search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rm unused code
[mediawiki.git] / includes / User.php
blob7fc0cce19a84c07cd644f162e3ea3550807e8510
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44 /**
45 * Global constants made accessible as class constants so that autoloader
46 * magic can be used.
47 */
48 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
49 const MW_USER_VERSION = MW_USER_VERSION;
50 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
51
52 /**
53 * \type{\arrayof{\string}} List of member variables which are saved to the
54 * shared cache (memcached). Any operation which changes the
55 * corresponding database fields must call a cache-clearing function.
56 * @showinitializer
57 */
58 static $mCacheVars = array(
59 // user table
60 'mId',
61 'mName',
62 'mRealName',
63 'mPassword',
64 'mNewpassword',
65 'mNewpassTime',
66 'mEmail',
67 'mTouched',
68 'mToken',
69 'mEmailAuthenticated',
70 'mEmailToken',
71 'mEmailTokenExpires',
72 'mRegistration',
73 'mEditCount',
74 // user_group table
75 'mGroups',
76 // user_properties table
77 'mOptionOverrides',
78 );
79
80 /**
81 * \type{\arrayof{\string}} Core rights.
82 * Each of these should have a corresponding message of the form
83 * "right-$right".
84 * @showinitializer
85 */
86 static $mCoreRights = array(
87 'apihighlimits',
88 'autoconfirmed',
89 'autopatrol',
90 'bigdelete',
91 'block',
92 'blockemail',
93 'bot',
94 'browsearchive',
95 'createaccount',
96 'createpage',
97 'createtalk',
98 'delete',
99 'deletedhistory',
100 'deletedtext',
101 'deleterevision',
102 'edit',
103 'editinterface',
104 'editusercssjs',
105 'hideuser',
106 'import',
107 'importupload',
108 'ipblock-exempt',
109 'markbotedits',
110 'minoredit',
111 'move',
112 'movefile',
113 'move-rootuserpages',
114 'move-subpages',
115 'nominornewtalk',
116 'noratelimit',
117 'override-export-depth',
118 'patrol',
119 'protect',
120 'proxyunbannable',
121 'purge',
122 'read',
123 'reupload',
124 'reupload-shared',
125 'rollback',
126 'selenium',
127 'sendemail',
128 'siteadmin',
129 'suppressionlog',
130 'suppressredirect',
131 'suppressrevision',
132 'trackback',
133 'undelete',
134 'unwatchedpages',
135 'upload',
136 'upload_by_url',
137 'userrights',
138 'userrights-interwiki',
139 'writeapi',
140 );
141 /**
142 * \string Cached results of getAllRights()
143 */
144 static $mAllRights = false;
145
146 /** @name Cache variables */
147 //@{
148 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
149 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
150 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
151 //@}
152
153 /**
154 * \bool Whether the cache variables have been loaded.
155 */
156 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
157
158 /**
159 * \string Initialization data source if mDataLoaded==false. May be one of:
160 * - 'defaults' anonymous user initialised from class defaults
161 * - 'name' initialise from mName
162 * - 'id' initialise from mId
163 * - 'session' log in from cookies or session if possible
164 *
165 * Use the User::newFrom*() family of functions to set this.
166 */
167 var $mFrom;
168
169 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
170 //@{
171 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
172 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
173 $mLocked, $mHideName, $mOptions;
174 //@}
175
176 static $idCacheByName = array();
177
178 /**
179 * Lightweight constructor for an anonymous user.
180 * Use the User::newFrom* factory functions for other kinds of users.
181 *
182 * @see newFromName()
183 * @see newFromId()
184 * @see newFromConfirmationCode()
185 * @see newFromSession()
186 * @see newFromRow()
187 */
188 function __construct() {
189 $this->clearInstanceCache( 'defaults' );
190 }
191
192 /**
193 * Load the user table data for this object from the source given by mFrom.
194 */
195 function load() {
196 if ( $this->mDataLoaded ) {
197 return;
198 }
199 wfProfileIn( __METHOD__ );
200
201 # Set it now to avoid infinite recursion in accessors
202 $this->mDataLoaded = true;
203
204 switch ( $this->mFrom ) {
205 case 'defaults':
206 $this->loadDefaults();
207 break;
208 case 'name':
209 $this->mId = self::idFromName( $this->mName );
210 if ( !$this->mId ) {
211 # Nonexistent user placeholder object
212 $this->loadDefaults( $this->mName );
213 } else {
214 $this->loadFromId();
215 }
216 break;
217 case 'id':
218 $this->loadFromId();
219 break;
220 case 'session':
221 $this->loadFromSession();
222 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
223 break;
224 default:
225 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
226 }
227 wfProfileOut( __METHOD__ );
228 }
229
230 /**
231 * Load user table data, given mId has already been set.
232 * @return \bool false if the ID does not exist, true otherwise
233 * @private
234 */
235 function loadFromId() {
236 global $wgMemc;
237 if ( $this->mId == 0 ) {
238 $this->loadDefaults();
239 return false;
240 }
241
242 # Try cache
243 $key = wfMemcKey( 'user', 'id', $this->mId );
244 $data = $wgMemc->get( $key );
245 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
246 # Object is expired, load from DB
247 $data = false;
248 }
249
250 if ( !$data ) {
251 wfDebug( "User: cache miss for user {$this->mId}\n" );
252 # Load from DB
253 if ( !$this->loadFromDatabase() ) {
254 # Can't load from ID, user is anonymous
255 return false;
256 }
257 $this->saveToCache();
258 } else {
259 wfDebug( "User: got user {$this->mId} from cache\n" );
260 # Restore from cache
261 foreach ( self::$mCacheVars as $name ) {
262 $this->$name = $data[$name];
263 }
264 }
265 return true;
266 }
267
268 /**
269 * Save user data to the shared cache
270 */
271 function saveToCache() {
272 $this->load();
273 $this->loadGroups();
274 $this->loadOptions();
275 if ( $this->isAnon() ) {
276 // Anonymous users are uncached
277 return;
278 }
279 $data = array();
280 foreach ( self::$mCacheVars as $name ) {
281 $data[$name] = $this->$name;
282 }
283 $data['mVersion'] = MW_USER_VERSION;
284 $key = wfMemcKey( 'user', 'id', $this->mId );
285 global $wgMemc;
286 $wgMemc->set( $key, $data );
287 }
288
289
290 /** @name newFrom*() static factory methods */
291 //@{
292
293 /**
294 * Static factory method for creation from username.
295 *
296 * This is slightly less efficient than newFromId(), so use newFromId() if
297 * you have both an ID and a name handy.
298 *
299 * @param $name \string Username, validated by Title::newFromText()
300 * @param $validate \mixed Validate username. Takes the same parameters as
301 * User::getCanonicalName(), except that true is accepted as an alias
302 * for 'valid', for BC.
303 *
304 * @return \type{User} The User object, or false if the username is invalid
305 * (e.g. if it contains illegal characters or is an IP address). If the
306 * username is not present in the database, the result will be a user object
307 * with a name, zero user ID and default settings.
308 */
309 static function newFromName( $name, $validate = 'valid' ) {
310 if ( $validate === true ) {
311 $validate = 'valid';
312 }
313 $name = self::getCanonicalName( $name, $validate );
314 if ( $name === false ) {
315 return false;
316 } else {
317 # Create unloaded user object
318 $u = new User;
319 $u->mName = $name;
320 $u->mFrom = 'name';
321 return $u;
322 }
323 }
324
325 /**
326 * Static factory method for creation from a given user ID.
327 *
328 * @param $id \int Valid user ID
329 * @return \type{User} The corresponding User object
330 */
331 static function newFromId( $id ) {
332 $u = new User;
333 $u->mId = $id;
334 $u->mFrom = 'id';
335 return $u;
336 }
337
338 /**
339 * Factory method to fetch whichever user has a given email confirmation code.
340 * This code is generated when an account is created or its e-mail address
341 * has changed.
342 *
343 * If the code is invalid or has expired, returns NULL.
344 *
345 * @param $code \string Confirmation code
346 * @return \type{User}
347 */
348 static function newFromConfirmationCode( $code ) {
349 $dbr = wfGetDB( DB_SLAVE );
350 $id = $dbr->selectField( 'user', 'user_id', array(
351 'user_email_token' => md5( $code ),
352 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
353 ) );
354 if( $id !== false ) {
355 return User::newFromId( $id );
356 } else {
357 return null;
358 }
359 }
360
361 /**
362 * Create a new user object using data from session or cookies. If the
363 * login credentials are invalid, the result is an anonymous user.
364 *
365 * @return \type{User}
366 */
367 static function newFromSession() {
368 $user = new User;
369 $user->mFrom = 'session';
370 return $user;
371 }
372
373 /**
374 * Create a new user object from a user row.
375 * The row should have all fields from the user table in it.
376 * @param $row array A row from the user table
377 * @return \type{User}
378 */
379 static function newFromRow( $row ) {
380 $user = new User;
381 $user->loadFromRow( $row );
382 return $user;
383 }
384
385 //@}
386
387
388 /**
389 * Get the username corresponding to a given user ID
390 * @param $id \int User ID
391 * @return \string The corresponding username
392 */
393 static function whoIs( $id ) {
394 $dbr = wfGetDB( DB_SLAVE );
395 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
396 }
397
398 /**
399 * Get the real name of a user given their user ID
400 *
401 * @param $id \int User ID
402 * @return \string The corresponding user's real name
403 */
404 static function whoIsReal( $id ) {
405 $dbr = wfGetDB( DB_SLAVE );
406 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
407 }
408
409 /**
410 * Get database id given a user name
411 * @param $name \string Username
412 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
413 */
414 static function idFromName( $name ) {
415 $nt = Title::makeTitleSafe( NS_USER, $name );
416 if( is_null( $nt ) ) {
417 # Illegal name
418 return null;
419 }
420
421 if ( isset( self::$idCacheByName[$name] ) ) {
422 return self::$idCacheByName[$name];
423 }
424
425 $dbr = wfGetDB( DB_SLAVE );
426 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
427
428 if ( $s === false ) {
429 $result = null;
430 } else {
431 $result = $s->user_id;
432 }
433
434 self::$idCacheByName[$name] = $result;
435
436 if ( count( self::$idCacheByName ) > 1000 ) {
437 self::$idCacheByName = array();
438 }
439
440 return $result;
441 }
442
443 /**
444 * Does the string match an anonymous IPv4 address?
445 *
446 * This function exists for username validation, in order to reject
447 * usernames which are similar in form to IP addresses. Strings such
448 * as 300.300.300.300 will return true because it looks like an IP
449 * address, despite not being strictly valid.
450 *
451 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
452 * address because the usemod software would "cloak" anonymous IP
453 * addresses like this, if we allowed accounts like this to be created
454 * new users could get the old edits of these anonymous users.
455 *
456 * @param $name \string String to match
457 * @return \bool True or false
458 */
459 static function isIP( $name ) {
460 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
461 }
462
463 /**
464 * Is the input a valid username?
465 *
466 * Checks if the input is a valid username, we don't want an empty string,
467 * an IP address, anything that containins slashes (would mess up subpages),
468 * is longer than the maximum allowed username size or doesn't begin with
469 * a capital letter.
470 *
471 * @param $name \string String to match
472 * @return \bool True or false
473 */
474 static function isValidUserName( $name ) {
475 global $wgContLang, $wgMaxNameChars;
476
477 if ( $name == ''
478 || User::isIP( $name )
479 || strpos( $name, '/' ) !== false
480 || strlen( $name ) > $wgMaxNameChars
481 || $name != $wgContLang->ucfirst( $name ) ) {
482 wfDebugLog( 'username', __METHOD__ .
483 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
484 return false;
485 }
486
487 // Ensure that the name can't be misresolved as a different title,
488 // such as with extra namespace keys at the start.
489 $parsed = Title::newFromText( $name );
490 if( is_null( $parsed )
491 || $parsed->getNamespace()
492 || strcmp( $name, $parsed->getPrefixedText() ) ) {
493 wfDebugLog( 'username', __METHOD__ .
494 ": '$name' invalid due to ambiguous prefixes" );
495 return false;
496 }
497
498 // Check an additional blacklist of troublemaker characters.
499 // Should these be merged into the title char list?
500 $unicodeBlacklist = '/[' .
501 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
502 '\x{00a0}' . # non-breaking space
503 '\x{2000}-\x{200f}' . # various whitespace
504 '\x{2028}-\x{202f}' . # breaks and control chars
505 '\x{3000}' . # ideographic space
506 '\x{e000}-\x{f8ff}' . # private use
507 ']/u';
508 if( preg_match( $unicodeBlacklist, $name ) ) {
509 wfDebugLog( 'username', __METHOD__ .
510 ": '$name' invalid due to blacklisted characters" );
511 return false;
512 }
513
514 return true;
515 }
516
517 /**
518 * Usernames which fail to pass this function will be blocked
519 * from user login and new account registrations, but may be used
520 * internally by batch processes.
521 *
522 * If an account already exists in this form, login will be blocked
523 * by a failure to pass this function.
524 *
525 * @param $name \string String to match
526 * @return \bool True or false
527 */
528 static function isUsableName( $name ) {
529 global $wgReservedUsernames;
530 // Must be a valid username, obviously ;)
531 if ( !self::isValidUserName( $name ) ) {
532 return false;
533 }
534
535 static $reservedUsernames = false;
536 if ( !$reservedUsernames ) {
537 $reservedUsernames = $wgReservedUsernames;
538 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
539 }
540
541 // Certain names may be reserved for batch processes.
542 foreach ( $reservedUsernames as $reserved ) {
543 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
544 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
545 }
546 if ( $reserved == $name ) {
547 return false;
548 }
549 }
550 return true;
551 }
552
553 /**
554 * Usernames which fail to pass this function will be blocked
555 * from new account registrations, but may be used internally
556 * either by batch processes or by user accounts which have
557 * already been created.
558 *
559 * Additional blacklisting may be added here rather than in
560 * isValidUserName() to avoid disrupting existing accounts.
