search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
To prevent creepy errors like bug 28908, raised PHPUnit requirement to 3.5
[mediawiki.git] / includes / User.php
blob3ba7a953ff725c3bb9ea05587eb9972991b78257
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * Int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * Int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * String Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44 /**
45 * Global constants made accessible as class constants so that autoloader
46 * magic can be used.
47 */
48 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
49 const MW_USER_VERSION = MW_USER_VERSION;
50 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
51
52 /**
53 * Array of Strings List of member variables which are saved to the
54 * shared cache (memcached). Any operation which changes the
55 * corresponding database fields must call a cache-clearing function.
56 * @showinitializer
57 */
58 static $mCacheVars = array(
59 // user table
60 'mId',
61 'mName',
62 'mRealName',
63 'mPassword',
64 'mNewpassword',
65 'mNewpassTime',
66 'mEmail',
67 'mTouched',
68 'mToken',
69 'mEmailAuthenticated',
70 'mEmailToken',
71 'mEmailTokenExpires',
72 'mRegistration',
73 'mEditCount',
74 // user_group table
75 'mGroups',
76 // user_properties table
77 'mOptionOverrides',
78 );
79
80 /**
81 * Array of Strings Core rights.
82 * Each of these should have a corresponding message of the form
83 * "right-$right".
84 * @showinitializer
85 */
86 static $mCoreRights = array(
87 'apihighlimits',
88 'autoconfirmed',
89 'autopatrol',
90 'bigdelete',
91 'block',
92 'blockemail',
93 'bot',
94 'browsearchive',
95 'createaccount',
96 'createpage',
97 'createtalk',
98 'delete',
99 'deletedhistory',
100 'deletedtext',
101 'deleterevision',
102 'disableaccount',
103 'edit',
104 'editinterface',
105 'editusercssjs', #deprecated
106 'editusercss',
107 'edituserjs',
108 'hideuser',
109 'import',
110 'importupload',
111 'ipblock-exempt',
112 'markbotedits',
113 'mergehistory',
114 'minoredit',
115 'move',
116 'movefile',
117 'move-rootuserpages',
118 'move-subpages',
119 'nominornewtalk',
120 'noratelimit',
121 'override-export-depth',
122 'patrol',
123 'protect',
124 'proxyunbannable',
125 'purge',
126 'read',
127 'reupload',
128 'reupload-shared',
129 'rollback',
130 'selenium',
131 'sendemail',
132 'siteadmin',
133 'suppressionlog',
134 'suppressredirect',
135 'suppressrevision',
136 'trackback',
137 'undelete',
138 'unwatchedpages',
139 'upload',
140 'upload_by_url',
141 'userrights',
142 'userrights-interwiki',
143 'writeapi',
144 );
145 /**
146 * String Cached results of getAllRights()
147 */
148 static $mAllRights = false;
149
150 /** @name Cache variables */
151 //@{
152 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
153 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
154 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
155 //@}
156
157 /**
158 * Bool Whether the cache variables have been loaded.
159 */
160 //@{
161 var $mOptionsLoaded;
162 private $mLoadedItems = array();
163 //@}
164
165 /**
166 * String Initialization data source if mLoadedItems!==true. May be one of:
167 * - 'defaults' anonymous user initialised from class defaults
168 * - 'name' initialise from mName
169 * - 'id' initialise from mId
170 * - 'session' log in from cookies or session if possible
171 *
172 * Use the User::newFrom*() family of functions to set this.
173 */
174 var $mFrom;
175
176 /**
177 * Lazy-initialized variables, invalidated with clearInstanceCache
178 */
179 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
180 $mBlockreason, $mEffectiveGroups, $mBlockedGlobally,
181 $mLocked, $mHideName, $mOptions;
182
183 /**
184 * @var Skin
185 */
186 var $mSkin;
187
188 /**
189 * @var Block
190 */
191 var $mBlock;
192
193 static $idCacheByName = array();
194
195 /**
196 * Lightweight constructor for an anonymous user.
197 * Use the User::newFrom* factory functions for other kinds of users.
198 *
199 * @see newFromName()
200 * @see newFromId()
201 * @see newFromConfirmationCode()
202 * @see newFromSession()
203 * @see newFromRow()
204 */
205 function __construct() {
206 $this->clearInstanceCache( 'defaults' );
207 }
208
209 function __toString(){
210 return $this->getName();
211 }
212
213 /**
214 * Load the user table data for this object from the source given by mFrom.
215 */
216 function load() {
217 if ( $this->mLoadedItems === true ) {
218 return;
219 }
220 wfProfileIn( __METHOD__ );
221
222 # Set it now to avoid infinite recursion in accessors
223 $this->mLoadedItems = true;
224
225 switch ( $this->mFrom ) {
226 case 'defaults':
227 $this->loadDefaults();
228 break;
229 case 'name':
230 $this->mId = self::idFromName( $this->mName );
231 if ( !$this->mId ) {
232 # Nonexistent user placeholder object
233 $this->loadDefaults( $this->mName );
234 } else {
235 $this->loadFromId();
236 }
237 break;
238 case 'id':
239 $this->loadFromId();
240 break;
241 case 'session':
242 $this->loadFromSession();
243 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
244 break;
245 default:
246 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
247 }
248 wfProfileOut( __METHOD__ );
249 }
250
251 /**
252 * Load user table data, given mId has already been set.
253 * @return Bool false if the ID does not exist, true otherwise
254 * @private
255 */
256 function loadFromId() {
257 global $wgMemc;
258 if ( $this->mId == 0 ) {
259 $this->loadDefaults();
260 return false;
261 }
262
263 # Try cache
264 $key = wfMemcKey( 'user', 'id', $this->mId );
265 $data = $wgMemc->get( $key );
266 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
267 # Object is expired, load from DB
268 $data = false;
269 }
270
271 if ( !$data ) {
272 wfDebug( "User: cache miss for user {$this->mId}\n" );
273 # Load from DB
274 if ( !$this->loadFromDatabase() ) {
275 # Can't load from ID, user is anonymous
276 return false;
277 }
278 $this->saveToCache();
279 } else {
280 wfDebug( "User: got user {$this->mId} from cache\n" );
281 # Restore from cache
282 foreach ( self::$mCacheVars as $name ) {
283 $this->$name = $data[$name];
284 }
285 }
286 return true;
287 }
288
289 /**
290 * Save user data to the shared cache
291 */
292 function saveToCache() {
293 $this->load();
294 $this->loadGroups();
295 $this->loadOptions();
296 if ( $this->isAnon() ) {
297 // Anonymous users are uncached
298 return;
299 }
300 $data = array();
301 foreach ( self::$mCacheVars as $name ) {
302 $data[$name] = $this->$name;
303 }
304 $data['mVersion'] = MW_USER_VERSION;
305 $key = wfMemcKey( 'user', 'id', $this->mId );
306 global $wgMemc;
307 $wgMemc->set( $key, $data );
308 }
309
310
311 /** @name newFrom*() static factory methods */
312 //@{
313
314 /**
315 * Static factory method for creation from username.
316 *
317 * This is slightly less efficient than newFromId(), so use newFromId() if
318 * you have both an ID and a name handy.
319 *
320 * @param $name String Username, validated by Title::newFromText()
321 * @param $validate String|Bool Validate username. Takes the same parameters as
322 * User::getCanonicalName(), except that true is accepted as an alias
323 * for 'valid', for BC.
324 *
325 * @return User object, or false if the username is invalid
326 * (e.g. if it contains illegal characters or is an IP address). If the
327 * username is not present in the database, the result will be a user object
328 * with a name, zero user ID and default settings.
329 */
330 static function newFromName( $name, $validate = 'valid' ) {
331 if ( $validate === true ) {
332 $validate = 'valid';
333 }
334 $name = self::getCanonicalName( $name, $validate );
335 if ( $name === false ) {
336 return false;
337 } else {
338 # Create unloaded user object
339 $u = new User;
340 $u->mName = $name;
341 $u->mFrom = 'name';
342 $u->setItemLoaded( 'name' );
343 return $u;
344 }
345 }
346
347 /**
348 * Static factory method for creation from a given user ID.
349 *
350 * @param $id Int Valid user ID
351 * @return User The corresponding User object
352 */
353 static function newFromId( $id ) {
354 $u = new User;
355 $u->mId = $id;
356 $u->mFrom = 'id';
357 $u->setItemLoaded( 'id' );
358 return $u;
359 }
360
361 /**
362 * Factory method to fetch whichever user has a given email confirmation code.
363 * This code is generated when an account is created or its e-mail address
364 * has changed.
365 *
366 * If the code is invalid or has expired, returns NULL.
367 *
368 * @param $code String Confirmation code
369 * @return User
370 */
371 static function newFromConfirmationCode( $code ) {
372 $dbr = wfGetDB( DB_SLAVE );
373 $id = $dbr->selectField( 'user', 'user_id', array(
374 'user_email_token' => md5( $code ),
375 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
376 ) );
377 if( $id !== false ) {
378 return User::newFromId( $id );
379 } else {
380 return null;
381 }
382 }
383
384 /**
385 * Create a new user object using data from session or cookies. If the
386 * login credentials are invalid, the result is an anonymous user.
387 *
388 * @return User
389 */
390 static function newFromSession() {
391 $user = new User;
392 $user->mFrom = 'session';
393 return $user;
394 }
395
396 /**
397 * Create a new user object from a user row.
398 * The row should have the following fields from the user table in it:
399 * - either user_name or user_id to load further data if needed (or both)
400 * - user_real_name
401 * - all other fields (email, password, etc.)
402 * It is useless to provide the remaining fields if either user_id,
403 * user_name and user_real_name are not provided because the whole row
404 * will be loaded once more from the database when accessing them.
405 *
406 * @param $row Array A row from the user table
407 * @return User
408 */
409 static function newFromRow( $row ) {
410 $user = new User;
411 $user->loadFromRow( $row );
412 return $user;
413 }
414
415 //@}
416
417
418 /**
419 * Get the username corresponding to a given user ID
420 * @param $id Int User ID
421 * @return String The corresponding username
422 */
423 static function whoIs( $id ) {
424 $dbr = wfGetDB( DB_SLAVE );
425 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
426 }
427
428 /**
429 * Get the real name of a user given their user ID
430 *
431 * @param $id Int User ID
432 * @return String The corresponding user's real name
433 */
434 static function whoIsReal( $id ) {
435 $dbr = wfGetDB( DB_SLAVE );
436 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
437 }
438
439 /**
440 * Get database id given a user name
441 * @param $name String Username
442 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
443 */
444 static function idFromName( $name ) {
445 $nt = Title::makeTitleSafe( NS_USER, $name );
446 if( is_null( $nt ) ) {
447 # Illegal name
448 return null;
449 }
450
451 if ( isset( self::$idCacheByName[$name] ) ) {
452 return self::$idCacheByName[$name];
453 }
454
455 $dbr = wfGetDB( DB_SLAVE );
456 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
457
458 if ( $s === false ) {
459 $result = null;
460 } else {
461 $result = $s->user_id;
462 }
463
464 self::$idCacheByName[$name] = $result;
465
466 if ( count( self::$idCacheByName ) > 1000 ) {
467 self::$idCacheByName = array();
468 }
469
470 return $result;
471 }
472
473 /**
474 * Reset the cache used in idFromName(). For use in tests.
475 */
476 public static function resetIdByNameCache() {
477 self::$idCacheByName = array();
478 }
479
480 /**
481 * Does the string match an anonymous IPv4 address?
482 *
483 * This function exists for username validation, in order to reject
484 * usernames which are similar in form to IP addresses. Strings such
485 * as 300.300.300.300 will return true because it looks like an IP
486 * address, despite not being strictly valid.
487 *
488 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
489 * address because the usemod software would "cloak" anonymous IP
490 * addresses like this, if we allowed accounts like this to be created
491 * new users could get the old edits of these anonymous users.
492 *
493 * @param $name String to match
494 * @return Bool
495 */
496 static function isIP( $name ) {
497 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
498 }
499
500 /**
501 * Is the input a valid username?
502 *
503 * Checks if the input is a valid username, we don't want an empty string,
504 * an IP address, anything that containins slashes (would mess up subpages),
505 * is longer than the maximum allowed username size or doesn't begin with
506 * a capital letter.
507 *
508 * @param $name String to match
509 * @return Bool
510 */
511 static function isValidUserName( $name ) {
512 global $wgContLang, $wgMaxNameChars;
513
514 if ( $name == ''
515 || User::isIP( $name )
516 || strpos( $name, '/' ) !== false
517 || strlen( $name ) > $wgMaxNameChars
518 || $name != $wgContLang->ucfirst( $name ) ) {
519 wfDebugLog( 'username', __METHOD__ .
520 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
521 return false;
522 }
523
524 // Ensure that the name can't be misresolved as a different title,
525 // such as with extra namespace keys at the start.
526 $parsed = Title::newFromText( $name );
527 if( is_null( $parsed )
528 || $parsed->getNamespace()
529 || strcmp( $name, $parsed->getPrefixedText() ) ) {
530 wfDebugLog( 'username', __METHOD__ .
531 ": '$name' invalid due to ambiguous prefixes" );
532 return false;
533 }
534
535 // Check an additional blacklist of troublemaker characters.
536 // Should these be merged into the title char list?
537 $unicodeBlacklist = '/[' .
538 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
539 '\x{00a0}' . # non-breaking space
540 '\x{2000}-\x{200f}' . # various whitespace
541 '\x{2028}-\x{202f}' . # breaks and control chars
542 '\x{3000}' . # ideographic space
543 '\x{e000}-\x{f8ff}' . # private use
544 ']/u';
545 if( preg_match( $unicodeBlacklist, $name ) ) {
546 wfDebugLog( 'username', __METHOD__ .
547 ": '$name' invalid due to blacklisted characters" );
548 return false;
549 }
550
551 return true;
552 }
553
554 /**
555 * Usernames which fail to pass this function will be blocked
556 * from user login and new account registrations, but may be used
557 * internally by batch processes.
558 *
559 * If an account already exists in this form, login will be blocked
560 * by a failure to pass this function.
