| blob | fad9af8d7b00a19324e83069e077a3b7ecbf6f21 |
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
46 // NOP
47 }
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
68 /**
69 * Maximum items in $mWatchedItems
70 */
73 /**
74 * Array of Strings List of member variables which are saved to the
75 * shared cache (memcached). Any operation which changes the
76 * corresponding database fields must call a cache-clearing function.
77 * @showinitializer
78 */
80 // user table
95 // user_groups table
97 // user_properties table
99 );
101 /**
102 * Array of Strings Core rights.
103 * Each of these should have a corresponding message of the form
104 * "right-$right".
105 * @showinitializer
106 */
168 );
169 /**
170 * String Cached results of getAllRights()
171 */
174 /** @name Cache variables */
175 //@{
180 //@}
182 /**
183 * Bool Whether the cache variables have been loaded.
184 */
185 //@{
188 /**
189 * Array with already loaded items or true if all items have been loaded.
190 */
192 //@}
194 /**
195 * String Initialization data source if mLoadedItems!==true. May be one of:
196 * - 'defaults' anonymous user initialised from class defaults
197 * - 'name' initialise from mName
198 * - 'id' initialise from mId
199 * - 'session' log in from cookies or session if possible
200 *
201 * Use the User::newFrom*() family of functions to set this.
202 */
205 /**
206 * Lazy-initialized variables, invalidated with clearInstanceCache
207 */
212 /**
213 * @var WebRequest
214 */
217 /**
218 * @var Block
219 */
222 /**
223 * @var bool
224 */
227 /**
228 * @var Block
229 */
232 /**
233 * @var Array
234 */
239 /**
240 * Lightweight constructor for an anonymous user.
241 * Use the User::newFrom* factory functions for other kinds of users.
242 *
243 * @see newFromName()
244 * @see newFromId()
245 * @see newFromConfirmationCode()
246 * @see newFromSession()
247 * @see newFromRow()
248 */
251 }
253 /**
254 * @return String
255 */
258 }
260 /**
261 * Load the user table data for this object from the source given by mFrom.
262 */
266 }
269 # Set it now to avoid infinite recursion in accessors
279 # Nonexistent user placeholder object
283 }
290 // Loading from session failed. Load defaults.
292 }
297 }
299 }
301 /**
302 * Load user table data, given mId has already been set.
303 * @return Bool false if the ID does not exist, true otherwise
304 */
310 }
312 # Try cache
316 # Object is expired, load from DB
318 }
322 # Load from DB
324 # Can't load from ID, user is anonymous
326 }
330 # Restore from cache
333 }
334 }
339 }
341 /**
342 * Save user data to the shared cache
343 */
349 // Anonymous users are uncached
351 }
355 }
360 }
362 /** @name newFrom*() static factory methods */
363 //@{
365 /**
366 * Static factory method for creation from username.
367 *
368 * This is slightly less efficient than newFromId(), so use newFromId() if
369 * you have both an ID and a name handy.
370 *
371 * @param $name String Username, validated by Title::newFromText()
372 * @param $validate String|Bool Validate username. Takes the same parameters as
373 * User::getCanonicalName(), except that true is accepted as an alias
374 * for 'valid', for BC.
375 *
376 * @return User|bool User object, or false if the username is invalid
377 * (e.g. if it contains illegal characters or is an IP address). If the
378 * username is not present in the database, the result will be a user object
379 * with a name, zero user ID and default settings.
380 */
384 }
389 # Create unloaded user object
395 }
396 }
398 /**
399 * Static factory method for creation from a given user ID.
400 *
401 * @param $id Int Valid user ID
402 * @return User The corresponding User object
403 */
410 }
412 /**
413 * Factory method to fetch whichever user has a given email confirmation code.
414 * This code is generated when an account is created or its e-mail address
415 * has changed.
416 *
417 * If the code is invalid or has expired, returns NULL.
418 *
419 * @param $code String Confirmation code
420 * @return User object, or null
421 */
427 ) );
432 }
433 }
435 /**
436 * Create a new user object using data from session or cookies. If the
437 * login credentials are invalid, the result is an anonymous user.
438 *
439 * @param $request WebRequest object to use; $wgRequest will be used if
440 * ommited.
441 * @return User object
442 */
448 }
450 /**
451 * Create a new user object from a user row.
452 * The row should have the following fields from the user table in it:
453 * - either user_name or user_id to load further data if needed (or both)
454 * - user_real_name
455 * - all other fields (email, password, etc.)
456 * It is useless to provide the remaining fields if either user_id,
457 * user_name and user_real_name are not provided because the whole row
458 * will be loaded once more from the database when accessing them.
459 *
460 * @param $row Array A row from the user table
461 * @param $data Array Further data to load into the object (see User::loadFromRow for valid keys)
462 * @return User
463 */
468 }
470 //@}
472 /**
473 * Get the username corresponding to a given user ID
474 * @param $id Int User ID
475 * @return String|bool The corresponding username
476 */
479 }
481 /**
482 * Get the real name of a user given their user ID
483 *
484 * @param $id Int User ID
485 * @return String|bool The corresponding user's real name
486 */
489 }
491 /**
492 * Get database id given a user name
493 * @param $name String Username
494 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
495 */
499 # Illegal name
501 }
505 }
508 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
514 }
520 }
523 }
525 /**
526 * Reset the cache used in idFromName(). For use in tests.
527 */
530 }
532 /**
533 * Does the string match an anonymous IPv4 address?
534 *
535 * This function exists for username validation, in order to reject
536 * usernames which are similar in form to IP addresses. Strings such
537 * as 300.300.300.300 will return true because it looks like an IP
538 * address, despite not being strictly valid.
539 *
540 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
541 * address because the usemod software would "cloak" anonymous IP
542 * addresses like this, if we allowed accounts like this to be created
543 * new users could get the old edits of these anonymous users.
544 *
545 * @param $name String to match
546 * @return Bool
547 */
550 }
552 /**
553 * Is the input a valid username?
554 *
555 * Checks if the input is a valid username, we don't want an empty string,
556 * an IP address, anything that containins slashes (would mess up subpages),
557 * is longer than the maximum allowed username size or doesn't begin with
558 * a capital letter.
559 *
560 * @param $name String to match
561 * @return Bool
562 */
574 }
577 // Ensure that the name can't be misresolved as a different title,
578 // such as with extra namespace keys at the start.
586 }
588 // Check an additional blacklist of troublemaker characters.
589 // Should these be merged into the title char list?
602 }
605 }
607 /**
608 * Usernames which fail to pass this function will be blocked
609 * from user login and new account registrations, but may be used
610 * internally by batch processes.
611 *
612 * If an account already exists in this form, login will be blocked
613 * by a failure to pass this function.
614 *
615 * @param $name String to match
616 * @return Bool
617 */
620 // Must be a valid username, obviously ;)
623 }
629 }
631 // Certain names may be reserved for batch processes.