561 *
562 * @param $name \string String to match
563 * @return \bool True or false
564 */
565 static function isCreatableName( $name ) {
566 global $wgInvalidUsernameCharacters;
567
568 // Ensure that the username isn't longer than 235 bytes, so that
569 // (at least for the builtin skins) user javascript and css files
570 // will work. (bug 23080)
571 if( strlen( $name ) > 235 ) {
572 wfDebugLog( 'username', __METHOD__ .
573 ": '$name' invalid due to length" );
574 return false;
575 }
576
577 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
578 wfDebugLog( 'username', __METHOD__ .
579 ": '$name' invalid due to wgInvalidUsernameCharacters" );
580 return false;
581 }
582
583 return self::isUsableName( $name );
584 }
585
586 /**
587 * Is the input a valid password for this user?
588 *
589 * @param $password String Desired password
590 * @return bool True or false
591 */
592 function isValidPassword( $password ) {
593 //simple boolean wrapper for getPasswordValidity
594 return $this->getPasswordValidity( $password ) === true;
595 }
596
597 /**
598 * Given unvalidated password input, return error message on failure.
599 *
600 * @param $password String Desired password
601 * @return mixed: true on success, string of error message on failure
602 */
603 function getPasswordValidity( $password ) {
604 global $wgMinimalPasswordLength, $wgContLang;
605
606 $result = false; //init $result to false for the internal checks
607
608 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
609 return $result;
610
611 if ( $result === false ) {
612 if( strlen( $password ) < $wgMinimalPasswordLength ) {
613 return 'passwordtooshort';
614 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
615 return 'password-name-match';
616 } else {
617 //it seems weird returning true here, but this is because of the
618 //initialization of $result to false above. If the hook is never run or it
619 //doesn't modify $result, then we will likely get down into this if with
620 //a valid password.
621 return true;
622 }
623 } elseif( $result === true ) {
624 return true;
625 } else {
626 return $result; //the isValidPassword hook set a string $result and returned true
627 }
628 }
629
630 /**
631 * Does a string look like an e-mail address?
632 *
633 * There used to be a regular expression here, it got removed because it
634 * rejected valid addresses. Actually just check if there is '@' somewhere
635 * in the given address.
636 *
637 * @todo Check for RFC 2822 compilance (bug 959)
638 *
639 * @param $addr \string E-mail address
640 * @return \bool True or false
641 */
642 public static function isValidEmailAddr( $addr ) {
643 $result = null;
644 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
645 return $result;
646 }
647
648 return strpos( $addr, '@' ) !== false;
649 }
650
651 /**
652 * Given unvalidated user input, return a canonical username, or false if
653 * the username is invalid.
654 * @param $name \string User input
655 * @param $validate \types{\string,\bool} Type of validation to use:
656 * - false No validation
657 * - 'valid' Valid for batch processes
658 * - 'usable' Valid for batch processes and login
659 * - 'creatable' Valid for batch processes, login and account creation
660 */
661 static function getCanonicalName( $name, $validate = 'valid' ) {
662 # Force usernames to capital
663 global $wgContLang;
664 $name = $wgContLang->ucfirst( $name );
665
666 # Reject names containing '#'; these will be cleaned up
667 # with title normalisation, but then it's too late to
668 # check elsewhere
669 if( strpos( $name, '#' ) !== false )
670 return false;
671
672 # Clean up name according to title rules
673 $t = ( $validate === 'valid' ) ?
674 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
675 # Check for invalid titles
676 if( is_null( $t ) ) {
677 return false;
678 }
679
680 # Reject various classes of invalid names
681 $name = $t->getText();
682 global $wgAuth;
683 $name = $wgAuth->getCanonicalName( $t->getText() );
684
685 switch ( $validate ) {
686 case false:
687 break;
688 case 'valid':
689 if ( !User::isValidUserName( $name ) ) {
690 $name = false;
691 }
692 break;
693 case 'usable':
694 if ( !User::isUsableName( $name ) ) {
695 $name = false;
696 }
697 break;
698 case 'creatable':
699 if ( !User::isCreatableName( $name ) ) {
700 $name = false;
701 }
702 break;
703 default:
704 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
705 }
706 return $name;
707 }
708
709 /**
710 * Count the number of edits of a user
711 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
712 *
713 * @param $uid \int User ID to check
714 * @return \int The user's edit count
715 */
716 static function edits( $uid ) {
717 wfProfileIn( __METHOD__ );
718 $dbr = wfGetDB( DB_SLAVE );
719 // check if the user_editcount field has been initialized
720 $field = $dbr->selectField(
721 'user', 'user_editcount',
722 array( 'user_id' => $uid ),
723 __METHOD__
724 );
725
726 if( $field === null ) { // it has not been initialized. do so.
727 $dbw = wfGetDB( DB_MASTER );
728 $count = $dbr->selectField(
729 'revision', 'count(*)',
730 array( 'rev_user' => $uid ),
731 __METHOD__
732 );
733 $dbw->update(
734 'user',
735 array( 'user_editcount' => $count ),
736 array( 'user_id' => $uid ),
737 __METHOD__
738 );
739 } else {
740 $count = $field;
741 }
742 wfProfileOut( __METHOD__ );
743 return $count;
744 }
745
746 /**
747 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
748 * @todo hash random numbers to improve security, like generateToken()
749 *
750 * @return \string New random password
751 */
752 static function randomPassword() {
753 global $wgMinimalPasswordLength;
754 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
755 $l = strlen( $pwchars ) - 1;
756
757 $pwlength = max( 7, $wgMinimalPasswordLength );
758 $digit = mt_rand( 0, $pwlength - 1 );
759 $np = '';
760 for ( $i = 0; $i < $pwlength; $i++ ) {
761 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
762 }
763 return $np;
764 }
765
766 /**
767 * Set cached properties to default.
768 *
769 * @note This no longer clears uncached lazy-initialised properties;
770 * the constructor does that instead.
771 * @private
772 */
773 function loadDefaults( $name = false ) {
774 wfProfileIn( __METHOD__ );
775
776 global $wgRequest;
777
778 $this->mId = 0;
779 $this->mName = $name;
780 $this->mRealName = '';
781 $this->mPassword = $this->mNewpassword = '';
782 $this->mNewpassTime = null;
783 $this->mEmail = '';
784 $this->mOptionOverrides = null;
785 $this->mOptionsLoaded = false;
786
787 if( $wgRequest->getCookie( 'LoggedOut' ) !== null ) {
788 $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie( 'LoggedOut' ) );
789 } else {
790 $this->mTouched = '0'; # Allow any pages to be cached
791 }
792
793 $this->setToken(); # Random
794 $this->mEmailAuthenticated = null;
795 $this->mEmailToken = '';
796 $this->mEmailTokenExpires = null;
797 $this->mRegistration = wfTimestamp( TS_MW );
798 $this->mGroups = array();
799
800 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
801
802 wfProfileOut( __METHOD__ );
803 }
804
805 /**
806 * @deprecated Use wfSetupSession().
807 */
808 function SetupSession() {
809 wfDeprecated( __METHOD__ );
810 wfSetupSession();
811 }
812
813 /**
814 * Load user data from the session or login cookie. If there are no valid
815 * credentials, initialises the user as an anonymous user.
816 * @return \bool True if the user is logged in, false otherwise.
817 */
818 private function loadFromSession() {
819 global $wgRequest, $wgExternalAuthType, $wgAutocreatePolicy;
820
821 $result = null;
822 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
823 if ( $result !== null ) {
824 return $result;
825 }
826
827 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
828 $extUser = ExternalUser::newFromCookie();
829 if ( $extUser ) {
830 # TODO: Automatically create the user here (or probably a bit
831 # lower down, in fact)
832 }
833 }
834
835 if ( $wgRequest->getCookie( 'UserID' ) !== null ) {
836 $sId = intval( $wgRequest->getCookie( 'UserID' ) );
837 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
838 $this->loadDefaults(); // Possible collision!
839 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
840 cookie user ID ($sId) don't match!" );
841 return false;
842 }
843 $_SESSION['wsUserID'] = $sId;
844 } else if ( isset( $_SESSION['wsUserID'] ) ) {
845 if ( $_SESSION['wsUserID'] != 0 ) {
846 $sId = $_SESSION['wsUserID'];
847 } else {
848 $this->loadDefaults();
849 return false;
850 }
851 } else {
852 $this->loadDefaults();
853 return false;
854 }
855
856 if ( isset( $_SESSION['wsUserName'] ) ) {
857 $sName = $_SESSION['wsUserName'];
858 } else if ( $wgRequest->getCookie('UserName') !== null ) {
859 $sName = $wgRequest->getCookie('UserName');
860 $_SESSION['wsUserName'] = $sName;
861 } else {
862 $this->loadDefaults();
863 return false;
864 }
865
866 $this->mId = $sId;
867 if ( !$this->loadFromId() ) {
868 # Not a valid ID, loadFromId has switched the object to anon for us
869 return false;
870 }
871
872 global $wgBlockDisablesLogin;
873 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
874 # User blocked and we've disabled blocked user logins
875 $this->loadDefaults();
876 return false;
877 }
878
879 if ( isset( $_SESSION['wsToken'] ) ) {
880 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
881 $from = 'session';
882 } else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
883 $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
884 $from = 'cookie';
885 } else {
886 # No session or persistent login cookie
887 $this->loadDefaults();
888 return false;
889 }
890
891 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
892 $_SESSION['wsToken'] = $this->mToken;
893 wfDebug( "User: logged in from $from\n" );
894 return true;
895 } else {
896 # Invalid credentials
897 wfDebug( "User: can't log in from $from, invalid credentials\n" );
898 $this->loadDefaults();
899 return false;
900 }
901 }
902
903 /**
904 * Load user and user_group data from the database.
905 * $this::mId must be set, this is how the user is identified.
906 *
907 * @return \bool True if the user exists, false if the user is anonymous
908 * @private
909 */
910 function loadFromDatabase() {
911 # Paranoia
912 $this->mId = intval( $this->mId );
913
914 /** Anonymous user */
915 if( !$this->mId ) {
916 $this->loadDefaults();
917 return false;
918 }
919
920 $dbr = wfGetDB( DB_MASTER );
921 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
922
923 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
924
925 if ( $s !== false ) {
926 # Initialise user table data
927 $this->loadFromRow( $s );
928 $this->mGroups = null; // deferred
929 $this->getEditCount(); // revalidation for nulls
930 return true;
931 } else {
932 # Invalid user_id
933 $this->mId = 0;
934 $this->loadDefaults();
935 return false;
936 }
937 }
938
939 /**
940 * Initialize this object from a row from the user table.
941 *
942 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
943 */
944 function loadFromRow( $row ) {
945 $this->mDataLoaded = true;
946
947 if ( isset( $row->user_id ) ) {
948 $this->mId = intval( $row->user_id );
949 }
950 $this->mName = $row->user_name;
951 $this->mRealName = $row->user_real_name;
952 $this->mPassword = $row->user_password;
953 $this->mNewpassword = $row->user_newpassword;
954 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
955 $this->mEmail = $row->user_email;
956 $this->decodeOptions( $row->user_options );
957 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
958 $this->mToken = $row->user_token;
959 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
960 $this->mEmailToken = $row->user_email_token;
961 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
962 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
963 $this->mEditCount = $row->user_editcount;
964 }
965
966 /**
967 * Load the groups from the database if they aren't already loaded.
968 * @private
969 */
970 function loadGroups() {
971 if ( is_null( $this->mGroups ) ) {
972 $dbr = wfGetDB( DB_MASTER );
973 $res = $dbr->select( 'user_groups',
974 array( 'ug_group' ),
975 array( 'ug_user' => $this->mId ),
976 __METHOD__ );
977 $this->mGroups = array();
978 foreach ( $res as $row ) {
979 $this->mGroups[] = $row->ug_group;
980 }
981 }
982 }
983
984 /**
985 * Clear various cached data stored in this object.
986 * @param $reloadFrom \string Reload user and user_groups table data from a
987 * given source. May be "name", "id", "defaults", "session", or false for
988 * no reload.
989 */
990 function clearInstanceCache( $reloadFrom = false ) {
991 $this->mNewtalk = -1;
992 $this->mDatePreference = null;
993 $this->mBlockedby = -1; # Unset
994 $this->mHash = false;
995 $this->mSkin = null;
996 $this->mRights = null;
997 $this->mEffectiveGroups = null;
998 $this->mOptions = null;
999
1000 if ( $reloadFrom ) {
1001 $this->mDataLoaded = false;
1002 $this->mFrom = $reloadFrom;
1003 }
1004 }
1005
1006 /**
1007 * Combine the language default options with any site-specific options
1008 * and add the default language variants.
1009 *
1010 * @return \type{\arrayof{\string}} Array of options
1011 */
1012 static function getDefaultOptions() {
1013 global $wgNamespacesToBeSearchedDefault;
1014 /**
1015 * Site defaults will override the global/language defaults
1016 */
1017 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1018 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1019
1020 /**
1021 * default language setting
1022 */
1023 $variant = $wgContLang->getPreferredVariant( false );
1024 $defOpt['variant'] = $variant;
1025 $defOpt['language'] = $variant;
1026 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1027 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1028 }
1029 $defOpt['skin'] = $wgDefaultSkin;
1030
1031 return $defOpt;
1032 }
1033
1034 /**
1035 * Get a given default option value.
1036 *
1037 * @param $opt \string Name of option to retrieve
1038 * @return \string Default option value
1039 */
1040 public static function getDefaultOption( $opt ) {
1041 $defOpts = self::getDefaultOptions();
1042 if( isset( $defOpts[$opt] ) ) {
1043 return $defOpts[$opt];
1044 } else {
1045 return null;
1046 }
1047 }
1048
1049
1050 /**
1051 * Get blocking information
1052 * @private
1053 * @param $bFromSlave \bool Whether to check the slave database first. To
1054 * improve performance, non-critical checks are done
1055 * against slaves. Check when actually saving should be
1056 * done against master.
