search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't load all languages just to check whether message is known.
[mediawiki.git] / includes / User.php
blob4cf9482e846c84874d6270ddcf2973f21a11e6db
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
27 define( 'USER_TOKEN_LENGTH', 32 );
28
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
33 define( 'MW_USER_VERSION', 8 );
34
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
40
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
45 class PasswordError extends MWException {
46 // NOP
47 }
48
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
67
68 /**
69 * Array of Strings List of member variables which are saved to the
70 * shared cache (memcached). Any operation which changes the
71 * corresponding database fields must call a cache-clearing function.
72 * @showinitializer
73 */
74 static $mCacheVars = array(
75 // user table
76 'mId',
77 'mName',
78 'mRealName',
79 'mPassword',
80 'mNewpassword',
81 'mNewpassTime',
82 'mEmail',
83 'mTouched',
84 'mToken',
85 'mEmailAuthenticated',
86 'mEmailToken',
87 'mEmailTokenExpires',
88 'mRegistration',
89 'mEditCount',
90 // user_groups table
91 'mGroups',
92 // user_properties table
93 'mOptionOverrides',
94 );
95
96 /**
97 * Array of Strings Core rights.
98 * Each of these should have a corresponding message of the form
99 * "right-$right".
100 * @showinitializer
101 */
102 static $mCoreRights = array(
103 'apihighlimits',
104 'autoconfirmed',
105 'autopatrol',
106 'bigdelete',
107 'block',
108 'blockemail',
109 'bot',
110 'browsearchive',
111 'createaccount',
112 'createpage',
113 'createtalk',
114 'delete',
115 'deletedhistory',
116 'deletedtext',
117 'deleterevision',
118 'disableaccount',
119 'edit',
120 'editinterface',
121 'editusercssjs', #deprecated
122 'editusercss',
123 'edituserjs',
124 'hideuser',
125 'import',
126 'importupload',
127 'ipblock-exempt',
128 'markbotedits',
129 'mergehistory',
130 'minoredit',
131 'move',
132 'movefile',
133 'move-rootuserpages',
134 'move-subpages',
135 'nominornewtalk',
136 'noratelimit',
137 'override-export-depth',
138 'patrol',
139 'protect',
140 'proxyunbannable',
141 'purge',
142 'read',
143 'reupload',
144 'reupload-shared',
145 'rollback',
146 'selenium',
147 'sendemail',
148 'siteadmin',
149 'suppressionlog',
150 'suppressredirect',
151 'suppressrevision',
152 'trackback',
153 'unblockself',
154 'undelete',
155 'unwatchedpages',
156 'upload',
157 'upload_by_url',
158 'userrights',
159 'userrights-interwiki',
160 'writeapi',
161 );
162 /**
163 * String Cached results of getAllRights()
164 */
165 static $mAllRights = false;
166
167 /** @name Cache variables */
168 //@{
169 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
170 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
171 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides,
172 $mCookiePassword, $mEditCount, $mAllowUsertalk;
173 //@}
174
175 /**
176 * Bool Whether the cache variables have been loaded.
177 */
178 //@{
179 var $mOptionsLoaded;
180
181 /**
182 * Array with already loaded items or true if all items have been loaded.
183 */
184 private $mLoadedItems = array();
185 //@}
186
187 /**
188 * String Initialization data source if mLoadedItems!==true. May be one of:
189 * - 'defaults' anonymous user initialised from class defaults
190 * - 'name' initialise from mName
191 * - 'id' initialise from mId
192 * - 'session' log in from cookies or session if possible
193 *
194 * Use the User::newFrom*() family of functions to set this.
195 */
196 var $mFrom;
197
198 /**
199 * Lazy-initialized variables, invalidated with clearInstanceCache
200 */
201 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
202 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
203 $mLocked, $mHideName, $mOptions;
204
205 /**
206 * @var WebRequest
207 */
208 private $mRequest;
209
210 /**
211 * @var Block
212 */
213 var $mBlock;
214
215 /**
216 * @var Block
217 */
218 private $mBlockedFromCreateAccount = false;
219
220 static $idCacheByName = array();
221
222 /**
223 * Lightweight constructor for an anonymous user.
224 * Use the User::newFrom* factory functions for other kinds of users.
225 *
226 * @see newFromName()
227 * @see newFromId()
228 * @see newFromConfirmationCode()
229 * @see newFromSession()
230 * @see newFromRow()
231 */
232 function __construct() {
233 $this->clearInstanceCache( 'defaults' );
234 }
235
236 /**
237 * @return String
238 */
239 function __toString(){
240 return $this->getName();
241 }
242
243 /**
244 * Load the user table data for this object from the source given by mFrom.
245 */
246 public function load() {
247 if ( $this->mLoadedItems === true ) {
248 return;
249 }
250 wfProfileIn( __METHOD__ );
251
252 # Set it now to avoid infinite recursion in accessors
253 $this->mLoadedItems = true;
254
255 switch ( $this->mFrom ) {
256 case 'defaults':
257 $this->loadDefaults();
258 break;
259 case 'name':
260 $this->mId = self::idFromName( $this->mName );
261 if ( !$this->mId ) {
262 # Nonexistent user placeholder object
263 $this->loadDefaults( $this->mName );
264 } else {
265 $this->loadFromId();
266 }
267 break;
268 case 'id':
269 $this->loadFromId();
270 break;
271 case 'session':
272 $this->loadFromSession();
273 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
274 break;
275 default:
276 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
277 }
278 wfProfileOut( __METHOD__ );
279 }
280
281 /**
282 * Load user table data, given mId has already been set.
283 * @return Bool false if the ID does not exist, true otherwise
284 */
285 public function loadFromId() {
286 global $wgMemc;
287 if ( $this->mId == 0 ) {
288 $this->loadDefaults();
289 return false;
290 }
291
292 # Try cache
293 $key = wfMemcKey( 'user', 'id', $this->mId );
294 $data = $wgMemc->get( $key );
295 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
296 # Object is expired, load from DB
297 $data = false;
298 }
299
300 if ( !$data ) {
301 wfDebug( "User: cache miss for user {$this->mId}\n" );
302 # Load from DB
303 if ( !$this->loadFromDatabase() ) {
304 # Can't load from ID, user is anonymous
305 return false;
306 }
307 $this->saveToCache();
308 } else {
309 wfDebug( "User: got user {$this->mId} from cache\n" );
310 # Restore from cache
311 foreach ( self::$mCacheVars as $name ) {
312 $this->$name = $data[$name];
313 }
314 }
315 return true;
316 }
317
318 /**
319 * Save user data to the shared cache
320 */
321 public function saveToCache() {
322 $this->load();
323 $this->loadGroups();
324 $this->loadOptions();
325 if ( $this->isAnon() ) {
326 // Anonymous users are uncached
327 return;
328 }
329 $data = array();
330 foreach ( self::$mCacheVars as $name ) {
331 $data[$name] = $this->$name;
332 }
333 $data['mVersion'] = MW_USER_VERSION;
334 $key = wfMemcKey( 'user', 'id', $this->mId );
335 global $wgMemc;
336 $wgMemc->set( $key, $data );
337 }
338
339 /** @name newFrom*() static factory methods */
340 //@{
341
342 /**
343 * Static factory method for creation from username.
344 *
345 * This is slightly less efficient than newFromId(), so use newFromId() if
346 * you have both an ID and a name handy.
347 *
348 * @param $name String Username, validated by Title::newFromText()
349 * @param $validate String|Bool Validate username. Takes the same parameters as
350 * User::getCanonicalName(), except that true is accepted as an alias
351 * for 'valid', for BC.
352 *
353 * @return User object, or false if the username is invalid
354 * (e.g. if it contains illegal characters or is an IP address). If the
355 * username is not present in the database, the result will be a user object
356 * with a name, zero user ID and default settings.
357 */
358 public static function newFromName( $name, $validate = 'valid' ) {
359 if ( $validate === true ) {
360 $validate = 'valid';
361 }
362 $name = self::getCanonicalName( $name, $validate );
363 if ( $name === false ) {
364 return false;
365 } else {
366 # Create unloaded user object
367 $u = new User;
368 $u->mName = $name;
369 $u->mFrom = 'name';
370 $u->setItemLoaded( 'name' );
371 return $u;
372 }
373 }
374
375 /**
376 * Static factory method for creation from a given user ID.
377 *
378 * @param $id Int Valid user ID
379 * @return User The corresponding User object
380 */
381 public static function newFromId( $id ) {
382 $u = new User;
383 $u->mId = $id;
384 $u->mFrom = 'id';
385 $u->setItemLoaded( 'id' );
386 return $u;
387 }
388
389 /**
390 * Factory method to fetch whichever user has a given email confirmation code.
391 * This code is generated when an account is created or its e-mail address
392 * has changed.
393 *
394 * If the code is invalid or has expired, returns NULL.
395 *
396 * @param $code String Confirmation code
397 * @return User
398 */
399 public static function newFromConfirmationCode( $code ) {
400 $dbr = wfGetDB( DB_SLAVE );
401 $id = $dbr->selectField( 'user', 'user_id', array(
402 'user_email_token' => md5( $code ),
403 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
404 ) );
405 if( $id !== false ) {
406 return User::newFromId( $id );
407 } else {
408 return null;
409 }
410 }
411
412 /**
413 * Create a new user object using data from session or cookies. If the
414 * login credentials are invalid, the result is an anonymous user.
415 *
416 * @param $request WebRequest object to use; $wgRequest will be used if
417 * ommited.
418 * @return User
419 */
420 public static function newFromSession( WebRequest $request = null ) {
421 $user = new User;
422 $user->mFrom = 'session';
423 $user->mRequest = $request;
424 return $user;
425 }
426
427 /**
428 * Create a new user object from a user row.
429 * The row should have the following fields from the user table in it:
430 * - either user_name or user_id to load further data if needed (or both)
431 * - user_real_name
432 * - all other fields (email, password, etc.)
433 * It is useless to provide the remaining fields if either user_id,
434 * user_name and user_real_name are not provided because the whole row
435 * will be loaded once more from the database when accessing them.
436 *
437 * @param $row Array A row from the user table
438 * @return User
439 */
440 public static function newFromRow( $row ) {
441 $user = new User;
442 $user->loadFromRow( $row );
443 return $user;
444 }
445
446 //@}
447
448 /**
449 * Get the username corresponding to a given user ID
450 * @param $id Int User ID
451 * @return String The corresponding username
452 */
453 static function whoIs( $id ) {
454 $dbr = wfGetDB( DB_SLAVE );
455 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
456 }
457
458 /**
459 * Get the real name of a user given their user ID
460 *
461 * @param $id Int User ID
462 * @return String The corresponding user's real name
463 */
464 public static function whoIsReal( $id ) {
465 $dbr = wfGetDB( DB_SLAVE );
466 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
467 }
468
469 /**
470 * Get database id given a user name
471 * @param $name String Username
472 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
473 */
474 public static function idFromName( $name ) {
475 $nt = Title::makeTitleSafe( NS_USER, $name );
476 if( is_null( $nt ) ) {
477 # Illegal name
478 return null;
479 }
480
481 if ( isset( self::$idCacheByName[$name] ) ) {
482 return self::$idCacheByName[$name];
483 }
484
485 $dbr = wfGetDB( DB_SLAVE );
486 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
487
488 if ( $s === false ) {
489 $result = null;
490 } else {
491 $result = $s->user_id;
492 }
493
494 self::$idCacheByName[$name] = $result;
495
496 if ( count( self::$idCacheByName ) > 1000 ) {
497 self::$idCacheByName = array();
498 }
499
500 return $result;
501 }
502
503 /**
504 * Reset the cache used in idFromName(). For use in tests.
505 */
506 public static function resetIdByNameCache() {
507 self::$idCacheByName = array();
508 }
509
510 /**
511 * Does the string match an anonymous IPv4 address?
512 *
513 * This function exists for username validation, in order to reject
514 * usernames which are similar in form to IP addresses. Strings such
515 * as 300.300.300.300 will return true because it looks like an IP
516 * address, despite not being strictly valid.
517 *
518 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
519 * address because the usemod software would "cloak" anonymous IP
520 * addresses like this, if we allowed accounts like this to be created
521 * new users could get the old edits of these anonymous users.
522 *
523 * @param $name String to match
524 * @return Bool
525 */
526 public static function isIP( $name ) {
527 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
528 }
529
530 /**
531 * Is the input a valid username?
532 *
533 * Checks if the input is a valid username, we don't want an empty string,
534 * an IP address, anything that containins slashes (would mess up subpages),
535 * is longer than the maximum allowed username size or doesn't begin with
536 * a capital letter.
537 *
538 * @param $name String to match
539 * @return Bool
540 */
541 public static function isValidUserName( $name ) {
542 global $wgContLang, $wgMaxNameChars;
543
544 if ( $name == ''
545 || User::isIP( $name )
546 || strpos( $name, '/' ) !== false
547 || strlen( $name ) > $wgMaxNameChars
548 || $name != $wgContLang->ucfirst( $name ) ) {
549 wfDebugLog( 'username', __METHOD__ .
550 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
551 return false;
552 }
553
554 // Ensure that the name can't be misresolved as a different title,
555 // such as with extra namespace keys at the start.
556 $parsed = Title::newFromText( $name );
557 if( is_null( $parsed )
558 || $parsed->getNamespace()
559 || strcmp( $name, $parsed->getPrefixedText() ) ) {
560 wfDebugLog( 'username', __METHOD__ .
561 ": '$name' invalid due to ambiguous prefixes" );
562 return false;
563 }
564
565 // Check an additional blacklist of troublemaker characters.
566 // Should these be merged into the title char list?
567 $unicodeBlacklist = '/[' .
568 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
569 '\x{00a0}' . # non-breaking space
570 '\x{2000}-\x{200f}' . # various whitespace
571 '\x{2028}-\x{202f}' . # breaks and control chars
572 '\x{3000}' . # ideographic space
573 '\x{e000}-\x{f8ff}' . # private use
574 ']/u';
575 if( preg_match( $unicodeBlacklist, $name ) ) {
576 wfDebugLog( 'username', __METHOD__ .
577 ": '$name' invalid due to blacklisted characters" );
578 return false;
579 }
580
581 return true;
582 }
583
584 /**
585 * Usernames which fail to pass this function will be blocked
586 * from user login and new account registrations, but may be used
587 * internally by batch processes.
588 *
589 * If an account already exists in this form, login will be blocked
590 * by a failure to pass this function.
591 *
592 * @param $name String to match
593 * @return Bool
594 */
595 public static function isUsableName( $name ) {
596 global $wgReservedUsernames;
597 // Must be a valid username, obviously ;)
598 if ( !self::isValidUserName( $name ) ) {
599 return false;
600 }
601
602 static $reservedUsernames = false;
603 if ( !$reservedUsernames ) {
604 $reservedUsernames = $wgReservedUsernames;
605 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
606 }
607
608 // Certain names may be reserved for batch processes.
