search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make User::isBot() also check the "bot" right for sanity
[mediawiki.git] / includes / user / User.php
blobb62d2525ef604b76a16f70c318523a565d14b992
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\MediaWikiServices;
24 use MediaWiki\Session\SessionManager;
25 use MediaWiki\Session\Token;
26
27 /**
28 * String Some punctuation to prevent editing from broken text-mangling proxies.
29 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
30 * @ingroup Constants
31 */
32 define( 'EDIT_TOKEN_SUFFIX', Token::SUFFIX );
33
34 /**
35 * The User object encapsulates all of the user-specific settings (user_id,
36 * name, rights, email address, options, last login time). Client
37 * classes use the getXXX() functions to access these fields. These functions
38 * do all the work of determining whether the user is logged in,
39 * whether the requested option can be satisfied from cookies or
40 * whether a database query is needed. Most of the settings needed
41 * for rendering normal pages are set in the cookie to minimize use
42 * of the database.
43 */
44 class User implements IDBAccessObject {
45 /**
46 * @const int Number of characters in user_token field.
47 */
48 const TOKEN_LENGTH = 32;
49
50 /**
51 * @const string An invalid value for user_token
52 */
53 const INVALID_TOKEN = '*** INVALID ***';
54
55 /**
56 * Global constant made accessible as class constants so that autoloader
57 * magic can be used.
58 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
59 */
60 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
61
62 /**
63 * @const int Serialized record version.
64 */
65 const VERSION = 10;
66
67 /**
68 * Exclude user options that are set to their default value.
69 * @since 1.25
70 */
71 const GETOPTIONS_EXCLUDE_DEFAULTS = 1;
72
73 /**
74 * @since 1.27
75 */
76 const CHECK_USER_RIGHTS = true;
77
78 /**
79 * @since 1.27
80 */
81 const IGNORE_USER_RIGHTS = false;
82
83 /**
84 * Array of Strings List of member variables which are saved to the
85 * shared cache (memcached). Any operation which changes the
86 * corresponding database fields must call a cache-clearing function.
87 * @showinitializer
88 */
89 protected static $mCacheVars = [
90 // user table
91 'mId',
92 'mName',
93 'mRealName',
94 'mEmail',
95 'mTouched',
96 'mToken',
97 'mEmailAuthenticated',
98 'mEmailToken',
99 'mEmailTokenExpires',
100 'mRegistration',
101 'mEditCount',
102 // user_groups table
103 'mGroups',
104 // user_properties table
105 'mOptionOverrides',
106 ];
107
108 /**
109 * Array of Strings Core rights.
110 * Each of these should have a corresponding message of the form
111 * "right-$right".
112 * @showinitializer
113 */
114 protected static $mCoreRights = [
115 'apihighlimits',
116 'applychangetags',
117 'autoconfirmed',
118 'autocreateaccount',
119 'autopatrol',
120 'bigdelete',
121 'block',
122 'blockemail',
123 'bot',
124 'browsearchive',
125 'changetags',
126 'createaccount',
127 'createpage',
128 'createtalk',
129 'delete',
130 'deletedhistory',
131 'deletedtext',
132 'deletelogentry',
133 'deleterevision',
134 'edit',
135 'editcontentmodel',
136 'editinterface',
137 'editprotected',
138 'editmyoptions',
139 'editmyprivateinfo',
140 'editmyusercss',
141 'editmyuserjs',
142 'editmywatchlist',
143 'editsemiprotected',
144 'editusercssjs', # deprecated
145 'editusercss',
146 'edituserjs',
147 'hideuser',
148 'import',
149 'importupload',
150 'ipblock-exempt',
151 'managechangetags',
152 'markbotedits',
153 'mergehistory',
154 'minoredit',
155 'move',
156 'movefile',
157 'move-categorypages',
158 'move-rootuserpages',
159 'move-subpages',
160 'nominornewtalk',
161 'noratelimit',
162 'override-export-depth',
163 'pagelang',
164 'passwordreset',
165 'patrol',
166 'patrolmarks',
167 'protect',
168 'purge',
169 'read',
170 'reupload',
171 'reupload-own',
172 'reupload-shared',
173 'rollback',
174 'sendemail',
175 'siteadmin',
176 'suppressionlog',
177 'suppressredirect',
178 'suppressrevision',
179 'unblockself',
180 'undelete',
181 'unwatchedpages',
182 'upload',
183 'upload_by_url',
184 'userrights',
185 'userrights-interwiki',
186 'viewmyprivateinfo',
187 'viewmywatchlist',
188 'viewsuppressed',
189 'writeapi',
190 ];
191
192 /**
193 * String Cached results of getAllRights()
194 */
195 protected static $mAllRights = false;
196
197 /**
198 * An in-process cache for user data lookup
199 * @var HashBagOStuff
200 */
201 protected static $inProcessCache;
202
203 /** Cache variables */
204 // @{
205 /** @var int */
206 public $mId;
207 /** @var string */
208 public $mName;
209 /** @var string */
210 public $mRealName;
211
212 /** @var string */
213 public $mEmail;
214 /** @var string TS_MW timestamp from the DB */
215 public $mTouched;
216 /** @var string TS_MW timestamp from cache */
217 protected $mQuickTouched;
218 /** @var string */
219 protected $mToken;
220 /** @var string */
221 public $mEmailAuthenticated;
222 /** @var string */
223 protected $mEmailToken;
224 /** @var string */
225 protected $mEmailTokenExpires;
226 /** @var string */
227 protected $mRegistration;
228 /** @var int */
229 protected $mEditCount;
230 /** @var array */
231 public $mGroups;
232 /** @var array */
233 protected $mOptionOverrides;
234 // @}
235
236 /**
237 * Bool Whether the cache variables have been loaded.
238 */
239 // @{
240 public $mOptionsLoaded;
241
242 /**
243 * Array with already loaded items or true if all items have been loaded.
244 */
245 protected $mLoadedItems = [];
246 // @}
247
248 /**
249 * String Initialization data source if mLoadedItems!==true. May be one of:
250 * - 'defaults' anonymous user initialised from class defaults
251 * - 'name' initialise from mName
252 * - 'id' initialise from mId
253 * - 'session' log in from session if possible
254 *
255 * Use the User::newFrom*() family of functions to set this.
256 */
257 public $mFrom;
258
259 /**
260 * Lazy-initialized variables, invalidated with clearInstanceCache
261 */
262 protected $mNewtalk;
263 /** @var string */
264 protected $mDatePreference;
265 /** @var string */
266 public $mBlockedby;
267 /** @var string */
268 protected $mHash;
269 /** @var array */
270 public $mRights;
271 /** @var string */
272 protected $mBlockreason;
273 /** @var array */
274 protected $mEffectiveGroups;
275 /** @var array */
276 protected $mImplicitGroups;
277 /** @var array */
278 protected $mFormerGroups;
279 /** @var Block */
280 protected $mGlobalBlock;
281 /** @var bool */
282 protected $mLocked;
283 /** @var bool */
284 public $mHideName;
285 /** @var array */
286 public $mOptions;
287
288 /**
289 * @var WebRequest
290 */
291 private $mRequest;
292
293 /** @var Block */
294 public $mBlock;
295
296 /** @var bool */
297 protected $mAllowUsertalk;
298
299 /** @var Block */
300 private $mBlockedFromCreateAccount = false;
301
302 /** @var integer User::READ_* constant bitfield used to load data */
303 protected $queryFlagsUsed = self::READ_NORMAL;
304
305 public static $idCacheByName = [];
306
307 /**
308 * Lightweight constructor for an anonymous user.
309 * Use the User::newFrom* factory functions for other kinds of users.
310 *
311 * @see newFromName()
312 * @see newFromId()
313 * @see newFromConfirmationCode()
314 * @see newFromSession()
315 * @see newFromRow()
316 */
317 public function __construct() {
318 $this->clearInstanceCache( 'defaults' );
319 }
320
321 /**
322 * @return string
323 */
324 public function __toString() {
325 return $this->getName();
326 }
327
328 /**
329 * Test if it's safe to load this User object.
330 *
331 * You should typically check this before using $wgUser or
332 * RequestContext::getUser in a method that might be called before the
333 * system has been fully initialized. If the object is unsafe, you should
334 * use an anonymous user:
335 * \code
336 * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
337 * \endcode
338 *
339 * @since 1.27
340 * @return bool
341 */
342 public function isSafeToLoad() {
343 global $wgFullyInitialised;
344
345 // The user is safe to load if:
346 // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
347 // * mLoadedItems === true (already loaded)
348 // * mFrom !== 'session' (sessions not involved at all)
349
350 return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
351 $this->mLoadedItems === true || $this->mFrom !== 'session';
352 }
353
354 /**
355 * Load the user table data for this object from the source given by mFrom.
356 *
357 * @param integer $flags User::READ_* constant bitfield
358 */
359 public function load( $flags = self::READ_NORMAL ) {
360 global $wgFullyInitialised;
361
362 if ( $this->mLoadedItems === true ) {
363 return;
364 }
365
366 // Set it now to avoid infinite recursion in accessors
367 $oldLoadedItems = $this->mLoadedItems;
368 $this->mLoadedItems = true;
369 $this->queryFlagsUsed = $flags;
370
371 // If this is called too early, things are likely to break.
372 if ( !$wgFullyInitialised && $this->mFrom === 'session' ) {
373 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
374 ->warning( 'User::loadFromSession called before the end of Setup.php', [
375 'exception' => new Exception( 'User::loadFromSession called before the end of Setup.php' ),
376 ] );
377 $this->loadDefaults();
378 $this->mLoadedItems = $oldLoadedItems;
379 return;
380 }
381
382 switch ( $this->mFrom ) {
383 case 'defaults':
384 $this->loadDefaults();
385 break;
386 case 'name':
387 // Make sure this thread sees its own changes
388 if ( wfGetLB()->hasOrMadeRecentMasterChanges() ) {
389 $flags |= self::READ_LATEST;
390 $this->queryFlagsUsed = $flags;
391 }
392
393 $this->mId = self::idFromName( $this->mName, $flags );
394 if ( !$this->mId ) {
395 // Nonexistent user placeholder object
396 $this->loadDefaults( $this->mName );
397 } else {
398 $this->loadFromId( $flags );
399 }
400 break;
401 case 'id':
402 $this->loadFromId( $flags );
403 break;
404 case 'session':
405 if ( !$this->loadFromSession() ) {
406 // Loading from session failed. Load defaults.
407 $this->loadDefaults();
408 }
409 Hooks::run( 'UserLoadAfterLoadFromSession', [ $this ] );
410 break;
411 default:
412 throw new UnexpectedValueException(
413 "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
414 }
415 }
416
417 /**
418 * Load user table data, given mId has already been set.
419 * @param integer $flags User::READ_* constant bitfield
420 * @return bool False if the ID does not exist, true otherwise
421 */
422 public function loadFromId( $flags = self::READ_NORMAL ) {
423 if ( $this->mId == 0 ) {
424 $this->loadDefaults();
425 return false;
426 }
427
428 // Try cache (unless this needs data from the master DB).
429 // NOTE: if this thread called saveSettings(), the cache was cleared.
430 $latest = DBAccessObjectUtils::hasFlags( $flags, self::READ_LATEST );
431 if ( $latest || !$this->loadFromCache() ) {
432 wfDebug( "User: cache miss for user {$this->mId}\n" );
433 // Load from DB (make sure this thread sees its own changes)
434 if ( wfGetLB()->hasOrMadeRecentMasterChanges() ) {
435 $flags |= self::READ_LATEST;
436 }
437 if ( !$this->loadFromDatabase( $flags ) ) {
438 // Can't load from ID, user is anonymous
439 return false;
440 }
441 $this->saveToCache();
442 }
443
444 $this->mLoadedItems = true;
445 $this->queryFlagsUsed = $flags;
446
447 return true;
448 }
449
450 /**
451 * @since 1.27
452 * @param string $wikiId
453 * @param integer $userId
454 */
455 public static function purge( $wikiId, $userId ) {
456 $cache = ObjectCache::getMainWANInstance();
457 $processCache = self::getInProcessCache();
458 $key = $cache->makeGlobalKey( 'user', 'id', $wikiId, $userId );
459 $cache->delete( $key );
460 $processCache->delete( $key );
461 }
462
463 /**
464 * @since 1.27
465 * @param WANObjectCache $cache
466 * @return string
467 */
468 protected function getCacheKey( WANObjectCache $cache ) {
469 return $cache->makeGlobalKey( 'user', 'id', wfWikiID(), $this->mId );
470 }
471
472 /**
473 * @since 1.27
474 * @return HashBagOStuff
475 */
476 protected static function getInProcessCache() {
477 if ( !self::$inProcessCache ) {
478 self::$inProcessCache = new HashBagOStuff( [ 'maxKeys' => 10 ] );
479 }
480 return self::$inProcessCache;
481 }
482
483 /**
484 * Load user data from shared cache, given mId has already been set.
485 *
486 * @return bool false if the ID does not exist or data is invalid, true otherwise
487 * @since 1.25
488 */
489 protected function loadFromCache() {
490 if ( $this->mId == 0 ) {
491 $this->loadDefaults();
492 return false;
493 }
494
495 $cache = ObjectCache::getMainWANInstance();
496 $processCache = self::getInProcessCache();
497 $key = $this->getCacheKey( $cache );
498 $data = $processCache->get( $key );
499 if ( !is_array( $data ) ) {
500 $data = $cache->get( $key );
501 if ( !is_array( $data ) || $data['mVersion'] < self::VERSION ) {
502 // Object is expired
503 return false;
504 }
505 $processCache->set( $key, $data );
506 }
507 wfDebug( "User: got user {$this->mId} from cache\n" );
508
509 // Restore from cache
510 foreach ( self::$mCacheVars as $name ) {
511 $this->$name = $data[$name];
512 }
513
514 return true;
515 }
516
517 /**
518 * Save user data to the shared cache
519 *
520 * This method should not be called outside the User class
521 */
522 public function saveToCache() {
523 $this->load();
524 $this->loadGroups();
525 $this->loadOptions();
526
527 if ( $this->isAnon() ) {
528 // Anonymous users are uncached
529 return;
530 }
531
532 $data = [];
533 foreach ( self::$mCacheVars as $name ) {
534 $data[$name] = $this->$name;
535 }
536 $data['mVersion'] = self::VERSION;
537 $opts = Database::getCacheSetOptions( wfGetDB( DB_SLAVE ) );
538
539 $cache = ObjectCache::getMainWANInstance();
540 $processCache = self::getInProcessCache();
541 $key = $this->getCacheKey( $cache );
542 $cache->set( $key, $data, $cache::TTL_HOUR, $opts );
543 $processCache->set( $key, $data );
544 }
545
546 /** @name newFrom*() static factory methods */
547 // @{
548
549 /**
550 * Static factory method for creation from username.
551 *
552 * This is slightly less efficient than newFromId(), so use newFromId() if
553 * you have both an ID and a name handy.
554 *
555 * @param string $name Username, validated by Title::newFromText()
556 * @param string|bool $validate Validate username. Takes the same parameters as
557 * User::getCanonicalName(), except that true is accepted as an alias
558 * for 'valid', for BC.
559 *
560 * @return User|bool User object, or false if the username is invalid
561 * (e.g. if it contains illegal characters or is an IP address). If the
562 * username is not present in the database, the result will be a user object
563 * with a name, zero user ID and default settings.
564 */
565 public static function newFromName( $name, $validate = 'valid' ) {
566 if ( $validate === true ) {
567 $validate = 'valid';
568 }
569 $name = self::getCanonicalName( $name, $validate );
570 if ( $name === false ) {
571 return false;
572 } else {
573 // Create unloaded user object
574 $u = new User;
575 $u->mName = $name;
576 $u->mFrom = 'name';
577 $u->setItemLoaded( 'name' );
578 return $u;
579 }
580 }
581
582 /**
583 * Static factory method for creation from a given user ID.
584 *
585 * @param int $id Valid user ID
586 * @return User The corresponding User object
587 */
588 public static function newFromId( $id ) {
589 $u = new User;
590 $u->mId = $id;
591 $u->mFrom = 'id';
592 $u->setItemLoaded( 'id' );
593 return $u;
594 }
595
596 /**
597 * Factory method to fetch whichever user has a given email confirmation code.
598 * This code is generated when an account is created or its e-mail address
599 * has changed.
600 *
601 * If the code is invalid or has expired, returns NULL.
602 *
603 * @param string $code Confirmation code
604 * @param int $flags User::READ_* bitfield
605 * @return User|null
606 */
607 public static function newFromConfirmationCode( $code, $flags = 0 ) {
608 $db = ( $flags & self::READ_LATEST ) == self::READ_LATEST
609 ? wfGetDB( DB_MASTER )
610 : wfGetDB( DB_SLAVE );
611
612 $id = $db->selectField(
613 'user',
614 'user_id',
615 [
616 'user_email_token' => md5( $code ),
617 'user_email_token_expires > ' . $db->addQuotes( $db->timestamp() ),
618 ]
619 );
620
621 return $id ? User::newFromId( $id ) : null;
622 }
623
624 /**
625 * Create a new user object using data from session. If the login
626 * credentials are invalid, the result is an anonymous user.
627 *
628 * @param WebRequest|null $request Object to use; $wgRequest will be used if omitted.
629 * @return User
630 */
631 public static function newFromSession( WebRequest $request = null ) {
632 $user = new User;
633 $user->mFrom = 'session';
634 $user->mRequest = $request;
635 return $user;
636 }
637
638 /**
639 * Create a new user object from a user row.
640 * The row should have the following fields from the user table in it:
641 * - either user_name or user_id to load further data if needed (or both)
642 * - user_real_name
643 * - all other fields (email, etc.)
644 * It is useless to provide the remaining fields if either user_id,
645 * user_name and user_real_name are not provided because the whole row
646 * will be loaded once more from the database when accessing them.
647 *
648 * @param stdClass $row A row from the user table
649 * @param array $data Further data to load into the object (see User::loadFromRow for valid keys)
650 * @return User
651 */
652 public static function newFromRow( $row, $data = null ) {
653 $user = new User;
654 $user->loadFromRow( $row, $data );
655 return $user;
656 }
657
658 /**
659 * Static factory method for creation of a "system" user from username.
660 *
661 * A "system" user is an account that's used to attribute logged actions
662 * taken by MediaWiki itself, as opposed to a bot or human user. Examples
663 * might include the 'Maintenance script' or 'Conversion script' accounts
664 * used by various scripts in the maintenance/ directory or accounts such
665 * as 'MediaWiki message delivery' used by the MassMessage extension.
666 *
667 * This can optionally create the user if it doesn't exist, and "steal" the
668 * account if it does exist.
669 *
670 * @param string $name Username
671 * @param array $options Options are:
672 * - validate: As for User::getCanonicalName(), default 'valid'
673 * - create: Whether to create the user if it doesn't already exist, default true
674 * - steal: Whether to reset the account's password and email if it
675 * already exists, default false
676 * @return User|null
677 */
678 public static function newSystemUser( $name, $options = [] ) {
679 $options += [
680 'validate' => 'valid',
681 'create' => true,
682 'steal' => false,
683 ];
684
685 $name = self::getCanonicalName( $name, $options['validate'] );
686 if ( $name === false ) {
687 return null;
688 }
689
690 $dbw = wfGetDB( DB_MASTER );
691 $row = $dbw->selectRow(
692 'user',
693 array_merge(
694 self::selectFields(),
695 [ 'user_password', 'user_newpassword' ]
696 ),
697 [ 'user_name' => $name ],
698 __METHOD__
699 );
700 if ( !$row ) {
701 // No user. Create it?
702 return $options['create'] ? self::createNew( $name ) : null;
703 }
704 $user = self::newFromRow( $row );
705
706 // A user is considered to exist as a non-system user if it has a
707 // password set, or a temporary password set, or an email set, or a
708 // non-invalid token.
709 $passwordFactory = new PasswordFactory();
710 $passwordFactory->init( RequestContext::getMain()->getConfig() );
711 try {
712 $password = $passwordFactory->newFromCiphertext( $row->user_password );
713 } catch ( PasswordError $e ) {
714 wfDebug( 'Invalid password hash found in database.' );
715 $password = PasswordFactory::newInvalidPassword();
716 }
717 try {
718 $newpassword = $passwordFactory->newFromCiphertext( $row->user_newpassword );
719 } catch ( PasswordError $e ) {
720 wfDebug( 'Invalid password hash found in database.' );
721 $newpassword = PasswordFactory::newInvalidPassword();
722 }
723 if ( !$password instanceof InvalidPassword || !$newpassword instanceof InvalidPassword
724 || $user->mEmail || $user->mToken !== self::INVALID_TOKEN
725 ) {
726 // User exists. Steal it?
727 if ( !$options['steal'] ) {
728 return null;
729 }
730
731 $nopass = PasswordFactory::newInvalidPassword()->toString();
732
733 $dbw->update(
734 'user',
735 [
736 'user_password' => $nopass,
737 'user_newpassword' => $nopass,
738 'user_newpass_time' => null,
739 ],
740 [ 'user_id' => $user->getId() ],
741 __METHOD__
742 );
743 $user->invalidateEmail();
744 $user->mToken = self::INVALID_TOKEN;
745 $user->saveSettings();
746 SessionManager::singleton()->preventSessionsForUser( $user->getName() );
747 }
748
749 return $user;
750 }
751
752 // @}
753
754 /**
755 * Get the username corresponding to a given user ID
756 * @param int $id User ID
757 * @return string|bool The corresponding username
758 */
759 public static function whoIs( $id ) {
760 return UserCache::singleton()->getProp( $id, 'name' );
761 }
762
763 /**
764 * Get the real name of a user given their user ID
765 *
766 * @param int $id User ID
767 * @return string|bool The corresponding user's real name
768 */
769 public static function whoIsReal( $id ) {
770 return UserCache::singleton()->getProp( $id, 'real_name' );
771 }
772
773 /**
774 * Get database id given a user name
775 * @param string $name Username
776 * @param integer $flags User::READ_* constant bitfield
777 * @return int|null The corresponding user's ID, or null if user is nonexistent
778 */
779 public static function idFromName( $name, $flags = self::READ_NORMAL ) {
780 $nt = Title::makeTitleSafe( NS_USER, $name );
781 if ( is_null( $nt ) ) {
782 // Illegal name
783 return null;
784 }
785
786 if ( !( $flags & self::READ_LATEST ) && isset( self::$idCacheByName[$name] ) ) {
787 return self::$idCacheByName[$name];
788 }
789
790 $db = ( $flags & self::READ_LATEST )
791 ? wfGetDB( DB_MASTER )
792 : wfGetDB( DB_SLAVE );
793
794 $s = $db->selectRow(
795 'user',
796 [ 'user_id' ],
797 [ 'user_name' => $nt->getText() ],
798 __METHOD__
799 );
800
801 if ( $s === false ) {
802 $result = null;
803 } else {
804 $result = $s->user_id;
805 }
806
807 self::$idCacheByName[$name] = $result;
808
809 if ( count( self::$idCacheByName ) > 1000 ) {
810 self::$idCacheByName = [];
811 }
812
813 return $result;
814 }
815
816 /**
817 * Reset the cache used in idFromName(). For use in tests.