561 *
562 * @param $name String to match
563 * @return Bool
564 */
565 static function isUsableName( $name ) {
566 global $wgReservedUsernames;
567 // Must be a valid username, obviously ;)
568 if ( !self::isValidUserName( $name ) ) {
569 return false;
570 }
571
572 static $reservedUsernames = false;
573 if ( !$reservedUsernames ) {
574 $reservedUsernames = $wgReservedUsernames;
575 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
576 }
577
578 // Certain names may be reserved for batch processes.
579 foreach ( $reservedUsernames as $reserved ) {
580 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
581 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
582 }
583 if ( $reserved == $name ) {
584 return false;
585 }
586 }
587 return true;
588 }
589
590 /**
591 * Usernames which fail to pass this function will be blocked
592 * from new account registrations, but may be used internally
593 * either by batch processes or by user accounts which have
594 * already been created.
595 *
596 * Additional blacklisting may be added here rather than in
597 * isValidUserName() to avoid disrupting existing accounts.
598 *
599 * @param $name String to match
600 * @return Bool
601 */
602 static function isCreatableName( $name ) {
603 global $wgInvalidUsernameCharacters;
604
605 // Ensure that the username isn't longer than 235 bytes, so that
606 // (at least for the builtin skins) user javascript and css files
607 // will work. (bug 23080)
608 if( strlen( $name ) > 235 ) {
609 wfDebugLog( 'username', __METHOD__ .
610 ": '$name' invalid due to length" );
611 return false;
612 }
613
614 // Preg yells if you try to give it an empty string
615 if( $wgInvalidUsernameCharacters !== '' ) {
616 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
617 wfDebugLog( 'username', __METHOD__ .
618 ": '$name' invalid due to wgInvalidUsernameCharacters" );
619 return false;
620 }
621 }
622
623 return self::isUsableName( $name );
624 }
625
626 /**
627 * Is the input a valid password for this user?
628 *
629 * @param $password String Desired password
630 * @return Bool
631 */
632 function isValidPassword( $password ) {
633 //simple boolean wrapper for getPasswordValidity
634 return $this->getPasswordValidity( $password ) === true;
635 }
636
637 /**
638 * Given unvalidated password input, return error message on failure.
639 *
640 * @param $password String Desired password
641 * @return mixed: true on success, string or array of error message on failure
642 */
643 function getPasswordValidity( $password ) {
644 global $wgMinimalPasswordLength, $wgContLang;
645
646 static $blockedLogins = array(
647 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
648 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
649 );
650
651 $result = false; //init $result to false for the internal checks
652
653 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
654 return $result;
655
656 if ( $result === false ) {
657 if( strlen( $password ) < $wgMinimalPasswordLength ) {
658 return 'passwordtooshort';
659 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
660 return 'password-name-match';
661 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
662 return 'password-login-forbidden';
663 } else {
664 //it seems weird returning true here, but this is because of the
665 //initialization of $result to false above. If the hook is never run or it
666 //doesn't modify $result, then we will likely get down into this if with
667 //a valid password.
668 return true;
669 }
670 } elseif( $result === true ) {
671 return true;
672 } else {
673 return $result; //the isValidPassword hook set a string $result and returned true
674 }
675 }
676
677 /**
678 * Does a string look like an e-mail address?
679 *
680 * This validates an email address using an HTML5 specification found at:
681 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
682 * Which as of 2011-01-24 says:
683 *
684 * A valid e-mail address is a string that matches the ABNF production
685 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
686 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
687 * 3.5.
688 *
689 * This function is an implementation of the specification as requested in
690 * bug 22449.
691 *
692 * Client-side forms will use the same standard validation rules via JS or
693 * HTML 5 validation; additional restrictions can be enforced server-side
694 * by extensions via the 'isValidEmailAddr' hook.
695 *
696 * Note that this validation doesn't 100% match RFC 2822, but is believed
697 * to be liberal enough for wide use. Some invalid addresses will still
698 * pass validation here.
699 *
700 * @param $addr String E-mail address
701 * @return Bool
702 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
703 */
704 public static function isValidEmailAddr( $addr ) {
705 return Sanitizer::validateEmail( $addr );
706 }
707
708 /**
709 * Given unvalidated user input, return a canonical username, or false if
710 * the username is invalid.
711 * @param $name String User input
712 * @param $validate String|Bool type of validation to use:
713 * - false No validation
714 * - 'valid' Valid for batch processes
715 * - 'usable' Valid for batch processes and login
716 * - 'creatable' Valid for batch processes, login and account creation
717 */
718 static function getCanonicalName( $name, $validate = 'valid' ) {
719 # Force usernames to capital
720 global $wgContLang;
721 $name = $wgContLang->ucfirst( $name );
722
723 # Reject names containing '#'; these will be cleaned up
724 # with title normalisation, but then it's too late to
725 # check elsewhere
726 if( strpos( $name, '#' ) !== false )
727 return false;
728
729 # Clean up name according to title rules
730 $t = ( $validate === 'valid' ) ?
731 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
732 # Check for invalid titles
733 if( is_null( $t ) ) {
734 return false;
735 }
736
737 # Reject various classes of invalid names
738 global $wgAuth;
739 $name = $wgAuth->getCanonicalName( $t->getText() );
740
741 switch ( $validate ) {
742 case false:
743 break;
744 case 'valid':
745 if ( !User::isValidUserName( $name ) ) {
746 $name = false;
747 }
748 break;
749 case 'usable':
750 if ( !User::isUsableName( $name ) ) {
751 $name = false;
752 }
753 break;
754 case 'creatable':
755 if ( !User::isCreatableName( $name ) ) {
756 $name = false;
757 }
758 break;
759 default:
760 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
761 }
762 return $name;
763 }
764
765 /**
766 * Count the number of edits of a user
767 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
768 *
769 * @param $uid Int User ID to check
770 * @return Int the user's edit count
771 */
772 static function edits( $uid ) {
773 wfProfileIn( __METHOD__ );
774 $dbr = wfGetDB( DB_SLAVE );
775 // check if the user_editcount field has been initialized
776 $field = $dbr->selectField(
777 'user', 'user_editcount',
778 array( 'user_id' => $uid ),
779 __METHOD__
780 );
781
782 if( $field === null ) { // it has not been initialized. do so.
783 $dbw = wfGetDB( DB_MASTER );
784 $count = $dbr->selectField(
785 'revision', 'count(*)',
786 array( 'rev_user' => $uid ),
787 __METHOD__
788 );
789 $dbw->update(
790 'user',
791 array( 'user_editcount' => $count ),
792 array( 'user_id' => $uid ),
793 __METHOD__
794 );
795 } else {
796 $count = $field;
797 }
798 wfProfileOut( __METHOD__ );
799 return $count;
800 }
801
802 /**
803 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
804 * @todo hash random numbers to improve security, like generateToken()
805 *
806 * @return String new random password
807 */
808 static function randomPassword() {
809 global $wgMinimalPasswordLength;
810 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
811 $l = strlen( $pwchars ) - 1;
812
813 $pwlength = max( 7, $wgMinimalPasswordLength );
814 $digit = mt_rand( 0, $pwlength - 1 );
815 $np = '';
816 for ( $i = 0; $i < $pwlength; $i++ ) {
817 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars[ mt_rand( 0, $l ) ];
818 }
819 return $np;
820 }
821
822 /**
823 * Set cached properties to default.
824 *
825 * @note This no longer clears uncached lazy-initialised properties;
826 * the constructor does that instead.
827 * @private
828 */
829 function loadDefaults( $name = false ) {
830 wfProfileIn( __METHOD__ );
831
832 global $wgRequest;
833
834 $this->mId = 0;
835 $this->mName = $name;
836 $this->mRealName = '';
837 $this->mPassword = $this->mNewpassword = '';
838 $this->mNewpassTime = null;
839 $this->mEmail = '';
840 $this->mOptionOverrides = null;
841 $this->mOptionsLoaded = false;
842
843 if( $wgRequest->getCookie( 'LoggedOut' ) !== null ) {
844 $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie( 'LoggedOut' ) );
845 } else {
846 $this->mTouched = '0'; # Allow any pages to be cached
847 }
848
849 $this->setToken(); # Random
850 $this->mEmailAuthenticated = null;
851 $this->mEmailToken = '';
852 $this->mEmailTokenExpires = null;
853 $this->mRegistration = wfTimestamp( TS_MW );
854 $this->mGroups = array();
855
856 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
857
858 wfProfileOut( __METHOD__ );
859 }
860
861 /**
862 * Return whether an item has been loaded.
863 *
864 * @param $item String: item to check. Current possibilities:
865 * - id
866 * - name
867 * - realname
868 * @param $all String: 'all' to check if the whole object has been loaded
869 * or any other string to check if only the item is available (e.g.
870 * for optimisation)
871 * @return Boolean
872 */
873 public function isItemLoaded( $item, $all = 'all' ) {
874 return ( $this->mLoadedItems === true && $all === 'all' ) ||
875 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
876 }
877
878 /**
879 * Set that an item has been loaded
880 *
881 * @param $item String
882 */
883 private function setItemLoaded( $item ) {
884 if ( is_array( $this->mLoadedItems ) ) {
885 $this->mLoadedItems[$item] = true;
886 }
887 }
888
889 /**
890 * Load user data from the session or login cookie. If there are no valid
891 * credentials, initialises the user as an anonymous user.
892 * @return Bool True if the user is logged in, false otherwise.
893 */
894 private function loadFromSession() {
895 global $wgRequest, $wgExternalAuthType, $wgAutocreatePolicy;
896
897 $result = null;
898 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
899 if ( $result !== null ) {
900 return $result;
901 }
902
903 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
904 $extUser = ExternalUser::newFromCookie();
905 if ( $extUser ) {
906 # TODO: Automatically create the user here (or probably a bit
907 # lower down, in fact)
908 }
909 }
910
911 $cookieId = $wgRequest->getCookie( 'UserID' );
912 $sessId = $wgRequest->getSessionData( 'wsUserID' );
913
914 if ( $cookieId !== null ) {
915 $sId = intval( $cookieId );
916 if( $sessId !== null && $cookieId != $sessId ) {
917 $this->loadDefaults(); // Possible collision!
918 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
919 cookie user ID ($sId) don't match!" );
920 return false;
921 }
922 $wgRequest->setSessionData( 'wsUserID', $sId );
923 } else if ( $sessId !== null && $sessId != 0 ) {
924 $sId = $sessId;
925 } else {
926 $this->loadDefaults();
927 return false;
928 }
929
930 if ( $wgRequest->getSessionData( 'wsUserName' ) !== null ) {
931 $sName = $wgRequest->getSessionData( 'wsUserName' );
932 } else if ( $wgRequest->getCookie( 'UserName' ) !== null ) {
933 $sName = $wgRequest->getCookie( 'UserName' );
934 $wgRequest->setSessionData( 'wsUserName', $sName );
935 } else {
936 $this->loadDefaults();
937 return false;
938 }
939
940 $proposedUser = User::newFromId( $sId );
941 if ( !$proposedUser->isLoggedIn() ) {
942 # Not a valid ID
943 $this->loadDefaults();
944 return false;
945 }
946
947 global $wgBlockDisablesLogin;
948 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
949 # User blocked and we've disabled blocked user logins
950 $this->loadDefaults();
951 return false;
952 }
953
954 if ( $wgRequest->getSessionData( 'wsToken' ) !== null ) {
955 $passwordCorrect = $proposedUser->getToken() === $wgRequest->getSessionData( 'wsToken' );
956 $from = 'session';
957 } else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
958 $passwordCorrect = $proposedUser->getToken() === $wgRequest->getCookie( 'Token' );
959 $from = 'cookie';
960 } else {
961 # No session or persistent login cookie
962 $this->loadDefaults();
963 return false;
964 }
965
966 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
967 $this->loadFromUserObject( $proposedUser );
968 $wgRequest->setSessionData( 'wsToken', $this->mToken );
969 wfDebug( "User: logged in from $from\n" );
970 return true;
971 } else {
972 # Invalid credentials
973 wfDebug( "User: can't log in from $from, invalid credentials\n" );
974 $this->loadDefaults();
975 return false;
976 }
977 }
978
979 /**
980 * Load user and user_group data from the database.
981 * $this->mId must be set, this is how the user is identified.
982 *
983 * @return Bool True if the user exists, false if the user is anonymous
984 * @private
985 */
986 function loadFromDatabase() {
987 # Paranoia
988 $this->mId = intval( $this->mId );
989
990 /** Anonymous user */
991 if( !$this->mId ) {
992 $this->loadDefaults();
993 return false;
994 }
995
996 $dbr = wfGetDB( DB_MASTER );
997 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
998
999 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1000
1001 if ( $s !== false ) {
1002 # Initialise user table data
1003 $this->loadFromRow( $s );
1004 $this->mGroups = null; // deferred
1005 $this->getEditCount(); // revalidation for nulls
1006 return true;
1007 } else {
1008 # Invalid user_id
1009 $this->mId = 0;
1010 $this->loadDefaults();
1011 return false;
1012 }
1013 }
1014
1015 /**
1016 * Initialize this object from a row from the user table.
1017 *
1018 * @param $row Array Row from the user table to load.
1019 */
1020 function loadFromRow( $row ) {
1021 $all = true;
1022
1023 if ( isset( $row->user_name ) ) {
1024 $this->mName = $row->user_name;
1025 $this->mFrom = 'name';
1026 $this->setItemLoaded( 'name' );
1027 } else {
1028 $all = false;
1029 }
1030
1031 if ( isset( $row->user_name ) ) {
1032 $this->mRealName = $row->user_real_name;
1033 $this->setItemLoaded( 'realname' );
1034 } else {
1035 $all = false;
1036 }
1037
1038 if ( isset( $row->user_id ) ) {
1039 $this->mId = intval( $row->user_id );
1040 $this->mFrom = 'id';
1041 $this->setItemLoaded( 'id' );
1042 } else {
1043 $all = false;
1044 }
1045
1046 if ( isset( $row->user_password ) ) {
1047 $this->mPassword = $row->user_password;
1048 $this->mNewpassword = $row->user_newpassword;
1049 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1050 $this->mEmail = $row->user_email;
1051 $this->decodeOptions( $row->user_options );
1052 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
1053 $this->mToken = $row->user_token;
1054 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1055 $this->mEmailToken = $row->user_email_token;
1056 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1057 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1058 $this->mEditCount = $row->user_editcount;
1059 } else {
1060 $all = false;
1061 }
1062
1063 if ( $all ) {
1064 $this->mLoadedItems = true;
1065 }
1066 }
1067
1068 /**
1069 * Load the data for this user object from another user object.
