search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* Reduced some pointless regex capture overhead
[mediawiki.git] / includes / User.php
blobdbe6b17b4731543787628f6d6fff6770a56d0d7b
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44 /**
45 * Global constants made accessible as class constants so that autoloader
46 * magic can be used.
47 */
48 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
49 const MW_USER_VERSION = MW_USER_VERSION;
50 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
51
52 /**
53 * \type{\arrayof{\string}} List of member variables which are saved to the
54 * shared cache (memcached). Any operation which changes the
55 * corresponding database fields must call a cache-clearing function.
56 * @showinitializer
57 */
58 static $mCacheVars = array(
59 // user table
60 'mId',
61 'mName',
62 'mRealName',
63 'mPassword',
64 'mNewpassword',
65 'mNewpassTime',
66 'mEmail',
67 'mTouched',
68 'mToken',
69 'mEmailAuthenticated',
70 'mEmailToken',
71 'mEmailTokenExpires',
72 'mRegistration',
73 'mEditCount',
74 // user_group table
75 'mGroups',
76 // user_properties table
77 'mOptionOverrides',
78 );
79
80 /**
81 * \type{\arrayof{\string}} Core rights.
82 * Each of these should have a corresponding message of the form
83 * "right-$right".
84 * @showinitializer
85 */
86 static $mCoreRights = array(
87 'apihighlimits',
88 'autoconfirmed',
89 'autopatrol',
90 'bigdelete',
91 'block',
92 'blockemail',
93 'bot',
94 'browsearchive',
95 'createaccount',
96 'createpage',
97 'createtalk',
98 'delete',
99 'deletedhistory',
100 'deletedtext',
101 'deleterevision',
102 'edit',
103 'editinterface',
104 'editusercssjs',
105 'hideuser',
106 'import',
107 'importupload',
108 'ipblock-exempt',
109 'markbotedits',
110 'minoredit',
111 'move',
112 'movefile',
113 'move-rootuserpages',
114 'move-subpages',
115 'nominornewtalk',
116 'noratelimit',
117 'override-export-depth',
118 'patrol',
119 'protect',
120 'proxyunbannable',
121 'purge',
122 'read',
123 'reupload',
124 'reupload-shared',
125 'rollback',
126 'selenium',
127 'sendemail',
128 'siteadmin',
129 'suppressionlog',
130 'suppressredirect',
131 'suppressrevision',
132 'trackback',
133 'undelete',
134 'unwatchedpages',
135 'upload',
136 'upload_by_url',
137 'userrights',
138 'userrights-interwiki',
139 'writeapi',
140 );
141 /**
142 * \string Cached results of getAllRights()
143 */
144 static $mAllRights = false;
145
146 /** @name Cache variables */
147 //@{
148 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
149 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
150 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
151 //@}
152
153 /**
154 * \bool Whether the cache variables have been loaded.
155 */
156 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
157
158 /**
159 * \string Initialization data source if mDataLoaded==false. May be one of:
160 * - 'defaults' anonymous user initialised from class defaults
161 * - 'name' initialise from mName
162 * - 'id' initialise from mId
163 * - 'session' log in from cookies or session if possible
164 *
165 * Use the User::newFrom*() family of functions to set this.
166 */
167 var $mFrom;
168
169 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
170 //@{
171 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
172 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
173 $mLocked, $mHideName, $mOptions;
174 //@}
175
176 static $idCacheByName = array();
177
178 /**
179 * Lightweight constructor for an anonymous user.
180 * Use the User::newFrom* factory functions for other kinds of users.
181 *
182 * @see newFromName()
183 * @see newFromId()
184 * @see newFromConfirmationCode()
185 * @see newFromSession()
186 * @see newFromRow()
187 */
188 function __construct() {
189 $this->clearInstanceCache( 'defaults' );
190 }
191
192 /**
193 * Load the user table data for this object from the source given by mFrom.
194 */
195 function load() {
196 if ( $this->mDataLoaded ) {
197 return;
198 }
199 wfProfileIn( __METHOD__ );
200
201 # Set it now to avoid infinite recursion in accessors
202 $this->mDataLoaded = true;
203
204 switch ( $this->mFrom ) {
205 case 'defaults':
206 $this->loadDefaults();
207 break;
208 case 'name':
209 $this->mId = self::idFromName( $this->mName );
210 if ( !$this->mId ) {
211 # Nonexistent user placeholder object
212 $this->loadDefaults( $this->mName );
213 } else {
214 $this->loadFromId();
215 }
216 break;
217 case 'id':
218 $this->loadFromId();
219 break;
220 case 'session':
221 $this->loadFromSession();
222 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
223 break;
224 default:
225 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
226 }
227 wfProfileOut( __METHOD__ );
228 }
229
230 /**
231 * Load user table data, given mId has already been set.
232 * @return \bool false if the ID does not exist, true otherwise
233 * @private
234 */
235 function loadFromId() {
236 global $wgMemc;
237 if ( $this->mId == 0 ) {
238 $this->loadDefaults();
239 return false;
240 }
241
242 # Try cache
243 $key = wfMemcKey( 'user', 'id', $this->mId );
244 $data = $wgMemc->get( $key );
245 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
246 # Object is expired, load from DB
247 $data = false;
248 }
249
250 if ( !$data ) {
251 wfDebug( "User: cache miss for user {$this->mId}\n" );
252 # Load from DB
253 if ( !$this->loadFromDatabase() ) {
254 # Can't load from ID, user is anonymous
255 return false;
256 }
257 $this->saveToCache();
258 } else {
259 wfDebug( "User: got user {$this->mId} from cache\n" );
260 # Restore from cache
261 foreach ( self::$mCacheVars as $name ) {
262 $this->$name = $data[$name];
263 }
264 }
265 return true;
266 }
267
268 /**
269 * Save user data to the shared cache
270 */
271 function saveToCache() {
272 $this->load();
273 $this->loadGroups();
274 $this->loadOptions();
275 if ( $this->isAnon() ) {
276 // Anonymous users are uncached
277 return;
278 }
279 $data = array();
280 foreach ( self::$mCacheVars as $name ) {
281 $data[$name] = $this->$name;
282 }
283 $data['mVersion'] = MW_USER_VERSION;
284 $key = wfMemcKey( 'user', 'id', $this->mId );
285 global $wgMemc;
286 $wgMemc->set( $key, $data );
287 }
288
289
290 /** @name newFrom*() static factory methods */
291 //@{
292
293 /**
294 * Static factory method for creation from username.
295 *
296 * This is slightly less efficient than newFromId(), so use newFromId() if
297 * you have both an ID and a name handy.
298 *
299 * @param $name \string Username, validated by Title::newFromText()
300 * @param $validate \mixed Validate username. Takes the same parameters as
301 * User::getCanonicalName(), except that true is accepted as an alias
302 * for 'valid', for BC.
303 *
304 * @return \type{User} The User object, or false if the username is invalid
305 * (e.g. if it contains illegal characters or is an IP address). If the
306 * username is not present in the database, the result will be a user object
307 * with a name, zero user ID and default settings.
308 */
309 static function newFromName( $name, $validate = 'valid' ) {
310 if ( $validate === true ) {
311 $validate = 'valid';
312 }
313 $name = self::getCanonicalName( $name, $validate );
314 if ( $name === false ) {
315 return false;
316 } else {
317 # Create unloaded user object
318 $u = new User;
319 $u->mName = $name;
320 $u->mFrom = 'name';
321 return $u;
322 }
323 }
324
325 /**
326 * Static factory method for creation from a given user ID.
327 *
328 * @param $id \int Valid user ID
329 * @return \type{User} The corresponding User object
330 */
331 static function newFromId( $id ) {
332 $u = new User;
333 $u->mId = $id;
334 $u->mFrom = 'id';
335 return $u;
336 }
337
338 /**
339 * Factory method to fetch whichever user has a given email confirmation code.
340 * This code is generated when an account is created or its e-mail address
341 * has changed.
342 *
343 * If the code is invalid or has expired, returns NULL.
344 *
345 * @param $code \string Confirmation code
346 * @return \type{User}
347 */
348 static function newFromConfirmationCode( $code ) {
349 $dbr = wfGetDB( DB_SLAVE );
350 $id = $dbr->selectField( 'user', 'user_id', array(
351 'user_email_token' => md5( $code ),
352 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
353 ) );
354 if( $id !== false ) {
355 return User::newFromId( $id );
356 } else {
357 return null;
358 }
359 }
360
361 /**
362 * Create a new user object using data from session or cookies. If the
363 * login credentials are invalid, the result is an anonymous user.
364 *
365 * @return \type{User}
366 */
367 static function newFromSession() {
368 $user = new User;
369 $user->mFrom = 'session';
370 return $user;
371 }
372
373 /**
374 * Create a new user object from a user row.
375 * The row should have all fields from the user table in it.
376 * @param $row array A row from the user table
377 * @return \type{User}
378 */
379 static function newFromRow( $row ) {
380 $user = new User;
381 $user->loadFromRow( $row );
382 return $user;
383 }
384
385 //@}
386
387
388 /**
389 * Get the username corresponding to a given user ID
390 * @param $id \int User ID
391 * @return \string The corresponding username
392 */
393 static function whoIs( $id ) {
394 $dbr = wfGetDB( DB_SLAVE );
395 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
396 }
397
398 /**
399 * Get the real name of a user given their user ID
400 *
401 * @param $id \int User ID
402 * @return \string The corresponding user's real name
403 */
404 static function whoIsReal( $id ) {
405 $dbr = wfGetDB( DB_SLAVE );
406 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
407 }
408
409 /**
410 * Get database id given a user name
411 * @param $name \string Username
412 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
413 */
414 static function idFromName( $name ) {
415 $nt = Title::makeTitleSafe( NS_USER, $name );
416 if( is_null( $nt ) ) {
417 # Illegal name
418 return null;
419 }
420
421 if ( isset( self::$idCacheByName[$name] ) ) {
422 return self::$idCacheByName[$name];
423 }
424
425 $dbr = wfGetDB( DB_SLAVE );
426 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
427
428 if ( $s === false ) {
429 $result = null;
430 } else {
431 $result = $s->user_id;
432 }
433
434 self::$idCacheByName[$name] = $result;
435
436 if ( count( self::$idCacheByName ) > 1000 ) {
437 self::$idCacheByName = array();
438 }
439
440 return $result;
441 }
442
443 /**
444 * Does the string match an anonymous IPv4 address?
445 *
446 * This function exists for username validation, in order to reject
447 * usernames which are similar in form to IP addresses. Strings such
448 * as 300.300.300.300 will return true because it looks like an IP
449 * address, despite not being strictly valid.
450 *
451 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
452 * address because the usemod software would "cloak" anonymous IP
453 * addresses like this, if we allowed accounts like this to be created
454 * new users could get the old edits of these anonymous users.
455 *
456 * @param $name \string String to match
457 * @return \bool True or false
458 */
459 static function isIP( $name ) {
460 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
461 }
462
463 /**
464 * Is the input a valid username?
465 *
466 * Checks if the input is a valid username, we don't want an empty string,
467 * an IP address, anything that containins slashes (would mess up subpages),
468 * is longer than the maximum allowed username size or doesn't begin with
469 * a capital letter.
470 *
471 * @param $name \string String to match
472 * @return \bool True or false
473 */
474 static function isValidUserName( $name ) {
475 global $wgContLang, $wgMaxNameChars;
476
477 if ( $name == ''
478 || User::isIP( $name )
479 || strpos( $name, '/' ) !== false
480 || strlen( $name ) > $wgMaxNameChars
481 || $name != $wgContLang->ucfirst( $name ) ) {
482 wfDebugLog( 'username', __METHOD__ .
483 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
484 return false;
485 }
486
487 // Ensure that the name can't be misresolved as a different title,
488 // such as with extra namespace keys at the start.
489 $parsed = Title::newFromText( $name );
490 if( is_null( $parsed )
491 || $parsed->getNamespace()
492 || strcmp( $name, $parsed->getPrefixedText() ) ) {
493 wfDebugLog( 'username', __METHOD__ .
494 ": '$name' invalid due to ambiguous prefixes" );
495 return false;
496 }
497
498 // Check an additional blacklist of troublemaker characters.
499 // Should these be merged into the title char list?
500 $unicodeBlacklist = '/[' .
501 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
502 '\x{00a0}' . # non-breaking space
503 '\x{2000}-\x{200f}' . # various whitespace
504 '\x{2028}-\x{202f}' . # breaks and control chars
505 '\x{3000}' . # ideographic space
506 '\x{e000}-\x{f8ff}' . # private use
507 ']/u';
508 if( preg_match( $unicodeBlacklist, $name ) ) {
509 wfDebugLog( 'username', __METHOD__ .
510 ": '$name' invalid due to blacklisted characters" );
511 return false;
512 }
513
514 return true;
515 }
516
517 /**
518 * Usernames which fail to pass this function will be blocked
519 * from user login and new account registrations, but may be used
520 * internally by batch processes.
521 *
522 * If an account already exists in this form, login will be blocked
523 * by a failure to pass this function.
524 *
525 * @param $name \string String to match
526 * @return \bool True or false
527 */
528 static function isUsableName( $name ) {
529 global $wgReservedUsernames;
530 // Must be a valid username, obviously ;)
531 if ( !self::isValidUserName( $name ) ) {
532 return false;
533 }
534
535 static $reservedUsernames = false;
536 if ( !$reservedUsernames ) {
537 $reservedUsernames = $wgReservedUsernames;
538 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
539 }
540
541 // Certain names may be reserved for batch processes.
542 foreach ( $reservedUsernames as $reserved ) {
543 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
544 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
545 }
546 if ( $reserved == $name ) {
547 return false;
548 }
549 }
550 return true;
551 }
552
553 /**
554 * Usernames which fail to pass this function will be blocked
555 * from new account registrations, but may be used internally
556 * either by batch processes or by user accounts which have
557 * already been created.
