search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* Port tests from t/inc/
[mediawiki.git] / includes / User.php
blobee148b0bc5bb0b9fdd9625e5403a664b761d2767
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44
45 /**
46 * \type{\arrayof{\string}} A list of default user toggles, i.e., boolean user
47 * preferences that are displayed by Special:Preferences as checkboxes.
48 * This list can be extended via the UserToggles hook or by
49 * $wgContLang::getExtraUserToggles().
50 * @showinitializer
51 */
52 public static $mToggles = array(
53 'highlightbroken',
54 'justify',
55 'hideminor',
56 'extendwatchlist',
57 'usenewrc',
58 'numberheadings',
59 'showtoolbar',
60 'editondblclick',
61 'editsection',
62 'editsectiononrightclick',
63 'showtoc',
64 'rememberpassword',
65 'editwidth',
66 'watchcreations',
67 'watchdefault',
68 'watchmoves',
69 'watchdeletion',
70 'minordefault',
71 'previewontop',
72 'previewonfirst',
73 'nocache',
74 'enotifwatchlistpages',
75 'enotifusertalkpages',
76 'enotifminoredits',
77 'enotifrevealaddr',
78 'shownumberswatching',
79 'fancysig',
80 'externaleditor',
81 'externaldiff',
82 'showjumplinks',
83 'uselivepreview',
84 'forceeditsummary',
85 'watchlisthideminor',
86 'watchlisthidebots',
87 'watchlisthideown',
88 'watchlisthideanons',
89 'watchlisthideliu',
90 'ccmeonemails',
91 'diffonly',
92 'showhiddencats',
93 'noconvertlink',
94 'norollbackdiff',
95 );
96
97 /**
98 * \type{\arrayof{\string}} List of member variables which are saved to the
99 * shared cache (memcached). Any operation which changes the
100 * corresponding database fields must call a cache-clearing function.
101 * @showinitializer
102 */
103 static $mCacheVars = array(
104 // user table
105 'mId',
106 'mName',
107 'mRealName',
108 'mPassword',
109 'mNewpassword',
110 'mNewpassTime',
111 'mEmail',
112 'mTouched',
113 'mToken',
114 'mEmailAuthenticated',
115 'mEmailToken',
116 'mEmailTokenExpires',
117 'mRegistration',
118 'mEditCount',
119 // user_group table
120 'mGroups',
121 // user_properties table
122 'mOptionOverrides',
123 );
124
125 /**
126 * \type{\arrayof{\string}} Core rights.
127 * Each of these should have a corresponding message of the form
128 * "right-$right".
129 * @showinitializer
130 */
131 static $mCoreRights = array(
132 'apihighlimits',
133 'autoconfirmed',
134 'autopatrol',
135 'bigdelete',
136 'block',
137 'blockemail',
138 'bot',
139 'browsearchive',
140 'createaccount',
141 'createpage',
142 'createtalk',
143 'delete',
144 'deletedhistory',
145 'deletedtext',
146 'deleterevision',
147 'edit',
148 'editinterface',
149 'editusercssjs',
150 'hideuser',
151 'import',
152 'importupload',
153 'ipblock-exempt',
154 'markbotedits',
155 'minoredit',
156 'move',
157 'movefile',
158 'move-rootuserpages',
159 'move-subpages',
160 'nominornewtalk',
161 'noratelimit',
162 'override-export-depth',
163 'patrol',
164 'protect',
165 'proxyunbannable',
166 'purge',
167 'read',
168 'reupload',
169 'reupload-shared',
170 'rollback',
171 'sendemail',
172 'siteadmin',
173 'suppressionlog',
174 'suppressredirect',
175 'suppressrevision',
176 'trackback',
177 'undelete',
178 'unwatchedpages',
179 'upload',
180 'upload_by_url',
181 'userrights',
182 'userrights-interwiki',
183 'writeapi',
184 );
185 /**
186 * \string Cached results of getAllRights()
187 */
188 static $mAllRights = false;
189
190 /** @name Cache variables */
191 //@{
192 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
193 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
194 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
195 //@}
196
197 /**
198 * \bool Whether the cache variables have been loaded.
199 */
200 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
201
202 /**
203 * \string Initialization data source if mDataLoaded==false. May be one of:
204 * - 'defaults' anonymous user initialised from class defaults
205 * - 'name' initialise from mName
206 * - 'id' initialise from mId
207 * - 'session' log in from cookies or session if possible
208 *
209 * Use the User::newFrom*() family of functions to set this.
210 */
211 var $mFrom;
212
213 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
214 //@{
215 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
216 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
217 $mLocked, $mHideName, $mOptions;
218 //@}
219
220 static $idCacheByName = array();
221
222 /**
223 * Lightweight constructor for an anonymous user.
224 * Use the User::newFrom* factory functions for other kinds of users.
225 *
226 * @see newFromName()
227 * @see newFromId()
228 * @see newFromConfirmationCode()
229 * @see newFromSession()
230 * @see newFromRow()
231 */
232 function User() {
233 $this->clearInstanceCache( 'defaults' );
234 }
235
236 /**
237 * Load the user table data for this object from the source given by mFrom.
238 */
239 function load() {
240 if ( $this->mDataLoaded ) {
241 return;
242 }
243 wfProfileIn( __METHOD__ );
244
245 # Set it now to avoid infinite recursion in accessors
246 $this->mDataLoaded = true;
247
248 switch ( $this->mFrom ) {
249 case 'defaults':
250 $this->loadDefaults();
251 break;
252 case 'name':
253 $this->mId = self::idFromName( $this->mName );
254 if ( !$this->mId ) {
255 # Nonexistent user placeholder object
256 $this->loadDefaults( $this->mName );
257 } else {
258 $this->loadFromId();
259 }
260 break;
261 case 'id':
262 $this->loadFromId();
263 break;
264 case 'session':
265 $this->loadFromSession();
266 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
267 break;
268 default:
269 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
270 }
271 wfProfileOut( __METHOD__ );
272 }
273
274 /**
275 * Load user table data, given mId has already been set.
276 * @return \bool false if the ID does not exist, true otherwise
277 * @private
278 */
279 function loadFromId() {
280 global $wgMemc;
281 if ( $this->mId == 0 ) {
282 $this->loadDefaults();
283 return false;
284 }
285
286 # Try cache
287 $key = wfMemcKey( 'user', 'id', $this->mId );
288 $data = $wgMemc->get( $key );
289 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
290 # Object is expired, load from DB
291 $data = false;
292 }
293
294 if ( !$data ) {
295 wfDebug( "Cache miss for user {$this->mId}\n" );
296 # Load from DB
297 if ( !$this->loadFromDatabase() ) {
298 # Can't load from ID, user is anonymous
299 return false;
300 }
301 $this->saveToCache();
302 } else {
303 wfDebug( "Got user {$this->mId} from cache\n" );
304 # Restore from cache
305 foreach ( self::$mCacheVars as $name ) {
306 $this->$name = $data[$name];
307 }
308 }
309 return true;
310 }
311
312 /**
313 * Save user data to the shared cache
314 */
315 function saveToCache() {
316 $this->load();
317 $this->loadGroups();
318 $this->loadOptions();
319 if ( $this->isAnon() ) {
320 // Anonymous users are uncached
321 return;
322 }
323 $data = array();
324 foreach ( self::$mCacheVars as $name ) {
325 $data[$name] = $this->$name;
326 }
327 $data['mVersion'] = MW_USER_VERSION;
328 $key = wfMemcKey( 'user', 'id', $this->mId );
329 global $wgMemc;
330 $wgMemc->set( $key, $data );
331 }
332
333
334 /** @name newFrom*() static factory methods */
335 //@{
336
337 /**
338 * Static factory method for creation from username.
339 *
340 * This is slightly less efficient than newFromId(), so use newFromId() if
341 * you have both an ID and a name handy.
342 *
343 * @param $name \string Username, validated by Title::newFromText()
344 * @param $validate \mixed Validate username. Takes the same parameters as
345 * User::getCanonicalName(), except that true is accepted as an alias
346 * for 'valid', for BC.
347 *
348 * @return \type{User} The User object, or null if the username is invalid. If the
349 * username is not present in the database, the result will be a user object
350 * with a name, zero user ID and default settings.
351 */
352 static function newFromName( $name, $validate = 'valid' ) {
353 if ( $validate === true ) {
354 $validate = 'valid';
355 }
356 $name = self::getCanonicalName( $name, $validate );
357 if ( $name === false ) {
358 return false;
359 } else {
360 # Create unloaded user object
361 $u = new User;
362 $u->mName = $name;
363 $u->mFrom = 'name';
364 return $u;
365 }
366 }
367
368 /**
369 * Static factory method for creation from a given user ID.
370 *
371 * @param $id \int Valid user ID
372 * @return \type{User} The corresponding User object
373 */
374 static function newFromId( $id ) {
375 $u = new User;
376 $u->mId = $id;
377 $u->mFrom = 'id';
378 return $u;
379 }
380
381 /**
382 * Factory method to fetch whichever user has a given email confirmation code.
383 * This code is generated when an account is created or its e-mail address
384 * has changed.
385 *
386 * If the code is invalid or has expired, returns NULL.
387 *
388 * @param $code \string Confirmation code
389 * @return \type{User}
390 */
391 static function newFromConfirmationCode( $code ) {
392 $dbr = wfGetDB( DB_SLAVE );
393 $id = $dbr->selectField( 'user', 'user_id', array(
394 'user_email_token' => md5( $code ),
395 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
396 ) );
397 if( $id !== false ) {
398 return User::newFromId( $id );
399 } else {
400 return null;
401 }
402 }
403
404 /**
405 * Create a new user object using data from session or cookies. If the
406 * login credentials are invalid, the result is an anonymous user.
407 *
408 * @return \type{User}
409 */
410 static function newFromSession() {
411 $user = new User;
412 $user->mFrom = 'session';
413 return $user;
414 }
415
416 /**
417 * Create a new user object from a user row.
418 * The row should have all fields from the user table in it.
419 * @param $row array A row from the user table
420 * @return \type{User}
421 */
422 static function newFromRow( $row ) {
423 $user = new User;
424 $user->loadFromRow( $row );
425 return $user;
426 }
427
428 //@}
429
430
431 /**
432 * Get the username corresponding to a given user ID
433 * @param $id \int User ID
434 * @return \string The corresponding username
435 */
436 static function whoIs( $id ) {
437 $dbr = wfGetDB( DB_SLAVE );
438 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), 'User::whoIs' );
439 }
440
441 /**
442 * Get the real name of a user given their user ID
443 *
444 * @param $id \int User ID
445 * @return \string The corresponding user's real name
446 */
447 static function whoIsReal( $id ) {
448 $dbr = wfGetDB( DB_SLAVE );
449 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
450 }
451
452 /**
453 * Get database id given a user name
454 * @param $name \string Username
455 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
456 */
457 static function idFromName( $name ) {
458 $nt = Title::makeTitleSafe( NS_USER, $name );
459 if( is_null( $nt ) ) {
460 # Illegal name
461 return null;
462 }
463
464 if ( isset( self::$idCacheByName[$name] ) ) {
465 return self::$idCacheByName[$name];
466 }
467
468 $dbr = wfGetDB( DB_SLAVE );
469 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
470
471 if ( $s === false ) {
472 $result = null;
473 } else {
474 $result = $s->user_id;
475 }
476
477 self::$idCacheByName[$name] = $result;
478
479 if ( count( self::$idCacheByName ) > 1000 ) {
480 self::$idCacheByName = array();
481 }
482
483 return $result;
484 }
485
486 /**
487 * Does the string match an anonymous IPv4 address?
488 *
489 * This function exists for username validation, in order to reject
490 * usernames which are similar in form to IP addresses. Strings such
491 * as 300.300.300.300 will return true because it looks like an IP
492 * address, despite not being strictly valid.
493 *
494 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
495 * address because the usemod software would "cloak" anonymous IP
496 * addresses like this, if we allowed accounts like this to be created
497 * new users could get the old edits of these anonymous users.
498 *
499 * @param $name \string String to match
500 * @return \bool True or false
501 */
502 static function isIP( $name ) {
503 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
504 }
505
506 /**
507 * Is the input a valid username?
508 *
509 * Checks if the input is a valid username, we don't want an empty string,
510 * an IP address, anything that containins slashes (would mess up subpages),
511 * is longer than the maximum allowed username size or doesn't begin with
512 * a capital letter.
513 *
514 * @param $name \string String to match
515 * @return \bool True or false
516 */
517 static function isValidUserName( $name ) {
518 global $wgContLang, $wgMaxNameChars;
519
520 if ( $name == ''
521 || User::isIP( $name )
522 || strpos( $name, '/' ) !== false
523 || strlen( $name ) > $wgMaxNameChars
524 || $name != $wgContLang->ucfirst( $name ) ) {
525 wfDebugLog( 'username', __METHOD__ .
526 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
527 return false;
528 }
529
530 // Ensure that the name can't be misresolved as a different title,
531 // such as with extra namespace keys at the start.
532 $parsed = Title::newFromText( $name );
533 if( is_null( $parsed )
534 || $parsed->getNamespace()
535 || strcmp( $name, $parsed->getPrefixedText() ) ) {
536 wfDebugLog( 'username', __METHOD__ .
537 ": '$name' invalid due to ambiguous prefixes" );
538 return false;
539 }
540
541 // Check an additional blacklist of troublemaker characters.
542 // Should these be merged into the title char list?