818 */
819 public static function resetIdByNameCache() {
820 self::$idCacheByName = [];
821 }
822
823 /**
824 * Does the string match an anonymous IPv4 address?
825 *
826 * This function exists for username validation, in order to reject
827 * usernames which are similar in form to IP addresses. Strings such
828 * as 300.300.300.300 will return true because it looks like an IP
829 * address, despite not being strictly valid.
830 *
831 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
832 * address because the usemod software would "cloak" anonymous IP
833 * addresses like this, if we allowed accounts like this to be created
834 * new users could get the old edits of these anonymous users.
835 *
836 * @param string $name Name to match
837 * @return bool
838 */
839 public static function isIP( $name ) {
840 return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name )
841 || IP::isIPv6( $name );
842 }
843
844 /**
845 * Is the input a valid username?
846 *
847 * Checks if the input is a valid username, we don't want an empty string,
848 * an IP address, anything that contains slashes (would mess up subpages),
849 * is longer than the maximum allowed username size or doesn't begin with
850 * a capital letter.
851 *
852 * @param string $name Name to match
853 * @return bool
854 */
855 public static function isValidUserName( $name ) {
856 global $wgContLang, $wgMaxNameChars;
857
858 if ( $name == ''
859 || User::isIP( $name )
860 || strpos( $name, '/' ) !== false
861 || strlen( $name ) > $wgMaxNameChars
862 || $name != $wgContLang->ucfirst( $name )
863 ) {
864 return false;
865 }
866
867 // Ensure that the name can't be misresolved as a different title,
868 // such as with extra namespace keys at the start.
869 $parsed = Title::newFromText( $name );
870 if ( is_null( $parsed )
871 || $parsed->getNamespace()
872 || strcmp( $name, $parsed->getPrefixedText() ) ) {
873 return false;
874 }
875
876 // Check an additional blacklist of troublemaker characters.
877 // Should these be merged into the title char list?
878 $unicodeBlacklist = '/[' .
879 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
880 '\x{00a0}' . # non-breaking space
881 '\x{2000}-\x{200f}' . # various whitespace
882 '\x{2028}-\x{202f}' . # breaks and control chars
883 '\x{3000}' . # ideographic space
884 '\x{e000}-\x{f8ff}' . # private use
885 ']/u';
886 if ( preg_match( $unicodeBlacklist, $name ) ) {
887 return false;
888 }
889
890 return true;
891 }
892
893 /**
894 * Usernames which fail to pass this function will be blocked
895 * from user login and new account registrations, but may be used
896 * internally by batch processes.
897 *
898 * If an account already exists in this form, login will be blocked
899 * by a failure to pass this function.
900 *
901 * @param string $name Name to match
902 * @return bool
903 */
904 public static function isUsableName( $name ) {
905 global $wgReservedUsernames;
906 // Must be a valid username, obviously ;)
907 if ( !self::isValidUserName( $name ) ) {
908 return false;
909 }
910
911 static $reservedUsernames = false;
912 if ( !$reservedUsernames ) {
913 $reservedUsernames = $wgReservedUsernames;
914 Hooks::run( 'UserGetReservedNames', [ &$reservedUsernames ] );
915 }
916
917 // Certain names may be reserved for batch processes.
918 foreach ( $reservedUsernames as $reserved ) {
919 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
920 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
921 }
922 if ( $reserved == $name ) {
923 return false;
924 }
925 }
926 return true;
927 }
928
929 /**
930 * Usernames which fail to pass this function will be blocked
931 * from new account registrations, but may be used internally
932 * either by batch processes or by user accounts which have
933 * already been created.
934 *
935 * Additional blacklisting may be added here rather than in
936 * isValidUserName() to avoid disrupting existing accounts.
937 *
938 * @param string $name String to match
939 * @return bool
940 */
941 public static function isCreatableName( $name ) {
942 global $wgInvalidUsernameCharacters;
943
944 // Ensure that the username isn't longer than 235 bytes, so that
945 // (at least for the builtin skins) user javascript and css files
946 // will work. (bug 23080)
947 if ( strlen( $name ) > 235 ) {
948 wfDebugLog( 'username', __METHOD__ .
949 ": '$name' invalid due to length" );
950 return false;
951 }
952
953 // Preg yells if you try to give it an empty string
954 if ( $wgInvalidUsernameCharacters !== '' ) {
955 if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
956 wfDebugLog( 'username', __METHOD__ .
957 ": '$name' invalid due to wgInvalidUsernameCharacters" );
958 return false;
959 }
960 }
961
962 return self::isUsableName( $name );
963 }
964
965 /**
966 * Is the input a valid password for this user?
967 *
968 * @param string $password Desired password
969 * @return bool
970 */
971 public function isValidPassword( $password ) {
972 // simple boolean wrapper for getPasswordValidity
973 return $this->getPasswordValidity( $password ) === true;
974 }
975
976 /**
977 * Given unvalidated password input, return error message on failure.
978 *
979 * @param string $password Desired password
980 * @return bool|string|array True on success, string or array of error message on failure
981 */
982 public function getPasswordValidity( $password ) {
983 $result = $this->checkPasswordValidity( $password );
984 if ( $result->isGood() ) {
985 return true;
986 } else {
987 $messages = [];
988 foreach ( $result->getErrorsByType( 'error' ) as $error ) {
989 $messages[] = $error['message'];
990 }
991 foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
992 $messages[] = $warning['message'];
993 }
994 if ( count( $messages ) === 1 ) {
995 return $messages[0];
996 }
997 return $messages;
998 }
999 }
1000
1001 /**
1002 * Check if this is a valid password for this user
1003 *
1004 * Create a Status object based on the password's validity.
1005 * The Status should be set to fatal if the user should not
1006 * be allowed to log in, and should have any errors that
1007 * would block changing the password.
1008 *
1009 * If the return value of this is not OK, the password
1010 * should not be checked. If the return value is not Good,
1011 * the password can be checked, but the user should not be
1012 * able to set their password to this.
1013 *
1014 * @param string $password Desired password
1015 * @param string $purpose one of 'login', 'create', 'reset'
1016 * @return Status
1017 * @since 1.23
1018 */
1019 public function checkPasswordValidity( $password, $purpose = 'login' ) {
1020 global $wgPasswordPolicy;
1021
1022 $upp = new UserPasswordPolicy(
1023 $wgPasswordPolicy['policies'],
1024 $wgPasswordPolicy['checks']
1025 );
1026
1027 $status = Status::newGood();
1028 $result = false; // init $result to false for the internal checks
1029
1030 if ( !Hooks::run( 'isValidPassword', [ $password, &$result, $this ] ) ) {
1031 $status->error( $result );
1032 return $status;
1033 }
1034
1035 if ( $result === false ) {
1036 $status->merge( $upp->checkUserPassword( $this, $password, $purpose ) );
1037 return $status;
1038 } elseif ( $result === true ) {
1039 return $status;
1040 } else {
1041 $status->error( $result );
1042 return $status; // the isValidPassword hook set a string $result and returned true
1043 }
1044 }
1045
1046 /**
1047 * Given unvalidated user input, return a canonical username, or false if
1048 * the username is invalid.
1049 * @param string $name User input
1050 * @param string|bool $validate Type of validation to use:
1051 * - false No validation
1052 * - 'valid' Valid for batch processes
1053 * - 'usable' Valid for batch processes and login
1054 * - 'creatable' Valid for batch processes, login and account creation
1055 *
1056 * @throws InvalidArgumentException
1057 * @return bool|string
1058 */
1059 public static function getCanonicalName( $name, $validate = 'valid' ) {
1060 // Force usernames to capital
1061 global $wgContLang;
1062 $name = $wgContLang->ucfirst( $name );
1063
1064 # Reject names containing '#'; these will be cleaned up
1065 # with title normalisation, but then it's too late to
1066 # check elsewhere
1067 if ( strpos( $name, '#' ) !== false ) {
1068 return false;
1069 }
1070
1071 // Clean up name according to title rules,
1072 // but only when validation is requested (bug 12654)
1073 $t = ( $validate !== false ) ?
1074 Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name );
1075 // Check for invalid titles
1076 if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
1077 return false;
1078 }
1079
1080 // Reject various classes of invalid names
1081 global $wgAuth;
1082 $name = $wgAuth->getCanonicalName( $t->getText() );
1083
1084 switch ( $validate ) {
1085 case false:
1086 break;
1087 case 'valid':
1088 if ( !User::isValidUserName( $name ) ) {
1089 $name = false;
1090 }
1091 break;
1092 case 'usable':
1093 if ( !User::isUsableName( $name ) ) {
1094 $name = false;
1095 }
1096 break;
1097 case 'creatable':
1098 if ( !User::isCreatableName( $name ) ) {
1099 $name = false;
1100 }
1101 break;
1102 default:
1103 throw new InvalidArgumentException(
1104 'Invalid parameter value for $validate in ' . __METHOD__ );
1105 }
1106 return $name;
1107 }
1108
1109 /**
1110 * Count the number of edits of a user
1111 *
1112 * @param int $uid User ID to check
1113 * @return int The user's edit count
1114 *
1115 * @deprecated since 1.21 in favour of User::getEditCount
1116 */
1117 public static function edits( $uid ) {
1118 wfDeprecated( __METHOD__, '1.21' );
1119 $user = self::newFromId( $uid );
1120 return $user->getEditCount();
1121 }
1122
1123 /**
1124 * Return a random password.
1125 *
1126 * @deprecated since 1.27, use PasswordFactory::generateRandomPasswordString()
1127 * @return string New random password
1128 */
1129 public static function randomPassword() {
1130 global $wgMinimalPasswordLength;
1131 return PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
1132 }
1133
1134 /**
1135 * Set cached properties to default.
1136 *
1137 * @note This no longer clears uncached lazy-initialised properties;
1138 * the constructor does that instead.
1139 *
1140 * @param string|bool $name
1141 */
1142 public function loadDefaults( $name = false ) {
1143 $this->mId = 0;
1144 $this->mName = $name;
1145 $this->mRealName = '';
1146 $this->mEmail = '';
1147 $this->mOptionOverrides = null;
1148 $this->mOptionsLoaded = false;
1149
1150 $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' )
1151 ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0;
1152 if ( $loggedOut !== 0 ) {
1153 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
1154 } else {
1155 $this->mTouched = '1'; # Allow any pages to be cached
1156 }
1157
1158 $this->mToken = null; // Don't run cryptographic functions till we need a token
1159 $this->mEmailAuthenticated = null;
1160 $this->mEmailToken = '';
1161 $this->mEmailTokenExpires = null;
1162 $this->mRegistration = wfTimestamp( TS_MW );
1163 $this->mGroups = [];
1164
1165 Hooks::run( 'UserLoadDefaults', [ $this, $name ] );
1166 }
1167
1168 /**
1169 * Return whether an item has been loaded.
1170 *
1171 * @param string $item Item to check. Current possibilities:
1172 * - id
1173 * - name
1174 * - realname
1175 * @param string $all 'all' to check if the whole object has been loaded
1176 * or any other string to check if only the item is available (e.g.
1177 * for optimisation)
1178 * @return bool
1179 */
1180 public function isItemLoaded( $item, $all = 'all' ) {
1181 return ( $this->mLoadedItems === true && $all === 'all' ) ||
1182 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
1183 }
1184
1185 /**
1186 * Set that an item has been loaded
1187 *
1188 * @param string $item
1189 */
1190 protected function setItemLoaded( $item ) {
1191 if ( is_array( $this->mLoadedItems ) ) {
1192 $this->mLoadedItems[$item] = true;
1193 }
1194 }
1195
1196 /**
1197 * Load user data from the session.
1198 *
1199 * @return bool True if the user is logged in, false otherwise.
1200 */
1201 private function loadFromSession() {
1202 // Deprecated hook
1203 $result = null;
1204 Hooks::run( 'UserLoadFromSession', [ $this, &$result ], '1.27' );
1205 if ( $result !== null ) {
1206 return $result;
1207 }
1208
1209 // MediaWiki\Session\Session already did the necessary authentication of the user
1210 // returned here, so just use it if applicable.
1211 $session = $this->getRequest()->getSession();
1212 $user = $session->getUser();
1213 if ( $user->isLoggedIn() ) {
1214 $this->loadFromUserObject( $user );
1215 // Other code expects these to be set in the session, so set them.
1216 $session->set( 'wsUserID', $this->getId() );
1217 $session->set( 'wsUserName', $this->getName() );
1218 $session->set( 'wsToken', $this->getToken() );
1219 return true;
1220 }
1221
1222 return false;
1223 }
1224
1225 /**
1226 * Load user and user_group data from the database.
1227 * $this->mId must be set, this is how the user is identified.
1228 *
1229 * @param integer $flags User::READ_* constant bitfield
1230 * @return bool True if the user exists, false if the user is anonymous
1231 */
1232 public function loadFromDatabase( $flags = self::READ_LATEST ) {
1233 // Paranoia
1234 $this->mId = intval( $this->mId );
1235
1236 // Anonymous user
1237 if ( !$this->mId ) {
1238 $this->loadDefaults();
1239 return false;
1240 }
1241
1242 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
1243 $db = wfGetDB( $index );
1244
1245 $s = $db->selectRow(
1246 'user',
1247 self::selectFields(),
1248 [ 'user_id' => $this->mId ],
1249 __METHOD__,
1250 $options
1251 );
1252
1253 $this->queryFlagsUsed = $flags;
1254 Hooks::run( 'UserLoadFromDatabase', [ $this, &$s ] );
1255
1256 if ( $s !== false ) {
1257 // Initialise user table data
1258 $this->loadFromRow( $s );
1259 $this->mGroups = null; // deferred
1260 $this->getEditCount(); // revalidation for nulls
1261 return true;
1262 } else {
1263 // Invalid user_id
1264 $this->mId = 0;
1265 $this->loadDefaults();
1266 return false;
1267 }
1268 }
1269
1270 /**
1271 * Initialize this object from a row from the user table.
1272 *
1273 * @param stdClass $row Row from the user table to load.
1274 * @param array $data Further user data to load into the object
1275 *
1276 * user_groups Array with groups out of the user_groups table
1277 * user_properties Array with properties out of the user_properties table
1278 */
1279 protected function loadFromRow( $row, $data = null ) {
1280 $all = true;
1281
1282 $this->mGroups = null; // deferred
1283
1284 if ( isset( $row->user_name ) ) {
1285 $this->mName = $row->user_name;
1286 $this->mFrom = 'name';
1287 $this->setItemLoaded( 'name' );
1288 } else {
1289 $all = false;
1290 }
1291
1292 if ( isset( $row->user_real_name ) ) {
1293 $this->mRealName = $row->user_real_name;
1294 $this->setItemLoaded( 'realname' );
1295 } else {
1296 $all = false;
1297 }
1298
1299 if ( isset( $row->user_id ) ) {
1300 $this->mId = intval( $row->user_id );
1301 $this->mFrom = 'id';
1302 $this->setItemLoaded( 'id' );
1303 } else {
1304 $all = false;
1305 }
1306
1307 if ( isset( $row->user_id ) && isset( $row->user_name ) ) {
1308 self::$idCacheByName[$row->user_name] = $row->user_id;
1309 }
1310
1311 if ( isset( $row->user_editcount ) ) {
1312 $this->mEditCount = $row->user_editcount;
1313 } else {
1314 $all = false;
1315 }
1316
1317 if ( isset( $row->user_touched ) ) {
1318 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1319 } else {
1320 $all = false;
1321 }
1322
1323 if ( isset( $row->user_token ) ) {
1324 // The definition for the column is binary(32), so trim the NULs
1325 // that appends. The previous definition was char(32), so trim
1326 // spaces too.
1327 $this->mToken = rtrim( $row->user_token, " \0" );
1328 if ( $this->mToken === '' ) {
1329 $this->mToken = null;
1330 }
1331 } else {
1332 $all = false;
1333 }
1334
1335 if ( isset( $row->user_email ) ) {
1336 $this->mEmail = $row->user_email;
1337 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1338 $this->mEmailToken = $row->user_email_token;
1339 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1340 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1341 } else {
1342 $all = false;
1343 }
1344
1345 if ( $all ) {
1346 $this->mLoadedItems = true;
1347 }
1348
1349 if ( is_array( $data ) ) {
1350 if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1351 $this->mGroups = $data['user_groups'];
1352 }
1353 if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1354 $this->loadOptions( $data['user_properties'] );
1355 }
1356 }
1357 }
1358
1359 /**
1360 * Load the data for this user object from another user object.
1361 *
1362 * @param User $user
1363 */
1364 protected function loadFromUserObject( $user ) {
1365 $user->load();
1366 $user->loadGroups();
1367 $user->loadOptions();
1368 foreach ( self::$mCacheVars as $var ) {
1369 $this->$var = $user->$var;
1370 }
1371 }
1372
1373 /**
1374 * Load the groups from the database if they aren't already loaded.
1375 */
1376 private function loadGroups() {
1377 if ( is_null( $this->mGroups ) ) {
1378 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
1379 ? wfGetDB( DB_MASTER )
1380 : wfGetDB( DB_SLAVE );
1381 $res = $db->select( 'user_groups',
1382 [ 'ug_group' ],
1383 [ 'ug_user' => $this->mId ],
1384 __METHOD__ );
1385 $this->mGroups = [];
1386 foreach ( $res as $row ) {
1387 $this->mGroups[] = $row->ug_group;
1388 }
1389 }
1390 }
1391
1392 /**
1393 * Add the user to the group if he/she meets given criteria.
1394 *
1395 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1396 * possible to remove manually via Special:UserRights. In such case it
1397 * will not be re-added automatically. The user will also not lose the
1398 * group if they no longer meet the criteria.
1399 *
1400 * @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
1401 *
1402 * @return array Array of groups the user has been promoted to.
1403 *
1404 * @see $wgAutopromoteOnce
1405 */
1406 public function addAutopromoteOnceGroups( $event ) {
1407 global $wgAutopromoteOnceLogInRC, $wgAuth;
1408
1409 if ( wfReadOnly() || !$this->getId() ) {
1410 return [];
1411 }
1412
1413 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1414 if ( !count( $toPromote ) ) {
1415 return [];
1416 }
1417
1418 if ( !$this->checkAndSetTouched() ) {
1419 return []; // raced out (bug T48834)
1420 }
1421
1422 $oldGroups = $this->getGroups(); // previous groups
1423 foreach ( $toPromote as $group ) {
1424 $this->addGroup( $group );
1425 }
1426 // update groups in external authentication database
1427 Hooks::run( 'UserGroupsChanged', [ $this, $toPromote, [], false, false ] );
1428 $wgAuth->updateExternalDBGroups( $this, $toPromote );
1429
1430 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1431
1432 $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1433 $logEntry->setPerformer( $this );
1434 $logEntry->setTarget( $this->getUserPage() );
1435 $logEntry->setParameters( [
1436 '4::oldgroups' => $oldGroups,
1437 '5::newgroups' => $newGroups,
1438 ] );
1439 $logid = $logEntry->insert();
1440 if ( $wgAutopromoteOnceLogInRC ) {
1441 $logEntry->publish( $logid );
1442 }
1443
1444 return $toPromote;
1445 }
1446
1447 /**
1448 * Bump user_touched if it didn't change since this object was loaded
1449 *
1450 * On success, the mTouched field is updated.
1451 * The user serialization cache is always cleared.
1452 *
1453 * @return bool Whether user_touched was actually updated
1454 * @since 1.26
1455 */
1456 protected function checkAndSetTouched() {
1457 $this->load();
1458
1459 if ( !$this->mId ) {
1460 return false; // anon
1461 }
1462
1463 // Get a new user_touched that is higher than the old one
1464 $oldTouched = $this->mTouched;
1465 $newTouched = $this->newTouchedTimestamp();
1466
1467 $dbw = wfGetDB( DB_MASTER );
1468 $dbw->update( 'user',
1469 [ 'user_touched' => $dbw->timestamp( $newTouched ) ],
1470 [
1471 'user_id' => $this->mId,
1472 'user_touched' => $dbw->timestamp( $oldTouched ) // CAS check
1473 ],
1474 __METHOD__
1475 );
1476 $success = ( $dbw->affectedRows() > 0 );
1477
1478 if ( $success ) {
1479 $this->mTouched = $newTouched;
1480 $this->clearSharedCache();
1481 } else {
1482 // Clears on failure too since that is desired if the cache is stale
1483 $this->clearSharedCache( 'refresh' );
1484 }
1485
1486 return $success;
1487 }
1488
1489 /**
1490 * Clear various cached data stored in this object. The cache of the user table
1491 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1492 *
1493 * @param bool|string $reloadFrom Reload user and user_groups table data from a
1494 * given source. May be "name", "id", "defaults", "session", or false for no reload.
1495 */
1496 public function clearInstanceCache( $reloadFrom = false ) {
1497 $this->mNewtalk = -1;
1498 $this->mDatePreference = null;
1499 $this->mBlockedby = -1; # Unset
1500 $this->mHash = false;
1501 $this->mRights = null;
1502 $this->mEffectiveGroups = null;
1503 $this->mImplicitGroups = null;
1504 $this->mGroups = null;
1505 $this->mOptions = null;
1506 $this->mOptionsLoaded = false;
1507 $this->mEditCount = null;
1508
1509 if ( $reloadFrom ) {
1510 $this->mLoadedItems = [];
1511 $this->mFrom = $reloadFrom;
1512 }
1513 }
1514
1515 /**
1516 * Combine the language default options with any site-specific options
1517 * and add the default language variants.
