search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "(bug 40098) Don't parse the section's name in the summary when creating a...
[mediawiki.git] / includes / User.php
blob0a3db4c07ce066233a0d9a98de0f946afadcb5d3
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
27 define( 'USER_TOKEN_LENGTH', 32 );
28
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
33 define( 'MW_USER_VERSION', 8 );
34
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
40
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
45 class PasswordError extends MWException {
46 // NOP
47 }
48
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
67
68 /**
69 * Maximum items in $mWatchedItems
70 */
71 const MAX_WATCHED_ITEMS_CACHE = 100;
72
73 /**
74 * Array of Strings List of member variables which are saved to the
75 * shared cache (memcached). Any operation which changes the
76 * corresponding database fields must call a cache-clearing function.
77 * @showinitializer
78 */
79 static $mCacheVars = array(
80 // user table
81 'mId',
82 'mName',
83 'mRealName',
84 'mPassword',
85 'mNewpassword',
86 'mNewpassTime',
87 'mEmail',
88 'mTouched',
89 'mToken',
90 'mEmailAuthenticated',
91 'mEmailToken',
92 'mEmailTokenExpires',
93 'mRegistration',
94 'mEditCount',
95 // user_groups table
96 'mGroups',
97 // user_properties table
98 'mOptionOverrides',
99 );
100
101 /**
102 * Array of Strings Core rights.
103 * Each of these should have a corresponding message of the form
104 * "right-$right".
105 * @showinitializer
106 */
107 static $mCoreRights = array(
108 'apihighlimits',
109 'autoconfirmed',
110 'autopatrol',
111 'bigdelete',
112 'block',
113 'blockemail',
114 'bot',
115 'browsearchive',
116 'createaccount',
117 'createpage',
118 'createtalk',
119 'delete',
120 'deletedhistory',
121 'deletedtext',
122 'deletelogentry',
123 'deleterevision',
124 'edit',
125 'editinterface',
126 'editprotected',
127 'editusercssjs', #deprecated
128 'editusercss',
129 'edituserjs',
130 'hideuser',
131 'import',
132 'importupload',
133 'ipblock-exempt',
134 'markbotedits',
135 'mergehistory',
136 'minoredit',
137 'move',
138 'movefile',
139 'move-rootuserpages',
140 'move-subpages',
141 'nominornewtalk',
142 'noratelimit',
143 'override-export-depth',
144 'passwordreset',
145 'patrol',
146 'patrolmarks',
147 'protect',
148 'proxyunbannable',
149 'purge',
150 'read',
151 'reupload',
152 'reupload-own',
153 'reupload-shared',
154 'rollback',
155 'sendemail',
156 'siteadmin',
157 'suppressionlog',
158 'suppressredirect',
159 'suppressrevision',
160 'unblockself',
161 'undelete',
162 'unwatchedpages',
163 'upload',
164 'upload_by_url',
165 'userrights',
166 'userrights-interwiki',
167 'writeapi',
168 );
169 /**
170 * String Cached results of getAllRights()
171 */
172 static $mAllRights = false;
173
174 /** @name Cache variables */
175 //@{
176 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
177 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
178 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mEditCount,
179 $mGroups, $mOptionOverrides;
180 //@}
181
182 /**
183 * Bool Whether the cache variables have been loaded.
184 */
185 //@{
186 var $mOptionsLoaded;
187
188 /**
189 * Array with already loaded items or true if all items have been loaded.
190 */
191 private $mLoadedItems = array();
192 //@}
193
194 /**
195 * String Initialization data source if mLoadedItems!==true. May be one of:
196 * - 'defaults' anonymous user initialised from class defaults
197 * - 'name' initialise from mName
198 * - 'id' initialise from mId
199 * - 'session' log in from cookies or session if possible
200 *
201 * Use the User::newFrom*() family of functions to set this.
202 */
203 var $mFrom;
204
205 /**
206 * Lazy-initialized variables, invalidated with clearInstanceCache
207 */
208 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
209 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
210 $mLocked, $mHideName, $mOptions;
211
212 /**
213 * @var WebRequest
214 */
215 private $mRequest;
216
217 /**
218 * @var Block
219 */
220 var $mBlock;
221
222 /**
223 * @var bool
224 */
225 var $mAllowUsertalk;
226
227 /**
228 * @var Block
229 */
230 private $mBlockedFromCreateAccount = false;
231
232 /**
233 * @var Array
234 */
235 private $mWatchedItems = array();
236
237 static $idCacheByName = array();
238
239 /**
240 * Lightweight constructor for an anonymous user.
241 * Use the User::newFrom* factory functions for other kinds of users.
242 *
243 * @see newFromName()
244 * @see newFromId()
245 * @see newFromConfirmationCode()
246 * @see newFromSession()
247 * @see newFromRow()
248 */
249 function __construct() {
250 $this->clearInstanceCache( 'defaults' );
251 }
252
253 /**
254 * @return String
255 */
256 function __toString(){
257 return $this->getName();
258 }
259
260 /**
261 * Load the user table data for this object from the source given by mFrom.
262 */
263 public function load() {
264 if ( $this->mLoadedItems === true ) {
265 return;
266 }
267 wfProfileIn( __METHOD__ );
268
269 # Set it now to avoid infinite recursion in accessors
270 $this->mLoadedItems = true;
271
272 switch ( $this->mFrom ) {
273 case 'defaults':
274 $this->loadDefaults();
275 break;
276 case 'name':
277 $this->mId = self::idFromName( $this->mName );
278 if ( !$this->mId ) {
279 # Nonexistent user placeholder object
280 $this->loadDefaults( $this->mName );
281 } else {
282 $this->loadFromId();
283 }
284 break;
285 case 'id':
286 $this->loadFromId();
287 break;
288 case 'session':
289 $this->loadFromSession();
290 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
291 break;
292 default:
293 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
294 }
295 wfProfileOut( __METHOD__ );
296 }
297
298 /**
299 * Load user table data, given mId has already been set.
300 * @return Bool false if the ID does not exist, true otherwise
301 */
302 public function loadFromId() {
303 global $wgMemc;
304 if ( $this->mId == 0 ) {
305 $this->loadDefaults();
306 return false;
307 }
308
309 # Try cache
310 $key = wfMemcKey( 'user', 'id', $this->mId );
311 $data = $wgMemc->get( $key );
312 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
313 # Object is expired, load from DB
314 $data = false;
315 }
316
317 if ( !$data ) {
318 wfDebug( "User: cache miss for user {$this->mId}\n" );
319 # Load from DB
320 if ( !$this->loadFromDatabase() ) {
321 # Can't load from ID, user is anonymous
322 return false;
323 }
324 $this->saveToCache();
325 } else {
326 wfDebug( "User: got user {$this->mId} from cache\n" );
327 # Restore from cache
328 foreach ( self::$mCacheVars as $name ) {
329 $this->$name = $data[$name];
330 }
331 }
332 return true;
333 }
334
335 /**
336 * Save user data to the shared cache
337 */
338 public function saveToCache() {
339 $this->load();
340 $this->loadGroups();
341 $this->loadOptions();
342 if ( $this->isAnon() ) {
343 // Anonymous users are uncached
344 return;
345 }
346 $data = array();
347 foreach ( self::$mCacheVars as $name ) {
348 $data[$name] = $this->$name;
349 }
350 $data['mVersion'] = MW_USER_VERSION;
351 $key = wfMemcKey( 'user', 'id', $this->mId );
352 global $wgMemc;
353 $wgMemc->set( $key, $data );
354 }
355
356 /** @name newFrom*() static factory methods */
357 //@{
358
359 /**
360 * Static factory method for creation from username.
361 *
362 * This is slightly less efficient than newFromId(), so use newFromId() if
363 * you have both an ID and a name handy.
364 *
365 * @param $name String Username, validated by Title::newFromText()
366 * @param $validate String|Bool Validate username. Takes the same parameters as
367 * User::getCanonicalName(), except that true is accepted as an alias
368 * for 'valid', for BC.
369 *
370 * @return User object, or false if the username is invalid
371 * (e.g. if it contains illegal characters or is an IP address). If the
372 * username is not present in the database, the result will be a user object
373 * with a name, zero user ID and default settings.
374 */
375 public static function newFromName( $name, $validate = 'valid' ) {
376 if ( $validate === true ) {
377 $validate = 'valid';
378 }
379 $name = self::getCanonicalName( $name, $validate );
380 if ( $name === false ) {
381 return false;
382 } else {
383 # Create unloaded user object
384 $u = new User;
385 $u->mName = $name;
386 $u->mFrom = 'name';
387 $u->setItemLoaded( 'name' );
388 return $u;
389 }
390 }
391
392 /**
393 * Static factory method for creation from a given user ID.
394 *
395 * @param $id Int Valid user ID
396 * @return User The corresponding User object
397 */
398 public static function newFromId( $id ) {
399 $u = new User;
400 $u->mId = $id;
401 $u->mFrom = 'id';
402 $u->setItemLoaded( 'id' );
403 return $u;
404 }
405
406 /**
407 * Factory method to fetch whichever user has a given email confirmation code.
408 * This code is generated when an account is created or its e-mail address
409 * has changed.
410 *
411 * If the code is invalid or has expired, returns NULL.
412 *
413 * @param $code String Confirmation code
414 * @return User object, or null
415 */
416 public static function newFromConfirmationCode( $code ) {
417 $dbr = wfGetDB( DB_SLAVE );
418 $id = $dbr->selectField( 'user', 'user_id', array(
419 'user_email_token' => md5( $code ),
420 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
421 ) );
422 if( $id !== false ) {
423 return User::newFromId( $id );
424 } else {
425 return null;
426 }
427 }
428
429 /**
430 * Create a new user object using data from session or cookies. If the
431 * login credentials are invalid, the result is an anonymous user.
432 *
433 * @param $request WebRequest object to use; $wgRequest will be used if
434 * ommited.
435 * @return User object
436 */
437 public static function newFromSession( WebRequest $request = null ) {
438 $user = new User;
439 $user->mFrom = 'session';
440 $user->mRequest = $request;
441 return $user;
442 }
443
444 /**
445 * Create a new user object from a user row.
446 * The row should have the following fields from the user table in it:
447 * - either user_name or user_id to load further data if needed (or both)
448 * - user_real_name
449 * - all other fields (email, password, etc.)
450 * It is useless to provide the remaining fields if either user_id,
451 * user_name and user_real_name are not provided because the whole row
452 * will be loaded once more from the database when accessing them.
453 *
454 * @param $row Array A row from the user table
455 * @return User
456 */
457 public static function newFromRow( $row ) {
458 $user = new User;
459 $user->loadFromRow( $row );
460 return $user;
461 }
462
463 //@}
464
465 /**
466 * Get the username corresponding to a given user ID
467 * @param $id Int User ID
468 * @return String|bool The corresponding username
469 */
470 public static function whoIs( $id ) {
471 return UserCache::singleton()->getProp( $id, 'name' );
472 }
473
474 /**
475 * Get the real name of a user given their user ID
476 *
477 * @param $id Int User ID
478 * @return String|bool The corresponding user's real name
479 */
480 public static function whoIsReal( $id ) {
481 return UserCache::singleton()->getProp( $id, 'real_name' );
482 }
483
484 /**
485 * Get database id given a user name
486 * @param $name String Username
487 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
488 */
489 public static function idFromName( $name ) {
490 $nt = Title::makeTitleSafe( NS_USER, $name );
491 if( is_null( $nt ) ) {
492 # Illegal name
493 return null;
494 }
495
496 if ( isset( self::$idCacheByName[$name] ) ) {
497 return self::$idCacheByName[$name];
498 }
499
500 $dbr = wfGetDB( DB_SLAVE );
501 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
502
503 if ( $s === false ) {
504 $result = null;
505 } else {
506 $result = $s->user_id;
507 }
508
509 self::$idCacheByName[$name] = $result;
510
511 if ( count( self::$idCacheByName ) > 1000 ) {
512 self::$idCacheByName = array();
513 }
514
515 return $result;
516 }
517
518 /**
519 * Reset the cache used in idFromName(). For use in tests.
520 */
521 public static function resetIdByNameCache() {
522 self::$idCacheByName = array();
523 }
524
525 /**
526 * Does the string match an anonymous IPv4 address?
527 *
528 * This function exists for username validation, in order to reject
529 * usernames which are similar in form to IP addresses. Strings such
530 * as 300.300.300.300 will return true because it looks like an IP
531 * address, despite not being strictly valid.
532 *
533 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
534 * address because the usemod software would "cloak" anonymous IP
535 * addresses like this, if we allowed accounts like this to be created
536 * new users could get the old edits of these anonymous users.
537 *
538 * @param $name String to match
539 * @return Bool
540 */
541 public static function isIP( $name ) {
542 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
543 }
544
545 /**
546 * Is the input a valid username?
547 *
548 * Checks if the input is a valid username, we don't want an empty string,
549 * an IP address, anything that containins slashes (would mess up subpages),
550 * is longer than the maximum allowed username size or doesn't begin with
551 * a capital letter.
552 *
553 * @param $name String to match
554 * @return Bool
555 */
556 public static function isValidUserName( $name ) {
557 global $wgContLang, $wgMaxNameChars;
558
559 if ( $name == ''
560 || User::isIP( $name )
561 || strpos( $name, '/' ) !== false
562 || strlen( $name ) > $wgMaxNameChars
563 || $name != $wgContLang->ucfirst( $name ) ) {
564 wfDebugLog( 'username', __METHOD__ .
565 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
566 return false;
567 }
568
569
570 // Ensure that the name can't be misresolved as a different title,
571 // such as with extra namespace keys at the start.
572 $parsed = Title::newFromText( $name );
573 if( is_null( $parsed )
574 || $parsed->getNamespace()
575 || strcmp( $name, $parsed->getPrefixedText() ) ) {
576 wfDebugLog( 'username', __METHOD__ .
577 ": '$name' invalid due to ambiguous prefixes" );
578 return false;
579 }
580
581 // Check an additional blacklist of troublemaker characters.
582 // Should these be merged into the title char list?
583 $unicodeBlacklist = '/[' .
584 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
585 '\x{00a0}' . # non-breaking space
586 '\x{2000}-\x{200f}' . # various whitespace
587 '\x{2028}-\x{202f}' . # breaks and control chars
588 '\x{3000}' . # ideographic space
589 '\x{e000}-\x{f8ff}' . # private use
590 ']/u';
591 if( preg_match( $unicodeBlacklist, $name ) ) {
592 wfDebugLog( 'username', __METHOD__ .
593 ": '$name' invalid due to blacklisted characters" );
594 return false;
595 }
596
597 return true;
598 }
599
600 /**
601 * Usernames which fail to pass this function will be blocked
602 * from user login and new account registrations, but may be used
603 * internally by batch processes.
604 *
605 * If an account already exists in this form, login will be blocked
606 * by a failure to pass this function.
607 *
608 * @param $name String to match
609 * @return Bool
610 */
611 public static function isUsableName( $name ) {
612 global $wgReservedUsernames;
613 // Must be a valid username, obviously ;)
614 if ( !self::isValidUserName( $name ) ) {
615 return false;
616 }
617
618 static $reservedUsernames = false;
619 if ( !$reservedUsernames ) {
620 $reservedUsernames = $wgReservedUsernames;
621 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
622 }
623
624 // Certain names may be reserved for batch processes.