609 foreach ( $reservedUsernames as $reserved ) {
610 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
611 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
612 }
613 if ( $reserved == $name ) {
614 return false;
615 }
616 }
617 return true;
618 }
619
620 /**
621 * Usernames which fail to pass this function will be blocked
622 * from new account registrations, but may be used internally
623 * either by batch processes or by user accounts which have
624 * already been created.
625 *
626 * Additional blacklisting may be added here rather than in
627 * isValidUserName() to avoid disrupting existing accounts.
628 *
629 * @param $name String to match
630 * @return Bool
631 */
632 public static function isCreatableName( $name ) {
633 global $wgInvalidUsernameCharacters;
634
635 // Ensure that the username isn't longer than 235 bytes, so that
636 // (at least for the builtin skins) user javascript and css files
637 // will work. (bug 23080)
638 if( strlen( $name ) > 235 ) {
639 wfDebugLog( 'username', __METHOD__ .
640 ": '$name' invalid due to length" );
641 return false;
642 }
643
644 // Preg yells if you try to give it an empty string
645 if( $wgInvalidUsernameCharacters !== '' ) {
646 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
647 wfDebugLog( 'username', __METHOD__ .
648 ": '$name' invalid due to wgInvalidUsernameCharacters" );
649 return false;
650 }
651 }
652
653 return self::isUsableName( $name );
654 }
655
656 /**
657 * Is the input a valid password for this user?
658 *
659 * @param $password String Desired password
660 * @return Bool
661 */
662 public function isValidPassword( $password ) {
663 //simple boolean wrapper for getPasswordValidity
664 return $this->getPasswordValidity( $password ) === true;
665 }
666
667 /**
668 * Given unvalidated password input, return error message on failure.
669 *
670 * @param $password String Desired password
671 * @return mixed: true on success, string or array of error message on failure
672 */
673 public function getPasswordValidity( $password ) {
674 global $wgMinimalPasswordLength, $wgContLang;
675
676 static $blockedLogins = array(
677 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
678 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
679 );
680
681 $result = false; //init $result to false for the internal checks
682
683 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
684 return $result;
685
686 if ( $result === false ) {
687 if( strlen( $password ) < $wgMinimalPasswordLength ) {
688 return 'passwordtooshort';
689 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
690 return 'password-name-match';
691 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
692 return 'password-login-forbidden';
693 } else {
694 //it seems weird returning true here, but this is because of the
695 //initialization of $result to false above. If the hook is never run or it
696 //doesn't modify $result, then we will likely get down into this if with
697 //a valid password.
698 return true;
699 }
700 } elseif( $result === true ) {
701 return true;
702 } else {
703 return $result; //the isValidPassword hook set a string $result and returned true
704 }
705 }
706
707 /**
708 * Does a string look like an e-mail address?
709 *
710 * This validates an email address using an HTML5 specification found at:
711 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
712 * Which as of 2011-01-24 says:
713 *
714 * A valid e-mail address is a string that matches the ABNF production
715 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
716 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
717 * 3.5.
718 *
719 * This function is an implementation of the specification as requested in
720 * bug 22449.
721 *
722 * Client-side forms will use the same standard validation rules via JS or
723 * HTML 5 validation; additional restrictions can be enforced server-side
724 * by extensions via the 'isValidEmailAddr' hook.
725 *
726 * Note that this validation doesn't 100% match RFC 2822, but is believed
727 * to be liberal enough for wide use. Some invalid addresses will still
728 * pass validation here.
729 *
730 * @param $addr String E-mail address
731 * @return Bool
732 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
733 */
734 public static function isValidEmailAddr( $addr ) {
735 return Sanitizer::validateEmail( $addr );
736 }
737
738 /**
739 * Given unvalidated user input, return a canonical username, or false if
740 * the username is invalid.
741 * @param $name String User input
742 * @param $validate String|Bool type of validation to use:
743 * - false No validation
744 * - 'valid' Valid for batch processes
745 * - 'usable' Valid for batch processes and login
746 * - 'creatable' Valid for batch processes, login and account creation
747 *
748 * @return bool|string
749 */
750 public static function getCanonicalName( $name, $validate = 'valid' ) {
751 # Force usernames to capital
752 global $wgContLang;
753 $name = $wgContLang->ucfirst( $name );
754
755 # Reject names containing '#'; these will be cleaned up
756 # with title normalisation, but then it's too late to
757 # check elsewhere
758 if( strpos( $name, '#' ) !== false )
759 return false;
760
761 # Clean up name according to title rules
762 $t = ( $validate === 'valid' ) ?
763 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
764 # Check for invalid titles
765 if( is_null( $t ) ) {
766 return false;
767 }
768
769 # Reject various classes of invalid names
770 global $wgAuth;
771 $name = $wgAuth->getCanonicalName( $t->getText() );
772
773 switch ( $validate ) {
774 case false:
775 break;
776 case 'valid':
777 if ( !User::isValidUserName( $name ) ) {
778 $name = false;
779 }
780 break;
781 case 'usable':
782 if ( !User::isUsableName( $name ) ) {
783 $name = false;
784 }
785 break;
786 case 'creatable':
787 if ( !User::isCreatableName( $name ) ) {
788 $name = false;
789 }
790 break;
791 default:
792 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
793 }
794 return $name;
795 }
796
797 /**
798 * Count the number of edits of a user
799 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
800 *
801 * @param $uid Int User ID to check
802 * @return Int the user's edit count
803 */
804 public static function edits( $uid ) {
805 wfProfileIn( __METHOD__ );
806 $dbr = wfGetDB( DB_SLAVE );
807 // check if the user_editcount field has been initialized
808 $field = $dbr->selectField(
809 'user', 'user_editcount',
810 array( 'user_id' => $uid ),
811 __METHOD__
812 );
813
814 if( $field === null ) { // it has not been initialized. do so.
815 $dbw = wfGetDB( DB_MASTER );
816 $count = $dbr->selectField(
817 'revision', 'count(*)',
818 array( 'rev_user' => $uid ),
819 __METHOD__
820 );
821 $dbw->update(
822 'user',
823 array( 'user_editcount' => $count ),
824 array( 'user_id' => $uid ),
825 __METHOD__
826 );
827 } else {
828 $count = $field;
829 }
830 wfProfileOut( __METHOD__ );
831 return $count;
832 }
833
834 /**
835 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
836 * @todo hash random numbers to improve security, like generateToken()
837 *
838 * @return String new random password
839 */
840 public static function randomPassword() {
841 global $wgMinimalPasswordLength;
842 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
843 $l = strlen( $pwchars ) - 1;
844
845 $pwlength = max( 7, $wgMinimalPasswordLength );
846 $digit = mt_rand( 0, $pwlength - 1 );
847 $np = '';
848 for ( $i = 0; $i < $pwlength; $i++ ) {
849 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars[ mt_rand( 0, $l ) ];
850 }
851 return $np;
852 }
853
854 /**
855 * Set cached properties to default.
856 *
857 * @note This no longer clears uncached lazy-initialised properties;
858 * the constructor does that instead.
859 *
860 * @param $name string
861 */
862 public function loadDefaults( $name = false ) {
863 wfProfileIn( __METHOD__ );
864
865 $this->mId = 0;
866 $this->mName = $name;
867 $this->mRealName = '';
868 $this->mPassword = $this->mNewpassword = '';
869 $this->mNewpassTime = null;
870 $this->mEmail = '';
871 $this->mOptionOverrides = null;
872 $this->mOptionsLoaded = false;
873
874 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
875 if( $loggedOut !== null ) {
876 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
877 } else {
878 $this->mTouched = '0'; # Allow any pages to be cached
879 }
880
881 $this->setToken(); # Random
882 $this->mEmailAuthenticated = null;
883 $this->mEmailToken = '';
884 $this->mEmailTokenExpires = null;
885 $this->mRegistration = wfTimestamp( TS_MW );
886 $this->mGroups = array();
887
888 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
889
890 wfProfileOut( __METHOD__ );
891 }
892
893 /**
894 * Return whether an item has been loaded.
895 *
896 * @param $item String: item to check. Current possibilities:
897 * - id
898 * - name
899 * - realname
900 * @param $all String: 'all' to check if the whole object has been loaded
901 * or any other string to check if only the item is available (e.g.
902 * for optimisation)
903 * @return Boolean
904 */
905 public function isItemLoaded( $item, $all = 'all' ) {
906 return ( $this->mLoadedItems === true && $all === 'all' ) ||
907 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
908 }
909
910 /**
911 * Set that an item has been loaded
912 *
913 * @param $item String
914 */
915 private function setItemLoaded( $item ) {
916 if ( is_array( $this->mLoadedItems ) ) {
917 $this->mLoadedItems[$item] = true;
918 }
919 }
920
921 /**
922 * Load user data from the session or login cookie. If there are no valid
923 * credentials, initialises the user as an anonymous user.
924 * @return Bool True if the user is logged in, false otherwise.
925 */
926 private function loadFromSession() {
927 global $wgExternalAuthType, $wgAutocreatePolicy;
928
929 $result = null;
930 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
931 if ( $result !== null ) {
932 return $result;
933 }
934
935 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
936 $extUser = ExternalUser::newFromCookie();
937 if ( $extUser ) {
938 # TODO: Automatically create the user here (or probably a bit
939 # lower down, in fact)
940 }
941 }
942
943 $request = $this->getRequest();
944
945 $cookieId = $request->getCookie( 'UserID' );
946 $sessId = $request->getSessionData( 'wsUserID' );
947
948 if ( $cookieId !== null ) {
949 $sId = intval( $cookieId );
950 if( $sessId !== null && $cookieId != $sessId ) {
951 $this->loadDefaults(); // Possible collision!
952 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
953 cookie user ID ($sId) don't match!" );
954 return false;
955 }
956 $request->setSessionData( 'wsUserID', $sId );
957 } elseif ( $sessId !== null && $sessId != 0 ) {
958 $sId = $sessId;
959 } else {
960 $this->loadDefaults();
961 return false;
962 }
963
964 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
965 $sName = $request->getSessionData( 'wsUserName' );
966 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
967 $sName = $request->getCookie( 'UserName' );
968 $request->setSessionData( 'wsUserName', $sName );
969 } else {
970 $this->loadDefaults();
971 return false;
972 }
973
974 $proposedUser = User::newFromId( $sId );
975 if ( !$proposedUser->isLoggedIn() ) {
976 # Not a valid ID
977 $this->loadDefaults();
978 return false;
979 }
980
981 global $wgBlockDisablesLogin;
982 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
983 # User blocked and we've disabled blocked user logins
984 $this->loadDefaults();
985 return false;
986 }
987
988 if ( $request->getSessionData( 'wsToken' ) !== null ) {
989 $passwordCorrect = $proposedUser->getToken() === $request->getSessionData( 'wsToken' );
990 $from = 'session';
991 } elseif ( $request->getCookie( 'Token' ) !== null ) {
992 $passwordCorrect = $proposedUser->getToken() === $request->getCookie( 'Token' );
993 $from = 'cookie';
994 } else {
995 # No session or persistent login cookie
996 $this->loadDefaults();
997 return false;
998 }
999
1000 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
1001 $this->loadFromUserObject( $proposedUser );
1002 $request->setSessionData( 'wsToken', $this->mToken );
1003 wfDebug( "User: logged in from $from\n" );
1004 return true;
1005 } else {
1006 # Invalid credentials
1007 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1008 $this->loadDefaults();
1009 return false;
1010 }
1011 }
1012
1013 /**
1014 * Load user and user_group data from the database.
1015 * $this->mId must be set, this is how the user is identified.
1016 *
1017 * @return Bool True if the user exists, false if the user is anonymous
1018 */
1019 public function loadFromDatabase() {
1020 # Paranoia
1021 $this->mId = intval( $this->mId );
1022
1023 /** Anonymous user */
1024 if( !$this->mId ) {
1025 $this->loadDefaults();
1026 return false;
1027 }
1028
1029 $dbr = wfGetDB( DB_MASTER );
1030 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
1031
1032 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1033
1034 if ( $s !== false ) {
1035 # Initialise user table data
1036 $this->loadFromRow( $s );
1037 $this->mGroups = null; // deferred
1038 $this->getEditCount(); // revalidation for nulls
1039 return true;
1040 } else {
1041 # Invalid user_id
1042 $this->mId = 0;
1043 $this->loadDefaults();
1044 return false;
1045 }
1046 }
1047
1048 /**
1049 * Initialize this object from a row from the user table.
1050 *
1051 * @param $row Array Row from the user table to load.
1052 */
1053 public function loadFromRow( $row ) {
1054 $all = true;
1055
1056 $this->mGroups = null; // deferred
1057
1058 if ( isset( $row->user_name ) ) {
1059 $this->mName = $row->user_name;
1060 $this->mFrom = 'name';
1061 $this->setItemLoaded( 'name' );
1062 } else {
1063 $all = false;
1064 }
1065
1066 if ( isset( $row->user_real_name ) ) {
1067 $this->mRealName = $row->user_real_name;
1068 $this->setItemLoaded( 'realname' );
1069 } else {
1070 $all = false;
1071 }
1072
1073 if ( isset( $row->user_id ) ) {
1074 $this->mId = intval( $row->user_id );
1075 $this->mFrom = 'id';
1076 $this->setItemLoaded( 'id' );
1077 } else {
1078 $all = false;
1079 }
1080
1081 if ( isset( $row->user_editcount ) ) {
1082 $this->mEditCount = $row->user_editcount;
1083 } else {
1084 $all = false;
1085 }
1086
1087 if ( isset( $row->user_password ) ) {
1088 $this->mPassword = $row->user_password;
1089 $this->mNewpassword = $row->user_newpassword;
1090 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1091 $this->mEmail = $row->user_email;
1092 $this->decodeOptions( $row->user_options );
1093 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
1094 $this->mToken = $row->user_token;
1095 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1096 $this->mEmailToken = $row->user_email_token;
1097 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1098 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1099 } else {
1100 $all = false;
1101 }
1102
1103 if ( $all ) {
1104 $this->mLoadedItems = true;
1105 }
1106 }
1107
1108 /**
1109 * Load the data for this user object from another user object.
1110 *
1111 * @param $user User
1112 */
1113 protected function loadFromUserObject( $user ) {
1114 $user->load();
1115 $user->loadGroups();
1116 $user->loadOptions();
1117 foreach ( self::$mCacheVars as $var ) {
1118 $this->$var = $user->$var;
1119 }
1120 }
1121
1122 /**
1123 * Load the groups from the database if they aren't already loaded.