558 *
559 * Additional blacklisting may be added here rather than in
560 * isValidUserName() to avoid disrupting existing accounts.
561 *
562 * @param $name \string String to match
563 * @return \bool True or false
564 */
565 static function isCreatableName( $name ) {
566 global $wgInvalidUsernameCharacters;
567
568 // Ensure that the username isn't longer than 235 bytes, so that
569 // (at least for the builtin skins) user javascript and css files
570 // will work. (bug 23080)
571 if( strlen( $name ) > 235 ) {
572 wfDebugLog( 'username', __METHOD__ .
573 ": '$name' invalid due to length" );
574 return false;
575 }
576
577 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
578 wfDebugLog( 'username', __METHOD__ .
579 ": '$name' invalid due to wgInvalidUsernameCharacters" );
580 return false;
581 }
582
583 return self::isUsableName( $name );
584 }
585
586 /**
587 * Is the input a valid password for this user?
588 *
589 * @param $password String Desired password
590 * @return bool True or false
591 */
592 function isValidPassword( $password ) {
593 //simple boolean wrapper for getPasswordValidity
594 return $this->getPasswordValidity( $password ) === true;
595 }
596
597 /**
598 * Given unvalidated password input, return error message on failure.
599 *
600 * @param $password String Desired password
601 * @return mixed: true on success, string of error message on failure
602 */
603 function getPasswordValidity( $password ) {
604 global $wgMinimalPasswordLength, $wgWeakPasswords, $wgContLang;
605
606 $result = false; //init $result to false for the internal checks
607
608 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
609 return $result;
610
611 $lcPassword = $wgContLang->lc( $password );
612
613 if ( $result === false ) {
614 if( strlen( $password ) < $wgMinimalPasswordLength ) {
615 return 'passwordtooshort';
616 } elseif ( $lcPassword == $wgContLang->lc( $this->mName ) ) {
617 return 'password-name-match';
618 } elseif ( in_array( $lcPassword, $wgWeakPasswords ) ) {
619 return 'password-too-weak';
620 } else {
621 //it seems weird returning true here, but this is because of the
622 //initialization of $result to false above. If the hook is never run or it
623 //doesn't modify $result, then we will likely get down into this if with
624 //a valid password.
625 return true;
626 }
627 } elseif( $result === true ) {
628 return true;
629 } else {
630 return $result; //the isValidPassword hook set a string $result and returned true
631 }
632 }
633
634 /**
635 * Does a string look like an e-mail address?
636 *
637 * There used to be a regular expression here, it got removed because it
638 * rejected valid addresses. Actually just check if there is '@' somewhere
639 * in the given address.
640 *
641 * @todo Check for RFC 2822 compilance (bug 959)
642 *
643 * @param $addr \string E-mail address
644 * @return \bool True or false
645 */
646 public static function isValidEmailAddr( $addr ) {
647 $result = null;
648 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
649 return $result;
650 }
651 $rfc5322_atext = "a-z0-9!#$%&'*+-\/=?^_`{|}—~" ;
652 $rfc1034_ldh_str = "a-z0-9-" ;
653
654 $HTML5_email_regexp = "/
655 ^ # start of string
656 [$rfc5322_atext\\.]+ # user part which is liberal :p
657 @ # 'apostrophe'
658 [$rfc1034_ldh_str]+ # First domain part
659 (\\.[$rfc1034_ldh_str]+)+ # Following part prefixed with a dot
660 $ # End of string
661 /ix" ; // case Insensitive, eXtended
662
663 return (bool) preg_match( $HTML5_email_regexp, $addr );
664 }
665
666 /**
667 * Given unvalidated user input, return a canonical username, or false if
668 * the username is invalid.
669 * @param $name \string User input
670 * @param $validate \types{\string,\bool} Type of validation to use:
671 * - false No validation
672 * - 'valid' Valid for batch processes
673 * - 'usable' Valid for batch processes and login
674 * - 'creatable' Valid for batch processes, login and account creation
675 */
676 static function getCanonicalName( $name, $validate = 'valid' ) {
677 # Force usernames to capital
678 global $wgContLang;
679 $name = $wgContLang->ucfirst( $name );
680
681 # Reject names containing '#'; these will be cleaned up
682 # with title normalisation, but then it's too late to
683 # check elsewhere
684 if( strpos( $name, '#' ) !== false )
685 return false;
686
687 # Clean up name according to title rules
688 $t = ( $validate === 'valid' ) ?
689 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
690 # Check for invalid titles
691 if( is_null( $t ) ) {
692 return false;
693 }
694
695 # Reject various classes of invalid names
696 global $wgAuth;
697 $name = $wgAuth->getCanonicalName( $t->getText() );
698
699 switch ( $validate ) {
700 case false:
701 break;
702 case 'valid':
703 if ( !User::isValidUserName( $name ) ) {
704 $name = false;
705 }
706 break;
707 case 'usable':
708 if ( !User::isUsableName( $name ) ) {
709 $name = false;
710 }
711 break;
712 case 'creatable':
713 if ( !User::isCreatableName( $name ) ) {
714 $name = false;
715 }
716 break;
717 default:
718 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
719 }
720 return $name;
721 }
722
723 /**
724 * Count the number of edits of a user
725 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
726 *
727 * @param $uid \int User ID to check
728 * @return \int The user's edit count
729 */
730 static function edits( $uid ) {
731 wfProfileIn( __METHOD__ );
732 $dbr = wfGetDB( DB_SLAVE );
733 // check if the user_editcount field has been initialized
734 $field = $dbr->selectField(
735 'user', 'user_editcount',
736 array( 'user_id' => $uid ),
737 __METHOD__
738 );
739
740 if( $field === null ) { // it has not been initialized. do so.
741 $dbw = wfGetDB( DB_MASTER );
742 $count = $dbr->selectField(
743 'revision', 'count(*)',
744 array( 'rev_user' => $uid ),
745 __METHOD__
746 );
747 $dbw->update(
748 'user',
749 array( 'user_editcount' => $count ),
750 array( 'user_id' => $uid ),
751 __METHOD__
752 );
753 } else {
754 $count = $field;
755 }
756 wfProfileOut( __METHOD__ );
757 return $count;
758 }
759
760 /**
761 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
762 * @todo hash random numbers to improve security, like generateToken()
763 *
764 * @return \string New random password
765 */
766 static function randomPassword() {
767 global $wgMinimalPasswordLength;
768 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
769 $l = strlen( $pwchars ) - 1;
770
771 $pwlength = max( 7, $wgMinimalPasswordLength );
772 $digit = mt_rand( 0, $pwlength - 1 );
773 $np = '';
774 for ( $i = 0; $i < $pwlength; $i++ ) {
775 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
776 }
777 return $np;
778 }
779
780 /**
781 * Set cached properties to default.
782 *
783 * @note This no longer clears uncached lazy-initialised properties;
784 * the constructor does that instead.
785 * @private
786 */
787 function loadDefaults( $name = false ) {
788 wfProfileIn( __METHOD__ );
789
790 global $wgRequest;
791
792 $this->mId = 0;
793 $this->mName = $name;
794 $this->mRealName = '';
795 $this->mPassword = $this->mNewpassword = '';
796 $this->mNewpassTime = null;
797 $this->mEmail = '';
798 $this->mOptionOverrides = null;
799 $this->mOptionsLoaded = false;
800
801 if( $wgRequest->getCookie( 'LoggedOut' ) !== null ) {
802 $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie( 'LoggedOut' ) );
803 } else {
804 $this->mTouched = '0'; # Allow any pages to be cached
805 }
806
807 $this->setToken(); # Random
808 $this->mEmailAuthenticated = null;
809 $this->mEmailToken = '';
810 $this->mEmailTokenExpires = null;
811 $this->mRegistration = wfTimestamp( TS_MW );
812 $this->mGroups = array();
813
814 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
815
816 wfProfileOut( __METHOD__ );
817 }
818
819 /**
820 * @deprecated Use wfSetupSession().
821 */
822 function SetupSession() {
823 wfDeprecated( __METHOD__ );
824 wfSetupSession();
825 }
826
827 /**
828 * Load user data from the session or login cookie. If there are no valid
829 * credentials, initialises the user as an anonymous user.
830 * @return \bool True if the user is logged in, false otherwise.
831 */
832 private function loadFromSession() {
833 global $wgRequest, $wgExternalAuthType, $wgAutocreatePolicy;
834
835 $result = null;
836 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
837 if ( $result !== null ) {
838 return $result;
839 }
840
841 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
842 $extUser = ExternalUser::newFromCookie();
843 if ( $extUser ) {
844 # TODO: Automatically create the user here (or probably a bit
845 # lower down, in fact)
846 }
847 }
848
849 if ( $wgRequest->getCookie( 'UserID' ) !== null ) {
850 $sId = intval( $wgRequest->getCookie( 'UserID' ) );
851 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
852 $this->loadDefaults(); // Possible collision!
853 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
854 cookie user ID ($sId) don't match!" );
855 return false;
856 }
857 $_SESSION['wsUserID'] = $sId;
858 } else if ( isset( $_SESSION['wsUserID'] ) ) {
859 if ( $_SESSION['wsUserID'] != 0 ) {
860 $sId = $_SESSION['wsUserID'];
861 } else {
862 $this->loadDefaults();
863 return false;
864 }
865 } else {
866 $this->loadDefaults();
867 return false;
868 }
869
870 if ( isset( $_SESSION['wsUserName'] ) ) {
871 $sName = $_SESSION['wsUserName'];
872 } else if ( $wgRequest->getCookie('UserName') !== null ) {
873 $sName = $wgRequest->getCookie('UserName');
874 $_SESSION['wsUserName'] = $sName;
875 } else {
876 $this->loadDefaults();
877 return false;
878 }
879
880 $this->mId = $sId;
881 if ( !$this->loadFromId() ) {
882 # Not a valid ID, loadFromId has switched the object to anon for us
883 return false;
884 }
885
886 global $wgBlockDisablesLogin;
887 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
888 # User blocked and we've disabled blocked user logins
889 $this->loadDefaults();
890 return false;
891 }
892
893 if ( isset( $_SESSION['wsToken'] ) ) {
894 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
895 $from = 'session';
896 } else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
897 $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
898 $from = 'cookie';
899 } else {
900 # No session or persistent login cookie
901 $this->loadDefaults();
902 return false;
903 }
904
905 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
906 $_SESSION['wsToken'] = $this->mToken;
907 wfDebug( "User: logged in from $from\n" );
908 return true;
909 } else {
910 # Invalid credentials
911 wfDebug( "User: can't log in from $from, invalid credentials\n" );
912 $this->loadDefaults();
913 return false;
914 }
915 }
916
917 /**
918 * Load user and user_group data from the database.
919 * $this::mId must be set, this is how the user is identified.
920 *
921 * @return \bool True if the user exists, false if the user is anonymous
922 * @private
923 */
924 function loadFromDatabase() {
925 # Paranoia
926 $this->mId = intval( $this->mId );
927
928 /** Anonymous user */
929 if( !$this->mId ) {
930 $this->loadDefaults();
931 return false;
932 }
933
934 $dbr = wfGetDB( DB_MASTER );
935 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
936
937 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
938
939 if ( $s !== false ) {
940 # Initialise user table data
941 $this->loadFromRow( $s );
942 $this->mGroups = null; // deferred
943 $this->getEditCount(); // revalidation for nulls
944 return true;
945 } else {
946 # Invalid user_id
947 $this->mId = 0;
948 $this->loadDefaults();
949 return false;
950 }
951 }
952
953 /**
954 * Initialize this object from a row from the user table.
955 *
956 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
957 */
958 function loadFromRow( $row ) {
959 $this->mDataLoaded = true;
960
961 if ( isset( $row->user_id ) ) {
962 $this->mId = intval( $row->user_id );
963 }
964 $this->mName = $row->user_name;
965 $this->mRealName = $row->user_real_name;
966 $this->mPassword = $row->user_password;
967 $this->mNewpassword = $row->user_newpassword;
968 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
969 $this->mEmail = $row->user_email;
970 $this->decodeOptions( $row->user_options );
971 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
972 $this->mToken = $row->user_token;
973 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
974 $this->mEmailToken = $row->user_email_token;
975 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
976 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
977 $this->mEditCount = $row->user_editcount;
978 }
979
980 /**
981 * Load the groups from the database if they aren't already loaded.
982 * @private
983 */
984 function loadGroups() {
985 if ( is_null( $this->mGroups ) ) {
986 $dbr = wfGetDB( DB_MASTER );
987 $res = $dbr->select( 'user_groups',
988 array( 'ug_group' ),
989 array( 'ug_user' => $this->mId ),
990 __METHOD__ );
991 $this->mGroups = array();
992 foreach ( $res as $row ) {
993 $this->mGroups[] = $row->ug_group;
994 }
995 }
996 }
997
998 /**
999 * Clear various cached data stored in this object.
1000 * @param $reloadFrom \string Reload user and user_groups table data from a
1001 * given source. May be "name", "id", "defaults", "session", or false for
1002 * no reload.
1003 */
1004 function clearInstanceCache( $reloadFrom = false ) {
1005 $this->mNewtalk = -1;
1006 $this->mDatePreference = null;
1007 $this->mBlockedby = -1; # Unset
1008 $this->mHash = false;
1009 $this->mSkin = null;
1010 $this->mRights = null;
1011 $this->mEffectiveGroups = null;
1012 $this->mOptions = null;
1013
1014 if ( $reloadFrom ) {
1015 $this->mDataLoaded = false;
1016 $this->mFrom = $reloadFrom;
1017 }
1018 }
1019
1020 /**
1021 * Combine the language default options with any site-specific options
1022 * and add the default language variants.
