| blob | f80319d0853cc011993d2adeafefba15ebde0483 |
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
46 // NOP
47 }
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
68 /**
69 * Maximum items in $mWatchedItems
70 */
73 /**
74 * Array of Strings List of member variables which are saved to the
75 * shared cache (memcached). Any operation which changes the
76 * corresponding database fields must call a cache-clearing function.
77 * @showinitializer
78 */
80 // user table
95 // user_groups table
97 // user_properties table
99 );
101 /**
102 * Array of Strings Core rights.
103 * Each of these should have a corresponding message of the form
104 * "right-$right".
105 * @showinitializer
106 */
168 );
169 /**
170 * String Cached results of getAllRights()
171 */
174 /** @name Cache variables */
175 //@{
180 //@}
182 /**
183 * Bool Whether the cache variables have been loaded.
184 */
185 //@{
188 /**
189 * Array with already loaded items or true if all items have been loaded.
190 */
192 //@}
194 /**
195 * String Initialization data source if mLoadedItems!==true. May be one of:
196 * - 'defaults' anonymous user initialised from class defaults
197 * - 'name' initialise from mName
198 * - 'id' initialise from mId
199 * - 'session' log in from cookies or session if possible
200 *
201 * Use the User::newFrom*() family of functions to set this.
202 */
205 /**
206 * Lazy-initialized variables, invalidated with clearInstanceCache
207 */
212 /**
213 * @var WebRequest
214 */
217 /**
218 * @var Block
219 */
222 /**
223 * @var bool
224 */
227 /**
228 * @var Block
229 */
232 /**
233 * @var Array
234 */
239 /**
240 * Lightweight constructor for an anonymous user.
241 * Use the User::newFrom* factory functions for other kinds of users.
242 *
243 * @see newFromName()
244 * @see newFromId()
245 * @see newFromConfirmationCode()
246 * @see newFromSession()
247 * @see newFromRow()
248 */
251 }
253 /**
254 * @return String
255 */
258 }
260 /**
261 * Load the user table data for this object from the source given by mFrom.
262 */
266 }
269 # Set it now to avoid infinite recursion in accessors
279 # Nonexistent user placeholder object
283 }
290 // Loading from session failed. Load defaults.
292 }
297 }
299 }
301 /**
302 * Load user table data, given mId has already been set.
303 * @return Bool false if the ID does not exist, true otherwise
304 */
310 }
312 # Try cache
316 # Object is expired, load from DB
318 }
322 # Load from DB
324 # Can't load from ID, user is anonymous
326 }
330 # Restore from cache
333 }
334 }
336 }
338 /**
339 * Save user data to the shared cache
340 */
346 // Anonymous users are uncached
348 }
352 }
357 }
359 /** @name newFrom*() static factory methods */
360 //@{
362 /**
363 * Static factory method for creation from username.
364 *
365 * This is slightly less efficient than newFromId(), so use newFromId() if
366 * you have both an ID and a name handy.
367 *
368 * @param $name String Username, validated by Title::newFromText()
369 * @param $validate String|Bool Validate username. Takes the same parameters as
370 * User::getCanonicalName(), except that true is accepted as an alias
371 * for 'valid', for BC.
372 *
373 * @return User object, or false if the username is invalid
374 * (e.g. if it contains illegal characters or is an IP address). If the
375 * username is not present in the database, the result will be a user object
376 * with a name, zero user ID and default settings.
377 */
381 }
386 # Create unloaded user object
392 }
393 }
395 /**
396 * Static factory method for creation from a given user ID.
397 *
398 * @param $id Int Valid user ID
399 * @return User The corresponding User object
400 */
407 }
409 /**
410 * Factory method to fetch whichever user has a given email confirmation code.
411 * This code is generated when an account is created or its e-mail address
412 * has changed.
413 *
414 * If the code is invalid or has expired, returns NULL.
415 *
416 * @param $code String Confirmation code
417 * @return User object, or null
418 */
424 ) );
429 }
430 }
432 /**
433 * Create a new user object using data from session or cookies. If the
434 * login credentials are invalid, the result is an anonymous user.
435 *
436 * @param $request WebRequest object to use; $wgRequest will be used if
437 * ommited.
438 * @return User object
439 */
445 }
447 /**
448 * Create a new user object from a user row.
449 * The row should have the following fields from the user table in it:
450 * - either user_name or user_id to load further data if needed (or both)
451 * - user_real_name
452 * - all other fields (email, password, etc.)
453 * It is useless to provide the remaining fields if either user_id,
454 * user_name and user_real_name are not provided because the whole row
455 * will be loaded once more from the database when accessing them.
456 *
457 * @param $row Array A row from the user table
458 * @return User
459 */
464 }
466 //@}
468 /**
469 * Get the username corresponding to a given user ID
470 * @param $id Int User ID
471 * @return String|bool The corresponding username
472 */
475 }
477 /**
478 * Get the real name of a user given their user ID
479 *
480 * @param $id Int User ID
481 * @return String|bool The corresponding user's real name
482 */
485 }
487 /**
488 * Get database id given a user name
489 * @param $name String Username
490 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
491 */
495 # Illegal name
497 }
501 }
504 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
510 }
516 }
519 }
521 /**
522 * Reset the cache used in idFromName(). For use in tests.
523 */
526 }
528 /**
529 * Does the string match an anonymous IPv4 address?
530 *
531 * This function exists for username validation, in order to reject
532 * usernames which are similar in form to IP addresses. Strings such
533 * as 300.300.300.300 will return true because it looks like an IP
534 * address, despite not being strictly valid.
535 *
536 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
537 * address because the usemod software would "cloak" anonymous IP
538 * addresses like this, if we allowed accounts like this to be created
539 * new users could get the old edits of these anonymous users.
540 *
541 * @param $name String to match
542 * @return Bool
543 */
546 }
548 /**
549 * Is the input a valid username?
550 *
551 * Checks if the input is a valid username, we don't want an empty string,
552 * an IP address, anything that containins slashes (would mess up subpages),
553 * is longer than the maximum allowed username size or doesn't begin with
554 * a capital letter.
555 *
556 * @param $name String to match
557 * @return Bool
558 */
570 }
573 // Ensure that the name can't be misresolved as a different title,
574 // such as with extra namespace keys at the start.
582 }
584 // Check an additional blacklist of troublemaker characters.
585 // Should these be merged into the title char list?
598 }
601 }
603 /**
604 * Usernames which fail to pass this function will be blocked
605 * from user login and new account registrations, but may be used
606 * internally by batch processes.
607 *
608 * If an account already exists in this form, login will be blocked
609 * by a failure to pass this function.
610 *
611 * @param $name String to match
612 * @return Bool
613 */
616 // Must be a valid username, obviously ;)
619 }
625 }
627 // Certain names may be reserved for batch processes.