1124 */
1125 private function loadGroups() {
1126 if ( is_null( $this->mGroups ) ) {
1127 $dbr = wfGetDB( DB_MASTER );
1128 $res = $dbr->select( 'user_groups',
1129 array( 'ug_group' ),
1130 array( 'ug_user' => $this->mId ),
1131 __METHOD__ );
1132 $this->mGroups = array();
1133 foreach ( $res as $row ) {
1134 $this->mGroups[] = $row->ug_group;
1135 }
1136 }
1137 }
1138
1139 /**
1140 * Add the user to the group if he/she meets given criteria.
1141 *
1142 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1143 * possible to remove manually via Special:UserRights. In such case it
1144 * will not be re-added automatically. The user will also not lose the
1145 * group if they no longer meet the criteria.
1146 *
1147 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1148 *
1149 * @return array Array of groups the user has been promoted to.
1150 *
1151 * @see $wgAutopromoteOnce
1152 */
1153 public function addAutopromoteOnceGroups( $event ) {
1154 global $wgAutopromoteOnceLogInRC;
1155
1156 $toPromote = array();
1157 if ( $this->getId() ) {
1158 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1159 if ( count( $toPromote ) ) {
1160 $oldGroups = $this->getGroups(); // previous groups
1161 foreach ( $toPromote as $group ) {
1162 $this->addGroup( $group );
1163 }
1164 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1165
1166 $log = new LogPage( 'rights', $wgAutopromoteOnceLogInRC /* in RC? */ );
1167 $log->addEntry( 'autopromote',
1168 $this->getUserPage(),
1169 '', // no comment
1170 // These group names are "list to texted"-ed in class LogPage.
1171 array( implode( ', ', $oldGroups ), implode( ', ', $newGroups ) )
1172 );
1173 }
1174 }
1175 return $toPromote;
1176 }
1177
1178 /**
1179 * Clear various cached data stored in this object.
1180 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1181 * given source. May be "name", "id", "defaults", "session", or false for
1182 * no reload.
1183 */
1184 public function clearInstanceCache( $reloadFrom = false ) {
1185 $this->mNewtalk = -1;
1186 $this->mDatePreference = null;
1187 $this->mBlockedby = -1; # Unset
1188 $this->mHash = false;
1189 $this->mRights = null;
1190 $this->mEffectiveGroups = null;
1191 $this->mImplicitGroups = null;
1192 $this->mOptions = null;
1193
1194 if ( $reloadFrom ) {
1195 $this->mLoadedItems = array();
1196 $this->mFrom = $reloadFrom;
1197 }
1198 }
1199
1200 /**
1201 * Combine the language default options with any site-specific options
1202 * and add the default language variants.
1203 *
1204 * @return Array of String options
1205 */
1206 public static function getDefaultOptions() {
1207 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1208
1209 $defOpt = $wgDefaultUserOptions;
1210 # default language setting
1211 $variant = $wgContLang->getDefaultVariant();
1212 $defOpt['variant'] = $variant;
1213 $defOpt['language'] = $variant;
1214 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1215 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1216 }
1217 $defOpt['skin'] = $wgDefaultSkin;
1218
1219 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1220
1221 return $defOpt;
1222 }
1223
1224 /**
1225 * Get a given default option value.
1226 *
1227 * @param $opt String Name of option to retrieve
1228 * @return String Default option value
1229 */
1230 public static function getDefaultOption( $opt ) {
1231 $defOpts = self::getDefaultOptions();
1232 if( isset( $defOpts[$opt] ) ) {
1233 return $defOpts[$opt];
1234 } else {
1235 return null;
1236 }
1237 }
1238
1239
1240 /**
1241 * Get blocking information
1242 * @param $bFromSlave Bool Whether to check the slave database first. To
1243 * improve performance, non-critical checks are done
1244 * against slaves. Check when actually saving should be
1245 * done against master.
1246 */
1247 private function getBlockedStatus( $bFromSlave = true ) {
1248 global $wgProxyWhitelist, $wgUser;
1249
1250 if ( -1 != $this->mBlockedby ) {
1251 return;
1252 }
1253
1254 wfProfileIn( __METHOD__ );
1255 wfDebug( __METHOD__.": checking...\n" );
1256
1257 // Initialize data...
1258 // Otherwise something ends up stomping on $this->mBlockedby when
1259 // things get lazy-loaded later, causing false positive block hits
1260 // due to -1 !== 0. Probably session-related... Nothing should be
1261 // overwriting mBlockedby, surely?
1262 $this->load();
1263
1264 $this->mBlockedby = 0;
1265 $this->mHideName = 0;
1266 $this->mAllowUsertalk = 0;
1267
1268 # We only need to worry about passing the IP address to the Block generator if the
1269 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1270 # know which IP address they're actually coming from
1271 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1272 $ip = $this->getRequest()->getIP();
1273 } else {
1274 $ip = null;
1275 }
1276
1277 # User/IP blocking
1278 $this->mBlock = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
1279 if ( $this->mBlock instanceof Block ) {
1280 wfDebug( __METHOD__ . ": Found block.\n" );
1281 $this->mBlockedby = $this->mBlock->getByName();
1282 $this->mBlockreason = $this->mBlock->mReason;
1283 $this->mHideName = $this->mBlock->mHideName;
1284 $this->mAllowUsertalk = !$this->mBlock->prevents( 'editownusertalk' );
1285 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1286 $this->spreadBlock();
1287 }
1288 }
1289
1290 # Proxy blocking
1291 if ( $ip !== null && !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1292 # Local list
1293 if ( self::isLocallyBlockedProxy( $ip ) ) {
1294 $this->mBlockedby = wfMsg( 'proxyblocker' );
1295 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1296 }
1297
1298 # DNSBL
1299 if ( !$this->mBlockedby && !$this->getID() ) {
1300 if ( $this->isDnsBlacklisted( $ip ) ) {
1301 $this->mBlockedby = wfMsg( 'sorbs' );
1302 $this->mBlockreason = wfMsg( 'sorbsreason' );
1303 }
1304 }
1305 }
1306
1307 # Extensions
1308 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1309
1310 wfProfileOut( __METHOD__ );
1311 }
1312
1313 /**
1314 * Whether the given IP is in a DNS blacklist.
1315 *
1316 * @param $ip String IP to check
1317 * @param $checkWhitelist Bool: whether to check the whitelist first
1318 * @return Bool True if blacklisted.
1319 */
1320 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1321 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1322 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1323
1324 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1325 return false;
1326
1327 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1328 return false;
1329
1330 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1331 return $this->inDnsBlacklist( $ip, $urls );
1332 }
1333
1334 /**
1335 * Whether the given IP is in a given DNS blacklist.
1336 *
1337 * @param $ip String IP to check
1338 * @param $bases String|Array of Strings: URL of the DNS blacklist
1339 * @return Bool True if blacklisted.
1340 */
1341 public function inDnsBlacklist( $ip, $bases ) {
1342 wfProfileIn( __METHOD__ );
1343
1344 $found = false;
1345 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1346 if( IP::isIPv4( $ip ) ) {
1347 # Reverse IP, bug 21255
1348 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1349
1350 foreach( (array)$bases as $base ) {
1351 # Make hostname
1352 # If we have an access key, use that too (ProjectHoneypot, etc.)
1353 if( is_array( $base ) ) {
1354 if( count( $base ) >= 2 ) {
1355 # Access key is 1, base URL is 0
1356 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1357 } else {
1358 $host = "$ipReversed.{$base[0]}";
1359 }
1360 } else {
1361 $host = "$ipReversed.$base";
1362 }
1363
1364 # Send query
1365 $ipList = gethostbynamel( $host );
1366
1367 if( $ipList ) {
1368 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1369 $found = true;
1370 break;
1371 } else {
1372 wfDebug( "Requested $host, not found in $base.\n" );
1373 }
1374 }
1375 }
1376
1377 wfProfileOut( __METHOD__ );
1378 return $found;
1379 }
1380
1381 /**
1382 * Check if an IP address is in the local proxy list
1383 *
1384 * @param $ip string
1385 *
1386 * @return bool
1387 */
1388 public static function isLocallyBlockedProxy( $ip ) {
1389 global $wgProxyList;
1390
1391 if ( !$wgProxyList ) {
1392 return false;
1393 }
1394 wfProfileIn( __METHOD__ );
1395
1396 if ( !is_array( $wgProxyList ) ) {
1397 # Load from the specified file
1398 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1399 }
1400
1401 if ( !is_array( $wgProxyList ) ) {
1402 $ret = false;
1403 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1404 $ret = true;
1405 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1406 # Old-style flipped proxy list
1407 $ret = true;
1408 } else {
1409 $ret = false;
1410 }
1411 wfProfileOut( __METHOD__ );
1412 return $ret;
1413 }
1414
1415 /**
1416 * Is this user subject to rate limiting?
1417 *
1418 * @return Bool True if rate limited
1419 */
1420 public function isPingLimitable() {
1421 global $wgRateLimitsExcludedIPs;
1422 if( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1423 // No other good way currently to disable rate limits
1424 // for specific IPs. :P
1425 // But this is a crappy hack and should die.
1426 return false;
1427 }
1428 return !$this->isAllowed('noratelimit');
1429 }
1430
1431 /**
1432 * Primitive rate limits: enforce maximum actions per time period
1433 * to put a brake on flooding.
1434 *
1435 * @note When using a shared cache like memcached, IP-address
1436 * last-hit counters will be shared across wikis.
1437 *
1438 * @param $action String Action to enforce; 'edit' if unspecified
1439 * @return Bool True if a rate limiter was tripped
1440 */
1441 public function pingLimiter( $action = 'edit' ) {
1442 # Call the 'PingLimiter' hook
1443 $result = false;
1444 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1445 return $result;
1446 }
1447
1448 global $wgRateLimits;
1449 if( !isset( $wgRateLimits[$action] ) ) {
1450 return false;
1451 }
1452
1453 # Some groups shouldn't trigger the ping limiter, ever
1454 if( !$this->isPingLimitable() )
1455 return false;
1456
1457 global $wgMemc, $wgRateLimitLog;
1458 wfProfileIn( __METHOD__ );
1459
1460 $limits = $wgRateLimits[$action];
1461 $keys = array();
1462 $id = $this->getId();
1463 $ip = $this->getRequest()->getIP();
1464 $userLimit = false;
1465
1466 if( isset( $limits['anon'] ) && $id == 0 ) {
1467 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1468 }
1469
1470 if( isset( $limits['user'] ) && $id != 0 ) {
1471 $userLimit = $limits['user'];
1472 }
1473 if( $this->isNewbie() ) {
1474 if( isset( $limits['newbie'] ) && $id != 0 ) {
1475 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1476 }
1477 if( isset( $limits['ip'] ) ) {
1478 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1479 }
1480 $matches = array();
1481 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1482 $subnet = $matches[1];
1483 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1484 }
1485 }
1486 // Check for group-specific permissions
1487 // If more than one group applies, use the group with the highest limit
1488 foreach ( $this->getGroups() as $group ) {
1489 if ( isset( $limits[$group] ) ) {
1490 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1491 $userLimit = $limits[$group];
1492 }
1493 }
1494 }
1495 // Set the user limit key
1496 if ( $userLimit !== false ) {
1497 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1498 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1499 }
1500
1501 $triggered = false;
1502 foreach( $keys as $key => $limit ) {
1503 list( $max, $period ) = $limit;
1504 $summary = "(limit $max in {$period}s)";
1505 $count = $wgMemc->get( $key );
1506 // Already pinged?
1507 if( $count ) {
1508 if( $count > $max ) {
1509 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1510 if( $wgRateLimitLog ) {
1511 wfSuppressWarnings();
1512 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1513 wfRestoreWarnings();
1514 }
1515 $triggered = true;
1516 } else {
1517 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1518 }
1519 } else {
1520 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1521 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1522 }
1523 $wgMemc->incr( $key );
1524 }
1525
1526 wfProfileOut( __METHOD__ );
1527 return $triggered;
1528 }
1529
1530 /**
1531 * Check if user is blocked
1532 *
1533 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1534 * @return Bool True if blocked, false otherwise
1535 */
1536 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1537 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1538 }
1539
1540 /**
1541 * Get the block affecting the user, or null if the user is not blocked
1542 *
1543 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1544 * @return Block|null
1545 */
1546 public function getBlock( $bFromSlave = true ){
1547 $this->getBlockedStatus( $bFromSlave );
1548 return $this->mBlock instanceof Block ? $this->mBlock : null;
1549 }
1550
1551 /**
1552 * Check if user is blocked from editing a particular article
1553 *
1554 * @param $title Title to check
1555 * @param $bFromSlave Bool whether to check the slave database instead of the master
1556 * @return Bool
1557 */
1558 function isBlockedFrom( $title, $bFromSlave = false ) {
1559 global $wgBlockAllowsUTEdit;
1560 wfProfileIn( __METHOD__ );
1561
1562 $blocked = $this->isBlocked( $bFromSlave );
1563 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1564 # If a user's name is suppressed, they cannot make edits anywhere
1565 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1566 $title->getNamespace() == NS_USER_TALK ) {
1567 $blocked = false;
1568 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1569 }
1570
1571 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1572
1573 wfProfileOut( __METHOD__ );
1574 return $blocked;
1575 }
1576
1577 /**
1578 * If user is blocked, return the name of the user who placed the block
1579 * @return String name of blocker
1580 */
1581 public function blockedBy() {
1582 $this->getBlockedStatus();
1583 return $this->mBlockedby;
1584 }
1585
1586 /**
1587 * If user is blocked, return the specified reason for the block
1588 * @return String Blocking reason
1589 */
1590 public function blockedFor() {
1591 $this->getBlockedStatus();
1592 return $this->mBlockreason;
1593 }
1594
1595 /**
1596 * If user is blocked, return the ID for the block
1597 * @return Int Block ID
1598 */
1599 public function getBlockId() {
1600 $this->getBlockedStatus();
1601 return ( $this->mBlock ? $this->mBlock->getId() : false );
1602 }
1603
1604 /**
1605 * Check if user is blocked on all wikis.
1606 * Do not use for actual edit permission checks!
1607 * This is intented for quick UI checks.
1608 *
1609 * @param $ip String IP address, uses current client if none given
1610 * @return Bool True if blocked, false otherwise
1611 */
1612 public function isBlockedGlobally( $ip = '' ) {
1613 if( $this->mBlockedGlobally !== null ) {
1614 return $this->mBlockedGlobally;
1615 }
1616 // User is already an IP?