543 $unicodeBlacklist = '/[' .
544 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
545 '\x{00a0}' . # non-breaking space
546 '\x{2000}-\x{200f}' . # various whitespace
547 '\x{2028}-\x{202f}' . # breaks and control chars
548 '\x{3000}' . # ideographic space
549 '\x{e000}-\x{f8ff}' . # private use
550 ']/u';
551 if( preg_match( $unicodeBlacklist, $name ) ) {
552 wfDebugLog( 'username', __METHOD__ .
553 ": '$name' invalid due to blacklisted characters" );
554 return false;
555 }
556
557 return true;
558 }
559
560 /**
561 * Usernames which fail to pass this function will be blocked
562 * from user login and new account registrations, but may be used
563 * internally by batch processes.
564 *
565 * If an account already exists in this form, login will be blocked
566 * by a failure to pass this function.
567 *
568 * @param $name \string String to match
569 * @return \bool True or false
570 */
571 static function isUsableName( $name ) {
572 global $wgReservedUsernames;
573 // Must be a valid username, obviously ;)
574 if ( !self::isValidUserName( $name ) ) {
575 return false;
576 }
577
578 static $reservedUsernames = false;
579 if ( !$reservedUsernames ) {
580 $reservedUsernames = $wgReservedUsernames;
581 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
582 }
583
584 // Certain names may be reserved for batch processes.
585 foreach ( $reservedUsernames as $reserved ) {
586 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
587 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
588 }
589 if ( $reserved == $name ) {
590 return false;
591 }
592 }
593 return true;
594 }
595
596 /**
597 * Usernames which fail to pass this function will be blocked
598 * from new account registrations, but may be used internally
599 * either by batch processes or by user accounts which have
600 * already been created.
601 *
602 * Additional character blacklisting may be added here
603 * rather than in isValidUserName() to avoid disrupting
604 * existing accounts.
605 *
606 * @param $name \string String to match
607 * @return \bool True or false
608 */
609 static function isCreatableName( $name ) {
610 global $wgInvalidUsernameCharacters;
611 return
612 self::isUsableName( $name ) &&
613
614 // Registration-time character blacklisting...
615 !preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name );
616 }
617
618 /**
619 * Is the input a valid password for this user?
620 *
621 * @param $password String Desired password
622 * @return bool True or false
623 */
624 function isValidPassword( $password ) {
625 //simple boolean wrapper for getPasswordValidity
626 return $this->getPasswordValidity( $password ) === true;
627 }
628
629 /**
630 * Given unvalidated password input, return error message on failure.
631 *
632 * @param $password String Desired password
633 * @return mixed: true on success, string of error message on failure
634 */
635 function getPasswordValidity( $password ) {
636 global $wgMinimalPasswordLength, $wgContLang;
637
638 $result = false; //init $result to false for the internal checks
639
640 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
641 return $result;
642
643 if ( $result === false ) {
644 if( strlen( $password ) < $wgMinimalPasswordLength ) {
645 return 'passwordtooshort';
646 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
647 return 'password-name-match';
648 } else {
649 //it seems weird returning true here, but this is because of the
650 //initialization of $result to false above. If the hook is never run or it
651 //doesn't modify $result, then we will likely get down into this if with
652 //a valid password.
653 return true;
654 }
655 } elseif( $result === true ) {
656 return true;
657 } else {
658 return $result; //the isValidPassword hook set a string $result and returned true
659 }
660 }
661
662 /**
663 * Does a string look like an e-mail address?
664 *
665 * There used to be a regular expression here, it got removed because it
666 * rejected valid addresses. Actually just check if there is '@' somewhere
667 * in the given address.
668 *
669 * @todo Check for RFC 2822 compilance (bug 959)
670 *
671 * @param $addr \string E-mail address
672 * @return \bool True or false
673 */
674 public static function isValidEmailAddr( $addr ) {
675 $result = null;
676 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
677 return $result;
678 }
679
680 return strpos( $addr, '@' ) !== false;
681 }
682
683 /**
684 * Given unvalidated user input, return a canonical username, or false if
685 * the username is invalid.
686 * @param $name \string User input
687 * @param $validate \types{\string,\bool} Type of validation to use:
688 * - false No validation
689 * - 'valid' Valid for batch processes
690 * - 'usable' Valid for batch processes and login
691 * - 'creatable' Valid for batch processes, login and account creation
692 */
693 static function getCanonicalName( $name, $validate = 'valid' ) {
694 # Force usernames to capital
695 global $wgContLang;
696 $name = $wgContLang->ucfirst( $name );
697
698 # Reject names containing '#'; these will be cleaned up
699 # with title normalisation, but then it's too late to
700 # check elsewhere
701 if( strpos( $name, '#' ) !== false )
702 return false;
703
704 # Clean up name according to title rules
705 $t = ( $validate === 'valid' ) ?
706 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
707 # Check for invalid titles
708 if( is_null( $t ) ) {
709 return false;
710 }
711
712 # Reject various classes of invalid names
713 $name = $t->getText();
714 global $wgAuth;
715 $name = $wgAuth->getCanonicalName( $t->getText() );
716
717 switch ( $validate ) {
718 case false:
719 break;
720 case 'valid':
721 if ( !User::isValidUserName( $name ) ) {
722 $name = false;
723 }
724 break;
725 case 'usable':
726 if ( !User::isUsableName( $name ) ) {
727 $name = false;
728 }
729 break;
730 case 'creatable':
731 if ( !User::isCreatableName( $name ) ) {
732 $name = false;
733 }
734 break;
735 default:
736 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
737 }
738 return $name;
739 }
740
741 /**
742 * Count the number of edits of a user
743 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
744 *
745 * @param $uid \int User ID to check
746 * @return \int The user's edit count
747 */
748 static function edits( $uid ) {
749 wfProfileIn( __METHOD__ );
750 $dbr = wfGetDB( DB_SLAVE );
751 // check if the user_editcount field has been initialized
752 $field = $dbr->selectField(
753 'user', 'user_editcount',
754 array( 'user_id' => $uid ),
755 __METHOD__
756 );
757
758 if( $field === null ) { // it has not been initialized. do so.
759 $dbw = wfGetDB( DB_MASTER );
760 $count = $dbr->selectField(
761 'revision', 'count(*)',
762 array( 'rev_user' => $uid ),
763 __METHOD__
764 );
765 $dbw->update(
766 'user',
767 array( 'user_editcount' => $count ),
768 array( 'user_id' => $uid ),
769 __METHOD__
770 );
771 } else {
772 $count = $field;
773 }
774 wfProfileOut( __METHOD__ );
775 return $count;
776 }
777
778 /**
779 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
780 * @todo hash random numbers to improve security, like generateToken()
781 *
782 * @return \string New random password
783 */
784 static function randomPassword() {
785 global $wgMinimalPasswordLength;
786 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
787 $l = strlen( $pwchars ) - 1;
788
789 $pwlength = max( 7, $wgMinimalPasswordLength );
790 $digit = mt_rand( 0, $pwlength - 1 );
791 $np = '';
792 for ( $i = 0; $i < $pwlength; $i++ ) {
793 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
794 }
795 return $np;
796 }
797
798 /**
799 * Set cached properties to default.
800 *
801 * @note This no longer clears uncached lazy-initialised properties;
802 * the constructor does that instead.
803 * @private
804 */
805 function loadDefaults( $name = false ) {
806 wfProfileIn( __METHOD__ );
807
808 global $wgCookiePrefix;
809
810 $this->mId = 0;
811 $this->mName = $name;
812 $this->mRealName = '';
813 $this->mPassword = $this->mNewpassword = '';
814 $this->mNewpassTime = null;
815 $this->mEmail = '';
816 $this->mOptionOverrides = null;
817 $this->mOptionsLoaded = false;
818
819 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
820 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
821 } else {
822 $this->mTouched = '0'; # Allow any pages to be cached
823 }
824
825 $this->setToken(); # Random
826 $this->mEmailAuthenticated = null;
827 $this->mEmailToken = '';
828 $this->mEmailTokenExpires = null;
829 $this->mRegistration = wfTimestamp( TS_MW );
830 $this->mGroups = array();
831
832 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
833
834 wfProfileOut( __METHOD__ );
835 }
836
837 /**
838 * @deprecated Use wfSetupSession().
839 */
840 function SetupSession() {
841 wfDeprecated( __METHOD__ );
842 wfSetupSession();
843 }
844
845 /**
846 * Load user data from the session or login cookie. If there are no valid
847 * credentials, initialises the user as an anonymous user.
848 * @return \bool True if the user is logged in, false otherwise.
849 */
850 private function loadFromSession() {
851 global $wgMemc, $wgCookiePrefix, $wgExternalAuthType, $wgAutocreatePolicy;
852
853 $result = null;
854 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
855 if ( $result !== null ) {
856 return $result;
857 }
858
859 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
860 $extUser = ExternalUser::newFromCookie();
861 if ( $extUser ) {
862 # TODO: Automatically create the user here (or probably a bit
863 # lower down, in fact)
864 }
865 }
866
867 if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
868 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
869 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
870 $this->loadDefaults(); // Possible collision!
871 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
872 cookie user ID ($sId) don't match!" );
873 return false;
874 }
875 $_SESSION['wsUserID'] = $sId;
876 } else if ( isset( $_SESSION['wsUserID'] ) ) {
877 if ( $_SESSION['wsUserID'] != 0 ) {
878 $sId = $_SESSION['wsUserID'];
879 } else {
880 $this->loadDefaults();
881 return false;
882 }
883 } else {
884 $this->loadDefaults();
885 return false;
886 }
887
888 if ( isset( $_SESSION['wsUserName'] ) ) {
889 $sName = $_SESSION['wsUserName'];
890 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
891 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
892 $_SESSION['wsUserName'] = $sName;
893 } else {
894 $this->loadDefaults();
895 return false;
896 }
897
898 $passwordCorrect = FALSE;
899 $this->mId = $sId;
900 if ( !$this->loadFromId() ) {
901 # Not a valid ID, loadFromId has switched the object to anon for us
902 return false;
903 }
904
905 global $wgBlockDisablesLogin;
906 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
907 # User blocked and we've disabled blocked user logins
908 $this->loadDefaults();
909 return false;
910 }
911
912 if ( isset( $_SESSION['wsToken'] ) ) {
913 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
914 $from = 'session';
915 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
916 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
917 $from = 'cookie';
918 } else {
919 # No session or persistent login cookie
920 $this->loadDefaults();
921 return false;
922 }
923
924 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
925 $_SESSION['wsToken'] = $this->mToken;
926 wfDebug( "Logged in from $from\n" );
927 return true;
928 } else {
929 # Invalid credentials
930 wfDebug( "Can't log in from $from, invalid credentials\n" );
931 $this->loadDefaults();
932 return false;
933 }
934 }
935
936 /**
937 * Load user and user_group data from the database.
938 * $this::mId must be set, this is how the user is identified.
939 *
940 * @return \bool True if the user exists, false if the user is anonymous
941 * @private
942 */
943 function loadFromDatabase() {
944 # Paranoia
945 $this->mId = intval( $this->mId );
946
947 /** Anonymous user */
948 if( !$this->mId ) {
949 $this->loadDefaults();
950 return false;
951 }
952
953 $dbr = wfGetDB( DB_MASTER );
954 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
955
956 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
957
958 if ( $s !== false ) {
959 # Initialise user table data
960 $this->loadFromRow( $s );
961 $this->mGroups = null; // deferred
962 $this->getEditCount(); // revalidation for nulls
963 return true;
964 } else {
965 # Invalid user_id
966 $this->mId = 0;
967 $this->loadDefaults();
968 return false;
969 }
970 }
971
972 /**
973 * Initialize this object from a row from the user table.
974 *
975 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
976 */
977 function loadFromRow( $row ) {
978 $this->mDataLoaded = true;
979
980 if ( isset( $row->user_id ) ) {
981 $this->mId = intval( $row->user_id );
982 }
983 $this->mName = $row->user_name;
984 $this->mRealName = $row->user_real_name;
985 $this->mPassword = $row->user_password;
986 $this->mNewpassword = $row->user_newpassword;
987 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
988 $this->mEmail = $row->user_email;
989 $this->decodeOptions( $row->user_options );
990 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
991 $this->mToken = $row->user_token;
992 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
993 $this->mEmailToken = $row->user_email_token;
994 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
995 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
996 $this->mEditCount = $row->user_editcount;
997 }
998
999 /**
1000 * Load the groups from the database if they aren't already loaded.
1001 * @private
1002 */
1003 function loadGroups() {
1004 if ( is_null( $this->mGroups ) ) {
1005 $dbr = wfGetDB( DB_MASTER );
1006 $res = $dbr->select( 'user_groups',
1007 array( 'ug_group' ),
1008 array( 'ug_user' => $this->mId ),
1009 __METHOD__ );
1010 $this->mGroups = array();
1011 while( $row = $dbr->fetchObject( $res ) ) {
1012 $this->mGroups[] = $row->ug_group;
1013 }
1014 }
1015 }
1016
1017 /**
1018 * Clear various cached data stored in this object.
1019 * @param $reloadFrom \string Reload user and user_groups table data from a
1020 * given source. May be "name", "id", "defaults", "session", or false for
1021 * no reload.