635 }
638 }
639 }
641 }
643 /**
644 * Usernames which fail to pass this function will be blocked
645 * from new account registrations, but may be used internally
646 * either by batch processes or by user accounts which have
647 * already been created.
648 *
649 * Additional blacklisting may be added here rather than in
650 * isValidUserName() to avoid disrupting existing accounts.
651 *
652 * @param $name String to match
653 * @return Bool
654 */
658 // Ensure that the username isn't longer than 235 bytes, so that
659 // (at least for the builtin skins) user javascript and css files
660 // will work. (bug 23080)
665 }
667 // Preg yells if you try to give it an empty string
673 }
674 }
677 }
679 /**
680 * Is the input a valid password for this user?
681 *
682 * @param $password String Desired password
683 * @return Bool
684 */
686 //simple boolean wrapper for getPasswordValidity
688 }
690 /**
691 * Given unvalidated password input, return error message on failure.
692 *
693 * @param $password String Desired password
694 * @return mixed: true on success, string or array of error message on failure
695 */
702 );
714 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
717 //it seems weird returning true here, but this is because of the
718 //initialization of $result to false above. If the hook is never run or it
719 //doesn't modify $result, then we will likely get down into this if with
720 //a valid password.
722 }
727 }
728 }
730 /**
731 * Does a string look like an e-mail address?
732 *
733 * This validates an email address using an HTML5 specification found at:
734 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
735 * Which as of 2011-01-24 says:
736 *
737 * A valid e-mail address is a string that matches the ABNF production
738 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
739 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
740 * 3.5.
741 *
742 * This function is an implementation of the specification as requested in
743 * bug 22449.
744 *
745 * Client-side forms will use the same standard validation rules via JS or
746 * HTML 5 validation; additional restrictions can be enforced server-side
747 * by extensions via the 'isValidEmailAddr' hook.
748 *
749 * Note that this validation doesn't 100% match RFC 2822, but is believed
750 * to be liberal enough for wide use. Some invalid addresses will still
751 * pass validation here.
752 *
753 * @param $addr String E-mail address
754 * @return Bool
755 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
756 */
760 }
762 /**
763 * Given unvalidated user input, return a canonical username, or false if
764 * the username is invalid.
765 * @param $name String User input
766 * @param $validate String|Bool type of validation to use:
767 * - false No validation
768 * - 'valid' Valid for batch processes
769 * - 'usable' Valid for batch processes and login
770 * - 'creatable' Valid for batch processes, login and account creation
771 *
772 * @throws MWException
773 * @return bool|string
774 */
776 # Force usernames to capital
780 # Reject names containing '#'; these will be cleaned up
781 # with title normalisation, but then it's too late to
782 # check elsewhere
786 # Clean up name according to title rules
789 # Check for invalid titles
792 }
794 # Reject various classes of invalid names
804 }
809 }
814 }
818 }
820 }
822 /**
823 * Count the number of edits of a user
824 *
825 * @param $uid Int User ID to check
826 * @return Int the user's edit count
827 *
828 * @deprecated since 1.21 in favour of User::getEditCount
829 */
834 }
836 /**
837 * Return a random password.
838 *
839 * @return String new random password
840 */
843 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
845 // Multiply by 1.25 to get the number of hex characters we need
847 // Generate random hex chars
849 // Convert from base 16 to base 32 to get a proper password like string
851 }
853 /**
854 * Set cached properties to default.
855 *
856 * @note This no longer clears uncached lazy-initialised properties;
857 * the constructor does that instead.
858 *
859 * @param $name string
860 */
878 }
890 }
892 /**
893 * Return whether an item has been loaded.
894 *
895 * @param $item String: item to check. Current possibilities:
896 * - id
897 * - name
898 * - realname
899 * @param $all String: 'all' to check if the whole object has been loaded
900 * or any other string to check if only the item is available (e.g.
901 * for optimisation)
902 * @return Boolean
903 */
907 }
909 /**
910 * Set that an item has been loaded
911 *
912 * @param $item String
913 */
917 }
918 }
920 /**
921 * Load user data from the session or login cookie.
922 * @return Bool True if the user is logged in, false otherwise.
923 */
931 }
936 # TODO: Automatically create the user here (or probably a bit
937 # lower down, in fact)
938 }
939 }
952 }
958 }
967 }
971 # Not a valid ID
973 }
977 # User blocked and we've disabled blocked user logins
979 }
988 # No session or persistent login cookie
990 }
998 # Invalid credentials
1001 }
1002 }
1004 /**
1005 * Load user and user_group data from the database.
1006 * $this->mId must be set, this is how the user is identified.
1007 *
1008 * @return Bool True if the user exists, false if the user is anonymous
1009 */
1011 # Paranoia
1014 /** Anonymous user */
1018 }
1021 $s = $dbr->selectRow( 'user', self::selectFields(), array( 'user_id' => $this->mId ), __METHOD__ );
1026 # Initialise user table data
1032 # Invalid user_id
1036 }
1037 }
1039 /**
1040 * Initialize this object from a row from the user table.
1041 *
1042 * @param $row Array Row from the user table to load.
1043 * @param $data Array Further user data to load into the object
1044 *
1045 * user_groups Array with groups out of the user_groups table
1046 * user_properties Array with properties out of the user_properties table
1047 */
1059 }
1066 }
1074 }
1080 }
1089 }
1094 }
1101 }
1105 }
1110 }
1113 }
1114 }
1115 }
1117 /**
1118 * Load the data for this user object from another user object.
1119 *
1120 * @param $user User
1121 */
1128 }
1129 }
1131 /**
1132 * Load the groups from the database if they aren't already loaded.
1133 */
1140 __METHOD__ );
1144 }
1145 }
1146 }
1148 /**
1149 * Add the user to the group if he/she meets given criteria.
1150 *
1151 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1152 * possible to remove manually via Special:UserRights. In such case it
1153 * will not be re-added automatically. The user will also not lose the
1154 * group if they no longer meet the criteria.
1155 *
1156 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1157 *
1158 * @return array Array of groups the user has been promoted to.
1159 *
1160 * @see $wgAutopromoteOnce
1161 */
1172 }
1181 ) );
1185 }
1186 }
1187 }
1189 }
1191 /**
1192 * Clear various cached data stored in this object. The cache of the user table
1193 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1194 *
1195 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1196 * given source. May be "name", "id", "defaults", "session", or false for
1197 * no reload.
1198 */
1215 }
1216 }
1218 /**
1219 * Combine the language default options with any site-specific options
1220 * and add the default language variants.
1221 *
1222 * @return Array of String options
1223 */
1229 // Disabling this for the unit tests, as they rely on being able to change $wgContLang
1230 // mid-request and see that change reflected in the return value of this function.
1231 // Which is insane and would never happen during normal MW operation
1233 }
1236 # default language setting
1241 }
1247 }
1249 /**
1250 * Get a given default option value.