625 foreach ( $reservedUsernames as $reserved ) {
626 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
627 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
628 }
629 if ( $reserved == $name ) {
630 return false;
631 }
632 }
633 return true;
634 }
635
636 /**
637 * Usernames which fail to pass this function will be blocked
638 * from new account registrations, but may be used internally
639 * either by batch processes or by user accounts which have
640 * already been created.
641 *
642 * Additional blacklisting may be added here rather than in
643 * isValidUserName() to avoid disrupting existing accounts.
644 *
645 * @param $name String to match
646 * @return Bool
647 */
648 public static function isCreatableName( $name ) {
649 global $wgInvalidUsernameCharacters;
650
651 // Ensure that the username isn't longer than 235 bytes, so that
652 // (at least for the builtin skins) user javascript and css files
653 // will work. (bug 23080)
654 if( strlen( $name ) > 235 ) {
655 wfDebugLog( 'username', __METHOD__ .
656 ": '$name' invalid due to length" );
657 return false;
658 }
659
660 // Preg yells if you try to give it an empty string
661 if( $wgInvalidUsernameCharacters !== '' ) {
662 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
663 wfDebugLog( 'username', __METHOD__ .
664 ": '$name' invalid due to wgInvalidUsernameCharacters" );
665 return false;
666 }
667 }
668
669 return self::isUsableName( $name );
670 }
671
672 /**
673 * Is the input a valid password for this user?
674 *
675 * @param $password String Desired password
676 * @return Bool
677 */
678 public function isValidPassword( $password ) {
679 //simple boolean wrapper for getPasswordValidity
680 return $this->getPasswordValidity( $password ) === true;
681 }
682
683 /**
684 * Given unvalidated password input, return error message on failure.
685 *
686 * @param $password String Desired password
687 * @return mixed: true on success, string or array of error message on failure
688 */
689 public function getPasswordValidity( $password ) {
690 global $wgMinimalPasswordLength, $wgContLang;
691
692 static $blockedLogins = array(
693 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
694 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
695 );
696
697 $result = false; //init $result to false for the internal checks
698
699 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
700 return $result;
701
702 if ( $result === false ) {
703 if( strlen( $password ) < $wgMinimalPasswordLength ) {
704 return 'passwordtooshort';
705 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
706 return 'password-name-match';
707 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
708 return 'password-login-forbidden';
709 } else {
710 //it seems weird returning true here, but this is because of the
711 //initialization of $result to false above. If the hook is never run or it
712 //doesn't modify $result, then we will likely get down into this if with
713 //a valid password.
714 return true;
715 }
716 } elseif( $result === true ) {
717 return true;
718 } else {
719 return $result; //the isValidPassword hook set a string $result and returned true
720 }
721 }
722
723 /**
724 * Does a string look like an e-mail address?
725 *
726 * This validates an email address using an HTML5 specification found at:
727 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
728 * Which as of 2011-01-24 says:
729 *
730 * A valid e-mail address is a string that matches the ABNF production
731 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
732 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
733 * 3.5.
734 *
735 * This function is an implementation of the specification as requested in
736 * bug 22449.
737 *
738 * Client-side forms will use the same standard validation rules via JS or
739 * HTML 5 validation; additional restrictions can be enforced server-side
740 * by extensions via the 'isValidEmailAddr' hook.
741 *
742 * Note that this validation doesn't 100% match RFC 2822, but is believed
743 * to be liberal enough for wide use. Some invalid addresses will still
744 * pass validation here.
745 *
746 * @param $addr String E-mail address
747 * @return Bool
748 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
749 */
750 public static function isValidEmailAddr( $addr ) {
751 wfDeprecated( __METHOD__, '1.18' );
752 return Sanitizer::validateEmail( $addr );
753 }
754
755 /**
756 * Given unvalidated user input, return a canonical username, or false if
757 * the username is invalid.
758 * @param $name String User input
759 * @param $validate String|Bool type of validation to use:
760 * - false No validation
761 * - 'valid' Valid for batch processes
762 * - 'usable' Valid for batch processes and login
763 * - 'creatable' Valid for batch processes, login and account creation
764 *
765 * @return bool|string
766 */
767 public static function getCanonicalName( $name, $validate = 'valid' ) {
768 # Force usernames to capital
769 global $wgContLang;
770 $name = $wgContLang->ucfirst( $name );
771
772 # Reject names containing '#'; these will be cleaned up
773 # with title normalisation, but then it's too late to
774 # check elsewhere
775 if( strpos( $name, '#' ) !== false )
776 return false;
777
778 # Clean up name according to title rules
779 $t = ( $validate === 'valid' ) ?
780 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
781 # Check for invalid titles
782 if( is_null( $t ) ) {
783 return false;
784 }
785
786 # Reject various classes of invalid names
787 global $wgAuth;
788 $name = $wgAuth->getCanonicalName( $t->getText() );
789
790 switch ( $validate ) {
791 case false:
792 break;
793 case 'valid':
794 if ( !User::isValidUserName( $name ) ) {
795 $name = false;
796 }
797 break;
798 case 'usable':
799 if ( !User::isUsableName( $name ) ) {
800 $name = false;
801 }
802 break;
803 case 'creatable':
804 if ( !User::isCreatableName( $name ) ) {
805 $name = false;
806 }
807 break;
808 default:
809 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
810 }
811 return $name;
812 }
813
814 /**
815 * Count the number of edits of a user
816 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
817 *
818 * @param $uid Int User ID to check
819 * @return Int the user's edit count
820 */
821 public static function edits( $uid ) {
822 wfProfileIn( __METHOD__ );
823 $dbr = wfGetDB( DB_SLAVE );
824 // check if the user_editcount field has been initialized
825 $field = $dbr->selectField(
826 'user', 'user_editcount',
827 array( 'user_id' => $uid ),
828 __METHOD__
829 );
830
831 if( $field === null ) { // it has not been initialized. do so.
832 $dbw = wfGetDB( DB_MASTER );
833 $count = $dbr->selectField(
834 'revision', 'count(*)',
835 array( 'rev_user' => $uid ),
836 __METHOD__
837 );
838 $dbw->update(
839 'user',
840 array( 'user_editcount' => $count ),
841 array( 'user_id' => $uid ),
842 __METHOD__
843 );
844 } else {
845 $count = $field;
846 }
847 wfProfileOut( __METHOD__ );
848 return $count;
849 }
850
851 /**
852 * Return a random password.
853 *
854 * @return String new random password
855 */
856 public static function randomPassword() {
857 global $wgMinimalPasswordLength;
858 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
859 $length = max( 10, $wgMinimalPasswordLength );
860 // Multiply by 1.25 to get the number of hex characters we need
861 $length = $length * 1.25;
862 // Generate random hex chars
863 $hex = MWCryptRand::generateHex( $length );
864 // Convert from base 16 to base 32 to get a proper password like string
865 return wfBaseConvert( $hex, 16, 32 );
866 }
867
868 /**
869 * Set cached properties to default.
870 *
871 * @note This no longer clears uncached lazy-initialised properties;
872 * the constructor does that instead.
873 *
874 * @param $name string
875 */
876 public function loadDefaults( $name = false ) {
877 wfProfileIn( __METHOD__ );
878
879 $this->mId = 0;
880 $this->mName = $name;
881 $this->mRealName = '';
882 $this->mPassword = $this->mNewpassword = '';
883 $this->mNewpassTime = null;
884 $this->mEmail = '';
885 $this->mOptionOverrides = null;
886 $this->mOptionsLoaded = false;
887
888 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
889 if( $loggedOut !== null ) {
890 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
891 } else {
892 $this->mTouched = '0'; # Allow any pages to be cached
893 }
894
895 $this->mToken = null; // Don't run cryptographic functions till we need a token
896 $this->mEmailAuthenticated = null;
897 $this->mEmailToken = '';
898 $this->mEmailTokenExpires = null;
899 $this->mRegistration = wfTimestamp( TS_MW );
900 $this->mGroups = array();
901
902 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
903
904 wfProfileOut( __METHOD__ );
905 }
906
907 /**
908 * Return whether an item has been loaded.
909 *
910 * @param $item String: item to check. Current possibilities:
911 * - id
912 * - name
913 * - realname
914 * @param $all String: 'all' to check if the whole object has been loaded
915 * or any other string to check if only the item is available (e.g.
916 * for optimisation)
917 * @return Boolean
918 */
919 public function isItemLoaded( $item, $all = 'all' ) {
920 return ( $this->mLoadedItems === true && $all === 'all' ) ||
921 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
922 }
923
924 /**
925 * Set that an item has been loaded
926 *
927 * @param $item String
928 */
929 private function setItemLoaded( $item ) {
930 if ( is_array( $this->mLoadedItems ) ) {
931 $this->mLoadedItems[$item] = true;
932 }
933 }
934
935 /**
936 * Load user data from the session or login cookie. If there are no valid
937 * credentials, initialises the user as an anonymous user.
938 * @return Bool True if the user is logged in, false otherwise.
939 */
940 private function loadFromSession() {
941 global $wgExternalAuthType, $wgAutocreatePolicy;
942
943 $result = null;
944 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
945 if ( $result !== null ) {
946 return $result;
947 }
948
949 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
950 $extUser = ExternalUser::newFromCookie();
951 if ( $extUser ) {
952 # TODO: Automatically create the user here (or probably a bit
953 # lower down, in fact)
954 }
955 }
956
957 $request = $this->getRequest();
958
959 $cookieId = $request->getCookie( 'UserID' );
960 $sessId = $request->getSessionData( 'wsUserID' );
961
962 if ( $cookieId !== null ) {
963 $sId = intval( $cookieId );
964 if( $sessId !== null && $cookieId != $sessId ) {
965 $this->loadDefaults(); // Possible collision!
966 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
967 cookie user ID ($sId) don't match!" );
968 return false;
969 }
970 $request->setSessionData( 'wsUserID', $sId );
971 } elseif ( $sessId !== null && $sessId != 0 ) {
972 $sId = $sessId;
973 } else {
974 $this->loadDefaults();
975 return false;
976 }
977
978 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
979 $sName = $request->getSessionData( 'wsUserName' );
980 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
981 $sName = $request->getCookie( 'UserName' );
982 $request->setSessionData( 'wsUserName', $sName );
983 } else {
984 $this->loadDefaults();
985 return false;
986 }
987
988 $proposedUser = User::newFromId( $sId );
989 if ( !$proposedUser->isLoggedIn() ) {
990 # Not a valid ID
991 $this->loadDefaults();
992 return false;
993 }
994
995 global $wgBlockDisablesLogin;
996 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
997 # User blocked and we've disabled blocked user logins
998 $this->loadDefaults();
999 return false;
1000 }
1001
1002 if ( $request->getSessionData( 'wsToken' ) ) {
1003 $passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
1004 $from = 'session';
1005 } elseif ( $request->getCookie( 'Token' ) ) {
1006 $passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
1007 $from = 'cookie';
1008 } else {
1009 # No session or persistent login cookie
1010 $this->loadDefaults();
1011 return false;
1012 }
1013
1014 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
1015 $this->loadFromUserObject( $proposedUser );
1016 $request->setSessionData( 'wsToken', $this->mToken );
1017 wfDebug( "User: logged in from $from\n" );
1018 return true;
1019 } else {
1020 # Invalid credentials
1021 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1022 $this->loadDefaults();
1023 return false;
1024 }
1025 }
1026
1027 /**
1028 * Load user and user_group data from the database.
1029 * $this->mId must be set, this is how the user is identified.
1030 *
1031 * @return Bool True if the user exists, false if the user is anonymous
1032 */
1033 public function loadFromDatabase() {
1034 # Paranoia
1035 $this->mId = intval( $this->mId );
1036
1037 /** Anonymous user */
1038 if( !$this->mId ) {
1039 $this->loadDefaults();
1040 return false;
1041 }
1042
1043 $dbr = wfGetDB( DB_MASTER );
1044 $s = $dbr->selectRow( 'user', self::selectFields(), array( 'user_id' => $this->mId ), __METHOD__ );
1045
1046 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1047
1048 if ( $s !== false ) {
1049 # Initialise user table data
1050 $this->loadFromRow( $s );
1051 $this->mGroups = null; // deferred
1052 $this->getEditCount(); // revalidation for nulls
1053 return true;
1054 } else {
1055 # Invalid user_id
1056 $this->mId = 0;
1057 $this->loadDefaults();
1058 return false;
1059 }
1060 }
1061
1062 /**
1063 * Initialize this object from a row from the user table.
1064 *
1065 * @param $row Array Row from the user table to load.
1066 */
1067 public function loadFromRow( $row ) {
1068 $all = true;
1069
1070 $this->mGroups = null; // deferred
1071
1072 if ( isset( $row->user_name ) ) {
1073 $this->mName = $row->user_name;
1074 $this->mFrom = 'name';
1075 $this->setItemLoaded( 'name' );
1076 } else {
1077 $all = false;
1078 }
1079
1080 if ( isset( $row->user_real_name ) ) {
1081 $this->mRealName = $row->user_real_name;
1082 $this->setItemLoaded( 'realname' );
1083 } else {
1084 $all = false;
1085 }
1086
1087 if ( isset( $row->user_id ) ) {
1088 $this->mId = intval( $row->user_id );
1089 $this->mFrom = 'id';
1090 $this->setItemLoaded( 'id' );
1091 } else {
1092 $all = false;
1093 }
1094
1095 if ( isset( $row->user_editcount ) ) {
1096 $this->mEditCount = $row->user_editcount;
1097 } else {
1098 $all = false;
1099 }
1100
1101 if ( isset( $row->user_password ) ) {
1102 $this->mPassword = $row->user_password;
1103 $this->mNewpassword = $row->user_newpassword;
1104 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1105 $this->mEmail = $row->user_email;
1106 if ( isset( $row->user_options ) ) {
1107 $this->decodeOptions( $row->user_options );
1108 }
1109 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1110 $this->mToken = $row->user_token;
1111 if ( $this->mToken == '' ) {
1112 $this->mToken = null;
1113 }
1114 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1115 $this->mEmailToken = $row->user_email_token;
1116 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1117 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1118 } else {
1119 $all = false;
1120 }
1121
1122 if ( $all ) {
1123 $this->mLoadedItems = true;
1124 }
1125 }
1126
1127 /**
1128 * Load the data for this user object from another user object.
1129 *
1130 * @param $user User
1131 */
1132 protected function loadFromUserObject( $user ) {
1133 $user->load();
1134 $user->loadGroups();
1135 $user->loadOptions();
1136 foreach ( self::$mCacheVars as $var ) {
1137 $this->$var = $user->$var;
1138 }
1139 }
1140
1141 /**
1142 * Load the groups from the database if they aren't already loaded.
1143 */
1144 private function loadGroups() {
1145 if ( is_null( $this->mGroups ) ) {
1146 $dbr = wfGetDB( DB_MASTER );
1147 $res = $dbr->select( 'user_groups',
1148 array( 'ug_group' ),
1149 array( 'ug_user' => $this->mId ),
1150 __METHOD__ );
1151 $this->mGroups = array();
1152 foreach ( $res as $row ) {
1153 $this->mGroups[] = $row->ug_group;
1154 }
1155 }
1156 }
1157
1158 /**
1159 * Add the user to the group if he/she meets given criteria.
1160 *
1161 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1162 * possible to remove manually via Special:UserRights. In such case it
1163 * will not be re-added automatically. The user will also not lose the
1164 * group if they no longer meet the criteria.