1022 */
1023 function clearInstanceCache( $reloadFrom = false ) {
1024 $this->mNewtalk = -1;
1025 $this->mDatePreference = null;
1026 $this->mBlockedby = -1; # Unset
1027 $this->mHash = false;
1028 $this->mSkin = null;
1029 $this->mRights = null;
1030 $this->mEffectiveGroups = null;
1031 $this->mOptions = null;
1032
1033 if ( $reloadFrom ) {
1034 $this->mDataLoaded = false;
1035 $this->mFrom = $reloadFrom;
1036 }
1037 }
1038
1039 /**
1040 * Combine the language default options with any site-specific options
1041 * and add the default language variants.
1042 *
1043 * @return \type{\arrayof{\string}} Array of options
1044 */
1045 static function getDefaultOptions() {
1046 global $wgNamespacesToBeSearchedDefault;
1047 /**
1048 * Site defaults will override the global/language defaults
1049 */
1050 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1051 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1052
1053 /**
1054 * default language setting
1055 */
1056 $variant = $wgContLang->getPreferredVariant( false );
1057 $defOpt['variant'] = $variant;
1058 $defOpt['language'] = $variant;
1059 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1060 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1061 }
1062 $defOpt['skin'] = $wgDefaultSkin;
1063
1064 return $defOpt;
1065 }
1066
1067 /**
1068 * Get a given default option value.
1069 *
1070 * @param $opt \string Name of option to retrieve
1071 * @return \string Default option value
1072 */
1073 public static function getDefaultOption( $opt ) {
1074 $defOpts = self::getDefaultOptions();
1075 if( isset( $defOpts[$opt] ) ) {
1076 return $defOpts[$opt];
1077 } else {
1078 return null;
1079 }
1080 }
1081
1082 /**
1083 * Get a list of user toggle names
1084 * @return \type{\arrayof{\string}} Array of user toggle names
1085 */
1086 static function getToggles() {
1087 global $wgContLang, $wgUseRCPatrol;
1088 $extraToggles = array();
1089 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
1090 if( $wgUseRCPatrol ) {
1091 $extraToggles[] = 'hidepatrolled';
1092 $extraToggles[] = 'newpageshidepatrolled';
1093 $extraToggles[] = 'watchlisthidepatrolled';
1094 }
1095 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
1096 }
1097
1098
1099 /**
1100 * Get blocking information
1101 * @private
1102 * @param $bFromSlave \bool Whether to check the slave database first. To
1103 * improve performance, non-critical checks are done
1104 * against slaves. Check when actually saving should be
1105 * done against master.
1106 */
1107 function getBlockedStatus( $bFromSlave = true ) {
1108 global $wgProxyWhitelist, $wgUser;
1109
1110 if ( -1 != $this->mBlockedby ) {
1111 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1112 return;
1113 }
1114
1115 wfProfileIn( __METHOD__ );
1116 wfDebug( __METHOD__.": checking...\n" );
1117
1118 // Initialize data...
1119 // Otherwise something ends up stomping on $this->mBlockedby when
1120 // things get lazy-loaded later, causing false positive block hits
1121 // due to -1 !== 0. Probably session-related... Nothing should be
1122 // overwriting mBlockedby, surely?
1123 $this->load();
1124
1125 $this->mBlockedby = 0;
1126 $this->mHideName = 0;
1127 $this->mAllowUsertalk = 0;
1128
1129 # Check if we are looking at an IP or a logged-in user
1130 if ( $this->isIP( $this->getName() ) ) {
1131 $ip = $this->getName();
1132 } else {
1133 # Check if we are looking at the current user
1134 # If we don't, and the user is logged in, we don't know about
1135 # his IP / autoblock status, so ignore autoblock of current user's IP
1136 if ( $this->getID() != $wgUser->getID() ) {
1137 $ip = '';
1138 } else {
1139 # Get IP of current user
1140 $ip = wfGetIP();
1141 }
1142 }
1143
1144 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1145 # Exempt from all types of IP-block
1146 $ip = '';
1147 }
1148
1149 # User/IP blocking
1150 $this->mBlock = new Block();
1151 $this->mBlock->fromMaster( !$bFromSlave );
1152 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1153 wfDebug( __METHOD__ . ": Found block.\n" );
1154 $this->mBlockedby = $this->mBlock->mBy;
1155 if( $this->mBlockedby == "0" )
1156 $this->mBlockedby = $this->mBlock->mByName;
1157 $this->mBlockreason = $this->mBlock->mReason;
1158 $this->mHideName = $this->mBlock->mHideName;
1159 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1160 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1161 $this->spreadBlock();
1162 }
1163 } else {
1164 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1165 // apply to users. Note that the existence of $this->mBlock is not used to
1166 // check for edit blocks, $this->mBlockedby is instead.
1167 }
1168
1169 # Proxy blocking
1170 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1171 # Local list
1172 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1173 $this->mBlockedby = wfMsg( 'proxyblocker' );
1174 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1175 }
1176
1177 # DNSBL
1178 if ( !$this->mBlockedby && !$this->getID() ) {
1179 if ( $this->isDnsBlacklisted( $ip ) ) {
1180 $this->mBlockedby = wfMsg( 'sorbs' );
1181 $this->mBlockreason = wfMsg( 'sorbsreason' );
1182 }
1183 }
1184 }
1185
1186 # Extensions
1187 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1188
1189 wfProfileOut( __METHOD__ );
1190 }
1191
1192 /**
1193 * Whether the given IP is in a DNS blacklist.
1194 *
1195 * @param $ip \string IP to check
1196 * @param $checkWhitelist Boolean: whether to check the whitelist first
1197 * @return \bool True if blacklisted.
1198 */
1199 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1200 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1201 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1202
1203 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1204 return false;
1205
1206 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1207 return false;
1208
1209 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1210 return $this->inDnsBlacklist( $ip, $urls );
1211 }
1212
1213 /**
1214 * Whether the given IP is in a given DNS blacklist.
1215 *
1216 * @param $ip \string IP to check
1217 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1218 * @return \bool True if blacklisted.
1219 */
1220 function inDnsBlacklist( $ip, $bases ) {
1221 wfProfileIn( __METHOD__ );
1222
1223 $found = false;
1224 $host = '';
1225 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1226 if( IP::isIPv4( $ip ) ) {
1227 # Reverse IP, bug 21255
1228 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1229
1230 foreach( (array)$bases as $base ) {
1231 # Make hostname
1232 $host = "$ipReversed.$base";
1233
1234 # Send query
1235 $ipList = gethostbynamel( $host );
1236
1237 if( $ipList ) {
1238 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1239 $found = true;
1240 break;
1241 } else {
1242 wfDebug( "Requested $host, not found in $base.\n" );
1243 }
1244 }
1245 }
1246
1247 wfProfileOut( __METHOD__ );
1248 return $found;
1249 }
1250
1251 /**
1252 * Is this user subject to rate limiting?
1253 *
1254 * @return \bool True if rate limited
1255 */
1256 public function isPingLimitable() {
1257 global $wgRateLimitsExcludedGroups;
1258 global $wgRateLimitsExcludedIPs;
1259 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1260 // Deprecated, but kept for backwards-compatibility config
1261 return false;
1262 }
1263 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1264 // No other good way currently to disable rate limits
1265 // for specific IPs. :P
1266 // But this is a crappy hack and should die.
1267 return false;
1268 }
1269 return !$this->isAllowed('noratelimit');
1270 }
1271
1272 /**
1273 * Primitive rate limits: enforce maximum actions per time period
1274 * to put a brake on flooding.
1275 *
1276 * @note When using a shared cache like memcached, IP-address
1277 * last-hit counters will be shared across wikis.
1278 *
1279 * @param $action \string Action to enforce; 'edit' if unspecified
1280 * @return \bool True if a rate limiter was tripped
1281 */
1282 function pingLimiter( $action = 'edit' ) {
1283 # Call the 'PingLimiter' hook
1284 $result = false;
1285 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1286 return $result;
1287 }
1288
1289 global $wgRateLimits;
1290 if( !isset( $wgRateLimits[$action] ) ) {
1291 return false;
1292 }
1293
1294 # Some groups shouldn't trigger the ping limiter, ever
1295 if( !$this->isPingLimitable() )
1296 return false;
1297
1298 global $wgMemc, $wgRateLimitLog;
1299 wfProfileIn( __METHOD__ );
1300
1301 $limits = $wgRateLimits[$action];
1302 $keys = array();
1303 $id = $this->getId();
1304 $ip = wfGetIP();
1305 $userLimit = false;
1306
1307 if( isset( $limits['anon'] ) && $id == 0 ) {
1308 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1309 }
1310
1311 if( isset( $limits['user'] ) && $id != 0 ) {
1312 $userLimit = $limits['user'];
1313 }
1314 if( $this->isNewbie() ) {
1315 if( isset( $limits['newbie'] ) && $id != 0 ) {
1316 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1317 }
1318 if( isset( $limits['ip'] ) ) {
1319 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1320 }
1321 $matches = array();
1322 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1323 $subnet = $matches[1];
1324 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1325 }
1326 }
1327 // Check for group-specific permissions
1328 // If more than one group applies, use the group with the highest limit
1329 foreach ( $this->getGroups() as $group ) {
1330 if ( isset( $limits[$group] ) ) {
1331 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1332 $userLimit = $limits[$group];
1333 }
1334 }
1335 }
1336 // Set the user limit key
1337 if ( $userLimit !== false ) {
1338 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1339 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1340 }
1341
1342 $triggered = false;
1343 foreach( $keys as $key => $limit ) {
1344 list( $max, $period ) = $limit;
1345 $summary = "(limit $max in {$period}s)";
1346 $count = $wgMemc->get( $key );
1347 // Already pinged?
1348 if( $count ) {
1349 if( $count > $max ) {
1350 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1351 if( $wgRateLimitLog ) {
1352 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1353 }
1354 $triggered = true;
1355 } else {
1356 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1357 }
1358 } else {
1359 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1360 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1361 }
1362 $wgMemc->incr( $key );
1363 }
1364
1365 wfProfileOut( __METHOD__ );
1366 return $triggered;
1367 }
1368
1369 /**
1370 * Check if user is blocked
1371 *
1372 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1373 * @return \bool True if blocked, false otherwise
1374 */
1375 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1376 wfDebug( "User::isBlocked: enter\n" );
1377 $this->getBlockedStatus( $bFromSlave );
1378 return $this->mBlockedby !== 0;
1379 }
1380
1381 /**
1382 * Check if user is blocked from editing a particular article
1383 *
1384 * @param $title \string Title to check
1385 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1386 * @return \bool True if blocked, false otherwise
1387 */
1388 function isBlockedFrom( $title, $bFromSlave = false ) {
1389 global $wgBlockAllowsUTEdit;
1390 wfProfileIn( __METHOD__ );
1391 wfDebug( __METHOD__ . ": enter\n" );
1392
1393 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1394 $blocked = $this->isBlocked( $bFromSlave );
1395 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1396 # If a user's name is suppressed, they cannot make edits anywhere
1397 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1398 $title->getNamespace() == NS_USER_TALK ) {
1399 $blocked = false;
1400 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1401 }
1402
1403 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1404
1405 wfProfileOut( __METHOD__ );
1406 return $blocked;
1407 }
1408
1409 /**
1410 * If user is blocked, return the name of the user who placed the block
1411 * @return \string name of blocker
1412 */
1413 function blockedBy() {
1414 $this->getBlockedStatus();
1415 return $this->mBlockedby;
1416 }
1417
1418 /**
1419 * If user is blocked, return the specified reason for the block
1420 * @return \string Blocking reason
1421 */
1422 function blockedFor() {
1423 $this->getBlockedStatus();
1424 return $this->mBlockreason;
1425 }
1426
1427 /**
1428 * If user is blocked, return the ID for the block
1429 * @return \int Block ID
1430 */
1431 function getBlockId() {
1432 $this->getBlockedStatus();
1433 return ( $this->mBlock ? $this->mBlock->mId : false );
1434 }
1435
1436 /**
1437 * Check if user is blocked on all wikis.
1438 * Do not use for actual edit permission checks!
1439 * This is intented for quick UI checks.
1440 *
1441 * @param $ip \type{\string} IP address, uses current client if none given
1442 * @return \type{\bool} True if blocked, false otherwise
1443 */
1444 function isBlockedGlobally( $ip = '' ) {
1445 if( $this->mBlockedGlobally !== null ) {
1446 return $this->mBlockedGlobally;
1447 }
1448 // User is already an IP?
1449 if( IP::isIPAddress( $this->getName() ) ) {
1450 $ip = $this->getName();
1451 } else if( !$ip ) {
1452 $ip = wfGetIP();
1453 }
1454 $blocked = false;
1455 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1456 $this->mBlockedGlobally = (bool)$blocked;
1457 return $this->mBlockedGlobally;
1458 }
1459
1460 /**
1461 * Check if user account is locked
1462 *
1463 * @return \type{\bool} True if locked, false otherwise
1464 */
1465 function isLocked() {
1466 if( $this->mLocked !== null ) {
1467 return $this->mLocked;
1468 }
1469 global $wgAuth;
1470 $authUser = $wgAuth->getUserInstance( $this );
1471 $this->mLocked = (bool)$authUser->isLocked();
1472 return $this->mLocked;
1473 }
1474
1475 /**
1476 * Check if user account is hidden
1477 *
1478 * @return \type{\bool} True if hidden, false otherwise
1479 */
1480 function isHidden() {
1481 if( $this->mHideName !== null ) {
1482 return $this->mHideName;
1483 }
1484 $this->getBlockedStatus();
1485 if( !$this->mHideName ) {
1486 global $wgAuth;
1487 $authUser = $wgAuth->getUserInstance( $this );
1488 $this->mHideName = (bool)$authUser->isHidden();
1489 }
1490 return $this->mHideName;
1491 }
1492
1493 /**
1494 * Get the user's ID.