631 }
634 }
635 }
637 }
639 /**
640 * Usernames which fail to pass this function will be blocked
641 * from new account registrations, but may be used internally
642 * either by batch processes or by user accounts which have
643 * already been created.
644 *
645 * Additional blacklisting may be added here rather than in
646 * isValidUserName() to avoid disrupting existing accounts.
647 *
648 * @param $name String to match
649 * @return Bool
650 */
654 // Ensure that the username isn't longer than 235 bytes, so that
655 // (at least for the builtin skins) user javascript and css files
656 // will work. (bug 23080)
661 }
663 // Preg yells if you try to give it an empty string
669 }
670 }
673 }
675 /**
676 * Is the input a valid password for this user?
677 *
678 * @param $password String Desired password
679 * @return Bool
680 */
682 //simple boolean wrapper for getPasswordValidity
684 }
686 /**
687 * Given unvalidated password input, return error message on failure.
688 *
689 * @param $password String Desired password
690 * @return mixed: true on success, string or array of error message on failure
691 */
698 );
710 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
713 //it seems weird returning true here, but this is because of the
714 //initialization of $result to false above. If the hook is never run or it
715 //doesn't modify $result, then we will likely get down into this if with
716 //a valid password.
718 }
723 }
724 }
726 /**
727 * Does a string look like an e-mail address?
728 *
729 * This validates an email address using an HTML5 specification found at:
730 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
731 * Which as of 2011-01-24 says:
732 *
733 * A valid e-mail address is a string that matches the ABNF production
734 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
735 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
736 * 3.5.
737 *
738 * This function is an implementation of the specification as requested in
739 * bug 22449.
740 *
741 * Client-side forms will use the same standard validation rules via JS or
742 * HTML 5 validation; additional restrictions can be enforced server-side
743 * by extensions via the 'isValidEmailAddr' hook.
744 *
745 * Note that this validation doesn't 100% match RFC 2822, but is believed
746 * to be liberal enough for wide use. Some invalid addresses will still
747 * pass validation here.
748 *
749 * @param $addr String E-mail address
750 * @return Bool
751 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
752 */
756 }
758 /**
759 * Given unvalidated user input, return a canonical username, or false if
760 * the username is invalid.
761 * @param $name String User input
762 * @param $validate String|Bool type of validation to use:
763 * - false No validation
764 * - 'valid' Valid for batch processes
765 * - 'usable' Valid for batch processes and login
766 * - 'creatable' Valid for batch processes, login and account creation
767 *
768 * @throws MWException
769 * @return bool|string
770 */
772 # Force usernames to capital
776 # Reject names containing '#'; these will be cleaned up
777 # with title normalisation, but then it's too late to
778 # check elsewhere
782 # Clean up name according to title rules
785 # Check for invalid titles
788 }
790 # Reject various classes of invalid names
800 }
805 }
810 }
814 }
816 }
818 /**
819 * Count the number of edits of a user
820 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
821 *
822 * @param $uid Int User ID to check
823 * @return Int the user's edit count
824 */
828 // check if the user_editcount field has been initialized
832 __METHOD__
833 );
840 __METHOD__
841 );
846 __METHOD__
847 );
850 }
853 }
855 /**
856 * Return a random password.
857 *
858 * @return String new random password
859 */
862 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
864 // Multiply by 1.25 to get the number of hex characters we need
866 // Generate random hex chars
868 // Convert from base 16 to base 32 to get a proper password like string
870 }
872 /**
873 * Set cached properties to default.
874 *
875 * @note This no longer clears uncached lazy-initialised properties;
876 * the constructor does that instead.
877 *
878 * @param $name string
879 */
897 }
909 }
911 /**
912 * Return whether an item has been loaded.
913 *
914 * @param $item String: item to check. Current possibilities:
915 * - id
916 * - name
917 * - realname
918 * @param $all String: 'all' to check if the whole object has been loaded
919 * or any other string to check if only the item is available (e.g.
920 * for optimisation)
921 * @return Boolean
922 */
926 }
928 /**
929 * Set that an item has been loaded
930 *
931 * @param $item String
932 */
936 }
937 }
939 /**
940 * Load user data from the session or login cookie.
941 * @return Bool True if the user is logged in, false otherwise.
942 */
950 }
955 # TODO: Automatically create the user here (or probably a bit
956 # lower down, in fact)
957 }
958 }
971 }
977 }
986 }
990 # Not a valid ID
992 }
996 # User blocked and we've disabled blocked user logins
998 }
1007 # No session or persistent login cookie
1009 }
1017 # Invalid credentials
1020 }
1021 }
1023 /**
1024 * Load user and user_group data from the database.
1025 * $this->mId must be set, this is how the user is identified.
1026 *
1027 * @return Bool True if the user exists, false if the user is anonymous
1028 */
1030 # Paranoia
1033 /** Anonymous user */
1037 }
1040 $s = $dbr->selectRow( 'user', self::selectFields(), array( 'user_id' => $this->mId ), __METHOD__ );
1045 # Initialise user table data
1051 # Invalid user_id
1055 }
1056 }
1058 /**
1059 * Initialize this object from a row from the user table.
1060 *
1061 * @param $row Array Row from the user table to load.
1062 */
1074 }
1081 }
1089 }
1095 }
1104 }
1109 }
1116 }
1120 }
1121 }
1123 /**
1124 * Load the data for this user object from another user object.
1125 *
1126 * @param $user User
1127 */
1134 }
1135 }
1137 /**
1138 * Load the groups from the database if they aren't already loaded.
1139 */
1146 __METHOD__ );
1150 }
1151 }
1152 }
1154 /**
1155 * Add the user to the group if he/she meets given criteria.
1156 *
1157 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1158 * possible to remove manually via Special:UserRights. In such case it
1159 * will not be re-added automatically. The user will also not lose the
1160 * group if they no longer meet the criteria.
1161 *
1162 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1163 *
1164 * @return array Array of groups the user has been promoted to.
1165 *
1166 * @see $wgAutopromoteOnce
1167 */
1178 }
1185 // These group names are "list to texted"-ed in class LogPage.
1187 );
1188 }
1189 }
1191 }
1193 /**
1194 * Clear various cached data stored in this object.
1195 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1196 * given source. May be "name", "id", "defaults", "session", or false for
1197 * no reload.
1198 */
1213 }
1214 }
1216 /**
1217 * Combine the language default options with any site-specific options
1218 * and add the default language variants.
1219 *
1220 * @return Array of String options
1221 */
1226 # default language setting
1231 }
1234 // FIXME: Ideally we'd cache the results of this function so the hook is only run once,
1235 // but that breaks the parser tests because they rely on being able to change $wgContLang
1236 // mid-request and see that change reflected in the return value of this function.
1237 // Which is insane and would never happen during normal MW operation, but is also not
1238 // likely to get fixed unless and until we context-ify everything.
1239 // See also https://www.mediawiki.org/wiki/Special:Code/MediaWiki/101488#c25275
1243 }
1245 /**
1246 * Get a given default option value.
