search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix misspelling of my name, that I seem to have put in myself. Kinda embarrassing
[mediawiki.git] / includes / User.php
blob2f8e53c065ca819a482f831a2d794b9a7ee360c7
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44 /**
45 * Global constants made accessible as class constants so that autoloader
46 * magic can be used.
47 */
48 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
49 const MW_USER_VERSION = MW_USER_VERSION;
50 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
51
52 /**
53 * \type{\arrayof{\string}} List of member variables which are saved to the
54 * shared cache (memcached). Any operation which changes the
55 * corresponding database fields must call a cache-clearing function.
56 * @showinitializer
57 */
58 static $mCacheVars = array(
59 // user table
60 'mId',
61 'mName',
62 'mRealName',
63 'mPassword',
64 'mNewpassword',
65 'mNewpassTime',
66 'mEmail',
67 'mTouched',
68 'mToken',
69 'mEmailAuthenticated',
70 'mEmailToken',
71 'mEmailTokenExpires',
72 'mRegistration',
73 'mEditCount',
74 // user_group table
75 'mGroups',
76 // user_properties table
77 'mOptionOverrides',
78 );
79
80 /**
81 * \type{\arrayof{\string}} Core rights.
82 * Each of these should have a corresponding message of the form
83 * "right-$right".
84 * @showinitializer
85 */
86 static $mCoreRights = array(
87 'apihighlimits',
88 'autoconfirmed',
89 'autopatrol',
90 'bigdelete',
91 'block',
92 'blockemail',
93 'bot',
94 'browsearchive',
95 'createaccount',
96 'createpage',
97 'createtalk',
98 'delete',
99 'deletedhistory',
100 'deletedtext',
101 'deleterevision',
102 'disableaccount',
103 'edit',
104 'editinterface',
105 'editusercssjs',
106 'hideuser',
107 'import',
108 'importupload',
109 'ipblock-exempt',
110 'markbotedits',
111 'minoredit',
112 'move',
113 'movefile',
114 'move-rootuserpages',
115 'move-subpages',
116 'nominornewtalk',
117 'noratelimit',
118 'override-export-depth',
119 'patrol',
120 'protect',
121 'proxyunbannable',
122 'purge',
123 'read',
124 'reupload',
125 'reupload-shared',
126 'rollback',
127 'selenium',
128 'sendemail',
129 'siteadmin',
130 'suppressionlog',
131 'suppressredirect',
132 'suppressrevision',
133 'trackback',
134 'undelete',
135 'unwatchedpages',
136 'upload',
137 'upload_by_url',
138 'userrights',
139 'userrights-interwiki',
140 'writeapi',
141 );
142 /**
143 * \string Cached results of getAllRights()
144 */
145 static $mAllRights = false;
146
147 /** @name Cache variables */
148 //@{
149 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
150 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
151 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
152 //@}
153
154 /**
155 * \bool Whether the cache variables have been loaded.
156 */
157 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
158
159 /**
160 * \string Initialization data source if mDataLoaded==false. May be one of:
161 * - 'defaults' anonymous user initialised from class defaults
162 * - 'name' initialise from mName
163 * - 'id' initialise from mId
164 * - 'session' log in from cookies or session if possible
165 *
166 * Use the User::newFrom*() family of functions to set this.
167 */
168 var $mFrom;
169
170 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
171 //@{
172 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
173 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
174 $mLocked, $mHideName, $mOptions;
175 //@}
176
177 static $idCacheByName = array();
178
179 /**
180 * Lightweight constructor for an anonymous user.
181 * Use the User::newFrom* factory functions for other kinds of users.
182 *
183 * @see newFromName()
184 * @see newFromId()
185 * @see newFromConfirmationCode()
186 * @see newFromSession()
187 * @see newFromRow()
188 */
189 function __construct() {
190 $this->clearInstanceCache( 'defaults' );
191 }
192
193 /**
194 * Load the user table data for this object from the source given by mFrom.
195 */
196 function load() {
197 if ( $this->mDataLoaded ) {
198 return;
199 }
200 wfProfileIn( __METHOD__ );
201
202 # Set it now to avoid infinite recursion in accessors
203 $this->mDataLoaded = true;
204
205 switch ( $this->mFrom ) {
206 case 'defaults':
207 $this->loadDefaults();
208 break;
209 case 'name':
210 $this->mId = self::idFromName( $this->mName );
211 if ( !$this->mId ) {
212 # Nonexistent user placeholder object
213 $this->loadDefaults( $this->mName );
214 } else {
215 $this->loadFromId();
216 }
217 break;
218 case 'id':
219 $this->loadFromId();
220 break;
221 case 'session':
222 $this->loadFromSession();
223 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
224 break;
225 default:
226 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
227 }
228 wfProfileOut( __METHOD__ );
229 }
230
231 /**
232 * Load user table data, given mId has already been set.