1617 if( IP::isIPAddress( $this->getName() ) ) {
1618 $ip = $this->getName();
1619 } elseif( !$ip ) {
1620 $ip = $this->getRequest()->getIP();
1621 }
1622 $blocked = false;
1623 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1624 $this->mBlockedGlobally = (bool)$blocked;
1625 return $this->mBlockedGlobally;
1626 }
1627
1628 /**
1629 * Check if user account is locked
1630 *
1631 * @return Bool True if locked, false otherwise
1632 */
1633 public function isLocked() {
1634 if( $this->mLocked !== null ) {
1635 return $this->mLocked;
1636 }
1637 global $wgAuth;
1638 $authUser = $wgAuth->getUserInstance( $this );
1639 $this->mLocked = (bool)$authUser->isLocked();
1640 return $this->mLocked;
1641 }
1642
1643 /**
1644 * Check if user account is hidden
1645 *
1646 * @return Bool True if hidden, false otherwise
1647 */
1648 public function isHidden() {
1649 if( $this->mHideName !== null ) {
1650 return $this->mHideName;
1651 }
1652 $this->getBlockedStatus();
1653 if( !$this->mHideName ) {
1654 global $wgAuth;
1655 $authUser = $wgAuth->getUserInstance( $this );
1656 $this->mHideName = (bool)$authUser->isHidden();
1657 }
1658 return $this->mHideName;
1659 }
1660
1661 /**
1662 * Get the user's ID.
1663 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1664 */
1665 public function getId() {
1666 if( $this->mId === null && $this->mName !== null
1667 && User::isIP( $this->mName ) ) {
1668 // Special case, we know the user is anonymous
1669 return 0;
1670 } elseif( !$this->isItemLoaded( 'id' ) ) {
1671 // Don't load if this was initialized from an ID
1672 $this->load();
1673 }
1674 return $this->mId;
1675 }
1676
1677 /**
1678 * Set the user and reload all fields according to a given ID
1679 * @param $v Int User ID to reload
1680 */
1681 public function setId( $v ) {
1682 $this->mId = $v;
1683 $this->clearInstanceCache( 'id' );
1684 }
1685
1686 /**
1687 * Get the user name, or the IP of an anonymous user
1688 * @return String User's name or IP address
1689 */
1690 public function getName() {
1691 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1692 # Special case optimisation
1693 return $this->mName;
1694 } else {
1695 $this->load();
1696 if ( $this->mName === false ) {
1697 # Clean up IPs
1698 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1699 }
1700 return $this->mName;
1701 }
1702 }
1703
1704 /**
1705 * Set the user name.
1706 *
1707 * This does not reload fields from the database according to the given
1708 * name. Rather, it is used to create a temporary "nonexistent user" for
1709 * later addition to the database. It can also be used to set the IP
1710 * address for an anonymous user to something other than the current
1711 * remote IP.
1712 *
1713 * @note User::newFromName() has rougly the same function, when the named user
1714 * does not exist.
1715 * @param $str String New user name to set
1716 */
1717 public function setName( $str ) {
1718 $this->load();
1719 $this->mName = $str;
1720 }
1721
1722 /**
1723 * Get the user's name escaped by underscores.
1724 * @return String Username escaped by underscores.
1725 */
1726 public function getTitleKey() {
1727 return str_replace( ' ', '_', $this->getName() );
1728 }
1729
1730 /**
1731 * Check if the user has new messages.
1732 * @return Bool True if the user has new messages
1733 */
1734 public function getNewtalk() {
1735 $this->load();
1736
1737 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1738 if( $this->mNewtalk === -1 ) {
1739 $this->mNewtalk = false; # reset talk page status
1740
1741 # Check memcached separately for anons, who have no
1742 # entire User object stored in there.
1743 if( !$this->mId ) {
1744 global $wgMemc;
1745 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1746 $newtalk = $wgMemc->get( $key );
1747 if( strval( $newtalk ) !== '' ) {
1748 $this->mNewtalk = (bool)$newtalk;
1749 } else {
1750 // Since we are caching this, make sure it is up to date by getting it
1751 // from the master
1752 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1753 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1754 }
1755 } else {
1756 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1757 }
1758 }
1759
1760 return (bool)$this->mNewtalk;
1761 }
1762
1763 /**
1764 * Return the talk page(s) this user has new messages on.
1765 * @return Array of String page URLs
1766 */
1767 public function getNewMessageLinks() {
1768 $talks = array();
1769 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1770 return $talks;
1771
1772 if( !$this->getNewtalk() )
1773 return array();
1774 $up = $this->getUserPage();
1775 $utp = $up->getTalkPage();
1776 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1777 }
1778
1779 /**
1780 * Internal uncached check for new messages
1781 *
1782 * @see getNewtalk()
1783 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1784 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1785 * @param $fromMaster Bool true to fetch from the master, false for a slave
1786 * @return Bool True if the user has new messages
1787 */
1788 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1789 if ( $fromMaster ) {
1790 $db = wfGetDB( DB_MASTER );
1791 } else {
1792 $db = wfGetDB( DB_SLAVE );
1793 }
1794 $ok = $db->selectField( 'user_newtalk', $field,
1795 array( $field => $id ), __METHOD__ );
1796 return $ok !== false;
1797 }
1798
1799 /**
1800 * Add or update the new messages flag
1801 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1802 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1803 * @return Bool True if successful, false otherwise
1804 */
1805 protected function updateNewtalk( $field, $id ) {
1806 $dbw = wfGetDB( DB_MASTER );
1807 $dbw->insert( 'user_newtalk',
1808 array( $field => $id ),
1809 __METHOD__,
1810 'IGNORE' );
1811 if ( $dbw->affectedRows() ) {
1812 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1813 return true;
1814 } else {
1815 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1816 return false;
1817 }
1818 }
1819
1820 /**
1821 * Clear the new messages flag for the given user
1822 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1823 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1824 * @return Bool True if successful, false otherwise
1825 */
1826 protected function deleteNewtalk( $field, $id ) {
1827 $dbw = wfGetDB( DB_MASTER );
1828 $dbw->delete( 'user_newtalk',
1829 array( $field => $id ),
1830 __METHOD__ );
1831 if ( $dbw->affectedRows() ) {
1832 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1833 return true;
1834 } else {
1835 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1836 return false;
1837 }
1838 }
1839
1840 /**
1841 * Update the 'You have new messages!' status.
1842 * @param $val Bool Whether the user has new messages
1843 */
1844 public function setNewtalk( $val ) {
1845 if( wfReadOnly() ) {
1846 return;
1847 }
1848
1849 $this->load();
1850 $this->mNewtalk = $val;
1851
1852 if( $this->isAnon() ) {
1853 $field = 'user_ip';
1854 $id = $this->getName();
1855 } else {
1856 $field = 'user_id';
1857 $id = $this->getId();
1858 }
1859 global $wgMemc;
1860
1861 if( $val ) {
1862 $changed = $this->updateNewtalk( $field, $id );
1863 } else {
1864 $changed = $this->deleteNewtalk( $field, $id );
1865 }
1866
1867 if( $this->isAnon() ) {
1868 // Anons have a separate memcached space, since
1869 // user records aren't kept for them.
1870 $key = wfMemcKey( 'newtalk', 'ip', $id );
1871 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1872 }
1873 if ( $changed ) {
1874 $this->invalidateCache();
1875 }
1876 }
1877
1878 /**
1879 * Generate a current or new-future timestamp to be stored in the
1880 * user_touched field when we update things.
1881 * @return String Timestamp in TS_MW format
1882 */
1883 private static function newTouchedTimestamp() {
1884 global $wgClockSkewFudge;
1885 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1886 }
1887
1888 /**
1889 * Clear user data from memcached.
1890 * Use after applying fun updates to the database; caller's
1891 * responsibility to update user_touched if appropriate.
1892 *
1893 * Called implicitly from invalidateCache() and saveSettings().
1894 */
1895 private function clearSharedCache() {
1896 $this->load();
1897 if( $this->mId ) {
1898 global $wgMemc;
1899 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1900 }
1901 }
1902
1903 /**
1904 * Immediately touch the user data cache for this account.
1905 * Updates user_touched field, and removes account data from memcached
1906 * for reload on the next hit.
1907 */
1908 public function invalidateCache() {
1909 if( wfReadOnly() ) {
1910 return;
1911 }
1912 $this->load();
1913 if( $this->mId ) {
1914 $this->mTouched = self::newTouchedTimestamp();
1915
1916 $dbw = wfGetDB( DB_MASTER );
1917 $dbw->update( 'user',
1918 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1919 array( 'user_id' => $this->mId ),
1920 __METHOD__ );
1921
1922 $this->clearSharedCache();
1923 }
1924 }
1925
1926 /**
1927 * Validate the cache for this account.
1928 * @param $timestamp String A timestamp in TS_MW format
1929 *
1930 * @return bool
1931 */
1932 public function validateCache( $timestamp ) {
1933 $this->load();
1934 return ( $timestamp >= $this->mTouched );
1935 }
1936
1937 /**
1938 * Get the user touched timestamp
1939 * @return String timestamp
1940 */
1941 public function getTouched() {
1942 $this->load();
1943 return $this->mTouched;
1944 }
1945
1946 /**
1947 * Set the password and reset the random token.
1948 * Calls through to authentication plugin if necessary;
1949 * will have no effect if the auth plugin refuses to
1950 * pass the change through or if the legal password
1951 * checks fail.
1952 *
1953 * As a special case, setting the password to null
1954 * wipes it, so the account cannot be logged in until
1955 * a new password is set, for instance via e-mail.
1956 *
1957 * @param $str String New password to set
1958 * @throws PasswordError on failure
1959 *
1960 * @return bool
1961 */
1962 public function setPassword( $str ) {
1963 global $wgAuth;
1964
1965 if( $str !== null ) {
1966 if( !$wgAuth->allowPasswordChange() ) {
1967 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1968 }
1969
1970 if( !$this->isValidPassword( $str ) ) {
1971 global $wgMinimalPasswordLength;
1972 $valid = $this->getPasswordValidity( $str );
1973 if ( is_array( $valid ) ) {
1974 $message = array_shift( $valid );
1975 $params = $valid;
1976 } else {
1977 $message = $valid;
1978 $params = array( $wgMinimalPasswordLength );
1979 }
1980 throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
1981 }
1982 }
1983
1984 if( !$wgAuth->setPassword( $this, $str ) ) {
1985 throw new PasswordError( wfMsg( 'externaldberror' ) );
1986 }
1987
1988 $this->setInternalPassword( $str );
1989
1990 return true;
1991 }
1992
1993 /**
1994 * Set the password and reset the random token unconditionally.
1995 *
1996 * @param $str String New password to set
1997 */
1998 public function setInternalPassword( $str ) {
1999 $this->load();
2000 $this->setToken();
2001
2002 if( $str === null ) {
2003 // Save an invalid hash...
2004 $this->mPassword = '';
2005 } else {
2006 $this->mPassword = self::crypt( $str );
2007 }
2008 $this->mNewpassword = '';
2009 $this->mNewpassTime = null;
2010 }
2011
2012 /**
2013 * Get the user's current token.
2014 * @return String Token
2015 */
2016 public function getToken() {
2017 $this->load();
2018 return $this->mToken;
2019 }
2020
2021 /**
2022 * Set the random token (used for persistent authentication)
2023 * Called from loadDefaults() among other places.
2024 *
2025 * @param $token String|bool If specified, set the token to this value
2026 */
2027 public function setToken( $token = false ) {
2028 global $wgSecretKey, $wgProxyKey;
2029 $this->load();
2030 if ( !$token ) {
2031 if ( $wgSecretKey ) {
2032 $key = $wgSecretKey;
2033 } elseif ( $wgProxyKey ) {
2034 $key = $wgProxyKey;
2035 } else {
2036 $key = microtime();
2037 }
2038 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
2039 } else {
2040 $this->mToken = $token;
2041 }
2042 }
2043
2044 /**
2045 * Set the cookie password
2046 *
2047 * @param $str String New cookie password
2048 */
2049 private function setCookiePassword( $str ) {
2050 $this->load();
2051 $this->mCookiePassword = md5( $str );
2052 }
2053
2054 /**
2055 * Set the password for a password reminder or new account email
2056 *
2057 * @param $str String New password to set
2058 * @param $throttle Bool If true, reset the throttle timestamp to the present
2059 */
2060 public function setNewpassword( $str, $throttle = true ) {
2061 $this->load();
2062 $this->mNewpassword = self::crypt( $str );
2063 if ( $throttle ) {
2064 $this->mNewpassTime = wfTimestampNow();
2065 }
2066 }
2067
2068 /**
2069 * Has password reminder email been sent within the last
2070 * $wgPasswordReminderResendTime hours?
2071 * @return Bool
2072 */
2073 public function isPasswordReminderThrottled() {
2074 global $wgPasswordReminderResendTime;
2075 $this->load();
2076 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2077 return false;
2078 }
2079 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2080 return time() < $expiry;
2081 }
2082
2083 /**
2084 * Get the user's e-mail address
2085 * @return String User's email address
2086 */
2087 public function getEmail() {
2088 $this->load();
2089 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2090 return $this->mEmail;
2091 }
2092
2093 /**
2094 * Get the timestamp of the user's e-mail authentication
2095 * @return String TS_MW timestamp
2096 */
2097 public function getEmailAuthenticationTimestamp() {
2098 $this->load();
2099 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2100 return $this->mEmailAuthenticated;
2101 }
2102
2103 /**
2104 * Set the user's e-mail address
2105 * @param $str String New e-mail address
2106 */
2107 public function setEmail( $str ) {
2108 $this->load();
2109 $this->mEmail = $str;
2110 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2111 }
2112
2113 /**
2114 * Get the user's real name
2115 * @return String User's real name
2116 */
2117 public function getRealName() {
2118 if ( !$this->isItemLoaded( 'realname' ) ) {
2119 $this->load();
2120 }
2121
2122 return $this->mRealName;
2123 }
2124
2125 /**
2126 * Set the user's real name
2127 * @param $str String New real name
2128 */
2129 public function setRealName( $str ) {
2130 $this->load();
2131 $this->mRealName = $str;
2132 }
2133
2134 /**
2135 * Get the user's current setting for a given option.
2136 *
2137 * @param $oname String The option to check
2138 * @param $defaultOverride String A default value returned if the option does not exist
2139 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2140 * @return String User's current value for the option
2141 * @see getBoolOption()
2142 * @see getIntOption()
2143 */
2144 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2145 global $wgHiddenPrefs;
2146 $this->loadOptions();
2147
2148 if ( is_null( $this->mOptions ) ) {
2149 if($defaultOverride != '') {
2150 return $defaultOverride;
2151 }
2152 $this->mOptions = User::getDefaultOptions();
2153 }
2154
2155 # We want 'disabled' preferences to always behave as the default value for
2156 # users, even if they have set the option explicitly in their settings (ie they
2157 # set it, and then it was disabled removing their ability to change it). But
2158 # we don't want to erase the preferences in the database in case the preference
2159 # is re-enabled again. So don't touch $mOptions, just override the returned value
2160 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2161 return self::getDefaultOption( $oname );
2162 }
2163
2164 if ( array_key_exists( $oname, $this->mOptions ) ) {
2165 return $this->mOptions[$oname];
2166 } else {
2167 return $defaultOverride;
2168 }
2169 }
2170
2171 /**
2172 * Get all user's options
2173 *
2174 * @return array
2175 */
2176 public function getOptions() {
2177 global $wgHiddenPrefs;
2178 $this->loadOptions();
2179 $options = $this->mOptions;
2180
2181 # We want 'disabled' preferences to always behave as the default value for
2182 # users, even if they have set the option explicitly in their settings (ie they
2183 # set it, and then it was disabled removing their ability to change it). But
2184 # we don't want to erase the preferences in the database in case the preference
2185 # is re-enabled again. So don't touch $mOptions, just override the returned value
2186 foreach( $wgHiddenPrefs as $pref ){
2187 $default = self::getDefaultOption( $pref );
2188 if( $default !== null ){
2189 $options[$pref] = $default;
2190 }
2191 }
2192
2193 return $options;
2194 }
2195
2196 /**
2197 * Get the user's current setting for a given option, as a boolean value.