1518 *
1519 * @return array Array of String options
1520 */
1521 public static function getDefaultOptions() {
1522 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1523
1524 static $defOpt = null;
1525 if ( !defined( 'MW_PHPUNIT_TEST' ) && $defOpt !== null ) {
1526 // Disabling this for the unit tests, as they rely on being able to change $wgContLang
1527 // mid-request and see that change reflected in the return value of this function.
1528 // Which is insane and would never happen during normal MW operation
1529 return $defOpt;
1530 }
1531
1532 $defOpt = $wgDefaultUserOptions;
1533 // Default language setting
1534 $defOpt['language'] = $wgContLang->getCode();
1535 foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
1536 $defOpt[$langCode == $wgContLang->getCode() ? 'variant' : "variant-$langCode"] = $langCode;
1537 }
1538 $namespaces = MediaWikiServices::getInstance()->getSearchEngineConfig()->searchableNamespaces();
1539 foreach ( $namespaces as $nsnum => $nsname ) {
1540 $defOpt['searchNs' . $nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1541 }
1542 $defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
1543
1544 Hooks::run( 'UserGetDefaultOptions', [ &$defOpt ] );
1545
1546 return $defOpt;
1547 }
1548
1549 /**
1550 * Get a given default option value.
1551 *
1552 * @param string $opt Name of option to retrieve
1553 * @return string Default option value
1554 */
1555 public static function getDefaultOption( $opt ) {
1556 $defOpts = self::getDefaultOptions();
1557 if ( isset( $defOpts[$opt] ) ) {
1558 return $defOpts[$opt];
1559 } else {
1560 return null;
1561 }
1562 }
1563
1564 /**
1565 * Get blocking information
1566 * @param bool $bFromSlave Whether to check the slave database first.
1567 * To improve performance, non-critical checks are done against slaves.
1568 * Check when actually saving should be done against master.
1569 */
1570 private function getBlockedStatus( $bFromSlave = true ) {
1571 global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
1572
1573 if ( -1 != $this->mBlockedby ) {
1574 return;
1575 }
1576
1577 wfDebug( __METHOD__ . ": checking...\n" );
1578
1579 // Initialize data...
1580 // Otherwise something ends up stomping on $this->mBlockedby when
1581 // things get lazy-loaded later, causing false positive block hits
1582 // due to -1 !== 0. Probably session-related... Nothing should be
1583 // overwriting mBlockedby, surely?
1584 $this->load();
1585
1586 # We only need to worry about passing the IP address to the Block generator if the
1587 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1588 # know which IP address they're actually coming from
1589 $ip = null;
1590 if ( !$this->isAllowed( 'ipblock-exempt' ) ) {
1591 // $wgUser->getName() only works after the end of Setup.php. Until
1592 // then, assume it's a logged-out user.
1593 $globalUserName = $wgUser->isSafeToLoad()
1594 ? $wgUser->getName()
1595 : IP::sanitizeIP( $wgUser->getRequest()->getIP() );
1596 if ( $this->getName() === $globalUserName ) {
1597 $ip = $this->getRequest()->getIP();
1598 }
1599 }
1600
1601 // User/IP blocking
1602 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1603
1604 // Proxy blocking
1605 if ( !$block instanceof Block && $ip !== null && !in_array( $ip, $wgProxyWhitelist ) ) {
1606 // Local list
1607 if ( self::isLocallyBlockedProxy( $ip ) ) {
1608 $block = new Block;
1609 $block->setBlocker( wfMessage( 'proxyblocker' )->text() );
1610 $block->mReason = wfMessage( 'proxyblockreason' )->text();
1611 $block->setTarget( $ip );
1612 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1613 $block = new Block;
1614 $block->setBlocker( wfMessage( 'sorbs' )->text() );
1615 $block->mReason = wfMessage( 'sorbsreason' )->text();
1616 $block->setTarget( $ip );
1617 }
1618 }
1619
1620 // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
1621 if ( !$block instanceof Block
1622 && $wgApplyIpBlocksToXff
1623 && $ip !== null
1624 && !in_array( $ip, $wgProxyWhitelist )
1625 ) {
1626 $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1627 $xff = array_map( 'trim', explode( ',', $xff ) );
1628 $xff = array_diff( $xff, [ $ip ] );
1629 $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1630 $block = Block::chooseBlock( $xffblocks, $xff );
1631 if ( $block instanceof Block ) {
1632 # Mangle the reason to alert the user that the block
1633 # originated from matching the X-Forwarded-For header.
1634 $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->text();
1635 }
1636 }
1637
1638 if ( $block instanceof Block ) {
1639 wfDebug( __METHOD__ . ": Found block.\n" );
1640 $this->mBlock = $block;
1641 $this->mBlockedby = $block->getByName();
1642 $this->mBlockreason = $block->mReason;
1643 $this->mHideName = $block->mHideName;
1644 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1645 } else {
1646 $this->mBlockedby = '';
1647 $this->mHideName = 0;
1648 $this->mAllowUsertalk = false;
1649 }
1650
1651 // Extensions
1652 Hooks::run( 'GetBlockedStatus', [ &$this ] );
1653
1654 }
1655
1656 /**
1657 * Whether the given IP is in a DNS blacklist.
1658 *
1659 * @param string $ip IP to check
1660 * @param bool $checkWhitelist Whether to check the whitelist first
1661 * @return bool True if blacklisted.
1662 */
1663 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1664 global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1665
1666 if ( !$wgEnableDnsBlacklist ) {
1667 return false;
1668 }
1669
1670 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1671 return false;
1672 }
1673
1674 return $this->inDnsBlacklist( $ip, $wgDnsBlacklistUrls );
1675 }
1676
1677 /**
1678 * Whether the given IP is in a given DNS blacklist.
1679 *
1680 * @param string $ip IP to check
1681 * @param string|array $bases Array of Strings: URL of the DNS blacklist
1682 * @return bool True if blacklisted.
1683 */
1684 public function inDnsBlacklist( $ip, $bases ) {
1685
1686 $found = false;
1687 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1688 if ( IP::isIPv4( $ip ) ) {
1689 // Reverse IP, bug 21255
1690 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1691
1692 foreach ( (array)$bases as $base ) {
1693 // Make hostname
1694 // If we have an access key, use that too (ProjectHoneypot, etc.)
1695 $basename = $base;
1696 if ( is_array( $base ) ) {
1697 if ( count( $base ) >= 2 ) {
1698 // Access key is 1, base URL is 0
1699 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1700 } else {
1701 $host = "$ipReversed.{$base[0]}";
1702 }
1703 $basename = $base[0];
1704 } else {
1705 $host = "$ipReversed.$base";
1706 }
1707
1708 // Send query
1709 $ipList = gethostbynamel( $host );
1710
1711 if ( $ipList ) {
1712 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $basename!" );
1713 $found = true;
1714 break;
1715 } else {
1716 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $basename." );
1717 }
1718 }
1719 }
1720
1721 return $found;
1722 }
1723
1724 /**
1725 * Check if an IP address is in the local proxy list
1726 *
1727 * @param string $ip
1728 *
1729 * @return bool
1730 */
1731 public static function isLocallyBlockedProxy( $ip ) {
1732 global $wgProxyList;
1733
1734 if ( !$wgProxyList ) {
1735 return false;
1736 }
1737
1738 if ( !is_array( $wgProxyList ) ) {
1739 // Load from the specified file
1740 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1741 }
1742
1743 if ( !is_array( $wgProxyList ) ) {
1744 $ret = false;
1745 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1746 $ret = true;
1747 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1748 // Old-style flipped proxy list
1749 $ret = true;
1750 } else {
1751 $ret = false;
1752 }
1753 return $ret;
1754 }
1755
1756 /**
1757 * Is this user subject to rate limiting?
1758 *
1759 * @return bool True if rate limited
1760 */
1761 public function isPingLimitable() {
1762 global $wgRateLimitsExcludedIPs;
1763 if ( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1764 // No other good way currently to disable rate limits
1765 // for specific IPs. :P
1766 // But this is a crappy hack and should die.
1767 return false;
1768 }
1769 return !$this->isAllowed( 'noratelimit' );
1770 }
1771
1772 /**
1773 * Primitive rate limits: enforce maximum actions per time period
1774 * to put a brake on flooding.
1775 *
1776 * The method generates both a generic profiling point and a per action one
1777 * (suffix being "-$action".
1778 *
1779 * @note When using a shared cache like memcached, IP-address
1780 * last-hit counters will be shared across wikis.
1781 *
1782 * @param string $action Action to enforce; 'edit' if unspecified
1783 * @param int $incrBy Positive amount to increment counter by [defaults to 1]
1784 * @return bool True if a rate limiter was tripped
1785 */
1786 public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
1787 // Call the 'PingLimiter' hook
1788 $result = false;
1789 if ( !Hooks::run( 'PingLimiter', [ &$this, $action, &$result, $incrBy ] ) ) {
1790 return $result;
1791 }
1792
1793 global $wgRateLimits;
1794 if ( !isset( $wgRateLimits[$action] ) ) {
1795 return false;
1796 }
1797
1798 // Some groups shouldn't trigger the ping limiter, ever
1799 if ( !$this->isPingLimitable() ) {
1800 return false;
1801 }
1802
1803 $limits = $wgRateLimits[$action];
1804 $keys = [];
1805 $id = $this->getId();
1806 $userLimit = false;
1807 $isNewbie = $this->isNewbie();
1808
1809 if ( $id == 0 ) {
1810 // limits for anons
1811 if ( isset( $limits['anon'] ) ) {
1812 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1813 }
1814 } else {
1815 // limits for logged-in users
1816 if ( isset( $limits['user'] ) ) {
1817 $userLimit = $limits['user'];
1818 }
1819 // limits for newbie logged-in users
1820 if ( $isNewbie && isset( $limits['newbie'] ) ) {
1821 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1822 }
1823 }
1824
1825 // limits for anons and for newbie logged-in users
1826 if ( $isNewbie ) {
1827 // ip-based limits
1828 if ( isset( $limits['ip'] ) ) {
1829 $ip = $this->getRequest()->getIP();
1830 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1831 }
1832 // subnet-based limits
1833 if ( isset( $limits['subnet'] ) ) {
1834 $ip = $this->getRequest()->getIP();
1835 $subnet = IP::getSubnet( $ip );
1836 if ( $subnet !== false ) {
1837 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1838 }
1839 }
1840 }
1841
1842 // Check for group-specific permissions
1843 // If more than one group applies, use the group with the highest limit ratio (max/period)
1844 foreach ( $this->getGroups() as $group ) {
1845 if ( isset( $limits[$group] ) ) {
1846 if ( $userLimit === false
1847 || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
1848 ) {
1849 $userLimit = $limits[$group];
1850 }
1851 }
1852 }
1853
1854 // Set the user limit key
1855 if ( $userLimit !== false ) {
1856 list( $max, $period ) = $userLimit;
1857 wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
1858 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $userLimit;
1859 }
1860
1861 // ip-based limits for all ping-limitable users
1862 if ( isset( $limits['ip-all'] ) ) {
1863 $ip = $this->getRequest()->getIP();
1864 // ignore if user limit is more permissive
1865 if ( $isNewbie || $userLimit === false
1866 || $limits['ip-all'][0] / $limits['ip-all'][1] > $userLimit[0] / $userLimit[1] ) {
1867 $keys["mediawiki:limiter:$action:ip-all:$ip"] = $limits['ip-all'];
1868 }
1869 }
1870
1871 // subnet-based limits for all ping-limitable users
1872 if ( isset( $limits['subnet-all'] ) ) {
1873 $ip = $this->getRequest()->getIP();
1874 $subnet = IP::getSubnet( $ip );
1875 if ( $subnet !== false ) {
1876 // ignore if user limit is more permissive
1877 if ( $isNewbie || $userLimit === false
1878 || $limits['ip-all'][0] / $limits['ip-all'][1]
1879 > $userLimit[0] / $userLimit[1] ) {
1880 $keys["mediawiki:limiter:$action:subnet-all:$subnet"] = $limits['subnet-all'];
1881 }
1882 }
1883 }
1884
1885 $cache = ObjectCache::getLocalClusterInstance();
1886
1887 $triggered = false;
1888 foreach ( $keys as $key => $limit ) {
1889 list( $max, $period ) = $limit;
1890 $summary = "(limit $max in {$period}s)";
1891 $count = $cache->get( $key );
1892 // Already pinged?
1893 if ( $count ) {
1894 if ( $count >= $max ) {
1895 wfDebugLog( 'ratelimit', "User '{$this->getName()}' " .
1896 "(IP {$this->getRequest()->getIP()}) tripped $key at $count $summary" );
1897 $triggered = true;
1898 } else {
1899 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1900 }
1901 } else {
1902 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1903 if ( $incrBy > 0 ) {
1904 $cache->add( $key, 0, intval( $period ) ); // first ping
1905 }
1906 }
1907 if ( $incrBy > 0 ) {
1908 $cache->incr( $key, $incrBy );
1909 }
1910 }
1911
1912 return $triggered;
1913 }
1914
1915 /**
1916 * Check if user is blocked
1917 *
1918 * @param bool $bFromSlave Whether to check the slave database instead of
1919 * the master. Hacked from false due to horrible probs on site.
1920 * @return bool True if blocked, false otherwise
1921 */
1922 public function isBlocked( $bFromSlave = true ) {
1923 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1924 }
1925
1926 /**
1927 * Get the block affecting the user, or null if the user is not blocked
1928 *
1929 * @param bool $bFromSlave Whether to check the slave database instead of the master
1930 * @return Block|null
1931 */
1932 public function getBlock( $bFromSlave = true ) {
1933 $this->getBlockedStatus( $bFromSlave );
1934 return $this->mBlock instanceof Block ? $this->mBlock : null;
1935 }
1936
1937 /**
1938 * Check if user is blocked from editing a particular article
1939 *
1940 * @param Title $title Title to check
1941 * @param bool $bFromSlave Whether to check the slave database instead of the master
1942 * @return bool
1943 */
1944 public function isBlockedFrom( $title, $bFromSlave = false ) {
1945 global $wgBlockAllowsUTEdit;
1946
1947 $blocked = $this->isBlocked( $bFromSlave );
1948 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1949 // If a user's name is suppressed, they cannot make edits anywhere
1950 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
1951 && $title->getNamespace() == NS_USER_TALK ) {
1952 $blocked = false;
1953 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1954 }
1955
1956 Hooks::run( 'UserIsBlockedFrom', [ $this, $title, &$blocked, &$allowUsertalk ] );
1957
1958 return $blocked;
1959 }
1960
1961 /**
1962 * If user is blocked, return the name of the user who placed the block
1963 * @return string Name of blocker
1964 */
1965 public function blockedBy() {
1966 $this->getBlockedStatus();
1967 return $this->mBlockedby;
1968 }
1969
1970 /**
1971 * If user is blocked, return the specified reason for the block
1972 * @return string Blocking reason
1973 */
1974 public function blockedFor() {
1975 $this->getBlockedStatus();
1976 return $this->mBlockreason;
1977 }
1978
1979 /**
1980 * If user is blocked, return the ID for the block
1981 * @return int Block ID
1982 */
1983 public function getBlockId() {
1984 $this->getBlockedStatus();
1985 return ( $this->mBlock ? $this->mBlock->getId() : false );
1986 }
1987
1988 /**
1989 * Check if user is blocked on all wikis.
1990 * Do not use for actual edit permission checks!
1991 * This is intended for quick UI checks.
1992 *
1993 * @param string $ip IP address, uses current client if none given
1994 * @return bool True if blocked, false otherwise
1995 */
1996 public function isBlockedGlobally( $ip = '' ) {
1997 return $this->getGlobalBlock( $ip ) instanceof Block;
1998 }
1999
2000 /**
2001 * Check if user is blocked on all wikis.
2002 * Do not use for actual edit permission checks!
2003 * This is intended for quick UI checks.
2004 *
2005 * @param string $ip IP address, uses current client if none given
2006 * @return Block|null Block object if blocked, null otherwise
2007 * @throws FatalError
2008 * @throws MWException
2009 */
2010 public function getGlobalBlock( $ip = '' ) {
2011 if ( $this->mGlobalBlock !== null ) {
2012 return $this->mGlobalBlock ?: null;
2013 }
2014 // User is already an IP?
2015 if ( IP::isIPAddress( $this->getName() ) ) {
2016 $ip = $this->getName();
2017 } elseif ( !$ip ) {
2018 $ip = $this->getRequest()->getIP();
2019 }
2020 $blocked = false;
2021 $block = null;
2022 Hooks::run( 'UserIsBlockedGlobally', [ &$this, $ip, &$blocked, &$block ] );
2023
2024 if ( $blocked && $block === null ) {
2025 // back-compat: UserIsBlockedGlobally didn't have $block param first
2026 $block = new Block;
2027 $block->setTarget( $ip );
2028 }
2029
2030 $this->mGlobalBlock = $blocked ? $block : false;
2031 return $this->mGlobalBlock ?: null;
2032 }
2033
2034 /**
2035 * Check if user account is locked
2036 *
2037 * @return bool True if locked, false otherwise
2038 */
2039 public function isLocked() {
2040 if ( $this->mLocked !== null ) {
2041 return $this->mLocked;
2042 }
2043 global $wgAuth;
2044 $authUser = $wgAuth->getUserInstance( $this );
2045 $this->mLocked = (bool)$authUser->isLocked();
2046 Hooks::run( 'UserIsLocked', [ $this, &$this->mLocked ] );
2047 return $this->mLocked;
2048 }
2049
2050 /**
2051 * Check if user account is hidden
2052 *
2053 * @return bool True if hidden, false otherwise
2054 */
2055 public function isHidden() {
2056 if ( $this->mHideName !== null ) {
2057 return $this->mHideName;
2058 }
2059 $this->getBlockedStatus();
2060 if ( !$this->mHideName ) {
2061 global $wgAuth;
2062 $authUser = $wgAuth->getUserInstance( $this );
2063 $this->mHideName = (bool)$authUser->isHidden();
2064 Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] );
2065 }
2066 return $this->mHideName;
2067 }
2068
2069 /**
2070 * Get the user's ID.
2071 * @return int The user's ID; 0 if the user is anonymous or nonexistent
2072 */
2073 public function getId() {
2074 if ( $this->mId === null && $this->mName !== null && User::isIP( $this->mName ) ) {
2075 // Special case, we know the user is anonymous
2076 return 0;
2077 } elseif ( !$this->isItemLoaded( 'id' ) ) {
2078 // Don't load if this was initialized from an ID
2079 $this->load();
2080 }
2081
2082 return (int)$this->mId;
2083 }
2084
2085 /**
2086 * Set the user and reload all fields according to a given ID
2087 * @param int $v User ID to reload
2088 */
2089 public function setId( $v ) {
2090 $this->mId = $v;
2091 $this->clearInstanceCache( 'id' );
2092 }
2093
2094 /**
2095 * Get the user name, or the IP of an anonymous user
2096 * @return string User's name or IP address
2097 */
2098 public function getName() {
2099 if ( $this->isItemLoaded( 'name', 'only' ) ) {
2100 // Special case optimisation
2101 return $this->mName;
2102 } else {
2103 $this->load();
2104 if ( $this->mName === false ) {
2105 // Clean up IPs
2106 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
2107 }
2108 return $this->mName;
2109 }
2110 }
2111
2112 /**
2113 * Set the user name.
2114 *
2115 * This does not reload fields from the database according to the given
2116 * name. Rather, it is used to create a temporary "nonexistent user" for
2117 * later addition to the database. It can also be used to set the IP
2118 * address for an anonymous user to something other than the current
2119 * remote IP.
2120 *
2121 * @note User::newFromName() has roughly the same function, when the named user
2122 * does not exist.
2123 * @param string $str New user name to set
2124 */
2125 public function setName( $str ) {
2126 $this->load();
2127 $this->mName = $str;
2128 }
2129
2130 /**
2131 * Get the user's name escaped by underscores.
2132 * @return string Username escaped by underscores.
2133 */
2134 public function getTitleKey() {
2135 return str_replace( ' ', '_', $this->getName() );
2136 }
2137
2138 /**
2139 * Check if the user has new messages.
2140 * @return bool True if the user has new messages
2141 */
2142 public function getNewtalk() {
2143 $this->load();
2144
2145 // Load the newtalk status if it is unloaded (mNewtalk=-1)
2146 if ( $this->mNewtalk === -1 ) {
2147 $this->mNewtalk = false; # reset talk page status
2148
2149 // Check memcached separately for anons, who have no
2150 // entire User object stored in there.
2151 if ( !$this->mId ) {
2152 global $wgDisableAnonTalk;
2153 if ( $wgDisableAnonTalk ) {
2154 // Anon newtalk disabled by configuration.
2155 $this->mNewtalk = false;
2156 } else {
2157 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
2158 }
2159 } else {
2160 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
2161 }
2162 }
2163
2164 return (bool)$this->mNewtalk;
2165 }
2166
2167 /**
2168 * Return the data needed to construct links for new talk page message
2169 * alerts. If there are new messages, this will return an associative array
2170 * with the following data:
2171 * wiki: The database name of the wiki
2172 * link: Root-relative link to the user's talk page
2173 * rev: The last talk page revision that the user has seen or null. This
2174 * is useful for building diff links.
2175 * If there are no new messages, it returns an empty array.
2176 * @note This function was designed to accomodate multiple talk pages, but
2177 * currently only returns a single link and revision.