1247 *
1248 * @param $opt String Name of option to retrieve
1249 * @return String Default option value
1250 */
1257 }
1258 }
1261 /**
1262 * Get blocking information
1263 * @param $bFromSlave Bool Whether to check the slave database first. To
1264 * improve performance, non-critical checks are done
1265 * against slaves. Check when actually saving should be
1266 * done against master.
1267 */
1273 }
1278 // Initialize data...
1279 // Otherwise something ends up stomping on $this->mBlockedby when
1280 // things get lazy-loaded later, causing false positive block hits
1281 // due to -1 !== 0. Probably session-related... Nothing should be
1282 // overwriting mBlockedby, surely?
1285 # We only need to worry about passing the IP address to the Block generator if the
1286 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1287 # know which IP address they're actually coming from
1292 }
1294 # User/IP blocking
1297 # Proxy blocking
1300 {
1301 # Local list
1312 }
1313 }
1326 }
1328 # Extensions
1332 }
1334 /**
1335 * Whether the given IP is in a DNS blacklist.
1336 *
1337 * @param $ip String IP to check
1338 * @param $checkWhitelist Bool: whether to check the whitelist first
1339 * @return Bool True if blacklisted.
1340 */
1353 }
1355 /**
1356 * Whether the given IP is in a given DNS blacklist.
1357 *
1358 * @param $ip String IP to check
1359 * @param $bases String|Array of Strings: URL of the DNS blacklist
1360 * @return Bool True if blacklisted.
1361 */
1366 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1368 # Reverse IP, bug 21255
1372 # Make hostname
1373 # If we have an access key, use that too (ProjectHoneypot, etc.)
1376 # Access key is 1, base URL is 0
1380 }
1383 }
1385 # Send query
1394 }
1395 }
1396 }
1400 }
1402 /**
1403 * Check if an IP address is in the local proxy list
1404 *
1405 * @param $ip string
1406 *
1407 * @return bool
1408 */
1414 }
1418 # Load from the specified file
1420 }
1427 # Old-style flipped proxy list
1431 }
1434 }
1436 /**
1437 * Is this user subject to rate limiting?
1438 *
1439 * @return Bool True if rate limited
1440 */
1444 // No other good way currently to disable rate limits
1445 // for specific IPs. :P
1446 // But this is a crappy hack and should die.
1448 }
1450 }
1452 /**
1453 * Primitive rate limits: enforce maximum actions per time period
1454 * to put a brake on flooding.
1455 *
1456 * @note When using a shared cache like memcached, IP-address
1457 * last-hit counters will be shared across wikis.
1458 *
1459 * @param $action String Action to enforce; 'edit' if unspecified
1460 * @return Bool True if a rate limiter was tripped
1461 */
1463 # Call the 'PingLimiter' hook
1467 }
1472 }
1474 # Some groups shouldn't trigger the ping limiter, ever
1489 }
1493 }
1497 }
1500 }
1505 }
1506 }
1507 // Check for group-specific permissions
1508 // If more than one group applies, use the group with the highest limit
1513 }
1514 }
1515 }
1516 // Set the user limit key
1520 }
1527 // Already pinged?
1533 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1535 }
1539 }
1543 }
1545 }
1549 }
1551 /**
1552 * Check if user is blocked
1553 *
1554 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1555 * @return Bool True if blocked, false otherwise
1556 */
1557 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1558 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1559 }
1561 /**
1562 * Get the block affecting the user, or null if the user is not blocked
1563 *
1564 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1565 * @return Block|null
1566 */
1570 }
1572 /**
1573 * Check if user is blocked from editing a particular article
1574 *
1575 * @param $title Title to check
1576 * @param $bFromSlave Bool whether to check the slave database instead of the master
1577 * @return Bool
1578 */
1585 # If a user's name is suppressed, they cannot make edits anywhere
1590 }
1596 }
1598 /**
1599 * If user is blocked, return the name of the user who placed the block
1600 * @return String name of blocker
1601 */
1605 }
1607 /**
1608 * If user is blocked, return the specified reason for the block
1609 * @return String Blocking reason
1610 */
1614 }
1616 /**
1617 * If user is blocked, return the ID for the block
1618 * @return Int Block ID
1619 */
1623 }
1625 /**
1626 * Check if user is blocked on all wikis.
1627 * Do not use for actual edit permission checks!
1628 * This is intented for quick UI checks.
1629 *
1630 * @param $ip String IP address, uses current client if none given
1631 * @return Bool True if blocked, false otherwise
1632 */
1636 }
1637 // User is already an IP?
1642 }
1647 }
1649 /**
1650 * Check if user account is locked
1651 *
1652 * @return Bool True if locked, false otherwise
1653 */
1657 }
1662 }
1664 /**
1665 * Check if user account is hidden
1666 *
1667 * @return Bool True if hidden, false otherwise
1668 */
1672 }
1678 }
1680 }
1682 /**
1683 * Get the user's ID.
1684 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1685 */
1689 // Special case, we know the user is anonymous
1692 // Don't load if this was initialized from an ID
1694 }
1696 }
1698 /**
1699 * Set the user and reload all fields according to a given ID
1700 * @param $v Int User ID to reload
1701 */
1705 }
1707 /**
1708 * Get the user name, or the IP of an anonymous user
1709 * @return String User's name or IP address
1710 */
1713 # Special case optimisation
1718 # Clean up IPs
1720 }
1722 }
1723 }
1725 /**
1726 * Set the user name.
1727 *
1728 * This does not reload fields from the database according to the given
1729 * name. Rather, it is used to create a temporary "nonexistent user" for
1730 * later addition to the database. It can also be used to set the IP
1731 * address for an anonymous user to something other than the current
1732 * remote IP.
1733 *
1734 * @note User::newFromName() has rougly the same function, when the named user
1735 * does not exist.
1736 * @param $str String New user name to set
1737 */
1741 }
1743 /**
1744 * Get the user's name escaped by underscores.
1745 * @return String Username escaped by underscores.
1746 */
1749 }
1751 /**
1752 * Check if the user has new messages.
1753 * @return Bool True if the user has new messages
1754 */
1758 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1762 # Check memcached separately for anons, who have no
1763 # entire User object stored in there.
1767 // Anon newtalk disabled by configuration.
1776 // Since we are caching this, make sure it is up to date by getting it
1777 // from the master
1780 }
1781 }
1784 }
1785 }
1788 }
1790 /**
1791 * Return the talk page(s) this user has new messages on.
1792 * @return Array of String page URLs
1793 */
1800 }
1803 // Get the "last viewed rev" timestamp from the oldest message notification
1806 $this->isAnon() ? array( 'user_ip' => $this->getName() ) : array( 'user_id' => $this->getID() ),
1807 __METHOD__ );
1810 }
1812 /**
1813 * Internal uncached check for new messages
1814 *
1815 * @see getNewtalk()
1816 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1817 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1818 * @param $fromMaster Bool true to fetch from the master, false for a slave
1819 * @return Bool True if the user has new messages
1820 */
1826 }
1830 }
1832 /**
1833 * Add or update the new messages flag
1834 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1835 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1836 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null.