1023 *
1024 * @return \type{\arrayof{\string}} Array of options
1025 */
1026 static function getDefaultOptions() {
1027 global $wgNamespacesToBeSearchedDefault;
1028 /**
1029 * Site defaults will override the global/language defaults
1030 */
1031 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1032 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1033
1034 /**
1035 * default language setting
1036 */
1037 $variant = $wgContLang->getDefaultVariant();
1038 $defOpt['variant'] = $variant;
1039 $defOpt['language'] = $variant;
1040 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1041 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1042 }
1043 $defOpt['skin'] = $wgDefaultSkin;
1044
1045 return $defOpt;
1046 }
1047
1048 /**
1049 * Get a given default option value.
1050 *
1051 * @param $opt \string Name of option to retrieve
1052 * @return \string Default option value
1053 */
1054 public static function getDefaultOption( $opt ) {
1055 $defOpts = self::getDefaultOptions();
1056 if( isset( $defOpts[$opt] ) ) {
1057 return $defOpts[$opt];
1058 } else {
1059 return null;
1060 }
1061 }
1062
1063
1064 /**
1065 * Get blocking information
1066 * @private
1067 * @param $bFromSlave \bool Whether to check the slave database first. To
1068 * improve performance, non-critical checks are done
1069 * against slaves. Check when actually saving should be
1070 * done against master.
1071 */
1072 function getBlockedStatus( $bFromSlave = true ) {
1073 global $wgProxyWhitelist, $wgUser;
1074
1075 if ( -1 != $this->mBlockedby ) {
1076 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1077 return;
1078 }
1079
1080 wfProfileIn( __METHOD__ );
1081 wfDebug( __METHOD__.": checking...\n" );
1082
1083 // Initialize data...
1084 // Otherwise something ends up stomping on $this->mBlockedby when
1085 // things get lazy-loaded later, causing false positive block hits
1086 // due to -1 !== 0. Probably session-related... Nothing should be
1087 // overwriting mBlockedby, surely?
1088 $this->load();
1089
1090 $this->mBlockedby = 0;
1091 $this->mHideName = 0;
1092 $this->mAllowUsertalk = 0;
1093
1094 # Check if we are looking at an IP or a logged-in user
1095 if ( $this->isIP( $this->getName() ) ) {
1096 $ip = $this->getName();
1097 } else {
1098 # Check if we are looking at the current user
1099 # If we don't, and the user is logged in, we don't know about
1100 # his IP / autoblock status, so ignore autoblock of current user's IP
1101 if ( $this->getID() != $wgUser->getID() ) {
1102 $ip = '';
1103 } else {
1104 # Get IP of current user
1105 $ip = wfGetIP();
1106 }
1107 }
1108
1109 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1110 # Exempt from all types of IP-block
1111 $ip = '';
1112 }
1113
1114 # User/IP blocking
1115 $this->mBlock = new Block();
1116 $this->mBlock->fromMaster( !$bFromSlave );
1117 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1118 wfDebug( __METHOD__ . ": Found block.\n" );
1119 $this->mBlockedby = $this->mBlock->mBy;
1120 if( $this->mBlockedby == 0 )
1121 $this->mBlockedby = $this->mBlock->mByName;
1122 $this->mBlockreason = $this->mBlock->mReason;
1123 $this->mHideName = $this->mBlock->mHideName;
1124 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1125 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1126 $this->spreadBlock();
1127 }
1128 } else {
1129 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1130 // apply to users. Note that the existence of $this->mBlock is not used to
1131 // check for edit blocks, $this->mBlockedby is instead.
1132 }
1133
1134 # Proxy blocking
1135 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1136 # Local list
1137 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1138 $this->mBlockedby = wfMsg( 'proxyblocker' );
1139 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1140 }
1141
1142 # DNSBL
1143 if ( !$this->mBlockedby && !$this->getID() ) {
1144 if ( $this->isDnsBlacklisted( $ip ) ) {
1145 $this->mBlockedby = wfMsg( 'sorbs' );
1146 $this->mBlockreason = wfMsg( 'sorbsreason' );
1147 }
1148 }
1149 }
1150
1151 # Extensions
1152 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1153
1154 wfProfileOut( __METHOD__ );
1155 }
1156
1157 /**
1158 * Whether the given IP is in a DNS blacklist.
1159 *
1160 * @param $ip \string IP to check
1161 * @param $checkWhitelist Boolean: whether to check the whitelist first
1162 * @return \bool True if blacklisted.
1163 */
1164 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1165 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1166 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1167
1168 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1169 return false;
1170
1171 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1172 return false;
1173
1174 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1175 return $this->inDnsBlacklist( $ip, $urls );
1176 }
1177
1178 /**
1179 * Whether the given IP is in a given DNS blacklist.
1180 *
1181 * @param $ip \string IP to check
1182 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1183 * @return \bool True if blacklisted.
1184 */
1185 function inDnsBlacklist( $ip, $bases ) {
1186 wfProfileIn( __METHOD__ );
1187
1188 $found = false;
1189 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1190 if( IP::isIPv4( $ip ) ) {
1191 # Reverse IP, bug 21255
1192 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1193
1194 foreach( (array)$bases as $base ) {
1195 # Make hostname
1196 $host = "$ipReversed.$base";
1197
1198 # Send query
1199 $ipList = gethostbynamel( $host );
1200
1201 if( $ipList ) {
1202 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1203 $found = true;
1204 break;
1205 } else {
1206 wfDebug( "Requested $host, not found in $base.\n" );
1207 }
1208 }
1209 }
1210
1211 wfProfileOut( __METHOD__ );
1212 return $found;
1213 }
1214
1215 /**
1216 * Is this user subject to rate limiting?
1217 *
1218 * @return \bool True if rate limited
1219 */
1220 public function isPingLimitable() {
1221 global $wgRateLimitsExcludedGroups;
1222 global $wgRateLimitsExcludedIPs;
1223 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1224 // Deprecated, but kept for backwards-compatibility config
1225 return false;
1226 }
1227 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1228 // No other good way currently to disable rate limits
1229 // for specific IPs. :P
1230 // But this is a crappy hack and should die.
1231 return false;
1232 }
1233 return !$this->isAllowed('noratelimit');
1234 }
1235
1236 /**
1237 * Primitive rate limits: enforce maximum actions per time period
1238 * to put a brake on flooding.
1239 *
1240 * @note When using a shared cache like memcached, IP-address
1241 * last-hit counters will be shared across wikis.
1242 *
1243 * @param $action \string Action to enforce; 'edit' if unspecified
1244 * @return \bool True if a rate limiter was tripped
1245 */
1246 function pingLimiter( $action = 'edit' ) {
1247 # Call the 'PingLimiter' hook
1248 $result = false;
1249 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1250 return $result;
1251 }
1252
1253 global $wgRateLimits;
1254 if( !isset( $wgRateLimits[$action] ) ) {
1255 return false;
1256 }
1257
1258 # Some groups shouldn't trigger the ping limiter, ever
1259 if( !$this->isPingLimitable() )
1260 return false;
1261
1262 global $wgMemc, $wgRateLimitLog;
1263 wfProfileIn( __METHOD__ );
1264
1265 $limits = $wgRateLimits[$action];
1266 $keys = array();
1267 $id = $this->getId();
1268 $ip = wfGetIP();
1269 $userLimit = false;
1270
1271 if( isset( $limits['anon'] ) && $id == 0 ) {
1272 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1273 }
1274
1275 if( isset( $limits['user'] ) && $id != 0 ) {
1276 $userLimit = $limits['user'];
1277 }
1278 if( $this->isNewbie() ) {
1279 if( isset( $limits['newbie'] ) && $id != 0 ) {
1280 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1281 }
1282 if( isset( $limits['ip'] ) ) {
1283 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1284 }
1285 $matches = array();
1286 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1287 $subnet = $matches[1];
1288 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1289 }
1290 }
1291 // Check for group-specific permissions
1292 // If more than one group applies, use the group with the highest limit
1293 foreach ( $this->getGroups() as $group ) {
1294 if ( isset( $limits[$group] ) ) {
1295 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1296 $userLimit = $limits[$group];
1297 }
1298 }
1299 }
1300 // Set the user limit key
1301 if ( $userLimit !== false ) {
1302 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1303 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1304 }
1305
1306 $triggered = false;
1307 foreach( $keys as $key => $limit ) {
1308 list( $max, $period ) = $limit;
1309 $summary = "(limit $max in {$period}s)";
1310 $count = $wgMemc->get( $key );
1311 // Already pinged?
1312 if( $count ) {
1313 if( $count > $max ) {
1314 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1315 if( $wgRateLimitLog ) {
1316 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1317 }
1318 $triggered = true;
1319 } else {
1320 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1321 }
1322 } else {
1323 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1324 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1325 }
1326 $wgMemc->incr( $key );
1327 }
1328
1329 wfProfileOut( __METHOD__ );
1330 return $triggered;
1331 }
1332
1333 /**
1334 * Check if user is blocked
1335 *
1336 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1337 * @return \bool True if blocked, false otherwise
1338 */
1339 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1340 wfDebug( "User::isBlocked: enter\n" );
1341 $this->getBlockedStatus( $bFromSlave );
1342 return $this->mBlockedby !== 0;
1343 }
1344
1345 /**
1346 * Check if user is blocked from editing a particular article
1347 *
1348 * @param $title \string Title to check
1349 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1350 * @return \bool True if blocked, false otherwise
1351 */
1352 function isBlockedFrom( $title, $bFromSlave = false ) {
1353 global $wgBlockAllowsUTEdit;
1354 wfProfileIn( __METHOD__ );
1355 wfDebug( __METHOD__ . ": enter\n" );
1356
1357 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1358 $blocked = $this->isBlocked( $bFromSlave );
1359 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1360 # If a user's name is suppressed, they cannot make edits anywhere
1361 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1362 $title->getNamespace() == NS_USER_TALK ) {
1363 $blocked = false;
1364 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1365 }
1366
1367 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1368
1369 wfProfileOut( __METHOD__ );
1370 return $blocked;
1371 }
1372
1373 /**
1374 * If user is blocked, return the name of the user who placed the block
1375 * @return \string name of blocker
1376 */
1377 function blockedBy() {
1378 $this->getBlockedStatus();
1379 return $this->mBlockedby;
1380 }
1381
1382 /**
1383 * If user is blocked, return the specified reason for the block
1384 * @return \string Blocking reason
1385 */
1386 function blockedFor() {
1387 $this->getBlockedStatus();
1388 return $this->mBlockreason;
1389 }
1390
1391 /**
1392 * If user is blocked, return the ID for the block
1393 * @return \int Block ID
1394 */
1395 function getBlockId() {
1396 $this->getBlockedStatus();
1397 return ( $this->mBlock ? $this->mBlock->mId : false );
1398 }
1399
1400 /**
1401 * Check if user is blocked on all wikis.
1402 * Do not use for actual edit permission checks!
1403 * This is intented for quick UI checks.
1404 *
1405 * @param $ip \type{\string} IP address, uses current client if none given
1406 * @return \type{\bool} True if blocked, false otherwise
1407 */
1408 function isBlockedGlobally( $ip = '' ) {
1409 if( $this->mBlockedGlobally !== null ) {
1410 return $this->mBlockedGlobally;
1411 }
1412 // User is already an IP?
1413 if( IP::isIPAddress( $this->getName() ) ) {
1414 $ip = $this->getName();
1415 } else if( !$ip ) {
1416 $ip = wfGetIP();
1417 }
1418 $blocked = false;
1419 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1420 $this->mBlockedGlobally = (bool)$blocked;
1421 return $this->mBlockedGlobally;
1422 }
1423
1424 /**
1425 * Check if user account is locked
1426 *
1427 * @return \type{\bool} True if locked, false otherwise
1428 */
1429 function isLocked() {
1430 if( $this->mLocked !== null ) {
1431 return $this->mLocked;
1432 }
1433 global $wgAuth;
1434 $authUser = $wgAuth->getUserInstance( $this );
1435 $this->mLocked = (bool)$authUser->isLocked();
1436 return $this->mLocked;
1437 }
1438
1439 /**
1440 * Check if user account is hidden
1441 *
1442 * @return \type{\bool} True if hidden, false otherwise
1443 */
1444 function isHidden() {
1445 if( $this->mHideName !== null ) {
1446 return $this->mHideName;
1447 }
1448 $this->getBlockedStatus();
1449 if( !$this->mHideName ) {
1450 global $wgAuth;
1451 $authUser = $wgAuth->getUserInstance( $this );
1452 $this->mHideName = (bool)$authUser->isHidden();
1453 }
1454 return $this->mHideName;
1455 }
1456
1457 /**
1458 * Get the user's ID.
1459 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1460 */
1461 function getId() {
1462 if( $this->mId === null and $this->mName !== null
1463 and User::isIP( $this->mName ) ) {
1464 // Special case, we know the user is anonymous
1465 return 0;
1466 } elseif( $this->mId === null ) {
1467 // Don't load if this was initialized from an ID
1468 $this->load();
1469 }
1470 return $this->mId;
1471 }
1472
1473 /**
1474 * Set the user and reload all fields according to a given ID
1475 * @param $v \int User ID to reload
1476 */
1477 function setId( $v ) {
1478 $this->mId = $v;
1479 $this->clearInstanceCache( 'id' );
1480 }
1481
1482 /**
1483 * Get the user name, or the IP of an anonymous user
1484 * @return \string User's name or IP address
1485 */
1486 function getName() {
1487 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1488 # Special case optimisation
1489 return $this->mName;
1490 } else {
1491 $this->load();
1492 if ( $this->mName === false ) {
1493 # Clean up IPs
1494 $this->mName = IP::sanitizeIP( wfGetIP() );
1495 }
1496 return $this->mName;
1497 }
1498 }
1499
1500 /**
1501 * Set the user name.
1502 *
1503 * This does not reload fields from the database according to the given
1504 * name. Rather, it is used to create a temporary "nonexistent user" for
1505 * later addition to the database. It can also be used to set the IP
1506 * address for an anonymous user to something other than the current
1507 * remote IP.
1508 *
1509 * @note User::newFromName() has rougly the same function, when the named user
1510 * does not exist.
