search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Restored line accidentally removed in r70520
[mediawiki.git] / includes / User.php
blobd376da27a1e69c18e260dfe03cbb0b99c0cedc8b
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44
45 /**
46 * \type{\arrayof{\string}} A list of default user toggles, i.e., boolean user
47 * preferences that are displayed by Special:Preferences as checkboxes.
48 * This list can be extended via the UserToggles hook or by
49 * $wgContLang::getExtraUserToggles().
50 * @showinitializer
51 */
52 public static $mToggles = array(
53 'highlightbroken',
54 'justify',
55 'hideminor',
56 'extendwatchlist',
57 'usenewrc',
58 'numberheadings',
59 'showtoolbar',
60 'editondblclick',
61 'editsection',
62 'editsectiononrightclick',
63 'showtoc',
64 'rememberpassword',
65 'watchcreations',
66 'watchdefault',
67 'watchmoves',
68 'watchdeletion',
69 'previewontop',
70 'previewonfirst',
71 'nocache',
72 'enotifwatchlistpages',
73 'enotifusertalkpages',
74 'enotifminoredits',
75 'enotifrevealaddr',
76 'shownumberswatching',
77 'fancysig',
78 'externaleditor',
79 'externaldiff',
80 'showjumplinks',
81 'uselivepreview',
82 'forceeditsummary',
83 'watchlisthideminor',
84 'watchlisthidebots',
85 'watchlisthideown',
86 'watchlisthideanons',
87 'watchlisthideliu',
88 'ccmeonemails',
89 'diffonly',
90 'showhiddencats',
91 'noconvertlink',
92 'norollbackdiff',
93 );
94
95 /**
96 * \type{\arrayof{\string}} List of member variables which are saved to the
97 * shared cache (memcached). Any operation which changes the
98 * corresponding database fields must call a cache-clearing function.
99 * @showinitializer
100 */
101 static $mCacheVars = array(
102 // user table
103 'mId',
104 'mName',
105 'mRealName',
106 'mPassword',
107 'mNewpassword',
108 'mNewpassTime',
109 'mEmail',
110 'mTouched',
111 'mToken',
112 'mEmailAuthenticated',
113 'mEmailToken',
114 'mEmailTokenExpires',
115 'mRegistration',
116 'mEditCount',
117 // user_group table
118 'mGroups',
119 // user_properties table
120 'mOptionOverrides',
121 );
122
123 /**
124 * \type{\arrayof{\string}} Core rights.
125 * Each of these should have a corresponding message of the form
126 * "right-$right".
127 * @showinitializer
128 */
129 static $mCoreRights = array(
130 'apihighlimits',
131 'autoconfirmed',
132 'autopatrol',
133 'bigdelete',
134 'block',
135 'blockemail',
136 'bot',
137 'browsearchive',
138 'createaccount',
139 'createpage',
140 'createtalk',
141 'delete',
142 'deletedhistory',
143 'deletedtext',
144 'deleterevision',
145 'edit',
146 'editinterface',
147 'editusercssjs',
148 'hideuser',
149 'import',
150 'importupload',
151 'ipblock-exempt',
152 'markbotedits',
153 'minoredit',
154 'move',
155 'movefile',
156 'move-rootuserpages',
157 'move-subpages',
158 'nominornewtalk',
159 'noratelimit',
160 'override-export-depth',
161 'patrol',
162 'protect',
163 'proxyunbannable',
164 'purge',
165 'read',
166 'reupload',
167 'reupload-shared',
168 'rollback',
169 'selenium',
170 'sendemail',
171 'siteadmin',
172 'suppressionlog',
173 'suppressredirect',
174 'suppressrevision',
175 'trackback',
176 'undelete',
177 'unwatchedpages',
178 'upload',
179 'upload_by_url',
180 'userrights',
181 'userrights-interwiki',
182 'writeapi',
183 );
184 /**
185 * \string Cached results of getAllRights()
186 */
187 static $mAllRights = false;
188
189 /** @name Cache variables */
190 //@{
191 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
192 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
193 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
194 //@}
195
196 /**
197 * \bool Whether the cache variables have been loaded.
198 */
199 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
200
201 /**
202 * \string Initialization data source if mDataLoaded==false. May be one of:
203 * - 'defaults' anonymous user initialised from class defaults
204 * - 'name' initialise from mName
205 * - 'id' initialise from mId
206 * - 'session' log in from cookies or session if possible
207 *
208 * Use the User::newFrom*() family of functions to set this.
209 */
210 var $mFrom;
211
212 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
213 //@{
214 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
215 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
216 $mLocked, $mHideName, $mOptions;
217 //@}
218
219 static $idCacheByName = array();
220
221 /**
222 * Lightweight constructor for an anonymous user.
223 * Use the User::newFrom* factory functions for other kinds of users.
224 *
225 * @see newFromName()
226 * @see newFromId()
227 * @see newFromConfirmationCode()
228 * @see newFromSession()
229 * @see newFromRow()
230 */
231 function User() {
232 $this->clearInstanceCache( 'defaults' );
233 }
234
235 /**
236 * Load the user table data for this object from the source given by mFrom.
237 */
238 function load() {
239 if ( $this->mDataLoaded ) {
240 return;
241 }
242 wfProfileIn( __METHOD__ );
243
244 # Set it now to avoid infinite recursion in accessors
245 $this->mDataLoaded = true;
246
247 switch ( $this->mFrom ) {
248 case 'defaults':
249 $this->loadDefaults();
250 break;
251 case 'name':
252 $this->mId = self::idFromName( $this->mName );
253 if ( !$this->mId ) {
254 # Nonexistent user placeholder object
255 $this->loadDefaults( $this->mName );
256 } else {
257 $this->loadFromId();
258 }
259 break;
260 case 'id':
261 $this->loadFromId();
262 break;
263 case 'session':
264 $this->loadFromSession();
265 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
266 break;
267 default:
268 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
269 }
270 wfProfileOut( __METHOD__ );
271 }
272
273 /**
274 * Load user table data, given mId has already been set.
275 * @return \bool false if the ID does not exist, true otherwise
276 * @private
277 */
278 function loadFromId() {
279 global $wgMemc;
280 if ( $this->mId == 0 ) {
281 $this->loadDefaults();
282 return false;
283 }
284
285 # Try cache
286 $key = wfMemcKey( 'user', 'id', $this->mId );
287 $data = $wgMemc->get( $key );
288 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
289 # Object is expired, load from DB
290 $data = false;
291 }
292
293 if ( !$data ) {
294 wfDebug( "Cache miss for user {$this->mId}\n" );
295 # Load from DB
296 if ( !$this->loadFromDatabase() ) {
297 # Can't load from ID, user is anonymous
298 return false;
299 }
300 $this->saveToCache();
301 } else {
302 wfDebug( "Got user {$this->mId} from cache\n" );
303 # Restore from cache
304 foreach ( self::$mCacheVars as $name ) {
305 $this->$name = $data[$name];
306 }
307 }
308 return true;
309 }
310
311 /**
312 * Save user data to the shared cache
313 */
314 function saveToCache() {
315 $this->load();
316 $this->loadGroups();
317 $this->loadOptions();
318 if ( $this->isAnon() ) {
319 // Anonymous users are uncached
320 return;
321 }
322 $data = array();
323 foreach ( self::$mCacheVars as $name ) {
324 $data[$name] = $this->$name;
325 }
326 $data['mVersion'] = MW_USER_VERSION;
327 $key = wfMemcKey( 'user', 'id', $this->mId );
328 global $wgMemc;
329 $wgMemc->set( $key, $data );
330 }
331
332
333 /** @name newFrom*() static factory methods */
334 //@{
335
336 /**
337 * Static factory method for creation from username.
338 *
339 * This is slightly less efficient than newFromId(), so use newFromId() if
340 * you have both an ID and a name handy.
341 *
342 * @param $name \string Username, validated by Title::newFromText()
343 * @param $validate \mixed Validate username. Takes the same parameters as
344 * User::getCanonicalName(), except that true is accepted as an alias
345 * for 'valid', for BC.
346 *
347 * @return \type{User} The User object, or false if the username is invalid
348 * (e.g. if it contains illegal characters or is an IP address). If the
349 * username is not present in the database, the result will be a user object
350 * with a name, zero user ID and default settings.
351 */
352 static function newFromName( $name, $validate = 'valid' ) {
353 if ( $validate === true ) {
354 $validate = 'valid';
355 }
356 $name = self::getCanonicalName( $name, $validate );
357 if ( $name === false ) {
358 return false;
359 } else {
360 # Create unloaded user object
361 $u = new User;
362 $u->mName = $name;
363 $u->mFrom = 'name';
364 return $u;
365 }
366 }
367
368 /**
369 * Static factory method for creation from a given user ID.
370 *
371 * @param $id \int Valid user ID
372 * @return \type{User} The corresponding User object
373 */
374 static function newFromId( $id ) {
375 $u = new User;
376 $u->mId = $id;
377 $u->mFrom = 'id';
378 return $u;
379 }
380
381 /**
382 * Factory method to fetch whichever user has a given email confirmation code.
383 * This code is generated when an account is created or its e-mail address
384 * has changed.
385 *
386 * If the code is invalid or has expired, returns NULL.
387 *
388 * @param $code \string Confirmation code
389 * @return \type{User}
390 */
391 static function newFromConfirmationCode( $code ) {
392 $dbr = wfGetDB( DB_SLAVE );
393 $id = $dbr->selectField( 'user', 'user_id', array(
394 'user_email_token' => md5( $code ),
395 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
396 ) );
397 if( $id !== false ) {
398 return User::newFromId( $id );
399 } else {
400 return null;
401 }
402 }
403
404 /**
405 * Create a new user object using data from session or cookies. If the
406 * login credentials are invalid, the result is an anonymous user.
407 *
408 * @return \type{User}
409 */
410 static function newFromSession() {
411 $user = new User;
412 $user->mFrom = 'session';
413 return $user;
414 }
415
416 /**
417 * Create a new user object from a user row.
418 * The row should have all fields from the user table in it.
419 * @param $row array A row from the user table
420 * @return \type{User}
421 */
422 static function newFromRow( $row ) {
423 $user = new User;
424 $user->loadFromRow( $row );
425 return $user;
426 }
427
428 //@}
429
430
431 /**
432 * Get the username corresponding to a given user ID
433 * @param $id \int User ID
434 * @return \string The corresponding username
435 */
436 static function whoIs( $id ) {
437 $dbr = wfGetDB( DB_SLAVE );
438 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
439 }
440
441 /**
442 * Get the real name of a user given their user ID
443 *
444 * @param $id \int User ID
445 * @return \string The corresponding user's real name
446 */
447 static function whoIsReal( $id ) {
448 $dbr = wfGetDB( DB_SLAVE );
449 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
450 }
451
452 /**
453 * Get database id given a user name
454 * @param $name \string Username
455 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
456 */
457 static function idFromName( $name ) {
458 $nt = Title::makeTitleSafe( NS_USER, $name );
459 if( is_null( $nt ) ) {
460 # Illegal name
461 return null;
462 }
463
464 if ( isset( self::$idCacheByName[$name] ) ) {
465 return self::$idCacheByName[$name];
466 }
467
468 $dbr = wfGetDB( DB_SLAVE );
469 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
470
471 if ( $s === false ) {
472 $result = null;
473 } else {
474 $result = $s->user_id;
475 }
476
477 self::$idCacheByName[$name] = $result;
478
479 if ( count( self::$idCacheByName ) > 1000 ) {
480 self::$idCacheByName = array();
481 }
482
483 return $result;
484 }
485
486 /**
487 * Does the string match an anonymous IPv4 address?
488 *
489 * This function exists for username validation, in order to reject
490 * usernames which are similar in form to IP addresses. Strings such
491 * as 300.300.300.300 will return true because it looks like an IP
492 * address, despite not being strictly valid.
493 *
494 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
495 * address because the usemod software would "cloak" anonymous IP
496 * addresses like this, if we allowed accounts like this to be created
497 * new users could get the old edits of these anonymous users.
498 *
499 * @param $name \string String to match
500 * @return \bool True or false
501 */
502 static function isIP( $name ) {
503 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
504 }
505
506 /**
507 * Is the input a valid username?
508 *
509 * Checks if the input is a valid username, we don't want an empty string,
510 * an IP address, anything that containins slashes (would mess up subpages),
511 * is longer than the maximum allowed username size or doesn't begin with
512 * a capital letter.
513 *
514 * @param $name \string String to match
515 * @return \bool True or false
516 */
517 static function isValidUserName( $name ) {
518 global $wgContLang, $wgMaxNameChars;
519
520 if ( $name == ''
521 || User::isIP( $name )
522 || strpos( $name, '/' ) !== false
523 || strlen( $name ) > $wgMaxNameChars
524 || $name != $wgContLang->ucfirst( $name ) ) {
525 wfDebugLog( 'username', __METHOD__ .
526 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
527 return false;
528 }
529
530 // Ensure that the name can't be misresolved as a different title,
531 // such as with extra namespace keys at the start.
532 $parsed = Title::newFromText( $name );
533 if( is_null( $parsed )
534 || $parsed->getNamespace()
535 || strcmp( $name, $parsed->getPrefixedText() ) ) {
536 wfDebugLog( 'username', __METHOD__ .
537 ": '$name' invalid due to ambiguous prefixes" );
538 return false;
539 }
540
541 // Check an additional blacklist of troublemaker characters.
542 // Should these be merged into the title char list?
543 $unicodeBlacklist = '/[' .
544 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
545 '\x{00a0}' . # non-breaking space
546 '\x{2000}-\x{200f}' . # various whitespace
547 '\x{2028}-\x{202f}' . # breaks and control chars
548 '\x{3000}' . # ideographic space
549 '\x{e000}-\x{f8ff}' . # private use
550 ']/u';
551 if( preg_match( $unicodeBlacklist, $name ) ) {
552 wfDebugLog( 'username', __METHOD__ .