1251 *
1252 * @param $opt String Name of option to retrieve
1253 * @return String Default option value
1254 */
1261 }
1262 }
1265 /**
1266 * Get blocking information
1267 * @param $bFromSlave Bool Whether to check the slave database first. To
1268 * improve performance, non-critical checks are done
1269 * against slaves. Check when actually saving should be
1270 * done against master.
1271 */
1277 }
1282 // Initialize data...
1283 // Otherwise something ends up stomping on $this->mBlockedby when
1284 // things get lazy-loaded later, causing false positive block hits
1285 // due to -1 !== 0. Probably session-related... Nothing should be
1286 // overwriting mBlockedby, surely?
1289 # We only need to worry about passing the IP address to the Block generator if the
1290 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1291 # know which IP address they're actually coming from
1296 }
1298 # User/IP blocking
1301 # Proxy blocking
1304 {
1305 # Local list
1316 }
1317 }
1330 }
1332 # Extensions
1336 }
1338 /**
1339 * Whether the given IP is in a DNS blacklist.
1340 *
1341 * @param $ip String IP to check
1342 * @param $checkWhitelist Bool: whether to check the whitelist first
1343 * @return Bool True if blacklisted.
1344 */
1357 }
1359 /**
1360 * Whether the given IP is in a given DNS blacklist.
1361 *
1362 * @param $ip String IP to check
1363 * @param $bases String|Array of Strings: URL of the DNS blacklist
1364 * @return Bool True if blacklisted.
1365 */
1370 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1372 # Reverse IP, bug 21255
1376 # Make hostname
1377 # If we have an access key, use that too (ProjectHoneypot, etc.)
1380 # Access key is 1, base URL is 0
1384 }
1387 }
1389 # Send query
1398 }
1399 }
1400 }
1404 }
1406 /**
1407 * Check if an IP address is in the local proxy list
1408 *
1409 * @param $ip string
1410 *
1411 * @return bool
1412 */
1418 }
1422 # Load from the specified file
1424 }
1431 # Old-style flipped proxy list
1435 }
1438 }
1440 /**
1441 * Is this user subject to rate limiting?
1442 *
1443 * @return Bool True if rate limited
1444 */
1448 // No other good way currently to disable rate limits
1449 // for specific IPs. :P
1450 // But this is a crappy hack and should die.
1452 }
1454 }
1456 /**
1457 * Primitive rate limits: enforce maximum actions per time period
1458 * to put a brake on flooding.
1459 *
1460 * @note When using a shared cache like memcached, IP-address
1461 * last-hit counters will be shared across wikis.
1462 *
1463 * @param $action String Action to enforce; 'edit' if unspecified
1464 * @return Bool True if a rate limiter was tripped
1465 */
1467 # Call the 'PingLimiter' hook
1471 }
1476 }
1478 # Some groups shouldn't trigger the ping limiter, ever
1493 }
1497 }
1501 }
1504 }
1509 }
1510 }
1511 // Check for group-specific permissions
1512 // If more than one group applies, use the group with the highest limit
1517 }
1518 }
1519 }
1520 // Set the user limit key
1524 }
1531 // Already pinged?
1537 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1539 }
1543 }
1547 }
1549 }
1553 }
1555 /**
1556 * Check if user is blocked
1557 *
1558 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1559 * @return Bool True if blocked, false otherwise
1560 */
1561 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1562 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1563 }
1565 /**
1566 * Get the block affecting the user, or null if the user is not blocked
1567 *
1568 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1569 * @return Block|null
1570 */
1574 }
1576 /**
1577 * Check if user is blocked from editing a particular article
1578 *
1579 * @param $title Title to check
1580 * @param $bFromSlave Bool whether to check the slave database instead of the master
1581 * @return Bool
1582 */
1589 # If a user's name is suppressed, they cannot make edits anywhere
1594 }
1600 }
1602 /**
1603 * If user is blocked, return the name of the user who placed the block
1604 * @return String name of blocker
1605 */
1609 }
1611 /**
1612 * If user is blocked, return the specified reason for the block
1613 * @return String Blocking reason
1614 */
1618 }
1620 /**
1621 * If user is blocked, return the ID for the block
1622 * @return Int Block ID
1623 */
1627 }
1629 /**
1630 * Check if user is blocked on all wikis.
1631 * Do not use for actual edit permission checks!
1632 * This is intented for quick UI checks.
1633 *
1634 * @param $ip String IP address, uses current client if none given
1635 * @return Bool True if blocked, false otherwise
1636 */
1640 }
1641 // User is already an IP?
1646 }
1651 }
1653 /**
1654 * Check if user account is locked
1655 *
1656 * @return Bool True if locked, false otherwise
1657 */
1661 }
1666 }
1668 /**
1669 * Check if user account is hidden
1670 *
1671 * @return Bool True if hidden, false otherwise
1672 */
1676 }
1682 }
1684 }
1686 /**
1687 * Get the user's ID.
1688 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1689 */
1693 // Special case, we know the user is anonymous
1696 // Don't load if this was initialized from an ID
1698 }
1700 }
1702 /**
1703 * Set the user and reload all fields according to a given ID
1704 * @param $v Int User ID to reload
1705 */
1709 }
1711 /**
1712 * Get the user name, or the IP of an anonymous user
1713 * @return String User's name or IP address
1714 */
1717 # Special case optimisation
1722 # Clean up IPs
1724 }
1726 }
1727 }
1729 /**
1730 * Set the user name.
1731 *
1732 * This does not reload fields from the database according to the given
1733 * name. Rather, it is used to create a temporary "nonexistent user" for
1734 * later addition to the database. It can also be used to set the IP
1735 * address for an anonymous user to something other than the current
1736 * remote IP.
1737 *
1738 * @note User::newFromName() has rougly the same function, when the named user
1739 * does not exist.
1740 * @param $str String New user name to set
1741 */
1745 }
1747 /**
1748 * Get the user's name escaped by underscores.
1749 * @return String Username escaped by underscores.
1750 */
1753 }
1755 /**
1756 * Check if the user has new messages.
1757 * @return Bool True if the user has new messages
1758 */
1762 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1766 # Check memcached separately for anons, who have no
1767 # entire User object stored in there.
1771 // Anon newtalk disabled by configuration.
1780 // Since we are caching this, make sure it is up to date by getting it
1781 // from the master
1784 }
1785 }
1788 }
1789 }
1792 }
1794 /**
1795 * Return the talk page(s) this user has new messages on.
1796 * @return Array of String page URLs
1797 */
1804 }
1807 // Get the "last viewed rev" timestamp from the oldest message notification
1810 $this->isAnon() ? array( 'user_ip' => $this->getName() ) : array( 'user_id' => $this->getID() ),
1811 __METHOD__ );
1814 }
1816 /**
1817 * Internal uncached check for new messages
1818 *
1819 * @see getNewtalk()
1820 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1821 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1822 * @param $fromMaster Bool true to fetch from the master, false for a slave
1823 * @return Bool True if the user has new messages
1824 */
1830 }
1834 }
1836 /**
1837 * Add or update the new messages flag
1838 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1839 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1840 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null.