1511 * @param $str \string New user name to set
1512 */
1513 function setName( $str ) {
1514 $this->load();
1515 $this->mName = $str;
1516 }
1517
1518 /**
1519 * Get the user's name escaped by underscores.
1520 * @return \string Username escaped by underscores.
1521 */
1522 function getTitleKey() {
1523 return str_replace( ' ', '_', $this->getName() );
1524 }
1525
1526 /**
1527 * Check if the user has new messages.
1528 * @return \bool True if the user has new messages
1529 */
1530 function getNewtalk() {
1531 $this->load();
1532
1533 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1534 if( $this->mNewtalk === -1 ) {
1535 $this->mNewtalk = false; # reset talk page status
1536
1537 # Check memcached separately for anons, who have no
1538 # entire User object stored in there.
1539 if( !$this->mId ) {
1540 global $wgMemc;
1541 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1542 $newtalk = $wgMemc->get( $key );
1543 if( strval( $newtalk ) !== '' ) {
1544 $this->mNewtalk = (bool)$newtalk;
1545 } else {
1546 // Since we are caching this, make sure it is up to date by getting it
1547 // from the master
1548 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1549 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1550 }
1551 } else {
1552 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1553 }
1554 }
1555
1556 return (bool)$this->mNewtalk;
1557 }
1558
1559 /**
1560 * Return the talk page(s) this user has new messages on.
1561 * @return \type{\arrayof{\string}} Array of page URLs
1562 */
1563 function getNewMessageLinks() {
1564 $talks = array();
1565 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1566 return $talks;
1567
1568 if( !$this->getNewtalk() )
1569 return array();
1570 $up = $this->getUserPage();
1571 $utp = $up->getTalkPage();
1572 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1573 }
1574
1575 /**
1576 * Internal uncached check for new messages
1577 *
1578 * @see getNewtalk()
1579 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1580 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1581 * @param $fromMaster \bool true to fetch from the master, false for a slave
1582 * @return \bool True if the user has new messages
1583 * @private
1584 */
1585 function checkNewtalk( $field, $id, $fromMaster = false ) {
1586 if ( $fromMaster ) {
1587 $db = wfGetDB( DB_MASTER );
1588 } else {
1589 $db = wfGetDB( DB_SLAVE );
1590 }
1591 $ok = $db->selectField( 'user_newtalk', $field,
1592 array( $field => $id ), __METHOD__ );
1593 return $ok !== false;
1594 }
1595
1596 /**
1597 * Add or update the new messages flag
1598 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1599 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1600 * @return \bool True if successful, false otherwise
1601 * @private
1602 */
1603 function updateNewtalk( $field, $id ) {
1604 $dbw = wfGetDB( DB_MASTER );
1605 $dbw->insert( 'user_newtalk',
1606 array( $field => $id ),
1607 __METHOD__,
1608 'IGNORE' );
1609 if ( $dbw->affectedRows() ) {
1610 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1611 return true;
1612 } else {
1613 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1614 return false;
1615 }
1616 }
1617
1618 /**
1619 * Clear the new messages flag for the given user
1620 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1621 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1622 * @return \bool True if successful, false otherwise
1623 * @private
1624 */
1625 function deleteNewtalk( $field, $id ) {
1626 $dbw = wfGetDB( DB_MASTER );
1627 $dbw->delete( 'user_newtalk',
1628 array( $field => $id ),
1629 __METHOD__ );
1630 if ( $dbw->affectedRows() ) {
1631 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1632 return true;
1633 } else {
1634 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1635 return false;
1636 }
1637 }
1638
1639 /**
1640 * Update the 'You have new messages!' status.
1641 * @param $val \bool Whether the user has new messages
1642 */
1643 function setNewtalk( $val ) {
1644 if( wfReadOnly() ) {
1645 return;
1646 }
1647
1648 $this->load();
1649 $this->mNewtalk = $val;
1650
1651 if( $this->isAnon() ) {
1652 $field = 'user_ip';
1653 $id = $this->getName();
1654 } else {
1655 $field = 'user_id';
1656 $id = $this->getId();
1657 }
1658 global $wgMemc;
1659
1660 if( $val ) {
1661 $changed = $this->updateNewtalk( $field, $id );
1662 } else {
1663 $changed = $this->deleteNewtalk( $field, $id );
1664 }
1665
1666 if( $this->isAnon() ) {
1667 // Anons have a separate memcached space, since
1668 // user records aren't kept for them.
1669 $key = wfMemcKey( 'newtalk', 'ip', $id );
1670 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1671 }
1672 if ( $changed ) {
1673 $this->invalidateCache();
1674 }
1675 }
1676
1677 /**
1678 * Generate a current or new-future timestamp to be stored in the
1679 * user_touched field when we update things.
1680 * @return \string Timestamp in TS_MW format
1681 */
1682 private static function newTouchedTimestamp() {
1683 global $wgClockSkewFudge;
1684 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1685 }
1686
1687 /**
1688 * Clear user data from memcached.
1689 * Use after applying fun updates to the database; caller's
1690 * responsibility to update user_touched if appropriate.
1691 *
1692 * Called implicitly from invalidateCache() and saveSettings().
1693 */
1694 private function clearSharedCache() {
1695 $this->load();
1696 if( $this->mId ) {
1697 global $wgMemc;
1698 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1699 }
1700 }
1701
1702 /**
1703 * Immediately touch the user data cache for this account.
1704 * Updates user_touched field, and removes account data from memcached
1705 * for reload on the next hit.
1706 */
1707 function invalidateCache() {
1708 if( wfReadOnly() ) {
1709 return;
1710 }
1711 $this->load();
1712 if( $this->mId ) {
1713 $this->mTouched = self::newTouchedTimestamp();
1714
1715 $dbw = wfGetDB( DB_MASTER );
1716 $dbw->update( 'user',
1717 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1718 array( 'user_id' => $this->mId ),
1719 __METHOD__ );
1720
1721 $this->clearSharedCache();
1722 }
1723 }
1724
1725 /**
1726 * Validate the cache for this account.
1727 * @param $timestamp \string A timestamp in TS_MW format
1728 */
1729 function validateCache( $timestamp ) {
1730 $this->load();
1731 return ( $timestamp >= $this->mTouched );
1732 }
1733
1734 /**
1735 * Get the user touched timestamp
1736 */
1737 function getTouched() {
1738 $this->load();
1739 return $this->mTouched;
1740 }
1741
1742 /**
1743 * Set the password and reset the random token.
1744 * Calls through to authentication plugin if necessary;
1745 * will have no effect if the auth plugin refuses to
1746 * pass the change through or if the legal password
1747 * checks fail.
1748 *
1749 * As a special case, setting the password to null
1750 * wipes it, so the account cannot be logged in until
1751 * a new password is set, for instance via e-mail.
1752 *
1753 * @param $str \string New password to set
1754 * @throws PasswordError on failure
1755 */
1756 function setPassword( $str ) {
1757 global $wgAuth;
1758
1759 if( $str !== null ) {
1760 if( !$wgAuth->allowPasswordChange() ) {
1761 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1762 }
1763
1764 if( !$this->isValidPassword( $str ) ) {
1765 global $wgMinimalPasswordLength;
1766 $valid = $this->getPasswordValidity( $str );
1767 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1768 $wgMinimalPasswordLength ) );
1769 }
1770 }
1771
1772 if( !$wgAuth->setPassword( $this, $str ) ) {
1773 throw new PasswordError( wfMsg( 'externaldberror' ) );
1774 }
1775
1776 $this->setInternalPassword( $str );
1777
1778 return true;
1779 }
1780
1781 /**
1782 * Set the password and reset the random token unconditionally.
1783 *
1784 * @param $str \string New password to set
1785 */
1786 function setInternalPassword( $str ) {
1787 $this->load();
1788 $this->setToken();
1789
1790 if( $str === null ) {
1791 // Save an invalid hash...
1792 $this->mPassword = '';
1793 } else {
1794 $this->mPassword = self::crypt( $str );
1795 }
1796 $this->mNewpassword = '';
1797 $this->mNewpassTime = null;
1798 }
1799
1800 /**
1801 * Get the user's current token.
1802 * @return \string Token
1803 */
1804 function getToken() {
1805 $this->load();
1806 return $this->mToken;
1807 }
1808
1809 /**
1810 * Set the random token (used for persistent authentication)
1811 * Called from loadDefaults() among other places.
1812 *
1813 * @param $token \string If specified, set the token to this value
1814 * @private
1815 */
1816 function setToken( $token = false ) {
1817 global $wgSecretKey, $wgProxyKey;
1818 $this->load();
1819 if ( !$token ) {
1820 if ( $wgSecretKey ) {
1821 $key = $wgSecretKey;
1822 } elseif ( $wgProxyKey ) {
1823 $key = $wgProxyKey;
1824 } else {
1825 $key = microtime();
1826 }
1827 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1828 } else {
1829 $this->mToken = $token;
1830 }
1831 }
1832
1833 /**
1834 * Set the cookie password
1835 *
1836 * @param $str \string New cookie password
1837 * @private
1838 */
1839 function setCookiePassword( $str ) {
1840 $this->load();
1841 $this->mCookiePassword = md5( $str );
1842 }
1843
1844 /**
1845 * Set the password for a password reminder or new account email
1846 *
1847 * @param $str \string New password to set
1848 * @param $throttle \bool If true, reset the throttle timestamp to the present
1849 */
1850 function setNewpassword( $str, $throttle = true ) {
1851 $this->load();
1852 $this->mNewpassword = self::crypt( $str );
1853 if ( $throttle ) {
1854 $this->mNewpassTime = wfTimestampNow();
1855 }
1856 }
1857
1858 /**
1859 * Has password reminder email been sent within the last
1860 * $wgPasswordReminderResendTime hours?
1861 * @return \bool True or false
1862 */
1863 function isPasswordReminderThrottled() {
1864 global $wgPasswordReminderResendTime;
1865 $this->load();
1866 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1867 return false;
1868 }
1869 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1870 return time() < $expiry;
1871 }
1872
1873 /**
1874 * Get the user's e-mail address
1875 * @return \string User's email address
1876 */
1877 function getEmail() {
1878 $this->load();
1879 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1880 return $this->mEmail;
1881 }
1882
1883 /**
1884 * Get the timestamp of the user's e-mail authentication
1885 * @return \string TS_MW timestamp
1886 */
1887 function getEmailAuthenticationTimestamp() {
1888 $this->load();
1889 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1890 return $this->mEmailAuthenticated;
1891 }
1892
1893 /**
1894 * Set the user's e-mail address
1895 * @param $str \string New e-mail address
1896 */
1897 function setEmail( $str ) {
1898 $this->load();
1899 $this->mEmail = $str;
1900 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1901 }
1902
1903 /**
1904 * Get the user's real name
1905 * @return \string User's real name
1906 */
1907 function getRealName() {
1908 $this->load();
1909 return $this->mRealName;
1910 }
1911
1912 /**
1913 * Set the user's real name
1914 * @param $str \string New real name
1915 */
1916 function setRealName( $str ) {
1917 $this->load();
1918 $this->mRealName = $str;
1919 }
1920
1921 /**
1922 * Get the user's current setting for a given option.
1923 *
1924 * @param $oname \string The option to check
1925 * @param $defaultOverride \string A default value returned if the option does not exist
1926 * @return \string User's current value for the option
1927 * @see getBoolOption()
1928 * @see getIntOption()
1929 */
1930 function getOption( $oname, $defaultOverride = null ) {
1931 $this->loadOptions();
1932
1933 if ( is_null( $this->mOptions ) ) {
1934 if($defaultOverride != '') {
1935 return $defaultOverride;
1936 }
1937 $this->mOptions = User::getDefaultOptions();
1938 }
1939
1940 if ( array_key_exists( $oname, $this->mOptions ) ) {
1941 return $this->mOptions[$oname];
1942 } else {
1943 return $defaultOverride;
1944 }
1945 }
1946
1947 /**
1948 * Get all user's options
1949 *
1950 * @return array
1951 */
1952 public function getOptions() {
1953 $this->loadOptions();
1954 return $this->mOptions;
1955 }
1956
1957 /**
1958 * Get the user's current setting for a given option, as a boolean value.
1959 *
1960 * @param $oname \string The option to check
1961 * @return \bool User's current value for the option
1962 * @see getOption()
1963 */
1964 function getBoolOption( $oname ) {
1965 return (bool)$this->getOption( $oname );
1966 }
1967
1968
1969 /**
1970 * Get the user's current setting for a given option, as a boolean value.
1971 *
1972 * @param $oname \string The option to check
1973 * @param $defaultOverride \int A default value returned if the option does not exist
1974 * @return \int User's current value for the option
1975 * @see getOption()
1976 */
1977 function getIntOption( $oname, $defaultOverride=0 ) {
1978 $val = $this->getOption( $oname );
1979 if( $val == '' ) {
1980 $val = $defaultOverride;
1981 }
1982 return intval( $val );
1983 }
1984
1985 /**
1986 * Set the given option for a user.
1987 *
1988 * @param $oname \string The option to set
1989 * @param $val \mixed New value to set
1990 */
1991 function setOption( $oname, $val ) {
1992 $this->load();
1993 $this->loadOptions();
1994
1995 if ( $oname == 'skin' ) {
1996 # Clear cached skin, so the new one displays immediately in Special:Preferences
1997 $this->mSkin = null;
1998 }
1999
2000 // Explicitly NULL values should refer to defaults
2001 global $wgDefaultUserOptions;
2002 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2003 $val = $wgDefaultUserOptions[$oname];
2004 }
2005
2006 $this->mOptions[$oname] = $val;
2007 }
2008
2009 /**
2010 * Reset all options to the site defaults
2011 */
2012 function resetOptions() {
2013 $this->mOptions = User::getDefaultOptions();
2014 }
2015
2016 /**
2017 * Get the user's preferred date format.