1837 * @return Bool True if successful, false otherwise
1838 */
1840 // Get timestamp of the talk page revision prior to the current one
1843 // Mark the user as having new messages since this revision
1847 __METHOD__,
1855 }
1856 }
1858 /**
1859 * Clear the new messages flag for the given user
1860 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1861 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1862 * @return Bool True if successful, false otherwise
1863 */
1868 __METHOD__ );
1875 }
1876 }
1878 /**
1879 * Update the 'You have new messages!' status.
1880 * @param $val Bool Whether the user has new messages
1881 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null or !$val.
1882 */
1886 }
1897 }
1904 }
1907 // Anons have a separate memcached space, since
1908 // user records aren't kept for them.
1911 }
1914 }
1915 }
1917 /**
1918 * Generate a current or new-future timestamp to be stored in the
1919 * user_touched field when we update things.
1920 * @return String Timestamp in TS_MW format
1921 */
1925 }
1927 /**
1928 * Clear user data from memcached.
1929 * Use after applying fun updates to the database; caller's
1930 * responsibility to update user_touched if appropriate.
1931 *
1932 * Called implicitly from invalidateCache() and saveSettings().
1933 */
1939 }
1940 }
1942 /**
1943 * Immediately touch the user data cache for this account.
1944 * Updates user_touched field, and removes account data from memcached
1945 * for reload on the next hit.
1946 */
1950 }
1957 // Prevent contention slams by checking user_touched first
1961 );
1966 __METHOD__
1967 );
1968 }
1971 }
1972 }
1974 /**
1975 * Validate the cache for this account.
1976 * @param $timestamp String A timestamp in TS_MW format
1977 *
1978 * @return bool
1979 */
1983 }
1985 /**
1986 * Get the user touched timestamp
1987 * @return String timestamp
1988 */
1992 }
1994 /**
1995 * Set the password and reset the random token.
1996 * Calls through to authentication plugin if necessary;
1997 * will have no effect if the auth plugin refuses to
1998 * pass the change through or if the legal password
1999 * checks fail.
2000 *
2001 * As a special case, setting the password to null
2002 * wipes it, so the account cannot be logged in until
2003 * a new password is set, for instance via e-mail.
2004 *
2005 * @param $str String New password to set
2006 * @throws PasswordError on failure
2007 *
2008 * @return bool
2009 */
2016 }
2027 }
2029 }
2030 }
2034 }
2039 }
2041 /**
2042 * Set the password and reset the random token unconditionally.
2043 *
2044 * @param $str String New password to set
2045 */
2051 // Save an invalid hash...
2055 }
2058 }
2060 /**
2061 * Get the user's current token.
2062 * @param $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2063 * @return String Token
2064 */
2069 }
2071 }
2073 /**
2074 * Set the random token (used for persistent authentication)
2075 * Called from loadDefaults() among other places.
2076 *
2077 * @param $token String|bool If specified, set the token to this value
2078 */
2085 }
2086 }
2088 /**
2089 * Set the password for a password reminder or new account email
2090 *
2091 * @param $str String New password to set
2092 * @param $throttle Bool If true, reset the throttle timestamp to the present
2093 */
2099 }
2100 }
2102 /**
2103 * Has password reminder email been sent within the last
2104 * $wgPasswordReminderResendTime hours?
2105 * @return Bool
2106 */
2112 }
2115 }
2117 /**
2118 * Get the user's e-mail address
2119 * @return String User's email address
2120 */
2125 }
2127 /**
2128 * Get the timestamp of the user's e-mail authentication
2129 * @return String TS_MW timestamp
2130 */
2133 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2135 }
2137 /**
2138 * Set the user's e-mail address
2139 * @param $str String New e-mail address
2140 */
2145 }
2149 }
2151 /**
2152 * Set the user's e-mail address and a confirmation mail if needed.
2153 *
2154 * @since 1.20
2155 * @param $str String New e-mail address
2156 * @return Status
2157 */
2163 }
2168 }
2173 # Send a confirmation request to the new address if needed
2177 # Say the the caller that a confirmation mail has been sent
2179 }
2182 }
2185 }
2187 /**
2188 * Get the user's real name
2189 * @return String User's real name
2190 */
2194 }
2197 }
2199 /**
2200 * Set the user's real name
2201 * @param $str String New real name
2202 */
2206 }
2208 /**
2209 * Get the user's current setting for a given option.
2210 *
2211 * @param $oname String The option to check
2212 * @param $defaultOverride String A default value returned if the option does not exist
2213 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2214 * @return String User's current value for the option
2215 * @see getBoolOption()
2216 * @see getIntOption()
2217 */
2225 }
2227 }
2229 # We want 'disabled' preferences to always behave as the default value for
2230 # users, even if they have set the option explicitly in their settings (ie they
2231 # set it, and then it was disabled removing their ability to change it). But
2232 # we don't want to erase the preferences in the database in case the preference
2233 # is re-enabled again. So don't touch $mOptions, just override the returned value
2236 }
2242 }
2243 }
2245 /**
2246 * Get all user's options
2247 *
2248 * @return array
2249 */
2255 # We want 'disabled' preferences to always behave as the default value for
2256 # users, even if they have set the option explicitly in their settings (ie they
2257 # set it, and then it was disabled removing their ability to change it). But
2258 # we don't want to erase the preferences in the database in case the preference
2259 # is re-enabled again. So don't touch $mOptions, just override the returned value
2264 }
2265 }
2268 }
2270 /**
2271 * Get the user's current setting for a given option, as a boolean value.
2272 *
2273 * @param $oname String The option to check
2274 * @return Bool User's current value for the option
2275 * @see getOption()
2276 */
2279 }
2281 /**
2282 * Get the user's current setting for a given option, as a boolean value.
2283 *
2284 * @param $oname String The option to check
2285 * @param $defaultOverride Int A default value returned if the option does not exist
2286 * @return Int User's current value for the option
2287 * @see getOption()
2288 */
2293 }
2295 }
2297 /**
2298 * Set the given option for a user.
2299 *
2300 * @param $oname String The option to set
2301 * @param $val mixed New value to set
2302 */
2307 // Explicitly NULL values should refer to defaults
2312 }
2313 }
2316 }
2318 /**
2319 * Reset all options to the site defaults
2320 */
2326 }
2328 /**
2329 * Get the user's preferred date format.
2330 * @return String User's preferred date format
2331 */
2333 // Important migration for old data rows
2340 }
2342 }
2344 }
2346 /**
2347 * Get the user preferred stub threshold
2348 *
2349 * @return int
2350 */
2355 # If they have set an impossible value, disable the preference
2356 # so we can use the parser cache again.