1070 */
1071 protected function loadFromUserObject( $user ) {
1072 $user->load();
1073 $user->loadGroups();
1074 $user->loadOptions();
1075 foreach ( self::$mCacheVars as $var ) {
1076 $this->$var = $user->$var;
1077 }
1078 }
1079
1080 /**
1081 * Load the groups from the database if they aren't already loaded.
1082 * @private
1083 */
1084 function loadGroups() {
1085 if ( is_null( $this->mGroups ) ) {
1086 $dbr = wfGetDB( DB_MASTER );
1087 $res = $dbr->select( 'user_groups',
1088 array( 'ug_group' ),
1089 array( 'ug_user' => $this->mId ),
1090 __METHOD__ );
1091 $this->mGroups = array();
1092 foreach ( $res as $row ) {
1093 $this->mGroups[] = $row->ug_group;
1094 }
1095 }
1096 }
1097
1098 /**
1099 * Clear various cached data stored in this object.
1100 * @param $reloadFrom String Reload user and user_groups table data from a
1101 * given source. May be "name", "id", "defaults", "session", or false for
1102 * no reload.
1103 */
1104 function clearInstanceCache( $reloadFrom = false ) {
1105 $this->mNewtalk = -1;
1106 $this->mDatePreference = null;
1107 $this->mBlockedby = -1; # Unset
1108 $this->mHash = false;
1109 $this->mSkin = null;
1110 $this->mRights = null;
1111 $this->mEffectiveGroups = null;
1112 $this->mOptions = null;
1113
1114 if ( $reloadFrom ) {
1115 $this->mLoadedItems = array();
1116 $this->mFrom = $reloadFrom;
1117 }
1118 }
1119
1120 /**
1121 * Combine the language default options with any site-specific options
1122 * and add the default language variants.
1123 *
1124 * @return Array of String options
1125 */
1126 static function getDefaultOptions() {
1127 global $wgNamespacesToBeSearchedDefault;
1128 /**
1129 * Site defaults will override the global/language defaults
1130 */
1131 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1132 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1133
1134 /**
1135 * default language setting
1136 */
1137 $variant = $wgContLang->getDefaultVariant();
1138 $defOpt['variant'] = $variant;
1139 $defOpt['language'] = $variant;
1140 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1141 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1142 }
1143 $defOpt['skin'] = $wgDefaultSkin;
1144
1145 return $defOpt;
1146 }
1147
1148 /**
1149 * Get a given default option value.
1150 *
1151 * @param $opt String Name of option to retrieve
1152 * @return String Default option value
1153 */
1154 public static function getDefaultOption( $opt ) {
1155 $defOpts = self::getDefaultOptions();
1156 if( isset( $defOpts[$opt] ) ) {
1157 return $defOpts[$opt];
1158 } else {
1159 return null;
1160 }
1161 }
1162
1163
1164 /**
1165 * Get blocking information
1166 * @private
1167 * @param $bFromSlave Bool Whether to check the slave database first. To
1168 * improve performance, non-critical checks are done
1169 * against slaves. Check when actually saving should be
1170 * done against master.
1171 */
1172 function getBlockedStatus( $bFromSlave = true ) {
1173 global $wgProxyWhitelist, $wgUser;
1174
1175 if ( -1 != $this->mBlockedby ) {
1176 return;
1177 }
1178
1179 wfProfileIn( __METHOD__ );
1180 wfDebug( __METHOD__.": checking...\n" );
1181
1182 // Initialize data...
1183 // Otherwise something ends up stomping on $this->mBlockedby when
1184 // things get lazy-loaded later, causing false positive block hits
1185 // due to -1 !== 0. Probably session-related... Nothing should be
1186 // overwriting mBlockedby, surely?
1187 $this->load();
1188
1189 $this->mBlockedby = 0;
1190 $this->mHideName = 0;
1191 $this->mAllowUsertalk = 0;
1192
1193 # We only need to worry about passing the IP address to the Block generator if the
1194 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1195 # know which IP address they're actually coming from
1196 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1197 $ip = wfGetIP();
1198 } else {
1199 $ip = null;
1200 }
1201
1202 # User/IP blocking
1203 $this->mBlock = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
1204 if ( $this->mBlock instanceof Block ) {
1205 wfDebug( __METHOD__ . ": Found block.\n" );
1206 $this->mBlockedby = $this->mBlock->getBlocker()->getName();
1207 $this->mBlockreason = $this->mBlock->mReason;
1208 $this->mHideName = $this->mBlock->mHideName;
1209 $this->mAllowUsertalk = !$this->mBlock->prevents( 'editownusertalk' );
1210 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1211 $this->spreadBlock();
1212 }
1213 }
1214
1215 # Proxy blocking
1216 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1217 # Local list
1218 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1219 $this->mBlockedby = wfMsg( 'proxyblocker' );
1220 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1221 }
1222
1223 # DNSBL
1224 if ( !$this->mBlockedby && !$this->getID() ) {
1225 if ( $this->isDnsBlacklisted( $ip ) ) {
1226 $this->mBlockedby = wfMsg( 'sorbs' );
1227 $this->mBlockreason = wfMsg( 'sorbsreason' );
1228 }
1229 }
1230 }
1231
1232 # Extensions
1233 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1234
1235 wfProfileOut( __METHOD__ );
1236 }
1237
1238 /**
1239 * Whether the given IP is in a DNS blacklist.
1240 *
1241 * @param $ip String IP to check
1242 * @param $checkWhitelist Bool: whether to check the whitelist first
1243 * @return Bool True if blacklisted.
1244 */
1245 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1246 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1247 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1248
1249 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1250 return false;
1251
1252 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1253 return false;
1254
1255 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1256 return $this->inDnsBlacklist( $ip, $urls );
1257 }
1258
1259 /**
1260 * Whether the given IP is in a given DNS blacklist.
1261 *
1262 * @param $ip String IP to check
1263 * @param $bases String|Array of Strings: URL of the DNS blacklist
1264 * @return Bool True if blacklisted.
1265 */
1266 function inDnsBlacklist( $ip, $bases ) {
1267 wfProfileIn( __METHOD__ );
1268
1269 $found = false;
1270 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1271 if( IP::isIPv4( $ip ) ) {
1272 # Reverse IP, bug 21255
1273 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1274
1275 foreach( (array)$bases as $base ) {
1276 # Make hostname
1277 $host = "$ipReversed.$base";
1278
1279 # Send query
1280 $ipList = gethostbynamel( $host );
1281
1282 if( $ipList ) {
1283 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1284 $found = true;
1285 break;
1286 } else {
1287 wfDebug( "Requested $host, not found in $base.\n" );
1288 }
1289 }
1290 }
1291
1292 wfProfileOut( __METHOD__ );
1293 return $found;
1294 }
1295
1296 /**
1297 * Is this user subject to rate limiting?
1298 *
1299 * @return Bool True if rate limited
1300 */
1301 public function isPingLimitable() {
1302 global $wgRateLimitsExcludedIPs;
1303 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1304 // No other good way currently to disable rate limits
1305 // for specific IPs. :P
1306 // But this is a crappy hack and should die.
1307 return false;
1308 }
1309 return !$this->isAllowed('noratelimit');
1310 }
1311
1312 /**
1313 * Primitive rate limits: enforce maximum actions per time period
1314 * to put a brake on flooding.
1315 *
1316 * @note When using a shared cache like memcached, IP-address
1317 * last-hit counters will be shared across wikis.
1318 *
1319 * @param $action String Action to enforce; 'edit' if unspecified
1320 * @return Bool True if a rate limiter was tripped
1321 */
1322 function pingLimiter( $action = 'edit' ) {
1323 # Call the 'PingLimiter' hook
1324 $result = false;
1325 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1326 return $result;
1327 }
1328
1329 global $wgRateLimits;
1330 if( !isset( $wgRateLimits[$action] ) ) {
1331 return false;
1332 }
1333
1334 # Some groups shouldn't trigger the ping limiter, ever
1335 if( !$this->isPingLimitable() )
1336 return false;
1337
1338 global $wgMemc, $wgRateLimitLog;
1339 wfProfileIn( __METHOD__ );
1340
1341 $limits = $wgRateLimits[$action];
1342 $keys = array();
1343 $id = $this->getId();
1344 $ip = wfGetIP();
1345 $userLimit = false;
1346
1347 if( isset( $limits['anon'] ) && $id == 0 ) {
1348 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1349 }
1350
1351 if( isset( $limits['user'] ) && $id != 0 ) {
1352 $userLimit = $limits['user'];
1353 }
1354 if( $this->isNewbie() ) {
1355 if( isset( $limits['newbie'] ) && $id != 0 ) {
1356 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1357 }
1358 if( isset( $limits['ip'] ) ) {
1359 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1360 }
1361 $matches = array();
1362 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1363 $subnet = $matches[1];
1364 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1365 }
1366 }
1367 // Check for group-specific permissions
1368 // If more than one group applies, use the group with the highest limit
1369 foreach ( $this->getGroups() as $group ) {
1370 if ( isset( $limits[$group] ) ) {
1371 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1372 $userLimit = $limits[$group];
1373 }
1374 }
1375 }
1376 // Set the user limit key
1377 if ( $userLimit !== false ) {
1378 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1379 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1380 }
1381
1382 $triggered = false;
1383 foreach( $keys as $key => $limit ) {
1384 list( $max, $period ) = $limit;
1385 $summary = "(limit $max in {$period}s)";
1386 $count = $wgMemc->get( $key );
1387 // Already pinged?
1388 if( $count ) {
1389 if( $count > $max ) {
1390 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1391 if( $wgRateLimitLog ) {
1392 @file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1393 }
1394 $triggered = true;
1395 } else {
1396 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1397 }
1398 } else {
1399 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1400 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1401 }
1402 $wgMemc->incr( $key );
1403 }
1404
1405 wfProfileOut( __METHOD__ );
1406 return $triggered;
1407 }
1408
1409 /**
1410 * Check if user is blocked
1411 *
1412 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1413 * @return Bool True if blocked, false otherwise
1414 */
1415 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1416 $this->getBlockedStatus( $bFromSlave );
1417 return $this->mBlock instanceof Block && $this->mBlock->prevents( 'edit' );
1418 }
1419
1420 /**
1421 * Check if user is blocked from editing a particular article
1422 *
1423 * @param $title Title to check
1424 * @param $bFromSlave Bool whether to check the slave database instead of the master
1425 * @return Bool
1426 */
1427 function isBlockedFrom( $title, $bFromSlave = false ) {
1428 global $wgBlockAllowsUTEdit;
1429 wfProfileIn( __METHOD__ );
1430
1431 $blocked = $this->isBlocked( $bFromSlave );
1432 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1433 # If a user's name is suppressed, they cannot make edits anywhere
1434 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1435 $title->getNamespace() == NS_USER_TALK ) {
1436 $blocked = false;
1437 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1438 }
1439
1440 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1441
1442 wfProfileOut( __METHOD__ );
1443 return $blocked;
1444 }
1445
1446 /**
1447 * If user is blocked, return the name of the user who placed the block
1448 * @return String name of blocker
1449 */
1450 function blockedBy() {
1451 $this->getBlockedStatus();
1452 return $this->mBlockedby;
1453 }
1454
1455 /**
1456 * If user is blocked, return the specified reason for the block
1457 * @return String Blocking reason
1458 */
1459 function blockedFor() {
1460 $this->getBlockedStatus();
1461 return $this->mBlockreason;
1462 }
1463
1464 /**
1465 * If user is blocked, return the ID for the block
1466 * @return Int Block ID
1467 */
1468 function getBlockId() {
1469 $this->getBlockedStatus();
1470 return ( $this->mBlock ? $this->mBlock->getId() : false );
1471 }
1472
1473 /**
1474 * Check if user is blocked on all wikis.
1475 * Do not use for actual edit permission checks!
1476 * This is intented for quick UI checks.
1477 *
1478 * @param $ip String IP address, uses current client if none given
1479 * @return Bool True if blocked, false otherwise
1480 */
1481 function isBlockedGlobally( $ip = '' ) {
1482 if( $this->mBlockedGlobally !== null ) {
1483 return $this->mBlockedGlobally;
1484 }
1485 // User is already an IP?
1486 if( IP::isIPAddress( $this->getName() ) ) {
1487 $ip = $this->getName();
1488 } else if( !$ip ) {
1489 $ip = wfGetIP();
1490 }
1491 $blocked = false;
1492 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1493 $this->mBlockedGlobally = (bool)$blocked;
1494 return $this->mBlockedGlobally;
1495 }
1496
1497 /**
1498 * Check if user account is locked
1499 *
1500 * @return Bool True if locked, false otherwise
1501 */
1502 function isLocked() {
1503 if( $this->mLocked !== null ) {
1504 return $this->mLocked;
1505 }
1506 global $wgAuth;
1507 $authUser = $wgAuth->getUserInstance( $this );
1508 $this->mLocked = (bool)$authUser->isLocked();
1509 return $this->mLocked;
1510 }
1511
1512 /**
1513 * Check if user account is hidden
1514 *
1515 * @return Bool True if hidden, false otherwise
1516 */
1517 function isHidden() {
1518 if( $this->mHideName !== null ) {
1519 return $this->mHideName;
1520 }
1521 $this->getBlockedStatus();
1522 if( !$this->mHideName ) {
1523 global $wgAuth;
1524 $authUser = $wgAuth->getUserInstance( $this );
1525 $this->mHideName = (bool)$authUser->isHidden();
1526 }
1527 return $this->mHideName;
1528 }
1529
1530 /**
1531 * Get the user's ID.