1495 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1496 */
1497 function getId() {
1498 if( $this->mId === null and $this->mName !== null
1499 and User::isIP( $this->mName ) ) {
1500 // Special case, we know the user is anonymous
1501 return 0;
1502 } elseif( $this->mId === null ) {
1503 // Don't load if this was initialized from an ID
1504 $this->load();
1505 }
1506 return $this->mId;
1507 }
1508
1509 /**
1510 * Set the user and reload all fields according to a given ID
1511 * @param $v \int User ID to reload
1512 */
1513 function setId( $v ) {
1514 $this->mId = $v;
1515 $this->clearInstanceCache( 'id' );
1516 }
1517
1518 /**
1519 * Get the user name, or the IP of an anonymous user
1520 * @return \string User's name or IP address
1521 */
1522 function getName() {
1523 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1524 # Special case optimisation
1525 return $this->mName;
1526 } else {
1527 $this->load();
1528 if ( $this->mName === false ) {
1529 # Clean up IPs
1530 $this->mName = IP::sanitizeIP( wfGetIP() );
1531 }
1532 return $this->mName;
1533 }
1534 }
1535
1536 /**
1537 * Set the user name.
1538 *
1539 * This does not reload fields from the database according to the given
1540 * name. Rather, it is used to create a temporary "nonexistent user" for
1541 * later addition to the database. It can also be used to set the IP
1542 * address for an anonymous user to something other than the current
1543 * remote IP.
1544 *
1545 * @note User::newFromName() has rougly the same function, when the named user
1546 * does not exist.
1547 * @param $str \string New user name to set
1548 */
1549 function setName( $str ) {
1550 $this->load();
1551 $this->mName = $str;
1552 }
1553
1554 /**
1555 * Get the user's name escaped by underscores.
1556 * @return \string Username escaped by underscores.
1557 */
1558 function getTitleKey() {
1559 return str_replace( ' ', '_', $this->getName() );
1560 }
1561
1562 /**
1563 * Check if the user has new messages.
1564 * @return \bool True if the user has new messages
1565 */
1566 function getNewtalk() {
1567 $this->load();
1568
1569 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1570 if( $this->mNewtalk === -1 ) {
1571 $this->mNewtalk = false; # reset talk page status
1572
1573 # Check memcached separately for anons, who have no
1574 # entire User object stored in there.
1575 if( !$this->mId ) {
1576 global $wgMemc;
1577 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1578 $newtalk = $wgMemc->get( $key );
1579 if( strval( $newtalk ) !== '' ) {
1580 $this->mNewtalk = (bool)$newtalk;
1581 } else {
1582 // Since we are caching this, make sure it is up to date by getting it
1583 // from the master
1584 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1585 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1586 }
1587 } else {
1588 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1589 }
1590 }
1591
1592 return (bool)$this->mNewtalk;
1593 }
1594
1595 /**
1596 * Return the talk page(s) this user has new messages on.
1597 * @return \type{\arrayof{\string}} Array of page URLs
1598 */
1599 function getNewMessageLinks() {
1600 $talks = array();
1601 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1602 return $talks;
1603
1604 if( !$this->getNewtalk() )
1605 return array();
1606 $up = $this->getUserPage();
1607 $utp = $up->getTalkPage();
1608 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1609 }
1610
1611 /**
1612 * Internal uncached check for new messages
1613 *
1614 * @see getNewtalk()
1615 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1616 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1617 * @param $fromMaster \bool true to fetch from the master, false for a slave
1618 * @return \bool True if the user has new messages
1619 * @private
1620 */
1621 function checkNewtalk( $field, $id, $fromMaster = false ) {
1622 if ( $fromMaster ) {
1623 $db = wfGetDB( DB_MASTER );
1624 } else {
1625 $db = wfGetDB( DB_SLAVE );
1626 }
1627 $ok = $db->selectField( 'user_newtalk', $field,
1628 array( $field => $id ), __METHOD__ );
1629 return $ok !== false;
1630 }
1631
1632 /**
1633 * Add or update the new messages flag
1634 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1635 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1636 * @return \bool True if successful, false otherwise
1637 * @private
1638 */
1639 function updateNewtalk( $field, $id ) {
1640 $dbw = wfGetDB( DB_MASTER );
1641 $dbw->insert( 'user_newtalk',
1642 array( $field => $id ),
1643 __METHOD__,
1644 'IGNORE' );
1645 if ( $dbw->affectedRows() ) {
1646 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1647 return true;
1648 } else {
1649 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1650 return false;
1651 }
1652 }
1653
1654 /**
1655 * Clear the new messages flag for the given user
1656 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1657 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1658 * @return \bool True if successful, false otherwise
1659 * @private
1660 */
1661 function deleteNewtalk( $field, $id ) {
1662 $dbw = wfGetDB( DB_MASTER );
1663 $dbw->delete( 'user_newtalk',
1664 array( $field => $id ),
1665 __METHOD__ );
1666 if ( $dbw->affectedRows() ) {
1667 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1668 return true;
1669 } else {
1670 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1671 return false;
1672 }
1673 }
1674
1675 /**
1676 * Update the 'You have new messages!' status.
1677 * @param $val \bool Whether the user has new messages
1678 */
1679 function setNewtalk( $val ) {
1680 if( wfReadOnly() ) {
1681 return;
1682 }
1683
1684 $this->load();
1685 $this->mNewtalk = $val;
1686
1687 if( $this->isAnon() ) {
1688 $field = 'user_ip';
1689 $id = $this->getName();
1690 } else {
1691 $field = 'user_id';
1692 $id = $this->getId();
1693 }
1694 global $wgMemc;
1695
1696 if( $val ) {
1697 $changed = $this->updateNewtalk( $field, $id );
1698 } else {
1699 $changed = $this->deleteNewtalk( $field, $id );
1700 }
1701
1702 if( $this->isAnon() ) {
1703 // Anons have a separate memcached space, since
1704 // user records aren't kept for them.
1705 $key = wfMemcKey( 'newtalk', 'ip', $id );
1706 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1707 }
1708 if ( $changed ) {
1709 $this->invalidateCache();
1710 }
1711 }
1712
1713 /**
1714 * Generate a current or new-future timestamp to be stored in the
1715 * user_touched field when we update things.
1716 * @return \string Timestamp in TS_MW format
1717 */
1718 private static function newTouchedTimestamp() {
1719 global $wgClockSkewFudge;
1720 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1721 }
1722
1723 /**
1724 * Clear user data from memcached.
1725 * Use after applying fun updates to the database; caller's
1726 * responsibility to update user_touched if appropriate.
1727 *
1728 * Called implicitly from invalidateCache() and saveSettings().
1729 */
1730 private function clearSharedCache() {
1731 $this->load();
1732 if( $this->mId ) {
1733 global $wgMemc;
1734 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1735 }
1736 }
1737
1738 /**
1739 * Immediately touch the user data cache for this account.
1740 * Updates user_touched field, and removes account data from memcached
1741 * for reload on the next hit.
1742 */
1743 function invalidateCache() {
1744 if( wfReadOnly() ) {
1745 return;
1746 }
1747 $this->load();
1748 if( $this->mId ) {
1749 $this->mTouched = self::newTouchedTimestamp();
1750
1751 $dbw = wfGetDB( DB_MASTER );
1752 $dbw->update( 'user',
1753 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1754 array( 'user_id' => $this->mId ),
1755 __METHOD__ );
1756
1757 $this->clearSharedCache();
1758 }
1759 }
1760
1761 /**
1762 * Validate the cache for this account.
1763 * @param $timestamp \string A timestamp in TS_MW format
1764 */
1765 function validateCache( $timestamp ) {
1766 $this->load();
1767 return ( $timestamp >= $this->mTouched );
1768 }
1769
1770 /**
1771 * Get the user touched timestamp
1772 */
1773 function getTouched() {
1774 $this->load();
1775 return $this->mTouched;
1776 }
1777
1778 /**
1779 * Set the password and reset the random token.
1780 * Calls through to authentication plugin if necessary;
1781 * will have no effect if the auth plugin refuses to
1782 * pass the change through or if the legal password
1783 * checks fail.
1784 *
1785 * As a special case, setting the password to null
1786 * wipes it, so the account cannot be logged in until
1787 * a new password is set, for instance via e-mail.
1788 *
1789 * @param $str \string New password to set
1790 * @throws PasswordError on failure
1791 */
1792 function setPassword( $str ) {
1793 global $wgAuth;
1794
1795 if( $str !== null ) {
1796 if( !$wgAuth->allowPasswordChange() ) {
1797 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1798 }
1799
1800 if( !$this->isValidPassword( $str ) ) {
1801 global $wgMinimalPasswordLength;
1802 $valid = $this->getPasswordValidity( $str );
1803 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1804 $wgMinimalPasswordLength ) );
1805 }
1806 }
1807
1808 if( !$wgAuth->setPassword( $this, $str ) ) {
1809 throw new PasswordError( wfMsg( 'externaldberror' ) );
1810 }
1811
1812 $this->setInternalPassword( $str );
1813
1814 return true;
1815 }
1816
1817 /**
1818 * Set the password and reset the random token unconditionally.
1819 *
1820 * @param $str \string New password to set
1821 */
1822 function setInternalPassword( $str ) {
1823 $this->load();
1824 $this->setToken();
1825
1826 if( $str === null ) {
1827 // Save an invalid hash...
1828 $this->mPassword = '';
1829 } else {
1830 $this->mPassword = self::crypt( $str );
1831 }
1832 $this->mNewpassword = '';
1833 $this->mNewpassTime = null;
1834 }
1835
1836 /**
1837 * Get the user's current token.
1838 * @return \string Token
1839 */
1840 function getToken() {
1841 $this->load();
1842 return $this->mToken;
1843 }
1844
1845 /**
1846 * Set the random token (used for persistent authentication)
1847 * Called from loadDefaults() among other places.
1848 *
1849 * @param $token \string If specified, set the token to this value
1850 * @private
1851 */
1852 function setToken( $token = false ) {
1853 global $wgSecretKey, $wgProxyKey;
1854 $this->load();
1855 if ( !$token ) {
1856 if ( $wgSecretKey ) {
1857 $key = $wgSecretKey;
1858 } elseif ( $wgProxyKey ) {
1859 $key = $wgProxyKey;
1860 } else {
1861 $key = microtime();
1862 }
1863 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1864 } else {
1865 $this->mToken = $token;
1866 }
1867 }
1868
1869 /**
1870 * Set the cookie password
1871 *
1872 * @param $str \string New cookie password
1873 * @private
1874 */
1875 function setCookiePassword( $str ) {
1876 $this->load();
1877 $this->mCookiePassword = md5( $str );
1878 }
1879
1880 /**
1881 * Set the password for a password reminder or new account email
1882 *
1883 * @param $str \string New password to set
1884 * @param $throttle \bool If true, reset the throttle timestamp to the present
1885 */
1886 function setNewpassword( $str, $throttle = true ) {
1887 $this->load();
1888 $this->mNewpassword = self::crypt( $str );
1889 if ( $throttle ) {
1890 $this->mNewpassTime = wfTimestampNow();
1891 }
1892 }
1893
1894 /**
1895 * Has password reminder email been sent within the last
1896 * $wgPasswordReminderResendTime hours?
1897 * @return \bool True or false
1898 */
1899 function isPasswordReminderThrottled() {
1900 global $wgPasswordReminderResendTime;
1901 $this->load();
1902 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1903 return false;
1904 }
1905 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1906 return time() < $expiry;
1907 }
1908
1909 /**
1910 * Get the user's e-mail address
1911 * @return \string User's email address
1912 */
1913 function getEmail() {
1914 $this->load();
1915 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1916 return $this->mEmail;
1917 }
1918
1919 /**
1920 * Get the timestamp of the user's e-mail authentication
1921 * @return \string TS_MW timestamp
1922 */
1923 function getEmailAuthenticationTimestamp() {
1924 $this->load();
1925 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1926 return $this->mEmailAuthenticated;
1927 }
1928
1929 /**
1930 * Set the user's e-mail address
1931 * @param $str \string New e-mail address
1932 */
1933 function setEmail( $str ) {
1934 $this->load();
1935 $this->mEmail = $str;
1936 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1937 }
1938
1939 /**
1940 * Get the user's real name
1941 * @return \string User's real name
1942 */
1943 function getRealName() {
1944 $this->load();
1945 return $this->mRealName;
1946 }
1947
1948 /**
1949 * Set the user's real name
1950 * @param $str \string New real name
1951 */
1952 function setRealName( $str ) {
1953 $this->load();
1954 $this->mRealName = $str;
1955 }
1956
1957 /**
1958 * Get the user's current setting for a given option.
1959 *
1960 * @param $oname \string The option to check
1961 * @param $defaultOverride \string A default value returned if the option does not exist
1962 * @return \string User's current value for the option
1963 * @see getBoolOption()
1964 * @see getIntOption()
1965 */
1966 function getOption( $oname, $defaultOverride = null ) {
1967 $this->loadOptions();
1968
1969 if ( is_null( $this->mOptions ) ) {
1970 if($defaultOverride != '') {
1971 return $defaultOverride;
1972 }
1973 $this->mOptions = User::getDefaultOptions();
1974 }
1975
1976 if ( array_key_exists( $oname, $this->mOptions ) ) {
1977 return $this->mOptions[$oname];
1978 } else {
1979 return $defaultOverride;
1980 }
1981 }
1982
1983 /**
1984 * Get all user's options
1985 *
1986 * @return array
1987 */
1988 public function getOptions() {
1989 $this->loadOptions();
1990 return $this->mOptions;
1991 }
1992
1993 /**
1994 * Get the user's current setting for a given option, as a boolean value.