233 * @return \bool false if the ID does not exist, true otherwise
234 * @private
235 */
236 function loadFromId() {
237 global $wgMemc;
238 if ( $this->mId == 0 ) {
239 $this->loadDefaults();
240 return false;
241 }
242
243 # Try cache
244 $key = wfMemcKey( 'user', 'id', $this->mId );
245 $data = $wgMemc->get( $key );
246 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
247 # Object is expired, load from DB
248 $data = false;
249 }
250
251 if ( !$data ) {
252 wfDebug( "User: cache miss for user {$this->mId}\n" );
253 # Load from DB
254 if ( !$this->loadFromDatabase() ) {
255 # Can't load from ID, user is anonymous
256 return false;
257 }
258 $this->saveToCache();
259 } else {
260 wfDebug( "User: got user {$this->mId} from cache\n" );
261 # Restore from cache
262 foreach ( self::$mCacheVars as $name ) {
263 $this->$name = $data[$name];
264 }
265 }
266 return true;
267 }
268
269 /**
270 * Save user data to the shared cache
271 */
272 function saveToCache() {
273 $this->load();
274 $this->loadGroups();
275 $this->loadOptions();
276 if ( $this->isAnon() ) {
277 // Anonymous users are uncached
278 return;
279 }
280 $data = array();
281 foreach ( self::$mCacheVars as $name ) {
282 $data[$name] = $this->$name;
283 }
284 $data['mVersion'] = MW_USER_VERSION;
285 $key = wfMemcKey( 'user', 'id', $this->mId );
286 global $wgMemc;
287 $wgMemc->set( $key, $data );
288 }
289
290
291 /** @name newFrom*() static factory methods */
292 //@{
293
294 /**
295 * Static factory method for creation from username.
296 *
297 * This is slightly less efficient than newFromId(), so use newFromId() if
298 * you have both an ID and a name handy.
299 *
300 * @param $name \string Username, validated by Title::newFromText()
301 * @param $validate \mixed Validate username. Takes the same parameters as
302 * User::getCanonicalName(), except that true is accepted as an alias
303 * for 'valid', for BC.
304 *
305 * @return User The User object, or false if the username is invalid
306 * (e.g. if it contains illegal characters or is an IP address). If the
307 * username is not present in the database, the result will be a user object
308 * with a name, zero user ID and default settings.
309 */
310 static function newFromName( $name, $validate = 'valid' ) {
311 if ( $validate === true ) {
312 $validate = 'valid';
313 }
314 $name = self::getCanonicalName( $name, $validate );
315 if ( $name === false ) {
316 return false;
317 } else {
318 # Create unloaded user object
319 $u = new User;
320 $u->mName = $name;
321 $u->mFrom = 'name';
322 return $u;
323 }
324 }
325
326 /**
327 * Static factory method for creation from a given user ID.
328 *
329 * @param $id \int Valid user ID
330 * @return \type{User} The corresponding User object
331 */
332 static function newFromId( $id ) {
333 $u = new User;
334 $u->mId = $id;
335 $u->mFrom = 'id';
336 return $u;
337 }
338
339 /**
340 * Factory method to fetch whichever user has a given email confirmation code.
341 * This code is generated when an account is created or its e-mail address
342 * has changed.
343 *
344 * If the code is invalid or has expired, returns NULL.
345 *
346 * @param $code \string Confirmation code
347 * @return \type{User}
348 */
349 static function newFromConfirmationCode( $code ) {
350 $dbr = wfGetDB( DB_SLAVE );
351 $id = $dbr->selectField( 'user', 'user_id', array(
352 'user_email_token' => md5( $code ),
353 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
354 ) );
355 if( $id !== false ) {
356 return User::newFromId( $id );
357 } else {
358 return null;
359 }
360 }
361
362 /**
363 * Create a new user object using data from session or cookies. If the
364 * login credentials are invalid, the result is an anonymous user.
365 *
366 * @return \type{User}
367 */
368 static function newFromSession() {
369 $user = new User;
370 $user->mFrom = 'session';
371 return $user;
372 }
373
374 /**
375 * Create a new user object from a user row.
376 * The row should have all fields from the user table in it.