1057 */
1058 function getBlockedStatus( $bFromSlave = true ) {
1059 global $wgProxyWhitelist, $wgUser;
1060
1061 if ( -1 != $this->mBlockedby ) {
1062 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1063 return;
1064 }
1065
1066 wfProfileIn( __METHOD__ );
1067 wfDebug( __METHOD__.": checking...\n" );
1068
1069 // Initialize data...
1070 // Otherwise something ends up stomping on $this->mBlockedby when
1071 // things get lazy-loaded later, causing false positive block hits
1072 // due to -1 !== 0. Probably session-related... Nothing should be
1073 // overwriting mBlockedby, surely?
1074 $this->load();
1075
1076 $this->mBlockedby = 0;
1077 $this->mHideName = 0;
1078 $this->mAllowUsertalk = 0;
1079
1080 # Check if we are looking at an IP or a logged-in user
1081 if ( $this->isIP( $this->getName() ) ) {
1082 $ip = $this->getName();
1083 } else {
1084 # Check if we are looking at the current user
1085 # If we don't, and the user is logged in, we don't know about
1086 # his IP / autoblock status, so ignore autoblock of current user's IP
1087 if ( $this->getID() != $wgUser->getID() ) {
1088 $ip = '';
1089 } else {
1090 # Get IP of current user
1091 $ip = wfGetIP();
1092 }
1093 }
1094
1095 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1096 # Exempt from all types of IP-block
1097 $ip = '';
1098 }
1099
1100 # User/IP blocking
1101 $this->mBlock = new Block();
1102 $this->mBlock->fromMaster( !$bFromSlave );
1103 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1104 wfDebug( __METHOD__ . ": Found block.\n" );
1105 $this->mBlockedby = $this->mBlock->mBy;
1106 if( $this->mBlockedby == 0 )
1107 $this->mBlockedby = $this->mBlock->mByName;
1108 $this->mBlockreason = $this->mBlock->mReason;
1109 $this->mHideName = $this->mBlock->mHideName;
1110 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1111 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1112 $this->spreadBlock();
1113 }
1114 } else {
1115 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1116 // apply to users. Note that the existence of $this->mBlock is not used to
1117 // check for edit blocks, $this->mBlockedby is instead.
1118 }
1119
1120 # Proxy blocking
1121 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1122 # Local list
1123 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1124 $this->mBlockedby = wfMsg( 'proxyblocker' );
1125 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1126 }
1127
1128 # DNSBL
1129 if ( !$this->mBlockedby && !$this->getID() ) {
1130 if ( $this->isDnsBlacklisted( $ip ) ) {
1131 $this->mBlockedby = wfMsg( 'sorbs' );
1132 $this->mBlockreason = wfMsg( 'sorbsreason' );
1133 }
1134 }
1135 }
1136
1137 # Extensions
1138 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1139
1140 wfProfileOut( __METHOD__ );
1141 }
1142
1143 /**
1144 * Whether the given IP is in a DNS blacklist.
1145 *
1146 * @param $ip \string IP to check
1147 * @param $checkWhitelist Boolean: whether to check the whitelist first
1148 * @return \bool True if blacklisted.
1149 */
1150 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1151 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1152 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1153
1154 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1155 return false;
1156
1157 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1158 return false;
1159
1160 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1161 return $this->inDnsBlacklist( $ip, $urls );
1162 }
1163
1164 /**
1165 * Whether the given IP is in a given DNS blacklist.
1166 *
1167 * @param $ip \string IP to check
1168 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1169 * @return \bool True if blacklisted.
1170 */
1171 function inDnsBlacklist( $ip, $bases ) {
1172 wfProfileIn( __METHOD__ );
1173
1174 $found = false;
1175 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1176 if( IP::isIPv4( $ip ) ) {
1177 # Reverse IP, bug 21255
1178 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1179
1180 foreach( (array)$bases as $base ) {
1181 # Make hostname
1182 $host = "$ipReversed.$base";
1183
1184 # Send query
1185 $ipList = gethostbynamel( $host );
1186
1187 if( $ipList ) {
1188 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1189 $found = true;
1190 break;
1191 } else {
1192 wfDebug( "Requested $host, not found in $base.\n" );
1193 }
1194 }
1195 }
1196
1197 wfProfileOut( __METHOD__ );
1198 return $found;
1199 }
1200
1201 /**
1202 * Is this user subject to rate limiting?
1203 *
1204 * @return \bool True if rate limited
1205 */
1206 public function isPingLimitable() {
1207 global $wgRateLimitsExcludedGroups;
1208 global $wgRateLimitsExcludedIPs;
1209 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1210 // Deprecated, but kept for backwards-compatibility config
1211 return false;
1212 }
1213
1214 wfDebug( "Checking the list of IP addresses excluded from rate limit..\n" );
1215
1216 // Read list of IP addresses from MediaWiki namespace
1217 $message = wfMsgForContentNoTrans( 'ratelimit-excluded-ips' );
1218 $lines = explode( "\n", $message );
1219 foreach( $lines as $line ) {
1220 // Remove comment lines
1221 $comment = substr( trim( $line ), 0, 1 );
1222 if ( $comment == '#' || $comment == '' ) {
1223 continue;
1224 }
1225 // Remove additional comments after an IP address
1226 $comment = strpos( $line, '#' );
1227 if ( $comment > 0 ) {
1228 $line = trim( substr( $line, 0, $comment-1 ) );
1229 if ( IP::isValid( $line ) ) {
1230 $wgRateLimitsExcludedIPs[] = IP::sanitizeIP( $line );
1231 }
1232 }
1233 }
1234
1235 $ip = IP::sanitizeIP( wfGetIP() );
1236 if( in_array( $ip, $wgRateLimitsExcludedIPs ) ) {
1237 // No other good way currently to disable rate limits
1238 // for specific IPs. :P
1239 // But this is a crappy hack and should die.
1240 wfDebug( "IP $ip matches the list of rate limit excluded IPs\n" );
1241 return false;
1242 }
1243 return !$this->isAllowed('noratelimit');
1244 }
1245
1246 /**
1247 * Primitive rate limits: enforce maximum actions per time period
1248 * to put a brake on flooding.
1249 *
1250 * @note When using a shared cache like memcached, IP-address
1251 * last-hit counters will be shared across wikis.
1252 *
1253 * @param $action \string Action to enforce; 'edit' if unspecified
1254 * @return \bool True if a rate limiter was tripped
1255 */
1256 function pingLimiter( $action = 'edit' ) {
1257 # Call the 'PingLimiter' hook
1258 $result = false;
1259 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1260 return $result;
1261 }
1262
1263 global $wgRateLimits;
1264 if( !isset( $wgRateLimits[$action] ) ) {
1265 return false;
1266 }
1267
1268 # Some groups shouldn't trigger the ping limiter, ever
1269 if( !$this->isPingLimitable() )
1270 return false;
1271
1272 global $wgMemc, $wgRateLimitLog;
1273 wfProfileIn( __METHOD__ );
1274
1275 $limits = $wgRateLimits[$action];
1276 $keys = array();
1277 $id = $this->getId();
1278 $ip = wfGetIP();
1279 $userLimit = false;
1280
1281 if( isset( $limits['anon'] ) && $id == 0 ) {
1282 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1283 }
1284
1285 if( isset( $limits['user'] ) && $id != 0 ) {
1286 $userLimit = $limits['user'];
1287 }
1288 if( $this->isNewbie() ) {
1289 if( isset( $limits['newbie'] ) && $id != 0 ) {
1290 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1291 }
1292 if( isset( $limits['ip'] ) ) {
1293 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1294 }
1295 $matches = array();
1296 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1297 $subnet = $matches[1];
1298 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1299 }
1300 }
1301 // Check for group-specific permissions
1302 // If more than one group applies, use the group with the highest limit
1303 foreach ( $this->getGroups() as $group ) {
1304 if ( isset( $limits[$group] ) ) {
1305 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1306 $userLimit = $limits[$group];
1307 }
1308 }
1309 }
1310 // Set the user limit key
1311 if ( $userLimit !== false ) {
1312 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1313 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1314 }
1315
1316 $triggered = false;
1317 foreach( $keys as $key => $limit ) {
1318 list( $max, $period ) = $limit;
1319 $summary = "(limit $max in {$period}s)";
1320 $count = $wgMemc->get( $key );
1321 // Already pinged?
1322 if( $count ) {
1323 if( $count > $max ) {
1324 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1325 if( $wgRateLimitLog ) {
1326 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1327 }
1328 $triggered = true;
1329 } else {
1330 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1331 }
1332 } else {
1333 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1334 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1335 }
1336 $wgMemc->incr( $key );
1337 }
1338
1339 wfProfileOut( __METHOD__ );
1340 return $triggered;
1341 }
1342
1343 /**
1344 * Check if user is blocked
1345 *
1346 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1347 * @return \bool True if blocked, false otherwise
1348 */
1349 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1350 wfDebug( "User::isBlocked: enter\n" );
1351 $this->getBlockedStatus( $bFromSlave );
1352 return $this->mBlockedby !== 0;
1353 }
1354
1355 /**
1356 * Check if user is blocked from editing a particular article
1357 *
1358 * @param $title \string Title to check
1359 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1360 * @return \bool True if blocked, false otherwise
1361 */
1362 function isBlockedFrom( $title, $bFromSlave = false ) {
1363 global $wgBlockAllowsUTEdit;
1364 wfProfileIn( __METHOD__ );
1365 wfDebug( __METHOD__ . ": enter\n" );
1366
1367 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1368 $blocked = $this->isBlocked( $bFromSlave );
1369 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1370 # If a user's name is suppressed, they cannot make edits anywhere
1371 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1372 $title->getNamespace() == NS_USER_TALK ) {
1373 $blocked = false;
1374 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1375 }
1376
1377 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1378
1379 wfProfileOut( __METHOD__ );
1380 return $blocked;
1381 }
1382
1383 /**
1384 * If user is blocked, return the name of the user who placed the block
1385 * @return \string name of blocker
1386 */
1387 function blockedBy() {
1388 $this->getBlockedStatus();
1389 return $this->mBlockedby;
1390 }
1391
1392 /**
1393 * If user is blocked, return the specified reason for the block
1394 * @return \string Blocking reason
1395 */
1396 function blockedFor() {
1397 $this->getBlockedStatus();
1398 return $this->mBlockreason;
1399 }
1400
1401 /**
1402 * If user is blocked, return the ID for the block
1403 * @return \int Block ID
1404 */
1405 function getBlockId() {
1406 $this->getBlockedStatus();
1407 return ( $this->mBlock ? $this->mBlock->mId : false );
1408 }
1409
1410 /**
1411 * Check if user is blocked on all wikis.
1412 * Do not use for actual edit permission checks!
1413 * This is intented for quick UI checks.
1414 *
1415 * @param $ip \type{\string} IP address, uses current client if none given
1416 * @return \type{\bool} True if blocked, false otherwise
1417 */
1418 function isBlockedGlobally( $ip = '' ) {
1419 if( $this->mBlockedGlobally !== null ) {
1420 return $this->mBlockedGlobally;
1421 }
1422 // User is already an IP?
1423 if( IP::isIPAddress( $this->getName() ) ) {
1424 $ip = $this->getName();
1425 } else if( !$ip ) {
1426 $ip = wfGetIP();
1427 }
1428 $blocked = false;
1429 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1430 $this->mBlockedGlobally = (bool)$blocked;
1431 return $this->mBlockedGlobally;
1432 }
1433
1434 /**
1435 * Check if user account is locked
1436 *
1437 * @return \type{\bool} True if locked, false otherwise
1438 */
1439 function isLocked() {
1440 if( $this->mLocked !== null ) {
1441 return $this->mLocked;
1442 }
1443 global $wgAuth;
1444 $authUser = $wgAuth->getUserInstance( $this );
1445 $this->mLocked = (bool)$authUser->isLocked();
1446 return $this->mLocked;
1447 }
1448
1449 /**
1450 * Check if user account is hidden
1451 *
1452 * @return \type{\bool} True if hidden, false otherwise
1453 */
1454 function isHidden() {
1455 if( $this->mHideName !== null ) {
1456 return $this->mHideName;
1457 }
1458 $this->getBlockedStatus();
1459 if( !$this->mHideName ) {
1460 global $wgAuth;
1461 $authUser = $wgAuth->getUserInstance( $this );
1462 $this->mHideName = (bool)$authUser->isHidden();
1463 }
1464 return $this->mHideName;
1465 }
1466
1467 /**
1468 * Get the user's ID.
1469 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1470 */
1471 function getId() {
1472 if( $this->mId === null and $this->mName !== null
1473 and User::isIP( $this->mName ) ) {
1474 // Special case, we know the user is anonymous
1475 return 0;
1476 } elseif( $this->mId === null ) {
1477 // Don't load if this was initialized from an ID
1478 $this->load();
1479 }
1480 return $this->mId;
1481 }
1482
1483 /**
1484 * Set the user and reload all fields according to a given ID
1485 * @param $v \int User ID to reload
1486 */
1487 function setId( $v ) {
1488 $this->mId = $v;
1489 $this->clearInstanceCache( 'id' );
1490 }
1491
1492 /**
1493 * Get the user name, or the IP of an anonymous user
1494 * @return \string User's name or IP address
1495 */
1496 function getName() {
1497 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1498 # Special case optimisation
1499 return $this->mName;
1500 } else {
1501 $this->load();
1502 if ( $this->mName === false ) {
1503 # Clean up IPs
1504 $this->mName = IP::sanitizeIP( wfGetIP() );
1505 }
1506 return $this->mName;
1507 }
1508 }
1509
1510 /**
1511 * Set the user name.
1512 *
1513 * This does not reload fields from the database according to the given
1514 * name. Rather, it is used to create a temporary "nonexistent user" for
1515 * later addition to the database. It can also be used to set the IP
1516 * address for an anonymous user to something other than the current
1517 * remote IP.