2198 *
2199 * @param $oname String The option to check
2200 * @return Bool User's current value for the option
2201 * @see getOption()
2202 */
2203 public function getBoolOption( $oname ) {
2204 return (bool)$this->getOption( $oname );
2205 }
2206
2207 /**
2208 * Get the user's current setting for a given option, as a boolean value.
2209 *
2210 * @param $oname String The option to check
2211 * @param $defaultOverride Int A default value returned if the option does not exist
2212 * @return Int User's current value for the option
2213 * @see getOption()
2214 */
2215 public function getIntOption( $oname, $defaultOverride=0 ) {
2216 $val = $this->getOption( $oname );
2217 if( $val == '' ) {
2218 $val = $defaultOverride;
2219 }
2220 return intval( $val );
2221 }
2222
2223 /**
2224 * Set the given option for a user.
2225 *
2226 * @param $oname String The option to set
2227 * @param $val mixed New value to set
2228 */
2229 public function setOption( $oname, $val ) {
2230 $this->load();
2231 $this->loadOptions();
2232
2233 // Explicitly NULL values should refer to defaults
2234 global $wgDefaultUserOptions;
2235 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2236 $val = $wgDefaultUserOptions[$oname];
2237 }
2238
2239 $this->mOptions[$oname] = $val;
2240 }
2241
2242 /**
2243 * Reset all options to the site defaults
2244 */
2245 public function resetOptions() {
2246 $this->mOptions = self::getDefaultOptions();
2247 }
2248
2249 /**
2250 * Get the user's preferred date format.
2251 * @return String User's preferred date format
2252 */
2253 public function getDatePreference() {
2254 // Important migration for old data rows
2255 if ( is_null( $this->mDatePreference ) ) {
2256 global $wgLang;
2257 $value = $this->getOption( 'date' );
2258 $map = $wgLang->getDatePreferenceMigrationMap();
2259 if ( isset( $map[$value] ) ) {
2260 $value = $map[$value];
2261 }
2262 $this->mDatePreference = $value;
2263 }
2264 return $this->mDatePreference;
2265 }
2266
2267 /**
2268 * Get the user preferred stub threshold
2269 *
2270 * @return int
2271 */
2272 public function getStubThreshold() {
2273 global $wgMaxArticleSize; # Maximum article size, in Kb
2274 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2275 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2276 # If they have set an impossible value, disable the preference
2277 # so we can use the parser cache again.
2278 $threshold = 0;
2279 }
2280 return $threshold;
2281 }
2282
2283 /**
2284 * Get the permissions this user has.
2285 * @param $ns int If numeric, get permissions for this namespace
2286 * @return Array of String permission names
2287 */
2288 public function getRights( $ns = null ) {
2289 $key = is_null( $ns ) ? '*' : intval( $ns );
2290
2291 if ( is_null( $this->mRights ) ) {
2292 $this->mRights = array();
2293 }
2294
2295 if ( !isset( $this->mRights[$key] ) ) {
2296 $this->mRights[$key] = self::getGroupPermissions( $this->getEffectiveGroups(), $ns );
2297 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights[$key], $ns ) );
2298 // Force reindexation of rights when a hook has unset one of them
2299 $this->mRights[$key] = array_values( $this->mRights[$key] );
2300 }
2301 if ( is_null( $ns ) ) {
2302 return $this->mRights[$key];
2303 } else {
2304 // Merge non namespace specific rights
2305 return array_merge( $this->mRights[$key], $this->getRights() );
2306 }
2307
2308 }
2309
2310 /**
2311 * Get the list of explicit group memberships this user has.
2312 * The implicit * and user groups are not included.
2313 * @return Array of String internal group names
2314 */
2315 public function getGroups() {
2316 $this->load();
2317 $this->loadGroups();
2318 return $this->mGroups;
2319 }
2320
2321 /**
2322 * Get the list of implicit group memberships this user has.
2323 * This includes all explicit groups, plus 'user' if logged in,
2324 * '*' for all accounts, and autopromoted groups
2325 * @param $recache Bool Whether to avoid the cache
2326 * @return Array of String internal group names
2327 */
2328 public function getEffectiveGroups( $recache = false ) {
2329 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2330 wfProfileIn( __METHOD__ );
2331 $this->mEffectiveGroups = array_unique( array_merge(
2332 $this->getGroups(), // explicit groups
2333 $this->getAutomaticGroups( $recache ) // implicit groups
2334 ) );
2335 # Hook for additional groups
2336 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2337 wfProfileOut( __METHOD__ );
2338 }
2339 return $this->mEffectiveGroups;
2340 }
2341
2342 /**
2343 * Get the list of implicit group memberships this user has.
2344 * This includes 'user' if logged in, '*' for all accounts,
2345 * and autopromoted groups
2346 * @param $recache Bool Whether to avoid the cache
2347 * @return Array of String internal group names
2348 */
2349 public function getAutomaticGroups( $recache = false ) {
2350 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2351 wfProfileIn( __METHOD__ );
2352 $this->mImplicitGroups = array( '*' );
2353 if ( $this->getId() ) {
2354 $this->mImplicitGroups[] = 'user';
2355
2356 $this->mImplicitGroups = array_unique( array_merge(
2357 $this->mImplicitGroups,
2358 Autopromote::getAutopromoteGroups( $this )
2359 ) );
2360 }
2361 if ( $recache ) {
2362 # Assure data consistency with rights/groups,
2363 # as getEffectiveGroups() depends on this function
2364 $this->mEffectiveGroups = null;
2365 }
2366 wfProfileOut( __METHOD__ );
2367 }
2368 return $this->mImplicitGroups;
2369 }
2370
2371 /**
2372 * Returns the groups the user has belonged to.
2373 *
2374 * The user may still belong to the returned groups. Compare with getGroups().
2375 *
2376 * The function will not return groups the user had belonged to before MW 1.17
2377 *
2378 * @return array Names of the groups the user has belonged to.
2379 */
2380 public function getFormerGroups() {
2381 if( is_null( $this->mFormerGroups ) ) {
2382 $dbr = wfGetDB( DB_MASTER );
2383 $res = $dbr->select( 'user_former_groups',
2384 array( 'ufg_group' ),
2385 array( 'ufg_user' => $this->mId ),
2386 __METHOD__ );
2387 $this->mFormerGroups = array();
2388 foreach( $res as $row ) {
2389 $this->mFormerGroups[] = $row->ufg_group;
2390 }
2391 }
2392 return $this->mFormerGroups;
2393 }
2394
2395 /**
2396 * Get the user's edit count.
2397 * @return Int
2398 */
2399 public function getEditCount() {
2400 if( $this->getId() ) {
2401 if ( !isset( $this->mEditCount ) ) {
2402 /* Populate the count, if it has not been populated yet */
2403 $this->mEditCount = User::edits( $this->mId );
2404 }
2405 return $this->mEditCount;
2406 } else {
2407 /* nil */
2408 return null;
2409 }
2410 }
2411
2412 /**
2413 * Add the user to the given group.
2414 * This takes immediate effect.
2415 * @param $group String Name of the group to add
2416 */
2417 public function addGroup( $group ) {
2418 if( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2419 $dbw = wfGetDB( DB_MASTER );
2420 if( $this->getId() ) {
2421 $dbw->insert( 'user_groups',
2422 array(
2423 'ug_user' => $this->getID(),
2424 'ug_group' => $group,
2425 ),
2426 __METHOD__,
2427 array( 'IGNORE' ) );
2428 }
2429 }
2430 $this->loadGroups();
2431 $this->mGroups[] = $group;
2432 $this->mRights = null;
2433
2434 $this->invalidateCache();
2435 }
2436
2437 /**
2438 * Remove the user from the given group.
2439 * This takes immediate effect.
2440 * @param $group String Name of the group to remove
2441 */
2442 public function removeGroup( $group ) {
2443 $this->load();
2444 if( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2445 $dbw = wfGetDB( DB_MASTER );
2446 $dbw->delete( 'user_groups',
2447 array(
2448 'ug_user' => $this->getID(),
2449 'ug_group' => $group,
2450 ), __METHOD__ );
2451 // Remember that the user was in this group
2452 $dbw->insert( 'user_former_groups',
2453 array(
2454 'ufg_user' => $this->getID(),
2455 'ufg_group' => $group,
2456 ),
2457 __METHOD__,
2458 array( 'IGNORE' ) );
2459 }
2460 $this->loadGroups();
2461 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2462 $this->mRights = null;
2463
2464 $this->invalidateCache();
2465 }
2466
2467 /**
2468 * Get whether the user is logged in
2469 * @return Bool
2470 */
2471 public function isLoggedIn() {
2472 return $this->getID() != 0;
2473 }
2474
2475 /**
2476 * Get whether the user is anonymous
2477 * @return Bool
2478 */
2479 public function isAnon() {
2480 return !$this->isLoggedIn();
2481 }
2482
2483 /**
2484 * Check if user is allowed to access a feature / make an action
2485 *
2486 * @internal param \String $varargs permissions to test
2487 * @return Boolean: True if user is allowed to perform *any* of the given actions
2488 *
2489 * @return bool
2490 */
2491 public function isAllowedAny( /*...*/ ){
2492 $permissions = func_get_args();
2493 foreach( $permissions as $permission ){
2494 if( $this->isAllowed( $permission ) ){
2495 return true;
2496 }
2497 }
2498 return false;
2499 }
2500
2501 /**
2502 *
2503 * @internal param $varargs string
2504 * @return bool True if the user is allowed to perform *all* of the given actions
2505 */
2506 public function isAllowedAll( /*...*/ ){
2507 $permissions = func_get_args();
2508 foreach( $permissions as $permission ){
2509 if( !$this->isAllowed( $permission ) ){
2510 return false;
2511 }
2512 }
2513 return true;
2514 }
2515
2516 /**
2517 * Internal mechanics of testing a permission
2518 * @param $action String
2519 * @param $ns int|null Namespace optional
2520 * @return bool
2521 */
2522 public function isAllowed( $action = '', $ns = null ) {
2523 if ( $action === '' ) {
2524 return true; // In the spirit of DWIM
2525 }
2526 # Patrolling may not be enabled
2527 if( $action === 'patrol' || $action === 'autopatrol' ) {
2528 global $wgUseRCPatrol, $wgUseNPPatrol;
2529 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2530 return false;
2531 }
2532 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2533 # by misconfiguration: 0 == 'foo'
2534 return in_array( $action, $this->getRights( $ns ), true );
2535 }
2536
2537 /**
2538 * Check whether to enable recent changes patrol features for this user
2539 * @return Boolean: True or false
2540 */
2541 public function useRCPatrol() {
2542 global $wgUseRCPatrol;
2543 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2544 }
2545
2546 /**
2547 * Check whether to enable new pages patrol features for this user
2548 * @return Bool True or false
2549 */
2550 public function useNPPatrol() {
2551 global $wgUseRCPatrol, $wgUseNPPatrol;
2552 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2553 }
2554
2555 /**
2556 * Get the WebRequest object to use with this object
2557 *
2558 * @return WebRequest
2559 */
2560 public function getRequest() {
2561 if ( $this->mRequest ) {
2562 return $this->mRequest;
2563 } else {
2564 global $wgRequest;
2565 return $wgRequest;
2566 }
2567 }
2568
2569 /**
2570 * Get the current skin, loading it if required
2571 * @return Skin The current skin
2572 * @todo FIXME: Need to check the old failback system [AV]
2573 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2574 */
2575 public function getSkin() {
2576 return RequestContext::getMain()->getSkin();
2577 }
2578
2579 /**
2580 * Check the watched status of an article.
2581 * @param $title Title of the article to look at
2582 * @return Bool
2583 */
2584 public function isWatched( $title ) {
2585 $wl = WatchedItem::fromUserTitle( $this, $title );
2586 return $wl->isWatched();
2587 }
2588
2589 /**
2590 * Watch an article.
2591 * @param $title Title of the article to look at
2592 */
2593 public function addWatch( $title ) {
2594 $wl = WatchedItem::fromUserTitle( $this, $title );
2595 $wl->addWatch();
2596 $this->invalidateCache();
2597 }
2598
2599 /**
2600 * Stop watching an article.
2601 * @param $title Title of the article to look at
2602 */
2603 public function removeWatch( $title ) {
2604 $wl = WatchedItem::fromUserTitle( $this, $title );
2605 $wl->removeWatch();
2606 $this->invalidateCache();
2607 }
2608
2609 /**
2610 * Clear the user's notification timestamp for the given title.
2611 * If e-notif e-mails are on, they will receive notification mails on
2612 * the next change of the page if it's watched etc.
2613 * @param $title Title of the article to look at
2614 */
2615 public function clearNotification( &$title ) {
2616 global $wgUseEnotif, $wgShowUpdatedMarker;
2617
2618 # Do nothing if the database is locked to writes
2619 if( wfReadOnly() ) {
2620 return;
2621 }
2622
2623 if( $title->getNamespace() == NS_USER_TALK &&
2624 $title->getText() == $this->getName() ) {
2625 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2626 return;
2627 $this->setNewtalk( false );
2628 }
2629
2630 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2631 return;
2632 }
2633
2634 if( $this->isAnon() ) {
2635 // Nothing else to do...
2636 return;
2637 }
2638
2639 // Only update the timestamp if the page is being watched.
2640 // The query to find out if it is watched is cached both in memcached and per-invocation,
2641 // and when it does have to be executed, it can be on a slave
2642 // If this is the user's newtalk page, we always update the timestamp
2643 if( $title->getNamespace() == NS_USER_TALK &&
2644 $title->getText() == $this->getName() )
2645 {
2646 $watched = true;
2647 } else {
2648 $watched = $this->isWatched( $title );
2649 }
2650
2651 // If the page is watched by the user (or may be watched), update the timestamp on any
2652 // any matching rows
2653 if ( $watched ) {
2654 $dbw = wfGetDB( DB_MASTER );
2655 $dbw->update( 'watchlist',
2656 array( /* SET */
2657 'wl_notificationtimestamp' => null
2658 ), array( /* WHERE */
2659 'wl_title' => $title->getDBkey(),
2660 'wl_namespace' => $title->getNamespace(),
2661 'wl_user' => $this->getID()
2662 ), __METHOD__
2663 );
2664 }
2665 }
2666
2667 /**
2668 * Resets all of the given user's page-change notification timestamps.