553 ": '$name' invalid due to blacklisted characters" );
554 return false;
555 }
556
557 return true;
558 }
559
560 /**
561 * Usernames which fail to pass this function will be blocked
562 * from user login and new account registrations, but may be used
563 * internally by batch processes.
564 *
565 * If an account already exists in this form, login will be blocked
566 * by a failure to pass this function.
567 *
568 * @param $name \string String to match
569 * @return \bool True or false
570 */
571 static function isUsableName( $name ) {
572 global $wgReservedUsernames;
573 // Must be a valid username, obviously ;)
574 if ( !self::isValidUserName( $name ) ) {
575 return false;
576 }
577
578 static $reservedUsernames = false;
579 if ( !$reservedUsernames ) {
580 $reservedUsernames = $wgReservedUsernames;
581 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
582 }
583
584 // Certain names may be reserved for batch processes.
585 foreach ( $reservedUsernames as $reserved ) {
586 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
587 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
588 }
589 if ( $reserved == $name ) {
590 return false;
591 }
592 }
593 return true;
594 }
595
596 /**
597 * Usernames which fail to pass this function will be blocked
598 * from new account registrations, but may be used internally
599 * either by batch processes or by user accounts which have
600 * already been created.
601 *
602 * Additional blacklisting may be added here rather than in
603 * isValidUserName() to avoid disrupting existing accounts.
604 *
605 * @param $name \string String to match
606 * @return \bool True or false
607 */
608 static function isCreatableName( $name ) {
609 global $wgInvalidUsernameCharacters;
610
611 // Ensure that the username isn't longer than 235 bytes, so that
612 // (at least for the builtin skins) user javascript and css files
613 // will work. (bug 23080)
614 if( strlen( $name ) > 235 ) {
615 wfDebugLog( 'username', __METHOD__ .
616 ": '$name' invalid due to length" );
617 return false;
618 }
619
620 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
621 wfDebugLog( 'username', __METHOD__ .
622 ": '$name' invalid due to wgInvalidUsernameCharacters" );
623 return false;
624 }
625
626 return self::isUsableName( $name );
627 }
628
629 /**
630 * Is the input a valid password for this user?
631 *
632 * @param $password String Desired password
633 * @return bool True or false
634 */
635 function isValidPassword( $password ) {
636 //simple boolean wrapper for getPasswordValidity
637 return $this->getPasswordValidity( $password ) === true;
638 }
639
640 /**
641 * Given unvalidated password input, return error message on failure.
642 *
643 * @param $password String Desired password
644 * @return mixed: true on success, string of error message on failure
645 */
646 function getPasswordValidity( $password ) {
647 global $wgMinimalPasswordLength, $wgContLang;
648
649 $result = false; //init $result to false for the internal checks
650
651 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
652 return $result;
653
654 if ( $result === false ) {
655 if( strlen( $password ) < $wgMinimalPasswordLength ) {
656 return 'passwordtooshort';
657 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
658 return 'password-name-match';
659 } else {
660 //it seems weird returning true here, but this is because of the
661 //initialization of $result to false above. If the hook is never run or it
662 //doesn't modify $result, then we will likely get down into this if with
663 //a valid password.
664 return true;
665 }
666 } elseif( $result === true ) {
667 return true;
668 } else {
669 return $result; //the isValidPassword hook set a string $result and returned true
670 }
671 }
672
673 /**
674 * Does a string look like an e-mail address?
675 *
676 * There used to be a regular expression here, it got removed because it
677 * rejected valid addresses. Actually just check if there is '@' somewhere
678 * in the given address.
679 *
680 * @todo Check for RFC 2822 compilance (bug 959)
681 *
682 * @param $addr \string E-mail address
683 * @return \bool True or false
684 */
685 public static function isValidEmailAddr( $addr ) {
686 $result = null;
687 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
688 return $result;
689 }
690
691 return strpos( $addr, '@' ) !== false;
692 }
693
694 /**
695 * Given unvalidated user input, return a canonical username, or false if
696 * the username is invalid.
697 * @param $name \string User input
698 * @param $validate \types{\string,\bool} Type of validation to use:
699 * - false No validation
700 * - 'valid' Valid for batch processes
701 * - 'usable' Valid for batch processes and login
702 * - 'creatable' Valid for batch processes, login and account creation
703 */
704 static function getCanonicalName( $name, $validate = 'valid' ) {
705 # Force usernames to capital
706 global $wgContLang;
707 $name = $wgContLang->ucfirst( $name );
708
709 # Reject names containing '#'; these will be cleaned up
710 # with title normalisation, but then it's too late to
711 # check elsewhere
712 if( strpos( $name, '#' ) !== false )
713 return false;
714
715 # Clean up name according to title rules
716 $t = ( $validate === 'valid' ) ?
717 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
718 # Check for invalid titles
719 if( is_null( $t ) ) {
720 return false;
721 }
722
723 # Reject various classes of invalid names
724 $name = $t->getText();
725 global $wgAuth;
726 $name = $wgAuth->getCanonicalName( $t->getText() );
727
728 switch ( $validate ) {
729 case false:
730 break;
731 case 'valid':
732 if ( !User::isValidUserName( $name ) ) {
733 $name = false;
734 }
735 break;
736 case 'usable':
737 if ( !User::isUsableName( $name ) ) {
738 $name = false;
739 }
740 break;
741 case 'creatable':
742 if ( !User::isCreatableName( $name ) ) {
743 $name = false;
744 }
745 break;
746 default:
747 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
748 }
749 return $name;
750 }
751
752 /**
753 * Count the number of edits of a user
754 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
755 *
756 * @param $uid \int User ID to check
757 * @return \int The user's edit count
758 */
759 static function edits( $uid ) {
760 wfProfileIn( __METHOD__ );
761 $dbr = wfGetDB( DB_SLAVE );
762 // check if the user_editcount field has been initialized
763 $field = $dbr->selectField(
764 'user', 'user_editcount',
765 array( 'user_id' => $uid ),
766 __METHOD__
767 );
768
769 if( $field === null ) { // it has not been initialized. do so.
770 $dbw = wfGetDB( DB_MASTER );
771 $count = $dbr->selectField(
772 'revision', 'count(*)',
773 array( 'rev_user' => $uid ),
774 __METHOD__
775 );
776 $dbw->update(
777 'user',
778 array( 'user_editcount' => $count ),
779 array( 'user_id' => $uid ),
780 __METHOD__
781 );
782 } else {
783 $count = $field;
784 }
785 wfProfileOut( __METHOD__ );
786 return $count;
787 }
788
789 /**
790 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
791 * @todo hash random numbers to improve security, like generateToken()
792 *
793 * @return \string New random password
794 */
795 static function randomPassword() {
796 global $wgMinimalPasswordLength;
797 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
798 $l = strlen( $pwchars ) - 1;
799
800 $pwlength = max( 7, $wgMinimalPasswordLength );
801 $digit = mt_rand( 0, $pwlength - 1 );
802 $np = '';
803 for ( $i = 0; $i < $pwlength; $i++ ) {
804 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
805 }
806 return $np;
807 }
808
809 /**
810 * Set cached properties to default.
811 *
812 * @note This no longer clears uncached lazy-initialised properties;
813 * the constructor does that instead.
814 * @private
815 */
816 function loadDefaults( $name = false ) {
817 wfProfileIn( __METHOD__ );
818
819 global $wgCookiePrefix;
820
821 $this->mId = 0;
822 $this->mName = $name;
823 $this->mRealName = '';
824 $this->mPassword = $this->mNewpassword = '';
825 $this->mNewpassTime = null;
826 $this->mEmail = '';
827 $this->mOptionOverrides = null;
828 $this->mOptionsLoaded = false;
829
830 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
831 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
832 } else {
833 $this->mTouched = '0'; # Allow any pages to be cached
834 }
835
836 $this->setToken(); # Random
837 $this->mEmailAuthenticated = null;
838 $this->mEmailToken = '';
839 $this->mEmailTokenExpires = null;
840 $this->mRegistration = wfTimestamp( TS_MW );
841 $this->mGroups = array();
842
843 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
844
845 wfProfileOut( __METHOD__ );
846 }
847
848 /**
849 * @deprecated Use wfSetupSession().
850 */
851 function SetupSession() {
852 wfDeprecated( __METHOD__ );
853 wfSetupSession();
854 }
855
856 /**
857 * Load user data from the session or login cookie. If there are no valid
858 * credentials, initialises the user as an anonymous user.
859 * @return \bool True if the user is logged in, false otherwise.
860 */
861 private function loadFromSession() {
862 global $wgCookiePrefix, $wgExternalAuthType, $wgAutocreatePolicy;
863
864 $result = null;
865 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
866 if ( $result !== null ) {
867 return $result;
868 }
869
870 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
871 $extUser = ExternalUser::newFromCookie();
872 if ( $extUser ) {
873 # TODO: Automatically create the user here (or probably a bit
874 # lower down, in fact)
875 }
876 }
877
878 if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
879 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
880 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
881 $this->loadDefaults(); // Possible collision!
882 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
883 cookie user ID ($sId) don't match!" );
884 return false;
885 }
886 $_SESSION['wsUserID'] = $sId;
887 } else if ( isset( $_SESSION['wsUserID'] ) ) {
888 if ( $_SESSION['wsUserID'] != 0 ) {
889 $sId = $_SESSION['wsUserID'];
890 } else {
891 $this->loadDefaults();
892 return false;
893 }
894 } else {
895 $this->loadDefaults();
896 return false;
897 }
898
899 if ( isset( $_SESSION['wsUserName'] ) ) {
900 $sName = $_SESSION['wsUserName'];
901 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
902 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
903 $_SESSION['wsUserName'] = $sName;
904 } else {
905 $this->loadDefaults();
906 return false;
907 }
908
909 $passwordCorrect = FALSE;
910 $this->mId = $sId;
911 if ( !$this->loadFromId() ) {
912 # Not a valid ID, loadFromId has switched the object to anon for us
913 return false;
914 }
915
916 global $wgBlockDisablesLogin;
917 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
918 # User blocked and we've disabled blocked user logins
919 $this->loadDefaults();
920 return false;
921 }
922
923 if ( isset( $_SESSION['wsToken'] ) ) {
924 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
925 $from = 'session';
926 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
927 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
928 $from = 'cookie';
929 } else {
930 # No session or persistent login cookie
931 $this->loadDefaults();
932 return false;
933 }
934
935 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
936 $_SESSION['wsToken'] = $this->mToken;
937 wfDebug( "Logged in from $from\n" );
938 return true;
939 } else {
940 # Invalid credentials
941 wfDebug( "Can't log in from $from, invalid credentials\n" );
942 $this->loadDefaults();
943 return false;
944 }
945 }
946
947 /**
948 * Load user and user_group data from the database.
949 * $this::mId must be set, this is how the user is identified.
950 *
951 * @return \bool True if the user exists, false if the user is anonymous
952 * @private
953 */
954 function loadFromDatabase() {
955 # Paranoia
956 $this->mId = intval( $this->mId );
957
958 /** Anonymous user */
959 if( !$this->mId ) {
960 $this->loadDefaults();
961 return false;
962 }
963
964 $dbr = wfGetDB( DB_MASTER );
965 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
966
967 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
968
969 if ( $s !== false ) {
970 # Initialise user table data
971 $this->loadFromRow( $s );
972 $this->mGroups = null; // deferred
973 $this->getEditCount(); // revalidation for nulls
974 return true;
975 } else {
976 # Invalid user_id
977 $this->mId = 0;
978 $this->loadDefaults();
979 return false;
980 }
981 }
982
983 /**
984 * Initialize this object from a row from the user table.
985 *
986 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
987 */
988 function loadFromRow( $row ) {
989 $this->mDataLoaded = true;
990
991 if ( isset( $row->user_id ) ) {
992 $this->mId = intval( $row->user_id );
993 }
994 $this->mName = $row->user_name;
995 $this->mRealName = $row->user_real_name;
996 $this->mPassword = $row->user_password;
997 $this->mNewpassword = $row->user_newpassword;
998 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
999 $this->mEmail = $row->user_email;
1000 $this->decodeOptions( $row->user_options );
1001 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
1002 $this->mToken = $row->user_token;
1003 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1004 $this->mEmailToken = $row->user_email_token;
1005 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1006 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1007 $this->mEditCount = $row->user_editcount;
1008 }
1009
1010 /**
1011 * Load the groups from the database if they aren't already loaded.
1012 * @private
1013 */
1014 function loadGroups() {
1015 if ( is_null( $this->mGroups ) ) {
1016 $dbr = wfGetDB( DB_MASTER );
1017 $res = $dbr->select( 'user_groups',
1018 array( 'ug_group' ),
1019 array( 'ug_user' => $this->mId ),
1020 __METHOD__ );
1021 $this->mGroups = array();
1022 while( $row = $dbr->fetchObject( $res ) ) {
1023 $this->mGroups[] = $row->ug_group;
1024 }
1025 }
1026 }
1027
1028 /**
1029 * Clear various cached data stored in this object.
1030 * @param $reloadFrom \string Reload user and user_groups table data from a
1031 * given source. May be "name", "id", "defaults", "session", or false for
1032 * no reload.
1033 */
1034 function clearInstanceCache( $reloadFrom = false ) {
1035 $this->mNewtalk = -1;
1036 $this->mDatePreference = null;
1037 $this->mBlockedby = -1; # Unset
1038 $this->mHash = false;
1039 $this->mSkin = null;
1040 $this->mRights = null;
1041 $this->mEffectiveGroups = null;
1042 $this->mOptions = null;
1043
1044 if ( $reloadFrom ) {
1045 $this->mDataLoaded = false;
1046 $this->mFrom = $reloadFrom;
1047 }
1048 }
1049
1050 /**
1051 * Combine the language default options with any site-specific options
1052 * and add the default language variants.