2018 * @return \string User's preferred date format
2019 */
2020 function getDatePreference() {
2021 // Important migration for old data rows
2022 if ( is_null( $this->mDatePreference ) ) {
2023 global $wgLang;
2024 $value = $this->getOption( 'date' );
2025 $map = $wgLang->getDatePreferenceMigrationMap();
2026 if ( isset( $map[$value] ) ) {
2027 $value = $map[$value];
2028 }
2029 $this->mDatePreference = $value;
2030 }
2031 return $this->mDatePreference;
2032 }
2033
2034 /**
2035 * Get the user preferred stub threshold
2036 */
2037 function getStubThreshold() {
2038 global $wgMaxArticleSize; # Maximum article size, in Kb
2039 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2040 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2041 # If they have set an impossible value, disable the preference
2042 # so we can use the parser cache again.
2043 $threshold = 0;
2044 }
2045 return $threshold;
2046 }
2047
2048 /**
2049 * Get the permissions this user has.
2050 * @return \type{\arrayof{\string}} Array of permission names
2051 */
2052 function getRights() {
2053 if ( is_null( $this->mRights ) ) {
2054 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2055 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2056 // Force reindexation of rights when a hook has unset one of them
2057 $this->mRights = array_values( $this->mRights );
2058 }
2059 return $this->mRights;
2060 }
2061
2062 /**
2063 * Get the list of explicit group memberships this user has.
2064 * The implicit * and user groups are not included.
2065 * @return \type{\arrayof{\string}} Array of internal group names
2066 */
2067 function getGroups() {
2068 $this->load();
2069 return $this->mGroups;
2070 }
2071
2072 /**
2073 * Get the list of implicit group memberships this user has.
2074 * This includes all explicit groups, plus 'user' if logged in,
2075 * '*' for all accounts and autopromoted groups
2076 * @param $recache \bool Whether to avoid the cache
2077 * @return \type{\arrayof{\string}} Array of internal group names
2078 */
2079 function getEffectiveGroups( $recache = false ) {
2080 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2081 wfProfileIn( __METHOD__ );
2082 $this->mEffectiveGroups = $this->getGroups();
2083 $this->mEffectiveGroups[] = '*';
2084 if( $this->getId() ) {
2085 $this->mEffectiveGroups[] = 'user';
2086
2087 $this->mEffectiveGroups = array_unique( array_merge(
2088 $this->mEffectiveGroups,
2089 Autopromote::getAutopromoteGroups( $this )
2090 ) );
2091
2092 # Hook for additional groups
2093 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2094 }
2095 wfProfileOut( __METHOD__ );
2096 }
2097 return $this->mEffectiveGroups;
2098 }
2099
2100 /**
2101 * Get the user's edit count.
2102 * @return \int User'e edit count
2103 */
2104 function getEditCount() {
2105 if( $this->getId() ) {
2106 if ( !isset( $this->mEditCount ) ) {
2107 /* Populate the count, if it has not been populated yet */
2108 $this->mEditCount = User::edits( $this->mId );
2109 }
2110 return $this->mEditCount;
2111 } else {
2112 /* nil */
2113 return null;
2114 }
2115 }
2116
2117 /**
2118 * Add the user to the given group.
2119 * This takes immediate effect.
2120 * @param $group \string Name of the group to add
2121 */
2122 function addGroup( $group ) {
2123 $dbw = wfGetDB( DB_MASTER );
2124 if( $this->getId() ) {
2125 $dbw->insert( 'user_groups',
2126 array(
2127 'ug_user' => $this->getID(),
2128 'ug_group' => $group,
2129 ),
2130 __METHOD__,
2131 array( 'IGNORE' ) );
2132 }
2133
2134 $this->loadGroups();
2135 $this->mGroups[] = $group;
2136 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2137
2138 $this->invalidateCache();
2139 }
2140
2141 /**
2142 * Remove the user from the given group.
2143 * This takes immediate effect.
2144 * @param $group \string Name of the group to remove
2145 */
2146 function removeGroup( $group ) {
2147 $this->load();
2148 $dbw = wfGetDB( DB_MASTER );
2149 $dbw->delete( 'user_groups',
2150 array(
2151 'ug_user' => $this->getID(),
2152 'ug_group' => $group,
2153 ), __METHOD__ );
2154
2155 $this->loadGroups();
2156 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2157 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2158
2159 $this->invalidateCache();
2160 }
2161
2162 /**
2163 * Get whether the user is logged in
2164 * @return \bool True or false
2165 */
2166 function isLoggedIn() {
2167 return $this->getID() != 0;
2168 }
2169
2170 /**
2171 * Get whether the user is anonymous
2172 * @return \bool True or false
2173 */
2174 function isAnon() {
2175 return !$this->isLoggedIn();
2176 }
2177
2178 /**
2179 * Get whether the user is a bot
2180 * @return \bool True or false
2181 * @deprecated
2182 */
2183 function isBot() {
2184 wfDeprecated( __METHOD__ );
2185 return $this->isAllowed( 'bot' );
2186 }
2187
2188 /**
2189 * Check if user is allowed to access a feature / make an action
2190 * @param $action \string action to be checked
2191 * @return Boolean: True if action is allowed, else false
2192 */
2193 function isAllowed( $action = '' ) {
2194 if ( $action === '' ) {
2195 return true; // In the spirit of DWIM
2196 }
2197 # Patrolling may not be enabled
2198 if( $action === 'patrol' || $action === 'autopatrol' ) {
2199 global $wgUseRCPatrol, $wgUseNPPatrol;
2200 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2201 return false;
2202 }
2203 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2204 # by misconfiguration: 0 == 'foo'
2205 return in_array( $action, $this->getRights(), true );
2206 }
2207
2208 /**
2209 * Check whether to enable recent changes patrol features for this user
2210 * @return Boolean: True or false
2211 */
2212 public function useRCPatrol() {
2213 global $wgUseRCPatrol;
2214 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2215 }
2216
2217 /**
2218 * Check whether to enable new pages patrol features for this user
2219 * @return \bool True or false
2220 */
2221 public function useNPPatrol() {
2222 global $wgUseRCPatrol, $wgUseNPPatrol;
2223 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2224 }
2225
2226 /**
2227 * Get the current skin, loading it if required, and setting a title
2228 * @param $t Title: the title to use in the skin
2229 * @return Skin The current skin
2230 * @todo FIXME : need to check the old failback system [AV]
2231 */
2232 function getSkin( $t = null ) {
2233 if ( $t ) {
2234 $skin = $this->createSkinObject();
2235 $skin->setTitle( $t );
2236 return $skin;
2237 } else {
2238 if ( !$this->mSkin ) {
2239 $this->mSkin = $this->createSkinObject();
2240 }
2241
2242 if ( !$this->mSkin->getTitle() ) {
2243 global $wgOut;
2244 $t = $wgOut->getTitle();
2245 $this->mSkin->setTitle($t);
2246 }
2247
2248 return $this->mSkin;
2249 }
2250 }
2251
2252 // Creates a Skin object, for getSkin()
2253 private function createSkinObject() {
2254 wfProfileIn( __METHOD__ );
2255
2256 global $wgHiddenPrefs;
2257 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2258 global $wgRequest;
2259 # get the user skin
2260 $userSkin = $this->getOption( 'skin' );
2261 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2262 } else {
2263 # if we're not allowing users to override, then use the default
2264 global $wgDefaultSkin;
2265 $userSkin = $wgDefaultSkin;
2266 }
2267
2268 $skin = Skin::newFromKey( $userSkin );
2269 wfProfileOut( __METHOD__ );
2270
2271 return $skin;
2272 }
2273
2274 /**
2275 * Check the watched status of an article.
2276 * @param $title \type{Title} Title of the article to look at
2277 * @return \bool True if article is watched
2278 */
2279 function isWatched( $title ) {
2280 $wl = WatchedItem::fromUserTitle( $this, $title );
2281 return $wl->isWatched();
2282 }
2283
2284 /**
2285 * Watch an article.
2286 * @param $title \type{Title} Title of the article to look at
2287 */
2288 function addWatch( $title ) {
2289 $wl = WatchedItem::fromUserTitle( $this, $title );
2290 $wl->addWatch();
2291 $this->invalidateCache();
2292 }
2293
2294 /**
2295 * Stop watching an article.
2296 * @param $title \type{Title} Title of the article to look at
2297 */
2298 function removeWatch( $title ) {
2299 $wl = WatchedItem::fromUserTitle( $this, $title );
2300 $wl->removeWatch();
2301 $this->invalidateCache();
2302 }
2303
2304 /**
2305 * Clear the user's notification timestamp for the given title.
2306 * If e-notif e-mails are on, they will receive notification mails on
2307 * the next change of the page if it's watched etc.
2308 * @param $title \type{Title} Title of the article to look at
2309 */
2310 function clearNotification( &$title ) {
2311 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2312
2313 # Do nothing if the database is locked to writes
2314 if( wfReadOnly() ) {
2315 return;
2316 }
2317
2318 if( $title->getNamespace() == NS_USER_TALK &&
2319 $title->getText() == $this->getName() ) {
2320 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2321 return;
2322 $this->setNewtalk( false );
2323 }
2324
2325 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2326 return;
2327 }
2328
2329 if( $this->isAnon() ) {
2330 // Nothing else to do...
2331 return;
2332 }
2333
2334 // Only update the timestamp if the page is being watched.
2335 // The query to find out if it is watched is cached both in memcached and per-invocation,
2336 // and when it does have to be executed, it can be on a slave
2337 // If this is the user's newtalk page, we always update the timestamp
2338 if( $title->getNamespace() == NS_USER_TALK &&
2339 $title->getText() == $wgUser->getName() )
2340 {
2341 $watched = true;
2342 } elseif ( $this->getId() == $wgUser->getId() ) {
2343 $watched = $title->userIsWatching();
2344 } else {
2345 $watched = true;
2346 }
2347
2348 // If the page is watched by the user (or may be watched), update the timestamp on any
2349 // any matching rows
2350 if ( $watched ) {
2351 $dbw = wfGetDB( DB_MASTER );
2352 $dbw->update( 'watchlist',
2353 array( /* SET */
2354 'wl_notificationtimestamp' => null
2355 ), array( /* WHERE */
2356 'wl_title' => $title->getDBkey(),
2357 'wl_namespace' => $title->getNamespace(),
2358 'wl_user' => $this->getID()
2359 ), __METHOD__
2360 );
2361 }
2362 }
2363
2364 /**
2365 * Resets all of the given user's page-change notification timestamps.
2366 * If e-notif e-mails are on, they will receive notification mails on
2367 * the next change of any watched page.
2368 *
2369 * @param $currentUser \int User ID
2370 */
2371 function clearAllNotifications( $currentUser ) {
2372 global $wgUseEnotif, $wgShowUpdatedMarker;
2373 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2374 $this->setNewtalk( false );
2375 return;
2376 }
2377 if( $currentUser != 0 ) {
2378 $dbw = wfGetDB( DB_MASTER );
2379 $dbw->update( 'watchlist',
2380 array( /* SET */
2381 'wl_notificationtimestamp' => null
2382 ), array( /* WHERE */
2383 'wl_user' => $currentUser
2384 ), __METHOD__
2385 );
2386 # We also need to clear here the "you have new message" notification for the own user_talk page
2387 # This is cleared one page view later in Article::viewUpdates();
2388 }
2389 }
2390
2391 /**
2392 * Set this user's options from an encoded string
2393 * @param $str \string Encoded options to import
2394 * @private
2395 */
2396 function decodeOptions( $str ) {
2397 if( !$str )
2398 return;
2399
2400 $this->mOptionsLoaded = true;
2401 $this->mOptionOverrides = array();
2402
2403 // If an option is not set in $str, use the default value
2404 $this->mOptions = self::getDefaultOptions();
2405
2406 $a = explode( "\n", $str );
2407 foreach ( $a as $s ) {
2408 $m = array();
2409 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2410 $this->mOptions[$m[1]] = $m[2];
2411 $this->mOptionOverrides[$m[1]] = $m[2];
2412 }
2413 }
2414 }
2415
2416 /**
2417 * Set a cookie on the user's client. Wrapper for
2418 * WebResponse::setCookie
2419 * @param $name \string Name of the cookie to set
2420 * @param $value \string Value to set
2421 * @param $exp \int Expiration time, as a UNIX time value;
2422 * if 0 or not specified, use the default $wgCookieExpiration
2423 */
2424 protected function setCookie( $name, $value, $exp = 0 ) {
2425 global $wgRequest;
2426 $wgRequest->response()->setcookie( $name, $value, $exp );
2427 }
2428
2429 /**
2430 * Clear a cookie on the user's client
2431 * @param $name \string Name of the cookie to clear
2432 */
2433 protected function clearCookie( $name ) {
2434 $this->setCookie( $name, '', time() - 86400 );
2435 }
2436
2437 /**
2438 * Set the default cookies for this session on the user's client.
2439 */
2440 function setCookies() {
2441 $this->load();
2442 if ( 0 == $this->mId ) return;
2443 $session = array(
2444 'wsUserID' => $this->mId,
2445 'wsToken' => $this->mToken,
2446 'wsUserName' => $this->getName()
2447 );
2448 $cookies = array(
2449 'UserID' => $this->mId,
2450 'UserName' => $this->getName(),
2451 );
2452 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2453 $cookies['Token'] = $this->mToken;
2454 } else {
2455 $cookies['Token'] = false;
2456 }
2457
2458 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2459 #check for null, since the hook could cause a null value
2460 if ( !is_null( $session ) && isset( $_SESSION ) ){
2461 $_SESSION = $session + $_SESSION;
2462 }
2463 foreach ( $cookies as $name => $value ) {
2464 if ( $value === false ) {
2465 $this->clearCookie( $name );
2466 } else {
2467 $this->setCookie( $name, $value );
2468 }
2469 }
2470 }
2471
2472 /**
2473 * Log this user out.
2474 */
2475 function logout() {
2476 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2477 $this->doLogout();
2478 }
2479 }
2480
2481 /**
2482 * Clear the user's cookies and session, and reset the instance cache.