1841 * @return Bool True if successful, false otherwise
1842 */
1844 // Get timestamp of the talk page revision prior to the current one
1847 // Mark the user as having new messages since this revision
1851 __METHOD__,
1859 }
1860 }
1862 /**
1863 * Clear the new messages flag for the given user
1864 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1865 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1866 * @return Bool True if successful, false otherwise
1867 */
1872 __METHOD__ );
1879 }
1880 }
1882 /**
1883 * Update the 'You have new messages!' status.
1884 * @param $val Bool Whether the user has new messages
1885 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null or !$val.
1886 */
1890 }
1901 }
1908 }
1911 // Anons have a separate memcached space, since
1912 // user records aren't kept for them.
1915 }
1918 }
1919 }
1921 /**
1922 * Generate a current or new-future timestamp to be stored in the
1923 * user_touched field when we update things.
1924 * @return String Timestamp in TS_MW format
1925 */
1929 }
1931 /**
1932 * Clear user data from memcached.
1933 * Use after applying fun updates to the database; caller's
1934 * responsibility to update user_touched if appropriate.
1935 *
1936 * Called implicitly from invalidateCache() and saveSettings().
1937 */
1943 }
1944 }
1946 /**
1947 * Immediately touch the user data cache for this account.
1948 * Updates user_touched field, and removes account data from memcached
1949 * for reload on the next hit.
1950 */
1954 }
1961 // Prevent contention slams by checking user_touched first
1965 );
1970 __METHOD__
1971 );
1972 }
1975 }
1976 }
1978 /**
1979 * Validate the cache for this account.
1980 * @param $timestamp String A timestamp in TS_MW format
1981 *
1982 * @return bool
1983 */
1987 }
1989 /**
1990 * Get the user touched timestamp
1991 * @return String timestamp
1992 */
1996 }
1998 /**
1999 * Set the password and reset the random token.
2000 * Calls through to authentication plugin if necessary;
2001 * will have no effect if the auth plugin refuses to
2002 * pass the change through or if the legal password
2003 * checks fail.
2004 *
2005 * As a special case, setting the password to null
2006 * wipes it, so the account cannot be logged in until
2007 * a new password is set, for instance via e-mail.
2008 *
2009 * @param $str String New password to set
2010 * @throws PasswordError on failure
2011 *
2012 * @return bool
2013 */
2020 }
2031 }
2033 }
2034 }
2038 }
2043 }
2045 /**
2046 * Set the password and reset the random token unconditionally.
2047 *
2048 * @param $str String New password to set
2049 */
2055 // Save an invalid hash...
2059 }
2062 }
2064 /**
2065 * Get the user's current token.
2066 * @param $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2067 * @return String Token
2068 */
2073 }
2075 }
2077 /**
2078 * Set the random token (used for persistent authentication)
2079 * Called from loadDefaults() among other places.
2080 *
2081 * @param $token String|bool If specified, set the token to this value
2082 */
2089 }
2090 }
2092 /**
2093 * Set the password for a password reminder or new account email
2094 *
2095 * @param $str String New password to set
2096 * @param $throttle Bool If true, reset the throttle timestamp to the present
2097 */
2103 }
2104 }
2106 /**
2107 * Has password reminder email been sent within the last
2108 * $wgPasswordReminderResendTime hours?
2109 * @return Bool
2110 */
2116 }
2119 }
2121 /**
2122 * Get the user's e-mail address
2123 * @return String User's email address
2124 */
2129 }
2131 /**
2132 * Get the timestamp of the user's e-mail authentication
2133 * @return String TS_MW timestamp
2134 */
2137 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2139 }
2141 /**
2142 * Set the user's e-mail address
2143 * @param $str String New e-mail address
2144 */
2149 }
2153 }
2155 /**
2156 * Set the user's e-mail address and a confirmation mail if needed.
2157 *
2158 * @since 1.20
2159 * @param $str String New e-mail address
2160 * @return Status
2161 */
2167 }
2172 }
2177 # Send a confirmation request to the new address if needed
2181 # Say the the caller that a confirmation mail has been sent
2183 }
2186 }
2189 }
2191 /**
2192 * Get the user's real name
2193 * @return String User's real name
2194 */
2198 }
2201 }
2203 /**
2204 * Set the user's real name
2205 * @param $str String New real name
2206 */
2210 }
2212 /**
2213 * Get the user's current setting for a given option.
2214 *
2215 * @param $oname String The option to check
2216 * @param $defaultOverride String A default value returned if the option does not exist
2217 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2218 * @return String User's current value for the option
2219 * @see getBoolOption()
2220 * @see getIntOption()
2221 */
2226 # We want 'disabled' preferences to always behave as the default value for
2227 # users, even if they have set the option explicitly in their settings (ie they
2228 # set it, and then it was disabled removing their ability to change it). But
2229 # we don't want to erase the preferences in the database in case the preference
2230 # is re-enabled again. So don't touch $mOptions, just override the returned value
2233 }
2239 }
2240 }
2242 /**
2243 * Get all user's options
2244 *
2245 * @return array
2246 */
2252 # We want 'disabled' preferences to always behave as the default value for
2253 # users, even if they have set the option explicitly in their settings (ie they
2254 # set it, and then it was disabled removing their ability to change it). But
2255 # we don't want to erase the preferences in the database in case the preference
2256 # is re-enabled again. So don't touch $mOptions, just override the returned value
2261 }
2262 }
2265 }
2267 /**
2268 * Get the user's current setting for a given option, as a boolean value.
2269 *
2270 * @param $oname String The option to check
2271 * @return Bool User's current value for the option
2272 * @see getOption()
2273 */
2276 }
2278 /**
2279 * Get the user's current setting for a given option, as a boolean value.
2280 *
2281 * @param $oname String The option to check
2282 * @param $defaultOverride Int A default value returned if the option does not exist
2283 * @return Int User's current value for the option
2284 * @see getOption()
2285 */
2290 }
2292 }
2294 /**
2295 * Set the given option for a user.
2296 *
2297 * @param $oname String The option to set
2298 * @param $val mixed New value to set
2299 */
2303 // Explicitly NULL values should refer to defaults
2306 }
2309 }
2311 /**
2312 * Reset all options to the site defaults
2313 */
2319 }
2321 /**
2322 * Get the user's preferred date format.
2323 * @return String User's preferred date format
2324 */
2326 // Important migration for old data rows
2333 }
2335 }
2337 }
2339 /**
2340 * Get the user preferred stub threshold
2341 *
2342 * @return int
2343 */
2348 # If they have set an impossible value, disable the preference
2349 # so we can use the parser cache again.
2351 }
2353 }
2355 /**
2356 * Get the permissions this user has.
2357 * @return Array of String permission names
2358 */
2363 // Force reindexation of rights when a hook has unset one of them
2365 }
2367 }
2369 /**
2370 * Get the list of explicit group memberships this user has.