1053 *
1054 * @return \type{\arrayof{\string}} Array of options
1055 */
1056 static function getDefaultOptions() {
1057 global $wgNamespacesToBeSearchedDefault;
1058 /**
1059 * Site defaults will override the global/language defaults
1060 */
1061 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1062 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1063
1064 /**
1065 * default language setting
1066 */
1067 $variant = $wgContLang->getPreferredVariant( false );
1068 $defOpt['variant'] = $variant;
1069 $defOpt['language'] = $variant;
1070 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1071 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1072 }
1073 $defOpt['skin'] = $wgDefaultSkin;
1074
1075 return $defOpt;
1076 }
1077
1078 /**
1079 * Get a given default option value.
1080 *
1081 * @param $opt \string Name of option to retrieve
1082 * @return \string Default option value
1083 */
1084 public static function getDefaultOption( $opt ) {
1085 $defOpts = self::getDefaultOptions();
1086 if( isset( $defOpts[$opt] ) ) {
1087 return $defOpts[$opt];
1088 } else {
1089 return null;
1090 }
1091 }
1092
1093 /**
1094 * Get a list of user toggle names
1095 * @return \type{\arrayof{\string}} Array of user toggle names
1096 */
1097 static function getToggles() {
1098 global $wgContLang, $wgUseRCPatrol;
1099 $extraToggles = array();
1100 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
1101 if( $wgUseRCPatrol ) {
1102 $extraToggles[] = 'hidepatrolled';
1103 $extraToggles[] = 'newpageshidepatrolled';
1104 $extraToggles[] = 'watchlisthidepatrolled';
1105 }
1106 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
1107 }
1108
1109
1110 /**
1111 * Get blocking information
1112 * @private
1113 * @param $bFromSlave \bool Whether to check the slave database first. To
1114 * improve performance, non-critical checks are done
1115 * against slaves. Check when actually saving should be
1116 * done against master.
1117 */
1118 function getBlockedStatus( $bFromSlave = true ) {
1119 global $wgProxyWhitelist, $wgUser;
1120
1121 if ( -1 != $this->mBlockedby ) {
1122 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1123 return;
1124 }
1125
1126 wfProfileIn( __METHOD__ );
1127 wfDebug( __METHOD__.": checking...\n" );
1128
1129 // Initialize data...
1130 // Otherwise something ends up stomping on $this->mBlockedby when
1131 // things get lazy-loaded later, causing false positive block hits
1132 // due to -1 !== 0. Probably session-related... Nothing should be
1133 // overwriting mBlockedby, surely?
1134 $this->load();
1135
1136 $this->mBlockedby = 0;
1137 $this->mHideName = 0;
1138 $this->mAllowUsertalk = 0;
1139
1140 # Check if we are looking at an IP or a logged-in user
1141 if ( $this->isIP( $this->getName() ) ) {
1142 $ip = $this->getName();
1143 } else {
1144 # Check if we are looking at the current user
1145 # If we don't, and the user is logged in, we don't know about
1146 # his IP / autoblock status, so ignore autoblock of current user's IP
1147 if ( $this->getID() != $wgUser->getID() ) {
1148 $ip = '';
1149 } else {
1150 # Get IP of current user
1151 $ip = wfGetIP();
1152 }
1153 }
1154
1155 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1156 # Exempt from all types of IP-block
1157 $ip = '';
1158 }
1159
1160 # User/IP blocking
1161 $this->mBlock = new Block();
1162 $this->mBlock->fromMaster( !$bFromSlave );
1163 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1164 wfDebug( __METHOD__ . ": Found block.\n" );
1165 $this->mBlockedby = $this->mBlock->mBy;
1166 if( $this->mBlockedby == 0 )
1167 $this->mBlockedby = $this->mBlock->mByName;
1168 $this->mBlockreason = $this->mBlock->mReason;
1169 $this->mHideName = $this->mBlock->mHideName;
1170 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1171 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1172 $this->spreadBlock();
1173 }
1174 } else {
1175 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1176 // apply to users. Note that the existence of $this->mBlock is not used to
1177 // check for edit blocks, $this->mBlockedby is instead.
1178 }
1179
1180 # Proxy blocking
1181 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1182 # Local list
1183 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1184 $this->mBlockedby = wfMsg( 'proxyblocker' );
1185 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1186 }
1187
1188 # DNSBL
1189 if ( !$this->mBlockedby && !$this->getID() ) {
1190 if ( $this->isDnsBlacklisted( $ip ) ) {
1191 $this->mBlockedby = wfMsg( 'sorbs' );
1192 $this->mBlockreason = wfMsg( 'sorbsreason' );
1193 }
1194 }
1195 }
1196
1197 # Extensions
1198 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1199
1200 wfProfileOut( __METHOD__ );
1201 }
1202
1203 /**
1204 * Whether the given IP is in a DNS blacklist.
1205 *
1206 * @param $ip \string IP to check
1207 * @param $checkWhitelist Boolean: whether to check the whitelist first
1208 * @return \bool True if blacklisted.
1209 */
1210 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1211 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1212 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1213
1214 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1215 return false;
1216
1217 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1218 return false;
1219
1220 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1221 return $this->inDnsBlacklist( $ip, $urls );
1222 }
1223
1224 /**
1225 * Whether the given IP is in a given DNS blacklist.
1226 *
1227 * @param $ip \string IP to check
1228 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1229 * @return \bool True if blacklisted.
1230 */
1231 function inDnsBlacklist( $ip, $bases ) {
1232 wfProfileIn( __METHOD__ );
1233
1234 $found = false;
1235 $host = '';
1236 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1237 if( IP::isIPv4( $ip ) ) {
1238 # Reverse IP, bug 21255
1239 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1240
1241 foreach( (array)$bases as $base ) {
1242 # Make hostname
1243 $host = "$ipReversed.$base";
1244
1245 # Send query
1246 $ipList = gethostbynamel( $host );
1247
1248 if( $ipList ) {
1249 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1250 $found = true;
1251 break;
1252 } else {
1253 wfDebug( "Requested $host, not found in $base.\n" );
1254 }
1255 }
1256 }
1257
1258 wfProfileOut( __METHOD__ );
1259 return $found;
1260 }
1261
1262 /**
1263 * Is this user subject to rate limiting?
1264 *
1265 * @return \bool True if rate limited
1266 */
1267 public function isPingLimitable() {
1268 global $wgRateLimitsExcludedGroups;
1269 global $wgRateLimitsExcludedIPs;
1270 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1271 // Deprecated, but kept for backwards-compatibility config
1272 return false;
1273 }
1274 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1275 // No other good way currently to disable rate limits
1276 // for specific IPs. :P
1277 // But this is a crappy hack and should die.
1278 return false;
1279 }
1280 return !$this->isAllowed('noratelimit');
1281 }
1282
1283 /**
1284 * Primitive rate limits: enforce maximum actions per time period
1285 * to put a brake on flooding.
1286 *
1287 * @note When using a shared cache like memcached, IP-address
1288 * last-hit counters will be shared across wikis.
1289 *
1290 * @param $action \string Action to enforce; 'edit' if unspecified
1291 * @return \bool True if a rate limiter was tripped
1292 */
1293 function pingLimiter( $action = 'edit' ) {
1294 # Call the 'PingLimiter' hook
1295 $result = false;
1296 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1297 return $result;
1298 }
1299
1300 global $wgRateLimits;
1301 if( !isset( $wgRateLimits[$action] ) ) {
1302 return false;
1303 }
1304
1305 # Some groups shouldn't trigger the ping limiter, ever
1306 if( !$this->isPingLimitable() )
1307 return false;
1308
1309 global $wgMemc, $wgRateLimitLog;
1310 wfProfileIn( __METHOD__ );
1311
1312 $limits = $wgRateLimits[$action];
1313 $keys = array();
1314 $id = $this->getId();
1315 $ip = wfGetIP();
1316 $userLimit = false;
1317
1318 if( isset( $limits['anon'] ) && $id == 0 ) {
1319 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1320 }
1321
1322 if( isset( $limits['user'] ) && $id != 0 ) {
1323 $userLimit = $limits['user'];
1324 }
1325 if( $this->isNewbie() ) {
1326 if( isset( $limits['newbie'] ) && $id != 0 ) {
1327 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1328 }
1329 if( isset( $limits['ip'] ) ) {
1330 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1331 }
1332 $matches = array();
1333 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1334 $subnet = $matches[1];
1335 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1336 }
1337 }
1338 // Check for group-specific permissions
1339 // If more than one group applies, use the group with the highest limit
1340 foreach ( $this->getGroups() as $group ) {
1341 if ( isset( $limits[$group] ) ) {
1342 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1343 $userLimit = $limits[$group];
1344 }
1345 }
1346 }
1347 // Set the user limit key
1348 if ( $userLimit !== false ) {
1349 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1350 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1351 }
1352
1353 $triggered = false;
1354 foreach( $keys as $key => $limit ) {
1355 list( $max, $period ) = $limit;
1356 $summary = "(limit $max in {$period}s)";
1357 $count = $wgMemc->get( $key );
1358 // Already pinged?
1359 if( $count ) {
1360 if( $count > $max ) {
1361 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1362 if( $wgRateLimitLog ) {
1363 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1364 }
1365 $triggered = true;
1366 } else {
1367 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1368 }
1369 } else {
1370 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1371 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1372 }
1373 $wgMemc->incr( $key );
1374 }
1375
1376 wfProfileOut( __METHOD__ );
1377 return $triggered;
1378 }
1379
1380 /**
1381 * Check if user is blocked
1382 *
1383 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1384 * @return \bool True if blocked, false otherwise
1385 */
1386 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1387 wfDebug( "User::isBlocked: enter\n" );
1388 $this->getBlockedStatus( $bFromSlave );
1389 return $this->mBlockedby !== 0;
1390 }
1391
1392 /**
1393 * Check if user is blocked from editing a particular article
1394 *
1395 * @param $title \string Title to check
1396 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1397 * @return \bool True if blocked, false otherwise
1398 */
1399 function isBlockedFrom( $title, $bFromSlave = false ) {
1400 global $wgBlockAllowsUTEdit;
1401 wfProfileIn( __METHOD__ );
1402 wfDebug( __METHOD__ . ": enter\n" );
1403
1404 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1405 $blocked = $this->isBlocked( $bFromSlave );
1406 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1407 # If a user's name is suppressed, they cannot make edits anywhere
1408 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1409 $title->getNamespace() == NS_USER_TALK ) {
1410 $blocked = false;
1411 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1412 }
1413
1414 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1415
1416 wfProfileOut( __METHOD__ );
1417 return $blocked;
1418 }
1419
1420 /**
1421 * If user is blocked, return the name of the user who placed the block
1422 * @return \string name of blocker
1423 */
1424 function blockedBy() {
1425 $this->getBlockedStatus();
1426 return $this->mBlockedby;
1427 }
1428
1429 /**
1430 * If user is blocked, return the specified reason for the block
1431 * @return \string Blocking reason
1432 */
1433 function blockedFor() {
1434 $this->getBlockedStatus();
1435 return $this->mBlockreason;
1436 }
1437
1438 /**
1439 * If user is blocked, return the ID for the block
1440 * @return \int Block ID
1441 */
1442 function getBlockId() {
1443 $this->getBlockedStatus();
1444 return ( $this->mBlock ? $this->mBlock->mId : false );
1445 }
1446
1447 /**
1448 * Check if user is blocked on all wikis.
1449 * Do not use for actual edit permission checks!
1450 * This is intented for quick UI checks.
1451 *
1452 * @param $ip \type{\string} IP address, uses current client if none given
1453 * @return \type{\bool} True if blocked, false otherwise
1454 */
1455 function isBlockedGlobally( $ip = '' ) {
1456 if( $this->mBlockedGlobally !== null ) {
1457 return $this->mBlockedGlobally;
1458 }
1459 // User is already an IP?
1460 if( IP::isIPAddress( $this->getName() ) ) {
1461 $ip = $this->getName();
1462 } else if( !$ip ) {
1463 $ip = wfGetIP();
1464 }
1465 $blocked = false;
1466 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1467 $this->mBlockedGlobally = (bool)$blocked;
1468 return $this->mBlockedGlobally;
1469 }
1470
1471 /**
1472 * Check if user account is locked
1473 *
1474 * @return \type{\bool} True if locked, false otherwise
1475 */
1476 function isLocked() {
1477 if( $this->mLocked !== null ) {
1478 return $this->mLocked;
1479 }
1480 global $wgAuth;
1481 $authUser = $wgAuth->getUserInstance( $this );
1482 $this->mLocked = (bool)$authUser->isLocked();
1483 return $this->mLocked;
1484 }
1485
1486 /**
1487 * Check if user account is hidden
1488 *
1489 * @return \type{\bool} True if hidden, false otherwise
1490 */
1491 function isHidden() {
1492 if( $this->mHideName !== null ) {
1493 return $this->mHideName;
1494 }
1495 $this->getBlockedStatus();
1496 if( !$this->mHideName ) {
1497 global $wgAuth;
1498 $authUser = $wgAuth->getUserInstance( $this );
1499 $this->mHideName = (bool)$authUser->isHidden();
1500 }
1501 return $this->mHideName;
1502 }
1503
1504 /**
1505 * Get the user's ID.
1506 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1507 */
1508 function getId() {
1509 if( $this->mId === null and $this->mName !== null
1510 and User::isIP( $this->mName ) ) {
1511 // Special case, we know the user is anonymous
1512 return 0;
1513 } elseif( $this->mId === null ) {
1514 // Don't load if this was initialized from an ID
1515 $this->load();
1516 }
1517 return $this->mId;
1518 }
1519
1520 /**
1521 * Set the user and reload all fields according to a given ID
1522 * @param $v \int User ID to reload
1523 */
1524 function setId( $v ) {
1525 $this->mId = $v;
1526 $this->clearInstanceCache( 'id' );
1527 }
1528
1529 /**
1530 * Get the user name, or the IP of an anonymous user
1531 * @return \string User's name or IP address
1532 */
1533 function getName() {
1534 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1535 # Special case optimisation
1536 return $this->mName;
1537 } else {
1538 $this->load();
1539 if ( $this->mName === false ) {
1540 # Clean up IPs
1541 $this->mName = IP::sanitizeIP( wfGetIP() );
1542 }
1543 return $this->mName;
1544 }
1545 }
1546
1547 /**
1548 * Set the user name.