1165 *
1166 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1167 *
1168 * @return array Array of groups the user has been promoted to.
1169 *
1170 * @see $wgAutopromoteOnce
1171 */
1172 public function addAutopromoteOnceGroups( $event ) {
1173 global $wgAutopromoteOnceLogInRC;
1174
1175 $toPromote = array();
1176 if ( $this->getId() ) {
1177 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1178 if ( count( $toPromote ) ) {
1179 $oldGroups = $this->getGroups(); // previous groups
1180 foreach ( $toPromote as $group ) {
1181 $this->addGroup( $group );
1182 }
1183 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1184
1185 $log = new LogPage( 'rights', $wgAutopromoteOnceLogInRC /* in RC? */ );
1186 $log->addEntry( 'autopromote',
1187 $this->getUserPage(),
1188 '', // no comment
1189 // These group names are "list to texted"-ed in class LogPage.
1190 array( implode( ', ', $oldGroups ), implode( ', ', $newGroups ) )
1191 );
1192 }
1193 }
1194 return $toPromote;
1195 }
1196
1197 /**
1198 * Clear various cached data stored in this object.
1199 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1200 * given source. May be "name", "id", "defaults", "session", or false for
1201 * no reload.
1202 */
1203 public function clearInstanceCache( $reloadFrom = false ) {
1204 $this->mNewtalk = -1;
1205 $this->mDatePreference = null;
1206 $this->mBlockedby = -1; # Unset
1207 $this->mHash = false;
1208 $this->mRights = null;
1209 $this->mEffectiveGroups = null;
1210 $this->mImplicitGroups = null;
1211 $this->mOptions = null;
1212
1213 if ( $reloadFrom ) {
1214 $this->mLoadedItems = array();
1215 $this->mFrom = $reloadFrom;
1216 }
1217 }
1218
1219 /**
1220 * Combine the language default options with any site-specific options
1221 * and add the default language variants.
1222 *
1223 * @return Array of String options
1224 */
1225 public static function getDefaultOptions() {
1226 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1227
1228 $defOpt = $wgDefaultUserOptions;
1229 # default language setting
1230 $variant = $wgContLang->getDefaultVariant();
1231 $defOpt['variant'] = $variant;
1232 $defOpt['language'] = $variant;
1233 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1234 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1235 }
1236 $defOpt['skin'] = $wgDefaultSkin;
1237
1238 // FIXME: Ideally we'd cache the results of this function so the hook is only run once,
1239 // but that breaks the parser tests because they rely on being able to change $wgContLang
1240 // mid-request and see that change reflected in the return value of this function.
1241 // Which is insane and would never happen during normal MW operation, but is also not
1242 // likely to get fixed unless and until we context-ify everything.
1243 // See also https://www.mediawiki.org/wiki/Special:Code/MediaWiki/101488#c25275
1244 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1245
1246 return $defOpt;
1247 }
1248
1249 /**
1250 * Get a given default option value.
1251 *
1252 * @param $opt String Name of option to retrieve
1253 * @return String Default option value
1254 */
1255 public static function getDefaultOption( $opt ) {
1256 $defOpts = self::getDefaultOptions();
1257 if( isset( $defOpts[$opt] ) ) {
1258 return $defOpts[$opt];
1259 } else {
1260 return null;
1261 }
1262 }
1263
1264
1265 /**
1266 * Get blocking information
1267 * @param $bFromSlave Bool Whether to check the slave database first. To
1268 * improve performance, non-critical checks are done
1269 * against slaves. Check when actually saving should be
1270 * done against master.
1271 */
1272 private function getBlockedStatus( $bFromSlave = true ) {
1273 global $wgProxyWhitelist, $wgUser;
1274
1275 if ( -1 != $this->mBlockedby ) {
1276 return;
1277 }
1278
1279 wfProfileIn( __METHOD__ );
1280 wfDebug( __METHOD__.": checking...\n" );
1281
1282 // Initialize data...
1283 // Otherwise something ends up stomping on $this->mBlockedby when
1284 // things get lazy-loaded later, causing false positive block hits
1285 // due to -1 !== 0. Probably session-related... Nothing should be
1286 // overwriting mBlockedby, surely?
1287 $this->load();
1288
1289 # We only need to worry about passing the IP address to the Block generator if the
1290 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1291 # know which IP address they're actually coming from
1292 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1293 $ip = $this->getRequest()->getIP();
1294 } else {
1295 $ip = null;
1296 }
1297
1298 # User/IP blocking
1299 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1300
1301 # Proxy blocking
1302 if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
1303 && !in_array( $ip, $wgProxyWhitelist ) )
1304 {
1305 # Local list
1306 if ( self::isLocallyBlockedProxy( $ip ) ) {
1307 $block = new Block;
1308 $block->setBlocker( wfMessage( 'proxyblocker' )->text() );
1309 $block->mReason = wfMessage( 'proxyblockreason' )->text();
1310 $block->setTarget( $ip );
1311 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1312 $block = new Block;
1313 $block->setBlocker( wfMessage( 'sorbs' )->text() );
1314 $block->mReason = wfMessage( 'sorbsreason' )->text();
1315 $block->setTarget( $ip );
1316 }
1317 }
1318
1319 if ( $block instanceof Block ) {
1320 wfDebug( __METHOD__ . ": Found block.\n" );
1321 $this->mBlock = $block;
1322 $this->mBlockedby = $block->getByName();
1323 $this->mBlockreason = $block->mReason;
1324 $this->mHideName = $block->mHideName;
1325 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1326 } else {
1327 $this->mBlockedby = '';
1328 $this->mHideName = 0;
1329 $this->mAllowUsertalk = false;
1330 }
1331
1332 # Extensions
1333 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1334
1335 wfProfileOut( __METHOD__ );
1336 }
1337
1338 /**
1339 * Whether the given IP is in a DNS blacklist.
1340 *
1341 * @param $ip String IP to check
1342 * @param $checkWhitelist Bool: whether to check the whitelist first
1343 * @return Bool True if blacklisted.
1344 */
1345 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1346 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1347 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1348
1349 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1350 return false;
1351
1352 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1353 return false;
1354
1355 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1356 return $this->inDnsBlacklist( $ip, $urls );
1357 }
1358
1359 /**
1360 * Whether the given IP is in a given DNS blacklist.
1361 *
1362 * @param $ip String IP to check
1363 * @param $bases String|Array of Strings: URL of the DNS blacklist
1364 * @return Bool True if blacklisted.
1365 */
1366 public function inDnsBlacklist( $ip, $bases ) {
1367 wfProfileIn( __METHOD__ );
1368
1369 $found = false;
1370 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1371 if( IP::isIPv4( $ip ) ) {
1372 # Reverse IP, bug 21255
1373 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1374
1375 foreach( (array)$bases as $base ) {
1376 # Make hostname
1377 # If we have an access key, use that too (ProjectHoneypot, etc.)
1378 if( is_array( $base ) ) {
1379 if( count( $base ) >= 2 ) {
1380 # Access key is 1, base URL is 0
1381 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1382 } else {
1383 $host = "$ipReversed.{$base[0]}";
1384 }
1385 } else {
1386 $host = "$ipReversed.$base";
1387 }
1388
1389 # Send query
1390 $ipList = gethostbynamel( $host );
1391
1392 if( $ipList ) {
1393 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1394 $found = true;
1395 break;
1396 } else {
1397 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $base.\n" );
1398 }
1399 }
1400 }
1401
1402 wfProfileOut( __METHOD__ );
1403 return $found;
1404 }
1405
1406 /**
1407 * Check if an IP address is in the local proxy list
1408 *
1409 * @param $ip string
1410 *
1411 * @return bool
1412 */
1413 public static function isLocallyBlockedProxy( $ip ) {
1414 global $wgProxyList;
1415
1416 if ( !$wgProxyList ) {
1417 return false;
1418 }
1419 wfProfileIn( __METHOD__ );
1420
1421 if ( !is_array( $wgProxyList ) ) {
1422 # Load from the specified file
1423 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1424 }
1425
1426 if ( !is_array( $wgProxyList ) ) {
1427 $ret = false;
1428 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1429 $ret = true;
1430 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1431 # Old-style flipped proxy list
1432 $ret = true;
1433 } else {
1434 $ret = false;
1435 }
1436 wfProfileOut( __METHOD__ );
1437 return $ret;
1438 }
1439
1440 /**
1441 * Is this user subject to rate limiting?
1442 *
1443 * @return Bool True if rate limited
1444 */
1445 public function isPingLimitable() {
1446 global $wgRateLimitsExcludedIPs;
1447 if( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1448 // No other good way currently to disable rate limits
1449 // for specific IPs. :P
1450 // But this is a crappy hack and should die.
1451 return false;
1452 }
1453 return !$this->isAllowed('noratelimit');
1454 }
1455
1456 /**
1457 * Primitive rate limits: enforce maximum actions per time period
1458 * to put a brake on flooding.
1459 *
1460 * @note When using a shared cache like memcached, IP-address
1461 * last-hit counters will be shared across wikis.
1462 *
1463 * @param $action String Action to enforce; 'edit' if unspecified
1464 * @return Bool True if a rate limiter was tripped
1465 */
1466 public function pingLimiter( $action = 'edit' ) {
1467 # Call the 'PingLimiter' hook
1468 $result = false;
1469 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1470 return $result;
1471 }
1472
1473 global $wgRateLimits;
1474 if( !isset( $wgRateLimits[$action] ) ) {
1475 return false;
1476 }
1477
1478 # Some groups shouldn't trigger the ping limiter, ever
1479 if( !$this->isPingLimitable() )
1480 return false;
1481
1482 global $wgMemc, $wgRateLimitLog;
1483 wfProfileIn( __METHOD__ );
1484
1485 $limits = $wgRateLimits[$action];
1486 $keys = array();
1487 $id = $this->getId();
1488 $ip = $this->getRequest()->getIP();
1489 $userLimit = false;
1490
1491 if( isset( $limits['anon'] ) && $id == 0 ) {
1492 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1493 }
1494
1495 if( isset( $limits['user'] ) && $id != 0 ) {
1496 $userLimit = $limits['user'];
1497 }
1498 if( $this->isNewbie() ) {
1499 if( isset( $limits['newbie'] ) && $id != 0 ) {
1500 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1501 }
1502 if( isset( $limits['ip'] ) ) {
1503 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1504 }
1505 $matches = array();
1506 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1507 $subnet = $matches[1];
1508 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1509 }
1510 }
1511 // Check for group-specific permissions
1512 // If more than one group applies, use the group with the highest limit
1513 foreach ( $this->getGroups() as $group ) {
1514 if ( isset( $limits[$group] ) ) {
1515 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1516 $userLimit = $limits[$group];
1517 }
1518 }
1519 }
1520 // Set the user limit key
1521 if ( $userLimit !== false ) {
1522 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1523 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1524 }
1525
1526 $triggered = false;
1527 foreach( $keys as $key => $limit ) {
1528 list( $max, $period ) = $limit;
1529 $summary = "(limit $max in {$period}s)";
1530 $count = $wgMemc->get( $key );
1531 // Already pinged?
1532 if( $count ) {
1533 if( $count >= $max ) {
1534 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1535 if( $wgRateLimitLog ) {
1536 wfSuppressWarnings();
1537 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1538 wfRestoreWarnings();
1539 }
1540 $triggered = true;
1541 } else {
1542 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1543 }
1544 } else {
1545 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1546 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1547 }
1548 $wgMemc->incr( $key );
1549 }
1550
1551 wfProfileOut( __METHOD__ );
1552 return $triggered;
1553 }
1554
1555 /**
1556 * Check if user is blocked
1557 *
1558 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1559 * @return Bool True if blocked, false otherwise
1560 */
1561 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1562 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1563 }
1564
1565 /**
1566 * Get the block affecting the user, or null if the user is not blocked
1567 *
1568 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1569 * @return Block|null
1570 */
1571 public function getBlock( $bFromSlave = true ){
1572 $this->getBlockedStatus( $bFromSlave );
1573 return $this->mBlock instanceof Block ? $this->mBlock : null;
1574 }
1575
1576 /**
1577 * Check if user is blocked from editing a particular article
1578 *
1579 * @param $title Title to check
1580 * @param $bFromSlave Bool whether to check the slave database instead of the master
1581 * @return Bool
1582 */
1583 function isBlockedFrom( $title, $bFromSlave = false ) {
1584 global $wgBlockAllowsUTEdit;
1585 wfProfileIn( __METHOD__ );
1586
1587 $blocked = $this->isBlocked( $bFromSlave );
1588 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1589 # If a user's name is suppressed, they cannot make edits anywhere
1590 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1591 $title->getNamespace() == NS_USER_TALK ) {
1592 $blocked = false;
1593 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1594 }
1595
1596 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1597
1598 wfProfileOut( __METHOD__ );
1599 return $blocked;
1600 }
1601
1602 /**
1603 * If user is blocked, return the name of the user who placed the block
1604 * @return String name of blocker
1605 */
1606 public function blockedBy() {
1607 $this->getBlockedStatus();
1608 return $this->mBlockedby;
1609 }
1610
1611 /**
1612 * If user is blocked, return the specified reason for the block
1613 * @return String Blocking reason
1614 */
1615 public function blockedFor() {
1616 $this->getBlockedStatus();
1617 return $this->mBlockreason;
1618 }
1619
1620 /**
1621 * If user is blocked, return the ID for the block
1622 * @return Int Block ID
1623 */
1624 public function getBlockId() {
1625 $this->getBlockedStatus();
1626 return ( $this->mBlock ? $this->mBlock->getId() : false );
1627 }
1628
1629 /**
1630 * Check if user is blocked on all wikis.
1631 * Do not use for actual edit permission checks!
1632 * This is intented for quick UI checks.
1633 *
1634 * @param $ip String IP address, uses current client if none given
1635 * @return Bool True if blocked, false otherwise
1636 */
1637 public function isBlockedGlobally( $ip = '' ) {
1638 if( $this->mBlockedGlobally !== null ) {
1639 return $this->mBlockedGlobally;
1640 }
1641 // User is already an IP?
1642 if( IP::isIPAddress( $this->getName() ) ) {
1643 $ip = $this->getName();
1644 } elseif( !$ip ) {
1645 $ip = $this->getRequest()->getIP();
1646 }
1647 $blocked = false;
1648 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1649 $this->mBlockedGlobally = (bool)$blocked;
1650 return $this->mBlockedGlobally;
1651 }
1652
1653 /**
1654 * Check if user account is locked
1655 *
1656 * @return Bool True if locked, false otherwise
1657 */
1658 public function isLocked() {
1659 if( $this->mLocked !== null ) {
1660 return $this->mLocked;
1661 }
1662 global $wgAuth;
1663 $authUser = $wgAuth->getUserInstance( $this );
1664 $this->mLocked = (bool)$authUser->isLocked();
1665 return $this->mLocked;
1666 }
1667
1668 /**
1669 * Check if user account is hidden
1670 *
1671 * @return Bool True if hidden, false otherwise
1672 */
1673 public function isHidden() {
1674 if( $this->mHideName !== null ) {
1675 return $this->mHideName;
1676 }
1677 $this->getBlockedStatus();
1678 if( !$this->mHideName ) {
1679 global $wgAuth;
1680 $authUser = $wgAuth->getUserInstance( $this );
1681 $this->mHideName = (bool)$authUser->isHidden();
1682 }
1683 return $this->mHideName;
1684 }
1685
1686 /**
1687 * Get the user's ID.