2358 }
2360 }
2362 /**
2363 * Get the permissions this user has.
2364 * @return Array of String permission names
2365 */
2370 // Force reindexation of rights when a hook has unset one of them
2372 }
2374 }
2376 /**
2377 * Get the list of explicit group memberships this user has.
2378 * The implicit * and user groups are not included.
2379 * @return Array of String internal group names
2380 */
2385 }
2387 /**
2388 * Get the list of implicit group memberships this user has.
2389 * This includes all explicit groups, plus 'user' if logged in,
2390 * '*' for all accounts, and autopromoted groups
2391 * @param $recache Bool Whether to avoid the cache
2392 * @return Array of String internal group names
2393 */
2400 ) );
2401 # Hook for additional groups
2404 }
2406 }
2408 /**
2409 * Get the list of implicit group memberships this user has.
2410 * This includes 'user' if logged in, '*' for all accounts,
2411 * and autopromoted groups
2412 * @param $recache Bool Whether to avoid the cache
2413 * @return Array of String internal group names
2414 */
2425 ) );
2426 }
2428 # Assure data consistency with rights/groups,
2429 # as getEffectiveGroups() depends on this function
2431 }
2433 }
2435 }
2437 /**
2438 * Returns the groups the user has belonged to.
2439 *
2440 * The user may still belong to the returned groups. Compare with getGroups().
2441 *
2442 * The function will not return groups the user had belonged to before MW 1.17
2443 *
2444 * @return array Names of the groups the user has belonged to.
2445 */
2452 __METHOD__ );
2456 }
2457 }
2459 }
2461 /**
2462 * Get the user's edit count.
2463 * @return Int
2464 */
2468 /* Populate the count, if it has not been populated yet */
2470 }
2473 /* nil */
2475 }
2476 }
2478 /**
2479 * Add the user to the given group.
2480 * This takes immediate effect.
2481 * @param $group String Name of the group to add
2482 */
2491 ),
2492 __METHOD__,
2494 }
2495 }
2501 }
2503 /**
2504 * Remove the user from the given group.
2505 * This takes immediate effect.
2506 * @param $group String Name of the group to remove
2507 */
2517 // Remember that the user was in this group
2522 ),
2523 __METHOD__,
2525 }
2531 }
2533 /**
2534 * Get whether the user is logged in
2535 * @return Bool
2536 */
2539 }
2541 /**
2542 * Get whether the user is anonymous
2543 * @return Bool
2544 */
2547 }
2549 /**
2550 * Check if user is allowed to access a feature / make an action
2551 *
2552 * @internal param \String $varargs permissions to test
2553 * @return Boolean: True if user is allowed to perform *any* of the given actions
2554 *
2555 * @return bool
2556 */
2562 }
2563 }
2565 }
2567 /**
2568 *
2569 * @internal param $varargs string
2570 * @return bool True if the user is allowed to perform *all* of the given actions
2571 */
2577 }
2578 }
2580 }
2582 /**
2583 * Internal mechanics of testing a permission
2584 * @param $action String
2585 * @return bool
2586 */
2590 }
2591 # Patrolling may not be enabled
2596 }
2597 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2598 # by misconfiguration: 0 == 'foo'
2600 }
2602 /**
2603 * Check whether to enable recent changes patrol features for this user
2604 * @return Boolean: True or false
2605 */
2609 }
2611 /**
2612 * Check whether to enable new pages patrol features for this user
2613 * @return Bool True or false
2614 */
2617 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2618 }
2620 /**
2621 * Get the WebRequest object to use with this object
2622 *
2623 * @return WebRequest
2624 */
2631 }
2632 }
2634 /**
2635 * Get the current skin, loading it if required
2636 * @return Skin The current skin
2637 * @todo FIXME: Need to check the old failback system [AV]
2638 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2639 */
2643 }
2645 /**
2646 * Get a WatchedItem for this user and $title.
2647 *
2648 * @param $title Title
2649 * @return WatchedItem
2650 */
2656 }
2660 }
2664 }
2666 /**
2667 * Check the watched status of an article.
2668 * @param $title Title of the article to look at
2669 * @return Bool
2670 */
2673 }
2675 /**
2676 * Watch an article.
2677 * @param $title Title of the article to look at
2678 */
2682 }
2684 /**
2685 * Stop watching an article.
2686 * @param $title Title of the article to look at
2687 */
2691 }
2693 /**
2694 * Clear the user's notification timestamp for the given title.
2695 * If e-notif e-mails are on, they will receive notification mails on
2696 * the next change of the page if it's watched etc.
2697 * @param $title Title of the article to look at
2698 */
2702 # Do nothing if the database is locked to writes
2705 }
2712 }
2716 }
2719 // Nothing else to do...
2721 }
2723 // Only update the timestamp if the page is being watched.
2724 // The query to find out if it is watched is cached both in memcached and per-invocation,
2725 // and when it does have to be executed, it can be on a slave
2726 // If this is the user's newtalk page, we always update the timestamp
2730 {
2732 }
2735 }
2737 /**
2738 * Resets all of the given user's page-change notification timestamps.
2739 * If e-notif e-mails are on, they will receive notification mails on
2740 * the next change of any watched page.
2741 */
2747 }
2756 ), __METHOD__
2757 );
2758 # We also need to clear here the "you have new message" notification for the own user_talk page
2759 # This is cleared one page view later in Article::viewUpdates();
2760 }
2761 }
2763 /**
2764 * Set this user's options from an encoded string
2765 * @param $str String Encoded options to import
2766 *
2767 * @deprecated in 1.19 due to removal of user_options from the user table
2768 */
2777 // If an option is not set in $str, use the default value
2786 }
2787 }
2788 }
2790 /**
2791 * Set a cookie on the user's client. Wrapper for
2792 * WebResponse::setCookie
2793 * @param $name String Name of the cookie to set
2794 * @param $value String Value to set
2795 * @param $exp Int Expiration time, as a UNIX time value;
2796 * if 0 or not specified, use the default $wgCookieExpiration
2797 * @param $secure Bool
2798 * true: Force setting the secure attribute when setting the cookie
2799 * false: Force NOT setting the secure attribute when setting the cookie
2800 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
2801 */
2804 }
2806 /**
2807 * Clear a cookie on the user's client
2808 * @param $name String Name of the cookie to clear
2809 */
2812 }
2814 /**
2815 * Set the default cookies for this session on the user's client.
2816 *
2817 * @param $request WebRequest object to use; $wgRequest will be used if null
2818 * is passed.
2819 * @param $secure Whether to force secure/insecure cookies or use default
2820 */
2824 }
2829 // When token is empty or NULL generate a new one and then save it to the database
2830 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
2831 // Simply by setting every cell in the user_token column to NULL and letting them be
2832 // regenerated as users log back into the wiki.