1549 *
1550 * This does not reload fields from the database according to the given
1551 * name. Rather, it is used to create a temporary "nonexistent user" for
1552 * later addition to the database. It can also be used to set the IP
1553 * address for an anonymous user to something other than the current
1554 * remote IP.
1555 *
1556 * @note User::newFromName() has rougly the same function, when the named user
1557 * does not exist.
1558 * @param $str \string New user name to set
1559 */
1560 function setName( $str ) {
1561 $this->load();
1562 $this->mName = $str;
1563 }
1564
1565 /**
1566 * Get the user's name escaped by underscores.
1567 * @return \string Username escaped by underscores.
1568 */
1569 function getTitleKey() {
1570 return str_replace( ' ', '_', $this->getName() );
1571 }
1572
1573 /**
1574 * Check if the user has new messages.
1575 * @return \bool True if the user has new messages
1576 */
1577 function getNewtalk() {
1578 $this->load();
1579
1580 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1581 if( $this->mNewtalk === -1 ) {
1582 $this->mNewtalk = false; # reset talk page status
1583
1584 # Check memcached separately for anons, who have no
1585 # entire User object stored in there.
1586 if( !$this->mId ) {
1587 global $wgMemc;
1588 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1589 $newtalk = $wgMemc->get( $key );
1590 if( strval( $newtalk ) !== '' ) {
1591 $this->mNewtalk = (bool)$newtalk;
1592 } else {
1593 // Since we are caching this, make sure it is up to date by getting it
1594 // from the master
1595 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1596 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1597 }
1598 } else {
1599 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1600 }
1601 }
1602
1603 return (bool)$this->mNewtalk;
1604 }
1605
1606 /**
1607 * Return the talk page(s) this user has new messages on.
1608 * @return \type{\arrayof{\string}} Array of page URLs
1609 */
1610 function getNewMessageLinks() {
1611 $talks = array();
1612 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1613 return $talks;
1614
1615 if( !$this->getNewtalk() )
1616 return array();
1617 $up = $this->getUserPage();
1618 $utp = $up->getTalkPage();
1619 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1620 }
1621
1622 /**
1623 * Internal uncached check for new messages
1624 *
1625 * @see getNewtalk()
1626 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1627 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1628 * @param $fromMaster \bool true to fetch from the master, false for a slave
1629 * @return \bool True if the user has new messages
1630 * @private
1631 */
1632 function checkNewtalk( $field, $id, $fromMaster = false ) {
1633 if ( $fromMaster ) {
1634 $db = wfGetDB( DB_MASTER );
1635 } else {
1636 $db = wfGetDB( DB_SLAVE );
1637 }
1638 $ok = $db->selectField( 'user_newtalk', $field,
1639 array( $field => $id ), __METHOD__ );
1640 return $ok !== false;
1641 }
1642
1643 /**
1644 * Add or update the new messages flag
1645 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1646 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1647 * @return \bool True if successful, false otherwise
1648 * @private
1649 */
1650 function updateNewtalk( $field, $id ) {
1651 $dbw = wfGetDB( DB_MASTER );
1652 $dbw->insert( 'user_newtalk',
1653 array( $field => $id ),
1654 __METHOD__,
1655 'IGNORE' );
1656 if ( $dbw->affectedRows() ) {
1657 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1658 return true;
1659 } else {
1660 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1661 return false;
1662 }
1663 }
1664
1665 /**
1666 * Clear the new messages flag for the given user
1667 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1668 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1669 * @return \bool True if successful, false otherwise
1670 * @private
1671 */
1672 function deleteNewtalk( $field, $id ) {
1673 $dbw = wfGetDB( DB_MASTER );
1674 $dbw->delete( 'user_newtalk',
1675 array( $field => $id ),
1676 __METHOD__ );
1677 if ( $dbw->affectedRows() ) {
1678 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1679 return true;
1680 } else {
1681 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1682 return false;
1683 }
1684 }
1685
1686 /**
1687 * Update the 'You have new messages!' status.
1688 * @param $val \bool Whether the user has new messages
1689 */
1690 function setNewtalk( $val ) {
1691 if( wfReadOnly() ) {
1692 return;
1693 }
1694
1695 $this->load();
1696 $this->mNewtalk = $val;
1697
1698 if( $this->isAnon() ) {
1699 $field = 'user_ip';
1700 $id = $this->getName();
1701 } else {
1702 $field = 'user_id';
1703 $id = $this->getId();
1704 }
1705 global $wgMemc;
1706
1707 if( $val ) {
1708 $changed = $this->updateNewtalk( $field, $id );
1709 } else {
1710 $changed = $this->deleteNewtalk( $field, $id );
1711 }
1712
1713 if( $this->isAnon() ) {
1714 // Anons have a separate memcached space, since
1715 // user records aren't kept for them.
1716 $key = wfMemcKey( 'newtalk', 'ip', $id );
1717 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1718 }
1719 if ( $changed ) {
1720 $this->invalidateCache();
1721 }
1722 }
1723
1724 /**
1725 * Generate a current or new-future timestamp to be stored in the
1726 * user_touched field when we update things.
1727 * @return \string Timestamp in TS_MW format
1728 */
1729 private static function newTouchedTimestamp() {
1730 global $wgClockSkewFudge;
1731 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1732 }
1733
1734 /**
1735 * Clear user data from memcached.
1736 * Use after applying fun updates to the database; caller's
1737 * responsibility to update user_touched if appropriate.
1738 *
1739 * Called implicitly from invalidateCache() and saveSettings().
1740 */
1741 private function clearSharedCache() {
1742 $this->load();
1743 if( $this->mId ) {
1744 global $wgMemc;
1745 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1746 }
1747 }
1748
1749 /**
1750 * Immediately touch the user data cache for this account.
1751 * Updates user_touched field, and removes account data from memcached
1752 * for reload on the next hit.
1753 */
1754 function invalidateCache() {
1755 if( wfReadOnly() ) {
1756 return;
1757 }
1758 $this->load();
1759 if( $this->mId ) {
1760 $this->mTouched = self::newTouchedTimestamp();
1761
1762 $dbw = wfGetDB( DB_MASTER );
1763 $dbw->update( 'user',
1764 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1765 array( 'user_id' => $this->mId ),
1766 __METHOD__ );
1767
1768 $this->clearSharedCache();
1769 }
1770 }
1771
1772 /**
1773 * Validate the cache for this account.
1774 * @param $timestamp \string A timestamp in TS_MW format
1775 */
1776 function validateCache( $timestamp ) {
1777 $this->load();
1778 return ( $timestamp >= $this->mTouched );
1779 }
1780
1781 /**
1782 * Get the user touched timestamp
1783 */
1784 function getTouched() {
1785 $this->load();
1786 return $this->mTouched;
1787 }
1788
1789 /**
1790 * Set the password and reset the random token.
1791 * Calls through to authentication plugin if necessary;
1792 * will have no effect if the auth plugin refuses to
1793 * pass the change through or if the legal password
1794 * checks fail.
1795 *
1796 * As a special case, setting the password to null
1797 * wipes it, so the account cannot be logged in until
1798 * a new password is set, for instance via e-mail.
1799 *
1800 * @param $str \string New password to set
1801 * @throws PasswordError on failure
1802 */
1803 function setPassword( $str ) {
1804 global $wgAuth;
1805
1806 if( $str !== null ) {
1807 if( !$wgAuth->allowPasswordChange() ) {
1808 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1809 }
1810
1811 if( !$this->isValidPassword( $str ) ) {
1812 global $wgMinimalPasswordLength;
1813 $valid = $this->getPasswordValidity( $str );
1814 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1815 $wgMinimalPasswordLength ) );
1816 }
1817 }
1818
1819 if( !$wgAuth->setPassword( $this, $str ) ) {
1820 throw new PasswordError( wfMsg( 'externaldberror' ) );
1821 }
1822
1823 $this->setInternalPassword( $str );
1824
1825 return true;
1826 }
1827
1828 /**
1829 * Set the password and reset the random token unconditionally.
1830 *
1831 * @param $str \string New password to set
1832 */
1833 function setInternalPassword( $str ) {
1834 $this->load();
1835 $this->setToken();
1836
1837 if( $str === null ) {
1838 // Save an invalid hash...
1839 $this->mPassword = '';
1840 } else {
1841 $this->mPassword = self::crypt( $str );
1842 }
1843 $this->mNewpassword = '';
1844 $this->mNewpassTime = null;
1845 }
1846
1847 /**
1848 * Get the user's current token.
1849 * @return \string Token
1850 */
1851 function getToken() {
1852 $this->load();
1853 return $this->mToken;
1854 }
1855
1856 /**
1857 * Set the random token (used for persistent authentication)
1858 * Called from loadDefaults() among other places.
1859 *
1860 * @param $token \string If specified, set the token to this value
1861 * @private
1862 */
1863 function setToken( $token = false ) {
1864 global $wgSecretKey, $wgProxyKey;
1865 $this->load();
1866 if ( !$token ) {
1867 if ( $wgSecretKey ) {
1868 $key = $wgSecretKey;
1869 } elseif ( $wgProxyKey ) {
1870 $key = $wgProxyKey;
1871 } else {
1872 $key = microtime();
1873 }
1874 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1875 } else {
1876 $this->mToken = $token;
1877 }
1878 }
1879
1880 /**
1881 * Set the cookie password
1882 *
1883 * @param $str \string New cookie password
1884 * @private
1885 */
1886 function setCookiePassword( $str ) {
1887 $this->load();
1888 $this->mCookiePassword = md5( $str );
1889 }
1890
1891 /**
1892 * Set the password for a password reminder or new account email
1893 *
1894 * @param $str \string New password to set
1895 * @param $throttle \bool If true, reset the throttle timestamp to the present
1896 */
1897 function setNewpassword( $str, $throttle = true ) {
1898 $this->load();
1899 $this->mNewpassword = self::crypt( $str );
1900 if ( $throttle ) {
1901 $this->mNewpassTime = wfTimestampNow();
1902 }
1903 }
1904
1905 /**
1906 * Has password reminder email been sent within the last
1907 * $wgPasswordReminderResendTime hours?
1908 * @return \bool True or false
1909 */
1910 function isPasswordReminderThrottled() {
1911 global $wgPasswordReminderResendTime;
1912 $this->load();
1913 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1914 return false;
1915 }
1916 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1917 return time() < $expiry;
1918 }
1919
1920 /**
1921 * Get the user's e-mail address
1922 * @return \string User's email address
1923 */
1924 function getEmail() {
1925 $this->load();
1926 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1927 return $this->mEmail;
1928 }
1929
1930 /**
1931 * Get the timestamp of the user's e-mail authentication
1932 * @return \string TS_MW timestamp
1933 */
1934 function getEmailAuthenticationTimestamp() {
1935 $this->load();
1936 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1937 return $this->mEmailAuthenticated;
1938 }
1939
1940 /**
1941 * Set the user's e-mail address
1942 * @param $str \string New e-mail address
1943 */
1944 function setEmail( $str ) {
1945 $this->load();
1946 $this->mEmail = $str;
1947 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1948 }
1949
1950 /**
1951 * Get the user's real name
1952 * @return \string User's real name
1953 */
1954 function getRealName() {
1955 $this->load();
1956 return $this->mRealName;
1957 }
1958
1959 /**
1960 * Set the user's real name
1961 * @param $str \string New real name
1962 */
1963 function setRealName( $str ) {
1964 $this->load();
1965 $this->mRealName = $str;
1966 }
1967
1968 /**
1969 * Get the user's current setting for a given option.
1970 *
1971 * @param $oname \string The option to check
1972 * @param $defaultOverride \string A default value returned if the option does not exist
1973 * @return \string User's current value for the option
1974 * @see getBoolOption()
1975 * @see getIntOption()
1976 */
1977 function getOption( $oname, $defaultOverride = null ) {
1978 $this->loadOptions();
1979
1980 if ( is_null( $this->mOptions ) ) {
1981 if($defaultOverride != '') {
1982 return $defaultOverride;
1983 }
1984 $this->mOptions = User::getDefaultOptions();
1985 }
1986
1987 if ( array_key_exists( $oname, $this->mOptions ) ) {
1988 return $this->mOptions[$oname];
1989 } else {
1990 return $defaultOverride;
1991 }
1992 }
1993
1994 /**
1995 * Get all user's options
1996 *
1997 * @return array
1998 */
1999 public function getOptions() {
2000 $this->loadOptions();
2001 return $this->mOptions;
2002 }
2003
2004 /**
2005 * Get the user's current setting for a given option, as a boolean value.
2006 *
2007 * @param $oname \string The option to check
2008 * @return \bool User's current value for the option
2009 * @see getOption()
2010 */
2011 function getBoolOption( $oname ) {
2012 return (bool)$this->getOption( $oname );
2013 }
2014
2015
2016 /**
2017 * Get the user's current setting for a given option, as a boolean value.
2018 *
2019 * @param $oname \string The option to check
2020 * @param $defaultOverride \int A default value returned if the option does not exist
2021 * @return \int User's current value for the option
2022 * @see getOption()
2023 */
2024 function getIntOption( $oname, $defaultOverride=0 ) {
2025 $val = $this->getOption( $oname );
2026 if( $val == '' ) {
2027 $val = $defaultOverride;
2028 }
2029 return intval( $val );
2030 }
2031
2032 /**
2033 * Set the given option for a user.
2034 *
2035 * @param $oname \string The option to set
2036 * @param $val \mixed New value to set
2037 */
2038 function setOption( $oname, $val ) {
2039 $this->load();
2040 $this->loadOptions();
2041
2042 if ( $oname == 'skin' ) {
2043 # Clear cached skin, so the new one displays immediately in Special:Preferences
2044 unset( $this->mSkin );
2045 }
2046
2047 // Explicitly NULL values should refer to defaults
2048 global $wgDefaultUserOptions;
2049 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2050 $val = $wgDefaultUserOptions[$oname];
2051 }
2052
2053 $this->mOptions[$oname] = $val;
2054 }
2055
2056 /**
2057 * Reset all options to the site defaults
2058 */
2059 function resetOptions() {
2060 $this->mOptions = User::getDefaultOptions();
2061 }
2062
2063 /**
2064 * Get the user's preferred date format.