1688 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1689 */
1690 public function getId() {
1691 if( $this->mId === null && $this->mName !== null
1692 && User::isIP( $this->mName ) ) {
1693 // Special case, we know the user is anonymous
1694 return 0;
1695 } elseif( !$this->isItemLoaded( 'id' ) ) {
1696 // Don't load if this was initialized from an ID
1697 $this->load();
1698 }
1699 return $this->mId;
1700 }
1701
1702 /**
1703 * Set the user and reload all fields according to a given ID
1704 * @param $v Int User ID to reload
1705 */
1706 public function setId( $v ) {
1707 $this->mId = $v;
1708 $this->clearInstanceCache( 'id' );
1709 }
1710
1711 /**
1712 * Get the user name, or the IP of an anonymous user
1713 * @return String User's name or IP address
1714 */
1715 public function getName() {
1716 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1717 # Special case optimisation
1718 return $this->mName;
1719 } else {
1720 $this->load();
1721 if ( $this->mName === false ) {
1722 # Clean up IPs
1723 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1724 }
1725 return $this->mName;
1726 }
1727 }
1728
1729 /**
1730 * Set the user name.
1731 *
1732 * This does not reload fields from the database according to the given
1733 * name. Rather, it is used to create a temporary "nonexistent user" for
1734 * later addition to the database. It can also be used to set the IP
1735 * address for an anonymous user to something other than the current
1736 * remote IP.
1737 *
1738 * @note User::newFromName() has rougly the same function, when the named user
1739 * does not exist.
1740 * @param $str String New user name to set
1741 */
1742 public function setName( $str ) {
1743 $this->load();
1744 $this->mName = $str;
1745 }
1746
1747 /**
1748 * Get the user's name escaped by underscores.
1749 * @return String Username escaped by underscores.
1750 */
1751 public function getTitleKey() {
1752 return str_replace( ' ', '_', $this->getName() );
1753 }
1754
1755 /**
1756 * Check if the user has new messages.
1757 * @return Bool True if the user has new messages
1758 */
1759 public function getNewtalk() {
1760 $this->load();
1761
1762 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1763 if( $this->mNewtalk === -1 ) {
1764 $this->mNewtalk = false; # reset talk page status
1765
1766 # Check memcached separately for anons, who have no
1767 # entire User object stored in there.
1768 if( !$this->mId ) {
1769 global $wgDisableAnonTalk;
1770 if( $wgDisableAnonTalk ) {
1771 // Anon newtalk disabled by configuration.
1772 $this->mNewtalk = false;
1773 } else {
1774 global $wgMemc;
1775 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1776 $newtalk = $wgMemc->get( $key );
1777 if( strval( $newtalk ) !== '' ) {
1778 $this->mNewtalk = (bool)$newtalk;
1779 } else {
1780 // Since we are caching this, make sure it is up to date by getting it
1781 // from the master
1782 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1783 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1784 }
1785 }
1786 } else {
1787 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1788 }
1789 }
1790
1791 return (bool)$this->mNewtalk;
1792 }
1793
1794 /**
1795 * Return the talk page(s) this user has new messages on.
1796 * @return Array of String page URLs
1797 */
1798 public function getNewMessageLinks() {
1799 $talks = array();
1800 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) ) {
1801 return $talks;
1802 } elseif( !$this->getNewtalk() ) {
1803 return array();
1804 }
1805 $utp = $this->getTalkPage();
1806 $dbr = wfGetDB( DB_SLAVE );
1807 // Get the "last viewed rev" timestamp from the oldest message notification
1808 $timestamp = $dbr->selectField( 'user_newtalk',
1809 'MIN(user_last_timestamp)',
1810 $this->isAnon() ? array( 'user_ip' => $this->getName() ) : array( 'user_id' => $this->getID() ),
1811 __METHOD__ );
1812 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
1813 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ) );
1814 }
1815
1816 /**
1817 * Internal uncached check for new messages
1818 *
1819 * @see getNewtalk()
1820 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1821 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1822 * @param $fromMaster Bool true to fetch from the master, false for a slave
1823 * @return Bool True if the user has new messages
1824 */
1825 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1826 if ( $fromMaster ) {
1827 $db = wfGetDB( DB_MASTER );
1828 } else {
1829 $db = wfGetDB( DB_SLAVE );
1830 }
1831 $ok = $db->selectField( 'user_newtalk', $field,
1832 array( $field => $id ), __METHOD__ );
1833 return $ok !== false;
1834 }
1835
1836 /**
1837 * Add or update the new messages flag
1838 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1839 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1840 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null.
1841 * @return Bool True if successful, false otherwise
1842 */
1843 protected function updateNewtalk( $field, $id, $curRev = null ) {
1844 // Get timestamp of the talk page revision prior to the current one
1845 $prevRev = $curRev ? $curRev->getPrevious() : false;
1846 $ts = $prevRev ? $prevRev->getTimestamp() : null;
1847 // Mark the user as having new messages since this revision
1848 $dbw = wfGetDB( DB_MASTER );
1849 $dbw->insert( 'user_newtalk',
1850 array( $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ),
1851 __METHOD__,
1852 'IGNORE' );
1853 if ( $dbw->affectedRows() ) {
1854 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1855 return true;
1856 } else {
1857 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1858 return false;
1859 }
1860 }
1861
1862 /**
1863 * Clear the new messages flag for the given user
1864 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1865 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1866 * @return Bool True if successful, false otherwise
1867 */
1868 protected function deleteNewtalk( $field, $id ) {
1869 $dbw = wfGetDB( DB_MASTER );
1870 $dbw->delete( 'user_newtalk',
1871 array( $field => $id ),
1872 __METHOD__ );
1873 if ( $dbw->affectedRows() ) {
1874 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1875 return true;
1876 } else {
1877 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1878 return false;
1879 }
1880 }
1881
1882 /**
1883 * Update the 'You have new messages!' status.
1884 * @param $val Bool Whether the user has new messages
1885 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null or !$val.
1886 */
1887 public function setNewtalk( $val, $curRev = null ) {
1888 if( wfReadOnly() ) {
1889 return;
1890 }
1891
1892 $this->load();
1893 $this->mNewtalk = $val;
1894
1895 if( $this->isAnon() ) {
1896 $field = 'user_ip';
1897 $id = $this->getName();
1898 } else {
1899 $field = 'user_id';
1900 $id = $this->getId();
1901 }
1902 global $wgMemc;
1903
1904 if( $val ) {
1905 $changed = $this->updateNewtalk( $field, $id, $curRev );
1906 } else {
1907 $changed = $this->deleteNewtalk( $field, $id );
1908 }
1909
1910 if( $this->isAnon() ) {
1911 // Anons have a separate memcached space, since
1912 // user records aren't kept for them.
1913 $key = wfMemcKey( 'newtalk', 'ip', $id );
1914 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1915 }
1916 if ( $changed ) {
1917 $this->invalidateCache();
1918 }
1919 }
1920
1921 /**
1922 * Generate a current or new-future timestamp to be stored in the
1923 * user_touched field when we update things.
1924 * @return String Timestamp in TS_MW format
1925 */
1926 private static function newTouchedTimestamp() {
1927 global $wgClockSkewFudge;
1928 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1929 }
1930
1931 /**
1932 * Clear user data from memcached.
1933 * Use after applying fun updates to the database; caller's
1934 * responsibility to update user_touched if appropriate.
1935 *
1936 * Called implicitly from invalidateCache() and saveSettings().
1937 */
1938 private function clearSharedCache() {
1939 $this->load();
1940 if( $this->mId ) {
1941 global $wgMemc;
1942 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1943 }
1944 }
1945
1946 /**
1947 * Immediately touch the user data cache for this account.
1948 * Updates user_touched field, and removes account data from memcached
1949 * for reload on the next hit.
1950 */
1951 public function invalidateCache() {
1952 if( wfReadOnly() ) {
1953 return;
1954 }
1955 $this->load();
1956 if( $this->mId ) {
1957 $this->mTouched = self::newTouchedTimestamp();
1958
1959 $dbw = wfGetDB( DB_MASTER );
1960
1961 // Prevent contention slams by checking user_touched first
1962 $now = $dbw->timestamp( $this->mTouched );
1963 $needsPurge = $dbw->selectField( 'user', '1',
1964 array( 'user_id' => $this->mId, 'user_touched < ' . $dbw->addQuotes( $now ) )
1965 );
1966 if ( $needsPurge ) {
1967 $dbw->update( 'user',
1968 array( 'user_touched' => $now ),
1969 array( 'user_id' => $this->mId, 'user_touched < ' . $dbw->addQuotes( $now ) ),
1970 __METHOD__
1971 );
1972 }
1973
1974 $this->clearSharedCache();
1975 }
1976 }
1977
1978 /**
1979 * Validate the cache for this account.
1980 * @param $timestamp String A timestamp in TS_MW format
1981 *
1982 * @return bool
1983 */
1984 public function validateCache( $timestamp ) {
1985 $this->load();
1986 return ( $timestamp >= $this->mTouched );
1987 }
1988
1989 /**
1990 * Get the user touched timestamp
1991 * @return String timestamp
1992 */
1993 public function getTouched() {
1994 $this->load();
1995 return $this->mTouched;
1996 }
1997
1998 /**
1999 * Set the password and reset the random token.
2000 * Calls through to authentication plugin if necessary;
2001 * will have no effect if the auth plugin refuses to
2002 * pass the change through or if the legal password
2003 * checks fail.
2004 *
2005 * As a special case, setting the password to null
2006 * wipes it, so the account cannot be logged in until
2007 * a new password is set, for instance via e-mail.
2008 *
2009 * @param $str String New password to set
2010 * @throws PasswordError on failure
2011 *
2012 * @return bool
2013 */
2014 public function setPassword( $str ) {
2015 global $wgAuth;
2016
2017 if( $str !== null ) {
2018 if( !$wgAuth->allowPasswordChange() ) {
2019 throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
2020 }
2021
2022 if( !$this->isValidPassword( $str ) ) {
2023 global $wgMinimalPasswordLength;
2024 $valid = $this->getPasswordValidity( $str );
2025 if ( is_array( $valid ) ) {
2026 $message = array_shift( $valid );
2027 $params = $valid;
2028 } else {
2029 $message = $valid;
2030 $params = array( $wgMinimalPasswordLength );
2031 }
2032 throw new PasswordError( wfMessage( $message, $params )->text() );
2033 }
2034 }
2035
2036 if( !$wgAuth->setPassword( $this, $str ) ) {
2037 throw new PasswordError( wfMessage( 'externaldberror' )->text() );
2038 }
2039
2040 $this->setInternalPassword( $str );
2041
2042 return true;
2043 }
2044
2045 /**
2046 * Set the password and reset the random token unconditionally.
2047 *
2048 * @param $str String New password to set
2049 */
2050 public function setInternalPassword( $str ) {
2051 $this->load();
2052 $this->setToken();
2053
2054 if( $str === null ) {
2055 // Save an invalid hash...
2056 $this->mPassword = '';
2057 } else {
2058 $this->mPassword = self::crypt( $str );
2059 }
2060 $this->mNewpassword = '';
2061 $this->mNewpassTime = null;
2062 }
2063
2064 /**
2065 * Get the user's current token.
2066 * @param $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2067 * @return String Token
2068 */
2069 public function getToken( $forceCreation = true ) {
2070 $this->load();
2071 if ( !$this->mToken && $forceCreation ) {
2072 $this->setToken();
2073 }
2074 return $this->mToken;
2075 }
2076
2077 /**
2078 * Set the random token (used for persistent authentication)
2079 * Called from loadDefaults() among other places.
2080 *
2081 * @param $token String|bool If specified, set the token to this value
2082 */
2083 public function setToken( $token = false ) {
2084 $this->load();
2085 if ( !$token ) {
2086 $this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
2087 } else {
2088 $this->mToken = $token;
2089 }
2090 }
2091
2092 /**
2093 * Set the password for a password reminder or new account email
2094 *
2095 * @param $str String New password to set
2096 * @param $throttle Bool If true, reset the throttle timestamp to the present
2097 */
2098 public function setNewpassword( $str, $throttle = true ) {
2099 $this->load();
2100 $this->mNewpassword = self::crypt( $str );
2101 if ( $throttle ) {
2102 $this->mNewpassTime = wfTimestampNow();
2103 }
2104 }
2105
2106 /**
2107 * Has password reminder email been sent within the last
2108 * $wgPasswordReminderResendTime hours?
2109 * @return Bool
2110 */
2111 public function isPasswordReminderThrottled() {
2112 global $wgPasswordReminderResendTime;
2113 $this->load();
2114 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2115 return false;
2116 }
2117 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2118 return time() < $expiry;
2119 }
2120
2121 /**
2122 * Get the user's e-mail address
2123 * @return String User's email address
2124 */
2125 public function getEmail() {
2126 $this->load();
2127 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2128 return $this->mEmail;
2129 }
2130
2131 /**
2132 * Get the timestamp of the user's e-mail authentication
2133 * @return String TS_MW timestamp
2134 */
2135 public function getEmailAuthenticationTimestamp() {
2136 $this->load();
2137 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2138 return $this->mEmailAuthenticated;
2139 }
2140
2141 /**
2142 * Set the user's e-mail address
2143 * @param $str String New e-mail address
2144 */
2145 public function setEmail( $str ) {
2146 $this->load();
2147 if( $str == $this->mEmail ) {
2148 return;
2149 }
2150 $this->mEmail = $str;
2151 $this->invalidateEmail();
2152 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2153 }
2154
2155 /**
2156 * Set the user's e-mail address and a confirmation mail if needed.
2157 *
2158 * @since 1.20
2159 * @param $str String New e-mail address
2160 * @return Status
2161 */
2162 public function setEmailWithConfirmation( $str ) {
2163 global $wgEnableEmail, $wgEmailAuthentication;
2164
2165 if ( !$wgEnableEmail ) {
2166 return Status::newFatal( 'emaildisabled' );
2167 }
2168
2169 $oldaddr = $this->getEmail();
2170 if ( $str === $oldaddr ) {
2171 return Status::newGood( true );
2172 }
2173
2174 $this->setEmail( $str );
2175
2176 if ( $str !== '' && $wgEmailAuthentication ) {
2177 # Send a confirmation request to the new address if needed
2178 $type = $oldaddr != '' ? 'changed' : 'set';
2179 $result = $this->sendConfirmationMail( $type );
2180 if ( $result->isGood() ) {
2181 # Say the the caller that a confirmation mail has been sent
2182 $result->value = 'eauth';
2183 }
2184 } else {
2185 $result = Status::newGood( true );
2186 }
2187
2188 return $result;
2189 }
2190
2191 /**
2192 * Get the user's real name
2193 * @return String User's real name
2194 */
2195 public function getRealName() {
2196 if ( !$this->isItemLoaded( 'realname' ) ) {
2197 $this->load();
2198 }
2199
2200 return $this->mRealName;
2201 }
2202
2203 /**
2204 * Set the user's real name
2205 * @param $str String New real name
2206 */
2207 public function setRealName( $str ) {
2208 $this->load();
2209 $this->mRealName = $str;
2210 }
2211
2212 /**
2213 * Get the user's current setting for a given option.