2178 * @return array
2179 */
2180 public function getNewMessageLinks() {
2181 $talks = [];
2182 if ( !Hooks::run( 'UserRetrieveNewTalks', [ &$this, &$talks ] ) ) {
2183 return $talks;
2184 } elseif ( !$this->getNewtalk() ) {
2185 return [];
2186 }
2187 $utp = $this->getTalkPage();
2188 $dbr = wfGetDB( DB_SLAVE );
2189 // Get the "last viewed rev" timestamp from the oldest message notification
2190 $timestamp = $dbr->selectField( 'user_newtalk',
2191 'MIN(user_last_timestamp)',
2192 $this->isAnon() ? [ 'user_ip' => $this->getName() ] : [ 'user_id' => $this->getId() ],
2193 __METHOD__ );
2194 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
2195 return [ [ 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ] ];
2196 }
2197
2198 /**
2199 * Get the revision ID for the last talk page revision viewed by the talk
2200 * page owner.
2201 * @return int|null Revision ID or null
2202 */
2203 public function getNewMessageRevisionId() {
2204 $newMessageRevisionId = null;
2205 $newMessageLinks = $this->getNewMessageLinks();
2206 if ( $newMessageLinks ) {
2207 // Note: getNewMessageLinks() never returns more than a single link
2208 // and it is always for the same wiki, but we double-check here in
2209 // case that changes some time in the future.
2210 if ( count( $newMessageLinks ) === 1
2211 && $newMessageLinks[0]['wiki'] === wfWikiID()
2212 && $newMessageLinks[0]['rev']
2213 ) {
2214 /** @var Revision $newMessageRevision */
2215 $newMessageRevision = $newMessageLinks[0]['rev'];
2216 $newMessageRevisionId = $newMessageRevision->getId();
2217 }
2218 }
2219 return $newMessageRevisionId;
2220 }
2221
2222 /**
2223 * Internal uncached check for new messages
2224 *
2225 * @see getNewtalk()
2226 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2227 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2228 * @return bool True if the user has new messages
2229 */
2230 protected function checkNewtalk( $field, $id ) {
2231 $dbr = wfGetDB( DB_SLAVE );
2232
2233 $ok = $dbr->selectField( 'user_newtalk', $field, [ $field => $id ], __METHOD__ );
2234
2235 return $ok !== false;
2236 }
2237
2238 /**
2239 * Add or update the new messages flag
2240 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2241 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2242 * @param Revision|null $curRev New, as yet unseen revision of the user talk page. Ignored if null.
2243 * @return bool True if successful, false otherwise
2244 */
2245 protected function updateNewtalk( $field, $id, $curRev = null ) {
2246 // Get timestamp of the talk page revision prior to the current one
2247 $prevRev = $curRev ? $curRev->getPrevious() : false;
2248 $ts = $prevRev ? $prevRev->getTimestamp() : null;
2249 // Mark the user as having new messages since this revision
2250 $dbw = wfGetDB( DB_MASTER );
2251 $dbw->insert( 'user_newtalk',
2252 [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ],
2253 __METHOD__,
2254 'IGNORE' );
2255 if ( $dbw->affectedRows() ) {
2256 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
2257 return true;
2258 } else {
2259 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
2260 return false;
2261 }
2262 }
2263
2264 /**
2265 * Clear the new messages flag for the given user
2266 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2267 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2268 * @return bool True if successful, false otherwise
2269 */
2270 protected function deleteNewtalk( $field, $id ) {
2271 $dbw = wfGetDB( DB_MASTER );
2272 $dbw->delete( 'user_newtalk',
2273 [ $field => $id ],
2274 __METHOD__ );
2275 if ( $dbw->affectedRows() ) {
2276 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
2277 return true;
2278 } else {
2279 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
2280 return false;
2281 }
2282 }
2283
2284 /**
2285 * Update the 'You have new messages!' status.
2286 * @param bool $val Whether the user has new messages
2287 * @param Revision $curRev New, as yet unseen revision of the user talk
2288 * page. Ignored if null or !$val.
2289 */
2290 public function setNewtalk( $val, $curRev = null ) {
2291 if ( wfReadOnly() ) {
2292 return;
2293 }
2294
2295 $this->load();
2296 $this->mNewtalk = $val;
2297
2298 if ( $this->isAnon() ) {
2299 $field = 'user_ip';
2300 $id = $this->getName();
2301 } else {
2302 $field = 'user_id';
2303 $id = $this->getId();
2304 }
2305
2306 if ( $val ) {
2307 $changed = $this->updateNewtalk( $field, $id, $curRev );
2308 } else {
2309 $changed = $this->deleteNewtalk( $field, $id );
2310 }
2311
2312 if ( $changed ) {
2313 $this->invalidateCache();
2314 }
2315 }
2316
2317 /**
2318 * Generate a current or new-future timestamp to be stored in the
2319 * user_touched field when we update things.
2320 * @return string Timestamp in TS_MW format
2321 */
2322 private function newTouchedTimestamp() {
2323 global $wgClockSkewFudge;
2324
2325 $time = wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2326 if ( $this->mTouched && $time <= $this->mTouched ) {
2327 $time = wfTimestamp( TS_MW, wfTimestamp( TS_UNIX, $this->mTouched ) + 1 );
2328 }
2329
2330 return $time;
2331 }
2332
2333 /**
2334 * Clear user data from memcached
2335 *
2336 * Use after applying updates to the database; caller's
2337 * responsibility to update user_touched if appropriate.
2338 *
2339 * Called implicitly from invalidateCache() and saveSettings().
2340 *
2341 * @param string $mode Use 'refresh' to clear now; otherwise before DB commit
2342 */
2343 public function clearSharedCache( $mode = 'changed' ) {
2344 if ( !$this->getId() ) {
2345 return;
2346 }
2347
2348 $cache = ObjectCache::getMainWANInstance();
2349 $processCache = self::getInProcessCache();
2350 $key = $this->getCacheKey( $cache );
2351 if ( $mode === 'refresh' ) {
2352 $cache->delete( $key, 1 );
2353 $processCache->delete( $key );
2354 } else {
2355 wfGetDB( DB_MASTER )->onTransactionPreCommitOrIdle(
2356 function() use ( $cache, $processCache, $key ) {
2357 $cache->delete( $key );
2358 $processCache->delete( $key );
2359 }
2360 );
2361 }
2362 }
2363
2364 /**
2365 * Immediately touch the user data cache for this account
2366 *
2367 * Calls touch() and removes account data from memcached
2368 */
2369 public function invalidateCache() {
2370 $this->touch();
2371 $this->clearSharedCache();
2372 }
2373
2374 /**
2375 * Update the "touched" timestamp for the user
2376 *
2377 * This is useful on various login/logout events when making sure that
2378 * a browser or proxy that has multiple tenants does not suffer cache
2379 * pollution where the new user sees the old users content. The value
2380 * of getTouched() is checked when determining 304 vs 200 responses.
2381 * Unlike invalidateCache(), this preserves the User object cache and
2382 * avoids database writes.
2383 *
2384 * @since 1.25
2385 */
2386 public function touch() {
2387 $id = $this->getId();
2388 if ( $id ) {
2389 $key = wfMemcKey( 'user-quicktouched', 'id', $id );
2390 ObjectCache::getMainWANInstance()->touchCheckKey( $key );
2391 $this->mQuickTouched = null;
2392 }
2393 }
2394
2395 /**
2396 * Validate the cache for this account.
2397 * @param string $timestamp A timestamp in TS_MW format
2398 * @return bool
2399 */
2400 public function validateCache( $timestamp ) {
2401 return ( $timestamp >= $this->getTouched() );
2402 }
2403
2404 /**
2405 * Get the user touched timestamp
2406 *
2407 * Use this value only to validate caches via inequalities
2408 * such as in the case of HTTP If-Modified-Since response logic
2409 *
2410 * @return string TS_MW Timestamp
2411 */
2412 public function getTouched() {
2413 $this->load();
2414
2415 if ( $this->mId ) {
2416 if ( $this->mQuickTouched === null ) {
2417 $key = wfMemcKey( 'user-quicktouched', 'id', $this->mId );
2418 $cache = ObjectCache::getMainWANInstance();
2419
2420 $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) );
2421 }
2422
2423 return max( $this->mTouched, $this->mQuickTouched );
2424 }
2425
2426 return $this->mTouched;
2427 }
2428
2429 /**
2430 * Get the user_touched timestamp field (time of last DB updates)
2431 * @return string TS_MW Timestamp
2432 * @since 1.26
2433 */
2434 public function getDBTouched() {
2435 $this->load();
2436
2437 return $this->mTouched;
2438 }
2439
2440 /**
2441 * @deprecated Removed in 1.27.
2442 * @return Password
2443 * @since 1.24
2444 */
2445 public function getPassword() {
2446 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2447 }
2448
2449 /**
2450 * @deprecated Removed in 1.27.
2451 * @return Password
2452 * @since 1.24
2453 */
2454 public function getTemporaryPassword() {
2455 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2456 }
2457
2458 /**
2459 * Set the password and reset the random token.
2460 * Calls through to authentication plugin if necessary;
2461 * will have no effect if the auth plugin refuses to
2462 * pass the change through or if the legal password
2463 * checks fail.
2464 *
2465 * As a special case, setting the password to null
2466 * wipes it, so the account cannot be logged in until
2467 * a new password is set, for instance via e-mail.
2468 *
2469 * @deprecated since 1.27. AuthManager is coming.
2470 * @param string $str New password to set
2471 * @throws PasswordError On failure
2472 * @return bool
2473 */
2474 public function setPassword( $str ) {
2475 global $wgAuth;
2476
2477 if ( $str !== null ) {
2478 if ( !$wgAuth->allowPasswordChange() ) {
2479 throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
2480 }
2481
2482 $status = $this->checkPasswordValidity( $str );
2483 if ( !$status->isGood() ) {
2484 throw new PasswordError( $status->getMessage()->text() );
2485 }
2486 }
2487
2488 if ( !$wgAuth->setPassword( $this, $str ) ) {
2489 throw new PasswordError( wfMessage( 'externaldberror' )->text() );
2490 }
2491
2492 $this->setOption( 'watchlisttoken', false );
2493 $this->setPasswordInternal( $str );
2494 SessionManager::singleton()->invalidateSessionsForUser( $this );
2495
2496 return true;
2497 }
2498
2499 /**
2500 * Set the password and reset the random token unconditionally.
2501 *
2502 * @deprecated since 1.27. AuthManager is coming.
2503 * @param string|null $str New password to set or null to set an invalid
2504 * password hash meaning that the user will not be able to log in
2505 * through the web interface.
2506 */
2507 public function setInternalPassword( $str ) {
2508 global $wgAuth;
2509
2510 if ( $wgAuth->allowSetLocalPassword() ) {
2511 $this->setOption( 'watchlisttoken', false );
2512 $this->setPasswordInternal( $str );
2513 SessionManager::singleton()->invalidateSessionsForUser( $this );
2514 }
2515 }
2516
2517 /**
2518 * Actually set the password and such
2519 * @since 1.27 cannot set a password for a user not in the database
2520 * @param string|null $str New password to set or null to set an invalid
2521 * password hash meaning that the user will not be able to log in
2522 * through the web interface.
2523 */
2524 private function setPasswordInternal( $str ) {
2525 $id = self::idFromName( $this->getName(), self::READ_LATEST );
2526 if ( $id == 0 ) {
2527 throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2528 }
2529
2530 $passwordFactory = new PasswordFactory();
2531 $passwordFactory->init( RequestContext::getMain()->getConfig() );
2532 $dbw = wfGetDB( DB_MASTER );
2533 $dbw->update(
2534 'user',
2535 [
2536 'user_password' => $passwordFactory->newFromPlaintext( $str )->toString(),
2537 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(),
2538 'user_newpass_time' => $dbw->timestampOrNull( null ),
2539 ],
2540 [
2541 'user_id' => $id,
2542 ],
2543 __METHOD__
2544 );
2545
2546 // When the main password is changed, invalidate all bot passwords too
2547 BotPassword::invalidateAllPasswordsForUser( $this->getName() );
2548 }
2549
2550 /**
2551 * Get the user's current token.
2552 * @param bool $forceCreation Force the generation of a new token if the
2553 * user doesn't have one (default=true for backwards compatibility).
2554 * @return string|null Token
2555 */
2556 public function getToken( $forceCreation = true ) {
2557 global $wgAuthenticationTokenVersion;
2558
2559 $this->load();
2560 if ( !$this->mToken && $forceCreation ) {
2561 $this->setToken();
2562 }
2563
2564 if ( !$this->mToken ) {
2565 // The user doesn't have a token, return null to indicate that.
2566 return null;
2567 } elseif ( $this->mToken === self::INVALID_TOKEN ) {
2568 // We return a random value here so existing token checks are very
2569 // likely to fail.
2570 return MWCryptRand::generateHex( self::TOKEN_LENGTH );
2571 } elseif ( $wgAuthenticationTokenVersion === null ) {
2572 // $wgAuthenticationTokenVersion not in use, so return the raw secret
2573 return $this->mToken;
2574 } else {
2575 // $wgAuthenticationTokenVersion in use, so hmac it.
2576 $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
2577
2578 // The raw hash can be overly long. Shorten it up.
2579 $len = max( 32, self::TOKEN_LENGTH );
2580 if ( strlen( $ret ) < $len ) {
2581 // Should never happen, even md5 is 128 bits
2582 throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
2583 }
2584 return substr( $ret, -$len );
2585 }
2586 }
2587
2588 /**
2589 * Set the random token (used for persistent authentication)
2590 * Called from loadDefaults() among other places.
2591 *
2592 * @param string|bool $token If specified, set the token to this value
2593 */
2594 public function setToken( $token = false ) {
2595 $this->load();
2596 if ( $this->mToken === self::INVALID_TOKEN ) {
2597 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
2598 ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" );
2599 } elseif ( !$token ) {
2600 $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
2601 } else {
2602 $this->mToken = $token;
2603 }
2604 }
2605
2606 /**
2607 * Set the password for a password reminder or new account email
2608 *
2609 * @deprecated since 1.27, AuthManager is coming
2610 * @param string $str New password to set or null to set an invalid
2611 * password hash meaning that the user will not be able to use it
2612 * @param bool $throttle If true, reset the throttle timestamp to the present
2613 */
2614 public function setNewpassword( $str, $throttle = true ) {
2615 $id = $this->getId();
2616 if ( $id == 0 ) {
2617 throw new LogicException( 'Cannot set new password for a user that is not in the database.' );
2618 }
2619
2620 $dbw = wfGetDB( DB_MASTER );
2621
2622 $passwordFactory = new PasswordFactory();
2623 $passwordFactory->init( RequestContext::getMain()->getConfig() );
2624 $update = [
2625 'user_newpassword' => $passwordFactory->newFromPlaintext( $str )->toString(),
2626 ];
2627
2628 if ( $str === null ) {
2629 $update['user_newpass_time'] = null;
2630 } elseif ( $throttle ) {
2631 $update['user_newpass_time'] = $dbw->timestamp();
2632 }
2633
2634 $dbw->update( 'user', $update, [ 'user_id' => $id ], __METHOD__ );
2635 }
2636
2637 /**
2638 * Has password reminder email been sent within the last
2639 * $wgPasswordReminderResendTime hours?
2640 * @return bool
2641 */
2642 public function isPasswordReminderThrottled() {
2643 global $wgPasswordReminderResendTime;
2644
2645 if ( !$wgPasswordReminderResendTime ) {
2646 return false;
2647 }
2648
2649 $this->load();
2650
2651 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
2652 ? wfGetDB( DB_MASTER )
2653 : wfGetDB( DB_SLAVE );
2654 $newpassTime = $db->selectField(
2655 'user',
2656 'user_newpass_time',
2657 [ 'user_id' => $this->getId() ],
2658 __METHOD__
2659 );
2660
2661 if ( $newpassTime === null ) {
2662 return false;
2663 }
2664 $expiry = wfTimestamp( TS_UNIX, $newpassTime ) + $wgPasswordReminderResendTime * 3600;
2665 return time() < $expiry;
2666 }
2667
2668 /**
2669 * Get the user's e-mail address
2670 * @return string User's email address
2671 */
2672 public function getEmail() {
2673 $this->load();
2674 Hooks::run( 'UserGetEmail', [ $this, &$this->mEmail ] );
2675 return $this->mEmail;
2676 }
2677
2678 /**
2679 * Get the timestamp of the user's e-mail authentication
2680 * @return string TS_MW timestamp
2681 */
2682 public function getEmailAuthenticationTimestamp() {
2683 $this->load();
2684 Hooks::run( 'UserGetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
2685 return $this->mEmailAuthenticated;
2686 }
2687
2688 /**
2689 * Set the user's e-mail address
2690 * @param string $str New e-mail address
2691 */
2692 public function setEmail( $str ) {
2693 $this->load();
2694 if ( $str == $this->mEmail ) {
2695 return;
2696 }
2697 $this->invalidateEmail();
2698 $this->mEmail = $str;
2699 Hooks::run( 'UserSetEmail', [ $this, &$this->mEmail ] );
2700 }
2701
2702 /**
2703 * Set the user's e-mail address and a confirmation mail if needed.
2704 *
2705 * @since 1.20
2706 * @param string $str New e-mail address
2707 * @return Status
2708 */
2709 public function setEmailWithConfirmation( $str ) {
2710 global $wgEnableEmail, $wgEmailAuthentication;
2711
2712 if ( !$wgEnableEmail ) {
2713 return Status::newFatal( 'emaildisabled' );
2714 }
2715
2716 $oldaddr = $this->getEmail();
2717 if ( $str === $oldaddr ) {
2718 return Status::newGood( true );
2719 }
2720
2721 $type = $oldaddr != '' ? 'changed' : 'set';
2722 $notificationResult = null;
2723
2724 if ( $wgEmailAuthentication ) {
2725 // Send the user an email notifying the user of the change in registered
2726 // email address on their previous email address
2727 if ( $type == 'changed' ) {
2728 $change = $str != '' ? 'changed' : 'removed';
2729 $notificationResult = $this->sendMail(
2730 wfMessage( 'notificationemail_subject_' . $change )->text(),
2731 wfMessage( 'notificationemail_body_' . $change,
2732 $this->getRequest()->getIP(),
2733 $this->getName(),
2734 $str )->text()
2735 );
2736 }
2737 }
2738
2739 $this->setEmail( $str );
2740
2741 if ( $str !== '' && $wgEmailAuthentication ) {
2742 // Send a confirmation request to the new address if needed
2743 $result = $this->sendConfirmationMail( $type );
2744
2745 if ( $notificationResult !== null ) {
2746 $result->merge( $notificationResult );
2747 }
2748
2749 if ( $result->isGood() ) {
2750 // Say to the caller that a confirmation and notification mail has been sent
2751 $result->value = 'eauth';
2752 }
2753 } else {
2754 $result = Status::newGood( true );
2755 }
2756
2757 return $result;
2758 }
2759
2760 /**
2761 * Get the user's real name
2762 * @return string User's real name
2763 */
2764 public function getRealName() {
2765 if ( !$this->isItemLoaded( 'realname' ) ) {
2766 $this->load();
2767 }
2768
2769 return $this->mRealName;
2770 }
2771
2772 /**
2773 * Set the user's real name
2774 * @param string $str New real name
2775 */
2776 public function setRealName( $str ) {
2777 $this->load();
2778 $this->mRealName = $str;
2779 }
2780
2781 /**
2782 * Get the user's current setting for a given option.
2783 *
2784 * @param string $oname The option to check
2785 * @param string $defaultOverride A default value returned if the option does not exist
2786 * @param bool $ignoreHidden Whether to ignore the effects of $wgHiddenPrefs
2787 * @return string User's current value for the option
2788 * @see getBoolOption()
2789 * @see getIntOption()
2790 */
2791 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2792 global $wgHiddenPrefs;
2793 $this->loadOptions();
2794
2795 # We want 'disabled' preferences to always behave as the default value for
2796 # users, even if they have set the option explicitly in their settings (ie they
2797 # set it, and then it was disabled removing their ability to change it). But
2798 # we don't want to erase the preferences in the database in case the preference
2799 # is re-enabled again. So don't touch $mOptions, just override the returned value
2800 if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
2801 return self::getDefaultOption( $oname );
2802 }
2803
2804 if ( array_key_exists( $oname, $this->mOptions ) ) {
2805 return $this->mOptions[$oname];
2806 } else {
2807 return $defaultOverride;
2808 }
2809 }
2810
2811 /**
2812 * Get all user's options
2813 *
2814 * @param int $flags Bitwise combination of:
2815 * User::GETOPTIONS_EXCLUDE_DEFAULTS Exclude user options that are set
2816 * to the default value. (Since 1.25)
2817 * @return array
2818 */
2819 public function getOptions( $flags = 0 ) {
2820 global $wgHiddenPrefs;
2821 $this->loadOptions();
2822 $options = $this->mOptions;
2823
2824 # We want 'disabled' preferences to always behave as the default value for
2825 # users, even if they have set the option explicitly in their settings (ie they
2826 # set it, and then it was disabled removing their ability to change it). But
2827 # we don't want to erase the preferences in the database in case the preference
2828 # is re-enabled again. So don't touch $mOptions, just override the returned value
2829 foreach ( $wgHiddenPrefs as $pref ) {
2830 $default = self::getDefaultOption( $pref );
2831 if ( $default !== null ) {
2832 $options[$pref] = $default;
2833 }
2834 }
2835
2836 if ( $flags & self::GETOPTIONS_EXCLUDE_DEFAULTS ) {
2837 $options = array_diff_assoc( $options, self::getDefaultOptions() );
2838 }
2839
2840 return $options;
2841 }
2842
2843 /**
2844 * Get the user's current setting for a given option, as a boolean value.
2845 *
2846 * @param string $oname The option to check
2847 * @return bool User's current value for the option
2848 * @see getOption()
2849 */
2850 public function getBoolOption( $oname ) {
2851 return (bool)$this->getOption( $oname );
2852 }
2853
2854 /**
2855 * Get the user's current setting for a given option, as an integer value.
2856 *
2857 * @param string $oname The option to check
2858 * @param int $defaultOverride A default value returned if the option does not exist
2859 * @return int User's current value for the option
2860 * @see getOption()
2861 */
2862 public function getIntOption( $oname, $defaultOverride = 0 ) {
2863 $val = $this->getOption( $oname );
2864 if ( $val == '' ) {
2865 $val = $defaultOverride;
2866 }
2867 return intval( $val );
2868 }
2869
2870 /**
2871 * Set the given option for a user.
2872 *
2873 * You need to call saveSettings() to actually write to the database.