1532 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1533 */
1534 function getId() {
1535 if( $this->mId === null && $this->mName !== null
1536 && User::isIP( $this->mName ) ) {
1537 // Special case, we know the user is anonymous
1538 return 0;
1539 } elseif( !$this->isItemLoaded( 'id' ) ) {
1540 // Don't load if this was initialized from an ID
1541 $this->load();
1542 }
1543 return $this->mId;
1544 }
1545
1546 /**
1547 * Set the user and reload all fields according to a given ID
1548 * @param $v Int User ID to reload
1549 */
1550 function setId( $v ) {
1551 $this->mId = $v;
1552 $this->clearInstanceCache( 'id' );
1553 }
1554
1555 /**
1556 * Get the user name, or the IP of an anonymous user
1557 * @return String User's name or IP address
1558 */
1559 function getName() {
1560 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1561 # Special case optimisation
1562 return $this->mName;
1563 } else {
1564 $this->load();
1565 if ( $this->mName === false ) {
1566 # Clean up IPs
1567 $this->mName = IP::sanitizeIP( wfGetIP() );
1568 }
1569 return $this->mName;
1570 }
1571 }
1572
1573 /**
1574 * Set the user name.
1575 *
1576 * This does not reload fields from the database according to the given
1577 * name. Rather, it is used to create a temporary "nonexistent user" for
1578 * later addition to the database. It can also be used to set the IP
1579 * address for an anonymous user to something other than the current
1580 * remote IP.
1581 *
1582 * @note User::newFromName() has rougly the same function, when the named user
1583 * does not exist.
1584 * @param $str String New user name to set
1585 */
1586 function setName( $str ) {
1587 $this->load();
1588 $this->mName = $str;
1589 }
1590
1591 /**
1592 * Get the user's name escaped by underscores.
1593 * @return String Username escaped by underscores.
1594 */
1595 function getTitleKey() {
1596 return str_replace( ' ', '_', $this->getName() );
1597 }
1598
1599 /**
1600 * Check if the user has new messages.
1601 * @return Bool True if the user has new messages
1602 */
1603 function getNewtalk() {
1604 $this->load();
1605
1606 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1607 if( $this->mNewtalk === -1 ) {
1608 $this->mNewtalk = false; # reset talk page status
1609
1610 # Check memcached separately for anons, who have no
1611 # entire User object stored in there.
1612 if( !$this->mId ) {
1613 global $wgMemc;
1614 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1615 $newtalk = $wgMemc->get( $key );
1616 if( strval( $newtalk ) !== '' ) {
1617 $this->mNewtalk = (bool)$newtalk;
1618 } else {
1619 // Since we are caching this, make sure it is up to date by getting it
1620 // from the master
1621 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1622 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1623 }
1624 } else {
1625 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1626 }
1627 }
1628
1629 return (bool)$this->mNewtalk;
1630 }
1631
1632 /**
1633 * Return the talk page(s) this user has new messages on.
1634 * @return Array of String page URLs
1635 */
1636 function getNewMessageLinks() {
1637 $talks = array();
1638 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1639 return $talks;
1640
1641 if( !$this->getNewtalk() )
1642 return array();
1643 $up = $this->getUserPage();
1644 $utp = $up->getTalkPage();
1645 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1646 }
1647
1648 /**
1649 * Internal uncached check for new messages
1650 *
1651 * @see getNewtalk()
1652 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1653 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1654 * @param $fromMaster Bool true to fetch from the master, false for a slave
1655 * @return Bool True if the user has new messages
1656 * @private
1657 */
1658 function checkNewtalk( $field, $id, $fromMaster = false ) {
1659 if ( $fromMaster ) {
1660 $db = wfGetDB( DB_MASTER );
1661 } else {
1662 $db = wfGetDB( DB_SLAVE );
1663 }
1664 $ok = $db->selectField( 'user_newtalk', $field,
1665 array( $field => $id ), __METHOD__ );
1666 return $ok !== false;
1667 }
1668
1669 /**
1670 * Add or update the new messages flag
1671 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1672 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1673 * @return Bool True if successful, false otherwise
1674 * @private
1675 */
1676 function updateNewtalk( $field, $id ) {
1677 $dbw = wfGetDB( DB_MASTER );
1678 $dbw->insert( 'user_newtalk',
1679 array( $field => $id ),
1680 __METHOD__,
1681 'IGNORE' );
1682 if ( $dbw->affectedRows() ) {
1683 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1684 return true;
1685 } else {
1686 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1687 return false;
1688 }
1689 }
1690
1691 /**
1692 * Clear the new messages flag for the given user
1693 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1694 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1695 * @return Bool True if successful, false otherwise
1696 * @private
1697 */
1698 function deleteNewtalk( $field, $id ) {
1699 $dbw = wfGetDB( DB_MASTER );
1700 $dbw->delete( 'user_newtalk',
1701 array( $field => $id ),
1702 __METHOD__ );
1703 if ( $dbw->affectedRows() ) {
1704 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1705 return true;
1706 } else {
1707 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1708 return false;
1709 }
1710 }
1711
1712 /**
1713 * Update the 'You have new messages!' status.
1714 * @param $val Bool Whether the user has new messages
1715 */
1716 function setNewtalk( $val ) {
1717 if( wfReadOnly() ) {
1718 return;
1719 }
1720
1721 $this->load();
1722 $this->mNewtalk = $val;
1723
1724 if( $this->isAnon() ) {
1725 $field = 'user_ip';
1726 $id = $this->getName();
1727 } else {
1728 $field = 'user_id';
1729 $id = $this->getId();
1730 }
1731 global $wgMemc;
1732
1733 if( $val ) {
1734 $changed = $this->updateNewtalk( $field, $id );
1735 } else {
1736 $changed = $this->deleteNewtalk( $field, $id );
1737 }
1738
1739 if( $this->isAnon() ) {
1740 // Anons have a separate memcached space, since
1741 // user records aren't kept for them.
1742 $key = wfMemcKey( 'newtalk', 'ip', $id );
1743 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1744 }
1745 if ( $changed ) {
1746 $this->invalidateCache( true );
1747 }
1748 }
1749
1750 /**
1751 * Generate a current or new-future timestamp to be stored in the
1752 * user_touched field when we update things.
1753 * @return String Timestamp in TS_MW format
1754 */
1755 private static function newTouchedTimestamp() {
1756 global $wgClockSkewFudge;
1757 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1758 }
1759
1760 /**
1761 * Clear user data from memcached.
1762 * Use after applying fun updates to the database; caller's
1763 * responsibility to update user_touched if appropriate.
1764 *
1765 * Called implicitly from invalidateCache() and saveSettings().
1766 */
1767 private function clearSharedCache() {
1768 $this->load();
1769 if( $this->mId ) {
1770 global $wgMemc;
1771 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1772 }
1773 }
1774
1775 /**
1776 * Immediately touch the user data cache for this account.
1777 * Updates user_touched field, and removes account data from memcached
1778 * for reload on the next hit.
1779 *
1780 * @param $doDatabaseUpdate bool Do you really need to update the database? Really?
1781 */
1782 function invalidateCache( $doDatabaseUpdate = false ) {
1783 if( wfReadOnly() ) {
1784 return;
1785 }
1786 $this->load();
1787 if( $this->mId && $doDatabaseUpdate ) {
1788 $this->mTouched = self::newTouchedTimestamp();
1789
1790 $dbw = wfGetDB( DB_MASTER );
1791 $dbw->update( 'user',
1792 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1793 array( 'user_id' => $this->mId ),
1794 __METHOD__ );
1795
1796 $this->clearSharedCache();
1797 }
1798 }
1799
1800 /**
1801 * Validate the cache for this account.
1802 * @param $timestamp String A timestamp in TS_MW format
1803 */
1804 function validateCache( $timestamp ) {
1805 $this->load();
1806 return ( $timestamp >= $this->mTouched );
1807 }
1808
1809 /**
1810 * Get the user touched timestamp
1811 * @return String timestamp
1812 */
1813 function getTouched() {
1814 $this->load();
1815 return $this->mTouched;
1816 }
1817
1818 /**
1819 * Set the password and reset the random token.
1820 * Calls through to authentication plugin if necessary;
1821 * will have no effect if the auth plugin refuses to
1822 * pass the change through or if the legal password
1823 * checks fail.
1824 *
1825 * As a special case, setting the password to null
1826 * wipes it, so the account cannot be logged in until
1827 * a new password is set, for instance via e-mail.
1828 *
1829 * @param $str String New password to set
1830 * @throws PasswordError on failure
1831 */
1832 function setPassword( $str ) {
1833 global $wgAuth;
1834
1835 if( $str !== null ) {
1836 if( !$wgAuth->allowPasswordChange() ) {
1837 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1838 }
1839
1840 if( !$this->isValidPassword( $str ) ) {
1841 global $wgMinimalPasswordLength;
1842 $valid = $this->getPasswordValidity( $str );
1843 if ( is_array( $valid ) ) {
1844 $message = array_shift( $valid );
1845 $params = $valid;
1846 } else {
1847 $message = $valid;
1848 $params = array( $wgMinimalPasswordLength );
1849 }
1850 throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
1851 }
1852 }
1853
1854 if( !$wgAuth->setPassword( $this, $str ) ) {
1855 throw new PasswordError( wfMsg( 'externaldberror' ) );
1856 }
1857
1858 $this->setInternalPassword( $str );
1859
1860 return true;
1861 }
1862
1863 /**
1864 * Set the password and reset the random token unconditionally.
1865 *
1866 * @param $str String New password to set
1867 */
1868 function setInternalPassword( $str ) {
1869 $this->load();
1870 $this->setToken();
1871
1872 if( $str === null ) {
1873 // Save an invalid hash...
1874 $this->mPassword = '';
1875 } else {
1876 $this->mPassword = self::crypt( $str );
1877 }
1878 $this->mNewpassword = '';
1879 $this->mNewpassTime = null;
1880 }
1881
1882 /**
1883 * Get the user's current token.
1884 * @return String Token
1885 */
1886 function getToken() {
1887 $this->load();
1888 return $this->mToken;
1889 }
1890
1891 /**
1892 * Set the random token (used for persistent authentication)
1893 * Called from loadDefaults() among other places.
1894 *
1895 * @param $token String If specified, set the token to this value
1896 * @private
1897 */
1898 function setToken( $token = false ) {
1899 global $wgSecretKey, $wgProxyKey;
1900 $this->load();
1901 if ( !$token ) {
1902 if ( $wgSecretKey ) {
1903 $key = $wgSecretKey;
1904 } elseif ( $wgProxyKey ) {
1905 $key = $wgProxyKey;
1906 } else {
1907 $key = microtime();
1908 }
1909 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1910 } else {
1911 $this->mToken = $token;
1912 }
1913 }
1914
1915 /**
1916 * Set the cookie password
1917 *
1918 * @param $str String New cookie password
1919 * @private
1920 */
1921 function setCookiePassword( $str ) {
1922 $this->load();
1923 $this->mCookiePassword = md5( $str );
1924 }
1925
1926 /**
1927 * Set the password for a password reminder or new account email
1928 *
1929 * @param $str String New password to set
1930 * @param $throttle Bool If true, reset the throttle timestamp to the present
1931 */
1932 function setNewpassword( $str, $throttle = true ) {
1933 $this->load();
1934 $this->mNewpassword = self::crypt( $str );
1935 if ( $throttle ) {
1936 $this->mNewpassTime = wfTimestampNow();
1937 }
1938 }
1939
1940 /**
1941 * Has password reminder email been sent within the last
1942 * $wgPasswordReminderResendTime hours?
1943 * @return Bool
1944 */
1945 function isPasswordReminderThrottled() {
1946 global $wgPasswordReminderResendTime;
1947 $this->load();
1948 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1949 return false;
1950 }
1951 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1952 return time() < $expiry;
1953 }
1954
1955 /**
1956 * Get the user's e-mail address
1957 * @return String User's email address
1958 */
1959 function getEmail() {
1960 $this->load();
1961 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1962 return $this->mEmail;
1963 }
1964
1965 /**
1966 * Get the timestamp of the user's e-mail authentication
1967 * @return String TS_MW timestamp
1968 */
1969 function getEmailAuthenticationTimestamp() {
1970 $this->load();
1971 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1972 return $this->mEmailAuthenticated;
1973 }
1974
1975 /**
1976 * Set the user's e-mail address
1977 * @param $str String New e-mail address
1978 */
1979 function setEmail( $str ) {
1980 $this->load();
1981 $this->mEmail = $str;
1982 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1983 }
1984
1985 /**
1986 * Get the user's real name
1987 * @return String User's real name
1988 */
1989 function getRealName() {
1990 if ( !$this->isItemLoaded( 'realname' ) ) {
1991 $this->load();
1992 }
1993
1994 return $this->mRealName;
1995 }
1996
1997 /**
1998 * Set the user's real name
1999 * @param $str String New real name
2000 */
2001 function setRealName( $str ) {
2002 $this->load();
2003 $this->mRealName = $str;
2004 }
2005
2006 /**
2007 * Get the user's current setting for a given option.