2483 * @private
2484 * @see logout()
2485 */
2486 function doLogout() {
2487 $this->clearInstanceCache( 'defaults' );
2488
2489 $_SESSION['wsUserID'] = 0;
2490
2491 $this->clearCookie( 'UserID' );
2492 $this->clearCookie( 'Token' );
2493
2494 # Remember when user logged out, to prevent seeing cached pages
2495 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2496 }
2497
2498 /**
2499 * Save this user's settings into the database.
2500 * @todo Only rarely do all these fields need to be set!
2501 */
2502 function saveSettings() {
2503 $this->load();
2504 if ( wfReadOnly() ) { return; }
2505 if ( 0 == $this->mId ) { return; }
2506
2507 $this->mTouched = self::newTouchedTimestamp();
2508
2509 $dbw = wfGetDB( DB_MASTER );
2510 $dbw->update( 'user',
2511 array( /* SET */
2512 'user_name' => $this->mName,
2513 'user_password' => $this->mPassword,
2514 'user_newpassword' => $this->mNewpassword,
2515 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2516 'user_real_name' => $this->mRealName,
2517 'user_email' => $this->mEmail,
2518 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2519 'user_options' => '',
2520 'user_touched' => $dbw->timestamp( $this->mTouched ),
2521 'user_token' => $this->mToken,
2522 'user_email_token' => $this->mEmailToken,
2523 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2524 ), array( /* WHERE */
2525 'user_id' => $this->mId
2526 ), __METHOD__
2527 );
2528
2529 $this->saveOptions();
2530
2531 wfRunHooks( 'UserSaveSettings', array( $this ) );
2532 $this->clearSharedCache();
2533 $this->getUserPage()->invalidateCache();
2534 }
2535
2536 /**
2537 * If only this user's username is known, and it exists, return the user ID.
2538 */
2539 function idForName() {
2540 $s = trim( $this->getName() );
2541 if ( $s === '' ) return 0;
2542
2543 $dbr = wfGetDB( DB_SLAVE );
2544 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2545 if ( $id === false ) {
2546 $id = 0;
2547 }
2548 return $id;
2549 }
2550
2551 /**
2552 * Add a user to the database, return the user object
2553 *
2554 * @param $name \string Username to add
2555 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2556 * - password The user's password. Password logins will be disabled if this is omitted.
2557 * - newpassword A temporary password mailed to the user
2558 * - email The user's email address
2559 * - email_authenticated The email authentication timestamp
2560 * - real_name The user's real name
2561 * - options An associative array of non-default options
2562 * - token Random authentication token. Do not set.
2563 * - registration Registration timestamp. Do not set.
2564 *
2565 * @return \type{User} A new User object, or null if the username already exists
2566 */
2567 static function createNew( $name, $params = array() ) {
2568 $user = new User;
2569 $user->load();
2570 if ( isset( $params['options'] ) ) {
2571 $user->mOptions = $params['options'] + (array)$user->mOptions;
2572 unset( $params['options'] );
2573 }
2574 $dbw = wfGetDB( DB_MASTER );
2575 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2576 $fields = array(
2577 'user_id' => $seqVal,
2578 'user_name' => $name,
2579 'user_password' => $user->mPassword,
2580 'user_newpassword' => $user->mNewpassword,
2581 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2582 'user_email' => $user->mEmail,
2583 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2584 'user_real_name' => $user->mRealName,
2585 'user_options' => '',
2586 'user_token' => $user->mToken,
2587 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2588 'user_editcount' => 0,
2589 );
2590 foreach ( $params as $name => $value ) {
2591 $fields["user_$name"] = $value;
2592 }
2593 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2594 if ( $dbw->affectedRows() ) {
2595 $newUser = User::newFromId( $dbw->insertId() );
2596 } else {
2597 $newUser = null;
2598 }
2599 return $newUser;
2600 }
2601
2602 /**
2603 * Add this existing user object to the database
2604 */
2605 function addToDatabase() {
2606 $this->load();
2607 $dbw = wfGetDB( DB_MASTER );
2608 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2609 $dbw->insert( 'user',
2610 array(
2611 'user_id' => $seqVal,
2612 'user_name' => $this->mName,
2613 'user_password' => $this->mPassword,
2614 'user_newpassword' => $this->mNewpassword,
2615 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2616 'user_email' => $this->mEmail,
2617 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2618 'user_real_name' => $this->mRealName,
2619 'user_options' => '',
2620 'user_token' => $this->mToken,
2621 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2622 'user_editcount' => 0,
2623 ), __METHOD__
2624 );
2625 $this->mId = $dbw->insertId();
2626
2627 // Clear instance cache other than user table data, which is already accurate
2628 $this->clearInstanceCache();
2629
2630 $this->saveOptions();
2631 }
2632
2633 /**
2634 * If this (non-anonymous) user is blocked, block any IP address
2635 * they've successfully logged in from.
2636 */
2637 function spreadBlock() {
2638 wfDebug( __METHOD__ . "()\n" );
2639 $this->load();
2640 if ( $this->mId == 0 ) {
2641 return;
2642 }
2643
2644 $userblock = Block::newFromDB( '', $this->mId );
2645 if ( !$userblock ) {
2646 return;
2647 }
2648
2649 $userblock->doAutoblock( wfGetIP() );
2650 }
2651
2652 /**
2653 * Generate a string which will be different for any combination of
2654 * user options which would produce different parser output.
2655 * This will be used as part of the hash key for the parser cache,
2656 * so users with the same options can share the same cached data
2657 * safely.
2658 *
2659 * Extensions which require it should install 'PageRenderingHash' hook,
2660 * which will give them a chance to modify this key based on their own
2661 * settings.
2662 *
2663 * @deprecated use the ParserOptions object to get the relevant options
2664 * @return \string Page rendering hash
2665 */
2666 function getPageRenderingHash() {
2667 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2668 if( $this->mHash ){
2669 return $this->mHash;
2670 }
2671 wfDeprecated( __METHOD__ );
2672
2673 // stubthreshold is only included below for completeness,
2674 // since it disables the parser cache, its value will always
2675 // be 0 when this function is called by parsercache.
2676
2677 $confstr = $this->getOption( 'math' );
2678 $confstr .= '!' . $this->getStubThreshold();
2679 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2680 $confstr .= '!' . $this->getDatePreference();
2681 }
2682 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2683 $confstr .= '!' . $wgLang->getCode();
2684 $confstr .= '!' . $this->getOption( 'thumbsize' );
2685 // add in language specific options, if any
2686 $extra = $wgContLang->getExtraHashOptions();
2687 $confstr .= $extra;
2688
2689 // Since the skin could be overloading link(), it should be
2690 // included here but in practice, none of our skins do that.
2691
2692 $confstr .= $wgRenderHashAppend;
2693
2694 // Give a chance for extensions to modify the hash, if they have
2695 // extra options or other effects on the parser cache.
2696 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2697
2698 // Make it a valid memcached key fragment
2699 $confstr = str_replace( ' ', '_', $confstr );
2700 $this->mHash = $confstr;
2701 return $confstr;
2702 }
2703
2704 /**
2705 * Get whether the user is explicitly blocked from account creation.
2706 * @return \bool True if blocked
2707 */
2708 function isBlockedFromCreateAccount() {
2709 $this->getBlockedStatus();
2710 return $this->mBlock && $this->mBlock->mCreateAccount;
2711 }
2712
2713 /**
2714 * Get whether the user is blocked from using Special:Emailuser.
2715 * @return Boolean: True if blocked
2716 */
2717 function isBlockedFromEmailuser() {
2718 $this->getBlockedStatus();
2719 return $this->mBlock && $this->mBlock->mBlockEmail;
2720 }
2721
2722 /**
2723 * Get whether the user is allowed to create an account.
2724 * @return Boolean: True if allowed
2725 */
2726 function isAllowedToCreateAccount() {
2727 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2728 }
2729
2730 /**
2731 * Get this user's personal page title.
2732 *
2733 * @return Title: User's personal page title
2734 */
2735 function getUserPage() {
2736 return Title::makeTitle( NS_USER, $this->getName() );
2737 }
2738
2739 /**
2740 * Get this user's talk page title.
2741 *
2742 * @return Title: User's talk page title
2743 */
2744 function getTalkPage() {
2745 $title = $this->getUserPage();
2746 return $title->getTalkPage();
2747 }
2748
2749 /**
2750 * Get the maximum valid user ID.
2751 * @return Integer: User ID
2752 * @static
2753 */
2754 function getMaxID() {
2755 static $res; // cache
2756
2757 if ( isset( $res ) ) {
2758 return $res;
2759 } else {
2760 $dbr = wfGetDB( DB_SLAVE );
2761 return $res = $dbr->selectField( 'user', 'max(user_id)', false, __METHOD__ );
2762 }
2763 }
2764
2765 /**
2766 * Determine whether the user is a newbie. Newbies are either
2767 * anonymous IPs, or the most recently created accounts.
2768 * @return Boolean: True if the user is a newbie
2769 */
2770 function isNewbie() {
2771 return !$this->isAllowed( 'autoconfirmed' );
2772 }
2773
2774 /**
2775 * Check to see if the given clear-text password is one of the accepted passwords
2776 * @param $password String: user password.
2777 * @return Boolean: True if the given password is correct, otherwise False.
2778 */
2779 function checkPassword( $password ) {
2780 global $wgAuth;
2781 $this->load();
2782
2783 // Even though we stop people from creating passwords that
2784 // are shorter than this, doesn't mean people wont be able
2785 // to. Certain authentication plugins do NOT want to save
2786 // domain passwords in a mysql database, so we should
2787 // check this (incase $wgAuth->strict() is false).
2788 if( !$this->isValidPassword( $password ) ) {
2789 return false;
2790 }
2791
2792 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2793 return true;
2794 } elseif( $wgAuth->strict() ) {
2795 /* Auth plugin doesn't allow local authentication */
2796 return false;
2797 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2798 /* Auth plugin doesn't allow local authentication for this user name */
2799 return false;
2800 }
2801 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2802 return true;
2803 } elseif ( function_exists( 'iconv' ) ) {
2804 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2805 # Check for this with iconv
2806 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2807 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2808 return true;
2809 }
2810 }
2811 return false;
2812 }
2813
2814 /**
2815 * Check if the given clear-text password matches the temporary password
2816 * sent by e-mail for password reset operations.
2817 * @return Boolean: True if matches, false otherwise
2818 */
2819 function checkTemporaryPassword( $plaintext ) {
2820 global $wgNewPasswordExpiry;
2821 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2822 $this->load();
2823 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2824 return ( time() < $expiry );
2825 } else {
2826 return false;
2827 }
2828 }
2829
2830 /**
2831 * Initialize (if necessary) and return a session token value
2832 * which can be used in edit forms to show that the user's
2833 * login credentials aren't being hijacked with a foreign form
2834 * submission.
2835 *
2836 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2837 * @return \string The new edit token
2838 */
2839 function editToken( $salt = '' ) {
2840 if ( $this->isAnon() ) {
2841 return EDIT_TOKEN_SUFFIX;
2842 } else {
2843 if( !isset( $_SESSION['wsEditToken'] ) ) {
2844 $token = self::generateToken();
2845 $_SESSION['wsEditToken'] = $token;
2846 } else {
2847 $token = $_SESSION['wsEditToken'];
2848 }
2849 if( is_array( $salt ) ) {
2850 $salt = implode( '|', $salt );
2851 }
2852 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2853 }
2854 }
2855
2856 /**
2857 * Generate a looking random token for various uses.
2858 *
2859 * @param $salt \string Optional salt value
2860 * @return \string The new random token
2861 */
2862 public static function generateToken( $salt = '' ) {
2863 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2864 return md5( $token . $salt );
2865 }
2866
2867 /**
2868 * Check given value against the token value stored in the session.
2869 * A match should confirm that the form was submitted from the
2870 * user's own login session, not a form submission from a third-party
2871 * site.
2872 *
2873 * @param $val \string Input value to compare
2874 * @param $salt \string Optional function-specific data for hashing
2875 * @return Boolean: Whether the token matches
2876 */
2877 function matchEditToken( $val, $salt = '' ) {
2878 $sessionToken = $this->editToken( $salt );
2879 if ( $val != $sessionToken ) {
2880 wfDebug( "User::matchEditToken: broken session data\n" );
2881 }
2882 return $val == $sessionToken;
2883 }
2884
2885 /**
2886 * Check given value against the token value stored in the session,
2887 * ignoring the suffix.
2888 *
2889 * @param $val \string Input value to compare
2890 * @param $salt \string Optional function-specific data for hashing
2891 * @return Boolean: Whether the token matches
2892 */
2893 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2894 $sessionToken = $this->editToken( $salt );
2895 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2896 }
2897
2898 /**
2899 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2900 * mail to the user's given address.
2901 *
2902 * @param $changed Boolean: whether the adress changed
2903 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2904 */
2905 function sendConfirmationMail( $changed = false ) {
2906 global $wgLang;
2907 $expiration = null; // gets passed-by-ref and defined in next line.
2908 $token = $this->confirmationToken( $expiration );
2909 $url = $this->confirmationTokenUrl( $token );
2910 $invalidateURL = $this->invalidationTokenUrl( $token );
2911 $this->saveSettings();
2912
2913 $message = $changed ? 'confirmemail_body_changed' : 'confirmemail_body';
2914 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2915 wfMsg( $message,
2916 wfGetIP(),
2917 $this->getName(),
2918 $url,
2919 $wgLang->timeanddate( $expiration, false ),
2920 $invalidateURL,
2921 $wgLang->date( $expiration, false ),
2922 $wgLang->time( $expiration, false ) ) );
2923 }
2924
2925 /**
2926 * Send an e-mail to this user's account. Does not check for
2927 * confirmed status or validity.