2874 *
2875 * @param string $oname The option to set
2876 * @param mixed $val New value to set
2877 */
2878 public function setOption( $oname, $val ) {
2879 $this->loadOptions();
2880
2881 // Explicitly NULL values should refer to defaults
2882 if ( is_null( $val ) ) {
2883 $val = self::getDefaultOption( $oname );
2884 }
2885
2886 $this->mOptions[$oname] = $val;
2887 }
2888
2889 /**
2890 * Get a token stored in the preferences (like the watchlist one),
2891 * resetting it if it's empty (and saving changes).
2892 *
2893 * @param string $oname The option name to retrieve the token from
2894 * @return string|bool User's current value for the option, or false if this option is disabled.
2895 * @see resetTokenFromOption()
2896 * @see getOption()
2897 * @deprecated 1.26 Applications should use the OAuth extension
2898 */
2899 public function getTokenFromOption( $oname ) {
2900 global $wgHiddenPrefs;
2901
2902 $id = $this->getId();
2903 if ( !$id || in_array( $oname, $wgHiddenPrefs ) ) {
2904 return false;
2905 }
2906
2907 $token = $this->getOption( $oname );
2908 if ( !$token ) {
2909 // Default to a value based on the user token to avoid space
2910 // wasted on storing tokens for all users. When this option
2911 // is set manually by the user, only then is it stored.
2912 $token = hash_hmac( 'sha1', "$oname:$id", $this->getToken() );
2913 }
2914
2915 return $token;
2916 }
2917
2918 /**
2919 * Reset a token stored in the preferences (like the watchlist one).
2920 * *Does not* save user's preferences (similarly to setOption()).
2921 *
2922 * @param string $oname The option name to reset the token in
2923 * @return string|bool New token value, or false if this option is disabled.
2924 * @see getTokenFromOption()
2925 * @see setOption()
2926 */
2927 public function resetTokenFromOption( $oname ) {
2928 global $wgHiddenPrefs;
2929 if ( in_array( $oname, $wgHiddenPrefs ) ) {
2930 return false;
2931 }
2932
2933 $token = MWCryptRand::generateHex( 40 );
2934 $this->setOption( $oname, $token );
2935 return $token;
2936 }
2937
2938 /**
2939 * Return a list of the types of user options currently returned by
2940 * User::getOptionKinds().
2941 *
2942 * Currently, the option kinds are:
2943 * - 'registered' - preferences which are registered in core MediaWiki or
2944 * by extensions using the UserGetDefaultOptions hook.
2945 * - 'registered-multiselect' - as above, using the 'multiselect' type.
2946 * - 'registered-checkmatrix' - as above, using the 'checkmatrix' type.
2947 * - 'userjs' - preferences with names starting with 'userjs-', intended to
2948 * be used by user scripts.
2949 * - 'special' - "preferences" that are not accessible via User::getOptions
2950 * or User::setOptions.
2951 * - 'unused' - preferences about which MediaWiki doesn't know anything.
2952 * These are usually legacy options, removed in newer versions.
2953 *
2954 * The API (and possibly others) use this function to determine the possible
2955 * option types for validation purposes, so make sure to update this when a
2956 * new option kind is added.
2957 *
2958 * @see User::getOptionKinds
2959 * @return array Option kinds
2960 */
2961 public static function listOptionKinds() {
2962 return [
2963 'registered',
2964 'registered-multiselect',
2965 'registered-checkmatrix',
2966 'userjs',
2967 'special',
2968 'unused'
2969 ];
2970 }
2971
2972 /**
2973 * Return an associative array mapping preferences keys to the kind of a preference they're
2974 * used for. Different kinds are handled differently when setting or reading preferences.
2975 *
2976 * See User::listOptionKinds for the list of valid option types that can be provided.
2977 *
2978 * @see User::listOptionKinds
2979 * @param IContextSource $context
2980 * @param array $options Assoc. array with options keys to check as keys.
2981 * Defaults to $this->mOptions.
2982 * @return array The key => kind mapping data
2983 */
2984 public function getOptionKinds( IContextSource $context, $options = null ) {
2985 $this->loadOptions();
2986 if ( $options === null ) {
2987 $options = $this->mOptions;
2988 }
2989
2990 $prefs = Preferences::getPreferences( $this, $context );
2991 $mapping = [];
2992
2993 // Pull out the "special" options, so they don't get converted as
2994 // multiselect or checkmatrix.
2995 $specialOptions = array_fill_keys( Preferences::getSaveBlacklist(), true );
2996 foreach ( $specialOptions as $name => $value ) {
2997 unset( $prefs[$name] );
2998 }
2999
3000 // Multiselect and checkmatrix options are stored in the database with
3001 // one key per option, each having a boolean value. Extract those keys.
3002 $multiselectOptions = [];
3003 foreach ( $prefs as $name => $info ) {
3004 if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
3005 ( isset( $info['class'] ) && $info['class'] == 'HTMLMultiSelectField' ) ) {
3006 $opts = HTMLFormField::flattenOptions( $info['options'] );
3007 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3008
3009 foreach ( $opts as $value ) {
3010 $multiselectOptions["$prefix$value"] = true;
3011 }
3012
3013 unset( $prefs[$name] );
3014 }
3015 }
3016 $checkmatrixOptions = [];
3017 foreach ( $prefs as $name => $info ) {
3018 if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
3019 ( isset( $info['class'] ) && $info['class'] == 'HTMLCheckMatrix' ) ) {
3020 $columns = HTMLFormField::flattenOptions( $info['columns'] );
3021 $rows = HTMLFormField::flattenOptions( $info['rows'] );
3022 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3023
3024 foreach ( $columns as $column ) {
3025 foreach ( $rows as $row ) {
3026 $checkmatrixOptions["$prefix$column-$row"] = true;
3027 }
3028 }
3029
3030 unset( $prefs[$name] );
3031 }
3032 }
3033
3034 // $value is ignored
3035 foreach ( $options as $key => $value ) {
3036 if ( isset( $prefs[$key] ) ) {
3037 $mapping[$key] = 'registered';
3038 } elseif ( isset( $multiselectOptions[$key] ) ) {
3039 $mapping[$key] = 'registered-multiselect';
3040 } elseif ( isset( $checkmatrixOptions[$key] ) ) {
3041 $mapping[$key] = 'registered-checkmatrix';
3042 } elseif ( isset( $specialOptions[$key] ) ) {
3043 $mapping[$key] = 'special';
3044 } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
3045 $mapping[$key] = 'userjs';
3046 } else {
3047 $mapping[$key] = 'unused';
3048 }
3049 }
3050
3051 return $mapping;
3052 }
3053
3054 /**
3055 * Reset certain (or all) options to the site defaults
3056 *
3057 * The optional parameter determines which kinds of preferences will be reset.
3058 * Supported values are everything that can be reported by getOptionKinds()
3059 * and 'all', which forces a reset of *all* preferences and overrides everything else.
3060 *
3061 * @param array|string $resetKinds Which kinds of preferences to reset. Defaults to
3062 * array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' )
3063 * for backwards-compatibility.
3064 * @param IContextSource|null $context Context source used when $resetKinds
3065 * does not contain 'all', passed to getOptionKinds().
3066 * Defaults to RequestContext::getMain() when null.
3067 */
3068 public function resetOptions(
3069 $resetKinds = [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ],
3070 IContextSource $context = null
3071 ) {
3072 $this->load();
3073 $defaultOptions = self::getDefaultOptions();
3074
3075 if ( !is_array( $resetKinds ) ) {
3076 $resetKinds = [ $resetKinds ];
3077 }
3078
3079 if ( in_array( 'all', $resetKinds ) ) {
3080 $newOptions = $defaultOptions;
3081 } else {
3082 if ( $context === null ) {
3083 $context = RequestContext::getMain();
3084 }
3085
3086 $optionKinds = $this->getOptionKinds( $context );
3087 $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
3088 $newOptions = [];
3089
3090 // Use default values for the options that should be deleted, and
3091 // copy old values for the ones that shouldn't.
3092 foreach ( $this->mOptions as $key => $value ) {
3093 if ( in_array( $optionKinds[$key], $resetKinds ) ) {
3094 if ( array_key_exists( $key, $defaultOptions ) ) {
3095 $newOptions[$key] = $defaultOptions[$key];
3096 }
3097 } else {
3098 $newOptions[$key] = $value;
3099 }
3100 }
3101 }
3102
3103 Hooks::run( 'UserResetAllOptions', [ $this, &$newOptions, $this->mOptions, $resetKinds ] );
3104
3105 $this->mOptions = $newOptions;
3106 $this->mOptionsLoaded = true;
3107 }
3108
3109 /**
3110 * Get the user's preferred date format.
3111 * @return string User's preferred date format
3112 */
3113 public function getDatePreference() {
3114 // Important migration for old data rows
3115 if ( is_null( $this->mDatePreference ) ) {
3116 global $wgLang;
3117 $value = $this->getOption( 'date' );
3118 $map = $wgLang->getDatePreferenceMigrationMap();
3119 if ( isset( $map[$value] ) ) {
3120 $value = $map[$value];
3121 }
3122 $this->mDatePreference = $value;
3123 }
3124 return $this->mDatePreference;
3125 }
3126
3127 /**
3128 * Determine based on the wiki configuration and the user's options,
3129 * whether this user must be over HTTPS no matter what.
3130 *
3131 * @return bool
3132 */
3133 public function requiresHTTPS() {
3134 global $wgSecureLogin;
3135 if ( !$wgSecureLogin ) {
3136 return false;
3137 } else {
3138 $https = $this->getBoolOption( 'prefershttps' );
3139 Hooks::run( 'UserRequiresHTTPS', [ $this, &$https ] );
3140 if ( $https ) {
3141 $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
3142 }
3143 return $https;
3144 }
3145 }
3146
3147 /**
3148 * Get the user preferred stub threshold
3149 *
3150 * @return int
3151 */
3152 public function getStubThreshold() {
3153 global $wgMaxArticleSize; # Maximum article size, in Kb
3154 $threshold = $this->getIntOption( 'stubthreshold' );
3155 if ( $threshold > $wgMaxArticleSize * 1024 ) {
3156 // If they have set an impossible value, disable the preference
3157 // so we can use the parser cache again.
3158 $threshold = 0;
3159 }
3160 return $threshold;
3161 }
3162
3163 /**
3164 * Get the permissions this user has.
3165 * @return array Array of String permission names
3166 */
3167 public function getRights() {
3168 if ( is_null( $this->mRights ) ) {
3169 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
3170
3171 // Deny any rights denied by the user's session, unless this
3172 // endpoint has no sessions.
3173 if ( !defined( 'MW_NO_SESSION' ) ) {
3174 $allowedRights = $this->getRequest()->getSession()->getAllowedUserRights();
3175 if ( $allowedRights !== null ) {
3176 $this->mRights = array_intersect( $this->mRights, $allowedRights );
3177 }
3178 }
3179
3180 Hooks::run( 'UserGetRights', [ $this, &$this->mRights ] );
3181 // Force reindexation of rights when a hook has unset one of them
3182 $this->mRights = array_values( array_unique( $this->mRights ) );
3183 }
3184 return $this->mRights;
3185 }
3186
3187 /**
3188 * Get the list of explicit group memberships this user has.
3189 * The implicit * and user groups are not included.
3190 * @return array Array of String internal group names
3191 */
3192 public function getGroups() {
3193 $this->load();
3194 $this->loadGroups();
3195 return $this->mGroups;
3196 }
3197
3198 /**
3199 * Get the list of implicit group memberships this user has.
3200 * This includes all explicit groups, plus 'user' if logged in,
3201 * '*' for all accounts, and autopromoted groups
3202 * @param bool $recache Whether to avoid the cache
3203 * @return array Array of String internal group names
3204 */
3205 public function getEffectiveGroups( $recache = false ) {
3206 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
3207 $this->mEffectiveGroups = array_unique( array_merge(
3208 $this->getGroups(), // explicit groups
3209 $this->getAutomaticGroups( $recache ) // implicit groups
3210 ) );
3211 // Hook for additional groups
3212 Hooks::run( 'UserEffectiveGroups', [ &$this, &$this->mEffectiveGroups ] );
3213 // Force reindexation of groups when a hook has unset one of them
3214 $this->mEffectiveGroups = array_values( array_unique( $this->mEffectiveGroups ) );
3215 }
3216 return $this->mEffectiveGroups;
3217 }
3218
3219 /**
3220 * Get the list of implicit group memberships this user has.
3221 * This includes 'user' if logged in, '*' for all accounts,
3222 * and autopromoted groups
3223 * @param bool $recache Whether to avoid the cache
3224 * @return array Array of String internal group names
3225 */
3226 public function getAutomaticGroups( $recache = false ) {
3227 if ( $recache || is_null( $this->mImplicitGroups ) ) {
3228 $this->mImplicitGroups = [ '*' ];
3229 if ( $this->getId() ) {
3230 $this->mImplicitGroups[] = 'user';
3231
3232 $this->mImplicitGroups = array_unique( array_merge(
3233 $this->mImplicitGroups,
3234 Autopromote::getAutopromoteGroups( $this )
3235 ) );
3236 }
3237 if ( $recache ) {
3238 // Assure data consistency with rights/groups,
3239 // as getEffectiveGroups() depends on this function
3240 $this->mEffectiveGroups = null;
3241 }
3242 }
3243 return $this->mImplicitGroups;
3244 }
3245
3246 /**
3247 * Returns the groups the user has belonged to.
3248 *
3249 * The user may still belong to the returned groups. Compare with getGroups().
3250 *
3251 * The function will not return groups the user had belonged to before MW 1.17
3252 *
3253 * @return array Names of the groups the user has belonged to.
3254 */
3255 public function getFormerGroups() {
3256 $this->load();
3257
3258 if ( is_null( $this->mFormerGroups ) ) {
3259 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
3260 ? wfGetDB( DB_MASTER )
3261 : wfGetDB( DB_SLAVE );
3262 $res = $db->select( 'user_former_groups',
3263 [ 'ufg_group' ],
3264 [ 'ufg_user' => $this->mId ],
3265 __METHOD__ );
3266 $this->mFormerGroups = [];
3267 foreach ( $res as $row ) {
3268 $this->mFormerGroups[] = $row->ufg_group;
3269 }
3270 }
3271
3272 return $this->mFormerGroups;
3273 }
3274
3275 /**
3276 * Get the user's edit count.
3277 * @return int|null Null for anonymous users
3278 */
3279 public function getEditCount() {
3280 if ( !$this->getId() ) {
3281 return null;
3282 }
3283
3284 if ( $this->mEditCount === null ) {
3285 /* Populate the count, if it has not been populated yet */
3286 $dbr = wfGetDB( DB_SLAVE );
3287 // check if the user_editcount field has been initialized
3288 $count = $dbr->selectField(
3289 'user', 'user_editcount',
3290 [ 'user_id' => $this->mId ],
3291 __METHOD__
3292 );
3293
3294 if ( $count === null ) {
3295 // it has not been initialized. do so.
3296 $count = $this->initEditCount();
3297 }
3298 $this->mEditCount = $count;
3299 }
3300 return (int)$this->mEditCount;
3301 }
3302
3303 /**
3304 * Add the user to the given group.
3305 * This takes immediate effect.
3306 * @param string $group Name of the group to add
3307 * @return bool
3308 */
3309 public function addGroup( $group ) {
3310 $this->load();
3311
3312 if ( !Hooks::run( 'UserAddGroup', [ $this, &$group ] ) ) {
3313 return false;
3314 }
3315
3316 $dbw = wfGetDB( DB_MASTER );
3317 if ( $this->getId() ) {
3318 $dbw->insert( 'user_groups',
3319 [
3320 'ug_user' => $this->getId(),
3321 'ug_group' => $group,
3322 ],
3323 __METHOD__,
3324 [ 'IGNORE' ] );
3325 }
3326
3327 $this->loadGroups();
3328 $this->mGroups[] = $group;
3329 // In case loadGroups was not called before, we now have the right twice.
3330 // Get rid of the duplicate.
3331 $this->mGroups = array_unique( $this->mGroups );
3332
3333 // Refresh the groups caches, and clear the rights cache so it will be
3334 // refreshed on the next call to $this->getRights().
3335 $this->getEffectiveGroups( true );
3336 $this->mRights = null;
3337
3338 $this->invalidateCache();
3339
3340 return true;
3341 }
3342
3343 /**
3344 * Remove the user from the given group.
3345 * This takes immediate effect.
3346 * @param string $group Name of the group to remove
3347 * @return bool
3348 */
3349 public function removeGroup( $group ) {
3350 $this->load();
3351 if ( !Hooks::run( 'UserRemoveGroup', [ $this, &$group ] ) ) {
3352 return false;
3353 }
3354
3355 $dbw = wfGetDB( DB_MASTER );
3356 $dbw->delete( 'user_groups',
3357 [
3358 'ug_user' => $this->getId(),
3359 'ug_group' => $group,
3360 ], __METHOD__
3361 );
3362 // Remember that the user was in this group
3363 $dbw->insert( 'user_former_groups',
3364 [
3365 'ufg_user' => $this->getId(),
3366 'ufg_group' => $group,
3367 ],
3368 __METHOD__,
3369 [ 'IGNORE' ]
3370 );
3371
3372 $this->loadGroups();
3373 $this->mGroups = array_diff( $this->mGroups, [ $group ] );
3374
3375 // Refresh the groups caches, and clear the rights cache so it will be
3376 // refreshed on the next call to $this->getRights().
3377 $this->getEffectiveGroups( true );
3378 $this->mRights = null;
3379
3380 $this->invalidateCache();
3381
3382 return true;
3383 }
3384
3385 /**
3386 * Get whether the user is logged in
3387 * @return bool
3388 */
3389 public function isLoggedIn() {
3390 return $this->getId() != 0;
3391 }
3392
3393 /**
3394 * Get whether the user is anonymous
3395 * @return bool
3396 */
3397 public function isAnon() {
3398 return !$this->isLoggedIn();
3399 }
3400
3401 /**
3402 * @return bool Whether this user is flagged as being a bot role account
3403 * @since 1.28
3404 */
3405 public function isBot() {
3406 if ( in_array( 'bot', $this->getGroups() ) && $this->isAllowed( 'bot' ) ) {
3407 return true;
3408 }
3409
3410 $isBot = false;
3411 Hooks::run( "UserIsBot", [ $this, &$isBot ] );
3412
3413 return $isBot;
3414 }
3415
3416 /**
3417 * Check if user is allowed to access a feature / make an action
3418 *
3419 * @param string ... Permissions to test
3420 * @return bool True if user is allowed to perform *any* of the given actions
3421 */
3422 public function isAllowedAny() {
3423 $permissions = func_get_args();
3424 foreach ( $permissions as $permission ) {
3425 if ( $this->isAllowed( $permission ) ) {
3426 return true;
3427 }
3428 }
3429 return false;
3430 }
3431
3432 /**
3433 *
3434 * @param string ... Permissions to test
3435 * @return bool True if the user is allowed to perform *all* of the given actions
3436 */
3437 public function isAllowedAll() {
3438 $permissions = func_get_args();
3439 foreach ( $permissions as $permission ) {
3440 if ( !$this->isAllowed( $permission ) ) {
3441 return false;
3442 }
3443 }
3444 return true;
3445 }
3446
3447 /**
3448 * Internal mechanics of testing a permission
3449 * @param string $action
3450 * @return bool
3451 */
3452 public function isAllowed( $action = '' ) {
3453 if ( $action === '' ) {
3454 return true; // In the spirit of DWIM
3455 }
3456 // Use strict parameter to avoid matching numeric 0 accidentally inserted
3457 // by misconfiguration: 0 == 'foo'
3458 return in_array( $action, $this->getRights(), true );
3459 }
3460
3461 /**
3462 * Check whether to enable recent changes patrol features for this user
3463 * @return bool True or false
3464 */
3465 public function useRCPatrol() {
3466 global $wgUseRCPatrol;
3467 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
3468 }
3469
3470 /**
3471 * Check whether to enable new pages patrol features for this user
3472 * @return bool True or false
3473 */
3474 public function useNPPatrol() {
3475 global $wgUseRCPatrol, $wgUseNPPatrol;
3476 return (
3477 ( $wgUseRCPatrol || $wgUseNPPatrol )
3478 && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3479 );
3480 }
3481
3482 /**
3483 * Check whether to enable new files patrol features for this user
3484 * @return bool True or false
3485 */
3486 public function useFilePatrol() {
3487 global $wgUseRCPatrol, $wgUseFilePatrol;
3488 return (
3489 ( $wgUseRCPatrol || $wgUseFilePatrol )
3490 && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3491 );
3492 }
3493
3494 /**
3495 * Get the WebRequest object to use with this object
3496 *
3497 * @return WebRequest
3498 */
3499 public function getRequest() {
3500 if ( $this->mRequest ) {
3501 return $this->mRequest;
3502 } else {
3503 global $wgRequest;
3504 return $wgRequest;
3505 }
3506 }
3507
3508 /**
3509 * Check the watched status of an article.
3510 * @since 1.22 $checkRights parameter added
3511 * @param Title $title Title of the article to look at
3512 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3513 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3514 * @return bool
3515 */
3516 public function isWatched( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3517 if ( $title->isWatchable() && ( !$checkRights || $this->isAllowed( 'viewmywatchlist' ) ) ) {
3518 return MediaWikiServices::getInstance()->getWatchedItemStore()->isWatched( $this, $title );
3519 }
3520 return false;
3521 }
3522
3523 /**
3524 * Watch an article.
3525 * @since 1.22 $checkRights parameter added
3526 * @param Title $title Title of the article to look at
3527 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3528 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3529 */
3530 public function addWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3531 if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3532 MediaWikiServices::getInstance()->getWatchedItemStore()->addWatchBatchForUser(
3533 $this,
3534 [ $title->getSubjectPage(), $title->getTalkPage() ]
3535 );
3536 }
3537 $this->invalidateCache();
3538 }
3539
3540 /**
3541 * Stop watching an article.