2008 *
2009 * @param $oname String The option to check
2010 * @param $defaultOverride String A default value returned if the option does not exist
2011 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2012 * @return String User's current value for the option
2013 * @see getBoolOption()
2014 * @see getIntOption()
2015 */
2016 function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2017 global $wgHiddenPrefs;
2018 $this->loadOptions();
2019
2020 if ( is_null( $this->mOptions ) ) {
2021 if($defaultOverride != '') {
2022 return $defaultOverride;
2023 }
2024 $this->mOptions = User::getDefaultOptions();
2025 }
2026
2027 # We want 'disabled' preferences to always behave as the default value for
2028 # users, even if they have set the option explicitly in their settings (ie they
2029 # set it, and then it was disabled removing their ability to change it). But
2030 # we don't want to erase the preferences in the database in case the preference
2031 # is re-enabled again. So don't touch $mOptions, just override the returned value
2032 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2033 return self::getDefaultOption( $oname );
2034 }
2035
2036 if ( array_key_exists( $oname, $this->mOptions ) ) {
2037 return $this->mOptions[$oname];
2038 } else {
2039 return $defaultOverride;
2040 }
2041 }
2042
2043 /**
2044 * Get all user's options
2045 *
2046 * @return array
2047 */
2048 public function getOptions() {
2049 global $wgHiddenPrefs;
2050 $this->loadOptions();
2051 $options = $this->mOptions;
2052
2053 # We want 'disabled' preferences to always behave as the default value for
2054 # users, even if they have set the option explicitly in their settings (ie they
2055 # set it, and then it was disabled removing their ability to change it). But
2056 # we don't want to erase the preferences in the database in case the preference
2057 # is re-enabled again. So don't touch $mOptions, just override the returned value
2058 foreach( $wgHiddenPrefs as $pref ){
2059 $default = self::getDefaultOption( $pref );
2060 if( $default !== null ){
2061 $options[$pref] = $default;
2062 }
2063 }
2064
2065 return $options;
2066 }
2067
2068 /**
2069 * Get the user's current setting for a given option, as a boolean value.
2070 *
2071 * @param $oname String The option to check
2072 * @return Bool User's current value for the option
2073 * @see getOption()
2074 */
2075 function getBoolOption( $oname ) {
2076 return (bool)$this->getOption( $oname );
2077 }
2078
2079
2080 /**
2081 * Get the user's current setting for a given option, as a boolean value.
2082 *
2083 * @param $oname String The option to check
2084 * @param $defaultOverride Int A default value returned if the option does not exist
2085 * @return Int User's current value for the option
2086 * @see getOption()
2087 */
2088 function getIntOption( $oname, $defaultOverride=0 ) {
2089 $val = $this->getOption( $oname );
2090 if( $val == '' ) {
2091 $val = $defaultOverride;
2092 }
2093 return intval( $val );
2094 }
2095
2096 /**
2097 * Set the given option for a user.
2098 *
2099 * @param $oname String The option to set
2100 * @param $val mixed New value to set
2101 */
2102 function setOption( $oname, $val ) {
2103 $this->load();
2104 $this->loadOptions();
2105
2106 if ( $oname == 'skin' ) {
2107 # Clear cached skin, so the new one displays immediately in Special:Preferences
2108 $this->mSkin = null;
2109 }
2110
2111 // Explicitly NULL values should refer to defaults
2112 global $wgDefaultUserOptions;
2113 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2114 $val = $wgDefaultUserOptions[$oname];
2115 }
2116
2117 $this->mOptions[$oname] = $val;
2118 }
2119
2120 /**
2121 * Reset all options to the site defaults
2122 */
2123 function resetOptions() {
2124 $this->mOptions = self::getDefaultOptions();
2125 }
2126
2127 /**
2128 * Get the user's preferred date format.
2129 * @return String User's preferred date format
2130 */
2131 function getDatePreference() {
2132 // Important migration for old data rows
2133 if ( is_null( $this->mDatePreference ) ) {
2134 global $wgLang;
2135 $value = $this->getOption( 'date' );
2136 $map = $wgLang->getDatePreferenceMigrationMap();
2137 if ( isset( $map[$value] ) ) {
2138 $value = $map[$value];
2139 }
2140 $this->mDatePreference = $value;
2141 }
2142 return $this->mDatePreference;
2143 }
2144
2145 /**
2146 * Get the user preferred stub threshold
2147 */
2148 function getStubThreshold() {
2149 global $wgMaxArticleSize; # Maximum article size, in Kb
2150 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2151 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2152 # If they have set an impossible value, disable the preference
2153 # so we can use the parser cache again.
2154 $threshold = 0;
2155 }
2156 return $threshold;
2157 }
2158
2159 /**
2160 * Get the permissions this user has.
2161 * @return Array of String permission names
2162 */
2163 function getRights() {
2164 if ( is_null( $this->mRights ) ) {
2165 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2166 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2167 // Force reindexation of rights when a hook has unset one of them
2168 $this->mRights = array_values( $this->mRights );
2169 }
2170 return $this->mRights;
2171 }
2172
2173 /**
2174 * Get the list of explicit group memberships this user has.
2175 * The implicit * and user groups are not included.
2176 * @return Array of String internal group names
2177 */
2178 function getGroups() {
2179 $this->load();
2180 return $this->mGroups;
2181 }
2182
2183 /**
2184 * Get the list of implicit group memberships this user has.
2185 * This includes all explicit groups, plus 'user' if logged in,
2186 * '*' for all accounts, and autopromoted groups
2187 * @param $recache Bool Whether to avoid the cache
2188 * @return Array of String internal group names
2189 */
2190 function getEffectiveGroups( $recache = false ) {
2191 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2192 wfProfileIn( __METHOD__ );
2193 $this->mEffectiveGroups = $this->getGroups();
2194 $this->mEffectiveGroups[] = '*';
2195 if( $this->getId() ) {
2196 $this->mEffectiveGroups[] = 'user';
2197
2198 $this->mEffectiveGroups = array_unique( array_merge(
2199 $this->mEffectiveGroups,
2200 Autopromote::getAutopromoteGroups( $this )
2201 ) );
2202
2203 # Hook for additional groups
2204 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2205 }
2206 wfProfileOut( __METHOD__ );
2207 }
2208 return $this->mEffectiveGroups;
2209 }
2210
2211 /**
2212 * Get the user's edit count.
2213 * @return Int
2214 */
2215 function getEditCount() {
2216 if( $this->getId() ) {
2217 if ( !isset( $this->mEditCount ) ) {
2218 /* Populate the count, if it has not been populated yet */
2219 $this->mEditCount = User::edits( $this->mId );
2220 }
2221 return $this->mEditCount;
2222 } else {
2223 /* nil */
2224 return null;
2225 }
2226 }
2227
2228 /**
2229 * Add the user to the given group.
2230 * This takes immediate effect.
2231 * @param $group String Name of the group to add
2232 */
2233 function addGroup( $group ) {
2234 if( wfRunHooks( 'UserAddGroup', array( &$this, &$group ) ) ) {
2235 $dbw = wfGetDB( DB_MASTER );
2236 if( $this->getId() ) {
2237 $dbw->insert( 'user_groups',
2238 array(
2239 'ug_user' => $this->getID(),
2240 'ug_group' => $group,
2241 ),
2242 __METHOD__,
2243 array( 'IGNORE' ) );
2244 }
2245 }
2246 $this->loadGroups();
2247 $this->mGroups[] = $group;
2248 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2249
2250 $this->invalidateCache( true );
2251 }
2252
2253 /**
2254 * Remove the user from the given group.
2255 * This takes immediate effect.
2256 * @param $group String Name of the group to remove
2257 */
2258 function removeGroup( $group ) {
2259 $this->load();
2260 if( wfRunHooks( 'UserRemoveGroup', array( &$this, &$group ) ) ) {
2261 $dbw = wfGetDB( DB_MASTER );
2262 $dbw->delete( 'user_groups',
2263 array(
2264 'ug_user' => $this->getID(),
2265 'ug_group' => $group,
2266 ), __METHOD__ );
2267 }
2268 $this->loadGroups();
2269 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2270 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2271
2272 $this->invalidateCache( true );
2273 }
2274
2275 /**
2276 * Get whether the user is logged in
2277 * @return Bool
2278 */
2279 function isLoggedIn() {
2280 return $this->getID() != 0;
2281 }
2282
2283 /**
2284 * Get whether the user is anonymous
2285 * @return Bool
2286 */
2287 function isAnon() {
2288 return !$this->isLoggedIn();
2289 }
2290
2291 /**
2292 * Check if user is allowed to access a feature / make an action
2293 * @param varargs String permissions to test
2294 * @return Boolean: True if user is allowed to perform *any* of the given actions
2295 */
2296 public function isAllowedAny( /*...*/ ){
2297 $permissions = func_get_args();
2298 foreach( $permissions as $permission ){
2299 if( $this->isAllowed( $permission ) ){
2300 return true;
2301 }
2302 }
2303 return false;
2304 }
2305
2306 /**
2307 * @param varargs String
2308 * @return bool True if the user is allowed to perform *all* of the given actions
2309 */
2310 public function isAllowedAll( /*...*/ ){
2311 $permissions = func_get_args();
2312 foreach( $permissions as $permission ){
2313 if( !$this->isAllowed( $permission ) ){
2314 return false;
2315 }
2316 }
2317 return true;
2318 }
2319
2320 /**
2321 * Internal mechanics of testing a permission
2322 * @param $action String
2323 * @return bool
2324 */
2325 public function isAllowed( $action = '' ) {
2326 if ( $action === '' ) {
2327 return true; // In the spirit of DWIM
2328 }
2329 # Patrolling may not be enabled
2330 if( $action === 'patrol' || $action === 'autopatrol' ) {
2331 global $wgUseRCPatrol, $wgUseNPPatrol;
2332 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2333 return false;
2334 }
2335 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2336 # by misconfiguration: 0 == 'foo'
2337 return in_array( $action, $this->getRights(), true );
2338 }
2339
2340 /**
2341 * Check whether to enable recent changes patrol features for this user
2342 * @return Boolean: True or false
2343 */
2344 public function useRCPatrol() {
2345 global $wgUseRCPatrol;
2346 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2347 }
2348
2349 /**
2350 * Check whether to enable new pages patrol features for this user
2351 * @return Bool True or false
2352 */
2353 public function useNPPatrol() {
2354 global $wgUseRCPatrol, $wgUseNPPatrol;
2355 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2356 }
2357
2358 /**
2359 * Get the current skin, loading it if required
2360 * @return Skin The current skin
2361 * @todo: FIXME : need to check the old failback system [AV]
2362 * @deprecated Use ->getSkin() in the most relevant outputting context you have
2363 */
2364 function getSkin() {
2365 return RequestContext::getMain()->getSkin();
2366 }
2367
2368 /**
2369 * Check the watched status of an article.
2370 * @param $title Title of the article to look at
2371 * @return Bool
2372 */
2373 function isWatched( $title ) {
2374 $wl = WatchedItem::fromUserTitle( $this, $title );
2375 return $wl->isWatched();
2376 }
2377
2378 /**
2379 * Watch an article.
2380 * @param $title Title of the article to look at
2381 */
2382 function addWatch( $title ) {
2383 $wl = WatchedItem::fromUserTitle( $this, $title );
2384 $wl->addWatch();
2385 $this->invalidateCache();
2386 }
2387
2388 /**
2389 * Stop watching an article.
2390 * @param $title Title of the article to look at
2391 */
2392 function removeWatch( $title ) {
2393 $wl = WatchedItem::fromUserTitle( $this, $title );
2394 $wl->removeWatch();
2395 $this->invalidateCache();
2396 }
2397
2398 /**
2399 * Clear the user's notification timestamp for the given title.
2400 * If e-notif e-mails are on, they will receive notification mails on
2401 * the next change of the page if it's watched etc.
2402 * @param $title Title of the article to look at
2403 */
2404 function clearNotification( &$title ) {
2405 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2406
2407 # Do nothing if the database is locked to writes
2408 if( wfReadOnly() ) {
2409 return;
2410 }
2411
2412 if( $title->getNamespace() == NS_USER_TALK &&
2413 $title->getText() == $this->getName() ) {
2414 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2415 return;
2416 $this->setNewtalk( false );
2417 }
2418
2419 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2420 return;
2421 }
2422
2423 if( $this->isAnon() ) {
2424 // Nothing else to do...
2425 return;
2426 }
2427
2428 // Only update the timestamp if the page is being watched.
2429 // The query to find out if it is watched is cached both in memcached and per-invocation,
2430 // and when it does have to be executed, it can be on a slave
2431 // If this is the user's newtalk page, we always update the timestamp
2432 if( $title->getNamespace() == NS_USER_TALK &&
2433 $title->getText() == $wgUser->getName() )
2434 {
2435 $watched = true;
2436 } elseif ( $this->getId() == $wgUser->getId() ) {
2437 $watched = $title->userIsWatching();
2438 } else {
2439 $watched = true;
2440 }
2441
2442 // If the page is watched by the user (or may be watched), update the timestamp on any
2443 // any matching rows
2444 if ( $watched ) {
2445 $dbw = wfGetDB( DB_MASTER );
2446 $dbw->update( 'watchlist',
2447 array( /* SET */
2448 'wl_notificationtimestamp' => null
2449 ), array( /* WHERE */
2450 'wl_title' => $title->getDBkey(),
2451 'wl_namespace' => $title->getNamespace(),
2452 'wl_user' => $this->getID()
2453 ), __METHOD__
2454 );
2455 }
2456 }
2457
2458 /**
2459 * Resets all of the given user's page-change notification timestamps.
2460 * If e-notif e-mails are on, they will receive notification mails on
2461 * the next change of any watched page.
2462 *
2463 * @param $currentUser Int User ID
2464 */
2465 function clearAllNotifications( $currentUser ) {
2466 global $wgUseEnotif, $wgShowUpdatedMarker;
2467 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2468 $this->setNewtalk( false );
2469 return;
2470 }
2471 if( $currentUser != 0 ) {
2472 $dbw = wfGetDB( DB_MASTER );
2473 $dbw->update( 'watchlist',
2474 array( /* SET */
2475 'wl_notificationtimestamp' => null
2476 ), array( /* WHERE */
2477 'wl_user' => $currentUser
2478 ), __METHOD__
2479 );
2480 # We also need to clear here the "you have new message" notification for the own user_talk page
2481 # This is cleared one page view later in Article::viewUpdates();
2482 }
2483 }
2484
2485 /**
2486 * Set this user's options from an encoded string
2487 * @param $str String Encoded options to import
2488 * @private
2489 */
2490 function decodeOptions( $str ) {
2491 if( !$str )
2492 return;
2493
2494 $this->mOptionsLoaded = true;
2495 $this->mOptionOverrides = array();
2496
2497 // If an option is not set in $str, use the default value
2498 $this->mOptions = self::getDefaultOptions();
2499
2500 $a = explode( "\n", $str );
2501 foreach ( $a as $s ) {
2502 $m = array();
2503 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2504 $this->mOptions[$m[1]] = $m[2];
2505 $this->mOptionOverrides[$m[1]] = $m[2];
2506 }
2507 }
2508 }
2509
2510 /**
2511 * Set a cookie on the user's client. Wrapper for
2512 * WebResponse::setCookie
2513 * @param $name String Name of the cookie to set
2514 * @param $value String Value to set
2515 * @param $exp Int Expiration time, as a UNIX time value;
2516 * if 0 or not specified, use the default $wgCookieExpiration
2517 */
2518 protected function setCookie( $name, $value, $exp = 0 ) {
2519 global $wgRequest;
2520 $wgRequest->response()->setcookie( $name, $value, $exp );
2521 }
2522
2523 /**
2524 * Clear a cookie on the user's client
2525 * @param $name String Name of the cookie to clear
2526 */
2527 protected function clearCookie( $name ) {
2528 $this->setCookie( $name, '', time() - 86400 );
2529 }
2530
2531 /**
2532 * Set the default cookies for this session on the user's client.