2371 * The implicit * and user groups are not included.
2372 * @return Array of String internal group names
2373 */
2378 }
2380 /**
2381 * Get the list of implicit group memberships this user has.
2382 * This includes all explicit groups, plus 'user' if logged in,
2383 * '*' for all accounts, and autopromoted groups
2384 * @param $recache Bool Whether to avoid the cache
2385 * @return Array of String internal group names
2386 */
2393 ) );
2394 # Hook for additional groups
2396 // Force reindexation of groups when a hook has unset one of them
2399 }
2401 }
2403 /**
2404 * Get the list of implicit group memberships this user has.
2405 * This includes 'user' if logged in, '*' for all accounts,
2406 * and autopromoted groups
2407 * @param $recache Bool Whether to avoid the cache
2408 * @return Array of String internal group names
2409 */
2420 ) );
2421 }
2423 # Assure data consistency with rights/groups,
2424 # as getEffectiveGroups() depends on this function
2426 }
2428 }
2430 }
2432 /**
2433 * Returns the groups the user has belonged to.
2434 *
2435 * The user may still belong to the returned groups. Compare with getGroups().
2436 *
2437 * The function will not return groups the user had belonged to before MW 1.17
2438 *
2439 * @return array Names of the groups the user has belonged to.
2440 */
2447 __METHOD__ );
2451 }
2452 }
2454 }
2456 /**
2457 * Get the user's edit count.
2458 * @return Int
2459 */
2463 }
2466 /* Populate the count, if it has not been populated yet */
2469 // check if the user_editcount field has been initialized
2473 __METHOD__
2474 );
2477 // it has not been initialized. do so.
2479 }
2482 }
2484 }
2486 /**
2487 * Add the user to the given group.
2488 * This takes immediate effect.
2489 * @param $group String Name of the group to add
2490 */
2499 ),
2500 __METHOD__,
2502 }
2503 }
2509 }
2511 /**
2512 * Remove the user from the given group.
2513 * This takes immediate effect.
2514 * @param $group String Name of the group to remove
2515 */
2525 // Remember that the user was in this group
2530 ),
2531 __METHOD__,
2533 }
2539 }
2541 /**
2542 * Get whether the user is logged in
2543 * @return Bool
2544 */
2547 }
2549 /**
2550 * Get whether the user is anonymous
2551 * @return Bool
2552 */
2555 }
2557 /**
2558 * Check if user is allowed to access a feature / make an action
2559 *
2560 * @internal param \String $varargs permissions to test
2561 * @return Boolean: True if user is allowed to perform *any* of the given actions
2562 *
2563 * @return bool
2564 */
2570 }
2571 }
2573 }
2575 /**
2576 *
2577 * @internal param $varargs string
2578 * @return bool True if the user is allowed to perform *all* of the given actions
2579 */
2585 }
2586 }
2588 }
2590 /**
2591 * Internal mechanics of testing a permission
2592 * @param $action String
2593 * @return bool
2594 */
2598 }
2599 # Patrolling may not be enabled
2604 }
2605 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2606 # by misconfiguration: 0 == 'foo'
2608 }
2610 /**
2611 * Check whether to enable recent changes patrol features for this user
2612 * @return Boolean: True or false
2613 */
2617 }
2619 /**
2620 * Check whether to enable new pages patrol features for this user
2621 * @return Bool True or false
2622 */
2625 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2626 }
2628 /**
2629 * Get the WebRequest object to use with this object
2630 *
2631 * @return WebRequest
2632 */
2639 }
2640 }
2642 /**
2643 * Get the current skin, loading it if required
2644 * @return Skin The current skin
2645 * @todo FIXME: Need to check the old failback system [AV]
2646 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2647 */
2651 }
2653 /**
2654 * Get a WatchedItem for this user and $title.
2655 *
2656 * @param $title Title
2657 * @return WatchedItem
2658 */
2664 }
2668 }
2672 }
2674 /**
2675 * Check the watched status of an article.
2676 * @param $title Title of the article to look at
2677 * @return Bool
2678 */
2681 }
2683 /**
2684 * Watch an article.
2685 * @param $title Title of the article to look at
2686 */
2690 }
2692 /**
2693 * Stop watching an article.
2694 * @param $title Title of the article to look at
2695 */
2699 }
2701 /**
2702 * Clear the user's notification timestamp for the given title.
2703 * If e-notif e-mails are on, they will receive notification mails on
2704 * the next change of the page if it's watched etc.
2705 * @param $title Title of the article to look at
2706 */
2710 # Do nothing if the database is locked to writes
2713 }
2720 }
2724 }
2727 // Nothing else to do...
2729 }
2731 // Only update the timestamp if the page is being watched.
2732 // The query to find out if it is watched is cached both in memcached and per-invocation,
2733 // and when it does have to be executed, it can be on a slave
2734 // If this is the user's newtalk page, we always update the timestamp
2738 {
2740 }
2743 }
2745 /**
2746 * Resets all of the given user's page-change notification timestamps.
2747 * If e-notif e-mails are on, they will receive notification mails on
2748 * the next change of any watched page.
2749 */
2755 }
2764 ), __METHOD__
2765 );
2766 # We also need to clear here the "you have new message" notification for the own user_talk page
2767 # This is cleared one page view later in Article::viewUpdates();
2768 }
2769 }
2771 /**
2772 * Set this user's options from an encoded string
2773 * @param $str String Encoded options to import
2774 *
2775 * @deprecated in 1.19 due to removal of user_options from the user table
2776 */
2785 // If an option is not set in $str, use the default value
2794 }
2795 }
2796 }
2798 /**
2799 * Set a cookie on the user's client. Wrapper for
2800 * WebResponse::setCookie
2801 * @param $name String Name of the cookie to set
2802 * @param $value String Value to set
2803 * @param $exp Int Expiration time, as a UNIX time value;
2804 * if 0 or not specified, use the default $wgCookieExpiration
2805 * @param $secure Bool
2806 * true: Force setting the secure attribute when setting the cookie
2807 * false: Force NOT setting the secure attribute when setting the cookie
2808 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
2809 */
2812 }
2814 /**
2815 * Clear a cookie on the user's client
2816 * @param $name String Name of the cookie to clear
2817 */
2820 }
2822 /**
2823 * Set the default cookies for this session on the user's client.
2824 *
2825 * @param $request WebRequest object to use; $wgRequest will be used if null
2826 * is passed.
2827 * @param $secure Whether to force secure/insecure cookies or use default
2828 */
2832 }
2837 // When token is empty or NULL generate a new one and then save it to the database
2838 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
2839 // Simply by setting every cell in the user_token column to NULL and letting them be
2840 // regenerated as users log back into the wiki.
2843 }
2848 );
2852 );
2857 }
2863 }
2869 }
2870 }
2872 /**
2873 * If wpStickHTTPS was selected, also set an insecure cookie that
2874 * will cause the site to redirect the user to HTTPS, if they access
2875 * it over HTTP. Bug 29898.