3542 * @since 1.22 $checkRights parameter added
3543 * @param Title $title Title of the article to look at
3544 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3545 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3546 */
3547 public function removeWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3548 if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3549 $store = MediaWikiServices::getInstance()->getWatchedItemStore();
3550 $store->removeWatch( $this, $title->getSubjectPage() );
3551 $store->removeWatch( $this, $title->getTalkPage() );
3552 }
3553 $this->invalidateCache();
3554 }
3555
3556 /**
3557 * Clear the user's notification timestamp for the given title.
3558 * If e-notif e-mails are on, they will receive notification mails on
3559 * the next change of the page if it's watched etc.
3560 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
3561 * @param Title $title Title of the article to look at
3562 * @param int $oldid The revision id being viewed. If not given or 0, latest revision is assumed.
3563 */
3564 public function clearNotification( &$title, $oldid = 0 ) {
3565 global $wgUseEnotif, $wgShowUpdatedMarker;
3566
3567 // Do nothing if the database is locked to writes
3568 if ( wfReadOnly() ) {
3569 return;
3570 }
3571
3572 // Do nothing if not allowed to edit the watchlist
3573 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3574 return;
3575 }
3576
3577 // If we're working on user's talk page, we should update the talk page message indicator
3578 if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3579 if ( !Hooks::run( 'UserClearNewTalkNotification', [ &$this, $oldid ] ) ) {
3580 return;
3581 }
3582
3583 // Try to update the DB post-send and only if needed...
3584 DeferredUpdates::addCallableUpdate( function() use ( $title, $oldid ) {
3585 if ( !$this->getNewtalk() ) {
3586 return; // no notifications to clear
3587 }
3588
3589 // Delete the last notifications (they stack up)
3590 $this->setNewtalk( false );
3591
3592 // If there is a new, unseen, revision, use its timestamp
3593 $nextid = $oldid
3594 ? $title->getNextRevisionID( $oldid, Title::GAID_FOR_UPDATE )
3595 : null;
3596 if ( $nextid ) {
3597 $this->setNewtalk( true, Revision::newFromId( $nextid ) );
3598 }
3599 } );
3600 }
3601
3602 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3603 return;
3604 }
3605
3606 if ( $this->isAnon() ) {
3607 // Nothing else to do...
3608 return;
3609 }
3610
3611 // Only update the timestamp if the page is being watched.
3612 // The query to find out if it is watched is cached both in memcached and per-invocation,
3613 // and when it does have to be executed, it can be on a slave
3614 // If this is the user's newtalk page, we always update the timestamp
3615 $force = '';
3616 if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3617 $force = 'force';
3618 }
3619
3620 MediaWikiServices::getInstance()->getWatchedItemStore()
3621 ->resetNotificationTimestamp( $this, $title, $force, $oldid );
3622 }
3623
3624 /**
3625 * Resets all of the given user's page-change notification timestamps.
3626 * If e-notif e-mails are on, they will receive notification mails on
3627 * the next change of any watched page.
3628 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
3629 */
3630 public function clearAllNotifications() {
3631 if ( wfReadOnly() ) {
3632 return;
3633 }
3634
3635 // Do nothing if not allowed to edit the watchlist
3636 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3637 return;
3638 }
3639
3640 global $wgUseEnotif, $wgShowUpdatedMarker;
3641 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3642 $this->setNewtalk( false );
3643 return;
3644 }
3645 $id = $this->getId();
3646 if ( $id != 0 ) {
3647 $dbw = wfGetDB( DB_MASTER );
3648 $dbw->update( 'watchlist',
3649 [ /* SET */ 'wl_notificationtimestamp' => null ],
3650 [ /* WHERE */ 'wl_user' => $id, 'wl_notificationtimestamp IS NOT NULL' ],
3651 __METHOD__
3652 );
3653 // We also need to clear here the "you have new message" notification for the own user_talk page;
3654 // it's cleared one page view later in WikiPage::doViewUpdates().
3655 }
3656 }
3657
3658 /**
3659 * Set a cookie on the user's client. Wrapper for
3660 * WebResponse::setCookie
3661 * @deprecated since 1.27
3662 * @param string $name Name of the cookie to set
3663 * @param string $value Value to set
3664 * @param int $exp Expiration time, as a UNIX time value;
3665 * if 0 or not specified, use the default $wgCookieExpiration
3666 * @param bool $secure
3667 * true: Force setting the secure attribute when setting the cookie
3668 * false: Force NOT setting the secure attribute when setting the cookie
3669 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3670 * @param array $params Array of options sent passed to WebResponse::setcookie()
3671 * @param WebRequest|null $request WebRequest object to use; $wgRequest will be used if null
3672 * is passed.
3673 */
3674 protected function setCookie(
3675 $name, $value, $exp = 0, $secure = null, $params = [], $request = null
3676 ) {
3677 wfDeprecated( __METHOD__, '1.27' );
3678 if ( $request === null ) {
3679 $request = $this->getRequest();
3680 }
3681 $params['secure'] = $secure;
3682 $request->response()->setCookie( $name, $value, $exp, $params );
3683 }
3684
3685 /**
3686 * Clear a cookie on the user's client
3687 * @deprecated since 1.27
3688 * @param string $name Name of the cookie to clear
3689 * @param bool $secure
3690 * true: Force setting the secure attribute when setting the cookie
3691 * false: Force NOT setting the secure attribute when setting the cookie
3692 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3693 * @param array $params Array of options sent passed to WebResponse::setcookie()
3694 */
3695 protected function clearCookie( $name, $secure = null, $params = [] ) {
3696 wfDeprecated( __METHOD__, '1.27' );
3697 $this->setCookie( $name, '', time() - 86400, $secure, $params );
3698 }
3699
3700 /**
3701 * Set an extended login cookie on the user's client. The expiry of the cookie
3702 * is controlled by the $wgExtendedLoginCookieExpiration configuration
3703 * variable.
3704 *
3705 * @see User::setCookie
3706 *
3707 * @deprecated since 1.27
3708 * @param string $name Name of the cookie to set
3709 * @param string $value Value to set
3710 * @param bool $secure
3711 * true: Force setting the secure attribute when setting the cookie
3712 * false: Force NOT setting the secure attribute when setting the cookie
3713 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3714 */
3715 protected function setExtendedLoginCookie( $name, $value, $secure ) {
3716 global $wgExtendedLoginCookieExpiration, $wgCookieExpiration;
3717
3718 wfDeprecated( __METHOD__, '1.27' );
3719
3720 $exp = time();
3721 $exp += $wgExtendedLoginCookieExpiration !== null
3722 ? $wgExtendedLoginCookieExpiration
3723 : $wgCookieExpiration;
3724
3725 $this->setCookie( $name, $value, $exp, $secure );
3726 }
3727
3728 /**
3729 * Persist this user's session (e.g. set cookies)
3730 *
3731 * @param WebRequest|null $request WebRequest object to use; $wgRequest will be used if null
3732 * is passed.
3733 * @param bool $secure Whether to force secure/insecure cookies or use default
3734 * @param bool $rememberMe Whether to add a Token cookie for elongated sessions
3735 */
3736 public function setCookies( $request = null, $secure = null, $rememberMe = false ) {
3737 $this->load();
3738 if ( 0 == $this->mId ) {
3739 return;
3740 }
3741
3742 $session = $this->getRequest()->getSession();
3743 if ( $request && $session->getRequest() !== $request ) {
3744 $session = $session->sessionWithRequest( $request );
3745 }
3746 $delay = $session->delaySave();
3747
3748 if ( !$session->getUser()->equals( $this ) ) {
3749 if ( !$session->canSetUser() ) {
3750 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3751 ->warning( __METHOD__ .
3752 ": Cannot save user \"$this\" to a user \"{$session->getUser()}\"'s immutable session"
3753 );
3754 return;
3755 }
3756 $session->setUser( $this );
3757 }
3758
3759 $session->setRememberUser( $rememberMe );
3760 if ( $secure !== null ) {
3761 $session->setForceHTTPS( $secure );
3762 }
3763
3764 $session->persist();
3765
3766 ScopedCallback::consume( $delay );
3767 }
3768
3769 /**
3770 * Log this user out.
3771 */
3772 public function logout() {
3773 if ( Hooks::run( 'UserLogout', [ &$this ] ) ) {
3774 $this->doLogout();
3775 }
3776 }
3777
3778 /**
3779 * Clear the user's session, and reset the instance cache.
3780 * @see logout()
3781 */
3782 public function doLogout() {
3783 $session = $this->getRequest()->getSession();
3784 if ( !$session->canSetUser() ) {
3785 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3786 ->warning( __METHOD__ . ": Cannot log out of an immutable session" );
3787 } elseif ( !$session->getUser()->equals( $this ) ) {
3788 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3789 ->warning( __METHOD__ .
3790 ": Cannot log user \"$this\" out of a user \"{$session->getUser()}\"'s session"
3791 );
3792 // But we still may as well make this user object anon
3793 $this->clearInstanceCache( 'defaults' );
3794 } else {
3795 $this->clearInstanceCache( 'defaults' );
3796 $delay = $session->delaySave();
3797 $session->unpersist(); // Clear cookies (T127436)
3798 $session->setLoggedOutTimestamp( time() );
3799 $session->setUser( new User );
3800 $session->set( 'wsUserID', 0 ); // Other code expects this
3801 ScopedCallback::consume( $delay );
3802 }
3803 }
3804
3805 /**
3806 * Save this user's settings into the database.
3807 * @todo Only rarely do all these fields need to be set!
3808 */
3809 public function saveSettings() {
3810 if ( wfReadOnly() ) {
3811 // @TODO: caller should deal with this instead!
3812 // This should really just be an exception.
3813 MWExceptionHandler::logException( new DBExpectedError(
3814 null,
3815 "Could not update user with ID '{$this->mId}'; DB is read-only."
3816 ) );
3817 return;
3818 }
3819
3820 $this->load();
3821 if ( 0 == $this->mId ) {
3822 return; // anon
3823 }
3824
3825 // Get a new user_touched that is higher than the old one.
3826 // This will be used for a CAS check as a last-resort safety
3827 // check against race conditions and slave lag.
3828 $oldTouched = $this->mTouched;
3829 $newTouched = $this->newTouchedTimestamp();
3830
3831 $dbw = wfGetDB( DB_MASTER );
3832 $dbw->update( 'user',
3833 [ /* SET */
3834 'user_name' => $this->mName,
3835 'user_real_name' => $this->mRealName,
3836 'user_email' => $this->mEmail,
3837 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
3838 'user_touched' => $dbw->timestamp( $newTouched ),
3839 'user_token' => strval( $this->mToken ),
3840 'user_email_token' => $this->mEmailToken,
3841 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
3842 ], [ /* WHERE */
3843 'user_id' => $this->mId,
3844 'user_touched' => $dbw->timestamp( $oldTouched ) // CAS check
3845 ], __METHOD__
3846 );
3847
3848 if ( !$dbw->affectedRows() ) {
3849 // Maybe the problem was a missed cache update; clear it to be safe
3850 $this->clearSharedCache( 'refresh' );
3851 // User was changed in the meantime or loaded with stale data
3852 $from = ( $this->queryFlagsUsed & self::READ_LATEST ) ? 'master' : 'slave';
3853 throw new MWException(
3854 "CAS update failed on user_touched for user ID '{$this->mId}' (read from $from);" .
3855 " the version of the user to be saved is older than the current version."
3856 );
3857 }
3858
3859 $this->mTouched = $newTouched;
3860 $this->saveOptions();
3861
3862 Hooks::run( 'UserSaveSettings', [ $this ] );
3863 $this->clearSharedCache();
3864 $this->getUserPage()->invalidateCache();
3865 }
3866
3867 /**
3868 * If only this user's username is known, and it exists, return the user ID.
3869 *
3870 * @param int $flags Bitfield of User:READ_* constants; useful for existence checks
3871 * @return int
3872 */
3873 public function idForName( $flags = 0 ) {
3874 $s = trim( $this->getName() );
3875 if ( $s === '' ) {
3876 return 0;
3877 }
3878
3879 $db = ( ( $flags & self::READ_LATEST ) == self::READ_LATEST )
3880 ? wfGetDB( DB_MASTER )
3881 : wfGetDB( DB_SLAVE );
3882
3883 $options = ( ( $flags & self::READ_LOCKING ) == self::READ_LOCKING )
3884 ? [ 'LOCK IN SHARE MODE' ]
3885 : [];
3886
3887 $id = $db->selectField( 'user',
3888 'user_id', [ 'user_name' => $s ], __METHOD__, $options );
3889
3890 return (int)$id;
3891 }
3892
3893 /**
3894 * Add a user to the database, return the user object
3895 *
3896 * @param string $name Username to add
3897 * @param array $params Array of Strings Non-default parameters to save to
3898 * the database as user_* fields:
3899 * - email: The user's email address.
3900 * - email_authenticated: The email authentication timestamp.
3901 * - real_name: The user's real name.
3902 * - options: An associative array of non-default options.
3903 * - token: Random authentication token. Do not set.
3904 * - registration: Registration timestamp. Do not set.
3905 *
3906 * @return User|null User object, or null if the username already exists.
3907 */
3908 public static function createNew( $name, $params = [] ) {
3909 foreach ( [ 'password', 'newpassword', 'newpass_time', 'password_expires' ] as $field ) {
3910 if ( isset( $params[$field] ) ) {
3911 wfDeprecated( __METHOD__ . " with param '$field'", '1.27' );
3912 unset( $params[$field] );
3913 }
3914 }
3915
3916 $user = new User;
3917 $user->load();
3918 $user->setToken(); // init token
3919 if ( isset( $params['options'] ) ) {
3920 $user->mOptions = $params['options'] + (array)$user->mOptions;
3921 unset( $params['options'] );
3922 }
3923 $dbw = wfGetDB( DB_MASTER );
3924 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3925
3926 $noPass = PasswordFactory::newInvalidPassword()->toString();
3927
3928 $fields = [
3929 'user_id' => $seqVal,
3930 'user_name' => $name,
3931 'user_password' => $noPass,
3932 'user_newpassword' => $noPass,
3933 'user_email' => $user->mEmail,
3934 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
3935 'user_real_name' => $user->mRealName,
3936 'user_token' => strval( $user->mToken ),
3937 'user_registration' => $dbw->timestamp( $user->mRegistration ),
3938 'user_editcount' => 0,
3939 'user_touched' => $dbw->timestamp( $user->newTouchedTimestamp() ),
3940 ];
3941 foreach ( $params as $name => $value ) {
3942 $fields["user_$name"] = $value;
3943 }
3944 $dbw->insert( 'user', $fields, __METHOD__, [ 'IGNORE' ] );
3945 if ( $dbw->affectedRows() ) {
3946 $newUser = User::newFromId( $dbw->insertId() );
3947 } else {
3948 $newUser = null;
3949 }
3950 return $newUser;
3951 }
3952
3953 /**
3954 * Add this existing user object to the database. If the user already
3955 * exists, a fatal status object is returned, and the user object is
3956 * initialised with the data from the database.
3957 *
3958 * Previously, this function generated a DB error due to a key conflict
3959 * if the user already existed. Many extension callers use this function
3960 * in code along the lines of:
3961 *
3962 * $user = User::newFromName( $name );
3963 * if ( !$user->isLoggedIn() ) {
3964 * $user->addToDatabase();
3965 * }
3966 * // do something with $user...
3967 *
3968 * However, this was vulnerable to a race condition (bug 16020). By
3969 * initialising the user object if the user exists, we aim to support this
3970 * calling sequence as far as possible.
3971 *
3972 * Note that if the user exists, this function will acquire a write lock,
3973 * so it is still advisable to make the call conditional on isLoggedIn(),
3974 * and to commit the transaction after calling.
3975 *
3976 * @throws MWException
3977 * @return Status
3978 */
3979 public function addToDatabase() {
3980 $this->load();
3981 if ( !$this->mToken ) {
3982 $this->setToken(); // init token
3983 }
3984
3985 $this->mTouched = $this->newTouchedTimestamp();
3986
3987 $noPass = PasswordFactory::newInvalidPassword()->toString();
3988
3989 $dbw = wfGetDB( DB_MASTER );
3990 $inWrite = $dbw->writesOrCallbacksPending();
3991 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3992 $dbw->insert( 'user',
3993 [
3994 'user_id' => $seqVal,
3995 'user_name' => $this->mName,
3996 'user_password' => $noPass,
3997 'user_newpassword' => $noPass,
3998 'user_email' => $this->mEmail,
3999 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
4000 'user_real_name' => $this->mRealName,
4001 'user_token' => strval( $this->mToken ),
4002 'user_registration' => $dbw->timestamp( $this->mRegistration ),
4003 'user_editcount' => 0,
4004 'user_touched' => $dbw->timestamp( $this->mTouched ),
4005 ], __METHOD__,
4006 [ 'IGNORE' ]
4007 );
4008 if ( !$dbw->affectedRows() ) {
4009 // The queries below cannot happen in the same REPEATABLE-READ snapshot.
4010 // Handle this by COMMIT, if possible, or by LOCK IN SHARE MODE otherwise.
4011 if ( $inWrite ) {
4012 // Can't commit due to pending writes that may need atomicity.
4013 // This may cause some lock contention unlike the case below.
4014 $options = [ 'LOCK IN SHARE MODE' ];
4015 $flags = self::READ_LOCKING;
4016 } else {
4017 // Often, this case happens early in views before any writes when
4018 // using CentralAuth. It's should be OK to commit and break the snapshot.
4019 $dbw->commit( __METHOD__, 'flush' );
4020 $options = [];
4021 $flags = self::READ_LATEST;
4022 }
4023 $this->mId = $dbw->selectField( 'user', 'user_id',
4024 [ 'user_name' => $this->mName ], __METHOD__, $options );
4025 $loaded = false;
4026 if ( $this->mId ) {
4027 if ( $this->loadFromDatabase( $flags ) ) {
4028 $loaded = true;
4029 }
4030 }
4031 if ( !$loaded ) {
4032 throw new MWException( __METHOD__ . ": hit a key conflict attempting " .
4033 "to insert user '{$this->mName}' row, but it was not present in select!" );
4034 }
4035 return Status::newFatal( 'userexists' );
4036 }
4037 $this->mId = $dbw->insertId();
4038 self::$idCacheByName[$this->mName] = $this->mId;
4039
4040 // Clear instance cache other than user table data, which is already accurate
4041 $this->clearInstanceCache();
4042
4043 $this->saveOptions();
4044 return Status::newGood();
4045 }
4046
4047 /**
4048 * If this user is logged-in and blocked,
4049 * block any IP address they've successfully logged in from.
4050 * @return bool A block was spread
4051 */
4052 public function spreadAnyEditBlock() {
4053 if ( $this->isLoggedIn() && $this->isBlocked() ) {
4054 return $this->spreadBlock();
4055 }
4056
4057 return false;
4058 }
4059
4060 /**
4061 * If this (non-anonymous) user is blocked,
4062 * block the IP address they've successfully logged in from.
4063 * @return bool A block was spread
4064 */
4065 protected function spreadBlock() {
4066 wfDebug( __METHOD__ . "()\n" );
4067 $this->load();
4068 if ( $this->mId == 0 ) {
4069 return false;
4070 }
4071
4072 $userblock = Block::newFromTarget( $this->getName() );
4073 if ( !$userblock ) {
4074 return false;
4075 }
4076
4077 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
4078 }
4079
4080 /**
4081 * Get whether the user is explicitly blocked from account creation.
4082 * @return bool|Block
4083 */
4084 public function isBlockedFromCreateAccount() {
4085 $this->getBlockedStatus();
4086 if ( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ) {
4087 return $this->mBlock;
4088 }
4089
4090 # bug 13611: if the IP address the user is trying to create an account from is
4091 # blocked with createaccount disabled, prevent new account creation there even
4092 # when the user is logged in
4093 if ( $this->mBlockedFromCreateAccount === false && !$this->isAllowed( 'ipblock-exempt' ) ) {
4094 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
4095 }
4096 return $this->mBlockedFromCreateAccount instanceof Block
4097 && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
4098 ? $this->mBlockedFromCreateAccount
4099 : false;
4100 }
4101
4102 /**
4103 * Get whether the user is blocked from using Special:Emailuser.
4104 * @return bool
4105 */
4106 public function isBlockedFromEmailuser() {
4107 $this->getBlockedStatus();
4108 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
4109 }
4110
4111 /**
4112 * Get whether the user is allowed to create an account.
4113 * @return bool
4114 */
4115 public function isAllowedToCreateAccount() {
4116 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
4117 }
4118
4119 /**
4120 * Get this user's personal page title.
4121 *
4122 * @return Title User's personal page title
4123 */
4124 public function getUserPage() {
4125 return Title::makeTitle( NS_USER, $this->getName() );
4126 }
4127
4128 /**
4129 * Get this user's talk page title.
4130 *
4131 * @return Title User's talk page title
4132 */
4133 public function getTalkPage() {
4134 $title = $this->getUserPage();
4135 return $title->getTalkPage();
4136 }
4137
4138 /**
4139 * Determine whether the user is a newbie. Newbies are either
4140 * anonymous IPs, or the most recently created accounts.
4141 * @return bool
4142 */
4143 public function isNewbie() {
4144 return !$this->isAllowed( 'autoconfirmed' );
4145 }
4146
4147 /**
4148 * Check to see if the given clear-text password is one of the accepted passwords
4149 * @deprecated since 1.27. AuthManager is coming.
4150 * @param string $password User password
4151 * @return bool True if the given password is correct, otherwise False
4152 */
4153 public function checkPassword( $password ) {
4154 global $wgAuth, $wgLegacyEncoding;
4155
4156 $this->load();
4157
4158 // Some passwords will give a fatal Status, which means there is
4159 // some sort of technical or security reason for this password to
4160 // be completely invalid and should never be checked (e.g., T64685)
4161 if ( !$this->checkPasswordValidity( $password )->isOK() ) {
4162 return false;
4163 }
4164
4165 // Certain authentication plugins do NOT want to save
4166 // domain passwords in a mysql database, so we should
4167 // check this (in case $wgAuth->strict() is false).