2533 *
2534 * @param $request WebRequest object to use; $wgRequest will be used if null
2535 * is passed.
2536 */
2537 function setCookies( $request = null ) {
2538 if ( $request === null ) {
2539 global $wgRequest;
2540 $request = $wgRequest;
2541 }
2542
2543 $this->load();
2544 if ( 0 == $this->mId ) return;
2545 $session = array(
2546 'wsUserID' => $this->mId,
2547 'wsToken' => $this->mToken,
2548 'wsUserName' => $this->getName()
2549 );
2550 $cookies = array(
2551 'UserID' => $this->mId,
2552 'UserName' => $this->getName(),
2553 );
2554 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2555 $cookies['Token'] = $this->mToken;
2556 } else {
2557 $cookies['Token'] = false;
2558 }
2559
2560 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2561
2562 foreach ( $session as $name => $value ) {
2563 $request->setSessionData( $name, $value );
2564 }
2565 foreach ( $cookies as $name => $value ) {
2566 if ( $value === false ) {
2567 $this->clearCookie( $name );
2568 } else {
2569 $this->setCookie( $name, $value );
2570 }
2571 }
2572 }
2573
2574 /**
2575 * Log this user out.
2576 */
2577 function logout() {
2578 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2579 $this->doLogout();
2580 }
2581 }
2582
2583 /**
2584 * Clear the user's cookies and session, and reset the instance cache.
2585 * @private
2586 * @see logout()
2587 */
2588 function doLogout() {
2589 global $wgRequest;
2590
2591 $this->clearInstanceCache( 'defaults' );
2592
2593 $wgRequest->setSessionData( 'wsUserID', 0 );
2594
2595 $this->clearCookie( 'UserID' );
2596 $this->clearCookie( 'Token' );
2597
2598 # Remember when user logged out, to prevent seeing cached pages
2599 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2600 }
2601
2602 /**
2603 * Save this user's settings into the database.
2604 * @todo Only rarely do all these fields need to be set!
2605 */
2606 function saveSettings() {
2607 $this->load();
2608 if ( wfReadOnly() ) { return; }
2609 if ( 0 == $this->mId ) { return; }
2610
2611 $this->mTouched = self::newTouchedTimestamp();
2612
2613 $dbw = wfGetDB( DB_MASTER );
2614 $dbw->update( 'user',
2615 array( /* SET */
2616 'user_name' => $this->mName,
2617 'user_password' => $this->mPassword,
2618 'user_newpassword' => $this->mNewpassword,
2619 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2620 'user_real_name' => $this->mRealName,
2621 'user_email' => $this->mEmail,
2622 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2623 'user_options' => '',
2624 'user_touched' => $dbw->timestamp( $this->mTouched ),
2625 'user_token' => $this->mToken,
2626 'user_email_token' => $this->mEmailToken,
2627 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2628 ), array( /* WHERE */
2629 'user_id' => $this->mId
2630 ), __METHOD__
2631 );
2632
2633 $this->saveOptions();
2634
2635 wfRunHooks( 'UserSaveSettings', array( $this ) );
2636 $this->clearSharedCache();
2637 $this->getUserPage()->invalidateCache();
2638 }
2639
2640 /**
2641 * If only this user's username is known, and it exists, return the user ID.
2642 * @return Int
2643 */
2644 function idForName() {
2645 $s = trim( $this->getName() );
2646 if ( $s === '' ) return 0;
2647
2648 $dbr = wfGetDB( DB_SLAVE );
2649 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2650 if ( $id === false ) {
2651 $id = 0;
2652 }
2653 return $id;
2654 }
2655
2656 /**
2657 * Add a user to the database, return the user object
2658 *
2659 * @param $name String Username to add
2660 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2661 * - password The user's password hash. Password logins will be disabled if this is omitted.
2662 * - newpassword Hash for a temporary password that has been mailed to the user
2663 * - email The user's email address
2664 * - email_authenticated The email authentication timestamp
2665 * - real_name The user's real name
2666 * - options An associative array of non-default options
2667 * - token Random authentication token. Do not set.
2668 * - registration Registration timestamp. Do not set.
2669 *
2670 * @return User object, or null if the username already exists
2671 */
2672 static function createNew( $name, $params = array() ) {
2673 $user = new User;
2674 $user->load();
2675 if ( isset( $params['options'] ) ) {
2676 $user->mOptions = $params['options'] + (array)$user->mOptions;
2677 unset( $params['options'] );
2678 }
2679 $dbw = wfGetDB( DB_MASTER );
2680 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2681
2682 $fields = array(
2683 'user_id' => $seqVal,
2684 'user_name' => $name,
2685 'user_password' => $user->mPassword,
2686 'user_newpassword' => $user->mNewpassword,
2687 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2688 'user_email' => $user->mEmail,
2689 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2690 'user_real_name' => $user->mRealName,
2691 'user_options' => '',
2692 'user_token' => $user->mToken,
2693 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2694 'user_editcount' => 0,
2695 );
2696 foreach ( $params as $name => $value ) {
2697 $fields["user_$name"] = $value;
2698 }
2699 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2700 if ( $dbw->affectedRows() ) {
2701 $newUser = User::newFromId( $dbw->insertId() );
2702 } else {
2703 $newUser = null;
2704 }
2705 return $newUser;
2706 }
2707
2708 /**
2709 * Add this existing user object to the database
2710 */
2711 function addToDatabase() {
2712 $this->load();
2713 $dbw = wfGetDB( DB_MASTER );
2714 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2715 $dbw->insert( 'user',
2716 array(
2717 'user_id' => $seqVal,
2718 'user_name' => $this->mName,
2719 'user_password' => $this->mPassword,
2720 'user_newpassword' => $this->mNewpassword,
2721 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2722 'user_email' => $this->mEmail,
2723 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2724 'user_real_name' => $this->mRealName,
2725 'user_options' => '',
2726 'user_token' => $this->mToken,
2727 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2728 'user_editcount' => 0,
2729 ), __METHOD__
2730 );
2731 $this->mId = $dbw->insertId();
2732
2733 // Clear instance cache other than user table data, which is already accurate
2734 $this->clearInstanceCache();
2735
2736 $this->saveOptions();
2737 }
2738
2739 /**
2740 * If this (non-anonymous) user is blocked, block any IP address
2741 * they've successfully logged in from.
2742 */
2743 function spreadBlock() {
2744 wfDebug( __METHOD__ . "()\n" );
2745 $this->load();
2746 if ( $this->mId == 0 ) {
2747 return;
2748 }
2749
2750 $userblock = Block::newFromTarget( $this->getName() );
2751 if ( !$userblock ) {
2752 return;
2753 }
2754
2755 $userblock->doAutoblock( wfGetIP() );
2756 }
2757
2758 /**
2759 * Generate a string which will be different for any combination of
2760 * user options which would produce different parser output.
2761 * This will be used as part of the hash key for the parser cache,
2762 * so users with the same options can share the same cached data
2763 * safely.
2764 *
2765 * Extensions which require it should install 'PageRenderingHash' hook,
2766 * which will give them a chance to modify this key based on their own
2767 * settings.
2768 *
2769 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2770 * @return String Page rendering hash
2771 */
2772 function getPageRenderingHash() {
2773 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2774 if( $this->mHash ){
2775 return $this->mHash;
2776 }
2777 wfDeprecated( __METHOD__ );
2778
2779 // stubthreshold is only included below for completeness,
2780 // since it disables the parser cache, its value will always
2781 // be 0 when this function is called by parsercache.
2782
2783 $confstr = $this->getOption( 'math' );
2784 $confstr .= '!' . $this->getStubThreshold();
2785 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2786 $confstr .= '!' . $this->getDatePreference();
2787 }
2788 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2789 $confstr .= '!' . $wgLang->getCode();
2790 $confstr .= '!' . $this->getOption( 'thumbsize' );
2791 // add in language specific options, if any
2792 $extra = $wgContLang->getExtraHashOptions();
2793 $confstr .= $extra;
2794
2795 // Since the skin could be overloading link(), it should be
2796 // included here but in practice, none of our skins do that.
2797
2798 $confstr .= $wgRenderHashAppend;
2799
2800 // Give a chance for extensions to modify the hash, if they have
2801 // extra options or other effects on the parser cache.
2802 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2803
2804 // Make it a valid memcached key fragment
2805 $confstr = str_replace( ' ', '_', $confstr );
2806 $this->mHash = $confstr;
2807 return $confstr;
2808 }
2809
2810 /**
2811 * Get whether the user is explicitly blocked from account creation.
2812 * @return Bool|Block
2813 */
2814 function isBlockedFromCreateAccount() {
2815 $this->getBlockedStatus();
2816 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
2817 return $this->mBlock;
2818 }
2819
2820 # bug 13611: if the IP address the user is trying to create an account from is
2821 # blocked with createaccount disabled, prevent new account creation there even
2822 # when the user is logged in
2823 static $accBlock = false;
2824 if( $accBlock === false ){
2825 $accBlock = Block::newFromTarget( null, wfGetIP() );
2826 }
2827 return $accBlock instanceof Block && $accBlock->prevents( 'createaccount' )
2828 ? $accBlock
2829 : false;
2830 }
2831
2832 /**
2833 * Get whether the user is blocked from using Special:Emailuser.
2834 * @return Bool
2835 */
2836 function isBlockedFromEmailuser() {
2837 $this->getBlockedStatus();
2838 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
2839 }
2840
2841 /**
2842 * Get whether the user is allowed to create an account.
2843 * @return Bool
2844 */
2845 function isAllowedToCreateAccount() {
2846 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2847 }
2848
2849 /**
2850 * Get this user's personal page title.
2851 *
2852 * @return Title: User's personal page title
2853 */
2854 function getUserPage() {
2855 return Title::makeTitle( NS_USER, $this->getName() );
2856 }
2857
2858 /**
2859 * Get this user's talk page title.
2860 *
2861 * @return Title: User's talk page title
2862 */
2863 function getTalkPage() {
2864 $title = $this->getUserPage();
2865 return $title->getTalkPage();
2866 }
2867
2868 /**
2869 * Get the maximum valid user ID.
2870 * @return Integer: User ID
2871 * @static
2872 */
2873 function getMaxID() {
2874 static $res; // cache
2875
2876 if ( isset( $res ) ) {
2877 return $res;
2878 } else {
2879 $dbr = wfGetDB( DB_SLAVE );
2880 return $res = $dbr->selectField( 'user', 'max(user_id)', false, __METHOD__ );
2881 }
2882 }
2883
2884 /**
2885 * Determine whether the user is a newbie. Newbies are either
2886 * anonymous IPs, or the most recently created accounts.
2887 * @return Bool
2888 */
2889 function isNewbie() {
2890 return !$this->isAllowed( 'autoconfirmed' );
2891 }
2892
2893 /**
2894 * Check to see if the given clear-text password is one of the accepted passwords
2895 * @param $password String: user password.
2896 * @return Boolean: True if the given password is correct, otherwise False.
2897 */
2898 function checkPassword( $password ) {
2899 global $wgAuth, $wgLegacyEncoding;
2900 $this->load();
2901
2902 // Even though we stop people from creating passwords that
2903 // are shorter than this, doesn't mean people wont be able
2904 // to. Certain authentication plugins do NOT want to save
2905 // domain passwords in a mysql database, so we should
2906 // check this (in case $wgAuth->strict() is false).
2907 if( !$this->isValidPassword( $password ) ) {
2908 return false;
2909 }
2910
2911 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2912 return true;
2913 } elseif( $wgAuth->strict() ) {
2914 /* Auth plugin doesn't allow local authentication */
2915 return false;
2916 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2917 /* Auth plugin doesn't allow local authentication for this user name */
2918 return false;
2919 }
2920 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2921 return true;
2922 } elseif ( $wgLegacyEncoding ) {
2923 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2924 # Check for this with iconv
2925 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2926 if ( $cp1252Password != $password &&
2927 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
2928 {
2929 return true;
2930 }
2931 }
2932 return false;
2933 }
2934
2935 /**
2936 * Check if the given clear-text password matches the temporary password
2937 * sent by e-mail for password reset operations.
2938 * @return Boolean: True if matches, false otherwise
2939 */
2940 function checkTemporaryPassword( $plaintext ) {
2941 global $wgNewPasswordExpiry;
2942
2943 $this->load();
2944 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2945 if ( is_null( $this->mNewpassTime ) ) {
2946 return true;
2947 }
2948 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2949 return ( time() < $expiry );
2950 } else {
2951 return false;
2952 }
2953 }
2954
2955 /**
2956 * Initialize (if necessary) and return a session token value
2957 * which can be used in edit forms to show that the user's
2958 * login credentials aren't being hijacked with a foreign form
2959 * submission.