2928 *
2929 * @param $subject \string Message subject
2930 * @param $body \string Message body
2931 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2932 * @param $replyto \string Reply-To address
2933 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2934 */
2935 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2936 if( is_null( $from ) ) {
2937 global $wgPasswordSender, $wgPasswordSenderName;
2938 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
2939 } else {
2940 $sender = new MailAddress( $from );
2941 }
2942
2943 $to = new MailAddress( $this );
2944 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2945 }
2946
2947 /**
2948 * Generate, store, and return a new e-mail confirmation code.
2949 * A hash (unsalted, since it's used as a key) is stored.
2950 *
2951 * @note Call saveSettings() after calling this function to commit
2952 * this change to the database.
2953 *
2954 * @param[out] &$expiration \mixed Accepts the expiration time
2955 * @return \string New token
2956 * @private
2957 */
2958 function confirmationToken( &$expiration ) {
2959 $now = time();
2960 $expires = $now + 7 * 24 * 60 * 60;
2961 $expiration = wfTimestamp( TS_MW, $expires );
2962 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
2963 $hash = md5( $token );
2964 $this->load();
2965 $this->mEmailToken = $hash;
2966 $this->mEmailTokenExpires = $expiration;
2967 return $token;
2968 }
2969
2970 /**
2971 * Return a URL the user can use to confirm their email address.
2972 * @param $token \string Accepts the email confirmation token
2973 * @return \string New token URL
2974 * @private
2975 */
2976 function confirmationTokenUrl( $token ) {
2977 return $this->getTokenUrl( 'ConfirmEmail', $token );
2978 }
2979
2980 /**
2981 * Return a URL the user can use to invalidate their email address.
2982 * @param $token \string Accepts the email confirmation token
2983 * @return \string New token URL
2984 * @private
2985 */
2986 function invalidationTokenUrl( $token ) {
2987 return $this->getTokenUrl( 'Invalidateemail', $token );
2988 }
2989
2990 /**
2991 * Internal function to format the e-mail validation/invalidation URLs.
2992 * This uses $wgArticlePath directly as a quickie hack to use the
2993 * hardcoded English names of the Special: pages, for ASCII safety.
2994 *
2995 * @note Since these URLs get dropped directly into emails, using the
2996 * short English names avoids insanely long URL-encoded links, which
2997 * also sometimes can get corrupted in some browsers/mailers
2998 * (bug 6957 with Gmail and Internet Explorer).
2999 *
3000 * @param $page \string Special page
3001 * @param $token \string Token
3002 * @return \string Formatted URL
3003 */
3004 protected function getTokenUrl( $page, $token ) {
3005 global $wgArticlePath;
3006 return wfExpandUrl(
3007 str_replace(
3008 '$1',
3009 "Special:$page/$token",
3010 $wgArticlePath ) );
3011 }
3012
3013 /**
3014 * Mark the e-mail address confirmed.
3015 *
3016 * @note Call saveSettings() after calling this function to commit the change.
3017 */
3018 function confirmEmail() {
3019 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3020 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3021 return true;
3022 }
3023
3024 /**
3025 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3026 * address if it was already confirmed.
3027 *
3028 * @note Call saveSettings() after calling this function to commit the change.
3029 */
3030 function invalidateEmail() {
3031 $this->load();
3032 $this->mEmailToken = null;
3033 $this->mEmailTokenExpires = null;
3034 $this->setEmailAuthenticationTimestamp( null );
3035 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3036 return true;
3037 }
3038
3039 /**
3040 * Set the e-mail authentication timestamp.
3041 * @param $timestamp \string TS_MW timestamp
3042 */
3043 function setEmailAuthenticationTimestamp( $timestamp ) {
3044 $this->load();
3045 $this->mEmailAuthenticated = $timestamp;
3046 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3047 }
3048
3049 /**
3050 * Is this user allowed to send e-mails within limits of current
3051 * site configuration?
3052 * @return Boolean: True if allowed
3053 */
3054 function canSendEmail() {
3055 global $wgEnableEmail, $wgEnableUserEmail;
3056 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3057 return false;
3058 }
3059 $canSend = $this->isEmailConfirmed();
3060 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3061 return $canSend;
3062 }
3063
3064 /**
3065 * Is this user allowed to receive e-mails within limits of current
3066 * site configuration?
3067 * @return Boolean: True if allowed
3068 */
3069 function canReceiveEmail() {
3070 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3071 }
3072
3073 /**
3074 * Is this user's e-mail address valid-looking and confirmed within
3075 * limits of the current site configuration?
3076 *
3077 * @note If $wgEmailAuthentication is on, this may require the user to have
3078 * confirmed their address by returning a code or using a password
3079 * sent to the address from the wiki.
3080 *
3081 * @return Boolean: True if confirmed
3082 */
3083 function isEmailConfirmed() {
3084 global $wgEmailAuthentication;
3085 $this->load();
3086 $confirmed = true;
3087 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3088 if( $this->isAnon() )
3089 return false;
3090 if( !self::isValidEmailAddr( $this->mEmail ) )
3091 return false;
3092 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3093 return false;
3094 return true;
3095 } else {
3096 return $confirmed;
3097 }
3098 }
3099
3100 /**
3101 * Check whether there is an outstanding request for e-mail confirmation.
3102 * @return Boolean: True if pending
3103 */
3104 function isEmailConfirmationPending() {
3105 global $wgEmailAuthentication;
3106 return $wgEmailAuthentication &&
3107 !$this->isEmailConfirmed() &&
3108 $this->mEmailToken &&
3109 $this->mEmailTokenExpires > wfTimestamp();
3110 }
3111
3112 /**
3113 * Get the timestamp of account creation.
3114 *
3115 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3116 * non-existent/anonymous user accounts.
3117 */
3118 public function getRegistration() {
3119 return $this->getId() > 0
3120 ? $this->mRegistration
3121 : false;
3122 }
3123
3124 /**
3125 * Get the timestamp of the first edit
3126 *
3127 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3128 * non-existent/anonymous user accounts.
3129 */
3130 public function getFirstEditTimestamp() {
3131 if( $this->getId() == 0 ) return false; // anons
3132 $dbr = wfGetDB( DB_SLAVE );
3133 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3134 array( 'rev_user' => $this->getId() ),
3135 __METHOD__,
3136 array( 'ORDER BY' => 'rev_timestamp ASC' )
3137 );
3138 if( !$time ) return false; // no edits
3139 return wfTimestamp( TS_MW, $time );
3140 }
3141
3142 /**
3143 * Get the permissions associated with a given list of groups
3144 *
3145 * @param $groups \type{\arrayof{\string}} List of internal group names
3146 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3147 */
3148 static function getGroupPermissions( $groups ) {
3149 global $wgGroupPermissions, $wgRevokePermissions;
3150 $rights = array();
3151 // grant every granted permission first
3152 foreach( $groups as $group ) {
3153 if( isset( $wgGroupPermissions[$group] ) ) {
3154 $rights = array_merge( $rights,
3155 // array_filter removes empty items
3156 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3157 }
3158 }
3159 // now revoke the revoked permissions
3160 foreach( $groups as $group ) {
3161 if( isset( $wgRevokePermissions[$group] ) ) {
3162 $rights = array_diff( $rights,
3163 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3164 }
3165 }
3166 return array_unique( $rights );
3167 }
3168
3169 /**
3170 * Get all the groups who have a given permission
3171 *
3172 * @param $role \string Role to check
3173 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3174 */
3175 static function getGroupsWithPermission( $role ) {
3176 global $wgGroupPermissions;
3177 $allowedGroups = array();
3178 foreach ( $wgGroupPermissions as $group => $rights ) {
3179 if ( isset( $rights[$role] ) && $rights[$role] ) {
3180 $allowedGroups[] = $group;
3181 }
3182 }
3183 return $allowedGroups;
3184 }
3185
3186 /**
3187 * Get the localized descriptive name for a group, if it exists
3188 *
3189 * @param $group \string Internal group name
3190 * @return \string Localized descriptive group name
3191 */
3192 static function getGroupName( $group ) {
3193 $key = "group-$group";
3194 $name = wfMsg( $key );
3195 return $name == '' || wfEmptyMsg( $key, $name )
3196 ? $group
3197 : $name;
3198 }
3199
3200 /**
3201 * Get the localized descriptive name for a member of a group, if it exists
3202 *
3203 * @param $group \string Internal group name
3204 * @return \string Localized name for group member
3205 */
3206 static function getGroupMember( $group ) {
3207 $key = "group-$group-member";
3208 $name = wfMsg( $key );
3209 return $name == '' || wfEmptyMsg( $key, $name )
3210 ? $group
3211 : $name;
3212 }
3213
3214 /**
3215 * Return the set of defined explicit groups.
3216 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3217 * are not included, as they are defined automatically, not in the database.
3218 * @return \type{\arrayof{\string}} Array of internal group names
3219 */
3220 static function getAllGroups() {
3221 global $wgGroupPermissions, $wgRevokePermissions;
3222 return array_diff(
3223 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3224 self::getImplicitGroups()
3225 );
3226 }
3227
3228 /**
3229 * Get a list of all available permissions.
3230 * @return \type{\arrayof{\string}} Array of permission names
3231 */
3232 static function getAllRights() {
3233 if ( self::$mAllRights === false ) {
3234 global $wgAvailableRights;
3235 if ( count( $wgAvailableRights ) ) {
3236 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3237 } else {
3238 self::$mAllRights = self::$mCoreRights;
3239 }
3240 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3241 }
3242 return self::$mAllRights;
3243 }
3244
3245 /**
3246 * Get a list of implicit groups
3247 * @return \type{\arrayof{\string}} Array of internal group names
3248 */
3249 public static function getImplicitGroups() {
3250 global $wgImplicitGroups;
3251 $groups = $wgImplicitGroups;
3252 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3253 return $groups;
3254 }
3255
3256 /**
3257 * Get the title of a page describing a particular group
3258 *
3259 * @param $group \string Internal group name
3260 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3261 */
3262 static function getGroupPage( $group ) {
3263 $page = wfMsgForContent( 'grouppage-' . $group );
3264 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3265 $title = Title::newFromText( $page );
3266 if( is_object( $title ) )
3267 return $title;
3268 }
3269 return false;
3270 }
3271
3272 /**
3273 * Create a link to the group in HTML, if available;
3274 * else return the group name.
3275 *
3276 * @param $group \string Internal name of the group
3277 * @param $text \string The text of the link
3278 * @return \string HTML link to the group
3279 */
3280 static function makeGroupLinkHTML( $group, $text = '' ) {
3281 if( $text == '' ) {
3282 $text = self::getGroupName( $group );
3283 }
3284 $title = self::getGroupPage( $group );
3285 if( $title ) {
3286 global $wgUser;
3287 $sk = $wgUser->getSkin();
3288 return $sk->link( $title, htmlspecialchars( $text ) );
3289 } else {
3290 return $text;
3291 }
3292 }
3293
3294 /**
3295 * Create a link to the group in Wikitext, if available;
3296 * else return the group name.
3297 *
3298 * @param $group \string Internal name of the group
3299 * @param $text \string The text of the link
3300 * @return \string Wikilink to the group
3301 */
3302 static function makeGroupLinkWiki( $group, $text = '' ) {
3303 if( $text == '' ) {
3304 $text = self::getGroupName( $group );
3305 }
3306 $title = self::getGroupPage( $group );
3307 if( $title ) {
3308 $page = $title->getPrefixedText();
3309 return "[[$page|$text]]";
3310 } else {
3311 return $text;
3312 }
3313 }
3314
3315 /**
3316 * Returns an array of the groups that a particular group can add/remove.
3317 *
3318 * @param $group String: the group to check for whether it can add/remove
3319 * @return Array array( 'add' => array( addablegroups ),
3320 * 'remove' => array( removablegroups ),
3321 * 'add-self' => array( addablegroups to self),
3322 * 'remove-self' => array( removable groups from self) )
3323 */
3324 static function changeableByGroup( $group ) {
3325 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3326
3327 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3328 if( empty( $wgAddGroups[$group] ) ) {
3329 // Don't add anything to $groups
3330 } elseif( $wgAddGroups[$group] === true ) {
3331 // You get everything
3332 $groups['add'] = self::getAllGroups();
3333 } elseif( is_array( $wgAddGroups[$group] ) ) {
3334 $groups['add'] = $wgAddGroups[$group];
3335 }
3336
3337 // Same thing for remove
3338 if( empty( $wgRemoveGroups[$group] ) ) {
3339 } elseif( $wgRemoveGroups[$group] === true ) {
3340 $groups['remove'] = self::getAllGroups();
3341 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3342 $groups['remove'] = $wgRemoveGroups[$group];
3343 }
3344
3345 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3346 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3347 foreach( $wgGroupsAddToSelf as $key => $value ) {
3348 if( is_int( $key ) ) {
3349 $wgGroupsAddToSelf['user'][] = $value;
3350 }
3351 }
3352 }
3353
3354 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3355 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3356 if( is_int( $key ) ) {
3357 $wgGroupsRemoveFromSelf['user'][] = $value;
3358 }
3359 }
3360 }
3361
3362 // Now figure out what groups the user can add to him/herself
3363 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3364 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3365 // No idea WHY this would be used, but it's there
3366 $groups['add-self'] = User::getAllGroups();
3367 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3368 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3369 }
3370
3371 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3372 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3373 $groups['remove-self'] = User::getAllGroups();
3374 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3375 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3376 }
3377
3378 return $groups;
3379 }
3380
3381 /**
3382 * Returns an array of groups that this user can add and remove
3383 * @return Array array( 'add' => array( addablegroups ),
3384 * 'remove' => array( removablegroups ),
3385 * 'add-self' => array( addablegroups to self),
3386 * 'remove-self' => array( removable groups from self) )
3387 */
3388 function changeableGroups() {
3389 if( $this->isAllowed( 'userrights' ) ) {
3390 // This group gives the right to modify everything (reverse-
3391 // compatibility with old "userrights lets you change
3392 // everything")
3393 // Using array_merge to make the groups reindexed
3394 $all = array_merge( User::getAllGroups() );
3395 return array(
3396 'add' => $all,
3397 'remove' => $all,
3398 'add-self' => array(),
3399 'remove-self' => array()
3400 );
3401 }
3402
3403 // Okay, it's not so simple, we will have to go through the arrays
3404 $groups = array(
3405 'add' => array(),
3406 'remove' => array(),
3407 'add-self' => array(),
3408 'remove-self' => array()
3409 );
3410 $addergroups = $this->getEffectiveGroups();
3411
3412 foreach( $addergroups as $addergroup ) {
3413 $groups = array_merge_recursive(
3414 $groups, $this->changeableByGroup( $addergroup )
3415 );
3416 $groups['add'] = array_unique( $groups['add'] );
3417 $groups['remove'] = array_unique( $groups['remove'] );
3418 $groups['add-self'] = array_unique( $groups['add-self'] );
3419 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3420 }
3421 return $groups;
3422 }
3423
3424 /**
3425 * Increment the user's edit-count field.