2214 *
2215 * @param $oname String The option to check
2216 * @param $defaultOverride String A default value returned if the option does not exist
2217 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2218 * @return String User's current value for the option
2219 * @see getBoolOption()
2220 * @see getIntOption()
2221 */
2222 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2223 global $wgHiddenPrefs;
2224 $this->loadOptions();
2225
2226 if ( is_null( $this->mOptions ) ) {
2227 if($defaultOverride != '') {
2228 return $defaultOverride;
2229 }
2230 $this->mOptions = User::getDefaultOptions();
2231 }
2232
2233 # We want 'disabled' preferences to always behave as the default value for
2234 # users, even if they have set the option explicitly in their settings (ie they
2235 # set it, and then it was disabled removing their ability to change it). But
2236 # we don't want to erase the preferences in the database in case the preference
2237 # is re-enabled again. So don't touch $mOptions, just override the returned value
2238 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2239 return self::getDefaultOption( $oname );
2240 }
2241
2242 if ( array_key_exists( $oname, $this->mOptions ) ) {
2243 return $this->mOptions[$oname];
2244 } else {
2245 return $defaultOverride;
2246 }
2247 }
2248
2249 /**
2250 * Get all user's options
2251 *
2252 * @return array
2253 */
2254 public function getOptions() {
2255 global $wgHiddenPrefs;
2256 $this->loadOptions();
2257 $options = $this->mOptions;
2258
2259 # We want 'disabled' preferences to always behave as the default value for
2260 # users, even if they have set the option explicitly in their settings (ie they
2261 # set it, and then it was disabled removing their ability to change it). But
2262 # we don't want to erase the preferences in the database in case the preference
2263 # is re-enabled again. So don't touch $mOptions, just override the returned value
2264 foreach( $wgHiddenPrefs as $pref ){
2265 $default = self::getDefaultOption( $pref );
2266 if( $default !== null ){
2267 $options[$pref] = $default;
2268 }
2269 }
2270
2271 return $options;
2272 }
2273
2274 /**
2275 * Get the user's current setting for a given option, as a boolean value.
2276 *
2277 * @param $oname String The option to check
2278 * @return Bool User's current value for the option
2279 * @see getOption()
2280 */
2281 public function getBoolOption( $oname ) {
2282 return (bool)$this->getOption( $oname );
2283 }
2284
2285 /**
2286 * Get the user's current setting for a given option, as a boolean value.
2287 *
2288 * @param $oname String The option to check
2289 * @param $defaultOverride Int A default value returned if the option does not exist
2290 * @return Int User's current value for the option
2291 * @see getOption()
2292 */
2293 public function getIntOption( $oname, $defaultOverride=0 ) {
2294 $val = $this->getOption( $oname );
2295 if( $val == '' ) {
2296 $val = $defaultOverride;
2297 }
2298 return intval( $val );
2299 }
2300
2301 /**
2302 * Set the given option for a user.
2303 *
2304 * @param $oname String The option to set
2305 * @param $val mixed New value to set
2306 */
2307 public function setOption( $oname, $val ) {
2308 $this->load();
2309 $this->loadOptions();
2310
2311 // Explicitly NULL values should refer to defaults
2312 if( is_null( $val ) ) {
2313 $defaultOption = self::getDefaultOption( $oname );
2314 if( !is_null( $defaultOption ) ) {
2315 $val = $defaultOption;
2316 }
2317 }
2318
2319 $this->mOptions[$oname] = $val;
2320 }
2321
2322 /**
2323 * Reset all options to the site defaults
2324 */
2325 public function resetOptions() {
2326 $this->load();
2327
2328 $this->mOptions = self::getDefaultOptions();
2329 $this->mOptionsLoaded = true;
2330 }
2331
2332 /**
2333 * Get the user's preferred date format.
2334 * @return String User's preferred date format
2335 */
2336 public function getDatePreference() {
2337 // Important migration for old data rows
2338 if ( is_null( $this->mDatePreference ) ) {
2339 global $wgLang;
2340 $value = $this->getOption( 'date' );
2341 $map = $wgLang->getDatePreferenceMigrationMap();
2342 if ( isset( $map[$value] ) ) {
2343 $value = $map[$value];
2344 }
2345 $this->mDatePreference = $value;
2346 }
2347 return $this->mDatePreference;
2348 }
2349
2350 /**
2351 * Get the user preferred stub threshold
2352 *
2353 * @return int
2354 */
2355 public function getStubThreshold() {
2356 global $wgMaxArticleSize; # Maximum article size, in Kb
2357 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2358 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2359 # If they have set an impossible value, disable the preference
2360 # so we can use the parser cache again.
2361 $threshold = 0;
2362 }
2363 return $threshold;
2364 }
2365
2366 /**
2367 * Get the permissions this user has.
2368 * @return Array of String permission names
2369 */
2370 public function getRights() {
2371 if ( is_null( $this->mRights ) ) {
2372 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2373 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2374 // Force reindexation of rights when a hook has unset one of them
2375 $this->mRights = array_values( $this->mRights );
2376 }
2377 return $this->mRights;
2378 }
2379
2380 /**
2381 * Get the list of explicit group memberships this user has.
2382 * The implicit * and user groups are not included.
2383 * @return Array of String internal group names
2384 */
2385 public function getGroups() {
2386 $this->load();
2387 $this->loadGroups();
2388 return $this->mGroups;
2389 }
2390
2391 /**
2392 * Get the list of implicit group memberships this user has.
2393 * This includes all explicit groups, plus 'user' if logged in,
2394 * '*' for all accounts, and autopromoted groups
2395 * @param $recache Bool Whether to avoid the cache
2396 * @return Array of String internal group names
2397 */
2398 public function getEffectiveGroups( $recache = false ) {
2399 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2400 wfProfileIn( __METHOD__ );
2401 $this->mEffectiveGroups = array_unique( array_merge(
2402 $this->getGroups(), // explicit groups
2403 $this->getAutomaticGroups( $recache ) // implicit groups
2404 ) );
2405 # Hook for additional groups
2406 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2407 wfProfileOut( __METHOD__ );
2408 }
2409 return $this->mEffectiveGroups;
2410 }
2411
2412 /**
2413 * Get the list of implicit group memberships this user has.
2414 * This includes 'user' if logged in, '*' for all accounts,
2415 * and autopromoted groups
2416 * @param $recache Bool Whether to avoid the cache
2417 * @return Array of String internal group names
2418 */
2419 public function getAutomaticGroups( $recache = false ) {
2420 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2421 wfProfileIn( __METHOD__ );
2422 $this->mImplicitGroups = array( '*' );
2423 if ( $this->getId() ) {
2424 $this->mImplicitGroups[] = 'user';
2425
2426 $this->mImplicitGroups = array_unique( array_merge(
2427 $this->mImplicitGroups,
2428 Autopromote::getAutopromoteGroups( $this )
2429 ) );
2430 }
2431 if ( $recache ) {
2432 # Assure data consistency with rights/groups,
2433 # as getEffectiveGroups() depends on this function
2434 $this->mEffectiveGroups = null;
2435 }
2436 wfProfileOut( __METHOD__ );
2437 }
2438 return $this->mImplicitGroups;
2439 }
2440
2441 /**
2442 * Returns the groups the user has belonged to.
2443 *
2444 * The user may still belong to the returned groups. Compare with getGroups().
2445 *
2446 * The function will not return groups the user had belonged to before MW 1.17
2447 *
2448 * @return array Names of the groups the user has belonged to.
2449 */
2450 public function getFormerGroups() {
2451 if( is_null( $this->mFormerGroups ) ) {
2452 $dbr = wfGetDB( DB_MASTER );
2453 $res = $dbr->select( 'user_former_groups',
2454 array( 'ufg_group' ),
2455 array( 'ufg_user' => $this->mId ),
2456 __METHOD__ );
2457 $this->mFormerGroups = array();
2458 foreach( $res as $row ) {
2459 $this->mFormerGroups[] = $row->ufg_group;
2460 }
2461 }
2462 return $this->mFormerGroups;
2463 }
2464
2465 /**
2466 * Get the user's edit count.
2467 * @return Int
2468 */
2469 public function getEditCount() {
2470 if( $this->getId() ) {
2471 if ( !isset( $this->mEditCount ) ) {
2472 /* Populate the count, if it has not been populated yet */
2473 $this->mEditCount = User::edits( $this->mId );
2474 }
2475 return $this->mEditCount;
2476 } else {
2477 /* nil */
2478 return null;
2479 }
2480 }
2481
2482 /**
2483 * Add the user to the given group.
2484 * This takes immediate effect.
2485 * @param $group String Name of the group to add
2486 */
2487 public function addGroup( $group ) {
2488 if( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2489 $dbw = wfGetDB( DB_MASTER );
2490 if( $this->getId() ) {
2491 $dbw->insert( 'user_groups',
2492 array(
2493 'ug_user' => $this->getID(),
2494 'ug_group' => $group,
2495 ),
2496 __METHOD__,
2497 array( 'IGNORE' ) );
2498 }
2499 }
2500 $this->loadGroups();
2501 $this->mGroups[] = $group;
2502 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2503
2504 $this->invalidateCache();
2505 }
2506
2507 /**
2508 * Remove the user from the given group.
2509 * This takes immediate effect.
2510 * @param $group String Name of the group to remove
2511 */
2512 public function removeGroup( $group ) {
2513 $this->load();
2514 if( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2515 $dbw = wfGetDB( DB_MASTER );
2516 $dbw->delete( 'user_groups',
2517 array(
2518 'ug_user' => $this->getID(),
2519 'ug_group' => $group,
2520 ), __METHOD__ );
2521 // Remember that the user was in this group
2522 $dbw->insert( 'user_former_groups',
2523 array(
2524 'ufg_user' => $this->getID(),
2525 'ufg_group' => $group,
2526 ),
2527 __METHOD__,
2528 array( 'IGNORE' ) );
2529 }
2530 $this->loadGroups();
2531 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2532 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2533
2534 $this->invalidateCache();
2535 }
2536
2537 /**
2538 * Get whether the user is logged in
2539 * @return Bool
2540 */
2541 public function isLoggedIn() {
2542 return $this->getID() != 0;
2543 }
2544
2545 /**
2546 * Get whether the user is anonymous
2547 * @return Bool
2548 */
2549 public function isAnon() {
2550 return !$this->isLoggedIn();
2551 }
2552
2553 /**
2554 * Check if user is allowed to access a feature / make an action
2555 *
2556 * @internal param \String $varargs permissions to test
2557 * @return Boolean: True if user is allowed to perform *any* of the given actions
2558 *
2559 * @return bool
2560 */
2561 public function isAllowedAny( /*...*/ ){
2562 $permissions = func_get_args();
2563 foreach( $permissions as $permission ){
2564 if( $this->isAllowed( $permission ) ){
2565 return true;
2566 }
2567 }
2568 return false;
2569 }
2570
2571 /**
2572 *
2573 * @internal param $varargs string
2574 * @return bool True if the user is allowed to perform *all* of the given actions
2575 */
2576 public function isAllowedAll( /*...*/ ){
2577 $permissions = func_get_args();
2578 foreach( $permissions as $permission ){
2579 if( !$this->isAllowed( $permission ) ){
2580 return false;
2581 }
2582 }
2583 return true;
2584 }
2585
2586 /**
2587 * Internal mechanics of testing a permission
2588 * @param $action String
2589 * @return bool
2590 */
2591 public function isAllowed( $action = '' ) {
2592 if ( $action === '' ) {
2593 return true; // In the spirit of DWIM
2594 }
2595 # Patrolling may not be enabled
2596 if( $action === 'patrol' || $action === 'autopatrol' ) {
2597 global $wgUseRCPatrol, $wgUseNPPatrol;
2598 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2599 return false;
2600 }
2601 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2602 # by misconfiguration: 0 == 'foo'
2603 return in_array( $action, $this->getRights(), true );
2604 }
2605
2606 /**
2607 * Check whether to enable recent changes patrol features for this user
2608 * @return Boolean: True or false
2609 */
2610 public function useRCPatrol() {
2611 global $wgUseRCPatrol;
2612 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2613 }
2614
2615 /**
2616 * Check whether to enable new pages patrol features for this user
2617 * @return Bool True or false
2618 */
2619 public function useNPPatrol() {
2620 global $wgUseRCPatrol, $wgUseNPPatrol;
2621 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2622 }
2623
2624 /**
2625 * Get the WebRequest object to use with this object
2626 *
2627 * @return WebRequest
2628 */
2629 public function getRequest() {
2630 if ( $this->mRequest ) {
2631 return $this->mRequest;
2632 } else {
2633 global $wgRequest;
2634 return $wgRequest;
2635 }
2636 }
2637
2638 /**
2639 * Get the current skin, loading it if required
2640 * @return Skin The current skin
2641 * @todo FIXME: Need to check the old failback system [AV]
2642 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2643 */
2644 public function getSkin() {
2645 wfDeprecated( __METHOD__, '1.18' );
2646 return RequestContext::getMain()->getSkin();
2647 }
2648
2649 /**
2650 * Get a WatchedItem for this user and $title.
2651 *
2652 * @param $title Title
2653 * @return WatchedItem
2654 */
2655 public function getWatchedItem( $title ) {
2656 $key = $title->getNamespace() . ':' . $title->getDBkey();
2657
2658 if ( isset( $this->mWatchedItems[$key] ) ) {
2659 return $this->mWatchedItems[$key];
2660 }
2661
2662 if ( count( $this->mWatchedItems ) >= self::MAX_WATCHED_ITEMS_CACHE ) {
2663 $this->mWatchedItems = array();
2664 }
2665
2666 $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this, $title );
2667 return $this->mWatchedItems[$key];
2668 }
2669
2670 /**
2671 * Check the watched status of an article.
2672 * @param $title Title of the article to look at
2673 * @return Bool
2674 */
2675 public function isWatched( $title ) {
2676 return $this->getWatchedItem( $title )->isWatched();
2677 }
2678
2679 /**
2680 * Watch an article.
2681 * @param $title Title of the article to look at
2682 */
2683 public function addWatch( $title ) {
2684 $this->getWatchedItem( $title )->addWatch();
2685 $this->invalidateCache();
2686 }
2687
2688 /**
2689 * Stop watching an article.
2690 * @param $title Title of the article to look at
2691 */
2692 public function removeWatch( $title ) {
2693 $this->getWatchedItem( $title )->removeWatch();
2694 $this->invalidateCache();
2695 }
2696
2697 /**
2698 * Clear the user's notification timestamp for the given title.
2699 * If e-notif e-mails are on, they will receive notification mails on
2700 * the next change of the page if it's watched etc.
2701 * @param $title Title of the article to look at
2702 */
2703 public function clearNotification( &$title ) {
2704 global $wgUseEnotif, $wgShowUpdatedMarker;
2705
2706 # Do nothing if the database is locked to writes
2707 if( wfReadOnly() ) {
2708 return;
2709 }
2710
2711 if( $title->getNamespace() == NS_USER_TALK &&
2712 $title->getText() == $this->getName() ) {
2713 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2714 return;
2715 $this->setNewtalk( false );
2716 }
2717
2718 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2719 return;
2720 }
2721
2722 if( $this->isAnon() ) {
2723 // Nothing else to do...
2724 return;
2725 }
2726
2727 // Only update the timestamp if the page is being watched.