2960 *
2961 * @param $salt String|Array of Strings Optional function-specific data for hashing
2962 * @param $request WebRequest object to use or null to use $wgRequest
2963 * @return String The new edit token
2964 */
2965 function editToken( $salt = '', $request = null ) {
2966 if ( $request == null ) {
2967 global $wgRequest;
2968 $request = $wgRequest;
2969 }
2970
2971 if ( $this->isAnon() ) {
2972 return EDIT_TOKEN_SUFFIX;
2973 } else {
2974 $token = $request->getSessionData( 'wsEditToken' );
2975 if ( $token === null ) {
2976 $token = self::generateToken();
2977 $request->setSessionData( 'wsEditToken', $token );
2978 }
2979 if( is_array( $salt ) ) {
2980 $salt = implode( '|', $salt );
2981 }
2982 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2983 }
2984 }
2985
2986 /**
2987 * Generate a looking random token for various uses.
2988 *
2989 * @param $salt String Optional salt value
2990 * @return String The new random token
2991 */
2992 public static function generateToken( $salt = '' ) {
2993 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2994 return md5( $token . $salt );
2995 }
2996
2997 /**
2998 * Check given value against the token value stored in the session.
2999 * A match should confirm that the form was submitted from the
3000 * user's own login session, not a form submission from a third-party
3001 * site.
3002 *
3003 * @param $val String Input value to compare
3004 * @param $salt String Optional function-specific data for hashing
3005 * @param $request WebRequest object to use or null to use $wgRequest
3006 * @return Boolean: Whether the token matches
3007 */
3008 function matchEditToken( $val, $salt = '', $request = null ) {
3009 $sessionToken = $this->editToken( $salt, $request );
3010 if ( $val != $sessionToken ) {
3011 wfDebug( "User::matchEditToken: broken session data\n" );
3012 }
3013 return $val == $sessionToken;
3014 }
3015
3016 /**
3017 * Check given value against the token value stored in the session,
3018 * ignoring the suffix.
3019 *
3020 * @param $val String Input value to compare
3021 * @param $salt String Optional function-specific data for hashing
3022 * @param $request WebRequest object to use or null to use $wgRequest
3023 * @return Boolean: Whether the token matches
3024 */
3025 function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3026 $sessionToken = $this->editToken( $salt, $request );
3027 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3028 }
3029
3030 /**
3031 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3032 * mail to the user's given address.
3033 *
3034 * @param $type String: message to send, either "created", "changed" or "set"
3035 * @return Status object
3036 */
3037 function sendConfirmationMail( $type = 'created' ) {
3038 global $wgLang;
3039 $expiration = null; // gets passed-by-ref and defined in next line.
3040 $token = $this->confirmationToken( $expiration );
3041 $url = $this->confirmationTokenUrl( $token );
3042 $invalidateURL = $this->invalidationTokenUrl( $token );
3043 $this->saveSettings();
3044
3045 if ( $type == 'created' || $type === false ) {
3046 $message = 'confirmemail_body';
3047 } elseif ( $type === true ) {
3048 $message = 'confirmemail_body_changed';
3049 } else {
3050 $message = 'confirmemail_body_' . $type;
3051 }
3052
3053 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
3054 wfMsg( $message,
3055 wfGetIP(),
3056 $this->getName(),
3057 $url,
3058 $wgLang->timeanddate( $expiration, false ),
3059 $invalidateURL,
3060 $wgLang->date( $expiration, false ),
3061 $wgLang->time( $expiration, false ) ) );
3062 }
3063
3064 /**
3065 * Send an e-mail to this user's account. Does not check for
3066 * confirmed status or validity.
3067 *
3068 * @param $subject String Message subject
3069 * @param $body String Message body
3070 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3071 * @param $replyto String Reply-To address
3072 * @return Status
3073 */
3074 function sendMail( $subject, $body, $from = null, $replyto = null ) {
3075 if( is_null( $from ) ) {
3076 global $wgPasswordSender, $wgPasswordSenderName;
3077 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3078 } else {
3079 $sender = new MailAddress( $from );
3080 }
3081
3082 $to = new MailAddress( $this );
3083 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3084 }
3085
3086 /**
3087 * Generate, store, and return a new e-mail confirmation code.
3088 * A hash (unsalted, since it's used as a key) is stored.
3089 *
3090 * @note Call saveSettings() after calling this function to commit
3091 * this change to the database.
3092 *
3093 * @param[out] &$expiration \mixed Accepts the expiration time
3094 * @return String New token
3095 * @private
3096 */
3097 function confirmationToken( &$expiration ) {
3098 global $wgUserEmailConfirmationTokenExpiry;
3099 $now = time();
3100 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3101 $expiration = wfTimestamp( TS_MW, $expires );
3102 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
3103 $hash = md5( $token );
3104 $this->load();
3105 $this->mEmailToken = $hash;
3106 $this->mEmailTokenExpires = $expiration;
3107 return $token;
3108 }
3109
3110 /**
3111 * Return a URL the user can use to confirm their email address.
3112 * @param $token String Accepts the email confirmation token
3113 * @return String New token URL
3114 * @private
3115 */
3116 function confirmationTokenUrl( $token ) {
3117 return $this->getTokenUrl( 'ConfirmEmail', $token );
3118 }
3119
3120 /**
3121 * Return a URL the user can use to invalidate their email address.
3122 * @param $token String Accepts the email confirmation token
3123 * @return String New token URL
3124 * @private
3125 */
3126 function invalidationTokenUrl( $token ) {
3127 return $this->getTokenUrl( 'Invalidateemail', $token );
3128 }
3129
3130 /**
3131 * Internal function to format the e-mail validation/invalidation URLs.
3132 * This uses $wgArticlePath directly as a quickie hack to use the
3133 * hardcoded English names of the Special: pages, for ASCII safety.
3134 *
3135 * @note Since these URLs get dropped directly into emails, using the
3136 * short English names avoids insanely long URL-encoded links, which
3137 * also sometimes can get corrupted in some browsers/mailers
3138 * (bug 6957 with Gmail and Internet Explorer).
3139 *
3140 * @param $page String Special page
3141 * @param $token String Token
3142 * @return String Formatted URL
3143 */
3144 protected function getTokenUrl( $page, $token ) {
3145 global $wgArticlePath;
3146 return wfExpandUrl(
3147 str_replace(
3148 '$1',
3149 "Special:$page/$token",
3150 $wgArticlePath ) );
3151 }
3152
3153 /**
3154 * Mark the e-mail address confirmed.
3155 *
3156 * @note Call saveSettings() after calling this function to commit the change.
3157 */
3158 function confirmEmail() {
3159 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3160 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3161 return true;
3162 }
3163
3164 /**
3165 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3166 * address if it was already confirmed.
3167 *
3168 * @note Call saveSettings() after calling this function to commit the change.
3169 */
3170 function invalidateEmail() {
3171 $this->load();
3172 $this->mEmailToken = null;
3173 $this->mEmailTokenExpires = null;
3174 $this->setEmailAuthenticationTimestamp( null );
3175 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3176 return true;
3177 }
3178
3179 /**
3180 * Set the e-mail authentication timestamp.
3181 * @param $timestamp String TS_MW timestamp
3182 */
3183 function setEmailAuthenticationTimestamp( $timestamp ) {
3184 $this->load();
3185 $this->mEmailAuthenticated = $timestamp;
3186 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3187 }
3188
3189 /**
3190 * Is this user allowed to send e-mails within limits of current
3191 * site configuration?
3192 * @return Bool
3193 */
3194 function canSendEmail() {
3195 global $wgEnableEmail, $wgEnableUserEmail;
3196 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3197 return false;
3198 }
3199 $canSend = $this->isEmailConfirmed();
3200 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3201 return $canSend;
3202 }
3203
3204 /**
3205 * Is this user allowed to receive e-mails within limits of current
3206 * site configuration?
3207 * @return Bool
3208 */
3209 function canReceiveEmail() {
3210 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3211 }
3212
3213 /**
3214 * Is this user's e-mail address valid-looking and confirmed within
3215 * limits of the current site configuration?
3216 *
3217 * @note If $wgEmailAuthentication is on, this may require the user to have
3218 * confirmed their address by returning a code or using a password
3219 * sent to the address from the wiki.
3220 *
3221 * @return Bool
3222 */
3223 function isEmailConfirmed() {
3224 global $wgEmailAuthentication;
3225 $this->load();
3226 $confirmed = true;
3227 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3228 if( $this->isAnon() )
3229 return false;
3230 if( !self::isValidEmailAddr( $this->mEmail ) )
3231 return false;
3232 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3233 return false;
3234 return true;
3235 } else {
3236 return $confirmed;
3237 }
3238 }
3239
3240 /**
3241 * Check whether there is an outstanding request for e-mail confirmation.
3242 * @return Bool
3243 */
3244 function isEmailConfirmationPending() {
3245 global $wgEmailAuthentication;
3246 return $wgEmailAuthentication &&
3247 !$this->isEmailConfirmed() &&
3248 $this->mEmailToken &&
3249 $this->mEmailTokenExpires > wfTimestamp();
3250 }
3251
3252 /**
3253 * Get the timestamp of account creation.
3254 *
3255 * @return String|Bool Timestamp of account creation, or false for
3256 * non-existent/anonymous user accounts.
3257 */
3258 public function getRegistration() {
3259 if ( $this->isAnon() ) {
3260 return false;
3261 }
3262 $this->load();
3263 return $this->mRegistration;
3264 }
3265
3266 /**
3267 * Get the timestamp of the first edit
3268 *
3269 * @return String|Bool Timestamp of first edit, or false for
3270 * non-existent/anonymous user accounts.
3271 */
3272 public function getFirstEditTimestamp() {
3273 if( $this->getId() == 0 ) {
3274 return false; // anons
3275 }
3276 $dbr = wfGetDB( DB_SLAVE );
3277 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3278 array( 'rev_user' => $this->getId() ),
3279 __METHOD__,
3280 array( 'ORDER BY' => 'rev_timestamp ASC' )
3281 );
3282 if( !$time ) {
3283 return false; // no edits
3284 }
3285 return wfTimestamp( TS_MW, $time );
3286 }
3287
3288 /**
3289 * Get the permissions associated with a given list of groups
3290 *
3291 * @param $groups Array of Strings List of internal group names
3292 * @return Array of Strings List of permission key names for given groups combined
3293 */
3294 static function getGroupPermissions( $groups ) {
3295 global $wgGroupPermissions, $wgRevokePermissions;
3296 $rights = array();
3297 // grant every granted permission first
3298 foreach( $groups as $group ) {
3299 if( isset( $wgGroupPermissions[$group] ) ) {
3300 $rights = array_merge( $rights,
3301 // array_filter removes empty items
3302 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3303 }
3304 }
3305 // now revoke the revoked permissions
3306 foreach( $groups as $group ) {
3307 if( isset( $wgRevokePermissions[$group] ) ) {
3308 $rights = array_diff( $rights,
3309 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3310 }
3311 }
3312 return array_unique( $rights );
3313 }
3314
3315 /**
3316 * Get all the groups who have a given permission
3317 *
3318 * @param $role String Role to check
3319 * @return Array of Strings List of internal group names with the given permission
3320 */
3321 static function getGroupsWithPermission( $role ) {
3322 global $wgGroupPermissions;
3323 $allowedGroups = array();
3324 foreach ( $wgGroupPermissions as $group => $rights ) {
3325 if ( isset( $rights[$role] ) && $rights[$role] ) {
3326 $allowedGroups[] = $group;
3327 }
3328 }
3329 return $allowedGroups;
3330 }
3331
3332 /**
3333 * Get the localized descriptive name for a group, if it exists
3334 *
3335 * @param $group String Internal group name
3336 * @return String Localized descriptive group name
3337 */
3338 static function getGroupName( $group ) {
3339 $msg = wfMessage( "group-$group" );
3340 return $msg->isBlank() ? $group : $msg->text();
3341 }
3342
3343 /**
3344 * Get the localized descriptive name for a member of a group, if it exists
3345 *
3346 * @param $group String Internal group name
3347 * @return String Localized name for group member
3348 */
3349 static function getGroupMember( $group ) {
3350 $msg = wfMessage( "group-$group-member" );
3351 return $msg->isBlank() ? $group : $msg->text();
3352 }
3353
3354 /**
3355 * Return the set of defined explicit groups.
3356 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3357 * are not included, as they are defined automatically, not in the database.
3358 * @return Array of internal group names
3359 */
3360 static function getAllGroups() {
3361 global $wgGroupPermissions, $wgRevokePermissions;
3362 return array_diff(
3363 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3364 self::getImplicitGroups()
3365 );
3366 }
3367
3368 /**
3369 * Get a list of all available permissions.
3370 * @return Array of permission names
3371 */
3372 static function getAllRights() {
3373 if ( self::$mAllRights === false ) {
3374 global $wgAvailableRights;
3375 if ( count( $wgAvailableRights ) ) {
3376 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3377 } else {
3378 self::$mAllRights = self::$mCoreRights;
3379 }
3380 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3381 }
3382 return self::$mAllRights;
3383 }
3384
3385 /**
3386 * Get a list of implicit groups
3387 * @return Array of Strings Array of internal group names
3388 */
3389 public static function getImplicitGroups() {
3390 global $wgImplicitGroups;
3391 $groups = $wgImplicitGroups;
3392 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3393 return $groups;
3394 }
3395
3396 /**
3397 * Get the title of a page describing a particular group
3398 *
3399 * @param $group String Internal group name
3400 * @return Title|Bool Title of the page if it exists, false otherwise
3401 */
3402 static function getGroupPage( $group ) {
3403 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3404 if( $msg->exists() ) {
3405 $title = Title::newFromText( $msg->text() );
3406 if( is_object( $title ) )
3407 return $title;
3408 }
3409 return false;
3410 }
3411
3412 /**
3413 * Create a link to the group in HTML, if available;
3414 * else return the group name.
3415 *
3416 * @param $group String Internal name of the group
3417 * @param $text String The text of the link
3418 * @return String HTML link to the group
3419 */
3420 static function makeGroupLinkHTML( $group, $text = '' ) {
3421 if( $text == '' ) {
3422 $text = self::getGroupName( $group );
3423 }
3424 $title = self::getGroupPage( $group );
3425 if( $title ) {
3426 global $wgUser;
3427 $sk = $wgUser->getSkin();
3428 return $sk->link( $title, htmlspecialchars( $text ) );
3429 } else {
3430 return $text;
3431 }
3432 }
3433
3434 /**
3435 * Create a link to the group in Wikitext, if available;
3436 * else return the group name.