1995 *
1996 * @param $oname \string The option to check
1997 * @return \bool User's current value for the option
1998 * @see getOption()
1999 */
2000 function getBoolOption( $oname ) {
2001 return (bool)$this->getOption( $oname );
2002 }
2003
2004
2005 /**
2006 * Get the user's current setting for a given option, as a boolean value.
2007 *
2008 * @param $oname \string The option to check
2009 * @param $defaultOverride \int A default value returned if the option does not exist
2010 * @return \int User's current value for the option
2011 * @see getOption()
2012 */
2013 function getIntOption( $oname, $defaultOverride=0 ) {
2014 $val = $this->getOption( $oname );
2015 if( $val == '' ) {
2016 $val = $defaultOverride;
2017 }
2018 return intval( $val );
2019 }
2020
2021 /**
2022 * Set the given option for a user.
2023 *
2024 * @param $oname \string The option to set
2025 * @param $val \mixed New value to set
2026 */
2027 function setOption( $oname, $val ) {
2028 $this->load();
2029 $this->loadOptions();
2030
2031 if ( $oname == 'skin' ) {
2032 # Clear cached skin, so the new one displays immediately in Special:Preferences
2033 unset( $this->mSkin );
2034 }
2035
2036 // Explicitly NULL values should refer to defaults
2037 global $wgDefaultUserOptions;
2038 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2039 $val = $wgDefaultUserOptions[$oname];
2040 }
2041
2042 $this->mOptions[$oname] = $val;
2043 }
2044
2045 /**
2046 * Reset all options to the site defaults
2047 */
2048 function resetOptions() {
2049 $this->mOptions = User::getDefaultOptions();
2050 }
2051
2052 /**
2053 * Get the user's preferred date format.
2054 * @return \string User's preferred date format
2055 */
2056 function getDatePreference() {
2057 // Important migration for old data rows
2058 if ( is_null( $this->mDatePreference ) ) {
2059 global $wgLang;
2060 $value = $this->getOption( 'date' );
2061 $map = $wgLang->getDatePreferenceMigrationMap();
2062 if ( isset( $map[$value] ) ) {
2063 $value = $map[$value];
2064 }
2065 $this->mDatePreference = $value;
2066 }
2067 return $this->mDatePreference;
2068 }
2069
2070 /**
2071 * Get the permissions this user has.
2072 * @return \type{\arrayof{\string}} Array of permission names
2073 */
2074 function getRights() {
2075 if ( is_null( $this->mRights ) ) {
2076 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2077 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2078 // Force reindexation of rights when a hook has unset one of them
2079 $this->mRights = array_values( $this->mRights );
2080 }
2081 return $this->mRights;
2082 }
2083
2084 /**
2085 * Get the list of explicit group memberships this user has.
2086 * The implicit * and user groups are not included.
2087 * @return \type{\arrayof{\string}} Array of internal group names
2088 */
2089 function getGroups() {
2090 $this->load();
2091 return $this->mGroups;
2092 }
2093
2094 /**
2095 * Get the list of implicit group memberships this user has.
2096 * This includes all explicit groups, plus 'user' if logged in,
2097 * '*' for all accounts and autopromoted groups
2098 * @param $recache \bool Whether to avoid the cache
2099 * @return \type{\arrayof{\string}} Array of internal group names
2100 */
2101 function getEffectiveGroups( $recache = false ) {
2102 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2103 wfProfileIn( __METHOD__ );
2104 $this->mEffectiveGroups = $this->getGroups();
2105 $this->mEffectiveGroups[] = '*';
2106 if( $this->getId() ) {
2107 $this->mEffectiveGroups[] = 'user';
2108
2109 $this->mEffectiveGroups = array_unique( array_merge(
2110 $this->mEffectiveGroups,
2111 Autopromote::getAutopromoteGroups( $this )
2112 ) );
2113
2114 # Hook for additional groups
2115 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2116 }
2117 wfProfileOut( __METHOD__ );
2118 }
2119 return $this->mEffectiveGroups;
2120 }
2121
2122 /**
2123 * Get the user's edit count.
2124 * @return \int User'e edit count
2125 */
2126 function getEditCount() {
2127 if( $this->getId() ) {
2128 if ( !isset( $this->mEditCount ) ) {
2129 /* Populate the count, if it has not been populated yet */
2130 $this->mEditCount = User::edits( $this->mId );
2131 }
2132 return $this->mEditCount;
2133 } else {
2134 /* nil */
2135 return null;
2136 }
2137 }
2138
2139 /**
2140 * Add the user to the given group.
2141 * This takes immediate effect.
2142 * @param $group \string Name of the group to add
2143 */
2144 function addGroup( $group ) {
2145 $dbw = wfGetDB( DB_MASTER );
2146 if( $this->getId() ) {
2147 $dbw->insert( 'user_groups',
2148 array(
2149 'ug_user' => $this->getID(),
2150 'ug_group' => $group,
2151 ),
2152 'User::addGroup',
2153 array( 'IGNORE' ) );
2154 }
2155
2156 $this->loadGroups();
2157 $this->mGroups[] = $group;
2158 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2159
2160 $this->invalidateCache();
2161 }
2162
2163 /**
2164 * Remove the user from the given group.
2165 * This takes immediate effect.
2166 * @param $group \string Name of the group to remove
2167 */
2168 function removeGroup( $group ) {
2169 $this->load();
2170 $dbw = wfGetDB( DB_MASTER );
2171 $dbw->delete( 'user_groups',
2172 array(
2173 'ug_user' => $this->getID(),
2174 'ug_group' => $group,
2175 ),
2176 'User::removeGroup' );
2177
2178 $this->loadGroups();
2179 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2180 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2181
2182 $this->invalidateCache();
2183 }
2184
2185 /**
2186 * Get whether the user is logged in
2187 * @return \bool True or false
2188 */
2189 function isLoggedIn() {
2190 return $this->getID() != 0;
2191 }
2192
2193 /**
2194 * Get whether the user is anonymous
2195 * @return \bool True or false
2196 */
2197 function isAnon() {
2198 return !$this->isLoggedIn();
2199 }
2200
2201 /**
2202 * Get whether the user is a bot
2203 * @return \bool True or false
2204 * @deprecated
2205 */
2206 function isBot() {
2207 wfDeprecated( __METHOD__ );
2208 return $this->isAllowed( 'bot' );
2209 }
2210
2211 /**
2212 * Check if user is allowed to access a feature / make an action
2213 * @param $action \string action to be checked
2214 * @return \bool True if action is allowed, else false
2215 */
2216 function isAllowed( $action = '' ) {
2217 if ( $action === '' )
2218 return true; // In the spirit of DWIM
2219 # Patrolling may not be enabled
2220 if( $action === 'patrol' || $action === 'autopatrol' ) {
2221 global $wgUseRCPatrol, $wgUseNPPatrol;
2222 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2223 return false;
2224 }
2225 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2226 # by misconfiguration: 0 == 'foo'
2227 return in_array( $action, $this->getRights(), true );
2228 }
2229
2230 /**
2231 * Check whether to enable recent changes patrol features for this user
2232 * @return \bool True or false
2233 */
2234 public function useRCPatrol() {
2235 global $wgUseRCPatrol;
2236 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2237 }
2238
2239 /**
2240 * Check whether to enable new pages patrol features for this user
2241 * @return \bool True or false
2242 */
2243 public function useNPPatrol() {
2244 global $wgUseRCPatrol, $wgUseNPPatrol;
2245 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2246 }
2247
2248 /**
2249 * Get the current skin, loading it if required, and setting a title
2250 * @param $t Title: the title to use in the skin
2251 * @return Skin The current skin
2252 * @todo FIXME : need to check the old failback system [AV]
2253 */
2254 function &getSkin( $t = null ) {
2255 if ( !isset( $this->mSkin ) ) {
2256 wfProfileIn( __METHOD__ );
2257
2258 global $wgHiddenPrefs;
2259 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2260 # get the user skin
2261 global $wgRequest;
2262 $userSkin = $this->getOption( 'skin' );
2263 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2264 } else {
2265 # if we're not allowing users to override, then use the default
2266 global $wgDefaultSkin;
2267 $userSkin = $wgDefaultSkin;
2268 }
2269
2270 $this->mSkin =& Skin::newFromKey( $userSkin );
2271 wfProfileOut( __METHOD__ );
2272 }
2273 if( $t || !$this->mSkin->getTitle() ) {
2274 if ( !$t ) {
2275 global $wgOut;
2276 $t = $wgOut->getTitle();
2277 }
2278 $this->mSkin->setTitle( $t );
2279 }
2280 return $this->mSkin;
2281 }
2282
2283 /**
2284 * Check the watched status of an article.
2285 * @param $title \type{Title} Title of the article to look at
2286 * @return \bool True if article is watched
2287 */
2288 function isWatched( $title ) {
2289 $wl = WatchedItem::fromUserTitle( $this, $title );
2290 return $wl->isWatched();
2291 }
2292
2293 /**
2294 * Watch an article.
2295 * @param $title \type{Title} Title of the article to look at
2296 */
2297 function addWatch( $title ) {
2298 $wl = WatchedItem::fromUserTitle( $this, $title );
2299 $wl->addWatch();
2300 $this->invalidateCache();
2301 }
2302
2303 /**
2304 * Stop watching an article.
2305 * @param $title \type{Title} Title of the article to look at
2306 */
2307 function removeWatch( $title ) {
2308 $wl = WatchedItem::fromUserTitle( $this, $title );
2309 $wl->removeWatch();
2310 $this->invalidateCache();
2311 }
2312
2313 /**
2314 * Clear the user's notification timestamp for the given title.
2315 * If e-notif e-mails are on, they will receive notification mails on
2316 * the next change of the page if it's watched etc.
2317 * @param $title \type{Title} Title of the article to look at
2318 */
2319 function clearNotification( &$title ) {
2320 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2321
2322 # Do nothing if the database is locked to writes
2323 if( wfReadOnly() ) {
2324 return;
2325 }
2326
2327 if( $title->getNamespace() == NS_USER_TALK &&
2328 $title->getText() == $this->getName() ) {
2329 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2330 return;
2331 $this->setNewtalk( false );
2332 }
2333
2334 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2335 return;
2336 }
2337
2338 if( $this->isAnon() ) {
2339 // Nothing else to do...
2340 return;
2341 }
2342
2343 // Only update the timestamp if the page is being watched.
2344 // The query to find out if it is watched is cached both in memcached and per-invocation,
2345 // and when it does have to be executed, it can be on a slave
2346 // If this is the user's newtalk page, we always update the timestamp
2347 if( $title->getNamespace() == NS_USER_TALK &&
2348 $title->getText() == $wgUser->getName() )
2349 {
2350 $watched = true;
2351 } elseif ( $this->getId() == $wgUser->getId() ) {
2352 $watched = $title->userIsWatching();
2353 } else {
2354 $watched = true;
2355 }
2356
2357 // If the page is watched by the user (or may be watched), update the timestamp on any
2358 // any matching rows
2359 if ( $watched ) {
2360 $dbw = wfGetDB( DB_MASTER );
2361 $dbw->update( 'watchlist',
2362 array( /* SET */
2363 'wl_notificationtimestamp' => null
2364 ), array( /* WHERE */
2365 'wl_title' => $title->getDBkey(),
2366 'wl_namespace' => $title->getNamespace(),
2367 'wl_user' => $this->getID()
2368 ), __METHOD__
2369 );
2370 }
2371 }
2372
2373 /**
2374 * Resets all of the given user's page-change notification timestamps.
2375 * If e-notif e-mails are on, they will receive notification mails on
2376 * the next change of any watched page.
2377 *
2378 * @param $currentUser \int User ID
2379 */
2380 function clearAllNotifications( $currentUser ) {
2381 global $wgUseEnotif, $wgShowUpdatedMarker;
2382 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2383 $this->setNewtalk( false );
2384 return;
2385 }
2386 if( $currentUser != 0 ) {
2387 $dbw = wfGetDB( DB_MASTER );
2388 $dbw->update( 'watchlist',
2389 array( /* SET */
2390 'wl_notificationtimestamp' => null
2391 ), array( /* WHERE */
2392 'wl_user' => $currentUser
2393 ), __METHOD__
2394 );
2395 # We also need to clear here the "you have new message" notification for the own user_talk page
2396 # This is cleared one page view later in Article::viewUpdates();
2397 }
2398 }
2399
2400 /**
2401 * Set this user's options from an encoded string
2402 * @param $str \string Encoded options to import
2403 * @private
2404 */
2405 function decodeOptions( $str ) {
2406 if( !$str )
2407 return;
2408
2409 $this->mOptionsLoaded = true;
2410 $this->mOptionOverrides = array();
2411
2412 $this->mOptions = array();
2413 $a = explode( "\n", $str );
2414 foreach ( $a as $s ) {
2415 $m = array();
2416 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2417 $this->mOptions[$m[1]] = $m[2];
2418 $this->mOptionOverrides[$m[1]] = $m[2];
2419 }
2420 }
2421 }
2422
2423 /**
2424 * Set a cookie on the user's client. Wrapper for
2425 * WebResponse::setCookie
2426 * @param $name \string Name of the cookie to set
2427 * @param $value \string Value to set
2428 * @param $exp \int Expiration time, as a UNIX time value;
2429 * if 0 or not specified, use the default $wgCookieExpiration
2430 */
2431 protected function setCookie( $name, $value, $exp = 0 ) {
2432 global $wgRequest;
2433 $wgRequest->response()->setcookie( $name, $value, $exp );
2434 }
2435
2436 /**
2437 * Clear a cookie on the user's client
2438 * @param $name \string Name of the cookie to clear
2439 */
2440 protected function clearCookie( $name ) {
2441 $this->setCookie( $name, '', time() - 86400 );
2442 }
2443
2444 /**
2445 * Set the default cookies for this session on the user's client.