2728 // The query to find out if it is watched is cached both in memcached and per-invocation,
2729 // and when it does have to be executed, it can be on a slave
2730 // If this is the user's newtalk page, we always update the timestamp
2731 $force = '';
2732 if ( $title->getNamespace() == NS_USER_TALK &&
2733 $title->getText() == $this->getName() )
2734 {
2735 $force = 'force';
2736 }
2737
2738 $this->getWatchedItem( $title )->resetNotificationTimestamp( $force );
2739 }
2740
2741 /**
2742 * Resets all of the given user's page-change notification timestamps.
2743 * If e-notif e-mails are on, they will receive notification mails on
2744 * the next change of any watched page.
2745 */
2746 public function clearAllNotifications() {
2747 global $wgUseEnotif, $wgShowUpdatedMarker;
2748 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2749 $this->setNewtalk( false );
2750 return;
2751 }
2752 $id = $this->getId();
2753 if( $id != 0 ) {
2754 $dbw = wfGetDB( DB_MASTER );
2755 $dbw->update( 'watchlist',
2756 array( /* SET */
2757 'wl_notificationtimestamp' => null
2758 ), array( /* WHERE */
2759 'wl_user' => $id
2760 ), __METHOD__
2761 );
2762 # We also need to clear here the "you have new message" notification for the own user_talk page
2763 # This is cleared one page view later in Article::viewUpdates();
2764 }
2765 }
2766
2767 /**
2768 * Set this user's options from an encoded string
2769 * @param $str String Encoded options to import
2770 *
2771 * @deprecated in 1.19 due to removal of user_options from the user table
2772 */
2773 private function decodeOptions( $str ) {
2774 wfDeprecated( __METHOD__, '1.19' );
2775 if( !$str )
2776 return;
2777
2778 $this->mOptionsLoaded = true;
2779 $this->mOptionOverrides = array();
2780
2781 // If an option is not set in $str, use the default value
2782 $this->mOptions = self::getDefaultOptions();
2783
2784 $a = explode( "\n", $str );
2785 foreach ( $a as $s ) {
2786 $m = array();
2787 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2788 $this->mOptions[$m[1]] = $m[2];
2789 $this->mOptionOverrides[$m[1]] = $m[2];
2790 }
2791 }
2792 }
2793
2794 /**
2795 * Set a cookie on the user's client. Wrapper for
2796 * WebResponse::setCookie
2797 * @param $name String Name of the cookie to set
2798 * @param $value String Value to set
2799 * @param $exp Int Expiration time, as a UNIX time value;
2800 * if 0 or not specified, use the default $wgCookieExpiration
2801 */
2802 protected function setCookie( $name, $value, $exp = 0 ) {
2803 $this->getRequest()->response()->setcookie( $name, $value, $exp );
2804 }
2805
2806 /**
2807 * Clear a cookie on the user's client
2808 * @param $name String Name of the cookie to clear
2809 */
2810 protected function clearCookie( $name ) {
2811 $this->setCookie( $name, '', time() - 86400 );
2812 }
2813
2814 /**
2815 * Set the default cookies for this session on the user's client.
2816 *
2817 * @param $request WebRequest object to use; $wgRequest will be used if null
2818 * is passed.
2819 */
2820 public function setCookies( $request = null ) {
2821 if ( $request === null ) {
2822 $request = $this->getRequest();
2823 }
2824
2825 $this->load();
2826 if ( 0 == $this->mId ) return;
2827 if ( !$this->mToken ) {
2828 // When token is empty or NULL generate a new one and then save it to the database
2829 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
2830 // Simply by setting every cell in the user_token column to NULL and letting them be
2831 // regenerated as users log back into the wiki.
2832 $this->setToken();
2833 $this->saveSettings();
2834 }
2835 $session = array(
2836 'wsUserID' => $this->mId,
2837 'wsToken' => $this->mToken,
2838 'wsUserName' => $this->getName()
2839 );
2840 $cookies = array(
2841 'UserID' => $this->mId,
2842 'UserName' => $this->getName(),
2843 );
2844 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2845 $cookies['Token'] = $this->mToken;
2846 } else {
2847 $cookies['Token'] = false;
2848 }
2849
2850 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2851
2852 foreach ( $session as $name => $value ) {
2853 $request->setSessionData( $name, $value );
2854 }
2855 foreach ( $cookies as $name => $value ) {
2856 if ( $value === false ) {
2857 $this->clearCookie( $name );
2858 } else {
2859 $this->setCookie( $name, $value );
2860 }
2861 }
2862 }
2863
2864 /**
2865 * Log this user out.
2866 */
2867 public function logout() {
2868 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2869 $this->doLogout();
2870 }
2871 }
2872
2873 /**
2874 * Clear the user's cookies and session, and reset the instance cache.
2875 * @see logout()
2876 */
2877 public function doLogout() {
2878 $this->clearInstanceCache( 'defaults' );
2879
2880 $this->getRequest()->setSessionData( 'wsUserID', 0 );
2881
2882 $this->clearCookie( 'UserID' );
2883 $this->clearCookie( 'Token' );
2884
2885 # Remember when user logged out, to prevent seeing cached pages
2886 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2887 }
2888
2889 /**
2890 * Save this user's settings into the database.
2891 * @todo Only rarely do all these fields need to be set!
2892 */
2893 public function saveSettings() {
2894 global $wgAuth;
2895
2896 $this->load();
2897 if ( wfReadOnly() ) { return; }
2898 if ( 0 == $this->mId ) { return; }
2899
2900 $this->mTouched = self::newTouchedTimestamp();
2901 if ( !$wgAuth->allowSetLocalPassword() ) {
2902 $this->mPassword = '';
2903 }
2904
2905 $dbw = wfGetDB( DB_MASTER );
2906 $dbw->update( 'user',
2907 array( /* SET */
2908 'user_name' => $this->mName,
2909 'user_password' => $this->mPassword,
2910 'user_newpassword' => $this->mNewpassword,
2911 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2912 'user_real_name' => $this->mRealName,
2913 'user_email' => $this->mEmail,
2914 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2915 'user_touched' => $dbw->timestamp( $this->mTouched ),
2916 'user_token' => strval( $this->mToken ),
2917 'user_email_token' => $this->mEmailToken,
2918 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2919 ), array( /* WHERE */
2920 'user_id' => $this->mId
2921 ), __METHOD__
2922 );
2923
2924 $this->saveOptions();
2925
2926 wfRunHooks( 'UserSaveSettings', array( $this ) );
2927 $this->clearSharedCache();
2928 $this->getUserPage()->invalidateCache();
2929 }
2930
2931 /**
2932 * If only this user's username is known, and it exists, return the user ID.
2933 * @return Int
2934 */
2935 public function idForName() {
2936 $s = trim( $this->getName() );
2937 if ( $s === '' ) return 0;
2938
2939 $dbr = wfGetDB( DB_SLAVE );
2940 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2941 if ( $id === false ) {
2942 $id = 0;
2943 }
2944 return $id;
2945 }
2946
2947 /**
2948 * Add a user to the database, return the user object
2949 *
2950 * @param $name String Username to add
2951 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2952 * - password The user's password hash. Password logins will be disabled if this is omitted.
2953 * - newpassword Hash for a temporary password that has been mailed to the user
2954 * - email The user's email address
2955 * - email_authenticated The email authentication timestamp
2956 * - real_name The user's real name
2957 * - options An associative array of non-default options
2958 * - token Random authentication token. Do not set.
2959 * - registration Registration timestamp. Do not set.
2960 *
2961 * @return User object, or null if the username already exists
2962 */
2963 public static function createNew( $name, $params = array() ) {
2964 $user = new User;
2965 $user->load();
2966 if ( isset( $params['options'] ) ) {
2967 $user->mOptions = $params['options'] + (array)$user->mOptions;
2968 unset( $params['options'] );
2969 }
2970 $dbw = wfGetDB( DB_MASTER );
2971 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2972
2973 $fields = array(
2974 'user_id' => $seqVal,
2975 'user_name' => $name,
2976 'user_password' => $user->mPassword,
2977 'user_newpassword' => $user->mNewpassword,
2978 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2979 'user_email' => $user->mEmail,
2980 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2981 'user_real_name' => $user->mRealName,
2982 'user_token' => strval( $user->mToken ),
2983 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2984 'user_editcount' => 0,
2985 'user_touched' => $dbw->timestamp( self::newTouchedTimestamp() ),
2986 );
2987 foreach ( $params as $name => $value ) {
2988 $fields["user_$name"] = $value;
2989 }
2990 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2991 if ( $dbw->affectedRows() ) {
2992 $newUser = User::newFromId( $dbw->insertId() );
2993 } else {
2994 $newUser = null;
2995 }
2996 return $newUser;
2997 }
2998
2999 /**
3000 * Add this existing user object to the database
3001 */
3002 public function addToDatabase() {
3003 $this->load();
3004
3005 $this->mTouched = self::newTouchedTimestamp();
3006
3007 $dbw = wfGetDB( DB_MASTER );
3008 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3009 $dbw->insert( 'user',
3010 array(
3011 'user_id' => $seqVal,
3012 'user_name' => $this->mName,
3013 'user_password' => $this->mPassword,
3014 'user_newpassword' => $this->mNewpassword,
3015 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
3016 'user_email' => $this->mEmail,
3017 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
3018 'user_real_name' => $this->mRealName,
3019 'user_token' => strval( $this->mToken ),
3020 'user_registration' => $dbw->timestamp( $this->mRegistration ),
3021 'user_editcount' => 0,
3022 'user_touched' => $dbw->timestamp( $this->mTouched ),
3023 ), __METHOD__
3024 );
3025 $this->mId = $dbw->insertId();
3026
3027 // Clear instance cache other than user table data, which is already accurate
3028 $this->clearInstanceCache();
3029
3030 $this->saveOptions();
3031 }
3032
3033 /**
3034 * If this user is logged-in and blocked,
3035 * block any IP address they've successfully logged in from.
3036 * @return bool A block was spread
3037 */
3038 public function spreadAnyEditBlock() {
3039 if ( $this->isLoggedIn() && $this->isBlocked() ) {
3040 return $this->spreadBlock();
3041 }
3042 return false;
3043 }
3044
3045 /**
3046 * If this (non-anonymous) user is blocked,
3047 * block the IP address they've successfully logged in from.
3048 * @return bool A block was spread
3049 */
3050 protected function spreadBlock() {
3051 wfDebug( __METHOD__ . "()\n" );
3052 $this->load();
3053 if ( $this->mId == 0 ) {
3054 return false;
3055 }
3056
3057 $userblock = Block::newFromTarget( $this->getName() );
3058 if ( !$userblock ) {
3059 return false;
3060 }
3061
3062 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
3063 }
3064
3065 /**
3066 * Generate a string which will be different for any combination of
3067 * user options which would produce different parser output.
3068 * This will be used as part of the hash key for the parser cache,
3069 * so users with the same options can share the same cached data
3070 * safely.
3071 *
3072 * Extensions which require it should install 'PageRenderingHash' hook,
3073 * which will give them a chance to modify this key based on their own
3074 * settings.
3075 *
3076 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
3077 * @return String Page rendering hash
3078 */
3079 public function getPageRenderingHash() {
3080 wfDeprecated( __METHOD__, '1.17' );
3081
3082 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
3083 if( $this->mHash ){
3084 return $this->mHash;
3085 }
3086
3087 // stubthreshold is only included below for completeness,
3088 // since it disables the parser cache, its value will always
3089 // be 0 when this function is called by parsercache.
3090
3091 $confstr = $this->getOption( 'math' );
3092 $confstr .= '!' . $this->getStubThreshold();
3093 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
3094 $confstr .= '!' . $this->getDatePreference();
3095 }
3096 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
3097 $confstr .= '!' . $wgLang->getCode();
3098 $confstr .= '!' . $this->getOption( 'thumbsize' );
3099 // add in language specific options, if any
3100 $extra = $wgContLang->getExtraHashOptions();
3101 $confstr .= $extra;
3102
3103 // Since the skin could be overloading link(), it should be
3104 // included here but in practice, none of our skins do that.
3105
3106 $confstr .= $wgRenderHashAppend;
3107
3108 // Give a chance for extensions to modify the hash, if they have
3109 // extra options or other effects on the parser cache.
3110 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3111
3112 // Make it a valid memcached key fragment
3113 $confstr = str_replace( ' ', '_', $confstr );
3114 $this->mHash = $confstr;
3115 return $confstr;
3116 }
3117
3118 /**
3119 * Get whether the user is explicitly blocked from account creation.
3120 * @return Bool|Block
3121 */
3122 public function isBlockedFromCreateAccount() {
3123 $this->getBlockedStatus();
3124 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
3125 return $this->mBlock;
3126 }
3127
3128 # bug 13611: if the IP address the user is trying to create an account from is
3129 # blocked with createaccount disabled, prevent new account creation there even
3130 # when the user is logged in
3131 if( $this->mBlockedFromCreateAccount === false ){
3132 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3133 }
3134 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3135 ? $this->mBlockedFromCreateAccount
3136 : false;
3137 }
3138
3139 /**
3140 * Get whether the user is blocked from using Special:Emailuser.
3141 * @return Bool
3142 */
3143 public function isBlockedFromEmailuser() {
3144 $this->getBlockedStatus();
3145 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3146 }
3147
3148 /**
3149 * Get whether the user is allowed to create an account.
3150 * @return Bool
3151 */
3152 function isAllowedToCreateAccount() {
3153 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3154 }
3155
3156 /**
3157 * Get this user's personal page title.
3158 *
3159 * @return Title: User's personal page title
3160 */
3161 public function getUserPage() {
3162 return Title::makeTitle( NS_USER, $this->getName() );
3163 }
3164
3165 /**
3166 * Get this user's talk page title.
3167 *
3168 * @return Title: User's talk page title
3169 */
3170 public function getTalkPage() {
3171 $title = $this->getUserPage();
3172 return $title->getTalkPage();
3173 }
3174
3175 /**
3176 * Determine whether the user is a newbie. Newbies are either
3177 * anonymous IPs, or the most recently created accounts.
3178 * @return Bool
3179 */
3180 public function isNewbie() {
3181 return !$this->isAllowed( 'autoconfirmed' );
3182 }
3183
3184 /**
3185 * Check to see if the given clear-text password is one of the accepted passwords
3186 * @param $password String: user password.
3187 * @return Boolean: True if the given password is correct, otherwise False.
3188 */
3189 public function checkPassword( $password ) {
3190 global $wgAuth, $wgLegacyEncoding;
3191 $this->load();
3192
3193 // Even though we stop people from creating passwords that
3194 // are shorter than this, doesn't mean people wont be able
3195 // to. Certain authentication plugins do NOT want to save
3196 // domain passwords in a mysql database, so we should
3197 // check this (in case $wgAuth->strict() is false).
3198 if( !$this->isValidPassword( $password ) ) {
3199 return false;
3200 }
3201
3202 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
3203 return true;
3204 } elseif( $wgAuth->strict() ) {
3205 /* Auth plugin doesn't allow local authentication */
3206 return false;
3207 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
3208 /* Auth plugin doesn't allow local authentication for this user name */
3209 return false;
3210 }
3211 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3212 return true;
3213 } elseif ( $wgLegacyEncoding ) {
3214 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3215 # Check for this with iconv
3216 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3217 if ( $cp1252Password != $password &&
3218 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3219 {
3220 return true;
3221 }
3222 }
3223 return false;
3224 }
3225
3226 /**
3227 * Check if the given clear-text password matches the temporary password
3228 * sent by e-mail for password reset operations.
