reported to Opera as
3720 # DSK-262266, but they don't have a public bug tracker for us to follow.
3721 /*
3722 if ( $wgMinimalPasswordLength > 1 ) {
3723 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3724 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3725 $wgMinimalPasswordLength );
3726 }
3727 */
3728
3729 return $ret;
3730 }
3731 }
MediaWiki Core