1518 *
1519 * @note User::newFromName() has rougly the same function, when the named user
1520 * does not exist.
1521 * @param $str \string New user name to set
1522 */
1523 function setName( $str ) {
1524 $this->load();
1525 $this->mName = $str;
1526 }
1527
1528 /**
1529 * Get the user's name escaped by underscores.
1530 * @return \string Username escaped by underscores.
1531 */
1532 function getTitleKey() {
1533 return str_replace( ' ', '_', $this->getName() );
1534 }
1535
1536 /**
1537 * Check if the user has new messages.
1538 * @return \bool True if the user has new messages
1539 */
1540 function getNewtalk() {
1541 $this->load();
1542
1543 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1544 if( $this->mNewtalk === -1 ) {
1545 $this->mNewtalk = false; # reset talk page status
1546
1547 # Check memcached separately for anons, who have no
1548 # entire User object stored in there.
1549 if( !$this->mId ) {
1550 global $wgMemc;
1551 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1552 $newtalk = $wgMemc->get( $key );
1553 if( strval( $newtalk ) !== '' ) {
1554 $this->mNewtalk = (bool)$newtalk;
1555 } else {
1556 // Since we are caching this, make sure it is up to date by getting it
1557 // from the master
1558 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1559 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1560 }
1561 } else {
1562 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1563 }
1564 }
1565
1566 return (bool)$this->mNewtalk;
1567 }
1568
1569 /**
1570 * Return the talk page(s) this user has new messages on.
1571 * @return \type{\arrayof{\string}} Array of page URLs
1572 */
1573 function getNewMessageLinks() {
1574 $talks = array();
1575 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1576 return $talks;
1577
1578 if( !$this->getNewtalk() )
1579 return array();
1580 $up = $this->getUserPage();
1581 $utp = $up->getTalkPage();
1582 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1583 }
1584
1585 /**
1586 * Internal uncached check for new messages
1587 *
1588 * @see getNewtalk()
1589 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1590 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1591 * @param $fromMaster \bool true to fetch from the master, false for a slave
1592 * @return \bool True if the user has new messages
1593 * @private
1594 */
1595 function checkNewtalk( $field, $id, $fromMaster = false ) {
1596 if ( $fromMaster ) {
1597 $db = wfGetDB( DB_MASTER );
1598 } else {
1599 $db = wfGetDB( DB_SLAVE );
1600 }
1601 $ok = $db->selectField( 'user_newtalk', $field,
1602 array( $field => $id ), __METHOD__ );
1603 return $ok !== false;
1604 }
1605
1606 /**
1607 * Add or update the new messages flag
1608 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1609 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1610 * @return \bool True if successful, false otherwise
1611 * @private
1612 */
1613 function updateNewtalk( $field, $id ) {
1614 $dbw = wfGetDB( DB_MASTER );
1615 $dbw->insert( 'user_newtalk',
1616 array( $field => $id ),
1617 __METHOD__,
1618 'IGNORE' );
1619 if ( $dbw->affectedRows() ) {
1620 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1621 return true;
1622 } else {
1623 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1624 return false;
1625 }
1626 }
1627
1628 /**
1629 * Clear the new messages flag for the given user
1630 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1631 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1632 * @return \bool True if successful, false otherwise
1633 * @private
1634 */
1635 function deleteNewtalk( $field, $id ) {
1636 $dbw = wfGetDB( DB_MASTER );
1637 $dbw->delete( 'user_newtalk',
1638 array( $field => $id ),
1639 __METHOD__ );
1640 if ( $dbw->affectedRows() ) {
1641 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1642 return true;
1643 } else {
1644 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1645 return false;
1646 }
1647 }
1648
1649 /**
1650 * Update the 'You have new messages!' status.
1651 * @param $val \bool Whether the user has new messages
1652 */
1653 function setNewtalk( $val ) {
1654 if( wfReadOnly() ) {
1655 return;
1656 }
1657
1658 $this->load();
1659 $this->mNewtalk = $val;
1660
1661 if( $this->isAnon() ) {
1662 $field = 'user_ip';
1663 $id = $this->getName();
1664 } else {
1665 $field = 'user_id';
1666 $id = $this->getId();
1667 }
1668 global $wgMemc;
1669
1670 if( $val ) {
1671 $changed = $this->updateNewtalk( $field, $id );
1672 } else {
1673 $changed = $this->deleteNewtalk( $field, $id );
1674 }
1675
1676 if( $this->isAnon() ) {
1677 // Anons have a separate memcached space, since
1678 // user records aren't kept for them.
1679 $key = wfMemcKey( 'newtalk', 'ip', $id );
1680 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1681 }
1682 if ( $changed ) {
1683 $this->invalidateCache();
1684 }
1685 }
1686
1687 /**
1688 * Generate a current or new-future timestamp to be stored in the
1689 * user_touched field when we update things.
1690 * @return \string Timestamp in TS_MW format
1691 */
1692 private static function newTouchedTimestamp() {
1693 global $wgClockSkewFudge;
1694 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1695 }
1696
1697 /**
1698 * Clear user data from memcached.
1699 * Use after applying fun updates to the database; caller's
1700 * responsibility to update user_touched if appropriate.
1701 *
1702 * Called implicitly from invalidateCache() and saveSettings().
1703 */
1704 private function clearSharedCache() {
1705 $this->load();
1706 if( $this->mId ) {
1707 global $wgMemc;
1708 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1709 }
1710 }
1711
1712 /**
1713 * Immediately touch the user data cache for this account.
1714 * Updates user_touched field, and removes account data from memcached
1715 * for reload on the next hit.
1716 */
1717 function invalidateCache() {
1718 if( wfReadOnly() ) {
1719 return;
1720 }
1721 $this->load();
1722 if( $this->mId ) {
1723 $this->mTouched = self::newTouchedTimestamp();
1724
1725 $dbw = wfGetDB( DB_MASTER );
1726 $dbw->update( 'user',
1727 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1728 array( 'user_id' => $this->mId ),
1729 __METHOD__ );
1730
1731 $this->clearSharedCache();
1732 }
1733 }
1734
1735 /**
1736 * Validate the cache for this account.
1737 * @param $timestamp \string A timestamp in TS_MW format
1738 */
1739 function validateCache( $timestamp ) {
1740 $this->load();
1741 return ( $timestamp >= $this->mTouched );
1742 }
1743
1744 /**
1745 * Get the user touched timestamp
1746 */
1747 function getTouched() {
1748 $this->load();
1749 return $this->mTouched;
1750 }
1751
1752 /**
1753 * Set the password and reset the random token.
1754 * Calls through to authentication plugin if necessary;
1755 * will have no effect if the auth plugin refuses to
1756 * pass the change through or if the legal password
1757 * checks fail.
1758 *
1759 * As a special case, setting the password to null
1760 * wipes it, so the account cannot be logged in until
1761 * a new password is set, for instance via e-mail.
1762 *
1763 * @param $str \string New password to set
1764 * @throws PasswordError on failure
1765 */
1766 function setPassword( $str ) {
1767 global $wgAuth;
1768
1769 if( $str !== null ) {
1770 if( !$wgAuth->allowPasswordChange() ) {
1771 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1772 }
1773
1774 if( !$this->isValidPassword( $str ) ) {
1775 global $wgMinimalPasswordLength;
1776 $valid = $this->getPasswordValidity( $str );
1777 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1778 $wgMinimalPasswordLength ) );
1779 }
1780 }
1781
1782 if( !$wgAuth->setPassword( $this, $str ) ) {
1783 throw new PasswordError( wfMsg( 'externaldberror' ) );
1784 }
1785
1786 $this->setInternalPassword( $str );
1787
1788 return true;
1789 }
1790
1791 /**
1792 * Set the password and reset the random token unconditionally.
1793 *
1794 * @param $str \string New password to set
1795 */
1796 function setInternalPassword( $str ) {
1797 $this->load();
1798 $this->setToken();
1799
1800 if( $str === null ) {
1801 // Save an invalid hash...
1802 $this->mPassword = '';
1803 } else {
1804 $this->mPassword = self::crypt( $str );
1805 }
1806 $this->mNewpassword = '';
1807 $this->mNewpassTime = null;
1808 }
1809
1810 /**
1811 * Get the user's current token.
1812 * @return \string Token
1813 */
1814 function getToken() {
1815 $this->load();
1816 return $this->mToken;
1817 }
1818
1819 /**
1820 * Set the random token (used for persistent authentication)
1821 * Called from loadDefaults() among other places.
1822 *
1823 * @param $token \string If specified, set the token to this value
1824 * @private
1825 */
1826 function setToken( $token = false ) {
1827 global $wgSecretKey, $wgProxyKey;
1828 $this->load();
1829 if ( !$token ) {
1830 if ( $wgSecretKey ) {
1831 $key = $wgSecretKey;
1832 } elseif ( $wgProxyKey ) {
1833 $key = $wgProxyKey;
1834 } else {
1835 $key = microtime();
1836 }
1837 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1838 } else {
1839 $this->mToken = $token;
1840 }
1841 }
1842
1843 /**
1844 * Set the cookie password
1845 *
1846 * @param $str \string New cookie password
1847 * @private
1848 */
1849 function setCookiePassword( $str ) {
1850 $this->load();
1851 $this->mCookiePassword = md5( $str );
1852 }
1853
1854 /**
1855 * Set the password for a password reminder or new account email
1856 *
1857 * @param $str \string New password to set
1858 * @param $throttle \bool If true, reset the throttle timestamp to the present
1859 */
1860 function setNewpassword( $str, $throttle = true ) {
1861 $this->load();
1862 $this->mNewpassword = self::crypt( $str );
1863 if ( $throttle ) {
1864 $this->mNewpassTime = wfTimestampNow();
1865 }
1866 }
1867
1868 /**
1869 * Has password reminder email been sent within the last
1870 * $wgPasswordReminderResendTime hours?
1871 * @return \bool True or false
1872 */
1873 function isPasswordReminderThrottled() {
1874 global $wgPasswordReminderResendTime;
1875 $this->load();
1876 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1877 return false;
1878 }
1879 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1880 return time() < $expiry;
1881 }
1882
1883 /**
1884 * Get the user's e-mail address
1885 * @return \string User's email address
1886 */
1887 function getEmail() {
1888 $this->load();
1889 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1890 return $this->mEmail;
1891 }
1892
1893 /**
1894 * Get the timestamp of the user's e-mail authentication
1895 * @return \string TS_MW timestamp
1896 */
1897 function getEmailAuthenticationTimestamp() {
1898 $this->load();
1899 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1900 return $this->mEmailAuthenticated;
1901 }
1902
1903 /**
1904 * Set the user's e-mail address
1905 * @param $str \string New e-mail address
1906 */
1907 function setEmail( $str ) {
1908 $this->load();
1909 $this->mEmail = $str;
1910 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1911 }
1912
1913 /**
1914 * Get the user's real name
1915 * @return \string User's real name
1916 */
1917 function getRealName() {
1918 $this->load();
1919 return $this->mRealName;
1920 }
1921
1922 /**
1923 * Set the user's real name
1924 * @param $str \string New real name
1925 */
1926 function setRealName( $str ) {
1927 $this->load();
1928 $this->mRealName = $str;
1929 }
1930
1931 /**
1932 * Get the user's current setting for a given option.
1933 *
1934 * @param $oname \string The option to check
1935 * @param $defaultOverride \string A default value returned if the option does not exist
1936 * @return \string User's current value for the option
1937 * @see getBoolOption()
1938 * @see getIntOption()
1939 */
1940 function getOption( $oname, $defaultOverride = null ) {
1941 $this->loadOptions();
1942
1943 if ( is_null( $this->mOptions ) ) {
1944 if($defaultOverride != '') {
1945 return $defaultOverride;
1946 }
1947 $this->mOptions = User::getDefaultOptions();
1948 }
1949
1950 if ( array_key_exists( $oname, $this->mOptions ) ) {
1951 return $this->mOptions[$oname];
1952 } else {
1953 return $defaultOverride;
1954 }
1955 }
1956
1957 /**
1958 * Get all user's options
1959 *
1960 * @return array
1961 */
1962 public function getOptions() {
1963 $this->loadOptions();
1964 return $this->mOptions;
1965 }
1966
1967 /**
1968 * Get the user's current setting for a given option, as a boolean value.
1969 *
1970 * @param $oname \string The option to check
1971 * @return \bool User's current value for the option
1972 * @see getOption()
1973 */
1974 function getBoolOption( $oname ) {
1975 return (bool)$this->getOption( $oname );
1976 }
1977
1978
1979 /**
1980 * Get the user's current setting for a given option, as a boolean value.
1981 *
1982 * @param $oname \string The option to check
1983 * @param $defaultOverride \int A default value returned if the option does not exist
1984 * @return \int User's current value for the option
1985 * @see getOption()
1986 */
1987 function getIntOption( $oname, $defaultOverride=0 ) {
1988 $val = $this->getOption( $oname );
1989 if( $val == '' ) {
1990 $val = $defaultOverride;
1991 }
1992 return intval( $val );
1993 }
1994
1995 /**
1996 * Set the given option for a user.
1997 *
1998 * @param $oname \string The option to set
1999 * @param $val \mixed New value to set
2000 */
2001 function setOption( $oname, $val ) {
2002 $this->load();
2003 $this->loadOptions();
2004
2005 if ( $oname == 'skin' ) {
2006 # Clear cached skin, so the new one displays immediately in Special:Preferences
2007 $this->mSkin = null;
2008 }
2009
2010 // Explicitly NULL values should refer to defaults
2011 global $wgDefaultUserOptions;
2012 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2013 $val = $wgDefaultUserOptions[$oname];
2014 }
2015
2016 $this->mOptions[$oname] = $val;
2017 }
2018
2019 /**
2020 * Reset all options to the site defaults
2021 */
2022 function resetOptions() {
2023 $this->mOptions = User::getDefaultOptions();
2024 }
2025
2026 /**
2027 * Get the user's preferred date format.