3229 *
3230 * @param $plaintext string
3231 *
3232 * @return Boolean: True if matches, false otherwise
3233 */
3234 public function checkTemporaryPassword( $plaintext ) {
3235 global $wgNewPasswordExpiry;
3236
3237 $this->load();
3238 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3239 if ( is_null( $this->mNewpassTime ) ) {
3240 return true;
3241 }
3242 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3243 return ( time() < $expiry );
3244 } else {
3245 return false;
3246 }
3247 }
3248
3249 /**
3250 * Alias for getEditToken.
3251 * @deprecated since 1.19, use getEditToken instead.
3252 *
3253 * @param $salt String|Array of Strings Optional function-specific data for hashing
3254 * @param $request WebRequest object to use or null to use $wgRequest
3255 * @return String The new edit token
3256 */
3257 public function editToken( $salt = '', $request = null ) {
3258 wfDeprecated( __METHOD__, '1.19' );
3259 return $this->getEditToken( $salt, $request );
3260 }
3261
3262 /**
3263 * Initialize (if necessary) and return a session token value
3264 * which can be used in edit forms to show that the user's
3265 * login credentials aren't being hijacked with a foreign form
3266 * submission.
3267 *
3268 * @since 1.19
3269 *
3270 * @param $salt String|Array of Strings Optional function-specific data for hashing
3271 * @param $request WebRequest object to use or null to use $wgRequest
3272 * @return String The new edit token
3273 */
3274 public function getEditToken( $salt = '', $request = null ) {
3275 if ( $request == null ) {
3276 $request = $this->getRequest();
3277 }
3278
3279 if ( $this->isAnon() ) {
3280 return EDIT_TOKEN_SUFFIX;
3281 } else {
3282 $token = $request->getSessionData( 'wsEditToken' );
3283 if ( $token === null ) {
3284 $token = MWCryptRand::generateHex( 32 );
3285 $request->setSessionData( 'wsEditToken', $token );
3286 }
3287 if( is_array( $salt ) ) {
3288 $salt = implode( '|', $salt );
3289 }
3290 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3291 }
3292 }
3293
3294 /**
3295 * Generate a looking random token for various uses.
3296 *
3297 * @param $salt String Optional salt value
3298 * @return String The new random token
3299 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
3300 */
3301 public static function generateToken( $salt = '' ) {
3302 return MWCryptRand::generateHex( 32 );
3303 }
3304
3305 /**
3306 * Check given value against the token value stored in the session.
3307 * A match should confirm that the form was submitted from the
3308 * user's own login session, not a form submission from a third-party
3309 * site.
3310 *
3311 * @param $val String Input value to compare
3312 * @param $salt String Optional function-specific data for hashing
3313 * @param $request WebRequest object to use or null to use $wgRequest
3314 * @return Boolean: Whether the token matches
3315 */
3316 public function matchEditToken( $val, $salt = '', $request = null ) {
3317 $sessionToken = $this->getEditToken( $salt, $request );
3318 if ( $val != $sessionToken ) {
3319 wfDebug( "User::matchEditToken: broken session data\n" );
3320 }
3321 return $val == $sessionToken;
3322 }
3323
3324 /**
3325 * Check given value against the token value stored in the session,
3326 * ignoring the suffix.
3327 *
3328 * @param $val String Input value to compare
3329 * @param $salt String Optional function-specific data for hashing
3330 * @param $request WebRequest object to use or null to use $wgRequest
3331 * @return Boolean: Whether the token matches
3332 */
3333 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3334 $sessionToken = $this->getEditToken( $salt, $request );
3335 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3336 }
3337
3338 /**
3339 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3340 * mail to the user's given address.
3341 *
3342 * @param $type String: message to send, either "created", "changed" or "set"
3343 * @return Status object
3344 */
3345 public function sendConfirmationMail( $type = 'created' ) {
3346 global $wgLang;
3347 $expiration = null; // gets passed-by-ref and defined in next line.
3348 $token = $this->confirmationToken( $expiration );
3349 $url = $this->confirmationTokenUrl( $token );
3350 $invalidateURL = $this->invalidationTokenUrl( $token );
3351 $this->saveSettings();
3352
3353 if ( $type == 'created' || $type === false ) {
3354 $message = 'confirmemail_body';
3355 } elseif ( $type === true ) {
3356 $message = 'confirmemail_body_changed';
3357 } else {
3358 $message = 'confirmemail_body_' . $type;
3359 }
3360
3361 return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
3362 wfMessage( $message,
3363 $this->getRequest()->getIP(),
3364 $this->getName(),
3365 $url,
3366 $wgLang->timeanddate( $expiration, false ),
3367 $invalidateURL,
3368 $wgLang->date( $expiration, false ),
3369 $wgLang->time( $expiration, false ) )->text() );
3370 }
3371
3372 /**
3373 * Send an e-mail to this user's account. Does not check for
3374 * confirmed status or validity.
3375 *
3376 * @param $subject String Message subject
3377 * @param $body String Message body
3378 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3379 * @param $replyto String Reply-To address
3380 * @return Status
3381 */
3382 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3383 if( is_null( $from ) ) {
3384 global $wgPasswordSender, $wgPasswordSenderName;
3385 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3386 } else {
3387 $sender = new MailAddress( $from );
3388 }
3389
3390 $to = new MailAddress( $this );
3391 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3392 }
3393
3394 /**
3395 * Generate, store, and return a new e-mail confirmation code.
3396 * A hash (unsalted, since it's used as a key) is stored.
3397 *
3398 * @note Call saveSettings() after calling this function to commit
3399 * this change to the database.
3400 *
3401 * @param &$expiration \mixed Accepts the expiration time
3402 * @return String New token
3403 */
3404 private function confirmationToken( &$expiration ) {
3405 global $wgUserEmailConfirmationTokenExpiry;
3406 $now = time();
3407 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3408 $expiration = wfTimestamp( TS_MW, $expires );
3409 $this->load();
3410 $token = MWCryptRand::generateHex( 32 );
3411 $hash = md5( $token );
3412 $this->mEmailToken = $hash;
3413 $this->mEmailTokenExpires = $expiration;
3414 return $token;
3415 }
3416
3417 /**
3418 * Return a URL the user can use to confirm their email address.
3419 * @param $token String Accepts the email confirmation token
3420 * @return String New token URL
3421 */
3422 private function confirmationTokenUrl( $token ) {
3423 return $this->getTokenUrl( 'ConfirmEmail', $token );
3424 }
3425
3426 /**
3427 * Return a URL the user can use to invalidate their email address.
3428 * @param $token String Accepts the email confirmation token
3429 * @return String New token URL
3430 */
3431 private function invalidationTokenUrl( $token ) {
3432 return $this->getTokenUrl( 'InvalidateEmail', $token );
3433 }
3434
3435 /**
3436 * Internal function to format the e-mail validation/invalidation URLs.
3437 * This uses a quickie hack to use the
3438 * hardcoded English names of the Special: pages, for ASCII safety.
3439 *
3440 * @note Since these URLs get dropped directly into emails, using the
3441 * short English names avoids insanely long URL-encoded links, which
3442 * also sometimes can get corrupted in some browsers/mailers
3443 * (bug 6957 with Gmail and Internet Explorer).
3444 *
3445 * @param $page String Special page
3446 * @param $token String Token
3447 * @return String Formatted URL
3448 */
3449 protected function getTokenUrl( $page, $token ) {
3450 // Hack to bypass localization of 'Special:'
3451 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3452 return $title->getCanonicalUrl();
3453 }
3454
3455 /**
3456 * Mark the e-mail address confirmed.
3457 *
3458 * @note Call saveSettings() after calling this function to commit the change.
3459 *
3460 * @return bool
3461 */
3462 public function confirmEmail() {
3463 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3464 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3465 return true;
3466 }
3467
3468 /**
3469 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3470 * address if it was already confirmed.
3471 *
3472 * @note Call saveSettings() after calling this function to commit the change.
3473 * @return bool Returns true
3474 */
3475 function invalidateEmail() {
3476 $this->load();
3477 $this->mEmailToken = null;
3478 $this->mEmailTokenExpires = null;
3479 $this->setEmailAuthenticationTimestamp( null );
3480 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3481 return true;
3482 }
3483
3484 /**
3485 * Set the e-mail authentication timestamp.
3486 * @param $timestamp String TS_MW timestamp
3487 */
3488 function setEmailAuthenticationTimestamp( $timestamp ) {
3489 $this->load();
3490 $this->mEmailAuthenticated = $timestamp;
3491 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3492 }
3493
3494 /**
3495 * Is this user allowed to send e-mails within limits of current
3496 * site configuration?
3497 * @return Bool
3498 */
3499 public function canSendEmail() {
3500 global $wgEnableEmail, $wgEnableUserEmail;
3501 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3502 return false;
3503 }
3504 $canSend = $this->isEmailConfirmed();
3505 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3506 return $canSend;
3507 }
3508
3509 /**
3510 * Is this user allowed to receive e-mails within limits of current
3511 * site configuration?
3512 * @return Bool
3513 */
3514 public function canReceiveEmail() {
3515 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3516 }
3517
3518 /**
3519 * Is this user's e-mail address valid-looking and confirmed within
3520 * limits of the current site configuration?
3521 *
3522 * @note If $wgEmailAuthentication is on, this may require the user to have
3523 * confirmed their address by returning a code or using a password
3524 * sent to the address from the wiki.
3525 *
3526 * @return Bool
3527 */
3528 public function isEmailConfirmed() {
3529 global $wgEmailAuthentication;
3530 $this->load();
3531 $confirmed = true;
3532 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3533 if( $this->isAnon() ) {
3534 return false;
3535 }
3536 if( !Sanitizer::validateEmail( $this->mEmail ) ) {
3537 return false;
3538 }
3539 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3540 return false;
3541 }
3542 return true;
3543 } else {
3544 return $confirmed;
3545 }
3546 }
3547
3548 /**
3549 * Check whether there is an outstanding request for e-mail confirmation.
3550 * @return Bool
3551 */
3552 public function isEmailConfirmationPending() {
3553 global $wgEmailAuthentication;
3554 return $wgEmailAuthentication &&
3555 !$this->isEmailConfirmed() &&
3556 $this->mEmailToken &&
3557 $this->mEmailTokenExpires > wfTimestamp();
3558 }
3559
3560 /**
3561 * Get the timestamp of account creation.
3562 *
3563 * @return String|Bool Timestamp of account creation, or false for
3564 * non-existent/anonymous user accounts.
3565 */
3566 public function getRegistration() {
3567 if ( $this->isAnon() ) {
3568 return false;
3569 }
3570 $this->load();
3571 return $this->mRegistration;
3572 }
3573
3574 /**
3575 * Get the timestamp of the first edit
3576 *
3577 * @return String|Bool Timestamp of first edit, or false for
3578 * non-existent/anonymous user accounts.
3579 */
3580 public function getFirstEditTimestamp() {
3581 if( $this->getId() == 0 ) {
3582 return false; // anons
3583 }
3584 $dbr = wfGetDB( DB_SLAVE );
3585 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3586 array( 'rev_user' => $this->getId() ),
3587 __METHOD__,
3588 array( 'ORDER BY' => 'rev_timestamp ASC' )
3589 );
3590 if( !$time ) {
3591 return false; // no edits
3592 }
3593 return wfTimestamp( TS_MW, $time );
3594 }
3595
3596 /**
3597 * Get the permissions associated with a given list of groups
3598 *
3599 * @param $groups Array of Strings List of internal group names
3600 * @return Array of Strings List of permission key names for given groups combined
3601 */
3602 public static function getGroupPermissions( $groups ) {
3603 global $wgGroupPermissions, $wgRevokePermissions;
3604 $rights = array();
3605 // grant every granted permission first
3606 foreach( $groups as $group ) {
3607 if( isset( $wgGroupPermissions[$group] ) ) {
3608 $rights = array_merge( $rights,
3609 // array_filter removes empty items
3610 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3611 }
3612 }
3613 // now revoke the revoked permissions
3614 foreach( $groups as $group ) {
3615 if( isset( $wgRevokePermissions[$group] ) ) {
3616 $rights = array_diff( $rights,
3617 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3618 }
3619 }
3620 return array_unique( $rights );
3621 }
3622
3623 /**
3624 * Get all the groups who have a given permission
3625 *
3626 * @param $role String Role to check
3627 * @return Array of Strings List of internal group names with the given permission
3628 */
3629 public static function getGroupsWithPermission( $role ) {
3630 global $wgGroupPermissions;
3631 $allowedGroups = array();
3632 foreach ( $wgGroupPermissions as $group => $rights ) {
3633 if ( isset( $rights[$role] ) && $rights[$role] ) {
3634 $allowedGroups[] = $group;
3635 }
3636 }
3637 return $allowedGroups;
3638 }
3639
3640 /**
3641 * Get the localized descriptive name for a group, if it exists
3642 *
3643 * @param $group String Internal group name
3644 * @return String Localized descriptive group name
3645 */
3646 public static function getGroupName( $group ) {
3647 $msg = wfMessage( "group-$group" );
3648 return $msg->isBlank() ? $group : $msg->text();
3649 }
3650
3651 /**
3652 * Get the localized descriptive name for a member of a group, if it exists
3653 *
3654 * @param $group String Internal group name
3655 * @param $username String Username for gender (since 1.19)
3656 * @return String Localized name for group member
3657 */
3658 public static function getGroupMember( $group, $username = '#' ) {
3659 $msg = wfMessage( "group-$group-member", $username );
3660 return $msg->isBlank() ? $group : $msg->text();
3661 }
3662
3663 /**
3664 * Return the set of defined explicit groups.
3665 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3666 * are not included, as they are defined automatically, not in the database.
3667 * @return Array of internal group names
3668 */
3669 public static function getAllGroups() {
3670 global $wgGroupPermissions, $wgRevokePermissions;
3671 return array_diff(
3672 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3673 self::getImplicitGroups()
3674 );
3675 }
3676
3677 /**
3678 * Get a list of all available permissions.
3679 * @return Array of permission names
3680 */
3681 public static function getAllRights() {
3682 if ( self::$mAllRights === false ) {
3683 global $wgAvailableRights;
3684 if ( count( $wgAvailableRights ) ) {
3685 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3686 } else {
3687 self::$mAllRights = self::$mCoreRights;
3688 }
3689 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3690 }
3691 return self::$mAllRights;
3692 }
3693
3694 /**
3695 * Get a list of implicit groups
3696 * @return Array of Strings Array of internal group names
3697 */
3698 public static function getImplicitGroups() {
3699 global $wgImplicitGroups;
3700 $groups = $wgImplicitGroups;
3701 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3702 return $groups;
3703 }
3704
3705 /**
3706 * Get the title of a page describing a particular group
3707 *
3708 * @param $group String Internal group name
3709 * @return Title|Bool Title of the page if it exists, false otherwise
3710 */
3711 public static function getGroupPage( $group ) {
3712 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3713 if( $msg->exists() ) {
3714 $title = Title::newFromText( $msg->text() );
3715 if( is_object( $title ) )
3716 return $title;
3717 }
3718 return false;
3719 }
3720
3721 /**
3722 * Create a link to the group in HTML, if available;
3723 * else return the group name.
3724 *
3725 * @param $group String Internal name of the group
3726 * @param $text String The text of the link
3727 * @return String HTML link to the group
3728 */
3729 public static function makeGroupLinkHTML( $group, $text = '' ) {
3730 if( $text == '' ) {
3731 $text = self::getGroupName( $group );
3732 }
3733 $title = self::getGroupPage( $group );
3734 if( $title ) {
3735 return Linker::link( $title, htmlspecialchars( $text ) );
3736 } else {
3737 return $text;
3738 }
3739 }
3740
3741 /**
3742 * Create a link to the group in Wikitext, if available;
3743 * else return the group name.