2835 }
2840 );
2844 );
2849 }
2855 }
2861 }
2862 }
2864 /**
2865 * If wpStickHTTPS was selected, also set an insecure cookie that
2866 * will cause the site to redirect the user to HTTPS, if they access
2867 * it over HTTP. Bug 29898.
2868 */
2871 }
2872 }
2874 /**
2875 * Log this user out.
2876 */
2880 }
2881 }
2883 /**
2884 * Clear the user's cookies and session, and reset the instance cache.
2885 * @see logout()
2886 */
2896 # Remember when user logged out, to prevent seeing cached pages
2898 }
2900 /**
2901 * Save this user's settings into the database.
2902 * @todo Only rarely do all these fields need to be set!
2903 */
2914 }
2932 ), __METHOD__
2933 );
2940 }
2942 /**
2943 * If only this user's username is known, and it exists, return the user ID.
2944 * @return Int
2945 */
2954 }
2956 }
2958 /**
2959 * Add a user to the database, return the user object
2960 *
2961 * @param $name String Username to add
2962 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2963 * - password The user's password hash. Password logins will be disabled if this is omitted.
2964 * - newpassword Hash for a temporary password that has been mailed to the user
2965 * - email The user's email address
2966 * - email_authenticated The email authentication timestamp
2967 * - real_name The user's real name
2968 * - options An associative array of non-default options
2969 * - token Random authentication token. Do not set.
2970 * - registration Registration timestamp. Do not set.
2971 *
2972 * @return User object, or null if the username already exists
2973 */
2980 }
2997 );
3000 }
3006 }
3008 }
3010 /**
3011 * Add this existing user object to the database. If the user already
3012 * exists, a fatal status object is returned, and the user object is
3013 * initialised with the data from the database.
3014 *
3015 * Previously, this function generated a DB error due to a key conflict
3016 * if the user already existed. Many extension callers use this function
3017 * in code along the lines of:
3018 *
3019 * $user = User::newFromName( $name );
3020 * if ( !$user->isLoggedIn() ) {
3021 * $user->addToDatabase();
3022 * }
3023 * // do something with $user...
3024 *
3025 * However, this was vulnerable to a race condition (bug 16020). By
3026 * initialising the user object if the user exists, we aim to support this
3027 * calling sequence as far as possible.
3028 *
3029 * Note that if the user exists, this function will acquire a write lock,
3030 * so it is still advisable to make the call conditional on isLoggedIn(),
3031 * and to commit the transaction after calling.
3032 *
3033 * @return Status
3034 */
3058 );
3066 }
3067 }
3071 }
3073 }
3076 // Clear instance cache other than user table data, which is already accurate
3081 }
3083 /**
3084 * If this user is logged-in and blocked,
3085 * block any IP address they've successfully logged in from.
3086 * @return bool A block was spread
3087 */
3091 }
3093 }
3095 /**
3096 * If this (non-anonymous) user is blocked,
3097 * block the IP address they've successfully logged in from.
3098 * @return bool A block was spread
3099 */
3105 }
3110 }
3113 }
3115 /**
3116 * Generate a string which will be different for any combination of
3117 * user options which would produce different parser output.
3118 * This will be used as part of the hash key for the parser cache,
3119 * so users with the same options can share the same cached data
3120 * safely.
3121 *
3122 * Extensions which require it should install 'PageRenderingHash' hook,
3123 * which will give them a chance to modify this key based on their own
3124 * settings.
3125 *
3126 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
3127 * @return String Page rendering hash
3128 */
3135 }
3137 // stubthreshold is only included below for completeness,
3138 // since it disables the parser cache, its value will always
3139 // be 0 when this function is called by parsercache.
3145 }
3149 // add in language specific options, if any
3153 // Since the skin could be overloading link(), it should be
3154 // included here but in practice, none of our skins do that.
3158 // Give a chance for extensions to modify the hash, if they have
3159 // extra options or other effects on the parser cache.
3162 // Make it a valid memcached key fragment
3166 }
3168 /**
3169 * Get whether the user is explicitly blocked from account creation.
3170 * @return Bool|Block
3171 */
3176 }
3178 # bug 13611: if the IP address the user is trying to create an account from is
3179 # blocked with createaccount disabled, prevent new account creation there even
3180 # when the user is logged in
3183 }
3184 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3187 }
3189 /**
3190 * Get whether the user is blocked from using Special:Emailuser.
3191 * @return Bool
3192 */
3196 }
3198 /**
3199 * Get whether the user is allowed to create an account.
3200 * @return Bool
3201 */
3204 }
3206 /**
3207 * Get this user's personal page title.
3208 *
3209 * @return Title: User's personal page title
3210 */
3213 }
3215 /**
3216 * Get this user's talk page title.
3217 *
3218 * @return Title: User's talk page title
3219 */
3223 }
3225 /**
3226 * Determine whether the user is a newbie. Newbies are either
3227 * anonymous IPs, or the most recently created accounts.
3228 * @return Bool
3229 */
3232 }
3234 /**
3235 * Check to see if the given clear-text password is one of the accepted passwords
3236 * @param $password String: user password.
3237 * @return Boolean: True if the given password is correct, otherwise False.
3238 */
3243 // Even though we stop people from creating passwords that
3244 // are shorter than this, doesn't mean people wont be able
3245 // to. Certain authentication plugins do NOT want to save
3246 // domain passwords in a mysql database, so we should
3247 // check this (in case $wgAuth->strict() is false).
3250 }
3255 /* Auth plugin doesn't allow local authentication */
3258 /* Auth plugin doesn't allow local authentication for this user name */
3260 }
3264 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3265 # Check for this with iconv
3269 {
3271 }
3272 }
3274 }
3276 /**
3277 * Check if the given clear-text password matches the temporary password
3278 * sent by e-mail for password reset operations.
3279 *
3280 * @param $plaintext string
3281 *
3282 * @return Boolean: True if matches, false otherwise
3283 */
3291 }
3296 }
3297 }
3299 /**
3300 * Alias for getEditToken.
3301 * @deprecated since 1.19, use getEditToken instead.
3302 *
3303 * @param $salt String|Array of Strings Optional function-specific data for hashing
3304 * @param $request WebRequest object to use or null to use $wgRequest
3305 * @return String The new edit token
3306 */
3310 }
3312 /**
3313 * Initialize (if necessary) and return a session token value
3314 * which can be used in edit forms to show that the user's
3315 * login credentials aren't being hijacked with a foreign form
3316 * submission.
3317 *
3318 * @since 1.19
3319 *
3320 * @param $salt String|Array of Strings Optional function-specific data for hashing
3321 * @param $request WebRequest object to use or null to use $wgRequest
3322 * @return String The new edit token
3323 */
3327 }
3336 }
3339 }
3341 }
3342 }
3344 /**
3345 * Generate a looking random token for various uses.