4168 if ( $wgAuth->authenticate( $this->getName(), $password ) ) {
4169 return true;
4170 } elseif ( $wgAuth->strict() ) {
4171 // Auth plugin doesn't allow local authentication
4172 return false;
4173 } elseif ( $wgAuth->strictUserAuth( $this->getName() ) ) {
4174 // Auth plugin doesn't allow local authentication for this user name
4175 return false;
4176 }
4177
4178 $passwordFactory = new PasswordFactory();
4179 $passwordFactory->init( RequestContext::getMain()->getConfig() );
4180 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
4181 ? wfGetDB( DB_MASTER )
4182 : wfGetDB( DB_SLAVE );
4183
4184 try {
4185 $mPassword = $passwordFactory->newFromCiphertext( $db->selectField(
4186 'user', 'user_password', [ 'user_id' => $this->getId() ], __METHOD__
4187 ) );
4188 } catch ( PasswordError $e ) {
4189 wfDebug( 'Invalid password hash found in database.' );
4190 $mPassword = PasswordFactory::newInvalidPassword();
4191 }
4192
4193 if ( !$mPassword->equals( $password ) ) {
4194 if ( $wgLegacyEncoding ) {
4195 // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
4196 // Check for this with iconv
4197 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
4198 if ( $cp1252Password === $password || !$mPassword->equals( $cp1252Password ) ) {
4199 return false;
4200 }
4201 } else {
4202 return false;
4203 }
4204 }
4205
4206 if ( $passwordFactory->needsUpdate( $mPassword ) && !wfReadOnly() ) {
4207 $this->setPasswordInternal( $password );
4208 }
4209
4210 return true;
4211 }
4212
4213 /**
4214 * Check if the given clear-text password matches the temporary password
4215 * sent by e-mail for password reset operations.
4216 *
4217 * @deprecated since 1.27. AuthManager is coming.
4218 * @param string $plaintext
4219 * @return bool True if matches, false otherwise
4220 */
4221 public function checkTemporaryPassword( $plaintext ) {
4222 global $wgNewPasswordExpiry;
4223
4224 $this->load();
4225
4226 $passwordFactory = new PasswordFactory();
4227 $passwordFactory->init( RequestContext::getMain()->getConfig() );
4228 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
4229 ? wfGetDB( DB_MASTER )
4230 : wfGetDB( DB_SLAVE );
4231
4232 $row = $db->selectRow(
4233 'user',
4234 [ 'user_newpassword', 'user_newpass_time' ],
4235 [ 'user_id' => $this->getId() ],
4236 __METHOD__
4237 );
4238 try {
4239 $newPassword = $passwordFactory->newFromCiphertext( $row->user_newpassword );
4240 } catch ( PasswordError $e ) {
4241 wfDebug( 'Invalid password hash found in database.' );
4242 $newPassword = PasswordFactory::newInvalidPassword();
4243 }
4244
4245 if ( $newPassword->equals( $plaintext ) ) {
4246 if ( is_null( $row->user_newpass_time ) ) {
4247 return true;
4248 }
4249 $expiry = wfTimestamp( TS_UNIX, $row->user_newpass_time ) + $wgNewPasswordExpiry;
4250 return ( time() < $expiry );
4251 } else {
4252 return false;
4253 }
4254 }
4255
4256 /**
4257 * Initialize (if necessary) and return a session token value
4258 * which can be used in edit forms to show that the user's
4259 * login credentials aren't being hijacked with a foreign form
4260 * submission.
4261 *
4262 * @since 1.27
4263 * @param string|array $salt Array of Strings Optional function-specific data for hashing
4264 * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest
4265 * @return MediaWiki\Session\Token The new edit token
4266 */
4267 public function getEditTokenObject( $salt = '', $request = null ) {
4268 if ( $this->isAnon() ) {
4269 return new LoggedOutEditToken();
4270 }
4271
4272 if ( !$request ) {
4273 $request = $this->getRequest();
4274 }
4275 return $request->getSession()->getToken( $salt );
4276 }
4277
4278 /**
4279 * Initialize (if necessary) and return a session token value
4280 * which can be used in edit forms to show that the user's
4281 * login credentials aren't being hijacked with a foreign form
4282 * submission.
4283 *
4284 * @since 1.19
4285 * @param string|array $salt Array of Strings Optional function-specific data for hashing
4286 * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest
4287 * @return string The new edit token
4288 */
4289 public function getEditToken( $salt = '', $request = null ) {
4290 return $this->getEditTokenObject( $salt, $request )->toString();
4291 }
4292
4293 /**
4294 * Get the embedded timestamp from a token.
4295 * @deprecated since 1.27, use \MediaWiki\Session\Token::getTimestamp instead.
4296 * @param string $val Input token
4297 * @return int|null
4298 */
4299 public static function getEditTokenTimestamp( $val ) {
4300 wfDeprecated( __METHOD__, '1.27' );
4301 return MediaWiki\Session\Token::getTimestamp( $val );
4302 }
4303
4304 /**
4305 * Check given value against the token value stored in the session.
4306 * A match should confirm that the form was submitted from the
4307 * user's own login session, not a form submission from a third-party
4308 * site.
4309 *
4310 * @param string $val Input value to compare
4311 * @param string $salt Optional function-specific data for hashing
4312 * @param WebRequest|null $request Object to use or null to use $wgRequest
4313 * @param int $maxage Fail tokens older than this, in seconds
4314 * @return bool Whether the token matches
4315 */
4316 public function matchEditToken( $val, $salt = '', $request = null, $maxage = null ) {
4317 return $this->getEditTokenObject( $salt, $request )->match( $val, $maxage );
4318 }
4319
4320 /**
4321 * Check given value against the token value stored in the session,
4322 * ignoring the suffix.
4323 *
4324 * @param string $val Input value to compare
4325 * @param string $salt Optional function-specific data for hashing
4326 * @param WebRequest|null $request Object to use or null to use $wgRequest
4327 * @param int $maxage Fail tokens older than this, in seconds
4328 * @return bool Whether the token matches
4329 */
4330 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null, $maxage = null ) {
4331 $val = substr( $val, 0, strspn( $val, '0123456789abcdef' ) ) . Token::SUFFIX;
4332 return $this->matchEditToken( $val, $salt, $request, $maxage );
4333 }
4334
4335 /**
4336 * Generate a new e-mail confirmation token and send a confirmation/invalidation
4337 * mail to the user's given address.
4338 *
4339 * @param string $type Message to send, either "created", "changed" or "set"
4340 * @return Status
4341 */
4342 public function sendConfirmationMail( $type = 'created' ) {
4343 global $wgLang;
4344 $expiration = null; // gets passed-by-ref and defined in next line.
4345 $token = $this->confirmationToken( $expiration );
4346 $url = $this->confirmationTokenUrl( $token );
4347 $invalidateURL = $this->invalidationTokenUrl( $token );
4348 $this->saveSettings();
4349
4350 if ( $type == 'created' || $type === false ) {
4351 $message = 'confirmemail_body';
4352 } elseif ( $type === true ) {
4353 $message = 'confirmemail_body_changed';
4354 } else {
4355 // Messages: confirmemail_body_changed, confirmemail_body_set
4356 $message = 'confirmemail_body_' . $type;
4357 }
4358
4359 return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
4360 wfMessage( $message,
4361 $this->getRequest()->getIP(),
4362 $this->getName(),
4363 $url,
4364 $wgLang->userTimeAndDate( $expiration, $this ),
4365 $invalidateURL,
4366 $wgLang->userDate( $expiration, $this ),
4367 $wgLang->userTime( $expiration, $this ) )->text() );
4368 }
4369
4370 /**
4371 * Send an e-mail to this user's account. Does not check for
4372 * confirmed status or validity.
4373 *
4374 * @param string $subject Message subject
4375 * @param string $body Message body
4376 * @param User|null $from Optional sending user; if unspecified, default
4377 * $wgPasswordSender will be used.
4378 * @param string $replyto Reply-To address
4379 * @return Status
4380 */
4381 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
4382 global $wgPasswordSender;
4383
4384 if ( $from instanceof User ) {
4385 $sender = MailAddress::newFromUser( $from );
4386 } else {
4387 $sender = new MailAddress( $wgPasswordSender,
4388 wfMessage( 'emailsender' )->inContentLanguage()->text() );
4389 }
4390 $to = MailAddress::newFromUser( $this );
4391
4392 return UserMailer::send( $to, $sender, $subject, $body, [
4393 'replyTo' => $replyto,
4394 ] );
4395 }
4396
4397 /**
4398 * Generate, store, and return a new e-mail confirmation code.
4399 * A hash (unsalted, since it's used as a key) is stored.
4400 *
4401 * @note Call saveSettings() after calling this function to commit
4402 * this change to the database.
4403 *
4404 * @param string &$expiration Accepts the expiration time
4405 * @return string New token
4406 */
4407 protected function confirmationToken( &$expiration ) {
4408 global $wgUserEmailConfirmationTokenExpiry;
4409 $now = time();
4410 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
4411 $expiration = wfTimestamp( TS_MW, $expires );
4412 $this->load();
4413 $token = MWCryptRand::generateHex( 32 );
4414 $hash = md5( $token );
4415 $this->mEmailToken = $hash;
4416 $this->mEmailTokenExpires = $expiration;
4417 return $token;
4418 }
4419
4420 /**
4421 * Return a URL the user can use to confirm their email address.
4422 * @param string $token Accepts the email confirmation token
4423 * @return string New token URL
4424 */
4425 protected function confirmationTokenUrl( $token ) {
4426 return $this->getTokenUrl( 'ConfirmEmail', $token );
4427 }
4428
4429 /**
4430 * Return a URL the user can use to invalidate their email address.
4431 * @param string $token Accepts the email confirmation token
4432 * @return string New token URL
4433 */
4434 protected function invalidationTokenUrl( $token ) {
4435 return $this->getTokenUrl( 'InvalidateEmail', $token );
4436 }
4437
4438 /**
4439 * Internal function to format the e-mail validation/invalidation URLs.
4440 * This uses a quickie hack to use the
4441 * hardcoded English names of the Special: pages, for ASCII safety.
4442 *
4443 * @note Since these URLs get dropped directly into emails, using the
4444 * short English names avoids insanely long URL-encoded links, which
4445 * also sometimes can get corrupted in some browsers/mailers
4446 * (bug 6957 with Gmail and Internet Explorer).
4447 *
4448 * @param string $page Special page
4449 * @param string $token Token
4450 * @return string Formatted URL
4451 */
4452 protected function getTokenUrl( $page, $token ) {
4453 // Hack to bypass localization of 'Special:'
4454 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
4455 return $title->getCanonicalURL();
4456 }
4457
4458 /**
4459 * Mark the e-mail address confirmed.
4460 *
4461 * @note Call saveSettings() after calling this function to commit the change.
4462 *
4463 * @return bool
4464 */
4465 public function confirmEmail() {
4466 // Check if it's already confirmed, so we don't touch the database
4467 // and fire the ConfirmEmailComplete hook on redundant confirmations.
4468 if ( !$this->isEmailConfirmed() ) {
4469 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
4470 Hooks::run( 'ConfirmEmailComplete', [ $this ] );
4471 }
4472 return true;
4473 }
4474
4475 /**
4476 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
4477 * address if it was already confirmed.
4478 *
4479 * @note Call saveSettings() after calling this function to commit the change.
4480 * @return bool Returns true
4481 */
4482 public function invalidateEmail() {
4483 $this->load();
4484 $this->mEmailToken = null;
4485 $this->mEmailTokenExpires = null;
4486 $this->setEmailAuthenticationTimestamp( null );
4487 $this->mEmail = '';
4488 Hooks::run( 'InvalidateEmailComplete', [ $this ] );
4489 return true;
4490 }
4491
4492 /**
4493 * Set the e-mail authentication timestamp.
4494 * @param string $timestamp TS_MW timestamp
4495 */
4496 public function setEmailAuthenticationTimestamp( $timestamp ) {
4497 $this->load();
4498 $this->mEmailAuthenticated = $timestamp;
4499 Hooks::run( 'UserSetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
4500 }
4501
4502 /**
4503 * Is this user allowed to send e-mails within limits of current
4504 * site configuration?
4505 * @return bool
4506 */
4507 public function canSendEmail() {
4508 global $wgEnableEmail, $wgEnableUserEmail;
4509 if ( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
4510 return false;
4511 }
4512 $canSend = $this->isEmailConfirmed();
4513 Hooks::run( 'UserCanSendEmail', [ &$this, &$canSend ] );
4514 return $canSend;
4515 }
4516
4517 /**
4518 * Is this user allowed to receive e-mails within limits of current
4519 * site configuration?
4520 * @return bool
4521 */
4522 public function canReceiveEmail() {
4523 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
4524 }
4525
4526 /**
4527 * Is this user's e-mail address valid-looking and confirmed within
4528 * limits of the current site configuration?
4529 *
4530 * @note If $wgEmailAuthentication is on, this may require the user to have
4531 * confirmed their address by returning a code or using a password
4532 * sent to the address from the wiki.
4533 *
4534 * @return bool
4535 */
4536 public function isEmailConfirmed() {
4537 global $wgEmailAuthentication;
4538 $this->load();
4539 $confirmed = true;
4540 if ( Hooks::run( 'EmailConfirmed', [ &$this, &$confirmed ] ) ) {
4541 if ( $this->isAnon() ) {
4542 return false;
4543 }
4544 if ( !Sanitizer::validateEmail( $this->mEmail ) ) {
4545 return false;
4546 }
4547 if ( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
4548 return false;
4549 }
4550 return true;
4551 } else {
4552 return $confirmed;
4553 }
4554 }
4555
4556 /**
4557 * Check whether there is an outstanding request for e-mail confirmation.
4558 * @return bool
4559 */
4560 public function isEmailConfirmationPending() {
4561 global $wgEmailAuthentication;
4562 return $wgEmailAuthentication &&
4563 !$this->isEmailConfirmed() &&
4564 $this->mEmailToken &&
4565 $this->mEmailTokenExpires > wfTimestamp();
4566 }
4567
4568 /**
4569 * Get the timestamp of account creation.
4570 *
4571 * @return string|bool|null Timestamp of account creation, false for
4572 * non-existent/anonymous user accounts, or null if existing account
4573 * but information is not in database.
4574 */
4575 public function getRegistration() {
4576 if ( $this->isAnon() ) {
4577 return false;
4578 }
4579 $this->load();
4580 return $this->mRegistration;
4581 }
4582
4583 /**
4584 * Get the timestamp of the first edit
4585 *
4586 * @return string|bool Timestamp of first edit, or false for
4587 * non-existent/anonymous user accounts.
4588 */
4589 public function getFirstEditTimestamp() {
4590 if ( $this->getId() == 0 ) {
4591 return false; // anons
4592 }
4593 $dbr = wfGetDB( DB_SLAVE );
4594 $time = $dbr->selectField( 'revision', 'rev_timestamp',
4595 [ 'rev_user' => $this->getId() ],
4596 __METHOD__,
4597 [ 'ORDER BY' => 'rev_timestamp ASC' ]
4598 );
4599 if ( !$time ) {
4600 return false; // no edits
4601 }
4602 return wfTimestamp( TS_MW, $time );
4603 }
4604
4605 /**
4606 * Get the permissions associated with a given list of groups
4607 *
4608 * @param array $groups Array of Strings List of internal group names
4609 * @return array Array of Strings List of permission key names for given groups combined
4610 */
4611 public static function getGroupPermissions( $groups ) {
4612 global $wgGroupPermissions, $wgRevokePermissions;
4613 $rights = [];
4614 // grant every granted permission first
4615 foreach ( $groups as $group ) {
4616 if ( isset( $wgGroupPermissions[$group] ) ) {
4617 $rights = array_merge( $rights,
4618 // array_filter removes empty items
4619 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
4620 }
4621 }
4622 // now revoke the revoked permissions
4623 foreach ( $groups as $group ) {
4624 if ( isset( $wgRevokePermissions[$group] ) ) {
4625 $rights = array_diff( $rights,
4626 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
4627 }
4628 }
4629 return array_unique( $rights );
4630 }
4631
4632 /**
4633 * Get all the groups who have a given permission
4634 *
4635 * @param string $role Role to check
4636 * @return array Array of Strings List of internal group names with the given permission
4637 */
4638 public static function getGroupsWithPermission( $role ) {
4639 global $wgGroupPermissions;
4640 $allowedGroups = [];
4641 foreach ( array_keys( $wgGroupPermissions ) as $group ) {
4642 if ( self::groupHasPermission( $group, $role ) ) {
4643 $allowedGroups[] = $group;
4644 }
4645 }
4646 return $allowedGroups;
4647 }
4648
4649 /**
4650 * Check, if the given group has the given permission
4651 *
4652 * If you're wanting to check whether all users have a permission, use
4653 * User::isEveryoneAllowed() instead. That properly checks if it's revoked
4654 * from anyone.
4655 *
4656 * @since 1.21
4657 * @param string $group Group to check
4658 * @param string $role Role to check
4659 * @return bool
4660 */
4661 public static function groupHasPermission( $group, $role ) {
4662 global $wgGroupPermissions, $wgRevokePermissions;
4663 return isset( $wgGroupPermissions[$group][$role] ) && $wgGroupPermissions[$group][$role]
4664 && !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
4665 }
4666
4667 /**
4668 * Check if all users may be assumed to have the given permission
4669 *
4670 * We generally assume so if the right is granted to '*' and isn't revoked
4671 * on any group. It doesn't attempt to take grants or other extension
4672 * limitations on rights into account in the general case, though, as that
4673 * would require it to always return false and defeat the purpose.
4674 * Specifically, session-based rights restrictions (such as OAuth or bot
4675 * passwords) are applied based on the current session.
4676 *
4677 * @since 1.22
4678 * @param string $right Right to check
4679 * @return bool
4680 */
4681 public static function isEveryoneAllowed( $right ) {
4682 global $wgGroupPermissions, $wgRevokePermissions;
4683 static $cache = [];
4684
4685 // Use the cached results, except in unit tests which rely on
4686 // being able change the permission mid-request
4687 if ( isset( $cache[$right] ) && !defined( 'MW_PHPUNIT_TEST' ) ) {
4688 return $cache[$right];
4689 }
4690
4691 if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
4692 $cache[$right] = false;
4693 return false;
4694 }
4695
4696 // If it's revoked anywhere, then everyone doesn't have it
4697 foreach ( $wgRevokePermissions as $rights ) {
4698 if ( isset( $rights[$right] ) && $rights[$right] ) {
4699 $cache[$right] = false;
4700 return false;
4701 }
4702 }
4703
4704 // Remove any rights that aren't allowed to the global-session user,
4705 // unless there are no sessions for this endpoint.
4706 if ( !defined( 'MW_NO_SESSION' ) ) {
4707 $allowedRights = SessionManager::getGlobalSession()->getAllowedUserRights();
4708 if ( $allowedRights !== null && !in_array( $right, $allowedRights, true ) ) {
4709 $cache[$right] = false;
4710 return false;
4711 }
4712 }
4713
4714 // Allow extensions to say false
4715 if ( !Hooks::run( 'UserIsEveryoneAllowed', [ $right ] ) ) {
4716 $cache[$right] = false;
4717 return false;
4718 }
4719
4720 $cache[$right] = true;
4721 return true;
4722 }
4723
4724 /**
4725 * Get the localized descriptive name for a group, if it exists
4726 *
4727 * @param string $group Internal group name
4728 * @return string Localized descriptive group name
4729 */
4730 public static function getGroupName( $group ) {
4731 $msg = wfMessage( "group-$group" );
4732 return $msg->isBlank() ? $group : $msg->text();
4733 }
4734
4735 /**
4736 * Get the localized descriptive name for a member of a group, if it exists
4737 *
4738 * @param string $group Internal group name
4739 * @param string $username Username for gender (since 1.19)
4740 * @return string Localized name for group member
4741 */
4742 public static function getGroupMember( $group, $username = '#' ) {
4743 $msg = wfMessage( "group-$group-member", $username );
4744 return $msg->isBlank() ? $group : $msg->text();
4745 }
4746
4747 /**
4748 * Return the set of defined explicit groups.
4749 * The implicit groups (by default *, 'user' and 'autoconfirmed')
4750 * are not included, as they are defined automatically, not in the database.
4751 * @return array Array of internal group names
4752 */
4753 public static function getAllGroups() {
4754 global $wgGroupPermissions, $wgRevokePermissions;
4755 return array_diff(
4756 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
4757 self::getImplicitGroups()
4758 );
4759 }
4760
4761 /**
4762 * Get a list of all available permissions.
4763 * @return string[] Array of permission names
4764 */
4765 public static function getAllRights() {
4766 if ( self::$mAllRights === false ) {
4767 global $wgAvailableRights;
4768 if ( count( $wgAvailableRights ) ) {
4769 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
4770 } else {
4771 self::$mAllRights = self::$mCoreRights;
4772 }
4773 Hooks::run( 'UserGetAllRights', [ &self::$mAllRights ] );
4774 }
4775 return self::$mAllRights;
4776 }
4777
4778 /**
4779 * Get a list of implicit groups
4780 * @return array Array of Strings Array of internal group names
4781 */
4782 public static function getImplicitGroups() {
4783 global $wgImplicitGroups;
4784
4785 $groups = $wgImplicitGroups;
4786 # Deprecated, use $wgImplicitGroups instead
4787 Hooks::run( 'UserGetImplicitGroups', [ &$groups ], '1.25' );
4788
4789 return $groups;
4790 }
4791
4792 /**
4793 * Get the title of a page describing a particular group
4794 *
4795 * @param string $group Internal group name
4796 * @return Title|bool Title of the page if it exists, false otherwise
4797 */
4798 public static function getGroupPage( $group ) {
4799 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
4800 if ( $msg->exists() ) {
4801 $title = Title::newFromText( $msg->text() );
4802 if ( is_object( $title ) ) {
4803 return $title;
4804 }
4805 }
4806 return false;
4807 }
4808
4809 /**
4810 * Create a link to the group in HTML, if available;
4811 * else return the group name.
4812 *
4813 * @param string $group Internal name of the group
4814 * @param string $text The text of the link
4815 * @return string HTML link to the group
4816 */
4817 public static function makeGroupLinkHTML( $group, $text = '' ) {
4818 if ( $text == '' ) {
4819 $text = self::getGroupName( $group );
4820 }
4821 $title = self::getGroupPage( $group );
4822 if ( $title ) {
4823 return Linker::link( $title, htmlspecialchars( $text ) );
4824 } else {
4825 return htmlspecialchars( $text );
4826 }
4827 }
4828
4829 /**
4830 * Create a link to the group in Wikitext, if available;
4831 * else return the group name.