2876 */
2879 }
2880 }
2882 /**
2883 * Log this user out.
2884 */
2888 }
2889 }
2891 /**
2892 * Clear the user's cookies and session, and reset the instance cache.
2893 * @see logout()
2894 */
2904 # Remember when user logged out, to prevent seeing cached pages
2906 }
2908 /**
2909 * Save this user's settings into the database.
2910 * @todo Only rarely do all these fields need to be set!
2911 */
2922 }
2940 ), __METHOD__
2941 );
2948 }
2950 /**
2951 * If only this user's username is known, and it exists, return the user ID.
2952 * @return Int
2953 */
2962 }
2964 }
2966 /**
2967 * Add a user to the database, return the user object
2968 *
2969 * @param $name String Username to add
2970 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2971 * - password The user's password hash. Password logins will be disabled if this is omitted.
2972 * - newpassword Hash for a temporary password that has been mailed to the user
2973 * - email The user's email address
2974 * - email_authenticated The email authentication timestamp
2975 * - real_name The user's real name
2976 * - options An associative array of non-default options
2977 * - token Random authentication token. Do not set.
2978 * - registration Registration timestamp. Do not set.
2979 *
2980 * @return User object, or null if the username already exists
2981 */
2988 }
3005 );
3008 }
3014 }
3016 }
3018 /**
3019 * Add this existing user object to the database. If the user already
3020 * exists, a fatal status object is returned, and the user object is
3021 * initialised with the data from the database.
3022 *
3023 * Previously, this function generated a DB error due to a key conflict
3024 * if the user already existed. Many extension callers use this function
3025 * in code along the lines of:
3026 *
3027 * $user = User::newFromName( $name );
3028 * if ( !$user->isLoggedIn() ) {
3029 * $user->addToDatabase();
3030 * }
3031 * // do something with $user...
3032 *
3033 * However, this was vulnerable to a race condition (bug 16020). By
3034 * initialising the user object if the user exists, we aim to support this
3035 * calling sequence as far as possible.
3036 *
3037 * Note that if the user exists, this function will acquire a write lock,
3038 * so it is still advisable to make the call conditional on isLoggedIn(),
3039 * and to commit the transaction after calling.
3040 *
3041 * @throws MWException
3042 * @return Status
3043 */
3067 );
3075 }
3076 }
3080 }
3082 }
3085 // Clear instance cache other than user table data, which is already accurate
3090 }
3092 /**
3093 * If this user is logged-in and blocked,
3094 * block any IP address they've successfully logged in from.
3095 * @return bool A block was spread
3096 */
3100 }
3102 }
3104 /**
3105 * If this (non-anonymous) user is blocked,
3106 * block the IP address they've successfully logged in from.
3107 * @return bool A block was spread
3108 */
3114 }
3119 }
3122 }
3124 /**
3125 * Generate a string which will be different for any combination of
3126 * user options which would produce different parser output.
3127 * This will be used as part of the hash key for the parser cache,
3128 * so users with the same options can share the same cached data
3129 * safely.
3130 *
3131 * Extensions which require it should install 'PageRenderingHash' hook,
3132 * which will give them a chance to modify this key based on their own
3133 * settings.
3134 *
3135 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
3136 * @return String Page rendering hash
3137 */
3144 }
3146 // stubthreshold is only included below for completeness,
3147 // since it disables the parser cache, its value will always
3148 // be 0 when this function is called by parsercache.
3154 }
3158 // add in language specific options, if any
3162 // Since the skin could be overloading link(), it should be
3163 // included here but in practice, none of our skins do that.
3167 // Give a chance for extensions to modify the hash, if they have
3168 // extra options or other effects on the parser cache.
3171 // Make it a valid memcached key fragment
3175 }
3177 /**
3178 * Get whether the user is explicitly blocked from account creation.
3179 * @return Bool|Block
3180 */
3185 }
3187 # bug 13611: if the IP address the user is trying to create an account from is
3188 # blocked with createaccount disabled, prevent new account creation there even
3189 # when the user is logged in
3192 }
3193 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3196 }
3198 /**
3199 * Get whether the user is blocked from using Special:Emailuser.
3200 * @return Bool
3201 */
3205 }
3207 /**
3208 * Get whether the user is allowed to create an account.
3209 * @return Bool
3210 */
3213 }
3215 /**
3216 * Get this user's personal page title.
3217 *
3218 * @return Title: User's personal page title
3219 */
3222 }
3224 /**
3225 * Get this user's talk page title.
3226 *
3227 * @return Title: User's talk page title
3228 */
3232 }
3234 /**
3235 * Determine whether the user is a newbie. Newbies are either
3236 * anonymous IPs, or the most recently created accounts.
3237 * @return Bool
3238 */
3241 }
3243 /**
3244 * Check to see if the given clear-text password is one of the accepted passwords
3245 * @param $password String: user password.
3246 * @return Boolean: True if the given password is correct, otherwise False.
3247 */
3252 // Even though we stop people from creating passwords that
3253 // are shorter than this, doesn't mean people wont be able
3254 // to. Certain authentication plugins do NOT want to save
3255 // domain passwords in a mysql database, so we should
3256 // check this (in case $wgAuth->strict() is false).
3259 }
3264 /* Auth plugin doesn't allow local authentication */
3267 /* Auth plugin doesn't allow local authentication for this user name */
3269 }
3273 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3274 # Check for this with iconv
3278 {
3280 }
3281 }
3283 }
3285 /**
3286 * Check if the given clear-text password matches the temporary password
3287 * sent by e-mail for password reset operations.
3288 *
3289 * @param $plaintext string
3290 *
3291 * @return Boolean: True if matches, false otherwise
3292 */
3300 }
3305 }
3306 }
3308 /**
3309 * Alias for getEditToken.
3310 * @deprecated since 1.19, use getEditToken instead.
3311 *
3312 * @param $salt String|Array of Strings Optional function-specific data for hashing
3313 * @param $request WebRequest object to use or null to use $wgRequest
3314 * @return String The new edit token
3315 */
3319 }
3321 /**
3322 * Initialize (if necessary) and return a session token value
3323 * which can be used in edit forms to show that the user's
3324 * login credentials aren't being hijacked with a foreign form
3325 * submission.
3326 *
3327 * @since 1.19
3328 *
3329 * @param $salt String|Array of Strings Optional function-specific data for hashing
3330 * @param $request WebRequest object to use or null to use $wgRequest
3331 * @return String The new edit token
3332 */
3336 }
3345 }
3348 }
3350 }
3351 }
3353 /**
3354 * Generate a looking random token for various uses.
3355 *
3356 * @param $salt String Optional salt value
3357 * @return String The new random token
3358 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
3359 */
3362 }
3364 /**
3365 * Check given value against the token value stored in the session.
3366 * A match should confirm that the form was submitted from the
3367 * user's own login session, not a form submission from a third-party
3368 * site.