2028 * @return \string User's preferred date format
2029 */
2030 function getDatePreference() {
2031 // Important migration for old data rows
2032 if ( is_null( $this->mDatePreference ) ) {
2033 global $wgLang;
2034 $value = $this->getOption( 'date' );
2035 $map = $wgLang->getDatePreferenceMigrationMap();
2036 if ( isset( $map[$value] ) ) {
2037 $value = $map[$value];
2038 }
2039 $this->mDatePreference = $value;
2040 }
2041 return $this->mDatePreference;
2042 }
2043
2044 /**
2045 * Get the user preferred stub threshold
2046 */
2047 function getStubThreshold() {
2048 global $wgMaxArticleSize; # Maximum article size, in Kb
2049 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2050 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2051 # If they have set an impossible value, disable the preference
2052 # so we can use the parser cache again.
2053 $threshold = 0;
2054 }
2055 return $threshold;
2056 }
2057
2058 /**
2059 * Get the permissions this user has.
2060 * @return \type{\arrayof{\string}} Array of permission names
2061 */
2062 function getRights() {
2063 if ( is_null( $this->mRights ) ) {
2064 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2065 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2066 // Force reindexation of rights when a hook has unset one of them
2067 $this->mRights = array_values( $this->mRights );
2068 }
2069 return $this->mRights;
2070 }
2071
2072 /**
2073 * Get the list of explicit group memberships this user has.
2074 * The implicit * and user groups are not included.
2075 * @return \type{\arrayof{\string}} Array of internal group names
2076 */
2077 function getGroups() {
2078 $this->load();
2079 return $this->mGroups;
2080 }
2081
2082 /**
2083 * Get the list of implicit group memberships this user has.
2084 * This includes all explicit groups, plus 'user' if logged in,
2085 * '*' for all accounts and autopromoted groups
2086 * @param $recache \bool Whether to avoid the cache
2087 * @return \type{\arrayof{\string}} Array of internal group names
2088 */
2089 function getEffectiveGroups( $recache = false ) {
2090 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2091 wfProfileIn( __METHOD__ );
2092 $this->mEffectiveGroups = $this->getGroups();
2093 $this->mEffectiveGroups[] = '*';
2094 if( $this->getId() ) {
2095 $this->mEffectiveGroups[] = 'user';
2096
2097 $this->mEffectiveGroups = array_unique( array_merge(
2098 $this->mEffectiveGroups,
2099 Autopromote::getAutopromoteGroups( $this )
2100 ) );
2101
2102 # Hook for additional groups
2103 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2104 }
2105 wfProfileOut( __METHOD__ );
2106 }
2107 return $this->mEffectiveGroups;
2108 }
2109
2110 /**
2111 * Get the user's edit count.
2112 * @return \int User'e edit count
2113 */
2114 function getEditCount() {
2115 if( $this->getId() ) {
2116 if ( !isset( $this->mEditCount ) ) {
2117 /* Populate the count, if it has not been populated yet */
2118 $this->mEditCount = User::edits( $this->mId );
2119 }
2120 return $this->mEditCount;
2121 } else {
2122 /* nil */
2123 return null;
2124 }
2125 }
2126
2127 /**
2128 * Add the user to the given group.
2129 * This takes immediate effect.
2130 * @param $group \string Name of the group to add
2131 */
2132 function addGroup( $group ) {
2133 $dbw = wfGetDB( DB_MASTER );
2134 if( $this->getId() ) {
2135 $dbw->insert( 'user_groups',
2136 array(
2137 'ug_user' => $this->getID(),
2138 'ug_group' => $group,
2139 ),
2140 __METHOD__,
2141 array( 'IGNORE' ) );
2142 }
2143
2144 $this->loadGroups();
2145 $this->mGroups[] = $group;
2146 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2147
2148 $this->invalidateCache();
2149 }
2150
2151 /**
2152 * Remove the user from the given group.
2153 * This takes immediate effect.
2154 * @param $group \string Name of the group to remove
2155 */
2156 function removeGroup( $group ) {
2157 $this->load();
2158 $dbw = wfGetDB( DB_MASTER );
2159 $dbw->delete( 'user_groups',
2160 array(
2161 'ug_user' => $this->getID(),
2162 'ug_group' => $group,
2163 ), __METHOD__ );
2164
2165 $this->loadGroups();
2166 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2167 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2168
2169 $this->invalidateCache();
2170 }
2171
2172 /**
2173 * Get whether the user is logged in
2174 * @return \bool True or false
2175 */
2176 function isLoggedIn() {
2177 return $this->getID() != 0;
2178 }
2179
2180 /**
2181 * Get whether the user is anonymous
2182 * @return \bool True or false
2183 */
2184 function isAnon() {
2185 return !$this->isLoggedIn();
2186 }
2187
2188 /**
2189 * Get whether the user is a bot
2190 * @return \bool True or false
2191 * @deprecated
2192 */
2193 function isBot() {
2194 wfDeprecated( __METHOD__ );
2195 return $this->isAllowed( 'bot' );
2196 }
2197
2198 /**
2199 * Check if user is allowed to access a feature / make an action
2200 * @param $action \string action to be checked
2201 * @return \bool True if action is allowed, else false
2202 */
2203 function isAllowed( $action = '' ) {
2204 if ( $action === '' )
2205 return true; // In the spirit of DWIM
2206 # Patrolling may not be enabled
2207 if( $action === 'patrol' || $action === 'autopatrol' ) {
2208 global $wgUseRCPatrol, $wgUseNPPatrol;
2209 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2210 return false;
2211 }
2212 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2213 # by misconfiguration: 0 == 'foo'
2214 return in_array( $action, $this->getRights(), true );
2215 }
2216
2217 /**
2218 * Check whether to enable recent changes patrol features for this user
2219 * @return \bool True or false
2220 */
2221 public function useRCPatrol() {
2222 global $wgUseRCPatrol;
2223 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2224 }
2225
2226 /**
2227 * Check whether to enable new pages patrol features for this user
2228 * @return \bool True or false
2229 */
2230 public function useNPPatrol() {
2231 global $wgUseRCPatrol, $wgUseNPPatrol;
2232 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2233 }
2234
2235 /**
2236 * Get the current skin, loading it if required, and setting a title
2237 * @param $t Title: the title to use in the skin
2238 * @return Skin The current skin
2239 * @todo FIXME : need to check the old failback system [AV]
2240 */
2241 function getSkin( $t = null ) {
2242 if ( $t ) {
2243 $skin = $this->createSkinObject();
2244 $skin->setTitle( $t );
2245 return $skin;
2246 } else {
2247 if ( ! $this->mSkin ) {
2248 $this->mSkin = $this->createSkinObject();
2249 }
2250
2251 if ( ! $this->mSkin->getTitle() ) {
2252 global $wgOut;
2253 $t = $wgOut->getTitle();
2254 $this->mSkin->setTitle($t);
2255 }
2256
2257 return $this->mSkin;
2258 }
2259 }
2260
2261 // Creates a Skin object, for getSkin()
2262 private function createSkinObject() {
2263 wfProfileIn( __METHOD__ );
2264
2265 global $wgHiddenPrefs;
2266 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2267 # get the user skin
2268 global $wgRequest;
2269 $userSkin = $this->getOption( 'skin' );
2270 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2271 } else {
2272 # if we're not allowing users to override, then use the default
2273 global $wgDefaultSkin;
2274 $userSkin = $wgDefaultSkin;
2275 }
2276
2277 $skin = Skin::newFromKey( $userSkin );
2278 wfProfileOut( __METHOD__ );
2279
2280 return $skin;
2281 }
2282
2283 /**
2284 * Check the watched status of an article.
2285 * @param $title \type{Title} Title of the article to look at
2286 * @return \bool True if article is watched
2287 */
2288 function isWatched( $title ) {
2289 $wl = WatchedItem::fromUserTitle( $this, $title );
2290 return $wl->isWatched();
2291 }
2292
2293 /**
2294 * Watch an article.
2295 * @param $title \type{Title} Title of the article to look at
2296 */
2297 function addWatch( $title ) {
2298 $wl = WatchedItem::fromUserTitle( $this, $title );
2299 $wl->addWatch();
2300 $this->invalidateCache();
2301 }
2302
2303 /**
2304 * Stop watching an article.
2305 * @param $title \type{Title} Title of the article to look at
2306 */
2307 function removeWatch( $title ) {
2308 $wl = WatchedItem::fromUserTitle( $this, $title );
2309 $wl->removeWatch();
2310 $this->invalidateCache();
2311 }
2312
2313 /**
2314 * Clear the user's notification timestamp for the given title.
2315 * If e-notif e-mails are on, they will receive notification mails on
2316 * the next change of the page if it's watched etc.
2317 * @param $title \type{Title} Title of the article to look at
2318 */
2319 function clearNotification( &$title ) {
2320 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2321
2322 # Do nothing if the database is locked to writes
2323 if( wfReadOnly() ) {
2324 return;
2325 }
2326
2327 if( $title->getNamespace() == NS_USER_TALK &&
2328 $title->getText() == $this->getName() ) {
2329 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2330 return;
2331 $this->setNewtalk( false );
2332 }
2333
2334 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2335 return;
2336 }
2337
2338 if( $this->isAnon() ) {
2339 // Nothing else to do...
2340 return;
2341 }
2342
2343 // Only update the timestamp if the page is being watched.
2344 // The query to find out if it is watched is cached both in memcached and per-invocation,
2345 // and when it does have to be executed, it can be on a slave
2346 // If this is the user's newtalk page, we always update the timestamp
2347 if( $title->getNamespace() == NS_USER_TALK &&
2348 $title->getText() == $wgUser->getName() )
2349 {
2350 $watched = true;
2351 } elseif ( $this->getId() == $wgUser->getId() ) {
2352 $watched = $title->userIsWatching();
2353 } else {
2354 $watched = true;
2355 }
2356
2357 // If the page is watched by the user (or may be watched), update the timestamp on any
2358 // any matching rows
2359 if ( $watched ) {
2360 $dbw = wfGetDB( DB_MASTER );
2361 $dbw->update( 'watchlist',
2362 array( /* SET */
2363 'wl_notificationtimestamp' => null
2364 ), array( /* WHERE */
2365 'wl_title' => $title->getDBkey(),
2366 'wl_namespace' => $title->getNamespace(),
2367 'wl_user' => $this->getID()
2368 ), __METHOD__
2369 );
2370 }
2371 }
2372
2373 /**
2374 * Resets all of the given user's page-change notification timestamps.
2375 * If e-notif e-mails are on, they will receive notification mails on
2376 * the next change of any watched page.
2377 *
2378 * @param $currentUser \int User ID
2379 */
2380 function clearAllNotifications( $currentUser ) {
2381 global $wgUseEnotif, $wgShowUpdatedMarker;
2382 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2383 $this->setNewtalk( false );
2384 return;
2385 }
2386 if( $currentUser != 0 ) {
2387 $dbw = wfGetDB( DB_MASTER );
2388 $dbw->update( 'watchlist',
2389 array( /* SET */
2390 'wl_notificationtimestamp' => null
2391 ), array( /* WHERE */
2392 'wl_user' => $currentUser
2393 ), __METHOD__
2394 );
2395 # We also need to clear here the "you have new message" notification for the own user_talk page
2396 # This is cleared one page view later in Article::viewUpdates();
2397 }
2398 }
2399
2400 /**
2401 * Set this user's options from an encoded string
2402 * @param $str \string Encoded options to import
2403 * @private
2404 */
2405 function decodeOptions( $str ) {
2406 if( !$str )
2407 return;
2408
2409 $this->mOptionsLoaded = true;
2410 $this->mOptionOverrides = array();
2411
2412 // If an option is not set in $str, use the default value
2413 $this->mOptions = self::getDefaultOptions();
2414
2415 $a = explode( "\n", $str );
2416 foreach ( $a as $s ) {
2417 $m = array();
2418 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2419 $this->mOptions[$m[1]] = $m[2];
2420 $this->mOptionOverrides[$m[1]] = $m[2];
2421 }
2422 }
2423 }
2424
2425 /**
2426 * Set a cookie on the user's client. Wrapper for
2427 * WebResponse::setCookie
2428 * @param $name \string Name of the cookie to set
2429 * @param $value \string Value to set
2430 * @param $exp \int Expiration time, as a UNIX time value;
2431 * if 0 or not specified, use the default $wgCookieExpiration
2432 */
2433 protected function setCookie( $name, $value, $exp = 0 ) {
2434 global $wgRequest;
2435 $wgRequest->response()->setcookie( $name, $value, $exp );
2436 }
2437
2438 /**
2439 * Clear a cookie on the user's client
2440 * @param $name \string Name of the cookie to clear
2441 */
2442 protected function clearCookie( $name ) {
2443 $this->setCookie( $name, '', time() - 86400 );
2444 }
2445
2446 /**
2447 * Set the default cookies for this session on the user's client.
2448 */
2449 function setCookies() {
2450 $this->load();
2451 if ( 0 == $this->mId ) return;
2452 $session = array(
2453 'wsUserID' => $this->mId,
2454 'wsToken' => $this->mToken,
2455 'wsUserName' => $this->getName()
2456 );
2457 $cookies = array(
2458 'UserID' => $this->mId,
2459 'UserName' => $this->getName(),
2460 );
2461 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2462 $cookies['Token'] = $this->mToken;
2463 } else {
2464 $cookies['Token'] = false;
2465 }
2466
2467 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2468 #check for null, since the hook could cause a null value
2469 if ( !is_null( $session ) && isset( $_SESSION ) ){
2470 $_SESSION = $session + $_SESSION;
2471 }
2472 foreach ( $cookies as $name => $value ) {
2473 if ( $value === false ) {
2474 $this->clearCookie( $name );
2475 } else {
2476 $this->setCookie( $name, $value );
2477 }
2478 }
2479 }
2480
2481 /**
2482 * Log this user out.
2483 */
2484 function logout() {
2485 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2486 $this->doLogout();
2487 }
2488 }
2489
2490 /**
2491 * Clear the user's cookies and session, and reset the instance cache.