2065 * @return \string User's preferred date format
2066 */
2067 function getDatePreference() {
2068 // Important migration for old data rows
2069 if ( is_null( $this->mDatePreference ) ) {
2070 global $wgLang;
2071 $value = $this->getOption( 'date' );
2072 $map = $wgLang->getDatePreferenceMigrationMap();
2073 if ( isset( $map[$value] ) ) {
2074 $value = $map[$value];
2075 }
2076 $this->mDatePreference = $value;
2077 }
2078 return $this->mDatePreference;
2079 }
2080
2081 /**
2082 * Get the user preferred stub threshold
2083 */
2084 function getStubThreshold() {
2085 global $wgMaxArticleSize; # Maximum article size, in Kb
2086 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2087 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2088 # If they have set an impossible value, disable the preference
2089 # so we can use the parser cache again.
2090 $threshold = 0;
2091 }
2092 return $threshold;
2093 }
2094
2095 /**
2096 * Get the permissions this user has.
2097 * @return \type{\arrayof{\string}} Array of permission names
2098 */
2099 function getRights() {
2100 if ( is_null( $this->mRights ) ) {
2101 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2102 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2103 // Force reindexation of rights when a hook has unset one of them
2104 $this->mRights = array_values( $this->mRights );
2105 }
2106 return $this->mRights;
2107 }
2108
2109 /**
2110 * Get the list of explicit group memberships this user has.
2111 * The implicit * and user groups are not included.
2112 * @return \type{\arrayof{\string}} Array of internal group names
2113 */
2114 function getGroups() {
2115 $this->load();
2116 return $this->mGroups;
2117 }
2118
2119 /**
2120 * Get the list of implicit group memberships this user has.
2121 * This includes all explicit groups, plus 'user' if logged in,
2122 * '*' for all accounts and autopromoted groups
2123 * @param $recache \bool Whether to avoid the cache
2124 * @return \type{\arrayof{\string}} Array of internal group names
2125 */
2126 function getEffectiveGroups( $recache = false ) {
2127 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2128 wfProfileIn( __METHOD__ );
2129 $this->mEffectiveGroups = $this->getGroups();
2130 $this->mEffectiveGroups[] = '*';
2131 if( $this->getId() ) {
2132 $this->mEffectiveGroups[] = 'user';
2133
2134 $this->mEffectiveGroups = array_unique( array_merge(
2135 $this->mEffectiveGroups,
2136 Autopromote::getAutopromoteGroups( $this )
2137 ) );
2138
2139 # Hook for additional groups
2140 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2141 }
2142 wfProfileOut( __METHOD__ );
2143 }
2144 return $this->mEffectiveGroups;
2145 }
2146
2147 /**
2148 * Get the user's edit count.
2149 * @return \int User'e edit count
2150 */
2151 function getEditCount() {
2152 if( $this->getId() ) {
2153 if ( !isset( $this->mEditCount ) ) {
2154 /* Populate the count, if it has not been populated yet */
2155 $this->mEditCount = User::edits( $this->mId );
2156 }
2157 return $this->mEditCount;
2158 } else {
2159 /* nil */
2160 return null;
2161 }
2162 }
2163
2164 /**
2165 * Add the user to the given group.
2166 * This takes immediate effect.
2167 * @param $group \string Name of the group to add
2168 */
2169 function addGroup( $group ) {
2170 $dbw = wfGetDB( DB_MASTER );
2171 if( $this->getId() ) {
2172 $dbw->insert( 'user_groups',
2173 array(
2174 'ug_user' => $this->getID(),
2175 'ug_group' => $group,
2176 ),
2177 __METHOD__,
2178 array( 'IGNORE' ) );
2179 }
2180
2181 $this->loadGroups();
2182 $this->mGroups[] = $group;
2183 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2184
2185 $this->invalidateCache();
2186 }
2187
2188 /**
2189 * Remove the user from the given group.
2190 * This takes immediate effect.
2191 * @param $group \string Name of the group to remove
2192 */
2193 function removeGroup( $group ) {
2194 $this->load();
2195 $dbw = wfGetDB( DB_MASTER );
2196 $dbw->delete( 'user_groups',
2197 array(
2198 'ug_user' => $this->getID(),
2199 'ug_group' => $group,
2200 ), __METHOD__ );
2201
2202 $this->loadGroups();
2203 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2204 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2205
2206 $this->invalidateCache();
2207 }
2208
2209 /**
2210 * Get whether the user is logged in
2211 * @return \bool True or false
2212 */
2213 function isLoggedIn() {
2214 return $this->getID() != 0;
2215 }
2216
2217 /**
2218 * Get whether the user is anonymous
2219 * @return \bool True or false
2220 */
2221 function isAnon() {
2222 return !$this->isLoggedIn();
2223 }
2224
2225 /**
2226 * Get whether the user is a bot
2227 * @return \bool True or false
2228 * @deprecated
2229 */
2230 function isBot() {
2231 wfDeprecated( __METHOD__ );
2232 return $this->isAllowed( 'bot' );
2233 }
2234
2235 /**
2236 * Check if user is allowed to access a feature / make an action
2237 * @param $action \string action to be checked
2238 * @return \bool True if action is allowed, else false
2239 */
2240 function isAllowed( $action = '' ) {
2241 if ( $action === '' )
2242 return true; // In the spirit of DWIM
2243 # Patrolling may not be enabled
2244 if( $action === 'patrol' || $action === 'autopatrol' ) {
2245 global $wgUseRCPatrol, $wgUseNPPatrol;
2246 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2247 return false;
2248 }
2249 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2250 # by misconfiguration: 0 == 'foo'
2251 return in_array( $action, $this->getRights(), true );
2252 }
2253
2254 /**
2255 * Check whether to enable recent changes patrol features for this user
2256 * @return \bool True or false
2257 */
2258 public function useRCPatrol() {
2259 global $wgUseRCPatrol;
2260 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2261 }
2262
2263 /**
2264 * Check whether to enable new pages patrol features for this user
2265 * @return \bool True or false
2266 */
2267 public function useNPPatrol() {
2268 global $wgUseRCPatrol, $wgUseNPPatrol;
2269 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2270 }
2271
2272 /**
2273 * Get the current skin, loading it if required, and setting a title
2274 * @param $t Title: the title to use in the skin
2275 * @return Skin The current skin
2276 * @todo FIXME : need to check the old failback system [AV]
2277 */
2278 function &getSkin( $t = null ) {
2279 if ( !isset( $this->mSkin ) ) {
2280 wfProfileIn( __METHOD__ );
2281
2282 global $wgHiddenPrefs;
2283 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2284 # get the user skin
2285 global $wgRequest;
2286 $userSkin = $this->getOption( 'skin' );
2287 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2288 } else {
2289 # if we're not allowing users to override, then use the default
2290 global $wgDefaultSkin;
2291 $userSkin = $wgDefaultSkin;
2292 }
2293
2294 $this->mSkin = Skin::newFromKey( $userSkin );
2295 wfProfileOut( __METHOD__ );
2296 }
2297 if( $t || !$this->mSkin->getTitle() ) {
2298 if ( !$t ) {
2299 global $wgOut;
2300 $t = $wgOut->getTitle();
2301 }
2302 $this->mSkin->setTitle( $t );
2303 }
2304 return $this->mSkin;
2305 }
2306
2307 /**
2308 * Check the watched status of an article.
2309 * @param $title \type{Title} Title of the article to look at
2310 * @return \bool True if article is watched
2311 */
2312 function isWatched( $title ) {
2313 $wl = WatchedItem::fromUserTitle( $this, $title );
2314 return $wl->isWatched();
2315 }
2316
2317 /**
2318 * Watch an article.
2319 * @param $title \type{Title} Title of the article to look at
2320 */
2321 function addWatch( $title ) {
2322 $wl = WatchedItem::fromUserTitle( $this, $title );
2323 $wl->addWatch();
2324 $this->invalidateCache();
2325 }
2326
2327 /**
2328 * Stop watching an article.
2329 * @param $title \type{Title} Title of the article to look at
2330 */
2331 function removeWatch( $title ) {
2332 $wl = WatchedItem::fromUserTitle( $this, $title );
2333 $wl->removeWatch();
2334 $this->invalidateCache();
2335 }
2336
2337 /**
2338 * Clear the user's notification timestamp for the given title.
2339 * If e-notif e-mails are on, they will receive notification mails on
2340 * the next change of the page if it's watched etc.
2341 * @param $title \type{Title} Title of the article to look at
2342 */
2343 function clearNotification( &$title ) {
2344 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2345
2346 # Do nothing if the database is locked to writes
2347 if( wfReadOnly() ) {
2348 return;
2349 }
2350
2351 if( $title->getNamespace() == NS_USER_TALK &&
2352 $title->getText() == $this->getName() ) {
2353 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2354 return;
2355 $this->setNewtalk( false );
2356 }
2357
2358 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2359 return;
2360 }
2361
2362 if( $this->isAnon() ) {
2363 // Nothing else to do...
2364 return;
2365 }
2366
2367 // Only update the timestamp if the page is being watched.
2368 // The query to find out if it is watched is cached both in memcached and per-invocation,
2369 // and when it does have to be executed, it can be on a slave
2370 // If this is the user's newtalk page, we always update the timestamp
2371 if( $title->getNamespace() == NS_USER_TALK &&
2372 $title->getText() == $wgUser->getName() )
2373 {
2374 $watched = true;
2375 } elseif ( $this->getId() == $wgUser->getId() ) {
2376 $watched = $title->userIsWatching();
2377 } else {
2378 $watched = true;
2379 }
2380
2381 // If the page is watched by the user (or may be watched), update the timestamp on any
2382 // any matching rows
2383 if ( $watched ) {
2384 $dbw = wfGetDB( DB_MASTER );
2385 $dbw->update( 'watchlist',
2386 array( /* SET */
2387 'wl_notificationtimestamp' => null
2388 ), array( /* WHERE */
2389 'wl_title' => $title->getDBkey(),
2390 'wl_namespace' => $title->getNamespace(),
2391 'wl_user' => $this->getID()
2392 ), __METHOD__
2393 );
2394 }
2395 }
2396
2397 /**
2398 * Resets all of the given user's page-change notification timestamps.
2399 * If e-notif e-mails are on, they will receive notification mails on
2400 * the next change of any watched page.
2401 *
2402 * @param $currentUser \int User ID
2403 */
2404 function clearAllNotifications( $currentUser ) {
2405 global $wgUseEnotif, $wgShowUpdatedMarker;
2406 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2407 $this->setNewtalk( false );
2408 return;
2409 }
2410 if( $currentUser != 0 ) {
2411 $dbw = wfGetDB( DB_MASTER );
2412 $dbw->update( 'watchlist',
2413 array( /* SET */
2414 'wl_notificationtimestamp' => null
2415 ), array( /* WHERE */
2416 'wl_user' => $currentUser
2417 ), __METHOD__
2418 );
2419 # We also need to clear here the "you have new message" notification for the own user_talk page
2420 # This is cleared one page view later in Article::viewUpdates();
2421 }
2422 }
2423
2424 /**
2425 * Set this user's options from an encoded string
2426 * @param $str \string Encoded options to import
2427 * @private
2428 */
2429 function decodeOptions( $str ) {
2430 if( !$str )
2431 return;
2432
2433 $this->mOptionsLoaded = true;
2434 $this->mOptionOverrides = array();
2435
2436 $this->mOptions = array();
2437 $a = explode( "\n", $str );
2438 foreach ( $a as $s ) {
2439 $m = array();
2440 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2441 $this->mOptions[$m[1]] = $m[2];
2442 $this->mOptionOverrides[$m[1]] = $m[2];
2443 }
2444 }
2445 }
2446
2447 /**
2448 * Set a cookie on the user's client. Wrapper for
2449 * WebResponse::setCookie
2450 * @param $name \string Name of the cookie to set
2451 * @param $value \string Value to set
2452 * @param $exp \int Expiration time, as a UNIX time value;
2453 * if 0 or not specified, use the default $wgCookieExpiration
2454 */
2455 protected function setCookie( $name, $value, $exp = 0 ) {
2456 global $wgRequest;
2457 $wgRequest->response()->setcookie( $name, $value, $exp );
2458 }
2459
2460 /**
2461 * Clear a cookie on the user's client
2462 * @param $name \string Name of the cookie to clear
2463 */
2464 protected function clearCookie( $name ) {
2465 $this->setCookie( $name, '', time() - 86400 );
2466 }
2467
2468 /**
2469 * Set the default cookies for this session on the user's client.
2470 */
2471 function setCookies() {
2472 $this->load();
2473 if ( 0 == $this->mId ) return;
2474 $session = array(
2475 'wsUserID' => $this->mId,
2476 'wsToken' => $this->mToken,
2477 'wsUserName' => $this->getName()
2478 );
2479 $cookies = array(
2480 'UserID' => $this->mId,
2481 'UserName' => $this->getName(),
2482 );
2483 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2484 $cookies['Token'] = $this->mToken;
2485 } else {
2486 $cookies['Token'] = false;
2487 }
2488
2489 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2490 #check for null, since the hook could cause a null value
2491 if ( !is_null( $session ) && isset( $_SESSION ) ){
2492 $_SESSION = $session + $_SESSION;
2493 }
2494 foreach ( $cookies as $name => $value ) {
2495 if ( $value === false ) {
2496 $this->clearCookie( $name );
2497 } else {
2498 $this->setCookie( $name, $value );
2499 }
2500 }
2501 }
2502
2503 /**
2504 * Log this user out.
2505 */
2506 function logout() {
2507 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2508 $this->doLogout();
2509 }
2510 }
2511
2512 /**
2513 * Clear the user's cookies and session, and reset the instance cache.