3346 *
3347 * @param $salt String Optional salt value
3348 * @return String The new random token
3349 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
3350 */
3353 }
3355 /**
3356 * Check given value against the token value stored in the session.
3357 * A match should confirm that the form was submitted from the
3358 * user's own login session, not a form submission from a third-party
3359 * site.
3360 *
3361 * @param $val String Input value to compare
3362 * @param $salt String Optional function-specific data for hashing
3363 * @param $request WebRequest object to use or null to use $wgRequest
3364 * @return Boolean: Whether the token matches
3365 */
3370 }
3372 }
3374 /**
3375 * Check given value against the token value stored in the session,
3376 * ignoring the suffix.
3377 *
3378 * @param $val String Input value to compare
3379 * @param $salt String Optional function-specific data for hashing
3380 * @param $request WebRequest object to use or null to use $wgRequest
3381 * @return Boolean: Whether the token matches
3382 */
3386 }
3388 /**
3389 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3390 * mail to the user's given address.
3391 *
3392 * @param $type String: message to send, either "created", "changed" or "set"
3393 * @return Status object
3394 */
3409 }
3420 }
3422 /**
3423 * Send an e-mail to this user's account. Does not check for
3424 * confirmed status or validity.
3425 *
3426 * @param $subject String Message subject
3427 * @param $body String Message body
3428 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3429 * @param $replyto String Reply-To address
3430 * @return Status
3431 */
3438 }
3442 }
3444 /**
3445 * Generate, store, and return a new e-mail confirmation code.
3446 * A hash (unsalted, since it's used as a key) is stored.
3447 *
3448 * @note Call saveSettings() after calling this function to commit
3449 * this change to the database.
3450 *
3451 * @param &$expiration \mixed Accepts the expiration time
3452 * @return String New token
3453 */
3465 }
3467 /**
3468 * Return a URL the user can use to confirm their email address.
3469 * @param $token String Accepts the email confirmation token
3470 * @return String New token URL
3471 */
3474 }
3476 /**
3477 * Return a URL the user can use to invalidate their email address.
3478 * @param $token String Accepts the email confirmation token
3479 * @return String New token URL
3480 */
3483 }
3485 /**
3486 * Internal function to format the e-mail validation/invalidation URLs.
3487 * This uses a quickie hack to use the
3488 * hardcoded English names of the Special: pages, for ASCII safety.
3489 *
3490 * @note Since these URLs get dropped directly into emails, using the
3491 * short English names avoids insanely long URL-encoded links, which
3492 * also sometimes can get corrupted in some browsers/mailers
3493 * (bug 6957 with Gmail and Internet Explorer).
3494 *
3495 * @param $page String Special page
3496 * @param $token String Token
3497 * @return String Formatted URL
3498 */
3500 // Hack to bypass localization of 'Special:'
3503 }
3505 /**
3506 * Mark the e-mail address confirmed.
3507 *
3508 * @note Call saveSettings() after calling this function to commit the change.
3509 *
3510 * @return bool
3511 */
3516 }
3518 /**
3519 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3520 * address if it was already confirmed.
3521 *
3522 * @note Call saveSettings() after calling this function to commit the change.
3523 * @return bool Returns true
3524 */
3532 }
3534 /**
3535 * Set the e-mail authentication timestamp.
3536 * @param $timestamp String TS_MW timestamp
3537 */
3541 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3542 }
3544 /**
3545 * Is this user allowed to send e-mails within limits of current
3546 * site configuration?
3547 * @return Bool
3548 */
3553 }
3557 }
3559 /**
3560 * Is this user allowed to receive e-mails within limits of current
3561 * site configuration?
3562 * @return Bool
3563 */
3566 }
3568 /**
3569 * Is this user's e-mail address valid-looking and confirmed within
3570 * limits of the current site configuration?
3571 *
3572 * @note If $wgEmailAuthentication is on, this may require the user to have
3573 * confirmed their address by returning a code or using a password
3574 * sent to the address from the wiki.
3575 *
3576 * @return Bool
3577 */
3585 }
3588 }
3591 }
3595 }
3596 }
3598 /**
3599 * Check whether there is an outstanding request for e-mail confirmation.
3600 * @return Bool
3601 */
3608 }
3610 /**
3611 * Get the timestamp of account creation.
3612 *
3613 * @return String|Bool Timestamp of account creation, or false for
3614 * non-existent/anonymous user accounts.
3615 */
3619 }
3622 }
3624 /**
3625 * Get the timestamp of the first edit
3626 *
3627 * @return String|Bool Timestamp of first edit, or false for
3628 * non-existent/anonymous user accounts.
3629 */
3633 }
3637 __METHOD__,
3639 );
3642 }
3644 }
3646 /**
3647 * Get the permissions associated with a given list of groups
3648 *
3649 * @param $groups Array of Strings List of internal group names
3650 * @return Array of Strings List of permission key names for given groups combined
3651 */
3655 // grant every granted permission first
3659 // array_filter removes empty items
3661 }
3662 }
3663 // now revoke the revoked permissions
3668 }
3669 }
3671 }
3673 /**
3674 * Get all the groups who have a given permission
3675 *
3676 * @param $role String Role to check
3677 * @return Array of Strings List of internal group names with the given permission
3678 */
3685 }
3686 }
3688 }
3690 /**
3691 * Check, if the given group has the given permission
3692 *
3693 * @param $group String Group to check
3694 * @param $role String Role to check
3695 * @return bool
3696 */
3701 }
3703 /**
3704 * Get the localized descriptive name for a group, if it exists
3705 *
3706 * @param $group String Internal group name
3707 * @return String Localized descriptive group name
3708 */
3712 }
3714 /**
3715 * Get the localized descriptive name for a member of a group, if it exists
3716 *
3717 * @param $group String Internal group name
3718 * @param $username String Username for gender (since 1.19)
3719 * @return String Localized name for group member
3720 */
3724 }
3726 /**
3727 * Return the set of defined explicit groups.
3728 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3729 * are not included, as they are defined automatically, not in the database.
3730 * @return Array of internal group names
3731 */
3737 );
3738 }
3740 /**
3741 * Get a list of all available permissions.
3742 * @return Array of permission names
3743 */
3751 }
3753 }
3755 }
3757 /**
3758 * Get a list of implicit groups
3759 * @return Array of Strings Array of internal group names
3760 */
3764 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3766 }
3768 /**
3769 * Get the title of a page describing a particular group
3770 *
3771 * @param $group String Internal group name
3772 * @return Title|Bool Title of the page if it exists, false otherwise
3773 */
3780 }
3782 }
3784 /**
3785 * Create a link to the group in HTML, if available;
3786 * else return the group name.
3787 *
3788 * @param $group String Internal name of the group
3789 * @param $text String The text of the link
3790 * @return String HTML link to the group
3791 */
3795 }
3801 }
3802 }
3804 /**
3805 * Create a link to the group in Wikitext, if available;
3806 * else return the group name.