2446 */
2447 function setCookies() {
2448 $this->load();
2449 if ( 0 == $this->mId ) return;
2450 $session = array(
2451 'wsUserID' => $this->mId,
2452 'wsToken' => $this->mToken,
2453 'wsUserName' => $this->getName()
2454 );
2455 $cookies = array(
2456 'UserID' => $this->mId,
2457 'UserName' => $this->getName(),
2458 );
2459 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2460 $cookies['Token'] = $this->mToken;
2461 } else {
2462 $cookies['Token'] = false;
2463 }
2464
2465 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2466 #check for null, since the hook could cause a null value
2467 if ( !is_null( $session ) && isset( $_SESSION ) ){
2468 $_SESSION = $session + $_SESSION;
2469 }
2470 foreach ( $cookies as $name => $value ) {
2471 if ( $value === false ) {
2472 $this->clearCookie( $name );
2473 } else {
2474 $this->setCookie( $name, $value );
2475 }
2476 }
2477 }
2478
2479 /**
2480 * Log this user out.
2481 */
2482 function logout() {
2483 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2484 $this->doLogout();
2485 }
2486 }
2487
2488 /**
2489 * Clear the user's cookies and session, and reset the instance cache.
2490 * @private
2491 * @see logout()
2492 */
2493 function doLogout() {
2494 $this->clearInstanceCache( 'defaults' );
2495
2496 $_SESSION['wsUserID'] = 0;
2497
2498 $this->clearCookie( 'UserID' );
2499 $this->clearCookie( 'Token' );
2500
2501 # Remember when user logged out, to prevent seeing cached pages
2502 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2503 }
2504
2505 /**
2506 * Save this user's settings into the database.
2507 * @todo Only rarely do all these fields need to be set!
2508 */
2509 function saveSettings() {
2510 $this->load();
2511 if ( wfReadOnly() ) { return; }
2512 if ( 0 == $this->mId ) { return; }
2513
2514 $this->mTouched = self::newTouchedTimestamp();
2515
2516 $dbw = wfGetDB( DB_MASTER );
2517 $dbw->update( 'user',
2518 array( /* SET */
2519 'user_name' => $this->mName,
2520 'user_password' => $this->mPassword,
2521 'user_newpassword' => $this->mNewpassword,
2522 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2523 'user_real_name' => $this->mRealName,
2524 'user_email' => $this->mEmail,
2525 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2526 'user_options' => '',
2527 'user_touched' => $dbw->timestamp( $this->mTouched ),
2528 'user_token' => $this->mToken,
2529 'user_email_token' => $this->mEmailToken,
2530 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2531 ), array( /* WHERE */
2532 'user_id' => $this->mId
2533 ), __METHOD__
2534 );
2535
2536 $this->saveOptions();
2537
2538 wfRunHooks( 'UserSaveSettings', array( $this ) );
2539 $this->clearSharedCache();
2540 $this->getUserPage()->invalidateCache();
2541 }
2542
2543 /**
2544 * If only this user's username is known, and it exists, return the user ID.
2545 */
2546 function idForName() {
2547 $s = trim( $this->getName() );
2548 if ( $s === '' ) return 0;
2549
2550 $dbr = wfGetDB( DB_SLAVE );
2551 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2552 if ( $id === false ) {
2553 $id = 0;
2554 }
2555 return $id;
2556 }
2557
2558 /**
2559 * Add a user to the database, return the user object
2560 *
2561 * @param $name \string Username to add
2562 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2563 * - password The user's password. Password logins will be disabled if this is omitted.
2564 * - newpassword A temporary password mailed to the user
2565 * - email The user's email address
2566 * - email_authenticated The email authentication timestamp
2567 * - real_name The user's real name
2568 * - options An associative array of non-default options
2569 * - token Random authentication token. Do not set.
2570 * - registration Registration timestamp. Do not set.
2571 *
2572 * @return \type{User} A new User object, or null if the username already exists
2573 */
2574 static function createNew( $name, $params = array() ) {
2575 $user = new User;
2576 $user->load();
2577 if ( isset( $params['options'] ) ) {
2578 $user->mOptions = $params['options'] + (array)$user->mOptions;
2579 unset( $params['options'] );
2580 }
2581 $dbw = wfGetDB( DB_MASTER );
2582 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2583 $fields = array(
2584 'user_id' => $seqVal,
2585 'user_name' => $name,
2586 'user_password' => $user->mPassword,
2587 'user_newpassword' => $user->mNewpassword,
2588 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2589 'user_email' => $user->mEmail,
2590 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2591 'user_real_name' => $user->mRealName,
2592 'user_options' => '',
2593 'user_token' => $user->mToken,
2594 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2595 'user_editcount' => 0,
2596 );
2597 foreach ( $params as $name => $value ) {
2598 $fields["user_$name"] = $value;
2599 }
2600 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2601 if ( $dbw->affectedRows() ) {
2602 $newUser = User::newFromId( $dbw->insertId() );
2603 } else {
2604 $newUser = null;
2605 }
2606 return $newUser;
2607 }
2608
2609 /**
2610 * Add this existing user object to the database
2611 */
2612 function addToDatabase() {
2613 $this->load();
2614 $dbw = wfGetDB( DB_MASTER );
2615 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2616 $dbw->insert( 'user',
2617 array(
2618 'user_id' => $seqVal,
2619 'user_name' => $this->mName,
2620 'user_password' => $this->mPassword,
2621 'user_newpassword' => $this->mNewpassword,
2622 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2623 'user_email' => $this->mEmail,
2624 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2625 'user_real_name' => $this->mRealName,
2626 'user_options' => '',
2627 'user_token' => $this->mToken,
2628 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2629 'user_editcount' => 0,
2630 ), __METHOD__
2631 );
2632 $this->mId = $dbw->insertId();
2633
2634 // Clear instance cache other than user table data, which is already accurate
2635 $this->clearInstanceCache();
2636
2637 $this->saveOptions();
2638 }
2639
2640 /**
2641 * If this (non-anonymous) user is blocked, block any IP address
2642 * they've successfully logged in from.
2643 */
2644 function spreadBlock() {
2645 wfDebug( __METHOD__ . "()\n" );
2646 $this->load();
2647 if ( $this->mId == 0 ) {
2648 return;
2649 }
2650
2651 $userblock = Block::newFromDB( '', $this->mId );
2652 if ( !$userblock ) {
2653 return;
2654 }
2655
2656 $userblock->doAutoblock( wfGetIP() );
2657 }
2658
2659 /**
2660 * Generate a string which will be different for any combination of
2661 * user options which would produce different parser output.
2662 * This will be used as part of the hash key for the parser cache,
2663 * so users with the same options can share the same cached data
2664 * safely.
2665 *
2666 * Extensions which require it should install 'PageRenderingHash' hook,
2667 * which will give them a chance to modify this key based on their own
2668 * settings.
2669 *
2670 * @return \string Page rendering hash
2671 */
2672 function getPageRenderingHash() {
2673 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2674 if( $this->mHash ){
2675 return $this->mHash;
2676 }
2677
2678 // stubthreshold is only included below for completeness,
2679 // it will always be 0 when this function is called by parsercache.
2680
2681 $confstr = $this->getOption( 'math' );
2682 $confstr .= '!' . $this->getOption( 'stubthreshold' );
2683 if ( $wgUseDynamicDates ) {
2684 $confstr .= '!' . $this->getDatePreference();
2685 }
2686 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2687 $confstr .= '!' . $wgLang->getCode();
2688 $confstr .= '!' . $this->getOption( 'thumbsize' );
2689 // add in language specific options, if any
2690 $extra = $wgContLang->getExtraHashOptions();
2691 $confstr .= $extra;
2692
2693 $confstr .= $wgRenderHashAppend;
2694
2695 // Give a chance for extensions to modify the hash, if they have
2696 // extra options or other effects on the parser cache.
2697 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2698
2699 // Make it a valid memcached key fragment
2700 $confstr = str_replace( ' ', '_', $confstr );
2701 $this->mHash = $confstr;
2702 return $confstr;
2703 }
2704
2705 /**
2706 * Get whether the user is explicitly blocked from account creation.
2707 * @return \bool True if blocked
2708 */
2709 function isBlockedFromCreateAccount() {
2710 $this->getBlockedStatus();
2711 return $this->mBlock && $this->mBlock->mCreateAccount;
2712 }
2713
2714 /**
2715 * Get whether the user is blocked from using Special:Emailuser.
2716 * @return \bool True if blocked
2717 */
2718 function isBlockedFromEmailuser() {
2719 $this->getBlockedStatus();
2720 return $this->mBlock && $this->mBlock->mBlockEmail;
2721 }
2722
2723 /**
2724 * Get whether the user is allowed to create an account.
2725 * @return \bool True if allowed
2726 */
2727 function isAllowedToCreateAccount() {
2728 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2729 }
2730
2731 /**
2732 * @deprecated
2733 */
2734 function setLoaded( $loaded ) {
2735 wfDeprecated( __METHOD__ );
2736 }
2737
2738 /**
2739 * Get this user's personal page title.
2740 *
2741 * @return \type{Title} User's personal page title
2742 */
2743 function getUserPage() {
2744 return Title::makeTitle( NS_USER, $this->getName() );
2745 }
2746
2747 /**
2748 * Get this user's talk page title.
2749 *
2750 * @return \type{Title} User's talk page title
2751 */
2752 function getTalkPage() {
2753 $title = $this->getUserPage();
2754 return $title->getTalkPage();
2755 }
2756
2757 /**
2758 * Get the maximum valid user ID.
2759 * @return \int User ID
2760 * @static
2761 */
2762 function getMaxID() {
2763 static $res; // cache
2764
2765 if ( isset( $res ) )
2766 return $res;
2767 else {
2768 $dbr = wfGetDB( DB_SLAVE );
2769 return $res = $dbr->selectField( 'user', 'max(user_id)', false, 'User::getMaxID' );
2770 }
2771 }
2772
2773 /**
2774 * Determine whether the user is a newbie. Newbies are either
2775 * anonymous IPs, or the most recently created accounts.
2776 * @return \bool True if the user is a newbie
2777 */
2778 function isNewbie() {
2779 return !$this->isAllowed( 'autoconfirmed' );
2780 }
2781
2782 /**
2783 * Check to see if the given clear-text password is one of the accepted passwords
2784 * @param $password \string user password.
2785 * @return \bool True if the given password is correct, otherwise False.
2786 */
2787 function checkPassword( $password ) {
2788 global $wgAuth;
2789 $this->load();
2790
2791 // Even though we stop people from creating passwords that
2792 // are shorter than this, doesn't mean people wont be able
2793 // to. Certain authentication plugins do NOT want to save
2794 // domain passwords in a mysql database, so we should
2795 // check this (incase $wgAuth->strict() is false).
2796 if( !$this->isValidPassword( $password ) ) {
2797 return false;
2798 }
2799
2800 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2801 return true;
2802 } elseif( $wgAuth->strict() ) {
2803 /* Auth plugin doesn't allow local authentication */
2804 return false;
2805 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2806 /* Auth plugin doesn't allow local authentication for this user name */
2807 return false;
2808 }
2809 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2810 return true;
2811 } elseif ( function_exists( 'iconv' ) ) {
2812 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2813 # Check for this with iconv
2814 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2815 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2816 return true;
2817 }
2818 }
2819 return false;
2820 }
2821
2822 /**
2823 * Check if the given clear-text password matches the temporary password
2824 * sent by e-mail for password reset operations.
2825 * @return \bool True if matches, false otherwise
2826 */
2827 function checkTemporaryPassword( $plaintext ) {
2828 global $wgNewPasswordExpiry;
2829 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2830 $this->load();
2831 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2832 return ( time() < $expiry );
2833 } else {
2834 return false;
2835 }
2836 }
2837
2838 /**
2839 * Initialize (if necessary) and return a session token value
2840 * which can be used in edit forms to show that the user's
2841 * login credentials aren't being hijacked with a foreign form
2842 * submission.
2843 *
2844 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2845 * @return \string The new edit token
2846 */
2847 function editToken( $salt = '' ) {
2848 if ( $this->isAnon() ) {
2849 return EDIT_TOKEN_SUFFIX;
2850 } else {
2851 if( !isset( $_SESSION['wsEditToken'] ) ) {
2852 $token = $this->generateToken();
2853 $_SESSION['wsEditToken'] = $token;
2854 } else {
2855 $token = $_SESSION['wsEditToken'];
2856 }
2857 if( is_array( $salt ) ) {
2858 $salt = implode( '|', $salt );
2859 }
2860 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2861 }
2862 }
2863
2864 /**
2865 * Generate a looking random token for various uses.