2514 * @private
2515 * @see logout()
2516 */
2517 function doLogout() {
2518 $this->clearInstanceCache( 'defaults' );
2519
2520 $_SESSION['wsUserID'] = 0;
2521
2522 $this->clearCookie( 'UserID' );
2523 $this->clearCookie( 'Token' );
2524
2525 # Remember when user logged out, to prevent seeing cached pages
2526 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2527 }
2528
2529 /**
2530 * Save this user's settings into the database.
2531 * @todo Only rarely do all these fields need to be set!
2532 */
2533 function saveSettings() {
2534 $this->load();
2535 if ( wfReadOnly() ) { return; }
2536 if ( 0 == $this->mId ) { return; }
2537
2538 $this->mTouched = self::newTouchedTimestamp();
2539
2540 $dbw = wfGetDB( DB_MASTER );
2541 $dbw->update( 'user',
2542 array( /* SET */
2543 'user_name' => $this->mName,
2544 'user_password' => $this->mPassword,
2545 'user_newpassword' => $this->mNewpassword,
2546 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2547 'user_real_name' => $this->mRealName,
2548 'user_email' => $this->mEmail,
2549 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2550 'user_options' => '',
2551 'user_touched' => $dbw->timestamp( $this->mTouched ),
2552 'user_token' => $this->mToken,
2553 'user_email_token' => $this->mEmailToken,
2554 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2555 ), array( /* WHERE */
2556 'user_id' => $this->mId
2557 ), __METHOD__
2558 );
2559
2560 $this->saveOptions();
2561
2562 wfRunHooks( 'UserSaveSettings', array( $this ) );
2563 $this->clearSharedCache();
2564 $this->getUserPage()->invalidateCache();
2565 }
2566
2567 /**
2568 * If only this user's username is known, and it exists, return the user ID.
2569 */
2570 function idForName() {
2571 $s = trim( $this->getName() );
2572 if ( $s === '' ) return 0;
2573
2574 $dbr = wfGetDB( DB_SLAVE );
2575 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2576 if ( $id === false ) {
2577 $id = 0;
2578 }
2579 return $id;
2580 }
2581
2582 /**
2583 * Add a user to the database, return the user object
2584 *
2585 * @param $name \string Username to add
2586 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2587 * - password The user's password. Password logins will be disabled if this is omitted.
2588 * - newpassword A temporary password mailed to the user
2589 * - email The user's email address
2590 * - email_authenticated The email authentication timestamp
2591 * - real_name The user's real name
2592 * - options An associative array of non-default options
2593 * - token Random authentication token. Do not set.
2594 * - registration Registration timestamp. Do not set.
2595 *
2596 * @return \type{User} A new User object, or null if the username already exists
2597 */
2598 static function createNew( $name, $params = array() ) {
2599 $user = new User;
2600 $user->load();
2601 if ( isset( $params['options'] ) ) {
2602 $user->mOptions = $params['options'] + (array)$user->mOptions;
2603 unset( $params['options'] );
2604 }
2605 $dbw = wfGetDB( DB_MASTER );
2606 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2607 $fields = array(
2608 'user_id' => $seqVal,
2609 'user_name' => $name,
2610 'user_password' => $user->mPassword,
2611 'user_newpassword' => $user->mNewpassword,
2612 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2613 'user_email' => $user->mEmail,
2614 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2615 'user_real_name' => $user->mRealName,
2616 'user_options' => '',
2617 'user_token' => $user->mToken,
2618 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2619 'user_editcount' => 0,
2620 );
2621 foreach ( $params as $name => $value ) {
2622 $fields["user_$name"] = $value;
2623 }
2624 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2625 if ( $dbw->affectedRows() ) {
2626 $newUser = User::newFromId( $dbw->insertId() );
2627 } else {
2628 $newUser = null;
2629 }
2630 return $newUser;
2631 }
2632
2633 /**
2634 * Add this existing user object to the database
2635 */
2636 function addToDatabase() {
2637 $this->load();
2638 $dbw = wfGetDB( DB_MASTER );
2639 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2640 $dbw->insert( 'user',
2641 array(
2642 'user_id' => $seqVal,
2643 'user_name' => $this->mName,
2644 'user_password' => $this->mPassword,
2645 'user_newpassword' => $this->mNewpassword,
2646 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2647 'user_email' => $this->mEmail,
2648 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2649 'user_real_name' => $this->mRealName,
2650 'user_options' => '',
2651 'user_token' => $this->mToken,
2652 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2653 'user_editcount' => 0,
2654 ), __METHOD__
2655 );
2656 $this->mId = $dbw->insertId();
2657
2658 // Clear instance cache other than user table data, which is already accurate
2659 $this->clearInstanceCache();
2660
2661 $this->saveOptions();
2662 }
2663
2664 /**
2665 * If this (non-anonymous) user is blocked, block any IP address
2666 * they've successfully logged in from.
2667 */
2668 function spreadBlock() {
2669 wfDebug( __METHOD__ . "()\n" );
2670 $this->load();
2671 if ( $this->mId == 0 ) {
2672 return;
2673 }
2674
2675 $userblock = Block::newFromDB( '', $this->mId );
2676 if ( !$userblock ) {
2677 return;
2678 }
2679
2680 $userblock->doAutoblock( wfGetIP() );
2681 }
2682
2683 /**
2684 * Generate a string which will be different for any combination of
2685 * user options which would produce different parser output.
2686 * This will be used as part of the hash key for the parser cache,
2687 * so users with the same options can share the same cached data
2688 * safely.
2689 *
2690 * Extensions which require it should install 'PageRenderingHash' hook,
2691 * which will give them a chance to modify this key based on their own
2692 * settings.
2693 *
2694 * @return \string Page rendering hash
2695 */
2696 function getPageRenderingHash() {
2697 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2698 if( $this->mHash ){
2699 return $this->mHash;
2700 }
2701
2702 // stubthreshold is only included below for completeness,
2703 // since it disables the parser cache, its value will always
2704 // be 0 when this function is called by parsercache.
2705
2706 $confstr = $this->getOption( 'math' );
2707 $confstr .= '!' . $this->getStubThreshold();
2708 if ( $wgUseDynamicDates ) {
2709 $confstr .= '!' . $this->getDatePreference();
2710 }
2711 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2712 $confstr .= '!' . $wgLang->getCode();
2713 $confstr .= '!' . $this->getOption( 'thumbsize' );
2714 // add in language specific options, if any
2715 $extra = $wgContLang->getExtraHashOptions();
2716 $confstr .= $extra;
2717
2718 // Since the skin could be overloading link(), it should be
2719 // included here but in practice, none of our skins do that.
2720
2721 $confstr .= $wgRenderHashAppend;
2722
2723 // Give a chance for extensions to modify the hash, if they have
2724 // extra options or other effects on the parser cache.
2725 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2726
2727 // Make it a valid memcached key fragment
2728 $confstr = str_replace( ' ', '_', $confstr );
2729 $this->mHash = $confstr;
2730 return $confstr;
2731 }
2732
2733 /**
2734 * Get whether the user is explicitly blocked from account creation.
2735 * @return \bool True if blocked
2736 */
2737 function isBlockedFromCreateAccount() {
2738 $this->getBlockedStatus();
2739 return $this->mBlock && $this->mBlock->mCreateAccount;
2740 }
2741
2742 /**
2743 * Get whether the user is blocked from using Special:Emailuser.
2744 * @return \bool True if blocked
2745 */
2746 function isBlockedFromEmailuser() {
2747 $this->getBlockedStatus();
2748 return $this->mBlock && $this->mBlock->mBlockEmail;
2749 }
2750
2751 /**
2752 * Get whether the user is allowed to create an account.
2753 * @return \bool True if allowed
2754 */
2755 function isAllowedToCreateAccount() {
2756 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2757 }
2758
2759 /**
2760 * Get this user's personal page title.
2761 *
2762 * @return \type{Title} User's personal page title
2763 */
2764 function getUserPage() {
2765 return Title::makeTitle( NS_USER, $this->getName() );
2766 }
2767
2768 /**
2769 * Get this user's talk page title.
2770 *
2771 * @return \type{Title} User's talk page title
2772 */
2773 function getTalkPage() {
2774 $title = $this->getUserPage();
2775 return $title->getTalkPage();
2776 }
2777
2778 /**
2779 * Get the maximum valid user ID.
2780 * @return \int User ID
2781 * @static
2782 */
2783 function getMaxID() {
2784 static $res; // cache
2785
2786 if ( isset( $res ) )
2787 return $res;
2788 else {
2789 $dbr = wfGetDB( DB_SLAVE );
2790 return $res = $dbr->selectField( 'user', 'max(user_id)', false, __METHOD__ );
2791 }
2792 }
2793
2794 /**
2795 * Determine whether the user is a newbie. Newbies are either
2796 * anonymous IPs, or the most recently created accounts.
2797 * @return \bool True if the user is a newbie
2798 */
2799 function isNewbie() {
2800 return !$this->isAllowed( 'autoconfirmed' );
2801 }
2802
2803 /**
2804 * Check to see if the given clear-text password is one of the accepted passwords
2805 * @param $password \string user password.
2806 * @return \bool True if the given password is correct, otherwise False.
2807 */
2808 function checkPassword( $password ) {
2809 global $wgAuth;
2810 $this->load();
2811
2812 // Even though we stop people from creating passwords that
2813 // are shorter than this, doesn't mean people wont be able
2814 // to. Certain authentication plugins do NOT want to save
2815 // domain passwords in a mysql database, so we should
2816 // check this (incase $wgAuth->strict() is false).
2817 if( !$this->isValidPassword( $password ) ) {
2818 return false;
2819 }
2820
2821 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2822 return true;
2823 } elseif( $wgAuth->strict() ) {
2824 /* Auth plugin doesn't allow local authentication */
2825 return false;
2826 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2827 /* Auth plugin doesn't allow local authentication for this user name */
2828 return false;
2829 }
2830 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2831 return true;
2832 } elseif ( function_exists( 'iconv' ) ) {
2833 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2834 # Check for this with iconv
2835 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2836 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2837 return true;
2838 }
2839 }
2840 return false;
2841 }
2842
2843 /**
2844 * Check if the given clear-text password matches the temporary password
2845 * sent by e-mail for password reset operations.
2846 * @return \bool True if matches, false otherwise
2847 */
2848 function checkTemporaryPassword( $plaintext ) {
2849 global $wgNewPasswordExpiry;
2850 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2851 $this->load();
2852 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2853 return ( time() < $expiry );
2854 } else {
2855 return false;
2856 }
2857 }
2858
2859 /**
2860 * Initialize (if necessary) and return a session token value
2861 * which can be used in edit forms to show that the user's
2862 * login credentials aren't being hijacked with a foreign form
2863 * submission.
2864 *
2865 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2866 * @return \string The new edit token
2867 */
2868 function editToken( $salt = '' ) {
2869 if ( $this->isAnon() ) {
2870 return EDIT_TOKEN_SUFFIX;
2871 } else {
2872 if( !isset( $_SESSION['wsEditToken'] ) ) {
2873 $token = self::generateToken();
2874 $_SESSION['wsEditToken'] = $token;
2875 } else {
2876 $token = $_SESSION['wsEditToken'];
2877 }
2878 if( is_array( $salt ) ) {
2879 $salt = implode( '|', $salt );
2880 }
2881 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2882 }
2883 }
2884
2885 /**
2886 * Generate a looking random token for various uses.
2887 *
2888 * @param $salt \string Optional salt value
2889 * @return \string The new random token
2890 */
2891 public static function generateToken( $salt = '' ) {
2892 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2893 return md5( $token . $salt );
2894 }
2895
2896 /**
2897 * Check given value against the token value stored in the session.
2898 * A match should confirm that the form was submitted from the
2899 * user's own login session, not a form submission from a third-party
2900 * site.
2901 *
2902 * @param $val \string Input value to compare
2903 * @param $salt \string Optional function-specific data for hashing
2904 * @return \bool Whether the token matches
2905 */
2906 function matchEditToken( $val, $salt = '' ) {
2907 $sessionToken = $this->editToken( $salt );
2908 if ( $val != $sessionToken ) {
2909 wfDebug( "User::matchEditToken: broken session data\n" );
2910 }
2911 return $val == $sessionToken;
2912 }
2913
2914 /**
2915 * Check given value against the token value stored in the session,
2916 * ignoring the suffix.
2917 *
2918 * @param $val \string Input value to compare
2919 * @param $salt \string Optional function-specific data for hashing
2920 * @return \bool Whether the token matches
2921 */
2922 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2923 $sessionToken = $this->editToken( $salt );
2924 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2925 }
2926
2927 /**
2928 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2929 * mail to the user's given address.
2930 *
2931 * @param $changed Boolean: whether the adress changed
2932 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2933 */
2934 function sendConfirmationMail( $changed = false ) {
2935 global $wgLang;
2936 $expiration = null; // gets passed-by-ref and defined in next line.
2937 $token = $this->confirmationToken( $expiration );
2938 $url = $this->confirmationTokenUrl( $token );
2939 $invalidateURL = $this->invalidationTokenUrl( $token );
2940 $this->saveSettings();
2941
2942 $message = $changed ? 'confirmemail_body_changed' : 'confirmemail_body';
2943 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2944 wfMsg( $message,
2945 wfGetIP(),
2946 $this->getName(),
2947 $url,
2948 $wgLang->timeanddate( $expiration, false ),
2949 $invalidateURL,
2950 $wgLang->date( $expiration, false ),
2951 $wgLang->time( $expiration, false ) ) );
2952 }
2953
2954 /**
2955 * Send an e-mail to this user's account. Does not check for
2956 * confirmed status or validity.
2957 *
2958 * @param $subject \string Message subject
2959 * @param $body \string Message body
2960 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2961 * @param $replyto \string Reply-To address
2962 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2963 */
2964 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2965 if( is_null( $from ) ) {
2966 global $wgPasswordSender;
2967 $from = $wgPasswordSender;
2968 }
2969
2970 $to = new MailAddress( $this );
2971 $sender = new MailAddress( $from );
2972 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2973 }
2974
2975 /**
2976 * Generate, store, and return a new e-mail confirmation code.