2669 * If e-notif e-mails are on, they will receive notification mails on
2670 * the next change of any watched page.
2671 */
2672 public function clearAllNotifications() {
2673 global $wgUseEnotif, $wgShowUpdatedMarker;
2674 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2675 $this->setNewtalk( false );
2676 return;
2677 }
2678 $id = $this->getId();
2679 if( $id != 0 ) {
2680 $dbw = wfGetDB( DB_MASTER );
2681 $dbw->update( 'watchlist',
2682 array( /* SET */
2683 'wl_notificationtimestamp' => null
2684 ), array( /* WHERE */
2685 'wl_user' => $id
2686 ), __METHOD__
2687 );
2688 # We also need to clear here the "you have new message" notification for the own user_talk page
2689 # This is cleared one page view later in Article::viewUpdates();
2690 }
2691 }
2692
2693 /**
2694 * Set this user's options from an encoded string
2695 * @param $str String Encoded options to import
2696 */
2697 public function decodeOptions( $str ) {
2698 if( !$str )
2699 return;
2700
2701 $this->mOptionsLoaded = true;
2702 $this->mOptionOverrides = array();
2703
2704 // If an option is not set in $str, use the default value
2705 $this->mOptions = self::getDefaultOptions();
2706
2707 $a = explode( "\n", $str );
2708 foreach ( $a as $s ) {
2709 $m = array();
2710 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2711 $this->mOptions[$m[1]] = $m[2];
2712 $this->mOptionOverrides[$m[1]] = $m[2];
2713 }
2714 }
2715 }
2716
2717 /**
2718 * Set a cookie on the user's client. Wrapper for
2719 * WebResponse::setCookie
2720 * @param $name String Name of the cookie to set
2721 * @param $value String Value to set
2722 * @param $exp Int Expiration time, as a UNIX time value;
2723 * if 0 or not specified, use the default $wgCookieExpiration
2724 */
2725 protected function setCookie( $name, $value, $exp = 0 ) {
2726 $this->getRequest()->response()->setcookie( $name, $value, $exp );
2727 }
2728
2729 /**
2730 * Clear a cookie on the user's client
2731 * @param $name String Name of the cookie to clear
2732 */
2733 protected function clearCookie( $name ) {
2734 $this->setCookie( $name, '', time() - 86400 );
2735 }
2736
2737 /**
2738 * Set the default cookies for this session on the user's client.
2739 *
2740 * @param $request WebRequest object to use; $wgRequest will be used if null
2741 * is passed.
2742 */
2743 public function setCookies( $request = null ) {
2744 if ( $request === null ) {
2745 $request = $this->getRequest();
2746 }
2747
2748 $this->load();
2749 if ( 0 == $this->mId ) return;
2750 $session = array(
2751 'wsUserID' => $this->mId,
2752 'wsToken' => $this->mToken,
2753 'wsUserName' => $this->getName()
2754 );
2755 $cookies = array(
2756 'UserID' => $this->mId,
2757 'UserName' => $this->getName(),
2758 );
2759 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2760 $cookies['Token'] = $this->mToken;
2761 } else {
2762 $cookies['Token'] = false;
2763 }
2764
2765 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2766
2767 foreach ( $session as $name => $value ) {
2768 $request->setSessionData( $name, $value );
2769 }
2770 foreach ( $cookies as $name => $value ) {
2771 if ( $value === false ) {
2772 $this->clearCookie( $name );
2773 } else {
2774 $this->setCookie( $name, $value );
2775 }
2776 }
2777 }
2778
2779 /**
2780 * Log this user out.
2781 */
2782 public function logout() {
2783 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2784 $this->doLogout();
2785 }
2786 }
2787
2788 /**
2789 * Clear the user's cookies and session, and reset the instance cache.
2790 * @see logout()
2791 */
2792 public function doLogout() {
2793 $this->clearInstanceCache( 'defaults' );
2794
2795 $this->getRequest()->setSessionData( 'wsUserID', 0 );
2796
2797 $this->clearCookie( 'UserID' );
2798 $this->clearCookie( 'Token' );
2799
2800 # Remember when user logged out, to prevent seeing cached pages
2801 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2802 }
2803
2804 /**
2805 * Save this user's settings into the database.
2806 * @todo Only rarely do all these fields need to be set!
2807 */
2808 public function saveSettings() {
2809 $this->load();
2810 if ( wfReadOnly() ) { return; }
2811 if ( 0 == $this->mId ) { return; }
2812
2813 $this->mTouched = self::newTouchedTimestamp();
2814
2815 $dbw = wfGetDB( DB_MASTER );
2816 $dbw->update( 'user',
2817 array( /* SET */
2818 'user_name' => $this->mName,
2819 'user_password' => $this->mPassword,
2820 'user_newpassword' => $this->mNewpassword,
2821 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2822 'user_real_name' => $this->mRealName,
2823 'user_email' => $this->mEmail,
2824 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2825 'user_options' => '',
2826 'user_touched' => $dbw->timestamp( $this->mTouched ),
2827 'user_token' => $this->mToken,
2828 'user_email_token' => $this->mEmailToken,
2829 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2830 ), array( /* WHERE */
2831 'user_id' => $this->mId
2832 ), __METHOD__
2833 );
2834
2835 $this->saveOptions();
2836
2837 wfRunHooks( 'UserSaveSettings', array( $this ) );
2838 $this->clearSharedCache();
2839 $this->getUserPage()->invalidateCache();
2840 }
2841
2842 /**
2843 * If only this user's username is known, and it exists, return the user ID.
2844 * @return Int
2845 */
2846 public function idForName() {
2847 $s = trim( $this->getName() );
2848 if ( $s === '' ) return 0;
2849
2850 $dbr = wfGetDB( DB_SLAVE );
2851 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2852 if ( $id === false ) {
2853 $id = 0;
2854 }
2855 return $id;
2856 }
2857
2858 /**
2859 * Add a user to the database, return the user object
2860 *
2861 * @param $name String Username to add
2862 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2863 * - password The user's password hash. Password logins will be disabled if this is omitted.
2864 * - newpassword Hash for a temporary password that has been mailed to the user
2865 * - email The user's email address
2866 * - email_authenticated The email authentication timestamp
2867 * - real_name The user's real name
2868 * - options An associative array of non-default options
2869 * - token Random authentication token. Do not set.
2870 * - registration Registration timestamp. Do not set.
2871 *
2872 * @return User object, or null if the username already exists
2873 */
2874 public static function createNew( $name, $params = array() ) {
2875 $user = new User;
2876 $user->load();
2877 if ( isset( $params['options'] ) ) {
2878 $user->mOptions = $params['options'] + (array)$user->mOptions;
2879 unset( $params['options'] );
2880 }
2881 $dbw = wfGetDB( DB_MASTER );
2882 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2883
2884 $fields = array(
2885 'user_id' => $seqVal,
2886 'user_name' => $name,
2887 'user_password' => $user->mPassword,
2888 'user_newpassword' => $user->mNewpassword,
2889 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2890 'user_email' => $user->mEmail,
2891 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2892 'user_real_name' => $user->mRealName,
2893 'user_options' => '',
2894 'user_token' => $user->mToken,
2895 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2896 'user_editcount' => 0,
2897 );
2898 foreach ( $params as $name => $value ) {
2899 $fields["user_$name"] = $value;
2900 }
2901 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2902 if ( $dbw->affectedRows() ) {
2903 $newUser = User::newFromId( $dbw->insertId() );
2904 } else {
2905 $newUser = null;
2906 }
2907 return $newUser;
2908 }
2909
2910 /**
2911 * Add this existing user object to the database
2912 */
2913 public function addToDatabase() {
2914 $this->load();
2915 $dbw = wfGetDB( DB_MASTER );
2916 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2917 $dbw->insert( 'user',
2918 array(
2919 'user_id' => $seqVal,
2920 'user_name' => $this->mName,
2921 'user_password' => $this->mPassword,
2922 'user_newpassword' => $this->mNewpassword,
2923 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2924 'user_email' => $this->mEmail,
2925 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2926 'user_real_name' => $this->mRealName,
2927 'user_options' => '',
2928 'user_token' => $this->mToken,
2929 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2930 'user_editcount' => 0,
2931 ), __METHOD__
2932 );
2933 $this->mId = $dbw->insertId();
2934
2935 // Clear instance cache other than user table data, which is already accurate
2936 $this->clearInstanceCache();
2937
2938 $this->saveOptions();
2939 }
2940
2941 /**
2942 * If this (non-anonymous) user is blocked, block any IP address
2943 * they've successfully logged in from.
2944 */
2945 public function spreadBlock() {
2946 wfDebug( __METHOD__ . "()\n" );
2947 $this->load();
2948 if ( $this->mId == 0 ) {
2949 return;
2950 }
2951
2952 $userblock = Block::newFromTarget( $this->getName() );
2953 if ( !$userblock ) {
2954 return;
2955 }
2956
2957 $userblock->doAutoblock( $this->getRequest()->getIP() );
2958 }
2959
2960 /**
2961 * Generate a string which will be different for any combination of
2962 * user options which would produce different parser output.
2963 * This will be used as part of the hash key for the parser cache,
2964 * so users with the same options can share the same cached data
2965 * safely.
2966 *
2967 * Extensions which require it should install 'PageRenderingHash' hook,
2968 * which will give them a chance to modify this key based on their own
2969 * settings.
2970 *
2971 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2972 * @return String Page rendering hash
2973 */
2974 public function getPageRenderingHash() {
2975 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2976 if( $this->mHash ){
2977 return $this->mHash;
2978 }
2979 wfDeprecated( __METHOD__ );
2980
2981 // stubthreshold is only included below for completeness,
2982 // since it disables the parser cache, its value will always
2983 // be 0 when this function is called by parsercache.
2984
2985 $confstr = $this->getOption( 'math' );
2986 $confstr .= '!' . $this->getStubThreshold();
2987 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2988 $confstr .= '!' . $this->getDatePreference();
2989 }
2990 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2991 $confstr .= '!' . $wgLang->getCode();
2992 $confstr .= '!' . $this->getOption( 'thumbsize' );
2993 // add in language specific options, if any
2994 $extra = $wgContLang->getExtraHashOptions();
2995 $confstr .= $extra;
2996
2997 // Since the skin could be overloading link(), it should be
2998 // included here but in practice, none of our skins do that.
2999
3000 $confstr .= $wgRenderHashAppend;
3001
3002 // Give a chance for extensions to modify the hash, if they have
3003 // extra options or other effects on the parser cache.
3004 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3005
3006 // Make it a valid memcached key fragment
3007 $confstr = str_replace( ' ', '_', $confstr );
3008 $this->mHash = $confstr;
3009 return $confstr;
3010 }
3011
3012 /**
3013 * Get whether the user is explicitly blocked from account creation.
3014 * @return Bool|Block
3015 */
3016 public function isBlockedFromCreateAccount() {
3017 $this->getBlockedStatus();
3018 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
3019 return $this->mBlock;
3020 }
3021
3022 # bug 13611: if the IP address the user is trying to create an account from is
3023 # blocked with createaccount disabled, prevent new account creation there even
3024 # when the user is logged in
3025 if( $this->mBlockedFromCreateAccount === false ){
3026 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3027 }
3028 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3029 ? $this->mBlockedFromCreateAccount
3030 : false;
3031 }
3032
3033 /**
3034 * Get whether the user is blocked from using Special:Emailuser.
3035 * @return Bool
3036 */
3037 public function isBlockedFromEmailuser() {
3038 $this->getBlockedStatus();
3039 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3040 }
3041
3042 /**
3043 * Get whether the user is allowed to create an account.
3044 * @return Bool
3045 */
3046 function isAllowedToCreateAccount() {
3047 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3048 }
3049
3050 /**
3051 * Get this user's personal page title.
3052 *
3053 * @return Title: User's personal page title
3054 */
3055 public function getUserPage() {
3056 return Title::makeTitle( NS_USER, $this->getName() );
3057 }
3058
3059 /**
3060 * Get this user's talk page title.
3061 *
3062 * @return Title: User's talk page title
3063 */
3064 public function getTalkPage() {
3065 $title = $this->getUserPage();
3066 return $title->getTalkPage();
3067 }
3068
3069 /**
3070 * Determine whether the user is a newbie. Newbies are either
3071 * anonymous IPs, or the most recently created accounts.
3072 * @return Bool
3073 */
3074 public function isNewbie() {
3075 return !$this->isAllowed( 'autoconfirmed' );
3076 }
3077
3078 /**
3079 * Check to see if the given clear-text password is one of the accepted passwords
3080 * @param $password String: user password.
3081 * @return Boolean: True if the given password is correct, otherwise False.
3082 */
3083 public function checkPassword( $password ) {
3084 global $wgAuth, $wgLegacyEncoding;
3085 $this->load();
3086
3087 // Even though we stop people from creating passwords that
3088 // are shorter than this, doesn't mean people wont be able
3089 // to. Certain authentication plugins do NOT want to save
3090 // domain passwords in a mysql database, so we should
3091 // check this (in case $wgAuth->strict() is false).
3092 if( !$this->isValidPassword( $password ) ) {
3093 return false;
3094 }
3095
3096 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
3097 return true;
3098 } elseif( $wgAuth->strict() ) {
3099 /* Auth plugin doesn't allow local authentication */
3100 return false;
3101 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
3102 /* Auth plugin doesn't allow local authentication for this user name */
3103 return false;
3104 }
3105 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3106 return true;
3107 } elseif ( $wgLegacyEncoding ) {
3108 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3109 # Check for this with iconv
3110 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3111 if ( $cp1252Password != $password &&
3112 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3113 {
3114 return true;
3115 }
3116 }
3117 return false;
3118 }
3119
3120 /**
3121 * Check if the given clear-text password matches the temporary password
3122 * sent by e-mail for password reset operations.
3123 *
3124 * @param $plaintext string
3125 *
3126 * @return Boolean: True if matches, false otherwise
3127 */
3128 public function checkTemporaryPassword( $plaintext ) {
3129 global $wgNewPasswordExpiry;
3130
3131 $this->load();
3132 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3133 if ( is_null( $this->mNewpassTime ) ) {
3134 return true;
3135 }
3136 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3137 return ( time() < $expiry );
3138 } else {
3139 return false;
3140 }
3141 }
3142
3143 /**
3144 * Initialize (if necessary) and return a session token value
3145 * which can be used in edit forms to show that the user's
3146 * login credentials aren't being hijacked with a foreign form
3147 * submission.