2492 * @private
2493 * @see logout()
2494 */
2495 function doLogout() {
2496 $this->clearInstanceCache( 'defaults' );
2497
2498 $_SESSION['wsUserID'] = 0;
2499
2500 $this->clearCookie( 'UserID' );
2501 $this->clearCookie( 'Token' );
2502
2503 # Remember when user logged out, to prevent seeing cached pages
2504 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2505 }
2506
2507 /**
2508 * Save this user's settings into the database.
2509 * @todo Only rarely do all these fields need to be set!
2510 */
2511 function saveSettings() {
2512 $this->load();
2513 if ( wfReadOnly() ) { return; }
2514 if ( 0 == $this->mId ) { return; }
2515
2516 $this->mTouched = self::newTouchedTimestamp();
2517
2518 $dbw = wfGetDB( DB_MASTER );
2519 $dbw->update( 'user',
2520 array( /* SET */
2521 'user_name' => $this->mName,
2522 'user_password' => $this->mPassword,
2523 'user_newpassword' => $this->mNewpassword,
2524 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2525 'user_real_name' => $this->mRealName,
2526 'user_email' => $this->mEmail,
2527 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2528 'user_options' => '',
2529 'user_touched' => $dbw->timestamp( $this->mTouched ),
2530 'user_token' => $this->mToken,
2531 'user_email_token' => $this->mEmailToken,
2532 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2533 ), array( /* WHERE */
2534 'user_id' => $this->mId
2535 ), __METHOD__
2536 );
2537
2538 $this->saveOptions();
2539
2540 wfRunHooks( 'UserSaveSettings', array( $this ) );
2541 $this->clearSharedCache();
2542 $this->getUserPage()->invalidateCache();
2543 }
2544
2545 /**
2546 * If only this user's username is known, and it exists, return the user ID.
2547 */
2548 function idForName() {
2549 $s = trim( $this->getName() );
2550 if ( $s === '' ) return 0;
2551
2552 $dbr = wfGetDB( DB_SLAVE );
2553 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2554 if ( $id === false ) {
2555 $id = 0;
2556 }
2557 return $id;
2558 }
2559
2560 /**
2561 * Add a user to the database, return the user object
2562 *
2563 * @param $name \string Username to add
2564 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2565 * - password The user's password. Password logins will be disabled if this is omitted.
2566 * - newpassword A temporary password mailed to the user
2567 * - email The user's email address
2568 * - email_authenticated The email authentication timestamp
2569 * - real_name The user's real name
2570 * - options An associative array of non-default options
2571 * - token Random authentication token. Do not set.
2572 * - registration Registration timestamp. Do not set.
2573 *
2574 * @return \type{User} A new User object, or null if the username already exists
2575 */
2576 static function createNew( $name, $params = array() ) {
2577 $user = new User;
2578 $user->load();
2579 if ( isset( $params['options'] ) ) {
2580 $user->mOptions = $params['options'] + (array)$user->mOptions;
2581 unset( $params['options'] );
2582 }
2583 $dbw = wfGetDB( DB_MASTER );
2584 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2585 $fields = array(
2586 'user_id' => $seqVal,
2587 'user_name' => $name,
2588 'user_password' => $user->mPassword,
2589 'user_newpassword' => $user->mNewpassword,
2590 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2591 'user_email' => $user->mEmail,
2592 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2593 'user_real_name' => $user->mRealName,
2594 'user_options' => '',
2595 'user_token' => $user->mToken,
2596 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2597 'user_editcount' => 0,
2598 );
2599 foreach ( $params as $name => $value ) {
2600 $fields["user_$name"] = $value;
2601 }
2602 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2603 if ( $dbw->affectedRows() ) {
2604 $newUser = User::newFromId( $dbw->insertId() );
2605 } else {
2606 $newUser = null;
2607 }
2608 return $newUser;
2609 }
2610
2611 /**
2612 * Add this existing user object to the database
2613 */
2614 function addToDatabase() {
2615 $this->load();
2616 $dbw = wfGetDB( DB_MASTER );
2617 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2618 $dbw->insert( 'user',
2619 array(
2620 'user_id' => $seqVal,
2621 'user_name' => $this->mName,
2622 'user_password' => $this->mPassword,
2623 'user_newpassword' => $this->mNewpassword,
2624 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2625 'user_email' => $this->mEmail,
2626 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2627 'user_real_name' => $this->mRealName,
2628 'user_options' => '',
2629 'user_token' => $this->mToken,
2630 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2631 'user_editcount' => 0,
2632 ), __METHOD__
2633 );
2634 $this->mId = $dbw->insertId();
2635
2636 // Clear instance cache other than user table data, which is already accurate
2637 $this->clearInstanceCache();
2638
2639 $this->saveOptions();
2640 }
2641
2642 /**
2643 * If this (non-anonymous) user is blocked, block any IP address
2644 * they've successfully logged in from.
2645 */
2646 function spreadBlock() {
2647 wfDebug( __METHOD__ . "()\n" );
2648 $this->load();
2649 if ( $this->mId == 0 ) {
2650 return;
2651 }
2652
2653 $userblock = Block::newFromDB( '', $this->mId );
2654 if ( !$userblock ) {
2655 return;
2656 }
2657
2658 $userblock->doAutoblock( wfGetIP() );
2659 }
2660
2661 /**
2662 * Generate a string which will be different for any combination of
2663 * user options which would produce different parser output.
2664 * This will be used as part of the hash key for the parser cache,
2665 * so users with the same options can share the same cached data
2666 * safely.
2667 *
2668 * Extensions which require it should install 'PageRenderingHash' hook,
2669 * which will give them a chance to modify this key based on their own
2670 * settings.
2671 *
2672 * @deprecated use the ParserOptions object to get the relevant options
2673 * @return \string Page rendering hash
2674 */
2675 function getPageRenderingHash() {
2676 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2677 if( $this->mHash ){
2678 return $this->mHash;
2679 }
2680 wfDeprecated( __METHOD__ );
2681
2682 // stubthreshold is only included below for completeness,
2683 // since it disables the parser cache, its value will always
2684 // be 0 when this function is called by parsercache.
2685
2686 $confstr = $this->getOption( 'math' );
2687 $confstr .= '!' . $this->getStubThreshold();
2688 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2689 $confstr .= '!' . $this->getDatePreference();
2690 }
2691 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2692 $confstr .= '!' . $wgLang->getCode();
2693 $confstr .= '!' . $this->getOption( 'thumbsize' );
2694 // add in language specific options, if any
2695 $extra = $wgContLang->getExtraHashOptions();
2696 $confstr .= $extra;
2697
2698 // Since the skin could be overloading link(), it should be
2699 // included here but in practice, none of our skins do that.
2700
2701 $confstr .= $wgRenderHashAppend;
2702
2703 // Give a chance for extensions to modify the hash, if they have
2704 // extra options or other effects on the parser cache.
2705 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2706
2707 // Make it a valid memcached key fragment
2708 $confstr = str_replace( ' ', '_', $confstr );
2709 $this->mHash = $confstr;
2710 return $confstr;
2711 }
2712
2713 /**
2714 * Get whether the user is explicitly blocked from account creation.
2715 * @return \bool True if blocked
2716 */
2717 function isBlockedFromCreateAccount() {
2718 $this->getBlockedStatus();
2719 return $this->mBlock && $this->mBlock->mCreateAccount;
2720 }
2721
2722 /**
2723 * Get whether the user is blocked from using Special:Emailuser.
2724 * @return \bool True if blocked
2725 */
2726 function isBlockedFromEmailuser() {
2727 $this->getBlockedStatus();
2728 return $this->mBlock && $this->mBlock->mBlockEmail;
2729 }
2730
2731 /**
2732 * Get whether the user is allowed to create an account.
2733 * @return \bool True if allowed
2734 */
2735 function isAllowedToCreateAccount() {
2736 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2737 }
2738
2739 /**
2740 * Get this user's personal page title.
2741 *
2742 * @return \type{Title} User's personal page title
2743 */
2744 function getUserPage() {
2745 return Title::makeTitle( NS_USER, $this->getName() );
2746 }
2747
2748 /**
2749 * Get this user's talk page title.
2750 *
2751 * @return \type{Title} User's talk page title
2752 */
2753 function getTalkPage() {
2754 $title = $this->getUserPage();
2755 return $title->getTalkPage();
2756 }
2757
2758 /**
2759 * Get the maximum valid user ID.
2760 * @return \int User ID
2761 * @static
2762 */
2763 function getMaxID() {
2764 static $res; // cache
2765
2766 if ( isset( $res ) ) {
2767 return $res;
2768 } else {
2769 $dbr = wfGetDB( DB_SLAVE );
2770 return $res = $dbr->selectField( 'user', 'max(user_id)', false, __METHOD__ );
2771 }
2772 }
2773
2774 /**
2775 * Determine whether the user is a newbie. Newbies are either
2776 * anonymous IPs, or the most recently created accounts.
2777 * @return \bool True if the user is a newbie
2778 */
2779 function isNewbie() {
2780 return !$this->isAllowed( 'autoconfirmed' );
2781 }
2782
2783 /**
2784 * Check to see if the given clear-text password is one of the accepted passwords
2785 * @param $password \string user password.
2786 * @return \bool True if the given password is correct, otherwise False.
2787 */
2788 function checkPassword( $password ) {
2789 global $wgAuth;
2790 $this->load();
2791
2792 // Even though we stop people from creating passwords that
2793 // are shorter than this, doesn't mean people wont be able
2794 // to. Certain authentication plugins do NOT want to save
2795 // domain passwords in a mysql database, so we should
2796 // check this (incase $wgAuth->strict() is false).
2797 if( !$this->isValidPassword( $password ) ) {
2798 return false;
2799 }
2800
2801 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2802 return true;
2803 } elseif( $wgAuth->strict() ) {
2804 /* Auth plugin doesn't allow local authentication */
2805 return false;
2806 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2807 /* Auth plugin doesn't allow local authentication for this user name */
2808 return false;
2809 }
2810 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2811 return true;
2812 } elseif ( function_exists( 'iconv' ) ) {
2813 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2814 # Check for this with iconv
2815 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2816 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2817 return true;
2818 }
2819 }
2820 return false;
2821 }
2822
2823 /**
2824 * Check if the given clear-text password matches the temporary password
2825 * sent by e-mail for password reset operations.
2826 * @return \bool True if matches, false otherwise
2827 */
2828 function checkTemporaryPassword( $plaintext ) {
2829 global $wgNewPasswordExpiry;
2830 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2831 $this->load();
2832 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2833 return ( time() < $expiry );
2834 } else {
2835 return false;
2836 }
2837 }
2838
2839 /**
2840 * Initialize (if necessary) and return a session token value
2841 * which can be used in edit forms to show that the user's
2842 * login credentials aren't being hijacked with a foreign form
2843 * submission.
2844 *
2845 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2846 * @return \string The new edit token
2847 */
2848 function editToken( $salt = '' ) {
2849 if ( $this->isAnon() ) {
2850 return EDIT_TOKEN_SUFFIX;
2851 } else {
2852 if( !isset( $_SESSION['wsEditToken'] ) ) {
2853 $token = self::generateToken();
2854 $_SESSION['wsEditToken'] = $token;
2855 } else {
2856 $token = $_SESSION['wsEditToken'];
2857 }
2858 if( is_array( $salt ) ) {
2859 $salt = implode( '|', $salt );
2860 }
2861 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2862 }
2863 }
2864
2865 /**
2866 * Generate a looking random token for various uses.
2867 *
2868 * @param $salt \string Optional salt value
2869 * @return \string The new random token
2870 */
2871 public static function generateToken( $salt = '' ) {
2872 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2873 return md5( $token . $salt );
2874 }
2875
2876 /**
2877 * Check given value against the token value stored in the session.
2878 * A match should confirm that the form was submitted from the
2879 * user's own login session, not a form submission from a third-party
2880 * site.
2881 *
2882 * @param $val \string Input value to compare
2883 * @param $salt \string Optional function-specific data for hashing
2884 * @return \bool Whether the token matches
2885 */
2886 function matchEditToken( $val, $salt = '' ) {
2887 $sessionToken = $this->editToken( $salt );
2888 if ( $val != $sessionToken ) {
2889 wfDebug( "User::matchEditToken: broken session data\n" );
2890 }
2891 return $val == $sessionToken;
2892 }
2893
2894 /**
2895 * Check given value against the token value stored in the session,
2896 * ignoring the suffix.
2897 *
2898 * @param $val \string Input value to compare
2899 * @param $salt \string Optional function-specific data for hashing
2900 * @return \bool Whether the token matches
2901 */
2902 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2903 $sessionToken = $this->editToken( $salt );
2904 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2905 }
2906
2907 /**
2908 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2909 * mail to the user's given address.
2910 *
2911 * @param $changed Boolean: whether the adress changed
2912 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2913 */
2914 function sendConfirmationMail( $changed = false ) {
2915 global $wgLang;
2916 $expiration = null; // gets passed-by-ref and defined in next line.
2917 $token = $this->confirmationToken( $expiration );
2918 $url = $this->confirmationTokenUrl( $token );
2919 $invalidateURL = $this->invalidationTokenUrl( $token );
2920 $this->saveSettings();
2921
2922 $message = $changed ? 'confirmemail_body_changed' : 'confirmemail_body';
2923 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2924 wfMsg( $message,
2925 wfGetIP(),
2926 $this->getName(),
2927 $url,
2928 $wgLang->timeanddate( $expiration, false ),
2929 $invalidateURL,
2930 $wgLang->date( $expiration, false ),
2931 $wgLang->time( $expiration, false ) ) );
2932 }
2933
2934 /**
2935 * Send an e-mail to this user's account. Does not check for
2936 * confirmed status or validity.