3744 *
3745 * @param $group String Internal name of the group
3746 * @param $text String The text of the link
3747 * @return String Wikilink to the group
3748 */
3749 public static function makeGroupLinkWiki( $group, $text = '' ) {
3750 if( $text == '' ) {
3751 $text = self::getGroupName( $group );
3752 }
3753 $title = self::getGroupPage( $group );
3754 if( $title ) {
3755 $page = $title->getPrefixedText();
3756 return "[[$page|$text]]";
3757 } else {
3758 return $text;
3759 }
3760 }
3761
3762 /**
3763 * Returns an array of the groups that a particular group can add/remove.
3764 *
3765 * @param $group String: the group to check for whether it can add/remove
3766 * @return Array array( 'add' => array( addablegroups ),
3767 * 'remove' => array( removablegroups ),
3768 * 'add-self' => array( addablegroups to self),
3769 * 'remove-self' => array( removable groups from self) )
3770 */
3771 public static function changeableByGroup( $group ) {
3772 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3773
3774 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3775 if( empty( $wgAddGroups[$group] ) ) {
3776 // Don't add anything to $groups
3777 } elseif( $wgAddGroups[$group] === true ) {
3778 // You get everything
3779 $groups['add'] = self::getAllGroups();
3780 } elseif( is_array( $wgAddGroups[$group] ) ) {
3781 $groups['add'] = $wgAddGroups[$group];
3782 }
3783
3784 // Same thing for remove
3785 if( empty( $wgRemoveGroups[$group] ) ) {
3786 } elseif( $wgRemoveGroups[$group] === true ) {
3787 $groups['remove'] = self::getAllGroups();
3788 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3789 $groups['remove'] = $wgRemoveGroups[$group];
3790 }
3791
3792 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3793 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3794 foreach( $wgGroupsAddToSelf as $key => $value ) {
3795 if( is_int( $key ) ) {
3796 $wgGroupsAddToSelf['user'][] = $value;
3797 }
3798 }
3799 }
3800
3801 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3802 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3803 if( is_int( $key ) ) {
3804 $wgGroupsRemoveFromSelf['user'][] = $value;
3805 }
3806 }
3807 }
3808
3809 // Now figure out what groups the user can add to him/herself
3810 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3811 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3812 // No idea WHY this would be used, but it's there
3813 $groups['add-self'] = User::getAllGroups();
3814 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3815 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3816 }
3817
3818 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3819 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3820 $groups['remove-self'] = User::getAllGroups();
3821 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3822 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3823 }
3824
3825 return $groups;
3826 }
3827
3828 /**
3829 * Returns an array of groups that this user can add and remove
3830 * @return Array array( 'add' => array( addablegroups ),
3831 * 'remove' => array( removablegroups ),
3832 * 'add-self' => array( addablegroups to self),
3833 * 'remove-self' => array( removable groups from self) )
3834 */
3835 public function changeableGroups() {
3836 if( $this->isAllowed( 'userrights' ) ) {
3837 // This group gives the right to modify everything (reverse-
3838 // compatibility with old "userrights lets you change
3839 // everything")
3840 // Using array_merge to make the groups reindexed
3841 $all = array_merge( User::getAllGroups() );
3842 return array(
3843 'add' => $all,
3844 'remove' => $all,
3845 'add-self' => array(),
3846 'remove-self' => array()
3847 );
3848 }
3849
3850 // Okay, it's not so simple, we will have to go through the arrays
3851 $groups = array(
3852 'add' => array(),
3853 'remove' => array(),
3854 'add-self' => array(),
3855 'remove-self' => array()
3856 );
3857 $addergroups = $this->getEffectiveGroups();
3858
3859 foreach( $addergroups as $addergroup ) {
3860 $groups = array_merge_recursive(
3861 $groups, $this->changeableByGroup( $addergroup )
3862 );
3863 $groups['add'] = array_unique( $groups['add'] );
3864 $groups['remove'] = array_unique( $groups['remove'] );
3865 $groups['add-self'] = array_unique( $groups['add-self'] );
3866 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3867 }
3868 return $groups;
3869 }
3870
3871 /**
3872 * Increment the user's edit-count field.
3873 * Will have no effect for anonymous users.
3874 */
3875 public function incEditCount() {
3876 if( !$this->isAnon() ) {
3877 $dbw = wfGetDB( DB_MASTER );
3878 $dbw->update( 'user',
3879 array( 'user_editcount=user_editcount+1' ),
3880 array( 'user_id' => $this->getId() ),
3881 __METHOD__ );
3882
3883 // Lazy initialization check...
3884 if( $dbw->affectedRows() == 0 ) {
3885 // Pull from a slave to be less cruel to servers
3886 // Accuracy isn't the point anyway here
3887 $dbr = wfGetDB( DB_SLAVE );
3888 $count = $dbr->selectField( 'revision',
3889 'COUNT(rev_user)',
3890 array( 'rev_user' => $this->getId() ),
3891 __METHOD__ );
3892
3893 // Now here's a goddamn hack...
3894 if( $dbr !== $dbw ) {
3895 // If we actually have a slave server, the count is
3896 // at least one behind because the current transaction
3897 // has not been committed and replicated.
3898 $count++;
3899 } else {
3900 // But if DB_SLAVE is selecting the master, then the
3901 // count we just read includes the revision that was
3902 // just added in the working transaction.
3903 }
3904
3905 $dbw->update( 'user',
3906 array( 'user_editcount' => $count ),
3907 array( 'user_id' => $this->getId() ),
3908 __METHOD__ );
3909 }
3910 }
3911 // edit count in user cache too
3912 $this->invalidateCache();
3913 }
3914
3915 /**
3916 * Get the description of a given right
3917 *
3918 * @param $right String Right to query
3919 * @return String Localized description of the right
3920 */
3921 public static function getRightDescription( $right ) {
3922 $key = "right-$right";
3923 $msg = wfMessage( $key );
3924 return $msg->isBlank() ? $right : $msg->text();
3925 }
3926
3927 /**
3928 * Make an old-style password hash
3929 *
3930 * @param $password String Plain-text password
3931 * @param $userId String User ID
3932 * @return String Password hash
3933 */
3934 public static function oldCrypt( $password, $userId ) {
3935 global $wgPasswordSalt;
3936 if ( $wgPasswordSalt ) {
3937 return md5( $userId . '-' . md5( $password ) );
3938 } else {
3939 return md5( $password );
3940 }
3941 }
3942
3943 /**
3944 * Make a new-style password hash
3945 *
3946 * @param $password String Plain-text password
3947 * @param bool|string $salt Optional salt, may be random or the user ID.
3948
3949 * If unspecified or false, will generate one automatically
3950 * @return String Password hash
3951 */
3952 public static function crypt( $password, $salt = false ) {
3953 global $wgPasswordSalt;
3954
3955 $hash = '';
3956 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3957 return $hash;
3958 }
3959
3960 if( $wgPasswordSalt ) {
3961 if ( $salt === false ) {
3962 $salt = MWCryptRand::generateHex( 8 );
3963 }
3964 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3965 } else {
3966 return ':A:' . md5( $password );
3967 }
3968 }
3969
3970 /**
3971 * Compare a password hash with a plain-text password. Requires the user
3972 * ID if there's a chance that the hash is an old-style hash.
3973 *
3974 * @param $hash String Password hash
3975 * @param $password String Plain-text password to compare
3976 * @param $userId String|bool User ID for old-style password salt
3977 *
3978 * @return Boolean
3979 */
3980 public static function comparePasswords( $hash, $password, $userId = false ) {
3981 $type = substr( $hash, 0, 3 );
3982
3983 $result = false;
3984 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3985 return $result;
3986 }
3987
3988 if ( $type == ':A:' ) {
3989 # Unsalted
3990 return md5( $password ) === substr( $hash, 3 );
3991 } elseif ( $type == ':B:' ) {
3992 # Salted
3993 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3994 return md5( $salt.'-'.md5( $password ) ) === $realHash;
3995 } else {
3996 # Old-style
3997 return self::oldCrypt( $password, $userId ) === $hash;
3998 }
3999 }
4000
4001 /**
4002 * Add a newuser log entry for this user. Before 1.19 the return value was always true.
4003 *
4004 * @param $byEmail Boolean: account made by email?
4005 * @param $reason String: user supplied reason
4006 *
4007 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
4008 */
4009 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
4010 global $wgUser, $wgContLang, $wgNewUserLog;
4011 if( empty( $wgNewUserLog ) ) {
4012 return true; // disabled
4013 }
4014
4015 if( $this->getName() == $wgUser->getName() ) {
4016 $action = 'create';
4017 } else {
4018 $action = 'create2';
4019 if ( $byEmail ) {
4020 if ( $reason === '' ) {
4021 $reason = wfMessage( 'newuserlog-byemail' )->inContentLanguage()->text();
4022 } else {
4023 $reason = $wgContLang->commaList( array(
4024 $reason, wfMessage( 'newuserlog-byemail' )->inContentLanguage()->text() ) );
4025 }
4026 }
4027 }
4028 $log = new LogPage( 'newusers' );
4029 return (int)$log->addEntry(
4030 $action,
4031 $this->getUserPage(),
4032 $reason,
4033 array( $this->getId() )
4034 );
4035 }
4036
4037 /**
4038 * Add an autocreate newuser log entry for this user
4039 * Used by things like CentralAuth and perhaps other authplugins.
4040 *
4041 * @return bool
4042 */
4043 public function addNewUserLogEntryAutoCreate() {
4044 global $wgNewUserLog;
4045 if( !$wgNewUserLog ) {
4046 return true; // disabled
4047 }
4048 $log = new LogPage( 'newusers', false );
4049 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ), $this );
4050 return true;
4051 }
4052
4053 /**
4054 * @todo document
4055 */
4056 protected function loadOptions() {
4057 $this->load();
4058 if ( $this->mOptionsLoaded || !$this->getId() )
4059 return;
4060
4061 $this->mOptions = self::getDefaultOptions();
4062
4063 // Maybe load from the object
4064 if ( !is_null( $this->mOptionOverrides ) ) {
4065 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
4066 foreach( $this->mOptionOverrides as $key => $value ) {
4067 $this->mOptions[$key] = $value;
4068 }
4069 } else {
4070 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
4071 // Load from database
4072 $dbr = wfGetDB( DB_SLAVE );
4073
4074 $res = $dbr->select(
4075 'user_properties',
4076 array( 'up_property', 'up_value' ),
4077 array( 'up_user' => $this->getId() ),
4078 __METHOD__
4079 );
4080
4081 $this->mOptionOverrides = array();
4082 foreach ( $res as $row ) {
4083 $this->mOptionOverrides[$row->up_property] = $row->up_value;
4084 $this->mOptions[$row->up_property] = $row->up_value;
4085 }
4086 }
4087
4088 $this->mOptionsLoaded = true;
4089
4090 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
4091 }
4092
4093 /**
4094 * @todo document
4095 */
4096 protected function saveOptions() {
4097 global $wgAllowPrefChange;
4098
4099 $this->loadOptions();
4100
4101 // Not using getOptions(), to keep hidden preferences in database
4102 $saveOptions = $this->mOptions;
4103
4104 // Allow hooks to abort, for instance to save to a global profile.
4105 // Reset options to default state before saving.
4106 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4107 return;
4108 }
4109
4110 $extuser = ExternalUser::newFromUser( $this );
4111 $userId = $this->getId();
4112 $insert_rows = array();
4113 foreach( $saveOptions as $key => $value ) {
4114 # Don't bother storing default values
4115 $defaultOption = self::getDefaultOption( $key );
4116 if ( ( is_null( $defaultOption ) &&
4117 !( $value === false || is_null( $value ) ) ) ||
4118 $value != $defaultOption ) {
4119 $insert_rows[] = array(
4120 'up_user' => $userId,
4121 'up_property' => $key,
4122 'up_value' => $value,
4123 );
4124 }
4125 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
4126 switch ( $wgAllowPrefChange[$key] ) {
4127 case 'local':
4128 case 'message':
4129 break;
4130 case 'semiglobal':
4131 case 'global':
4132 $extuser->setPref( $key, $value );
4133 }
4134 }
4135 }
4136
4137 $dbw = wfGetDB( DB_MASTER );
4138 $dbw->delete( 'user_properties', array( 'up_user' => $userId ), __METHOD__ );
4139 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
4140 }
4141
4142 /**
4143 * Provide an array of HTML5 attributes to put on an input element
4144 * intended for the user to enter a new password. This may include
4145 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4146 *
4147 * Do *not* use this when asking the user to enter his current password!
4148 * Regardless of configuration, users may have invalid passwords for whatever
4149 * reason (e.g., they were set before requirements were tightened up).
4150 * Only use it when asking for a new password, like on account creation or
4151 * ResetPass.
4152 *
4153 * Obviously, you still need to do server-side checking.
4154 *
4155 * NOTE: A combination of bugs in various browsers means that this function
4156 * actually just returns array() unconditionally at the moment. May as
4157 * well keep it around for when the browser bugs get fixed, though.
4158 *
4159 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4160 *
4161 * @return array Array of HTML attributes suitable for feeding to
4162 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4163 * That will potentially output invalid XHTML 1.0 Transitional, and will
4164 * get confused by the boolean attribute syntax used.)
4165 */
4166 public static function passwordChangeInputAttribs() {
4167 global $wgMinimalPasswordLength;
4168
4169 if ( $wgMinimalPasswordLength == 0 ) {
4170 return array();
4171 }
4172
4173 # Note that the pattern requirement will always be satisfied if the
4174 # input is empty, so we need required in all cases.
4175 #
4176 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4177 # if e-mail confirmation is being used. Since HTML5 input validation
4178 # is b0rked anyway in some browsers, just return nothing. When it's
4179 # re-enabled, fix this code to not output required for e-mail
4180 # registration.
4181 #$ret = array( 'required' );
4182 $ret = array();
4183
4184 # We can't actually do this right now, because Opera 9.6 will print out
4185 # the entered password visibly in its error message! When other
4186 # browsers add support for this attribute, or Opera fixes its support,
4187 # we can add support with a version check to avoid doing this on Opera
4188 # versions where it will be a problem. Reported to Opera as
4189 # DSK-262266, but they don't have a public bug tracker for us to follow.
4190 /*
4191 if ( $wgMinimalPasswordLength > 1 ) {
4192 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4193 $ret['title'] = wfMessage( 'passwordtooshort' )
4194 ->numParams( $wgMinimalPasswordLength )->text();
4195 }
4196 */
4197
4198 return $ret;
4199 }
4200
4201 /**
4202 * Return the list of user fields that should be selected to create
4203 * a new user object.
4204 * @return array
4205 */
4206 public static function selectFields() {
4207 return array(
4208 'user_id',
4209 'user_name',
4210 'user_real_name',
4211 'user_password',
4212 'user_newpassword',
4213 'user_newpass_time',
4214 'user_email',
4215 'user_touched',
4216 'user_token',
4217 'user_email_authenticated',
4218 'user_email_token',
4219 'user_email_token_expires',
4220 'user_registration',
4221 'user_editcount',
4222 );
4223 }
4224 }
MediaWiki Core