3148 *
3149 * @param $salt String|Array of Strings Optional function-specific data for hashing
3150 * @param $request WebRequest object to use or null to use $wgRequest
3151 * @return String The new edit token
3152 */
3153 public function editToken( $salt = '', $request = null ) {
3154 if ( $request == null ) {
3155 $request = $this->getRequest();
3156 }
3157
3158 if ( $this->isAnon() ) {
3159 return EDIT_TOKEN_SUFFIX;
3160 } else {
3161 $token = $request->getSessionData( 'wsEditToken' );
3162 if ( $token === null ) {
3163 $token = self::generateToken();
3164 $request->setSessionData( 'wsEditToken', $token );
3165 }
3166 if( is_array( $salt ) ) {
3167 $salt = implode( '|', $salt );
3168 }
3169 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3170 }
3171 }
3172
3173 /**
3174 * Generate a looking random token for various uses.
3175 *
3176 * @param $salt String Optional salt value
3177 * @return String The new random token
3178 */
3179 public static function generateToken( $salt = '' ) {
3180 $token = dechex( mt_rand() ) . dechex( mt_rand() );
3181 return md5( $token . $salt );
3182 }
3183
3184 /**
3185 * Check given value against the token value stored in the session.
3186 * A match should confirm that the form was submitted from the
3187 * user's own login session, not a form submission from a third-party
3188 * site.
3189 *
3190 * @param $val String Input value to compare
3191 * @param $salt String Optional function-specific data for hashing
3192 * @param $request WebRequest object to use or null to use $wgRequest
3193 * @return Boolean: Whether the token matches
3194 */
3195 public function matchEditToken( $val, $salt = '', $request = null ) {
3196 $sessionToken = $this->editToken( $salt, $request );
3197 if ( $val != $sessionToken ) {
3198 wfDebug( "User::matchEditToken: broken session data\n" );
3199 }
3200 return $val == $sessionToken;
3201 }
3202
3203 /**
3204 * Check given value against the token value stored in the session,
3205 * ignoring the suffix.
3206 *
3207 * @param $val String Input value to compare
3208 * @param $salt String Optional function-specific data for hashing
3209 * @param $request WebRequest object to use or null to use $wgRequest
3210 * @return Boolean: Whether the token matches
3211 */
3212 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3213 $sessionToken = $this->editToken( $salt, $request );
3214 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3215 }
3216
3217 /**
3218 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3219 * mail to the user's given address.
3220 *
3221 * @param $type String: message to send, either "created", "changed" or "set"
3222 * @return Status object
3223 */
3224 public function sendConfirmationMail( $type = 'created' ) {
3225 global $wgLang;
3226 $expiration = null; // gets passed-by-ref and defined in next line.
3227 $token = $this->confirmationToken( $expiration );
3228 $url = $this->confirmationTokenUrl( $token );
3229 $invalidateURL = $this->invalidationTokenUrl( $token );
3230 $this->saveSettings();
3231
3232 if ( $type == 'created' || $type === false ) {
3233 $message = 'confirmemail_body';
3234 } elseif ( $type === true ) {
3235 $message = 'confirmemail_body_changed';
3236 } else {
3237 $message = 'confirmemail_body_' . $type;
3238 }
3239
3240 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
3241 wfMsg( $message,
3242 $this->getRequest()->getIP(),
3243 $this->getName(),
3244 $url,
3245 $wgLang->timeanddate( $expiration, false ),
3246 $invalidateURL,
3247 $wgLang->date( $expiration, false ),
3248 $wgLang->time( $expiration, false ) ) );
3249 }
3250
3251 /**
3252 * Send an e-mail to this user's account. Does not check for
3253 * confirmed status or validity.
3254 *
3255 * @param $subject String Message subject
3256 * @param $body String Message body
3257 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3258 * @param $replyto String Reply-To address
3259 * @return Status
3260 */
3261 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3262 if( is_null( $from ) ) {
3263 global $wgPasswordSender, $wgPasswordSenderName;
3264 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3265 } else {
3266 $sender = new MailAddress( $from );
3267 }
3268
3269 $to = new MailAddress( $this );
3270 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3271 }
3272
3273 /**
3274 * Generate, store, and return a new e-mail confirmation code.
3275 * A hash (unsalted, since it's used as a key) is stored.
3276 *
3277 * @note Call saveSettings() after calling this function to commit
3278 * this change to the database.
3279 *
3280 * @param &$expiration \mixed Accepts the expiration time
3281 * @return String New token
3282 */
3283 private function confirmationToken( &$expiration ) {
3284 global $wgUserEmailConfirmationTokenExpiry;
3285 $now = time();
3286 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3287 $expiration = wfTimestamp( TS_MW, $expires );
3288 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
3289 $hash = md5( $token );
3290 $this->load();
3291 $this->mEmailToken = $hash;
3292 $this->mEmailTokenExpires = $expiration;
3293 return $token;
3294 }
3295
3296 /**
3297 * Return a URL the user can use to confirm their email address.
3298 * @param $token String Accepts the email confirmation token
3299 * @return String New token URL
3300 */
3301 private function confirmationTokenUrl( $token ) {
3302 return $this->getTokenUrl( 'ConfirmEmail', $token );
3303 }
3304
3305 /**
3306 * Return a URL the user can use to invalidate their email address.
3307 * @param $token String Accepts the email confirmation token
3308 * @return String New token URL
3309 */
3310 private function invalidationTokenUrl( $token ) {
3311 return $this->getTokenUrl( 'Invalidateemail', $token );
3312 }
3313
3314 /**
3315 * Internal function to format the e-mail validation/invalidation URLs.
3316 * This uses a quickie hack to use the
3317 * hardcoded English names of the Special: pages, for ASCII safety.
3318 *
3319 * @note Since these URLs get dropped directly into emails, using the
3320 * short English names avoids insanely long URL-encoded links, which
3321 * also sometimes can get corrupted in some browsers/mailers
3322 * (bug 6957 with Gmail and Internet Explorer).
3323 *
3324 * @param $page String Special page
3325 * @param $token String Token
3326 * @return String Formatted URL
3327 */
3328 protected function getTokenUrl( $page, $token ) {
3329 // Hack to bypass localization of 'Special:'
3330 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3331 return $title->getCanonicalUrl();
3332 }
3333
3334 /**
3335 * Mark the e-mail address confirmed.
3336 *
3337 * @note Call saveSettings() after calling this function to commit the change.
3338 *
3339 * @return true
3340 */
3341 public function confirmEmail() {
3342 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3343 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3344 return true;
3345 }
3346
3347 /**
3348 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3349 * address if it was already confirmed.
3350 *
3351 * @note Call saveSettings() after calling this function to commit the change.
3352 * @return true
3353 */
3354 function invalidateEmail() {
3355 $this->load();
3356 $this->mEmailToken = null;
3357 $this->mEmailTokenExpires = null;
3358 $this->setEmailAuthenticationTimestamp( null );
3359 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3360 return true;
3361 }
3362
3363 /**
3364 * Set the e-mail authentication timestamp.
3365 * @param $timestamp String TS_MW timestamp
3366 */
3367 function setEmailAuthenticationTimestamp( $timestamp ) {
3368 $this->load();
3369 $this->mEmailAuthenticated = $timestamp;
3370 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3371 }
3372
3373 /**
3374 * Is this user allowed to send e-mails within limits of current
3375 * site configuration?
3376 * @return Bool
3377 */
3378 public function canSendEmail() {
3379 global $wgEnableEmail, $wgEnableUserEmail;
3380 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3381 return false;
3382 }
3383 $canSend = $this->isEmailConfirmed();
3384 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3385 return $canSend;
3386 }
3387
3388 /**
3389 * Is this user allowed to receive e-mails within limits of current
3390 * site configuration?
3391 * @return Bool
3392 */
3393 public function canReceiveEmail() {
3394 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3395 }
3396
3397 /**
3398 * Is this user's e-mail address valid-looking and confirmed within
3399 * limits of the current site configuration?
3400 *
3401 * @note If $wgEmailAuthentication is on, this may require the user to have
3402 * confirmed their address by returning a code or using a password
3403 * sent to the address from the wiki.
3404 *
3405 * @return Bool
3406 */
3407 public function isEmailConfirmed() {
3408 global $wgEmailAuthentication;
3409 $this->load();
3410 $confirmed = true;
3411 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3412 if( $this->isAnon() ) {
3413 return false;
3414 }
3415 if( !Sanitizer::validateEmail( $this->mEmail ) ) {
3416 return false;
3417 }
3418 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3419 return false;
3420 }
3421 return true;
3422 } else {
3423 return $confirmed;
3424 }
3425 }
3426
3427 /**
3428 * Check whether there is an outstanding request for e-mail confirmation.
3429 * @return Bool
3430 */
3431 public function isEmailConfirmationPending() {
3432 global $wgEmailAuthentication;
3433 return $wgEmailAuthentication &&
3434 !$this->isEmailConfirmed() &&
3435 $this->mEmailToken &&
3436 $this->mEmailTokenExpires > wfTimestamp();
3437 }
3438
3439 /**
3440 * Get the timestamp of account creation.
3441 *
3442 * @return String|Bool Timestamp of account creation, or false for
3443 * non-existent/anonymous user accounts.
3444 */
3445 public function getRegistration() {
3446 if ( $this->isAnon() ) {
3447 return false;
3448 }
3449 $this->load();
3450 return $this->mRegistration;
3451 }
3452
3453 /**
3454 * Get the timestamp of the first edit
3455 *
3456 * @return String|Bool Timestamp of first edit, or false for
3457 * non-existent/anonymous user accounts.
3458 */
3459 public function getFirstEditTimestamp() {
3460 if( $this->getId() == 0 ) {
3461 return false; // anons
3462 }
3463 $dbr = wfGetDB( DB_SLAVE );
3464 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3465 array( 'rev_user' => $this->getId() ),
3466 __METHOD__,
3467 array( 'ORDER BY' => 'rev_timestamp ASC' )
3468 );
3469 if( !$time ) {
3470 return false; // no edits
3471 }
3472 return wfTimestamp( TS_MW, $time );
3473 }
3474
3475 /**
3476 * Get the permissions associated with a given list of groups
3477 *
3478 * @param $groups Array of Strings List of internal group names
3479 * @param $ns int
3480 *
3481 * @return Array of Strings List of permission key names for given groups combined
3482 */
3483 public static function getGroupPermissions( array $groups, $ns = null ) {
3484 global $wgGroupPermissions, $wgRevokePermissions;
3485 $rights = array();
3486
3487 // Grant every granted permission first
3488 foreach( $groups as $group ) {
3489 if( isset( $wgGroupPermissions[$group] ) ) {
3490 $rights = array_merge( $rights, self::extractRights(
3491 $wgGroupPermissions[$group], $ns ) );
3492 }
3493 }
3494
3495 // Revoke the revoked permissions
3496 foreach( $groups as $group ) {
3497 if( isset( $wgRevokePermissions[$group] ) ) {
3498 $rights = array_diff( $rights, self::extractRights(
3499 $wgRevokePermissions[$group], $ns ) );
3500 }
3501 }
3502 return array_unique( $rights );
3503 }
3504
3505 /**
3506 * Helper for User::getGroupPermissions
3507 * @param $list array
3508 * @param $ns int
3509 * @return array
3510 */
3511 private static function extractRights( $list, $ns ) {
3512 $rights = array();
3513 foreach( $list as $right => $value ) {
3514 if ( is_array( $value ) ) {
3515 # This is a list of namespaces where the permission applies
3516 if ( !is_null( $ns ) && !empty( $value[$ns] ) ) {
3517 $rights[] = $right;
3518 }
3519 } else {
3520 # This is a boolean indicating that the permission applies
3521 if ( $value ) {
3522 $rights[] = $right;
3523 }
3524 }
3525 }
3526 return $rights;
3527 }
3528
3529 /**
3530 * Get all the groups who have a given permission
3531 *
3532 * @param $role String Role to check
3533 * @param $ns int
3534 *
3535 *
3536 * @return Array of Strings List of internal group names with the given permission
3537 */
3538 public static function getGroupsWithPermission( $role, $ns = null ) {
3539 global $wgGroupPermissions;
3540 $allowedGroups = array();
3541 foreach ( $wgGroupPermissions as $group => $rights ) {
3542 if ( in_array( $role, self::getGroupPermissions( array( $group ), $ns ), true ) ) {
3543 $allowedGroups[] = $group;
3544 }
3545 }
3546 return $allowedGroups;
3547 }
3548
3549 /**
3550 * Get the localized descriptive name for a group, if it exists
3551 *
3552 * @param $group String Internal group name
3553 * @return String Localized descriptive group name
3554 */
3555 public static function getGroupName( $group ) {
3556 $msg = wfMessage( "group-$group" );
3557 return $msg->isBlank() ? $group : $msg->text();
3558 }
3559
3560 /**
3561 * Get the localized descriptive name for a member of a group, if it exists
3562 *
3563 * @param $group String Internal group name
3564 * @return String Localized name for group member
3565 */
3566 public static function getGroupMember( $group ) {
3567 $msg = wfMessage( "group-$group-member" );
3568 return $msg->isBlank() ? $group : $msg->text();
3569 }
3570
3571 /**
3572 * Return the set of defined explicit groups.
3573 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3574 * are not included, as they are defined automatically, not in the database.
3575 * @return Array of internal group names
3576 */
3577 public static function getAllGroups() {
3578 global $wgGroupPermissions, $wgRevokePermissions;
3579 return array_diff(
3580 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3581 self::getImplicitGroups()
3582 );
3583 }
3584
3585 /**
3586 * Get a list of all available permissions.
3587 * @return Array of permission names
3588 */
3589 public static function getAllRights() {
3590 if ( self::$mAllRights === false ) {
3591 global $wgAvailableRights;
3592 if ( count( $wgAvailableRights ) ) {
3593 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3594 } else {
3595 self::$mAllRights = self::$mCoreRights;
3596 }
3597 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3598 }
3599 return self::$mAllRights;
3600 }
3601
3602 /**
3603 * Get a list of implicit groups
3604 * @return Array of Strings Array of internal group names
3605 */
3606 public static function getImplicitGroups() {
3607 global $wgImplicitGroups;
3608 $groups = $wgImplicitGroups;
3609 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3610 return $groups;
3611 }
3612
3613 /**
3614 * Get the title of a page describing a particular group
3615 *
3616 * @param $group String Internal group name
3617 * @return Title|Bool Title of the page if it exists, false otherwise
3618 */
3619 public static function getGroupPage( $group ) {
3620 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3621 if( $msg->exists() ) {
3622 $title = Title::newFromText( $msg->text() );
3623 if( is_object( $title ) )
3624 return $title;
3625 }
3626 return false;
3627 }
3628
3629 /**
3630 * Create a link to the group in HTML, if available;
3631 * else return the group name.