3437 *
3438 * @param $group String Internal name of the group
3439 * @param $text String The text of the link
3440 * @return String Wikilink to the group
3441 */
3442 static function makeGroupLinkWiki( $group, $text = '' ) {
3443 if( $text == '' ) {
3444 $text = self::getGroupName( $group );
3445 }
3446 $title = self::getGroupPage( $group );
3447 if( $title ) {
3448 $page = $title->getPrefixedText();
3449 return "[[$page|$text]]";
3450 } else {
3451 return $text;
3452 }
3453 }
3454
3455 /**
3456 * Returns an array of the groups that a particular group can add/remove.
3457 *
3458 * @param $group String: the group to check for whether it can add/remove
3459 * @return Array array( 'add' => array( addablegroups ),
3460 * 'remove' => array( removablegroups ),
3461 * 'add-self' => array( addablegroups to self),
3462 * 'remove-self' => array( removable groups from self) )
3463 */
3464 static function changeableByGroup( $group ) {
3465 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3466
3467 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3468 if( empty( $wgAddGroups[$group] ) ) {
3469 // Don't add anything to $groups
3470 } elseif( $wgAddGroups[$group] === true ) {
3471 // You get everything
3472 $groups['add'] = self::getAllGroups();
3473 } elseif( is_array( $wgAddGroups[$group] ) ) {
3474 $groups['add'] = $wgAddGroups[$group];
3475 }
3476
3477 // Same thing for remove
3478 if( empty( $wgRemoveGroups[$group] ) ) {
3479 } elseif( $wgRemoveGroups[$group] === true ) {
3480 $groups['remove'] = self::getAllGroups();
3481 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3482 $groups['remove'] = $wgRemoveGroups[$group];
3483 }
3484
3485 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3486 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3487 foreach( $wgGroupsAddToSelf as $key => $value ) {
3488 if( is_int( $key ) ) {
3489 $wgGroupsAddToSelf['user'][] = $value;
3490 }
3491 }
3492 }
3493
3494 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3495 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3496 if( is_int( $key ) ) {
3497 $wgGroupsRemoveFromSelf['user'][] = $value;
3498 }
3499 }
3500 }
3501
3502 // Now figure out what groups the user can add to him/herself
3503 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3504 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3505 // No idea WHY this would be used, but it's there
3506 $groups['add-self'] = User::getAllGroups();
3507 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3508 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3509 }
3510
3511 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3512 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3513 $groups['remove-self'] = User::getAllGroups();
3514 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3515 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3516 }
3517
3518 return $groups;
3519 }
3520
3521 /**
3522 * Returns an array of groups that this user can add and remove
3523 * @return Array array( 'add' => array( addablegroups ),
3524 * 'remove' => array( removablegroups ),
3525 * 'add-self' => array( addablegroups to self),
3526 * 'remove-self' => array( removable groups from self) )
3527 */
3528 function changeableGroups() {
3529 if( $this->isAllowed( 'userrights' ) ) {
3530 // This group gives the right to modify everything (reverse-
3531 // compatibility with old "userrights lets you change
3532 // everything")
3533 // Using array_merge to make the groups reindexed
3534 $all = array_merge( User::getAllGroups() );
3535 return array(
3536 'add' => $all,
3537 'remove' => $all,
3538 'add-self' => array(),
3539 'remove-self' => array()
3540 );
3541 }
3542
3543 // Okay, it's not so simple, we will have to go through the arrays
3544 $groups = array(
3545 'add' => array(),
3546 'remove' => array(),
3547 'add-self' => array(),
3548 'remove-self' => array()
3549 );
3550 $addergroups = $this->getEffectiveGroups();
3551
3552 foreach( $addergroups as $addergroup ) {
3553 $groups = array_merge_recursive(
3554 $groups, $this->changeableByGroup( $addergroup )
3555 );
3556 $groups['add'] = array_unique( $groups['add'] );
3557 $groups['remove'] = array_unique( $groups['remove'] );
3558 $groups['add-self'] = array_unique( $groups['add-self'] );
3559 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3560 }
3561 return $groups;
3562 }
3563
3564 /**
3565 * Increment the user's edit-count field.
3566 * Will have no effect for anonymous users.
3567 */
3568 function incEditCount() {
3569 if( !$this->isAnon() ) {
3570 $dbw = wfGetDB( DB_MASTER );
3571 $dbw->update( 'user',
3572 array( 'user_editcount=user_editcount+1' ),
3573 array( 'user_id' => $this->getId() ),
3574 __METHOD__ );
3575
3576 // Lazy initialization check...
3577 if( $dbw->affectedRows() == 0 ) {
3578 // Pull from a slave to be less cruel to servers
3579 // Accuracy isn't the point anyway here
3580 $dbr = wfGetDB( DB_SLAVE );
3581 $count = $dbr->selectField( 'revision',
3582 'COUNT(rev_user)',
3583 array( 'rev_user' => $this->getId() ),
3584 __METHOD__ );
3585
3586 // Now here's a goddamn hack...
3587 if( $dbr !== $dbw ) {
3588 // If we actually have a slave server, the count is
3589 // at least one behind because the current transaction
3590 // has not been committed and replicated.
3591 $count++;
3592 } else {
3593 // But if DB_SLAVE is selecting the master, then the
3594 // count we just read includes the revision that was
3595 // just added in the working transaction.
3596 }
3597
3598 $dbw->update( 'user',
3599 array( 'user_editcount' => $count ),
3600 array( 'user_id' => $this->getId() ),
3601 __METHOD__ );
3602 }
3603 }
3604 // edit count in user cache too
3605 $this->invalidateCache();
3606 }
3607
3608 /**
3609 * Get the description of a given right
3610 *
3611 * @param $right String Right to query
3612 * @return String Localized description of the right
3613 */
3614 static function getRightDescription( $right ) {
3615 $key = "right-$right";
3616 $name = wfMsg( $key );
3617 return $name == '' || wfEmptyMsg( $key )
3618 ? $right
3619 : $name;
3620 }
3621
3622 /**
3623 * Make an old-style password hash
3624 *
3625 * @param $password String Plain-text password
3626 * @param $userId String User ID
3627 * @return String Password hash
3628 */
3629 static function oldCrypt( $password, $userId ) {
3630 global $wgPasswordSalt;
3631 if ( $wgPasswordSalt ) {
3632 return md5( $userId . '-' . md5( $password ) );
3633 } else {
3634 return md5( $password );
3635 }
3636 }
3637
3638 /**
3639 * Make a new-style password hash
3640 *
3641 * @param $password String Plain-text password
3642 * @param $salt String Optional salt, may be random or the user ID.
3643 * If unspecified or false, will generate one automatically
3644 * @return String Password hash
3645 */
3646 static function crypt( $password, $salt = false ) {
3647 global $wgPasswordSalt;
3648
3649 $hash = '';
3650 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3651 return $hash;
3652 }
3653
3654 if( $wgPasswordSalt ) {
3655 if ( $salt === false ) {
3656 $salt = substr( wfGenerateToken(), 0, 8 );
3657 }
3658 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3659 } else {
3660 return ':A:' . md5( $password );
3661 }
3662 }
3663
3664 /**
3665 * Compare a password hash with a plain-text password. Requires the user
3666 * ID if there's a chance that the hash is an old-style hash.
3667 *
3668 * @param $hash String Password hash
3669 * @param $password String Plain-text password to compare
3670 * @param $userId String User ID for old-style password salt
3671 * @return Boolean:
3672 */
3673 static function comparePasswords( $hash, $password, $userId = false ) {
3674 $type = substr( $hash, 0, 3 );
3675
3676 $result = false;
3677 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3678 return $result;
3679 }
3680
3681 if ( $type == ':A:' ) {
3682 # Unsalted
3683 return md5( $password ) === substr( $hash, 3 );
3684 } elseif ( $type == ':B:' ) {
3685 # Salted
3686 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3687 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3688 } else {
3689 # Old-style
3690 return self::oldCrypt( $password, $userId ) === $hash;
3691 }
3692 }
3693
3694 /**
3695 * Add a newuser log entry for this user
3696 *
3697 * @param $byEmail Boolean: account made by email?
3698 * @param $reason String: user supplied reason
3699 */
3700 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3701 global $wgUser, $wgContLang, $wgNewUserLog;
3702 if( empty( $wgNewUserLog ) ) {
3703 return true; // disabled
3704 }
3705
3706 if( $this->getName() == $wgUser->getName() ) {
3707 $action = 'create';
3708 } else {
3709 $action = 'create2';
3710 if ( $byEmail ) {
3711 if ( $reason === '' ) {
3712 $reason = wfMsgForContent( 'newuserlog-byemail' );
3713 } else {
3714 $reason = $wgContLang->commaList( array(
3715 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3716 }
3717 }
3718 }
3719 $log = new LogPage( 'newusers' );
3720 $log->addEntry(
3721 $action,
3722 $this->getUserPage(),
3723 $reason,
3724 array( $this->getId() )
3725 );
3726 return true;
3727 }
3728
3729 /**
3730 * Add an autocreate newuser log entry for this user
3731 * Used by things like CentralAuth and perhaps other authplugins.
3732 */
3733 public function addNewUserLogEntryAutoCreate() {
3734 global $wgNewUserLog;
3735 if( !$wgNewUserLog ) {
3736 return true; // disabled
3737 }
3738 $log = new LogPage( 'newusers', false );
3739 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3740 return true;
3741 }
3742
3743 protected function loadOptions() {
3744 $this->load();
3745 if ( $this->mOptionsLoaded || !$this->getId() )
3746 return;
3747
3748 $this->mOptions = self::getDefaultOptions();
3749
3750 // Maybe load from the object
3751 if ( !is_null( $this->mOptionOverrides ) ) {
3752 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3753 foreach( $this->mOptionOverrides as $key => $value ) {
3754 $this->mOptions[$key] = $value;
3755 }
3756 } else {
3757 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3758 // Load from database
3759 $dbr = wfGetDB( DB_SLAVE );
3760
3761 $res = $dbr->select(
3762 'user_properties',
3763 '*',
3764 array( 'up_user' => $this->getId() ),
3765 __METHOD__
3766 );
3767
3768 foreach ( $res as $row ) {
3769 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3770 $this->mOptions[$row->up_property] = $row->up_value;
3771 }
3772 }
3773
3774 $this->mOptionsLoaded = true;
3775
3776 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3777 }
3778
3779 protected function saveOptions() {
3780 global $wgAllowPrefChange;
3781
3782 $extuser = ExternalUser::newFromUser( $this );
3783
3784 $this->loadOptions();
3785 $dbw = wfGetDB( DB_MASTER );
3786
3787 $insert_rows = array();
3788
3789 $saveOptions = $this->mOptions;
3790
3791 // Allow hooks to abort, for instance to save to a global profile.
3792 // Reset options to default state before saving.
3793 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3794 return;
3795
3796 foreach( $saveOptions as $key => $value ) {
3797 # Don't bother storing default values
3798 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3799 !( $value === false || is_null($value) ) ) ||
3800 $value != self::getDefaultOption( $key ) ) {
3801 $insert_rows[] = array(
3802 'up_user' => $this->getId(),
3803 'up_property' => $key,
3804 'up_value' => $value,
3805 );
3806 }
3807 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3808 switch ( $wgAllowPrefChange[$key] ) {
3809 case 'local':
3810 case 'message':
3811 break;
3812 case 'semiglobal':
3813 case 'global':
3814 $extuser->setPref( $key, $value );
3815 }
3816 }
3817 }
3818
3819 $dbw->begin();
3820 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3821 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3822 $dbw->commit();
3823 }
3824
3825 /**
3826 * Provide an array of HTML5 attributes to put on an input element
3827 * intended for the user to enter a new password. This may include
3828 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3829 *
3830 * Do *not* use this when asking the user to enter his current password!
3831 * Regardless of configuration, users may have invalid passwords for whatever
3832 * reason (e.g., they were set before requirements were tightened up).
3833 * Only use it when asking for a new password, like on account creation or
3834 * ResetPass.
3835 *
3836 * Obviously, you still need to do server-side checking.
3837 *
3838 * NOTE: A combination of bugs in various browsers means that this function
3839 * actually just returns array() unconditionally at the moment. May as
3840 * well keep it around for when the browser bugs get fixed, though.
3841 *
3842 * FIXME : This does not belong here; put it in Html or Linker or somewhere
3843 *
3844 * @return array Array of HTML attributes suitable for feeding to
3845 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3846 * That will potentially output invalid XHTML 1.0 Transitional, and will
3847 * get confused by the boolean attribute syntax used.)
3848 */
3849 public static function passwordChangeInputAttribs() {
3850 global $wgMinimalPasswordLength;
3851
3852 if ( $wgMinimalPasswordLength == 0 ) {
3853 return array();
3854 }
3855
3856 # Note that the pattern requirement will always be satisfied if the
3857 # input is empty, so we need required in all cases.
3858 #
3859 # FIXME (bug 23769): This needs to not claim the password is required
3860 # if e-mail confirmation is being used. Since HTML5 input validation
3861 # is b0rked anyway in some browsers, just return nothing. When it's
3862 # re-enabled, fix this code to not output required for e-mail
3863 # registration.
3864 #$ret = array( 'required' );
3865 $ret = array();
3866
3867 # We can't actually do this right now, because Opera 9.6 will print out
3868 # the entered password visibly in its error message! When other
3869 # browsers add support for this attribute, or Opera fixes its support,
3870 # we can add support with a version check to avoid doing this on Opera
3871 # versions where it will be a problem. Reported to Opera as
3872 # DSK-262266, but they don't have a public bug tracker for us to follow.
3873 /*
3874 if ( $wgMinimalPasswordLength > 1 ) {
3875 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3876 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3877 $wgMinimalPasswordLength );
3878 }
3879 */
3880
3881 return $ret;
3882 }
3883 }
MediaWiki Core