4832 *
4833 * @param string $group Internal name of the group
4834 * @param string $text The text of the link
4835 * @return string Wikilink to the group
4836 */
4837 public static function makeGroupLinkWiki( $group, $text = '' ) {
4838 if ( $text == '' ) {
4839 $text = self::getGroupName( $group );
4840 }
4841 $title = self::getGroupPage( $group );
4842 if ( $title ) {
4843 $page = $title->getFullText();
4844 return "[[$page|$text]]";
4845 } else {
4846 return $text;
4847 }
4848 }
4849
4850 /**
4851 * Returns an array of the groups that a particular group can add/remove.
4852 *
4853 * @param string $group The group to check for whether it can add/remove
4854 * @return array Array( 'add' => array( addablegroups ),
4855 * 'remove' => array( removablegroups ),
4856 * 'add-self' => array( addablegroups to self),
4857 * 'remove-self' => array( removable groups from self) )
4858 */
4859 public static function changeableByGroup( $group ) {
4860 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
4861
4862 $groups = [
4863 'add' => [],
4864 'remove' => [],
4865 'add-self' => [],
4866 'remove-self' => []
4867 ];
4868
4869 if ( empty( $wgAddGroups[$group] ) ) {
4870 // Don't add anything to $groups
4871 } elseif ( $wgAddGroups[$group] === true ) {
4872 // You get everything
4873 $groups['add'] = self::getAllGroups();
4874 } elseif ( is_array( $wgAddGroups[$group] ) ) {
4875 $groups['add'] = $wgAddGroups[$group];
4876 }
4877
4878 // Same thing for remove
4879 if ( empty( $wgRemoveGroups[$group] ) ) {
4880 // Do nothing
4881 } elseif ( $wgRemoveGroups[$group] === true ) {
4882 $groups['remove'] = self::getAllGroups();
4883 } elseif ( is_array( $wgRemoveGroups[$group] ) ) {
4884 $groups['remove'] = $wgRemoveGroups[$group];
4885 }
4886
4887 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
4888 if ( empty( $wgGroupsAddToSelf['user'] ) || $wgGroupsAddToSelf['user'] !== true ) {
4889 foreach ( $wgGroupsAddToSelf as $key => $value ) {
4890 if ( is_int( $key ) ) {
4891 $wgGroupsAddToSelf['user'][] = $value;
4892 }
4893 }
4894 }
4895
4896 if ( empty( $wgGroupsRemoveFromSelf['user'] ) || $wgGroupsRemoveFromSelf['user'] !== true ) {
4897 foreach ( $wgGroupsRemoveFromSelf as $key => $value ) {
4898 if ( is_int( $key ) ) {
4899 $wgGroupsRemoveFromSelf['user'][] = $value;
4900 }
4901 }
4902 }
4903
4904 // Now figure out what groups the user can add to him/herself
4905 if ( empty( $wgGroupsAddToSelf[$group] ) ) {
4906 // Do nothing
4907 } elseif ( $wgGroupsAddToSelf[$group] === true ) {
4908 // No idea WHY this would be used, but it's there
4909 $groups['add-self'] = User::getAllGroups();
4910 } elseif ( is_array( $wgGroupsAddToSelf[$group] ) ) {
4911 $groups['add-self'] = $wgGroupsAddToSelf[$group];
4912 }
4913
4914 if ( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
4915 // Do nothing
4916 } elseif ( $wgGroupsRemoveFromSelf[$group] === true ) {
4917 $groups['remove-self'] = User::getAllGroups();
4918 } elseif ( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
4919 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
4920 }
4921
4922 return $groups;
4923 }
4924
4925 /**
4926 * Returns an array of groups that this user can add and remove
4927 * @return array Array( 'add' => array( addablegroups ),
4928 * 'remove' => array( removablegroups ),
4929 * 'add-self' => array( addablegroups to self),
4930 * 'remove-self' => array( removable groups from self) )
4931 */
4932 public function changeableGroups() {
4933 if ( $this->isAllowed( 'userrights' ) ) {
4934 // This group gives the right to modify everything (reverse-
4935 // compatibility with old "userrights lets you change
4936 // everything")
4937 // Using array_merge to make the groups reindexed
4938 $all = array_merge( User::getAllGroups() );
4939 return [
4940 'add' => $all,
4941 'remove' => $all,
4942 'add-self' => [],
4943 'remove-self' => []
4944 ];
4945 }
4946
4947 // Okay, it's not so simple, we will have to go through the arrays
4948 $groups = [
4949 'add' => [],
4950 'remove' => [],
4951 'add-self' => [],
4952 'remove-self' => []
4953 ];
4954 $addergroups = $this->getEffectiveGroups();
4955
4956 foreach ( $addergroups as $addergroup ) {
4957 $groups = array_merge_recursive(
4958 $groups, $this->changeableByGroup( $addergroup )
4959 );
4960 $groups['add'] = array_unique( $groups['add'] );
4961 $groups['remove'] = array_unique( $groups['remove'] );
4962 $groups['add-self'] = array_unique( $groups['add-self'] );
4963 $groups['remove-self'] = array_unique( $groups['remove-self'] );
4964 }
4965 return $groups;
4966 }
4967
4968 /**
4969 * Deferred version of incEditCountImmediate()
4970 */
4971 public function incEditCount() {
4972 wfGetDB( DB_MASTER )->onTransactionPreCommitOrIdle( function() {
4973 $this->incEditCountImmediate();
4974 } );
4975 }
4976
4977 /**
4978 * Increment the user's edit-count field.
4979 * Will have no effect for anonymous users.
4980 * @since 1.26
4981 */
4982 public function incEditCountImmediate() {
4983 if ( $this->isAnon() ) {
4984 return;
4985 }
4986
4987 $dbw = wfGetDB( DB_MASTER );
4988 // No rows will be "affected" if user_editcount is NULL
4989 $dbw->update(
4990 'user',
4991 [ 'user_editcount=user_editcount+1' ],
4992 [ 'user_id' => $this->getId(), 'user_editcount IS NOT NULL' ],
4993 __METHOD__
4994 );
4995 // Lazy initialization check...
4996 if ( $dbw->affectedRows() == 0 ) {
4997 // Now here's a goddamn hack...
4998 $dbr = wfGetDB( DB_SLAVE );
4999 if ( $dbr !== $dbw ) {
5000 // If we actually have a slave server, the count is
5001 // at least one behind because the current transaction
5002 // has not been committed and replicated.
5003 $this->initEditCount( 1 );
5004 } else {
5005 // But if DB_SLAVE is selecting the master, then the
5006 // count we just read includes the revision that was
5007 // just added in the working transaction.
5008 $this->initEditCount();
5009 }
5010 }
5011 // Edit count in user cache too
5012 $this->invalidateCache();
5013 }
5014
5015 /**
5016 * Initialize user_editcount from data out of the revision table
5017 *
5018 * @param int $add Edits to add to the count from the revision table
5019 * @return int Number of edits
5020 */
5021 protected function initEditCount( $add = 0 ) {
5022 // Pull from a slave to be less cruel to servers
5023 // Accuracy isn't the point anyway here
5024 $dbr = wfGetDB( DB_SLAVE );
5025 $count = (int)$dbr->selectField(
5026 'revision',
5027 'COUNT(rev_user)',
5028 [ 'rev_user' => $this->getId() ],
5029 __METHOD__
5030 );
5031 $count = $count + $add;
5032
5033 $dbw = wfGetDB( DB_MASTER );
5034 $dbw->update(
5035 'user',
5036 [ 'user_editcount' => $count ],
5037 [ 'user_id' => $this->getId() ],
5038 __METHOD__
5039 );
5040
5041 return $count;
5042 }
5043
5044 /**
5045 * Get the description of a given right
5046 *
5047 * @param string $right Right to query
5048 * @return string Localized description of the right
5049 */
5050 public static function getRightDescription( $right ) {
5051 $key = "right-$right";
5052 $msg = wfMessage( $key );
5053 return $msg->isBlank() ? $right : $msg->text();
5054 }
5055
5056 /**
5057 * Make a new-style password hash
5058 *
5059 * @param string $password Plain-text password
5060 * @param bool|string $salt Optional salt, may be random or the user ID.
5061 * If unspecified or false, will generate one automatically
5062 * @return string Password hash
5063 * @deprecated since 1.24, use Password class
5064 */
5065 public static function crypt( $password, $salt = false ) {
5066 wfDeprecated( __METHOD__, '1.24' );
5067 $passwordFactory = new PasswordFactory();
5068 $passwordFactory->init( RequestContext::getMain()->getConfig() );
5069 $hash = $passwordFactory->newFromPlaintext( $password );
5070 return $hash->toString();
5071 }
5072
5073 /**
5074 * Compare a password hash with a plain-text password. Requires the user
5075 * ID if there's a chance that the hash is an old-style hash.
5076 *
5077 * @param string $hash Password hash
5078 * @param string $password Plain-text password to compare
5079 * @param string|bool $userId User ID for old-style password salt
5080 *
5081 * @return bool
5082 * @deprecated since 1.24, use Password class
5083 */
5084 public static function comparePasswords( $hash, $password, $userId = false ) {
5085 wfDeprecated( __METHOD__, '1.24' );
5086
5087 // Check for *really* old password hashes that don't even have a type
5088 // The old hash format was just an md5 hex hash, with no type information
5089 if ( preg_match( '/^[0-9a-f]{32}$/', $hash ) ) {
5090 global $wgPasswordSalt;
5091 if ( $wgPasswordSalt ) {
5092 $password = ":B:{$userId}:{$hash}";
5093 } else {
5094 $password = ":A:{$hash}";
5095 }
5096 }
5097
5098 $passwordFactory = new PasswordFactory();
5099 $passwordFactory->init( RequestContext::getMain()->getConfig() );
5100 $hash = $passwordFactory->newFromCiphertext( $hash );
5101 return $hash->equals( $password );
5102 }
5103
5104 /**
5105 * Add a newuser log entry for this user.
5106 * Before 1.19 the return value was always true.
5107 *
5108 * @param string|bool $action Account creation type.
5109 * - String, one of the following values:
5110 * - 'create' for an anonymous user creating an account for himself.
5111 * This will force the action's performer to be the created user itself,
5112 * no matter the value of $wgUser
5113 * - 'create2' for a logged in user creating an account for someone else
5114 * - 'byemail' when the created user will receive its password by e-mail
5115 * - 'autocreate' when the user is automatically created (such as by CentralAuth).
5116 * - Boolean means whether the account was created by e-mail (deprecated):
5117 * - true will be converted to 'byemail'
5118 * - false will be converted to 'create' if this object is the same as
5119 * $wgUser and to 'create2' otherwise
5120 *
5121 * @param string $reason User supplied reason
5122 *
5123 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
5124 */
5125 public function addNewUserLogEntry( $action = false, $reason = '' ) {
5126 global $wgUser, $wgNewUserLog;
5127 if ( empty( $wgNewUserLog ) ) {
5128 return true; // disabled
5129 }
5130
5131 if ( $action === true ) {
5132 $action = 'byemail';
5133 } elseif ( $action === false ) {
5134 if ( $this->equals( $wgUser ) ) {
5135 $action = 'create';
5136 } else {
5137 $action = 'create2';
5138 }
5139 }
5140
5141 if ( $action === 'create' || $action === 'autocreate' ) {
5142 $performer = $this;
5143 } else {
5144 $performer = $wgUser;
5145 }
5146
5147 $logEntry = new ManualLogEntry( 'newusers', $action );
5148 $logEntry->setPerformer( $performer );
5149 $logEntry->setTarget( $this->getUserPage() );
5150 $logEntry->setComment( $reason );
5151 $logEntry->setParameters( [
5152 '4::userid' => $this->getId(),
5153 ] );
5154 $logid = $logEntry->insert();
5155
5156 if ( $action !== 'autocreate' ) {
5157 $logEntry->publish( $logid );
5158 }
5159
5160 return (int)$logid;
5161 }
5162
5163 /**
5164 * Add an autocreate newuser log entry for this user
5165 * Used by things like CentralAuth and perhaps other authplugins.
5166 * Consider calling addNewUserLogEntry() directly instead.
5167 *
5168 * @return bool
5169 */
5170 public function addNewUserLogEntryAutoCreate() {
5171 $this->addNewUserLogEntry( 'autocreate' );
5172
5173 return true;
5174 }
5175
5176 /**
5177 * Load the user options either from cache, the database or an array
5178 *
5179 * @param array $data Rows for the current user out of the user_properties table
5180 */
5181 protected function loadOptions( $data = null ) {
5182 global $wgContLang;
5183
5184 $this->load();
5185
5186 if ( $this->mOptionsLoaded ) {
5187 return;
5188 }
5189
5190 $this->mOptions = self::getDefaultOptions();
5191
5192 if ( !$this->getId() ) {
5193 // For unlogged-in users, load language/variant options from request.
5194 // There's no need to do it for logged-in users: they can set preferences,
5195 // and handling of page content is done by $pageLang->getPreferredVariant() and such,
5196 // so don't override user's choice (especially when the user chooses site default).
5197 $variant = $wgContLang->getDefaultVariant();
5198 $this->mOptions['variant'] = $variant;
5199 $this->mOptions['language'] = $variant;
5200 $this->mOptionsLoaded = true;
5201 return;
5202 }
5203
5204 // Maybe load from the object
5205 if ( !is_null( $this->mOptionOverrides ) ) {
5206 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
5207 foreach ( $this->mOptionOverrides as $key => $value ) {
5208 $this->mOptions[$key] = $value;
5209 }
5210 } else {
5211 if ( !is_array( $data ) ) {
5212 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
5213 // Load from database
5214 $dbr = ( $this->queryFlagsUsed & self::READ_LATEST )
5215 ? wfGetDB( DB_MASTER )
5216 : wfGetDB( DB_SLAVE );
5217
5218 $res = $dbr->select(
5219 'user_properties',
5220 [ 'up_property', 'up_value' ],
5221 [ 'up_user' => $this->getId() ],
5222 __METHOD__
5223 );
5224
5225 $this->mOptionOverrides = [];
5226 $data = [];
5227 foreach ( $res as $row ) {
5228 $data[$row->up_property] = $row->up_value;
5229 }
5230 }
5231 foreach ( $data as $property => $value ) {
5232 $this->mOptionOverrides[$property] = $value;
5233 $this->mOptions[$property] = $value;
5234 }
5235 }
5236
5237 $this->mOptionsLoaded = true;
5238
5239 Hooks::run( 'UserLoadOptions', [ $this, &$this->mOptions ] );
5240 }
5241
5242 /**
5243 * Saves the non-default options for this user, as previously set e.g. via
5244 * setOption(), in the database's "user_properties" (preferences) table.
5245 * Usually used via saveSettings().
5246 */
5247 protected function saveOptions() {
5248 $this->loadOptions();
5249
5250 // Not using getOptions(), to keep hidden preferences in database
5251 $saveOptions = $this->mOptions;
5252
5253 // Allow hooks to abort, for instance to save to a global profile.
5254 // Reset options to default state before saving.
5255 if ( !Hooks::run( 'UserSaveOptions', [ $this, &$saveOptions ] ) ) {
5256 return;
5257 }
5258
5259 $userId = $this->getId();
5260
5261 $insert_rows = []; // all the new preference rows
5262 foreach ( $saveOptions as $key => $value ) {
5263 // Don't bother storing default values
5264 $defaultOption = self::getDefaultOption( $key );
5265 if ( ( $defaultOption === null && $value !== false && $value !== null )
5266 || $value != $defaultOption
5267 ) {
5268 $insert_rows[] = [
5269 'up_user' => $userId,
5270 'up_property' => $key,
5271 'up_value' => $value,
5272 ];
5273 }
5274 }
5275
5276 $dbw = wfGetDB( DB_MASTER );
5277
5278 $res = $dbw->select( 'user_properties',
5279 [ 'up_property', 'up_value' ], [ 'up_user' => $userId ], __METHOD__ );
5280
5281 // Find prior rows that need to be removed or updated. These rows will
5282 // all be deleted (the later so that INSERT IGNORE applies the new values).
5283 $keysDelete = [];
5284 foreach ( $res as $row ) {
5285 if ( !isset( $saveOptions[$row->up_property] )
5286 || strcmp( $saveOptions[$row->up_property], $row->up_value ) != 0
5287 ) {
5288 $keysDelete[] = $row->up_property;
5289 }
5290 }
5291
5292 if ( count( $keysDelete ) ) {
5293 // Do the DELETE by PRIMARY KEY for prior rows.
5294 // In the past a very large portion of calls to this function are for setting
5295 // 'rememberpassword' for new accounts (a preference that has since been removed).
5296 // Doing a blanket per-user DELETE for new accounts with no rows in the table
5297 // caused gap locks on [max user ID,+infinity) which caused high contention since
5298 // updates would pile up on each other as they are for higher (newer) user IDs.
5299 // It might not be necessary these days, but it shouldn't hurt either.
5300 $dbw->delete( 'user_properties',
5301 [ 'up_user' => $userId, 'up_property' => $keysDelete ], __METHOD__ );
5302 }
5303 // Insert the new preference rows
5304 $dbw->insert( 'user_properties', $insert_rows, __METHOD__, [ 'IGNORE' ] );
5305 }
5306
5307 /**
5308 * Lazily instantiate and return a factory object for making passwords
5309 *
5310 * @deprecated since 1.27, create a PasswordFactory directly instead
5311 * @return PasswordFactory
5312 */
5313 public static function getPasswordFactory() {
5314 wfDeprecated( __METHOD__, '1.27' );
5315 $ret = new PasswordFactory();
5316 $ret->init( RequestContext::getMain()->getConfig() );
5317 return $ret;
5318 }
5319
5320 /**
5321 * Provide an array of HTML5 attributes to put on an input element
5322 * intended for the user to enter a new password. This may include
5323 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
5324 *
5325 * Do *not* use this when asking the user to enter his current password!
5326 * Regardless of configuration, users may have invalid passwords for whatever
5327 * reason (e.g., they were set before requirements were tightened up).
5328 * Only use it when asking for a new password, like on account creation or
5329 * ResetPass.
5330 *
5331 * Obviously, you still need to do server-side checking.
5332 *
5333 * NOTE: A combination of bugs in various browsers means that this function
5334 * actually just returns array() unconditionally at the moment. May as
5335 * well keep it around for when the browser bugs get fixed, though.
5336 *
5337 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
5338 *
5339 * @deprecated since 1.27
5340 * @return array Array of HTML attributes suitable for feeding to
5341 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
5342 * That will get confused by the boolean attribute syntax used.)
5343 */
5344 public static function passwordChangeInputAttribs() {
5345 global $wgMinimalPasswordLength;
5346
5347 if ( $wgMinimalPasswordLength == 0 ) {
5348 return [];
5349 }
5350
5351 # Note that the pattern requirement will always be satisfied if the
5352 # input is empty, so we need required in all cases.
5353
5354 # @todo FIXME: Bug 23769: This needs to not claim the password is required
5355 # if e-mail confirmation is being used. Since HTML5 input validation
5356 # is b0rked anyway in some browsers, just return nothing. When it's
5357 # re-enabled, fix this code to not output required for e-mail
5358 # registration.
5359 # $ret = array( 'required' );
5360 $ret = [];
5361
5362 # We can't actually do this right now, because Opera 9.6 will print out
5363 # the entered password visibly in its error message! When other
5364 # browsers add support for this attribute, or Opera fixes its support,
5365 # we can add support with a version check to avoid doing this on Opera
5366 # versions where it will be a problem. Reported to Opera as
5367 # DSK-262266, but they don't have a public bug tracker for us to follow.
5368 /*
5369 if ( $wgMinimalPasswordLength > 1 ) {
5370 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
5371 $ret['title'] = wfMessage( 'passwordtooshort' )
5372 ->numParams( $wgMinimalPasswordLength )->text();
5373 }
5374 */
5375
5376 return $ret;
5377 }
5378
5379 /**
5380 * Return the list of user fields that should be selected to create
5381 * a new user object.
5382 * @return array
5383 */
5384 public static function selectFields() {
5385 return [
5386 'user_id',
5387 'user_name',
5388 'user_real_name',
5389 'user_email',
5390 'user_touched',
5391 'user_token',
5392 'user_email_authenticated',
5393 'user_email_token',
5394 'user_email_token_expires',
5395 'user_registration',
5396 'user_editcount',
5397 ];
5398 }
5399
5400 /**
5401 * Factory function for fatal permission-denied errors
5402 *
5403 * @since 1.22
5404 * @param string $permission User right required
5405 * @return Status
5406 */
5407 static function newFatalPermissionDeniedStatus( $permission ) {
5408 global $wgLang;
5409
5410 $groups = array_map(
5411 [ 'User', 'makeGroupLinkWiki' ],
5412 User::getGroupsWithPermission( $permission )
5413 );
5414
5415 if ( $groups ) {
5416 return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
5417 } else {
5418 return Status::newFatal( 'badaccess-group0' );
5419 }
5420 }
5421
5422 /**
5423 * Get a new instance of this user that was loaded from the master via a locking read
5424 *
5425 * Use this instead of the main context User when updating that user. This avoids races
5426 * where that user was loaded from a slave or even the master but without proper locks.
5427 *
5428 * @return User|null Returns null if the user was not found in the DB
5429 * @since 1.27
5430 */
5431 public function getInstanceForUpdate() {
5432 if ( !$this->getId() ) {
5433 return null; // anon
5434 }
5435
5436 $user = self::newFromId( $this->getId() );
5437 if ( !$user->loadFromId( self::READ_EXCLUSIVE ) ) {
5438 return null;
5439 }
5440
5441 return $user;
5442 }
5443
5444 /**
5445 * Checks if two user objects point to the same user.
5446 *
5447 * @since 1.25
5448 * @param User $user
5449 * @return bool
5450 */
5451 public function equals( User $user ) {
5452 return $this->getName() === $user->getName();
5453 }
5454 }
MediaWiki Core