2937 *
2938 * @param $subject \string Message subject
2939 * @param $body \string Message body
2940 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2941 * @param $replyto \string Reply-To address
2942 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2943 */
2944 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2945 if( is_null( $from ) ) {
2946 global $wgPasswordSender;
2947 $from = $wgPasswordSender;
2948 }
2949
2950 $to = new MailAddress( $this );
2951 $sender = new MailAddress( $from );
2952 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2953 }
2954
2955 /**
2956 * Generate, store, and return a new e-mail confirmation code.
2957 * A hash (unsalted, since it's used as a key) is stored.
2958 *
2959 * @note Call saveSettings() after calling this function to commit
2960 * this change to the database.
2961 *
2962 * @param[out] &$expiration \mixed Accepts the expiration time
2963 * @return \string New token
2964 * @private
2965 */
2966 function confirmationToken( &$expiration ) {
2967 $now = time();
2968 $expires = $now + 7 * 24 * 60 * 60;
2969 $expiration = wfTimestamp( TS_MW, $expires );
2970 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
2971 $hash = md5( $token );
2972 $this->load();
2973 $this->mEmailToken = $hash;
2974 $this->mEmailTokenExpires = $expiration;
2975 return $token;
2976 }
2977
2978 /**
2979 * Return a URL the user can use to confirm their email address.
2980 * @param $token \string Accepts the email confirmation token
2981 * @return \string New token URL
2982 * @private
2983 */
2984 function confirmationTokenUrl( $token ) {
2985 return $this->getTokenUrl( 'ConfirmEmail', $token );
2986 }
2987
2988 /**
2989 * Return a URL the user can use to invalidate their email address.
2990 * @param $token \string Accepts the email confirmation token
2991 * @return \string New token URL
2992 * @private
2993 */
2994 function invalidationTokenUrl( $token ) {
2995 return $this->getTokenUrl( 'Invalidateemail', $token );
2996 }
2997
2998 /**
2999 * Internal function to format the e-mail validation/invalidation URLs.
3000 * This uses $wgArticlePath directly as a quickie hack to use the
3001 * hardcoded English names of the Special: pages, for ASCII safety.
3002 *
3003 * @note Since these URLs get dropped directly into emails, using the
3004 * short English names avoids insanely long URL-encoded links, which
3005 * also sometimes can get corrupted in some browsers/mailers
3006 * (bug 6957 with Gmail and Internet Explorer).
3007 *
3008 * @param $page \string Special page
3009 * @param $token \string Token
3010 * @return \string Formatted URL
3011 */
3012 protected function getTokenUrl( $page, $token ) {
3013 global $wgArticlePath;
3014 return wfExpandUrl(
3015 str_replace(
3016 '$1',
3017 "Special:$page/$token",
3018 $wgArticlePath ) );
3019 }
3020
3021 /**
3022 * Mark the e-mail address confirmed.
3023 *
3024 * @note Call saveSettings() after calling this function to commit the change.
3025 */
3026 function confirmEmail() {
3027 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3028 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3029 return true;
3030 }
3031
3032 /**
3033 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3034 * address if it was already confirmed.
3035 *
3036 * @note Call saveSettings() after calling this function to commit the change.
3037 */
3038 function invalidateEmail() {
3039 $this->load();
3040 $this->mEmailToken = null;
3041 $this->mEmailTokenExpires = null;
3042 $this->setEmailAuthenticationTimestamp( null );
3043 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3044 return true;
3045 }
3046
3047 /**
3048 * Set the e-mail authentication timestamp.
3049 * @param $timestamp \string TS_MW timestamp
3050 */
3051 function setEmailAuthenticationTimestamp( $timestamp ) {
3052 $this->load();
3053 $this->mEmailAuthenticated = $timestamp;
3054 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3055 }
3056
3057 /**
3058 * Is this user allowed to send e-mails within limits of current
3059 * site configuration?
3060 * @return \bool True if allowed
3061 */
3062 function canSendEmail() {
3063 global $wgEnableEmail, $wgEnableUserEmail;
3064 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3065 return false;
3066 }
3067 $canSend = $this->isEmailConfirmed();
3068 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3069 return $canSend;
3070 }
3071
3072 /**
3073 * Is this user allowed to receive e-mails within limits of current
3074 * site configuration?
3075 * @return \bool True if allowed
3076 */
3077 function canReceiveEmail() {
3078 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3079 }
3080
3081 /**
3082 * Is this user's e-mail address valid-looking and confirmed within
3083 * limits of the current site configuration?
3084 *
3085 * @note If $wgEmailAuthentication is on, this may require the user to have
3086 * confirmed their address by returning a code or using a password
3087 * sent to the address from the wiki.
3088 *
3089 * @return \bool True if confirmed
3090 */
3091 function isEmailConfirmed() {
3092 global $wgEmailAuthentication;
3093 $this->load();
3094 $confirmed = true;
3095 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3096 if( $this->isAnon() )
3097 return false;
3098 if( !self::isValidEmailAddr( $this->mEmail ) )
3099 return false;
3100 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3101 return false;
3102 return true;
3103 } else {
3104 return $confirmed;
3105 }
3106 }
3107
3108 /**
3109 * Check whether there is an outstanding request for e-mail confirmation.
3110 * @return \bool True if pending
3111 */
3112 function isEmailConfirmationPending() {
3113 global $wgEmailAuthentication;
3114 return $wgEmailAuthentication &&
3115 !$this->isEmailConfirmed() &&
3116 $this->mEmailToken &&
3117 $this->mEmailTokenExpires > wfTimestamp();
3118 }
3119
3120 /**
3121 * Get the timestamp of account creation.
3122 *
3123 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3124 * non-existent/anonymous user accounts.
3125 */
3126 public function getRegistration() {
3127 return $this->getId() > 0
3128 ? $this->mRegistration
3129 : false;
3130 }
3131
3132 /**
3133 * Get the timestamp of the first edit
3134 *
3135 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3136 * non-existent/anonymous user accounts.
3137 */
3138 public function getFirstEditTimestamp() {
3139 if( $this->getId() == 0 ) return false; // anons
3140 $dbr = wfGetDB( DB_SLAVE );
3141 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3142 array( 'rev_user' => $this->getId() ),
3143 __METHOD__,
3144 array( 'ORDER BY' => 'rev_timestamp ASC' )
3145 );
3146 if( !$time ) return false; // no edits
3147 return wfTimestamp( TS_MW, $time );
3148 }
3149
3150 /**
3151 * Get the permissions associated with a given list of groups
3152 *
3153 * @param $groups \type{\arrayof{\string}} List of internal group names
3154 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3155 */
3156 static function getGroupPermissions( $groups ) {
3157 global $wgGroupPermissions, $wgRevokePermissions;
3158 $rights = array();
3159 // grant every granted permission first
3160 foreach( $groups as $group ) {
3161 if( isset( $wgGroupPermissions[$group] ) ) {
3162 $rights = array_merge( $rights,
3163 // array_filter removes empty items
3164 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3165 }
3166 }
3167 // now revoke the revoked permissions
3168 foreach( $groups as $group ) {
3169 if( isset( $wgRevokePermissions[$group] ) ) {
3170 $rights = array_diff( $rights,
3171 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3172 }
3173 }
3174 return array_unique( $rights );
3175 }
3176
3177 /**
3178 * Get all the groups who have a given permission
3179 *
3180 * @param $role \string Role to check
3181 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3182 */
3183 static function getGroupsWithPermission( $role ) {
3184 global $wgGroupPermissions;
3185 $allowedGroups = array();
3186 foreach ( $wgGroupPermissions as $group => $rights ) {
3187 if ( isset( $rights[$role] ) && $rights[$role] ) {
3188 $allowedGroups[] = $group;
3189 }
3190 }
3191 return $allowedGroups;
3192 }
3193
3194 /**
3195 * Get the localized descriptive name for a group, if it exists
3196 *
3197 * @param $group \string Internal group name
3198 * @return \string Localized descriptive group name
3199 */
3200 static function getGroupName( $group ) {
3201 $key = "group-$group";
3202 $name = wfMsg( $key );
3203 return $name == '' || wfEmptyMsg( $key, $name )
3204 ? $group
3205 : $name;
3206 }
3207
3208 /**
3209 * Get the localized descriptive name for a member of a group, if it exists
3210 *
3211 * @param $group \string Internal group name
3212 * @return \string Localized name for group member
3213 */
3214 static function getGroupMember( $group ) {
3215 $key = "group-$group-member";
3216 $name = wfMsg( $key );
3217 return $name == '' || wfEmptyMsg( $key, $name )
3218 ? $group
3219 : $name;
3220 }
3221
3222 /**
3223 * Return the set of defined explicit groups.
3224 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3225 * are not included, as they are defined automatically, not in the database.
3226 * @return \type{\arrayof{\string}} Array of internal group names
3227 */
3228 static function getAllGroups() {
3229 global $wgGroupPermissions, $wgRevokePermissions;
3230 return array_diff(
3231 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3232 self::getImplicitGroups()
3233 );
3234 }
3235
3236 /**
3237 * Get a list of all available permissions.
3238 * @return \type{\arrayof{\string}} Array of permission names
3239 */
3240 static function getAllRights() {
3241 if ( self::$mAllRights === false ) {
3242 global $wgAvailableRights;
3243 if ( count( $wgAvailableRights ) ) {
3244 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3245 } else {
3246 self::$mAllRights = self::$mCoreRights;
3247 }
3248 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3249 }
3250 return self::$mAllRights;
3251 }
3252
3253 /**
3254 * Get a list of implicit groups
3255 * @return \type{\arrayof{\string}} Array of internal group names
3256 */
3257 public static function getImplicitGroups() {
3258 global $wgImplicitGroups;
3259 $groups = $wgImplicitGroups;
3260 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3261 return $groups;
3262 }
3263
3264 /**
3265 * Get the title of a page describing a particular group
3266 *
3267 * @param $group \string Internal group name
3268 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3269 */
3270 static function getGroupPage( $group ) {
3271 $page = wfMsgForContent( 'grouppage-' . $group );
3272 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3273 $title = Title::newFromText( $page );
3274 if( is_object( $title ) )
3275 return $title;
3276 }
3277 return false;
3278 }
3279
3280 /**
3281 * Create a link to the group in HTML, if available;
3282 * else return the group name.
3283 *
3284 * @param $group \string Internal name of the group
3285 * @param $text \string The text of the link
3286 * @return \string HTML link to the group
3287 */
3288 static function makeGroupLinkHTML( $group, $text = '' ) {
3289 if( $text == '' ) {
3290 $text = self::getGroupName( $group );
3291 }
3292 $title = self::getGroupPage( $group );
3293 if( $title ) {
3294 global $wgUser;
3295 $sk = $wgUser->getSkin();
3296 return $sk->link( $title, htmlspecialchars( $text ) );
3297 } else {
3298 return $text;
3299 }
3300 }
3301
3302 /**
3303 * Create a link to the group in Wikitext, if available;
3304 * else return the group name.
3305 *
3306 * @param $group \string Internal name of the group
3307 * @param $text \string The text of the link
3308 * @return \string Wikilink to the group
3309 */
3310 static function makeGroupLinkWiki( $group, $text = '' ) {
3311 if( $text == '' ) {
3312 $text = self::getGroupName( $group );
3313 }
3314 $title = self::getGroupPage( $group );
3315 if( $title ) {
3316 $page = $title->getPrefixedText();
3317 return "[[$page|$text]]";
3318 } else {
3319 return $text;
3320 }
3321 }
3322
3323 /**
3324 * Returns an array of the groups that a particular group can add/remove.
3325 *
3326 * @param $group String: the group to check for whether it can add/remove
3327 * @return Array array( 'add' => array( addablegroups ),
3328 * 'remove' => array( removablegroups ),
3329 * 'add-self' => array( addablegroups to self),
3330 * 'remove-self' => array( removable groups from self) )
3331 */
3332 static function changeableByGroup( $group ) {
3333 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3334
3335 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3336 if( empty( $wgAddGroups[$group] ) ) {
3337 // Don't add anything to $groups
3338 } elseif( $wgAddGroups[$group] === true ) {
3339 // You get everything
3340 $groups['add'] = self::getAllGroups();
3341 } elseif( is_array( $wgAddGroups[$group] ) ) {
3342 $groups['add'] = $wgAddGroups[$group];
3343 }
3344
3345 // Same thing for remove
3346 if( empty( $wgRemoveGroups[$group] ) ) {
3347 } elseif( $wgRemoveGroups[$group] === true ) {
3348 $groups['remove'] = self::getAllGroups();
3349 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3350 $groups['remove'] = $wgRemoveGroups[$group];
3351 }
3352
3353 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3354 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3355 foreach( $wgGroupsAddToSelf as $key => $value ) {
3356 if( is_int( $key ) ) {
3357 $wgGroupsAddToSelf['user'][] = $value;
3358 }
3359 }
3360 }
3361
3362 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3363 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3364 if( is_int( $key ) ) {
3365 $wgGroupsRemoveFromSelf['user'][] = $value;
3366 }
3367 }
3368 }
3369
3370 // Now figure out what groups the user can add to him/herself
3371 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3372 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3373 // No idea WHY this would be used, but it's there
3374 $groups['add-self'] = User::getAllGroups();
3375 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3376 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3377 }
3378
3379 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3380 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3381 $groups['remove-self'] = User::getAllGroups();
3382 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3383 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3384 }
3385
3386 return $groups;
3387 }
3388
3389 /**
3390 * Returns an array of groups that this user can add and remove
3391 * @return Array array( 'add' => array( addablegroups ),
3392 * 'remove' => array( removablegroups ),
3393 * 'add-self' => array( addablegroups to self),
3394 * 'remove-self' => array( removable groups from self) )
3395 */
3396 function changeableGroups() {
3397 if( $this->isAllowed( 'userrights' ) ) {
3398 // This group gives the right to modify everything (reverse-
3399 // compatibility with old "userrights lets you change
3400 // everything")
3401 // Using array_merge to make the groups reindexed
3402 $all = array_merge( User::getAllGroups() );
3403 return array(
3404 'add' => $all,
3405 'remove' => $all,
3406 'add-self' => array(),
3407 'remove-self' => array()
3408 );
3409 }
3410
3411 // Okay, it's not so simple, we will have to go through the arrays
3412 $groups = array(
3413 'add' => array(),
3414 'remove' => array(),
3415 'add-self' => array(),
3416 'remove-self' => array()
3417 );
3418 $addergroups = $this->getEffectiveGroups();
3419
3420 foreach( $addergroups as $addergroup ) {
3421 $groups = array_merge_recursive(
3422 $groups, $this->changeableByGroup( $addergroup )
3423 );
3424 $groups['add'] = array_unique( $groups['add'] );
3425 $groups['remove'] = array_unique( $groups['remove'] );
3426 $groups['add-self'] = array_unique( $groups['add-self'] );
3427 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3428 }
3429 return $groups;
3430 }
3431
3432 /**
3433 * Increment the user's edit-count field.