3369 *
3370 * @param $val String Input value to compare
3371 * @param $salt String Optional function-specific data for hashing
3372 * @param $request WebRequest object to use or null to use $wgRequest
3373 * @return Boolean: Whether the token matches
3374 */
3379 }
3381 }
3383 /**
3384 * Check given value against the token value stored in the session,
3385 * ignoring the suffix.
3386 *
3387 * @param $val String Input value to compare
3388 * @param $salt String Optional function-specific data for hashing
3389 * @param $request WebRequest object to use or null to use $wgRequest
3390 * @return Boolean: Whether the token matches
3391 */
3395 }
3397 /**
3398 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3399 * mail to the user's given address.
3400 *
3401 * @param $type String: message to send, either "created", "changed" or "set"
3402 * @return Status object
3403 */
3418 }
3429 }
3431 /**
3432 * Send an e-mail to this user's account. Does not check for
3433 * confirmed status or validity.
3434 *
3435 * @param $subject String Message subject
3436 * @param $body String Message body
3437 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3438 * @param $replyto String Reply-To address
3439 * @return Status
3440 */
3447 }
3451 }
3453 /**
3454 * Generate, store, and return a new e-mail confirmation code.
3455 * A hash (unsalted, since it's used as a key) is stored.
3456 *
3457 * @note Call saveSettings() after calling this function to commit
3458 * this change to the database.
3459 *
3460 * @param &$expiration \mixed Accepts the expiration time
3461 * @return String New token
3462 */
3474 }
3476 /**
3477 * Return a URL the user can use to confirm their email address.
3478 * @param $token String Accepts the email confirmation token
3479 * @return String New token URL
3480 */
3483 }
3485 /**
3486 * Return a URL the user can use to invalidate their email address.
3487 * @param $token String Accepts the email confirmation token
3488 * @return String New token URL
3489 */
3492 }
3494 /**
3495 * Internal function to format the e-mail validation/invalidation URLs.
3496 * This uses a quickie hack to use the
3497 * hardcoded English names of the Special: pages, for ASCII safety.
3498 *
3499 * @note Since these URLs get dropped directly into emails, using the
3500 * short English names avoids insanely long URL-encoded links, which
3501 * also sometimes can get corrupted in some browsers/mailers
3502 * (bug 6957 with Gmail and Internet Explorer).
3503 *
3504 * @param $page String Special page
3505 * @param $token String Token
3506 * @return String Formatted URL
3507 */
3509 // Hack to bypass localization of 'Special:'
3512 }
3514 /**
3515 * Mark the e-mail address confirmed.
3516 *
3517 * @note Call saveSettings() after calling this function to commit the change.
3518 *
3519 * @return bool
3520 */
3525 }
3527 /**
3528 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3529 * address if it was already confirmed.
3530 *
3531 * @note Call saveSettings() after calling this function to commit the change.
3532 * @return bool Returns true
3533 */
3541 }
3543 /**
3544 * Set the e-mail authentication timestamp.
3545 * @param $timestamp String TS_MW timestamp
3546 */
3550 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3551 }
3553 /**
3554 * Is this user allowed to send e-mails within limits of current
3555 * site configuration?
3556 * @return Bool
3557 */
3562 }
3566 }
3568 /**
3569 * Is this user allowed to receive e-mails within limits of current
3570 * site configuration?
3571 * @return Bool
3572 */
3575 }
3577 /**
3578 * Is this user's e-mail address valid-looking and confirmed within
3579 * limits of the current site configuration?
3580 *
3581 * @note If $wgEmailAuthentication is on, this may require the user to have
3582 * confirmed their address by returning a code or using a password
3583 * sent to the address from the wiki.
3584 *
3585 * @return Bool
3586 */
3594 }
3597 }
3600 }
3604 }
3605 }
3607 /**
3608 * Check whether there is an outstanding request for e-mail confirmation.
3609 * @return Bool
3610 */
3617 }
3619 /**
3620 * Get the timestamp of account creation.
3621 *
3622 * @return String|Bool Timestamp of account creation, or false for
3623 * non-existent/anonymous user accounts.
3624 */
3628 }
3631 }
3633 /**
3634 * Get the timestamp of the first edit
3635 *
3636 * @return String|Bool Timestamp of first edit, or false for
3637 * non-existent/anonymous user accounts.
3638 */
3642 }
3646 __METHOD__,
3648 );
3651 }
3653 }
3655 /**
3656 * Get the permissions associated with a given list of groups
3657 *
3658 * @param $groups Array of Strings List of internal group names
3659 * @return Array of Strings List of permission key names for given groups combined
3660 */
3664 // grant every granted permission first
3668 // array_filter removes empty items
3670 }
3671 }
3672 // now revoke the revoked permissions
3677 }
3678 }
3680 }
3682 /**
3683 * Get all the groups who have a given permission
3684 *
3685 * @param $role String Role to check
3686 * @return Array of Strings List of internal group names with the given permission
3687 */
3694 }
3695 }
3697 }
3699 /**
3700 * Check, if the given group has the given permission
3701 *
3702 * @param $group String Group to check
3703 * @param $role String Role to check
3704 * @return bool
3705 */
3710 }
3712 /**
3713 * Get the localized descriptive name for a group, if it exists
3714 *
3715 * @param $group String Internal group name
3716 * @return String Localized descriptive group name
3717 */
3721 }
3723 /**
3724 * Get the localized descriptive name for a member of a group, if it exists
3725 *
3726 * @param $group String Internal group name
3727 * @param $username String Username for gender (since 1.19)
3728 * @return String Localized name for group member
3729 */
3733 }
3735 /**
3736 * Return the set of defined explicit groups.
3737 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3738 * are not included, as they are defined automatically, not in the database.
3739 * @return Array of internal group names
3740 */
3746 );
3747 }
3749 /**
3750 * Get a list of all available permissions.
3751 * @return Array of permission names
3752 */
3760 }
3762 }
3764 }
3766 /**
3767 * Get a list of implicit groups
3768 * @return Array of Strings Array of internal group names
3769 */
3773 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3775 }
3777 /**
3778 * Get the title of a page describing a particular group
3779 *
3780 * @param $group String Internal group name
3781 * @return Title|Bool Title of the page if it exists, false otherwise
3782 */
3789 }
3791 }
3793 /**
3794 * Create a link to the group in HTML, if available;
3795 * else return the group name.
3796 *
3797 * @param $group String Internal name of the group
3798 * @param $text String The text of the link
3799 * @return String HTML link to the group
3800 */
3804 }
3810 }
3811 }
3813 /**
3814 * Create a link to the group in Wikitext, if available;
3815 * else return the group name.
3816 *
3817 * @param $group String Internal name of the group
3818 * @param $text String The text of the link
3819 * @return String Wikilink to the group
3820 */
3824 }
3831 }
3832 }
3834 /**
3835 * Returns an array of the groups that a particular group can add/remove.