2866 *
2867 * @param $salt \string Optional salt value
2868 * @return \string The new random token
2869 */
2870 function generateToken( $salt = '' ) {
2871 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2872 return md5( $token . $salt );
2873 }
2874
2875 /**
2876 * Check given value against the token value stored in the session.
2877 * A match should confirm that the form was submitted from the
2878 * user's own login session, not a form submission from a third-party
2879 * site.
2880 *
2881 * @param $val \string Input value to compare
2882 * @param $salt \string Optional function-specific data for hashing
2883 * @return \bool Whether the token matches
2884 */
2885 function matchEditToken( $val, $salt = '' ) {
2886 $sessionToken = $this->editToken( $salt );
2887 if ( $val != $sessionToken ) {
2888 wfDebug( "User::matchEditToken: broken session data\n" );
2889 }
2890 return $val == $sessionToken;
2891 }
2892
2893 /**
2894 * Check given value against the token value stored in the session,
2895 * ignoring the suffix.
2896 *
2897 * @param $val \string Input value to compare
2898 * @param $salt \string Optional function-specific data for hashing
2899 * @return \bool Whether the token matches
2900 */
2901 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2902 $sessionToken = $this->editToken( $salt );
2903 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2904 }
2905
2906 /**
2907 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2908 * mail to the user's given address.
2909 *
2910 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2911 */
2912 function sendConfirmationMail() {
2913 global $wgLang;
2914 $expiration = null; // gets passed-by-ref and defined in next line.
2915 $token = $this->confirmationToken( $expiration );
2916 $url = $this->confirmationTokenUrl( $token );
2917 $invalidateURL = $this->invalidationTokenUrl( $token );
2918 $this->saveSettings();
2919
2920 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2921 wfMsg( 'confirmemail_body',
2922 wfGetIP(),
2923 $this->getName(),
2924 $url,
2925 $wgLang->timeanddate( $expiration, false ),
2926 $invalidateURL,
2927 $wgLang->date( $expiration, false ),
2928 $wgLang->time( $expiration, false ) ) );
2929 }
2930
2931 /**
2932 * Send an e-mail to this user's account. Does not check for
2933 * confirmed status or validity.
2934 *
2935 * @param $subject \string Message subject
2936 * @param $body \string Message body
2937 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2938 * @param $replyto \string Reply-To address
2939 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2940 */
2941 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2942 if( is_null( $from ) ) {
2943 global $wgPasswordSender;
2944 $from = $wgPasswordSender;
2945 }
2946
2947 $to = new MailAddress( $this );
2948 $sender = new MailAddress( $from );
2949 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2950 }
2951
2952 /**
2953 * Generate, store, and return a new e-mail confirmation code.
2954 * A hash (unsalted, since it's used as a key) is stored.
2955 *
2956 * @note Call saveSettings() after calling this function to commit
2957 * this change to the database.
2958 *
2959 * @param[out] &$expiration \mixed Accepts the expiration time
2960 * @return \string New token
2961 * @private
2962 */
2963 function confirmationToken( &$expiration ) {
2964 $now = time();
2965 $expires = $now + 7 * 24 * 60 * 60;
2966 $expiration = wfTimestamp( TS_MW, $expires );
2967 $token = $this->generateToken( $this->mId . $this->mEmail . $expires );
2968 $hash = md5( $token );
2969 $this->load();
2970 $this->mEmailToken = $hash;
2971 $this->mEmailTokenExpires = $expiration;
2972 return $token;
2973 }
2974
2975 /**
2976 * Return a URL the user can use to confirm their email address.
2977 * @param $token \string Accepts the email confirmation token
2978 * @return \string New token URL
2979 * @private
2980 */
2981 function confirmationTokenUrl( $token ) {
2982 return $this->getTokenUrl( 'ConfirmEmail', $token );
2983 }
2984
2985 /**
2986 * Return a URL the user can use to invalidate their email address.
2987 * @param $token \string Accepts the email confirmation token
2988 * @return \string New token URL
2989 * @private
2990 */
2991 function invalidationTokenUrl( $token ) {
2992 return $this->getTokenUrl( 'Invalidateemail', $token );
2993 }
2994
2995 /**
2996 * Internal function to format the e-mail validation/invalidation URLs.
2997 * This uses $wgArticlePath directly as a quickie hack to use the
2998 * hardcoded English names of the Special: pages, for ASCII safety.
2999 *
3000 * @note Since these URLs get dropped directly into emails, using the
3001 * short English names avoids insanely long URL-encoded links, which
3002 * also sometimes can get corrupted in some browsers/mailers
3003 * (bug 6957 with Gmail and Internet Explorer).
3004 *
3005 * @param $page \string Special page
3006 * @param $token \string Token
3007 * @return \string Formatted URL
3008 */
3009 protected function getTokenUrl( $page, $token ) {
3010 global $wgArticlePath;
3011 return wfExpandUrl(
3012 str_replace(
3013 '$1',
3014 "Special:$page/$token",
3015 $wgArticlePath ) );
3016 }
3017
3018 /**
3019 * Mark the e-mail address confirmed.
3020 *
3021 * @note Call saveSettings() after calling this function to commit the change.
3022 */
3023 function confirmEmail() {
3024 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3025 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3026 return true;
3027 }
3028
3029 /**
3030 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3031 * address if it was already confirmed.
3032 *
3033 * @note Call saveSettings() after calling this function to commit the change.
3034 */
3035 function invalidateEmail() {
3036 $this->load();
3037 $this->mEmailToken = null;
3038 $this->mEmailTokenExpires = null;
3039 $this->setEmailAuthenticationTimestamp( null );
3040 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3041 return true;
3042 }
3043
3044 /**
3045 * Set the e-mail authentication timestamp.
3046 * @param $timestamp \string TS_MW timestamp
3047 */
3048 function setEmailAuthenticationTimestamp( $timestamp ) {
3049 $this->load();
3050 $this->mEmailAuthenticated = $timestamp;
3051 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3052 }
3053
3054 /**
3055 * Is this user allowed to send e-mails within limits of current
3056 * site configuration?
3057 * @return \bool True if allowed
3058 */
3059 function canSendEmail() {
3060 global $wgEnableEmail, $wgEnableUserEmail;
3061 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3062 return false;
3063 }
3064 $canSend = $this->isEmailConfirmed();
3065 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3066 return $canSend;
3067 }
3068
3069 /**
3070 * Is this user allowed to receive e-mails within limits of current
3071 * site configuration?
3072 * @return \bool True if allowed
3073 */
3074 function canReceiveEmail() {
3075 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3076 }
3077
3078 /**
3079 * Is this user's e-mail address valid-looking and confirmed within
3080 * limits of the current site configuration?
3081 *
3082 * @note If $wgEmailAuthentication is on, this may require the user to have
3083 * confirmed their address by returning a code or using a password
3084 * sent to the address from the wiki.
3085 *
3086 * @return \bool True if confirmed
3087 */
3088 function isEmailConfirmed() {
3089 global $wgEmailAuthentication;
3090 $this->load();
3091 $confirmed = true;
3092 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3093 if( $this->isAnon() )
3094 return false;
3095 if( !self::isValidEmailAddr( $this->mEmail ) )
3096 return false;
3097 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3098 return false;
3099 return true;
3100 } else {
3101 return $confirmed;
3102 }
3103 }
3104
3105 /**
3106 * Check whether there is an outstanding request for e-mail confirmation.
3107 * @return \bool True if pending
3108 */
3109 function isEmailConfirmationPending() {
3110 global $wgEmailAuthentication;
3111 return $wgEmailAuthentication &&
3112 !$this->isEmailConfirmed() &&
3113 $this->mEmailToken &&
3114 $this->mEmailTokenExpires > wfTimestamp();
3115 }
3116
3117 /**
3118 * Get the timestamp of account creation.
3119 *
3120 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3121 * non-existent/anonymous user accounts.
3122 */
3123 public function getRegistration() {
3124 return $this->getId() > 0
3125 ? $this->mRegistration
3126 : false;
3127 }
3128
3129 /**
3130 * Get the timestamp of the first edit
3131 *
3132 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3133 * non-existent/anonymous user accounts.
3134 */
3135 public function getFirstEditTimestamp() {
3136 if( $this->getId() == 0 ) return false; // anons
3137 $dbr = wfGetDB( DB_SLAVE );
3138 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3139 array( 'rev_user' => $this->getId() ),
3140 __METHOD__,
3141 array( 'ORDER BY' => 'rev_timestamp ASC' )
3142 );
3143 if( !$time ) return false; // no edits
3144 return wfTimestamp( TS_MW, $time );
3145 }
3146
3147 /**
3148 * Get the permissions associated with a given list of groups
3149 *
3150 * @param $groups \type{\arrayof{\string}} List of internal group names
3151 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3152 */
3153 static function getGroupPermissions( $groups ) {
3154 global $wgGroupPermissions, $wgRevokePermissions;
3155 $rights = array();
3156 // grant every granted permission first
3157 foreach( $groups as $group ) {
3158 if( isset( $wgGroupPermissions[$group] ) ) {
3159 $rights = array_merge( $rights,
3160 // array_filter removes empty items
3161 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3162 }
3163 }
3164 // now revoke the revoked permissions
3165 foreach( $groups as $group ) {
3166 if( isset( $wgRevokePermissions[$group] ) ) {
3167 $rights = array_diff( $rights,
3168 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3169 }
3170 }
3171 return array_unique( $rights );
3172 }
3173
3174 /**
3175 * Get all the groups who have a given permission
3176 *
3177 * @param $role \string Role to check
3178 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3179 */
3180 static function getGroupsWithPermission( $role ) {
3181 global $wgGroupPermissions;
3182 $allowedGroups = array();
3183 foreach ( $wgGroupPermissions as $group => $rights ) {
3184 if ( isset( $rights[$role] ) && $rights[$role] ) {
3185 $allowedGroups[] = $group;
3186 }
3187 }
3188 return $allowedGroups;
3189 }
3190
3191 /**
3192 * Get the localized descriptive name for a group, if it exists
3193 *
3194 * @param $group \string Internal group name
3195 * @return \string Localized descriptive group name
3196 */
3197 static function getGroupName( $group ) {
3198 global $wgMessageCache;
3199 $wgMessageCache->loadAllMessages();
3200 $key = "group-$group";
3201 $name = wfMsg( $key );
3202 return $name == '' || wfEmptyMsg( $key, $name )
3203 ? $group
3204 : $name;
3205 }
3206
3207 /**
3208 * Get the localized descriptive name for a member of a group, if it exists
3209 *
3210 * @param $group \string Internal group name
3211 * @return \string Localized name for group member
3212 */
3213 static function getGroupMember( $group ) {
3214 global $wgMessageCache;
3215 $wgMessageCache->loadAllMessages();
3216 $key = "group-$group-member";
3217 $name = wfMsg( $key );
3218 return $name == '' || wfEmptyMsg( $key, $name )
3219 ? $group
3220 : $name;
3221 }
3222
3223 /**
3224 * Return the set of defined explicit groups.
3225 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3226 * are not included, as they are defined automatically, not in the database.
3227 * @return \type{\arrayof{\string}} Array of internal group names
3228 */
3229 static function getAllGroups() {
3230 global $wgGroupPermissions, $wgRevokePermissions;
3231 return array_diff(
3232 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3233 self::getImplicitGroups()
3234 );
3235 }
3236
3237 /**
3238 * Get a list of all available permissions.
3239 * @return \type{\arrayof{\string}} Array of permission names
3240 */
3241 static function getAllRights() {
3242 if ( self::$mAllRights === false ) {
3243 global $wgAvailableRights;
3244 if ( count( $wgAvailableRights ) ) {
3245 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3246 } else {
3247 self::$mAllRights = self::$mCoreRights;
3248 }
3249 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3250 }
3251 return self::$mAllRights;
3252 }
3253
3254 /**
3255 * Get a list of implicit groups
3256 * @return \type{\arrayof{\string}} Array of internal group names
3257 */
3258 public static function getImplicitGroups() {
3259 global $wgImplicitGroups;
3260 $groups = $wgImplicitGroups;
3261 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3262 return $groups;
3263 }
3264
3265 /**
3266 * Get the title of a page describing a particular group
3267 *
3268 * @param $group \string Internal group name
3269 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3270 */
3271 static function getGroupPage( $group ) {
3272 global $wgMessageCache;
3273 $wgMessageCache->loadAllMessages();
3274 $page = wfMsgForContent( 'grouppage-' . $group );
3275 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3276 $title = Title::newFromText( $page );
3277 if( is_object( $title ) )
3278 return $title;
3279 }
3280 return false;
3281 }
3282
3283 /**
3284 * Create a link to the group in HTML, if available;
3285 * else return the group name.
3286 *
3287 * @param $group \string Internal name of the group
3288 * @param $text \string The text of the link
3289 * @return \string HTML link to the group
3290 */
3291 static function makeGroupLinkHTML( $group, $text = '' ) {
3292 if( $text == '' ) {
3293 $text = self::getGroupName( $group );
3294 }
3295 $title = self::getGroupPage( $group );
3296 if( $title ) {
3297 global $wgUser;
3298 $sk = $wgUser->getSkin();
3299 return $sk->link( $title, htmlspecialchars( $text ) );
3300 } else {
3301 return $text;
3302 }
3303 }
3304
3305 /**
3306 * Create a link to the group in Wikitext, if available;
3307 * else return the group name.