2977 * A hash (unsalted, since it's used as a key) is stored.
2978 *
2979 * @note Call saveSettings() after calling this function to commit
2980 * this change to the database.
2981 *
2982 * @param[out] &$expiration \mixed Accepts the expiration time
2983 * @return \string New token
2984 * @private
2985 */
2986 function confirmationToken( &$expiration ) {
2987 $now = time();
2988 $expires = $now + 7 * 24 * 60 * 60;
2989 $expiration = wfTimestamp( TS_MW, $expires );
2990 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
2991 $hash = md5( $token );
2992 $this->load();
2993 $this->mEmailToken = $hash;
2994 $this->mEmailTokenExpires = $expiration;
2995 return $token;
2996 }
2997
2998 /**
2999 * Return a URL the user can use to confirm their email address.
3000 * @param $token \string Accepts the email confirmation token
3001 * @return \string New token URL
3002 * @private
3003 */
3004 function confirmationTokenUrl( $token ) {
3005 return $this->getTokenUrl( 'ConfirmEmail', $token );
3006 }
3007
3008 /**
3009 * Return a URL the user can use to invalidate their email address.
3010 * @param $token \string Accepts the email confirmation token
3011 * @return \string New token URL
3012 * @private
3013 */
3014 function invalidationTokenUrl( $token ) {
3015 return $this->getTokenUrl( 'Invalidateemail', $token );
3016 }
3017
3018 /**
3019 * Internal function to format the e-mail validation/invalidation URLs.
3020 * This uses $wgArticlePath directly as a quickie hack to use the
3021 * hardcoded English names of the Special: pages, for ASCII safety.
3022 *
3023 * @note Since these URLs get dropped directly into emails, using the
3024 * short English names avoids insanely long URL-encoded links, which
3025 * also sometimes can get corrupted in some browsers/mailers
3026 * (bug 6957 with Gmail and Internet Explorer).
3027 *
3028 * @param $page \string Special page
3029 * @param $token \string Token
3030 * @return \string Formatted URL
3031 */
3032 protected function getTokenUrl( $page, $token ) {
3033 global $wgArticlePath;
3034 return wfExpandUrl(
3035 str_replace(
3036 '$1',
3037 "Special:$page/$token",
3038 $wgArticlePath ) );
3039 }
3040
3041 /**
3042 * Mark the e-mail address confirmed.
3043 *
3044 * @note Call saveSettings() after calling this function to commit the change.
3045 */
3046 function confirmEmail() {
3047 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3048 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3049 return true;
3050 }
3051
3052 /**
3053 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3054 * address if it was already confirmed.
3055 *
3056 * @note Call saveSettings() after calling this function to commit the change.
3057 */
3058 function invalidateEmail() {
3059 $this->load();
3060 $this->mEmailToken = null;
3061 $this->mEmailTokenExpires = null;
3062 $this->setEmailAuthenticationTimestamp( null );
3063 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3064 return true;
3065 }
3066
3067 /**
3068 * Set the e-mail authentication timestamp.
3069 * @param $timestamp \string TS_MW timestamp
3070 */
3071 function setEmailAuthenticationTimestamp( $timestamp ) {
3072 $this->load();
3073 $this->mEmailAuthenticated = $timestamp;
3074 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3075 }
3076
3077 /**
3078 * Is this user allowed to send e-mails within limits of current
3079 * site configuration?
3080 * @return \bool True if allowed
3081 */
3082 function canSendEmail() {
3083 global $wgEnableEmail, $wgEnableUserEmail;
3084 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3085 return false;
3086 }
3087 $canSend = $this->isEmailConfirmed();
3088 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3089 return $canSend;
3090 }
3091
3092 /**
3093 * Is this user allowed to receive e-mails within limits of current
3094 * site configuration?
3095 * @return \bool True if allowed
3096 */
3097 function canReceiveEmail() {
3098 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3099 }
3100
3101 /**
3102 * Is this user's e-mail address valid-looking and confirmed within
3103 * limits of the current site configuration?
3104 *
3105 * @note If $wgEmailAuthentication is on, this may require the user to have
3106 * confirmed their address by returning a code or using a password
3107 * sent to the address from the wiki.
3108 *
3109 * @return \bool True if confirmed
3110 */
3111 function isEmailConfirmed() {
3112 global $wgEmailAuthentication;
3113 $this->load();
3114 $confirmed = true;
3115 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3116 if( $this->isAnon() )
3117 return false;
3118 if( !self::isValidEmailAddr( $this->mEmail ) )
3119 return false;
3120 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3121 return false;
3122 return true;
3123 } else {
3124 return $confirmed;
3125 }
3126 }
3127
3128 /**
3129 * Check whether there is an outstanding request for e-mail confirmation.
3130 * @return \bool True if pending
3131 */
3132 function isEmailConfirmationPending() {
3133 global $wgEmailAuthentication;
3134 return $wgEmailAuthentication &&
3135 !$this->isEmailConfirmed() &&
3136 $this->mEmailToken &&
3137 $this->mEmailTokenExpires > wfTimestamp();
3138 }
3139
3140 /**
3141 * Get the timestamp of account creation.
3142 *
3143 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3144 * non-existent/anonymous user accounts.
3145 */
3146 public function getRegistration() {
3147 return $this->getId() > 0
3148 ? $this->mRegistration
3149 : false;
3150 }
3151
3152 /**
3153 * Get the timestamp of the first edit
3154 *
3155 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3156 * non-existent/anonymous user accounts.
3157 */
3158 public function getFirstEditTimestamp() {
3159 if( $this->getId() == 0 ) return false; // anons
3160 $dbr = wfGetDB( DB_SLAVE );
3161 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3162 array( 'rev_user' => $this->getId() ),
3163 __METHOD__,
3164 array( 'ORDER BY' => 'rev_timestamp ASC' )
3165 );
3166 if( !$time ) return false; // no edits
3167 return wfTimestamp( TS_MW, $time );
3168 }
3169
3170 /**
3171 * Get the permissions associated with a given list of groups
3172 *
3173 * @param $groups \type{\arrayof{\string}} List of internal group names
3174 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3175 */
3176 static function getGroupPermissions( $groups ) {
3177 global $wgGroupPermissions, $wgRevokePermissions;
3178 $rights = array();
3179 // grant every granted permission first
3180 foreach( $groups as $group ) {
3181 if( isset( $wgGroupPermissions[$group] ) ) {
3182 $rights = array_merge( $rights,
3183 // array_filter removes empty items
3184 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3185 }
3186 }
3187 // now revoke the revoked permissions
3188 foreach( $groups as $group ) {
3189 if( isset( $wgRevokePermissions[$group] ) ) {
3190 $rights = array_diff( $rights,
3191 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3192 }
3193 }
3194 return array_unique( $rights );
3195 }
3196
3197 /**
3198 * Get all the groups who have a given permission
3199 *
3200 * @param $role \string Role to check
3201 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3202 */
3203 static function getGroupsWithPermission( $role ) {
3204 global $wgGroupPermissions;
3205 $allowedGroups = array();
3206 foreach ( $wgGroupPermissions as $group => $rights ) {
3207 if ( isset( $rights[$role] ) && $rights[$role] ) {
3208 $allowedGroups[] = $group;
3209 }
3210 }
3211 return $allowedGroups;
3212 }
3213
3214 /**
3215 * Get the localized descriptive name for a group, if it exists
3216 *
3217 * @param $group \string Internal group name
3218 * @return \string Localized descriptive group name
3219 */
3220 static function getGroupName( $group ) {
3221 $key = "group-$group";
3222 $name = wfMsg( $key );
3223 return $name == '' || wfEmptyMsg( $key, $name )
3224 ? $group
3225 : $name;
3226 }
3227
3228 /**
3229 * Get the localized descriptive name for a member of a group, if it exists
3230 *
3231 * @param $group \string Internal group name
3232 * @return \string Localized name for group member
3233 */
3234 static function getGroupMember( $group ) {
3235 $key = "group-$group-member";
3236 $name = wfMsg( $key );
3237 return $name == '' || wfEmptyMsg( $key, $name )
3238 ? $group
3239 : $name;
3240 }
3241
3242 /**
3243 * Return the set of defined explicit groups.
3244 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3245 * are not included, as they are defined automatically, not in the database.
3246 * @return \type{\arrayof{\string}} Array of internal group names
3247 */
3248 static function getAllGroups() {
3249 global $wgGroupPermissions, $wgRevokePermissions;
3250 return array_diff(
3251 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3252 self::getImplicitGroups()
3253 );
3254 }
3255
3256 /**
3257 * Get a list of all available permissions.
3258 * @return \type{\arrayof{\string}} Array of permission names
3259 */
3260 static function getAllRights() {
3261 if ( self::$mAllRights === false ) {
3262 global $wgAvailableRights;
3263 if ( count( $wgAvailableRights ) ) {
3264 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3265 } else {
3266 self::$mAllRights = self::$mCoreRights;
3267 }
3268 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3269 }
3270 return self::$mAllRights;
3271 }
3272
3273 /**
3274 * Get a list of implicit groups
3275 * @return \type{\arrayof{\string}} Array of internal group names
3276 */
3277 public static function getImplicitGroups() {
3278 global $wgImplicitGroups;
3279 $groups = $wgImplicitGroups;
3280 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3281 return $groups;
3282 }
3283
3284 /**
3285 * Get the title of a page describing a particular group
3286 *
3287 * @param $group \string Internal group name
3288 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3289 */
3290 static function getGroupPage( $group ) {
3291 $page = wfMsgForContent( 'grouppage-' . $group );
3292 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3293 $title = Title::newFromText( $page );
3294 if( is_object( $title ) )
3295 return $title;
3296 }
3297 return false;
3298 }
3299
3300 /**
3301 * Create a link to the group in HTML, if available;
3302 * else return the group name.
3303 *
3304 * @param $group \string Internal name of the group
3305 * @param $text \string The text of the link
3306 * @return \string HTML link to the group
3307 */
3308 static function makeGroupLinkHTML( $group, $text = '' ) {
3309 if( $text == '' ) {
3310 $text = self::getGroupName( $group );
3311 }
3312 $title = self::getGroupPage( $group );
3313 if( $title ) {
3314 global $wgUser;
3315 $sk = $wgUser->getSkin();
3316 return $sk->link( $title, htmlspecialchars( $text ) );
3317 } else {
3318 return $text;
3319 }
3320 }
3321
3322 /**
3323 * Create a link to the group in Wikitext, if available;
3324 * else return the group name.
3325 *
3326 * @param $group \string Internal name of the group
3327 * @param $text \string The text of the link
3328 * @return \string Wikilink to the group
3329 */
3330 static function makeGroupLinkWiki( $group, $text = '' ) {
3331 if( $text == '' ) {
3332 $text = self::getGroupName( $group );
3333 }
3334 $title = self::getGroupPage( $group );
3335 if( $title ) {
3336 $page = $title->getPrefixedText();
3337 return "[[$page|$text]]";
3338 } else {
3339 return $text;
3340 }
3341 }
3342
3343 /**
3344 * Returns an array of the groups that a particular group can add/remove.
3345 *
3346 * @param $group String: the group to check for whether it can add/remove
3347 * @return Array array( 'add' => array( addablegroups ),
3348 * 'remove' => array( removablegroups ),
3349 * 'add-self' => array( addablegroups to self),
3350 * 'remove-self' => array( removable groups from self) )
3351 */
3352 static function changeableByGroup( $group ) {
3353 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3354
3355 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3356 if( empty( $wgAddGroups[$group] ) ) {
3357 // Don't add anything to $groups
3358 } elseif( $wgAddGroups[$group] === true ) {
3359 // You get everything
3360 $groups['add'] = self::getAllGroups();
3361 } elseif( is_array( $wgAddGroups[$group] ) ) {
3362 $groups['add'] = $wgAddGroups[$group];
3363 }
3364
3365 // Same thing for remove
3366 if( empty( $wgRemoveGroups[$group] ) ) {
3367 } elseif( $wgRemoveGroups[$group] === true ) {
3368 $groups['remove'] = self::getAllGroups();
3369 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3370 $groups['remove'] = $wgRemoveGroups[$group];
3371 }
3372
3373 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3374 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3375 foreach( $wgGroupsAddToSelf as $key => $value ) {
3376 if( is_int( $key ) ) {
3377 $wgGroupsAddToSelf['user'][] = $value;
3378 }
3379 }
3380 }
3381
3382 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3383 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3384 if( is_int( $key ) ) {
3385 $wgGroupsRemoveFromSelf['user'][] = $value;
3386 }
3387 }
3388 }
3389
3390 // Now figure out what groups the user can add to him/herself
3391 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3392 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3393 // No idea WHY this would be used, but it's there
3394 $groups['add-self'] = User::getAllGroups();
3395 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3396 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3397 }
3398
3399 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3400 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3401 $groups['remove-self'] = User::getAllGroups();
3402 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3403 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3404 }
3405
3406 return $groups;
3407 }
3408
3409 /**
3410 * Returns an array of groups that this user can add and remove
3411 * @return Array array( 'add' => array( addablegroups ),
3412 * 'remove' => array( removablegroups ),
3413 * 'add-self' => array( addablegroups to self),
3414 * 'remove-self' => array( removable groups from self) )
3415 */
3416 function changeableGroups() {
3417 if( $this->isAllowed( 'userrights' ) ) {
3418 // This group gives the right to modify everything (reverse-
3419 // compatibility with old "userrights lets you change
3420 // everything")
3421 // Using array_merge to make the groups reindexed
3422 $all = array_merge( User::getAllGroups() );
3423 return array(
3424 'add' => $all,
3425 'remove' => $all,
3426 'add-self' => array(),
3427 'remove-self' => array()
3428 );
3429 }
3430
3431 // Okay, it's not so simple, we will have to go through the arrays
3432 $groups = array(
3433 'add' => array(),
3434 'remove' => array(),
3435 'add-self' => array(),
3436 'remove-self' => array()
3437 );
3438 $addergroups = $this->getEffectiveGroups();
3439
3440 foreach( $addergroups as $addergroup ) {
3441 $groups = array_merge_recursive(
3442 $groups, $this->changeableByGroup( $addergroup )
3443 );
3444 $groups['add'] = array_unique( $groups['add'] );
3445 $groups['remove'] = array_unique( $groups['remove'] );
3446 $groups['add-self'] = array_unique( $groups['add-self'] );
3447 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3448 }
3449 return $groups;
3450 }
3451
3452 /**
3453 * Increment the user's edit-count field.