3426 * Will have no effect for anonymous users.
3427 */
3428 function incEditCount() {
3429 if( !$this->isAnon() ) {
3430 $dbw = wfGetDB( DB_MASTER );
3431 $dbw->update( 'user',
3432 array( 'user_editcount=user_editcount+1' ),
3433 array( 'user_id' => $this->getId() ),
3434 __METHOD__ );
3435
3436 // Lazy initialization check...
3437 if( $dbw->affectedRows() == 0 ) {
3438 // Pull from a slave to be less cruel to servers
3439 // Accuracy isn't the point anyway here
3440 $dbr = wfGetDB( DB_SLAVE );
3441 $count = $dbr->selectField( 'revision',
3442 'COUNT(rev_user)',
3443 array( 'rev_user' => $this->getId() ),
3444 __METHOD__ );
3445
3446 // Now here's a goddamn hack...
3447 if( $dbr !== $dbw ) {
3448 // If we actually have a slave server, the count is
3449 // at least one behind because the current transaction
3450 // has not been committed and replicated.
3451 $count++;
3452 } else {
3453 // But if DB_SLAVE is selecting the master, then the
3454 // count we just read includes the revision that was
3455 // just added in the working transaction.
3456 }
3457
3458 $dbw->update( 'user',
3459 array( 'user_editcount' => $count ),
3460 array( 'user_id' => $this->getId() ),
3461 __METHOD__ );
3462 }
3463 }
3464 // edit count in user cache too
3465 $this->invalidateCache();
3466 }
3467
3468 /**
3469 * Get the description of a given right
3470 *
3471 * @param $right \string Right to query
3472 * @return \string Localized description of the right
3473 */
3474 static function getRightDescription( $right ) {
3475 $key = "right-$right";
3476 $name = wfMsg( $key );
3477 return $name == '' || wfEmptyMsg( $key, $name )
3478 ? $right
3479 : $name;
3480 }
3481
3482 /**
3483 * Make an old-style password hash
3484 *
3485 * @param $password \string Plain-text password
3486 * @param $userId \string User ID
3487 * @return \string Password hash
3488 */
3489 static function oldCrypt( $password, $userId ) {
3490 global $wgPasswordSalt;
3491 if ( $wgPasswordSalt ) {
3492 return md5( $userId . '-' . md5( $password ) );
3493 } else {
3494 return md5( $password );
3495 }
3496 }
3497
3498 /**
3499 * Make a new-style password hash
3500 *
3501 * @param $password \string Plain-text password
3502 * @param $salt \string Optional salt, may be random or the user ID.
3503 * If unspecified or false, will generate one automatically
3504 * @return \string Password hash
3505 */
3506 static function crypt( $password, $salt = false ) {
3507 global $wgPasswordSalt;
3508
3509 $hash = '';
3510 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3511 return $hash;
3512 }
3513
3514 if( $wgPasswordSalt ) {
3515 if ( $salt === false ) {
3516 $salt = substr( wfGenerateToken(), 0, 8 );
3517 }
3518 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3519 } else {
3520 return ':A:' . md5( $password );
3521 }
3522 }
3523
3524 /**
3525 * Compare a password hash with a plain-text password. Requires the user
3526 * ID if there's a chance that the hash is an old-style hash.
3527 *
3528 * @param $hash \string Password hash
3529 * @param $password \string Plain-text password to compare
3530 * @param $userId \string User ID for old-style password salt
3531 * @return Boolean:
3532 */
3533 static function comparePasswords( $hash, $password, $userId = false ) {
3534 $type = substr( $hash, 0, 3 );
3535
3536 $result = false;
3537 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3538 return $result;
3539 }
3540
3541 if ( $type == ':A:' ) {
3542 # Unsalted
3543 return md5( $password ) === substr( $hash, 3 );
3544 } elseif ( $type == ':B:' ) {
3545 # Salted
3546 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3547 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3548 } else {
3549 # Old-style
3550 return self::oldCrypt( $password, $userId ) === $hash;
3551 }
3552 }
3553
3554 /**
3555 * Add a newuser log entry for this user
3556 *
3557 * @param $byEmail Boolean: account made by email?
3558 * @param $reason String: user supplied reason
3559 */
3560 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3561 global $wgUser, $wgContLang, $wgNewUserLog;
3562 if( empty( $wgNewUserLog ) ) {
3563 return true; // disabled
3564 }
3565
3566 if( $this->getName() == $wgUser->getName() ) {
3567 $action = 'create';
3568 } else {
3569 $action = 'create2';
3570 if ( $byEmail ) {
3571 if ( $reason === '' ) {
3572 $reason = wfMsgForContent( 'newuserlog-byemail' );
3573 } else {
3574 $reason = $wgContLang->commaList( array(
3575 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3576 }
3577 }
3578 }
3579 $log = new LogPage( 'newusers' );
3580 $log->addEntry(
3581 $action,
3582 $this->getUserPage(),
3583 $reason,
3584 array( $this->getId() )
3585 );
3586 return true;
3587 }
3588
3589 /**
3590 * Add an autocreate newuser log entry for this user
3591 * Used by things like CentralAuth and perhaps other authplugins.
3592 */
3593 public function addNewUserLogEntryAutoCreate() {
3594 global $wgNewUserLog, $wgLogAutocreatedAccounts;
3595 if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
3596 return true; // disabled
3597 }
3598 $log = new LogPage( 'newusers', false );
3599 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3600 return true;
3601 }
3602
3603 protected function loadOptions() {
3604 $this->load();
3605 if ( $this->mOptionsLoaded || !$this->getId() )
3606 return;
3607
3608 $this->mOptions = self::getDefaultOptions();
3609
3610 // Maybe load from the object
3611 if ( !is_null( $this->mOptionOverrides ) ) {
3612 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3613 foreach( $this->mOptionOverrides as $key => $value ) {
3614 $this->mOptions[$key] = $value;
3615 }
3616 } else {
3617 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3618 // Load from database
3619 $dbr = wfGetDB( DB_SLAVE );
3620
3621 $res = $dbr->select(
3622 'user_properties',
3623 '*',
3624 array( 'up_user' => $this->getId() ),
3625 __METHOD__
3626 );
3627
3628 foreach ( $res as $row ) {
3629 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3630 $this->mOptions[$row->up_property] = $row->up_value;
3631 }
3632 }
3633
3634 $this->mOptionsLoaded = true;
3635
3636 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3637 }
3638
3639 protected function saveOptions() {
3640 global $wgAllowPrefChange;
3641
3642 $extuser = ExternalUser::newFromUser( $this );
3643
3644 $this->loadOptions();
3645 $dbw = wfGetDB( DB_MASTER );
3646
3647 $insert_rows = array();
3648
3649 $saveOptions = $this->mOptions;
3650
3651 // Allow hooks to abort, for instance to save to a global profile.
3652 // Reset options to default state before saving.
3653 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3654 return;
3655
3656 foreach( $saveOptions as $key => $value ) {
3657 # Don't bother storing default values
3658 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3659 !( $value === false || is_null($value) ) ) ||
3660 $value != self::getDefaultOption( $key ) ) {
3661 $insert_rows[] = array(
3662 'up_user' => $this->getId(),
3663 'up_property' => $key,
3664 'up_value' => $value,
3665 );
3666 }
3667 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3668 switch ( $wgAllowPrefChange[$key] ) {
3669 case 'local':
3670 case 'message':
3671 break;
3672 case 'semiglobal':
3673 case 'global':
3674 $extuser->setPref( $key, $value );
3675 }
3676 }
3677 }
3678
3679 $dbw->begin();
3680 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3681 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3682 $dbw->commit();
3683 }
3684
3685 /**
3686 * Provide an array of HTML5 attributes to put on an input element
3687 * intended for the user to enter a new password. This may include
3688 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3689 *
3690 * Do *not* use this when asking the user to enter his current password!
3691 * Regardless of configuration, users may have invalid passwords for whatever
3692 * reason (e.g., they were set before requirements were tightened up).
3693 * Only use it when asking for a new password, like on account creation or
3694 * ResetPass.
3695 *
3696 * Obviously, you still need to do server-side checking.
3697 *
3698 * NOTE: A combination of bugs in various browsers means that this function
3699 * actually just returns array() unconditionally at the moment. May as
3700 * well keep it around for when the browser bugs get fixed, though.
3701 *
3702 * @return array Array of HTML attributes suitable for feeding to
3703 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3704 * That will potentially output invalid XHTML 1.0 Transitional, and will
3705 * get confused by the boolean attribute syntax used.)
3706 */
3707 public static function passwordChangeInputAttribs() {
3708 global $wgMinimalPasswordLength;
3709
3710 if ( $wgMinimalPasswordLength == 0 ) {
3711 return array();
3712 }
3713
3714 # Note that the pattern requirement will always be satisfied if the
3715 # input is empty, so we need required in all cases.
3716 #
3717 # FIXME (bug 23769): This needs to not claim the password is required
3718 # if e-mail confirmation is being used. Since HTML5 input validation
3719 # is b0rked anyway in some browsers, just return nothing. When it's
3720 # re-enabled, fix this code to not output required for e-mail
3721 # registration.
3722 #$ret = array( 'required' );
3723 $ret = array();
3724
3725 # We can't actually do this right now, because Opera 9.6 will print out
3726 # the entered password visibly in its error message! When other
3727 # browsers add support for this attribute, or Opera fixes its support,
3728 # we can add support with a version check to avoid doing this on Opera
3729 # versions where it will be a problem. Reported to Opera as
3730 # DSK-262266, but they don't have a public bug tracker for us to follow.
3731 /*
3732 if ( $wgMinimalPasswordLength > 1 ) {
3733 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3734 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3735 $wgMinimalPasswordLength );
3736 }
3737 */
3738
3739 return $ret;
3740 }
3741
3742 /**
3743 * Format the user message using a hook, a template, or, failing these, a static format.
3744 * @param $subject String the subject of the message
3745 * @param $text String the content of the message
3746 * @param $signature String the signature, if provided.
3747 */
3748 static protected function formatUserMessage( $subject, $text, $signature ) {
3749 if ( wfRunHooks( 'FormatUserMessage',
3750 array( $subject, &$text, $signature ) ) ) {
3751
3752 $signature = empty($signature) ? "~~~~~" : "{$signature} ~~~~~";
3753
3754 $template = Title::newFromText( wfMsgForContent( 'usermessage-template' ) );
3755 if ( !$template
3756 || $template->getNamespace() !== NS_TEMPLATE
3757 || !$template->exists() ) {
3758 $text = "\n== $subject ==\n\n$text\n\n-- $signature";
3759 } else {
3760 $text = '{{'. $template->getText()
3761 . " | subject=$subject | body=$text | signature=$signature }}";
3762 }
3763 }
3764
3765 return $text;
3766 }
3767
3768 /**
3769 * Leave a user a message
3770 * @param $subject String the subject of the message
3771 * @param $text String the message to leave
3772 * @param $signature String Text to leave in the signature
3773 * @param $summary String the summary for this change, defaults to
3774 * "Leave system message."
3775 * @param $editor User The user leaving the message, defaults to
3776 * "{{MediaWiki:usermessage-editor}}"
3777 * @param $flags Int default edit flags
3778 *
3779 * @return boolean true if it was successful
3780 */
3781 public function leaveUserMessage( $subject, $text, $signature = "",
3782 $summary = null, $editor = null, $flags = 0 ) {
3783 if ( !isset( $summary ) ) {
3784 $summary = wfMsgForContent( 'usermessage-summary' );
3785 }
3786
3787 if ( !isset( $editor ) ) {
3788 $editor = User::newFromName( wfMsgForContent( 'usermessage-editor' ) );
3789 if ( !$editor->isLoggedIn() ) {
3790 $editor->addToDatabase();
3791 }
3792 }
3793
3794 $article = new Article( $this->getTalkPage() );
3795 wfRunHooks( 'SetupUserMessageArticle',
3796 array( $this, &$article, $subject, $text, $signature, $summary, $editor ) );
3797
3798
3799 $text = self::formatUserMessage( $subject, $text, $signature );
3800 $flags = $article->checkFlags( $flags );
3801
3802 if ( $flags & EDIT_UPDATE ) {
3803 $text = $article->getContent() . $text;
3804 }
3805
3806 $dbw = wfGetDB( DB_MASTER );
3807 $dbw->begin();
3808
3809 try {
3810 $status = $article->doEdit( $text, $summary, $flags, false, $editor );
3811 } catch ( DBQueryError $e ) {
3812 $status = Status::newFatal("DB Error");
3813 }
3814
3815 if ( $status->isGood() ) {
3816 // Set newtalk with the right user ID
3817 $this->setNewtalk( true );
3818 wfRunHooks( 'AfterUserMessage',
3819 array( $this, $article, $summary, $text, $signature, $summary, $editor ) );
3820 $dbw->commit();
3821 } else {
3822 // The article was concurrently created
3823 wfDebug( __METHOD__ . ": Error ".$status->getWikiText() );
3824 $dbw->rollback();
3825 }
3826
3827 return $status->isGood();
3828 }
3829 }
MediaWiki Core