3836 *
3837 * @param $group String: the group to check for whether it can add/remove
3838 * @return Array array( 'add' => array( addablegroups ),
3839 * 'remove' => array( removablegroups ),
3840 * 'add-self' => array( addablegroups to self),
3841 * 'remove-self' => array( removable groups from self) )
3842 */
3846 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3848 // Don't add anything to $groups
3850 // You get everything
3854 }
3856 // Same thing for remove
3862 }
3864 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3869 }
3870 }
3871 }
3877 }
3878 }
3879 }
3881 // Now figure out what groups the user can add to him/herself
3884 // No idea WHY this would be used, but it's there
3888 }
3895 }
3898 }
3900 /**
3901 * Returns an array of groups that this user can add and remove
3902 * @return Array array( 'add' => array( addablegroups ),
3903 * 'remove' => array( removablegroups ),
3904 * 'add-self' => array( addablegroups to self),
3905 * 'remove-self' => array( removable groups from self) )
3906 */
3909 // This group gives the right to modify everything (reverse-
3910 // compatibility with old "userrights lets you change
3911 // everything")
3912 // Using array_merge to make the groups reindexed
3919 );
3920 }
3922 // Okay, it's not so simple, we will have to go through the arrays
3928 );
3934 );
3939 }
3941 }
3943 /**
3944 * Increment the user's edit-count field.
3945 * Will have no effect for anonymous users.
3946 */
3954 __METHOD__
3955 );
3957 // Lazy initialization check...
3959 // Now here's a goddamn hack...
3962 // If we actually have a slave server, the count is
3963 // at least one behind because the current transaction
3964 // has not been committed and replicated.
3967 // But if DB_SLAVE is selecting the master, then the
3968 // count we just read includes the revision that was
3969 // just added in the working transaction.
3971 }
3972 }
3973 }
3974 // edit count in user cache too
3976 }
3978 /**
3979 * Initialize user_editcount from data out of the revision table
3980 *
3981 * @param $add Integer Edits to add to the count from the revision table
3982 * @return Integer Number of edits
3983 */
3985 // Pull from a slave to be less cruel to servers
3986 // Accuracy isn't the point anyway here
3992 __METHOD__
3993 );
4001 __METHOD__
4002 );
4005 }
4007 /**
4008 * Get the description of a given right
4009 *
4010 * @param $right String Right to query
4011 * @return String Localized description of the right
4012 */
4017 }
4019 /**
4020 * Make an old-style password hash
4021 *
4022 * @param $password String Plain-text password
4023 * @param $userId String User ID
4024 * @return String Password hash
4025 */
4032 }
4033 }
4035 /**
4036 * Make a new-style password hash
4037 *
4038 * @param $password String Plain-text password
4039 * @param bool|string $salt Optional salt, may be random or the user ID.
4041 * If unspecified or false, will generate one automatically
4042 * @return String Password hash
4043 */
4048 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
4050 }
4055 }
4059 }
4060 }
4062 /**
4063 * Compare a password hash with a plain-text password. Requires the user
4064 * ID if there's a chance that the hash is an old-style hash.
4065 *
4066 * @param $hash String Password hash
4067 * @param $password String Plain-text password to compare
4068 * @param $userId String|bool User ID for old-style password salt
4069 *
4070 * @return Boolean
4071 */
4078 }
4081 # Unsalted
4084 # Salted
4088 # Old-style
4090 }
4091 }
4093 /**
4094 * Add a newuser log entry for this user. Before 1.19 the return value was always true.
4095 *
4096 * @param $byEmail Boolean: account made by email?
4097 * @param $reason String: user supplied reason
4098 *
4099 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
4100 */
4105 }
4117 }
4118 }
4119 }
4126 );
4127 }
4129 /**
4130 * Add an autocreate newuser log entry for this user
4131 * Used by things like CentralAuth and perhaps other authplugins.
4132 *
4133 * @return bool
4134 */
4139 }
4143 }
4145 /**
4146 * Load the user options either from cache, the database or an array
4147 *
4148 * @param $data Rows for the current user out of the user_properties table
4149 */
4157 }
4162 // For unlogged-in users, load language/variant options from request.
4163 // There's no need to do it for logged-in users: they can set preferences,
4164 // and handling of page content is done by $pageLang->getPreferredVariant() and such,
4165 // so don't override user's choice (especially when the user chooses site default).
4171 }
4173 // Maybe load from the object
4178 }
4182 // Load from database
4189 __METHOD__
4190 );
4196 }
4197 }
4201 }
4202 }
4207 }
4209 /**
4210 * @todo document
4211 */
4217 // Not using getOptions(), to keep hidden preferences in database
4220 // Allow hooks to abort, for instance to save to a global profile.
4221 // Reset options to default state before saving.
4224 }
4230 # Don't bother storing default values
4239 );
4240 }
4249 }
4250 }
4251 }
4256 }
4258 /**
4259 * Provide an array of HTML5 attributes to put on an input element
4260 * intended for the user to enter a new password. This may include
4261 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4262 *
4263 * Do *not* use this when asking the user to enter his current password!
4264 * Regardless of configuration, users may have invalid passwords for whatever
4265 * reason (e.g., they were set before requirements were tightened up).
4266 * Only use it when asking for a new password, like on account creation or
4267 * ResetPass.
4268 *
4269 * Obviously, you still need to do server-side checking.
4270 *
4271 * NOTE: A combination of bugs in various browsers means that this function
4272 * actually just returns array() unconditionally at the moment. May as
4273 * well keep it around for when the browser bugs get fixed, though.
4274 *
4275 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4276 *
4277 * @return array Array of HTML attributes suitable for feeding to
4278 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4279 * That will potentially output invalid XHTML 1.0 Transitional, and will
4280 * get confused by the boolean attribute syntax used.)
4281 */
4287 }
4289 # Note that the pattern requirement will always be satisfied if the
4290 # input is empty, so we need required in all cases.
4291 #
4292 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4293 # if e-mail confirmation is being used. Since HTML5 input validation
4294 # is b0rked anyway in some browsers, just return nothing. When it's
4295 # re-enabled, fix this code to not output required for e-mail
4296 # registration.
4297 #$ret = array( 'required' );
4300 # We can't actually do this right now, because Opera 9.6 will print out
4301 # the entered password visibly in its error message! When other
4302 # browsers add support for this attribute, or Opera fixes its support,
4303 # we can add support with a version check to avoid doing this on Opera
4304 # versions where it will be a problem. Reported to Opera as
4305 # DSK-262266, but they don't have a public bug tracker for us to follow.
4306 /*
4307 if ( $wgMinimalPasswordLength > 1 ) {
4308 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4309 $ret['title'] = wfMessage( 'passwordtooshort' )
4310 ->numParams( $wgMinimalPasswordLength )->text();
4311 }
4312 */
4315 }
4317 /**
4318 * Return the list of user fields that should be selected to create
4319 * a new user object.
4320 * @return array
4321 */
4338 );
4339 }
4340 }