3308 *
3309 * @param $group \string Internal name of the group
3310 * @param $text \string The text of the link
3311 * @return \string Wikilink to the group
3312 */
3313 static function makeGroupLinkWiki( $group, $text = '' ) {
3314 if( $text == '' ) {
3315 $text = self::getGroupName( $group );
3316 }
3317 $title = self::getGroupPage( $group );
3318 if( $title ) {
3319 $page = $title->getPrefixedText();
3320 return "[[$page|$text]]";
3321 } else {
3322 return $text;
3323 }
3324 }
3325
3326 /**
3327 * Returns an array of the groups that a particular group can add/remove.
3328 *
3329 * @param $group String: the group to check for whether it can add/remove
3330 * @return Array array( 'add' => array( addablegroups ),
3331 * 'remove' => array( removablegroups ),
3332 * 'add-self' => array( addablegroups to self),
3333 * 'remove-self' => array( removable groups from self) )
3334 */
3335 static function changeableByGroup( $group ) {
3336 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3337
3338 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3339 if( empty( $wgAddGroups[$group] ) ) {
3340 // Don't add anything to $groups
3341 } elseif( $wgAddGroups[$group] === true ) {
3342 // You get everything
3343 $groups['add'] = self::getAllGroups();
3344 } elseif( is_array( $wgAddGroups[$group] ) ) {
3345 $groups['add'] = $wgAddGroups[$group];
3346 }
3347
3348 // Same thing for remove
3349 if( empty( $wgRemoveGroups[$group] ) ) {
3350 } elseif( $wgRemoveGroups[$group] === true ) {
3351 $groups['remove'] = self::getAllGroups();
3352 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3353 $groups['remove'] = $wgRemoveGroups[$group];
3354 }
3355
3356 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3357 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3358 foreach( $wgGroupsAddToSelf as $key => $value ) {
3359 if( is_int( $key ) ) {
3360 $wgGroupsAddToSelf['user'][] = $value;
3361 }
3362 }
3363 }
3364
3365 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3366 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3367 if( is_int( $key ) ) {
3368 $wgGroupsRemoveFromSelf['user'][] = $value;
3369 }
3370 }
3371 }
3372
3373 // Now figure out what groups the user can add to him/herself
3374 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3375 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3376 // No idea WHY this would be used, but it's there
3377 $groups['add-self'] = User::getAllGroups();
3378 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3379 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3380 }
3381
3382 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3383 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3384 $groups['remove-self'] = User::getAllGroups();
3385 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3386 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3387 }
3388
3389 return $groups;
3390 }
3391
3392 /**
3393 * Returns an array of groups that this user can add and remove
3394 * @return Array array( 'add' => array( addablegroups ),
3395 * 'remove' => array( removablegroups ),
3396 * 'add-self' => array( addablegroups to self),
3397 * 'remove-self' => array( removable groups from self) )
3398 */
3399 function changeableGroups() {
3400 if( $this->isAllowed( 'userrights' ) ) {
3401 // This group gives the right to modify everything (reverse-
3402 // compatibility with old "userrights lets you change
3403 // everything")
3404 // Using array_merge to make the groups reindexed
3405 $all = array_merge( User::getAllGroups() );
3406 return array(
3407 'add' => $all,
3408 'remove' => $all,
3409 'add-self' => array(),
3410 'remove-self' => array()
3411 );
3412 }
3413
3414 // Okay, it's not so simple, we will have to go through the arrays
3415 $groups = array(
3416 'add' => array(),
3417 'remove' => array(),
3418 'add-self' => array(),
3419 'remove-self' => array()
3420 );
3421 $addergroups = $this->getEffectiveGroups();
3422
3423 foreach( $addergroups as $addergroup ) {
3424 $groups = array_merge_recursive(
3425 $groups, $this->changeableByGroup( $addergroup )
3426 );
3427 $groups['add'] = array_unique( $groups['add'] );
3428 $groups['remove'] = array_unique( $groups['remove'] );
3429 $groups['add-self'] = array_unique( $groups['add-self'] );
3430 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3431 }
3432 return $groups;
3433 }
3434
3435 /**
3436 * Increment the user's edit-count field.
3437 * Will have no effect for anonymous users.
3438 */
3439 function incEditCount() {
3440 if( !$this->isAnon() ) {
3441 $dbw = wfGetDB( DB_MASTER );
3442 $dbw->update( 'user',
3443 array( 'user_editcount=user_editcount+1' ),
3444 array( 'user_id' => $this->getId() ),
3445 __METHOD__ );
3446
3447 // Lazy initialization check...
3448 if( $dbw->affectedRows() == 0 ) {
3449 // Pull from a slave to be less cruel to servers
3450 // Accuracy isn't the point anyway here
3451 $dbr = wfGetDB( DB_SLAVE );
3452 $count = $dbr->selectField( 'revision',
3453 'COUNT(rev_user)',
3454 array( 'rev_user' => $this->getId() ),
3455 __METHOD__ );
3456
3457 // Now here's a goddamn hack...
3458 if( $dbr !== $dbw ) {
3459 // If we actually have a slave server, the count is
3460 // at least one behind because the current transaction
3461 // has not been committed and replicated.
3462 $count++;
3463 } else {
3464 // But if DB_SLAVE is selecting the master, then the
3465 // count we just read includes the revision that was
3466 // just added in the working transaction.
3467 }
3468
3469 $dbw->update( 'user',
3470 array( 'user_editcount' => $count ),
3471 array( 'user_id' => $this->getId() ),
3472 __METHOD__ );
3473 }
3474 }
3475 // edit count in user cache too
3476 $this->invalidateCache();
3477 }
3478
3479 /**
3480 * Get the description of a given right
3481 *
3482 * @param $right \string Right to query
3483 * @return \string Localized description of the right
3484 */
3485 static function getRightDescription( $right ) {
3486 global $wgMessageCache;
3487 $wgMessageCache->loadAllMessages();
3488 $key = "right-$right";
3489 $name = wfMsg( $key );
3490 return $name == '' || wfEmptyMsg( $key, $name )
3491 ? $right
3492 : $name;
3493 }
3494
3495 /**
3496 * Make an old-style password hash
3497 *
3498 * @param $password \string Plain-text password
3499 * @param $userId \string User ID
3500 * @return \string Password hash
3501 */
3502 static function oldCrypt( $password, $userId ) {
3503 global $wgPasswordSalt;
3504 if ( $wgPasswordSalt ) {
3505 return md5( $userId . '-' . md5( $password ) );
3506 } else {
3507 return md5( $password );
3508 }
3509 }
3510
3511 /**
3512 * Make a new-style password hash
3513 *
3514 * @param $password \string Plain-text password
3515 * @param $salt \string Optional salt, may be random or the user ID.
3516 * If unspecified or false, will generate one automatically
3517 * @return \string Password hash
3518 */
3519 static function crypt( $password, $salt = false ) {
3520 global $wgPasswordSalt;
3521
3522 $hash = '';
3523 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3524 return $hash;
3525 }
3526
3527 if( $wgPasswordSalt ) {
3528 if ( $salt === false ) {
3529 $salt = substr( wfGenerateToken(), 0, 8 );
3530 }
3531 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3532 } else {
3533 return ':A:' . md5( $password );
3534 }
3535 }
3536
3537 /**
3538 * Compare a password hash with a plain-text password. Requires the user
3539 * ID if there's a chance that the hash is an old-style hash.
3540 *
3541 * @param $hash \string Password hash
3542 * @param $password \string Plain-text password to compare
3543 * @param $userId \string User ID for old-style password salt
3544 * @return \bool
3545 */
3546 static function comparePasswords( $hash, $password, $userId = false ) {
3547 $m = false;
3548 $type = substr( $hash, 0, 3 );
3549
3550 $result = false;
3551 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3552 return $result;
3553 }
3554
3555 if ( $type == ':A:' ) {
3556 # Unsalted
3557 return md5( $password ) === substr( $hash, 3 );
3558 } elseif ( $type == ':B:' ) {
3559 # Salted
3560 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3561 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3562 } else {
3563 # Old-style
3564 return self::oldCrypt( $password, $userId ) === $hash;
3565 }
3566 }
3567
3568 /**
3569 * Add a newuser log entry for this user
3570 * @param $byEmail Boolean: account made by email?
3571 */
3572 public function addNewUserLogEntry( $byEmail = false ) {
3573 global $wgUser, $wgNewUserLog;
3574 if( empty( $wgNewUserLog ) ) {
3575 return true; // disabled
3576 }
3577
3578 if( $this->getName() == $wgUser->getName() ) {
3579 $action = 'create';
3580 $message = '';
3581 } else {
3582 $action = 'create2';
3583 $message = $byEmail
3584 ? wfMsgForContent( 'newuserlog-byemail' )
3585 : '';
3586 }
3587 $log = new LogPage( 'newusers' );
3588 $log->addEntry(
3589 $action,
3590 $this->getUserPage(),
3591 $message,
3592 array( $this->getId() )
3593 );
3594 return true;
3595 }
3596
3597 /**
3598 * Add an autocreate newuser log entry for this user
3599 * Used by things like CentralAuth and perhaps other authplugins.
3600 */
3601 public function addNewUserLogEntryAutoCreate() {
3602 global $wgNewUserLog;
3603 if( empty( $wgNewUserLog ) ) {
3604 return true; // disabled
3605 }
3606 $log = new LogPage( 'newusers', false );
3607 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3608 return true;
3609 }
3610
3611 protected function loadOptions() {
3612 $this->load();
3613 if ( $this->mOptionsLoaded || !$this->getId() )
3614 return;
3615
3616 $this->mOptions = self::getDefaultOptions();
3617
3618 // Maybe load from the object
3619 if ( !is_null( $this->mOptionOverrides ) ) {
3620 wfDebug( "Loading options for user " . $this->getId() . " from override cache.\n" );
3621 foreach( $this->mOptionOverrides as $key => $value ) {
3622 $this->mOptions[$key] = $value;
3623 }
3624 } else {
3625 wfDebug( "Loading options for user " . $this->getId() . " from database.\n" );
3626 // Load from database
3627 $dbr = wfGetDB( DB_SLAVE );
3628
3629 $res = $dbr->select(
3630 'user_properties',
3631 '*',
3632 array( 'up_user' => $this->getId() ),
3633 __METHOD__
3634 );
3635
3636 while( $row = $dbr->fetchObject( $res ) ) {
3637 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3638 $this->mOptions[$row->up_property] = $row->up_value;
3639 }
3640 }
3641
3642 $this->mOptionsLoaded = true;
3643
3644 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3645 }
3646
3647 protected function saveOptions() {
3648 global $wgAllowPrefChange;
3649
3650 $extuser = ExternalUser::newFromUser( $this );
3651
3652 $this->loadOptions();
3653 $dbw = wfGetDB( DB_MASTER );
3654
3655 $insert_rows = array();
3656
3657 $saveOptions = $this->mOptions;
3658
3659 // Allow hooks to abort, for instance to save to a global profile.
3660 // Reset options to default state before saving.
3661 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3662 return;
3663
3664 foreach( $saveOptions as $key => $value ) {
3665 # Don't bother storing default values
3666 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3667 !( $value === false || is_null($value) ) ) ||
3668 $value != self::getDefaultOption( $key ) ) {
3669 $insert_rows[] = array(
3670 'up_user' => $this->getId(),
3671 'up_property' => $key,
3672 'up_value' => $value,
3673 );
3674 }
3675 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3676 switch ( $wgAllowPrefChange[$key] ) {
3677 case 'local':
3678 case 'message':
3679 break;
3680 case 'semiglobal':
3681 case 'global':
3682 $extuser->setPref( $key, $value );
3683 }
3684 }
3685 }
3686
3687 $dbw->begin();
3688 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3689 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3690 $dbw->commit();
3691 }
3692
3693 /**
3694 * Provide an array of HTML5 attributes to put on an input element
3695 * intended for the user to enter a new password. This may include
3696 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3697 *
3698 * Do *not* use this when asking the user to enter his current password!
3699 * Regardless of configuration, users may have invalid passwords for whatever
3700 * reason (e.g., they were set before requirements were tightened up).
3701 * Only use it when asking for a new password, like on account creation or
3702 * ResetPass.
3703 *
3704 * Obviously, you still need to do server-side checking.
3705 *
3706 * @return array Array of HTML attributes suitable for feeding to
3707 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3708 * That will potentially output invalid XHTML 1.0 Transitional, and will
3709 * get confused by the boolean attribute syntax used.)
3710 */
3711 public static function passwordChangeInputAttribs() {
3712 global $wgMinimalPasswordLength;
3713
3714 if ( $wgMinimalPasswordLength == 0 ) {
3715 return array();
3716 }
3717
3718 # Note that the pattern requirement will always be satisfied if the
3719 # input is empty, so we need required in all cases.
3720 $ret = array( 'required' );
3721
3722 # We can't actually do this right now, because Opera 9.6 will print out
3723 # the entered password visibly in its error message! When other
3724 # browsers add support for this attribute, or Opera fixes its support,
3725 # we can add support with a version check to avoid doing this on Opera
3726 # versions where it will be a problem. Reported to Opera as
3727 # DSK-262266, but they don't have a public bug tracker for us to follow.
3728 /*
3729 if ( $wgMinimalPasswordLength > 1 ) {
3730 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3731 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3732 $wgMinimalPasswordLength );
3733 }
3734 */
3735
3736 return $ret;
3737 }
3738 }
MediaWiki Core