3454 * Will have no effect for anonymous users.
3455 */
3456 function incEditCount() {
3457 if( !$this->isAnon() ) {
3458 $dbw = wfGetDB( DB_MASTER );
3459 $dbw->update( 'user',
3460 array( 'user_editcount=user_editcount+1' ),
3461 array( 'user_id' => $this->getId() ),
3462 __METHOD__ );
3463
3464 // Lazy initialization check...
3465 if( $dbw->affectedRows() == 0 ) {
3466 // Pull from a slave to be less cruel to servers
3467 // Accuracy isn't the point anyway here
3468 $dbr = wfGetDB( DB_SLAVE );
3469 $count = $dbr->selectField( 'revision',
3470 'COUNT(rev_user)',
3471 array( 'rev_user' => $this->getId() ),
3472 __METHOD__ );
3473
3474 // Now here's a goddamn hack...
3475 if( $dbr !== $dbw ) {
3476 // If we actually have a slave server, the count is
3477 // at least one behind because the current transaction
3478 // has not been committed and replicated.
3479 $count++;
3480 } else {
3481 // But if DB_SLAVE is selecting the master, then the
3482 // count we just read includes the revision that was
3483 // just added in the working transaction.
3484 }
3485
3486 $dbw->update( 'user',
3487 array( 'user_editcount' => $count ),
3488 array( 'user_id' => $this->getId() ),
3489 __METHOD__ );
3490 }
3491 }
3492 // edit count in user cache too
3493 $this->invalidateCache();
3494 }
3495
3496 /**
3497 * Get the description of a given right
3498 *
3499 * @param $right \string Right to query
3500 * @return \string Localized description of the right
3501 */
3502 static function getRightDescription( $right ) {
3503 $key = "right-$right";
3504 $name = wfMsg( $key );
3505 return $name == '' || wfEmptyMsg( $key, $name )
3506 ? $right
3507 : $name;
3508 }
3509
3510 /**
3511 * Make an old-style password hash
3512 *
3513 * @param $password \string Plain-text password
3514 * @param $userId \string User ID
3515 * @return \string Password hash
3516 */
3517 static function oldCrypt( $password, $userId ) {
3518 global $wgPasswordSalt;
3519 if ( $wgPasswordSalt ) {
3520 return md5( $userId . '-' . md5( $password ) );
3521 } else {
3522 return md5( $password );
3523 }
3524 }
3525
3526 /**
3527 * Make a new-style password hash
3528 *
3529 * @param $password \string Plain-text password
3530 * @param $salt \string Optional salt, may be random or the user ID.
3531 * If unspecified or false, will generate one automatically
3532 * @return \string Password hash
3533 */
3534 static function crypt( $password, $salt = false ) {
3535 global $wgPasswordSalt;
3536
3537 $hash = '';
3538 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3539 return $hash;
3540 }
3541
3542 if( $wgPasswordSalt ) {
3543 if ( $salt === false ) {
3544 $salt = substr( wfGenerateToken(), 0, 8 );
3545 }
3546 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3547 } else {
3548 return ':A:' . md5( $password );
3549 }
3550 }
3551
3552 /**
3553 * Compare a password hash with a plain-text password. Requires the user
3554 * ID if there's a chance that the hash is an old-style hash.
3555 *
3556 * @param $hash \string Password hash
3557 * @param $password \string Plain-text password to compare
3558 * @param $userId \string User ID for old-style password salt
3559 * @return \bool
3560 */
3561 static function comparePasswords( $hash, $password, $userId = false ) {
3562 $type = substr( $hash, 0, 3 );
3563
3564 $result = false;
3565 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3566 return $result;
3567 }
3568
3569 if ( $type == ':A:' ) {
3570 # Unsalted
3571 return md5( $password ) === substr( $hash, 3 );
3572 } elseif ( $type == ':B:' ) {
3573 # Salted
3574 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3575 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3576 } else {
3577 # Old-style
3578 return self::oldCrypt( $password, $userId ) === $hash;
3579 }
3580 }
3581
3582 /**
3583 * Add a newuser log entry for this user
3584 *
3585 * @param $byEmail Boolean: account made by email?
3586 * @param $reason String: user supplied reason
3587 */
3588 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3589 global $wgUser, $wgContLang, $wgNewUserLog;
3590 if( empty( $wgNewUserLog ) ) {
3591 return true; // disabled
3592 }
3593
3594 if( $this->getName() == $wgUser->getName() ) {
3595 $action = 'create';
3596 } else {
3597 $action = 'create2';
3598 if ( $byEmail ) {
3599 if ( $reason === '' ) {
3600 $reason = wfMsgForContent( 'newuserlog-byemail' );
3601 } else {
3602 $reason = $wgContLang->commaList( array(
3603 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3604 }
3605 }
3606 }
3607 $log = new LogPage( 'newusers' );
3608 $log->addEntry(
3609 $action,
3610 $this->getUserPage(),
3611 $reason,
3612 array( $this->getId() )
3613 );
3614 return true;
3615 }
3616
3617 /**
3618 * Add an autocreate newuser log entry for this user
3619 * Used by things like CentralAuth and perhaps other authplugins.
3620 */
3621 public function addNewUserLogEntryAutoCreate() {
3622 global $wgNewUserLog, $wgLogAutocreatedAccounts;
3623 if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
3624 return true; // disabled
3625 }
3626 $log = new LogPage( 'newusers', false );
3627 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3628 return true;
3629 }
3630
3631 protected function loadOptions() {
3632 $this->load();
3633 if ( $this->mOptionsLoaded || !$this->getId() )
3634 return;
3635
3636 $this->mOptions = self::getDefaultOptions();
3637
3638 // Maybe load from the object
3639 if ( !is_null( $this->mOptionOverrides ) ) {
3640 wfDebug( "Loading options for user " . $this->getId() . " from override cache.\n" );
3641 foreach( $this->mOptionOverrides as $key => $value ) {
3642 $this->mOptions[$key] = $value;
3643 }
3644 } else {
3645 wfDebug( "Loading options for user " . $this->getId() . " from database.\n" );
3646 // Load from database
3647 $dbr = wfGetDB( DB_SLAVE );
3648
3649 $res = $dbr->select(
3650 'user_properties',
3651 '*',
3652 array( 'up_user' => $this->getId() ),
3653 __METHOD__
3654 );
3655
3656 while( $row = $dbr->fetchObject( $res ) ) {
3657 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3658 $this->mOptions[$row->up_property] = $row->up_value;
3659 }
3660 }
3661
3662 $this->mOptionsLoaded = true;
3663
3664 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3665 }
3666
3667 protected function saveOptions() {
3668 global $wgAllowPrefChange;
3669
3670 $extuser = ExternalUser::newFromUser( $this );
3671
3672 $this->loadOptions();
3673 $dbw = wfGetDB( DB_MASTER );
3674
3675 $insert_rows = array();
3676
3677 $saveOptions = $this->mOptions;
3678
3679 // Allow hooks to abort, for instance to save to a global profile.
3680 // Reset options to default state before saving.
3681 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3682 return;
3683
3684 foreach( $saveOptions as $key => $value ) {
3685 # Don't bother storing default values
3686 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3687 !( $value === false || is_null($value) ) ) ||
3688 $value != self::getDefaultOption( $key ) ) {
3689 $insert_rows[] = array(
3690 'up_user' => $this->getId(),
3691 'up_property' => $key,
3692 'up_value' => $value,
3693 );
3694 }
3695 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3696 switch ( $wgAllowPrefChange[$key] ) {
3697 case 'local':
3698 case 'message':
3699 break;
3700 case 'semiglobal':
3701 case 'global':
3702 $extuser->setPref( $key, $value );
3703 }
3704 }
3705 }
3706
3707 $dbw->begin();
3708 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3709 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3710 $dbw->commit();
3711 }
3712
3713 /**
3714 * Provide an array of HTML5 attributes to put on an input element
3715 * intended for the user to enter a new password. This may include
3716 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3717 *
3718 * Do *not* use this when asking the user to enter his current password!
3719 * Regardless of configuration, users may have invalid passwords for whatever
3720 * reason (e.g., they were set before requirements were tightened up).
3721 * Only use it when asking for a new password, like on account creation or
3722 * ResetPass.
3723 *
3724 * Obviously, you still need to do server-side checking.
3725 *
3726 * NOTE: A combination of bugs in various browsers means that this function
3727 * actually just returns array() unconditionally at the moment. May as
3728 * well keep it around for when the browser bugs get fixed, though.
3729 *
3730 * @return array Array of HTML attributes suitable for feeding to
3731 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3732 * That will potentially output invalid XHTML 1.0 Transitional, and will
3733 * get confused by the boolean attribute syntax used.)
3734 */
3735 public static function passwordChangeInputAttribs() {
3736 global $wgMinimalPasswordLength;
3737
3738 if ( $wgMinimalPasswordLength == 0 ) {
3739 return array();
3740 }
3741
3742 # Note that the pattern requirement will always be satisfied if the
3743 # input is empty, so we need required in all cases.
3744 #
3745 # FIXME (bug 23769): This needs to not claim the password is required
3746 # if e-mail confirmation is being used. Since HTML5 input validation
3747 # is b0rked anyway in some browsers, just return nothing. When it's
3748 # re-enabled, fix this code to not output required for e-mail
3749 # registration.
3750 #$ret = array( 'required' );
3751 $ret = array();
3752
3753 # We can't actually do this right now, because Opera 9.6 will print out
3754 # the entered password visibly in its error message! When other
3755 # browsers add support for this attribute, or Opera fixes its support,
3756 # we can add support with a version check to avoid doing this on Opera
3757 # versions where it will be a problem. Reported to Opera as
3758 # DSK-262266, but they don't have a public bug tracker for us to follow.
3759 /*
3760 if ( $wgMinimalPasswordLength > 1 ) {
3761 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3762 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3763 $wgMinimalPasswordLength );
3764 }
3765 */
3766
3767 return $ret;
3768 }
3769
3770 /**
3771 * Format the user message using a hook, a template, or, failing these, a static format.
3772 * @param $subject String the subject of the message
3773 * @param $text String the content of the message
3774 * @param $signature String the signature, if provided.
3775 */
3776 static protected function formatUserMessage( $subject, $text, $signature ) {
3777 if ( wfRunHooks( 'FormatUserMessage',
3778 array( $subject, &$text, $signature ) ) ) {
3779
3780 $signature = empty($signature) ? "~~~~~" : "{$signature} ~~~~~";
3781
3782 $template = Title::newFromText( wfMsgForContent( 'usermessage-template' ) );
3783 if ( !$template
3784 || $template->getNamespace() !== NS_TEMPLATE
3785 || !$template->exists() ) {
3786 $text = "\n== $subject ==\n\n$text\n\n-- $signature";
3787 } else {
3788 $text = '{{'. $template->getText()
3789 . " | subject=$subject | body=$text | signature=$signature }}";
3790 }
3791 }
3792
3793 return $text;
3794 }
3795
3796 /**
3797 * Leave a user a message
3798 * @param $subject String the subject of the message
3799 * @param $text String the message to leave
3800 * @param $signature String Text to leave in the signature
3801 * @param $summary String the summary for this change, defaults to
3802 * "Leave system message."
3803 * @param $editor User The user leaving the message, defaults to
3804 * "{{MediaWiki:usermessage-editor}}"
3805 * @param $flags Int default edit flags
3806 *
3807 * @return boolean true if it was successful
3808 */
3809 public function leaveUserMessage( $subject, $text, $signature = "",
3810 $summary = null, $editor = null, $flags = 0 ) {
3811 if ( !isset( $summary ) ) {
3812 $summary = wfMsgForContent( 'usermessage-summary' );
3813 }
3814
3815 if ( !isset( $editor ) ) {
3816 $editor = User::newFromName( wfMsgForContent( 'usermessage-editor' ) );
3817 if ( !$editor->isLoggedIn() ) {
3818 $editor->addToDatabase();
3819 }
3820 }
3821
3822 $article = new Article( $this->getTalkPage() );
3823 wfRunHooks( 'SetupUserMessageArticle',
3824 array( $this, &$article, $subject, $text, $signature, $summary, $editor ) );
3825
3826
3827 $text = self::formatUserMessage( $subject, $text, $signature );
3828 $flags = $article->checkFlags( $flags );
3829
3830 if ( $flags & EDIT_UPDATE ) {
3831 $text = $article->getContent() . $text;
3832 }
3833
3834 $dbw = wfGetDB( DB_MASTER );
3835 $dbw->begin();
3836
3837 try {
3838 $status = $article->doEdit( $text, $summary, $flags, false, $editor );
3839 } catch ( DBQueryError $e ) {
3840 $status = Status::newFatal("DB Error");
3841 }
3842
3843 if ( $status->isGood() ) {
3844 // Set newtalk with the right user ID
3845 $this->setNewtalk( true );
3846 wfRunHooks( 'AfterUserMessage',
3847 array( $this, $article, $summary, $text, $signature, $summary, $editor ) );
3848 $dbw->commit();
3849 } else {
3850 // The article was concurrently created
3851 wfDebug( __METHOD__ . ": Error ".$status->getWikiText() );
3852 $dbw->rollback();
3853 }
3854
3855 return $status->isGood();
3856 }
3857 }
MediaWiki Core