3807 *
3808 * @param $group String Internal name of the group
3809 * @param $text String The text of the link
3810 * @return String Wikilink to the group
3811 */
3815 }
3822 }
3823 }
3825 /**
3826 * Returns an array of the groups that a particular group can add/remove.
3827 *
3828 * @param $group String: the group to check for whether it can add/remove
3829 * @return Array array( 'add' => array( addablegroups ),
3830 * 'remove' => array( removablegroups ),
3831 * 'add-self' => array( addablegroups to self),
3832 * 'remove-self' => array( removable groups from self) )
3833 */
3837 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3839 // Don't add anything to $groups
3841 // You get everything
3845 }
3847 // Same thing for remove
3853 }
3855 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3860 }
3861 }
3862 }
3868 }
3869 }
3870 }
3872 // Now figure out what groups the user can add to him/herself
3875 // No idea WHY this would be used, but it's there
3879 }
3886 }
3889 }
3891 /**
3892 * Returns an array of groups that this user can add and remove
3893 * @return Array array( 'add' => array( addablegroups ),
3894 * 'remove' => array( removablegroups ),
3895 * 'add-self' => array( addablegroups to self),
3896 * 'remove-self' => array( removable groups from self) )
3897 */
3900 // This group gives the right to modify everything (reverse-
3901 // compatibility with old "userrights lets you change
3902 // everything")
3903 // Using array_merge to make the groups reindexed
3910 );
3911 }
3913 // Okay, it's not so simple, we will have to go through the arrays
3919 );
3925 );
3930 }
3932 }
3934 /**
3935 * Increment the user's edit-count field.
3936 * Will have no effect for anonymous users.
3937 */
3944 __METHOD__ );
3946 // Lazy initialization check...
3948 // Pull from a slave to be less cruel to servers
3949 // Accuracy isn't the point anyway here
3954 __METHOD__ );
3956 // Now here's a goddamn hack...
3958 // If we actually have a slave server, the count is
3959 // at least one behind because the current transaction
3960 // has not been committed and replicated.
3963 // But if DB_SLAVE is selecting the master, then the
3964 // count we just read includes the revision that was
3965 // just added in the working transaction.
3966 }
3971 __METHOD__ );
3972 }
3973 }
3974 // edit count in user cache too
3976 }
3978 /**
3979 * Get the description of a given right
3980 *
3981 * @param $right String Right to query
3982 * @return String Localized description of the right
3983 */
3988 }
3990 /**
3991 * Make an old-style password hash
3992 *
3993 * @param $password String Plain-text password
3994 * @param $userId String User ID
3995 * @return String Password hash
3996 */
4003 }
4004 }
4006 /**
4007 * Make a new-style password hash
4008 *
4009 * @param $password String Plain-text password
4010 * @param bool|string $salt Optional salt, may be random or the user ID.
4012 * If unspecified or false, will generate one automatically
4013 * @return String Password hash
4014 */
4019 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
4021 }
4026 }
4030 }
4031 }
4033 /**
4034 * Compare a password hash with a plain-text password. Requires the user
4035 * ID if there's a chance that the hash is an old-style hash.
4036 *
4037 * @param $hash String Password hash
4038 * @param $password String Plain-text password to compare
4039 * @param $userId String|bool User ID for old-style password salt
4040 *
4041 * @return Boolean
4042 */
4049 }
4052 # Unsalted
4055 # Salted
4059 # Old-style
4061 }
4062 }
4064 /**
4065 * Add a newuser log entry for this user. Before 1.19 the return value was always true.
4066 *
4067 * @param $byEmail Boolean: account made by email?
4068 * @param $reason String: user supplied reason
4069 *
4070 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
4071 */
4076 }
4088 }
4089 }
4090 }
4097 );
4098 }
4100 /**
4101 * Add an autocreate newuser log entry for this user
4102 * Used by things like CentralAuth and perhaps other authplugins.
4103 *
4104 * @return bool
4105 */
4110 }
4114 }
4116 /**
4117 * @todo document
4118 */
4126 }
4131 // For unlogged-in users, load language/variant options from request.
4132 // There's no need to do it for logged-in users: they can set preferences,
4133 // and handling of page content is done by $pageLang->getPreferredVariant() and such,
4134 // so don't override user's choice (especially when the user chooses site default).
4140 }
4142 // Maybe load from the object
4147 }
4150 // Load from database
4157 __METHOD__
4158 );
4164 }
4165 }
4170 }
4172 /**
4173 * @todo document
4174 */
4180 // Not using getOptions(), to keep hidden preferences in database
4183 // Allow hooks to abort, for instance to save to a global profile.
4184 // Reset options to default state before saving.
4187 }
4193 # Don't bother storing default values
4202 );
4203 }
4212 }
4213 }
4214 }
4219 }
4221 /**
4222 * Provide an array of HTML5 attributes to put on an input element
4223 * intended for the user to enter a new password. This may include
4224 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4225 *
4226 * Do *not* use this when asking the user to enter his current password!
4227 * Regardless of configuration, users may have invalid passwords for whatever
4228 * reason (e.g., they were set before requirements were tightened up).
4229 * Only use it when asking for a new password, like on account creation or
4230 * ResetPass.
4231 *
4232 * Obviously, you still need to do server-side checking.
4233 *
4234 * NOTE: A combination of bugs in various browsers means that this function
4235 * actually just returns array() unconditionally at the moment. May as
4236 * well keep it around for when the browser bugs get fixed, though.
4237 *
4238 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4239 *
4240 * @return array Array of HTML attributes suitable for feeding to
4241 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4242 * That will potentially output invalid XHTML 1.0 Transitional, and will
4243 * get confused by the boolean attribute syntax used.)
4244 */
4250 }
4252 # Note that the pattern requirement will always be satisfied if the
4253 # input is empty, so we need required in all cases.
4254 #
4255 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4256 # if e-mail confirmation is being used. Since HTML5 input validation
4257 # is b0rked anyway in some browsers, just return nothing. When it's
4258 # re-enabled, fix this code to not output required for e-mail
4259 # registration.
4260 #$ret = array( 'required' );
4263 # We can't actually do this right now, because Opera 9.6 will print out
4264 # the entered password visibly in its error message! When other
4265 # browsers add support for this attribute, or Opera fixes its support,
4266 # we can add support with a version check to avoid doing this on Opera
4267 # versions where it will be a problem. Reported to Opera as
4268 # DSK-262266, but they don't have a public bug tracker for us to follow.
4269 /*
4270 if ( $wgMinimalPasswordLength > 1 ) {
4271 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4272 $ret['title'] = wfMessage( 'passwordtooshort' )
4273 ->numParams( $wgMinimalPasswordLength )->text();
4274 }
4275 */
4278 }
4280 /**
4281 * Return the list of user fields that should be selected to create
4282 * a new user object.
4283 * @return array
4284 */
4301 );
4302 }
4303 }