3434 * Will have no effect for anonymous users.
3435 */
3436 function incEditCount() {
3437 if( !$this->isAnon() ) {
3438 $dbw = wfGetDB( DB_MASTER );
3439 $dbw->update( 'user',
3440 array( 'user_editcount=user_editcount+1' ),
3441 array( 'user_id' => $this->getId() ),
3442 __METHOD__ );
3443
3444 // Lazy initialization check...
3445 if( $dbw->affectedRows() == 0 ) {
3446 // Pull from a slave to be less cruel to servers
3447 // Accuracy isn't the point anyway here
3448 $dbr = wfGetDB( DB_SLAVE );
3449 $count = $dbr->selectField( 'revision',
3450 'COUNT(rev_user)',
3451 array( 'rev_user' => $this->getId() ),
3452 __METHOD__ );
3453
3454 // Now here's a goddamn hack...
3455 if( $dbr !== $dbw ) {
3456 // If we actually have a slave server, the count is
3457 // at least one behind because the current transaction
3458 // has not been committed and replicated.
3459 $count++;
3460 } else {
3461 // But if DB_SLAVE is selecting the master, then the
3462 // count we just read includes the revision that was
3463 // just added in the working transaction.
3464 }
3465
3466 $dbw->update( 'user',
3467 array( 'user_editcount' => $count ),
3468 array( 'user_id' => $this->getId() ),
3469 __METHOD__ );
3470 }
3471 }
3472 // edit count in user cache too
3473 $this->invalidateCache();
3474 }
3475
3476 /**
3477 * Get the description of a given right
3478 *
3479 * @param $right \string Right to query
3480 * @return \string Localized description of the right
3481 */
3482 static function getRightDescription( $right ) {
3483 $key = "right-$right";
3484 $name = wfMsg( $key );
3485 return $name == '' || wfEmptyMsg( $key, $name )
3486 ? $right
3487 : $name;
3488 }
3489
3490 /**
3491 * Make an old-style password hash
3492 *
3493 * @param $password \string Plain-text password
3494 * @param $userId \string User ID
3495 * @return \string Password hash
3496 */
3497 static function oldCrypt( $password, $userId ) {
3498 global $wgPasswordSalt;
3499 if ( $wgPasswordSalt ) {
3500 return md5( $userId . '-' . md5( $password ) );
3501 } else {
3502 return md5( $password );
3503 }
3504 }
3505
3506 /**
3507 * Make a new-style password hash
3508 *
3509 * @param $password \string Plain-text password
3510 * @param $salt \string Optional salt, may be random or the user ID.
3511 * If unspecified or false, will generate one automatically
3512 * @return \string Password hash
3513 */
3514 static function crypt( $password, $salt = false ) {
3515 global $wgPasswordSalt;
3516
3517 $hash = '';
3518 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3519 return $hash;
3520 }
3521
3522 if( $wgPasswordSalt ) {
3523 if ( $salt === false ) {
3524 $salt = substr( wfGenerateToken(), 0, 8 );
3525 }
3526 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3527 } else {
3528 return ':A:' . md5( $password );
3529 }
3530 }
3531
3532 /**
3533 * Compare a password hash with a plain-text password. Requires the user
3534 * ID if there's a chance that the hash is an old-style hash.
3535 *
3536 * @param $hash \string Password hash
3537 * @param $password \string Plain-text password to compare
3538 * @param $userId \string User ID for old-style password salt
3539 * @return \bool
3540 */
3541 static function comparePasswords( $hash, $password, $userId = false ) {
3542 $type = substr( $hash, 0, 3 );
3543
3544 $result = false;
3545 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3546 return $result;
3547 }
3548
3549 if ( $type == ':A:' ) {
3550 # Unsalted
3551 return md5( $password ) === substr( $hash, 3 );
3552 } elseif ( $type == ':B:' ) {
3553 # Salted
3554 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3555 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3556 } else {
3557 # Old-style
3558 return self::oldCrypt( $password, $userId ) === $hash;
3559 }
3560 }
3561
3562 /**
3563 * Add a newuser log entry for this user
3564 *
3565 * @param $byEmail Boolean: account made by email?
3566 * @param $reason String: user supplied reason
3567 */
3568 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3569 global $wgUser, $wgContLang, $wgNewUserLog;
3570 if( empty( $wgNewUserLog ) ) {
3571 return true; // disabled
3572 }
3573
3574 if( $this->getName() == $wgUser->getName() ) {
3575 $action = 'create';
3576 } else {
3577 $action = 'create2';
3578 if ( $byEmail ) {
3579 if ( $reason === '' ) {
3580 $reason = wfMsgForContent( 'newuserlog-byemail' );
3581 } else {
3582 $reason = $wgContLang->commaList( array(
3583 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3584 }
3585 }
3586 }
3587 $log = new LogPage( 'newusers' );
3588 $log->addEntry(
3589 $action,
3590 $this->getUserPage(),
3591 $reason,
3592 array( $this->getId() )
3593 );
3594 return true;
3595 }
3596
3597 /**
3598 * Add an autocreate newuser log entry for this user
3599 * Used by things like CentralAuth and perhaps other authplugins.
3600 */
3601 public function addNewUserLogEntryAutoCreate() {
3602 global $wgNewUserLog, $wgLogAutocreatedAccounts;
3603 if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
3604 return true; // disabled
3605 }
3606 $log = new LogPage( 'newusers', false );
3607 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3608 return true;
3609 }
3610
3611 protected function loadOptions() {
3612 $this->load();
3613 if ( $this->mOptionsLoaded || !$this->getId() )
3614 return;
3615
3616 $this->mOptions = self::getDefaultOptions();
3617
3618 // Maybe load from the object
3619 if ( !is_null( $this->mOptionOverrides ) ) {
3620 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3621 foreach( $this->mOptionOverrides as $key => $value ) {
3622 $this->mOptions[$key] = $value;
3623 }
3624 } else {
3625 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3626 // Load from database
3627 $dbr = wfGetDB( DB_SLAVE );
3628
3629 $res = $dbr->select(
3630 'user_properties',
3631 '*',
3632 array( 'up_user' => $this->getId() ),
3633 __METHOD__
3634 );
3635
3636 foreach ( $res as $row ) {
3637 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3638 $this->mOptions[$row->up_property] = $row->up_value;
3639 }
3640 }
3641
3642 $this->mOptionsLoaded = true;
3643
3644 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3645 }
3646
3647 protected function saveOptions() {
3648 global $wgAllowPrefChange;
3649
3650 $extuser = ExternalUser::newFromUser( $this );
3651
3652 $this->loadOptions();
3653 $dbw = wfGetDB( DB_MASTER );
3654
3655 $insert_rows = array();
3656
3657 $saveOptions = $this->mOptions;
3658
3659 // Allow hooks to abort, for instance to save to a global profile.
3660 // Reset options to default state before saving.
3661 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3662 return;
3663
3664 foreach( $saveOptions as $key => $value ) {
3665 # Don't bother storing default values
3666 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3667 !( $value === false || is_null($value) ) ) ||
3668 $value != self::getDefaultOption( $key ) ) {
3669 $insert_rows[] = array(
3670 'up_user' => $this->getId(),
3671 'up_property' => $key,
3672 'up_value' => $value,
3673 );
3674 }
3675 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3676 switch ( $wgAllowPrefChange[$key] ) {
3677 case 'local':
3678 case 'message':
3679 break;
3680 case 'semiglobal':
3681 case 'global':
3682 $extuser->setPref( $key, $value );
3683 }
3684 }
3685 }
3686
3687 $dbw->begin();
3688 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3689 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3690 $dbw->commit();
3691 }
3692
3693 /**
3694 * Provide an array of HTML5 attributes to put on an input element
3695 * intended for the user to enter a new password. This may include
3696 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3697 *
3698 * Do *not* use this when asking the user to enter his current password!
3699 * Regardless of configuration, users may have invalid passwords for whatever
3700 * reason (e.g., they were set before requirements were tightened up).
3701 * Only use it when asking for a new password, like on account creation or
3702 * ResetPass.
3703 *
3704 * Obviously, you still need to do server-side checking.
3705 *
3706 * NOTE: A combination of bugs in various browsers means that this function
3707 * actually just returns array() unconditionally at the moment. May as
3708 * well keep it around for when the browser bugs get fixed, though.
3709 *
3710 * @return array Array of HTML attributes suitable for feeding to
3711 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3712 * That will potentially output invalid XHTML 1.0 Transitional, and will
3713 * get confused by the boolean attribute syntax used.)
3714 */
3715 public static function passwordChangeInputAttribs() {
3716 global $wgMinimalPasswordLength;
3717
3718 if ( $wgMinimalPasswordLength == 0 ) {
3719 return array();
3720 }
3721
3722 # Note that the pattern requirement will always be satisfied if the
3723 # input is empty, so we need required in all cases.
3724 #
3725 # FIXME (bug 23769): This needs to not claim the password is required
3726 # if e-mail confirmation is being used. Since HTML5 input validation
3727 # is b0rked anyway in some browsers, just return nothing. When it's
3728 # re-enabled, fix this code to not output required for e-mail
3729 # registration.
3730 #$ret = array( 'required' );
3731 $ret = array();
3732
3733 # We can't actually do this right now, because Opera 9.6 will print out
3734 # the entered password visibly in its error message! When other
3735 # browsers add support for this attribute, or Opera fixes its support,
3736 # we can add support with a version check to avoid doing this on Opera
3737 # versions where it will be a problem. Reported to Opera as
3738 # DSK-262266, but they don't have a public bug tracker for us to follow.
3739 /*
3740 if ( $wgMinimalPasswordLength > 1 ) {
3741 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3742 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3743 $wgMinimalPasswordLength );
3744 }
3745 */
3746
3747 return $ret;
3748 }
3749
3750 /**
3751 * Format the user message using a hook, a template, or, failing these, a static format.
3752 * @param $subject String the subject of the message
3753 * @param $text String the content of the message
3754 * @param $signature String the signature, if provided.
3755 */
3756 static protected function formatUserMessage( $subject, $text, $signature ) {
3757 if ( wfRunHooks( 'FormatUserMessage',
3758 array( $subject, &$text, $signature ) ) ) {
3759
3760 $signature = empty($signature) ? "~~~~~" : "{$signature} ~~~~~";
3761
3762 $template = Title::newFromText( wfMsgForContent( 'usermessage-template' ) );
3763 if ( !$template
3764 || $template->getNamespace() !== NS_TEMPLATE
3765 || !$template->exists() ) {
3766 $text = "\n== $subject ==\n\n$text\n\n-- $signature";
3767 } else {
3768 $text = '{{'. $template->getText()
3769 . " | subject=$subject | body=$text | signature=$signature }}";
3770 }
3771 }
3772
3773 return $text;
3774 }
3775
3776 /**
3777 * Leave a user a message
3778 * @param $subject String the subject of the message
3779 * @param $text String the message to leave
3780 * @param $signature String Text to leave in the signature
3781 * @param $summary String the summary for this change, defaults to
3782 * "Leave system message."
3783 * @param $editor User The user leaving the message, defaults to
3784 * "{{MediaWiki:usermessage-editor}}"
3785 * @param $flags Int default edit flags
3786 *
3787 * @return boolean true if it was successful
3788 */
3789 public function leaveUserMessage( $subject, $text, $signature = "",
3790 $summary = null, $editor = null, $flags = 0 ) {
3791 if ( !isset( $summary ) ) {
3792 $summary = wfMsgForContent( 'usermessage-summary' );
3793 }
3794
3795 if ( !isset( $editor ) ) {
3796 $editor = User::newFromName( wfMsgForContent( 'usermessage-editor' ) );
3797 if ( !$editor->isLoggedIn() ) {
3798 $editor->addToDatabase();
3799 }
3800 }
3801
3802 $article = new Article( $this->getTalkPage() );
3803 wfRunHooks( 'SetupUserMessageArticle',
3804 array( $this, &$article, $subject, $text, $signature, $summary, $editor ) );
3805
3806
3807 $text = self::formatUserMessage( $subject, $text, $signature );
3808 $flags = $article->checkFlags( $flags );
3809
3810 if ( $flags & EDIT_UPDATE ) {
3811 $text = $article->getContent() . $text;
3812 }
3813
3814 $dbw = wfGetDB( DB_MASTER );
3815 $dbw->begin();
3816
3817 try {
3818 $status = $article->doEdit( $text, $summary, $flags, false, $editor );
3819 } catch ( DBQueryError $e ) {
3820 $status = Status::newFatal("DB Error");
3821 }
3822
3823 if ( $status->isGood() ) {
3824 // Set newtalk with the right user ID
3825 $this->setNewtalk( true );
3826 wfRunHooks( 'AfterUserMessage',
3827 array( $this, $article, $summary, $text, $signature, $summary, $editor ) );
3828 $dbw->commit();
3829 } else {
3830 // The article was concurrently created
3831 wfDebug( __METHOD__ . ": Error ".$status->getWikiText() );
3832 $dbw->rollback();
3833 }
3834
3835 return $status->isGood();
3836 }
3837 }
MediaWiki Core