3632 *
3633 * @param $group String Internal name of the group
3634 * @param $text String The text of the link
3635 * @return String HTML link to the group
3636 */
3637 public static function makeGroupLinkHTML( $group, $text = '' ) {
3638 if( $text == '' ) {
3639 $text = self::getGroupName( $group );
3640 }
3641 $title = self::getGroupPage( $group );
3642 if( $title ) {
3643 return Linker::link( $title, htmlspecialchars( $text ) );
3644 } else {
3645 return $text;
3646 }
3647 }
3648
3649 /**
3650 * Create a link to the group in Wikitext, if available;
3651 * else return the group name.
3652 *
3653 * @param $group String Internal name of the group
3654 * @param $text String The text of the link
3655 * @return String Wikilink to the group
3656 */
3657 public static function makeGroupLinkWiki( $group, $text = '' ) {
3658 if( $text == '' ) {
3659 $text = self::getGroupName( $group );
3660 }
3661 $title = self::getGroupPage( $group );
3662 if( $title ) {
3663 $page = $title->getPrefixedText();
3664 return "[[$page|$text]]";
3665 } else {
3666 return $text;
3667 }
3668 }
3669
3670 /**
3671 * Returns an array of the groups that a particular group can add/remove.
3672 *
3673 * @param $group String: the group to check for whether it can add/remove
3674 * @return Array array( 'add' => array( addablegroups ),
3675 * 'remove' => array( removablegroups ),
3676 * 'add-self' => array( addablegroups to self),
3677 * 'remove-self' => array( removable groups from self) )
3678 */
3679 public static function changeableByGroup( $group ) {
3680 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3681
3682 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3683 if( empty( $wgAddGroups[$group] ) ) {
3684 // Don't add anything to $groups
3685 } elseif( $wgAddGroups[$group] === true ) {
3686 // You get everything
3687 $groups['add'] = self::getAllGroups();
3688 } elseif( is_array( $wgAddGroups[$group] ) ) {
3689 $groups['add'] = $wgAddGroups[$group];
3690 }
3691
3692 // Same thing for remove
3693 if( empty( $wgRemoveGroups[$group] ) ) {
3694 } elseif( $wgRemoveGroups[$group] === true ) {
3695 $groups['remove'] = self::getAllGroups();
3696 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3697 $groups['remove'] = $wgRemoveGroups[$group];
3698 }
3699
3700 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3701 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3702 foreach( $wgGroupsAddToSelf as $key => $value ) {
3703 if( is_int( $key ) ) {
3704 $wgGroupsAddToSelf['user'][] = $value;
3705 }
3706 }
3707 }
3708
3709 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3710 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3711 if( is_int( $key ) ) {
3712 $wgGroupsRemoveFromSelf['user'][] = $value;
3713 }
3714 }
3715 }
3716
3717 // Now figure out what groups the user can add to him/herself
3718 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3719 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3720 // No idea WHY this would be used, but it's there
3721 $groups['add-self'] = User::getAllGroups();
3722 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3723 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3724 }
3725
3726 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3727 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3728 $groups['remove-self'] = User::getAllGroups();
3729 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3730 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3731 }
3732
3733 return $groups;
3734 }
3735
3736 /**
3737 * Returns an array of groups that this user can add and remove
3738 * @return Array array( 'add' => array( addablegroups ),
3739 * 'remove' => array( removablegroups ),
3740 * 'add-self' => array( addablegroups to self),
3741 * 'remove-self' => array( removable groups from self) )
3742 */
3743 public function changeableGroups() {
3744 if( $this->isAllowed( 'userrights' ) ) {
3745 // This group gives the right to modify everything (reverse-
3746 // compatibility with old "userrights lets you change
3747 // everything")
3748 // Using array_merge to make the groups reindexed
3749 $all = array_merge( User::getAllGroups() );
3750 return array(
3751 'add' => $all,
3752 'remove' => $all,
3753 'add-self' => array(),
3754 'remove-self' => array()
3755 );
3756 }
3757
3758 // Okay, it's not so simple, we will have to go through the arrays
3759 $groups = array(
3760 'add' => array(),
3761 'remove' => array(),
3762 'add-self' => array(),
3763 'remove-self' => array()
3764 );
3765 $addergroups = $this->getEffectiveGroups();
3766
3767 foreach( $addergroups as $addergroup ) {
3768 $groups = array_merge_recursive(
3769 $groups, $this->changeableByGroup( $addergroup )
3770 );
3771 $groups['add'] = array_unique( $groups['add'] );
3772 $groups['remove'] = array_unique( $groups['remove'] );
3773 $groups['add-self'] = array_unique( $groups['add-self'] );
3774 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3775 }
3776 return $groups;
3777 }
3778
3779 /**
3780 * Increment the user's edit-count field.
3781 * Will have no effect for anonymous users.
3782 */
3783 public function incEditCount() {
3784 if( !$this->isAnon() ) {
3785 $dbw = wfGetDB( DB_MASTER );
3786 $dbw->update( 'user',
3787 array( 'user_editcount=user_editcount+1' ),
3788 array( 'user_id' => $this->getId() ),
3789 __METHOD__ );
3790
3791 // Lazy initialization check...
3792 if( $dbw->affectedRows() == 0 ) {
3793 // Pull from a slave to be less cruel to servers
3794 // Accuracy isn't the point anyway here
3795 $dbr = wfGetDB( DB_SLAVE );
3796 $count = $dbr->selectField( 'revision',
3797 'COUNT(rev_user)',
3798 array( 'rev_user' => $this->getId() ),
3799 __METHOD__ );
3800
3801 // Now here's a goddamn hack...
3802 if( $dbr !== $dbw ) {
3803 // If we actually have a slave server, the count is
3804 // at least one behind because the current transaction
3805 // has not been committed and replicated.
3806 $count++;
3807 } else {
3808 // But if DB_SLAVE is selecting the master, then the
3809 // count we just read includes the revision that was
3810 // just added in the working transaction.
3811 }
3812
3813 $dbw->update( 'user',
3814 array( 'user_editcount' => $count ),
3815 array( 'user_id' => $this->getId() ),
3816 __METHOD__ );
3817 }
3818 }
3819 // edit count in user cache too
3820 $this->invalidateCache();
3821 }
3822
3823 /**
3824 * Get the description of a given right
3825 *
3826 * @param $right String Right to query
3827 * @return String Localized description of the right
3828 */
3829 public static function getRightDescription( $right ) {
3830 $key = "right-$right";
3831 $msg = wfMessage( $key );
3832 return $msg->isBlank() ? $right : $msg->text();
3833 }
3834
3835 /**
3836 * Make an old-style password hash
3837 *
3838 * @param $password String Plain-text password
3839 * @param $userId String User ID
3840 * @return String Password hash
3841 */
3842 public static function oldCrypt( $password, $userId ) {
3843 global $wgPasswordSalt;
3844 if ( $wgPasswordSalt ) {
3845 return md5( $userId . '-' . md5( $password ) );
3846 } else {
3847 return md5( $password );
3848 }
3849 }
3850
3851 /**
3852 * Make a new-style password hash
3853 *
3854 * @param $password String Plain-text password
3855 * @param bool|string $salt Optional salt, may be random or the user ID.
3856
3857 * If unspecified or false, will generate one automatically
3858 * @return String Password hash
3859 */
3860 public static function crypt( $password, $salt = false ) {
3861 global $wgPasswordSalt;
3862
3863 $hash = '';
3864 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3865 return $hash;
3866 }
3867
3868 if( $wgPasswordSalt ) {
3869 if ( $salt === false ) {
3870 $salt = substr( wfGenerateToken(), 0, 8 );
3871 }
3872 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3873 } else {
3874 return ':A:' . md5( $password );
3875 }
3876 }
3877
3878 /**
3879 * Compare a password hash with a plain-text password. Requires the user
3880 * ID if there's a chance that the hash is an old-style hash.
3881 *
3882 * @param $hash String Password hash
3883 * @param $password String Plain-text password to compare
3884 * @param $userId String|bool User ID for old-style password salt
3885 *
3886 * @return Boolean
3887 */
3888 public static function comparePasswords( $hash, $password, $userId = false ) {
3889 $type = substr( $hash, 0, 3 );
3890
3891 $result = false;
3892 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3893 return $result;
3894 }
3895
3896 if ( $type == ':A:' ) {
3897 # Unsalted
3898 return md5( $password ) === substr( $hash, 3 );
3899 } elseif ( $type == ':B:' ) {
3900 # Salted
3901 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3902 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3903 } else {
3904 # Old-style
3905 return self::oldCrypt( $password, $userId ) === $hash;
3906 }
3907 }
3908
3909 /**
3910 * Add a newuser log entry for this user
3911 *
3912 * @param $byEmail Boolean: account made by email?
3913 * @param $reason String: user supplied reason
3914 *
3915 * @return true
3916 */
3917 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3918 global $wgUser, $wgContLang, $wgNewUserLog;
3919 if( empty( $wgNewUserLog ) ) {
3920 return true; // disabled
3921 }
3922
3923 if( $this->getName() == $wgUser->getName() ) {
3924 $action = 'create';
3925 } else {
3926 $action = 'create2';
3927 if ( $byEmail ) {
3928 if ( $reason === '' ) {
3929 $reason = wfMsgForContent( 'newuserlog-byemail' );
3930 } else {
3931 $reason = $wgContLang->commaList( array(
3932 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3933 }
3934 }
3935 }
3936 $log = new LogPage( 'newusers' );
3937 $log->addEntry(
3938 $action,
3939 $this->getUserPage(),
3940 $reason,
3941 array( $this->getId() )
3942 );
3943 return true;
3944 }
3945
3946 /**
3947 * Add an autocreate newuser log entry for this user
3948 * Used by things like CentralAuth and perhaps other authplugins.
3949 *
3950 * @return true
3951 */
3952 public function addNewUserLogEntryAutoCreate() {
3953 global $wgNewUserLog;
3954 if( !$wgNewUserLog ) {
3955 return true; // disabled
3956 }
3957 $log = new LogPage( 'newusers', false );
3958 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3959 return true;
3960 }
3961
3962 /**
3963 * @todo document
3964 */
3965 protected function loadOptions() {
3966 $this->load();
3967 if ( $this->mOptionsLoaded || !$this->getId() )
3968 return;
3969
3970 $this->mOptions = self::getDefaultOptions();
3971
3972 // Maybe load from the object
3973 if ( !is_null( $this->mOptionOverrides ) ) {
3974 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3975 foreach( $this->mOptionOverrides as $key => $value ) {
3976 $this->mOptions[$key] = $value;
3977 }
3978 } else {
3979 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3980 // Load from database
3981 $dbr = wfGetDB( DB_SLAVE );
3982
3983 $res = $dbr->select(
3984 'user_properties',
3985 '*',
3986 array( 'up_user' => $this->getId() ),
3987 __METHOD__
3988 );
3989
3990 foreach ( $res as $row ) {
3991 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3992 $this->mOptions[$row->up_property] = $row->up_value;
3993 }
3994 }
3995
3996 $this->mOptionsLoaded = true;
3997
3998 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3999 }
4000
4001 /**
4002 * @todo document
4003 */
4004 protected function saveOptions() {
4005 global $wgAllowPrefChange;
4006
4007 $extuser = ExternalUser::newFromUser( $this );
4008
4009 $this->loadOptions();
4010 $dbw = wfGetDB( DB_MASTER );
4011
4012 $insert_rows = array();
4013
4014 $saveOptions = $this->mOptions;
4015
4016 // Allow hooks to abort, for instance to save to a global profile.
4017 // Reset options to default state before saving.
4018 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4019 return;
4020 }
4021
4022 foreach( $saveOptions as $key => $value ) {
4023 # Don't bother storing default values
4024 if ( ( is_null( self::getDefaultOption( $key ) ) &&
4025 !( $value === false || is_null($value) ) ) ||
4026 $value != self::getDefaultOption( $key ) ) {
4027 $insert_rows[] = array(
4028 'up_user' => $this->getId(),
4029 'up_property' => $key,
4030 'up_value' => $value,
4031 );
4032 }
4033 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
4034 switch ( $wgAllowPrefChange[$key] ) {
4035 case 'local':
4036 case 'message':
4037 break;
4038 case 'semiglobal':
4039 case 'global':
4040 $extuser->setPref( $key, $value );
4041 }
4042 }
4043 }
4044
4045 $dbw->begin();
4046 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
4047 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
4048 $dbw->commit();
4049 }
4050
4051 /**
4052 * Provide an array of HTML5 attributes to put on an input element
4053 * intended for the user to enter a new password. This may include
4054 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4055 *
4056 * Do *not* use this when asking the user to enter his current password!
4057 * Regardless of configuration, users may have invalid passwords for whatever
4058 * reason (e.g., they were set before requirements were tightened up).
4059 * Only use it when asking for a new password, like on account creation or
4060 * ResetPass.
4061 *
4062 * Obviously, you still need to do server-side checking.
4063 *
4064 * NOTE: A combination of bugs in various browsers means that this function
4065 * actually just returns array() unconditionally at the moment. May as
4066 * well keep it around for when the browser bugs get fixed, though.
4067 *
4068 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4069 *
4070 * @return array Array of HTML attributes suitable for feeding to
4071 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4072 * That will potentially output invalid XHTML 1.0 Transitional, and will
4073 * get confused by the boolean attribute syntax used.)
4074 */
4075 public static function passwordChangeInputAttribs() {
4076 global $wgMinimalPasswordLength;
4077
4078 if ( $wgMinimalPasswordLength == 0 ) {
4079 return array();
4080 }
4081
4082 # Note that the pattern requirement will always be satisfied if the
4083 # input is empty, so we need required in all cases.
4084 #
4085 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4086 # if e-mail confirmation is being used. Since HTML5 input validation
4087 # is b0rked anyway in some browsers, just return nothing. When it's
4088 # re-enabled, fix this code to not output required for e-mail
4089 # registration.
4090 #$ret = array( 'required' );
4091 $ret = array();
4092
4093 # We can't actually do this right now, because Opera 9.6 will print out
4094 # the entered password visibly in its error message! When other
4095 # browsers add support for this attribute, or Opera fixes its support,
4096 # we can add support with a version check to avoid doing this on Opera
4097 # versions where it will be a problem. Reported to Opera as
4098 # DSK-262266, but they don't have a public bug tracker for us to follow.
4099 /*
4100 if ( $wgMinimalPasswordLength > 1 ) {
4101 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4102 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
4103 $wgMinimalPasswordLength );
4104 }
4105 */
4106
4107 return $ret;
4108 }
4109 }
MediaWiki Core