377 * @param $row array A row from the user table
378 * @return \type{User}
379 */
380 static function newFromRow( $row ) {
381 $user = new User;
382 $user->loadFromRow( $row );
383 return $user;
384 }
385
386 //@}
387
388
389 /**
390 * Get the username corresponding to a given user ID
391 * @param $id \int User ID
392 * @return \string The corresponding username
393 */
394 static function whoIs( $id ) {
395 $dbr = wfGetDB( DB_SLAVE );
396 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
397 }
398
399 /**
400 * Get the real name of a user given their user ID
401 *
402 * @param $id \int User ID
403 * @return \string The corresponding user's real name
404 */
405 static function whoIsReal( $id ) {
406 $dbr = wfGetDB( DB_SLAVE );
407 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
408 }
409
410 /**
411 * Get database id given a user name
412 * @param $name \string Username
413 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
414 */
415 static function idFromName( $name ) {
416 $nt = Title::makeTitleSafe( NS_USER, $name );
417 if( is_null( $nt ) ) {
418 # Illegal name
419 return null;
420 }
421
422 if ( isset( self::$idCacheByName[$name] ) ) {
423 return self::$idCacheByName[$name];
424 }
425
426 $dbr = wfGetDB( DB_SLAVE );
427 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
428
429 if ( $s === false ) {
430 $result = null;
431 } else {
432 $result = $s->user_id;
433 }
434
435 self::$idCacheByName[$name] = $result;
436
437 if ( count( self::$idCacheByName ) > 1000 ) {
438 self::$idCacheByName = array();
439 }
440
441 return $result;
442 }
443
444 /**
445 * Does the string match an anonymous IPv4 address?
446 *
447 * This function exists for username validation, in order to reject
448 * usernames which are similar in form to IP addresses. Strings such
449 * as 300.300.300.300 will return true because it looks like an IP
450 * address, despite not being strictly valid.
451 *
452 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
453 * address because the usemod software would "cloak" anonymous IP
454 * addresses like this, if we allowed accounts like this to be created
455 * new users could get the old edits of these anonymous users.
456 *
457 * @param $name \string String to match
458 * @return \bool True or false
459 */
460 static function isIP( $name ) {
461 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
462 }
463
464 /**
465 * Is the input a valid username?
466 *
467 * Checks if the input is a valid username, we don't want an empty string,
468 * an IP address, anything that containins slashes (would mess up subpages),
469 * is longer than the maximum allowed username size or doesn't begin with
470 * a capital letter.
471 *
472 * @param $name \string String to match
473 * @return \bool True or false
474 */
475 static function isValidUserName( $name ) {
476 global $wgContLang, $wgMaxNameChars;
477
478 if ( $name == ''
479 || User::isIP( $name )
480 || strpos( $name, '/' ) !== false
481 || strlen( $name ) > $wgMaxNameChars
482 || $name != $wgContLang->ucfirst( $name ) ) {
483 wfDebugLog( 'username', __METHOD__ .
484 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
485 return false;
486 }
487
488 // Ensure that the name can't be misresolved as a different title,
489 // such as with extra namespace keys at the start.
490 $parsed = Title::newFromText( $name );
491 if( is_null( $parsed )
492 || $parsed->getNamespace()
493 || strcmp( $name, $parsed->getPrefixedText() ) ) {
494 wfDebugLog( 'username', __METHOD__ .
495 ": '$name' invalid due to ambiguous prefixes" );
496 return false;
497 }
498
499 // Check an additional blacklist of troublemaker characters.
500 // Should these be merged into the title char list?
501 $unicodeBlacklist = '/[' .
502 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
503 '\x{00a0}' . # non-breaking space
504 '\x{2000}-\x{200f}' . # various whitespace
505 '\x{2028}-\x{202f}' . # breaks and control chars
506 '\x{3000}' . # ideographic space
507 '\x{e000}-\x{f8ff}' . # private use
508 ']/u';
509 if( preg_match( $unicodeBlacklist, $name ) ) {
510 wfDebugLog( 'username', __METHOD__ .
511 ": '$name' invalid due to blacklisted characters" );
512 return false;
513 }
514
515 return true;
516 }
517
518 /**
519 * Usernames which fail to pass this function will be blocked
520 * from user login and new account registrations, but may be used
521 * internally by batch processes.
522 *
523 * If an account already exists in this form, login will be blocked
524 * by a failure to pass this function.
525 *
526 * @param $name \string String to match
527 * @return \bool True or false
528 */
529 static function isUsableName( $name ) {
530 global $wgReservedUsernames;
531 // Must be a valid username, obviously ;)
532 if ( !self::isValidUserName( $name ) ) {
533 return false;
534 }
535
536 static $reservedUsernames = false;
537 if ( !$reservedUsernames ) {
538 $reservedUsernames = $wgReservedUsernames;
539 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
540 }
541
542 // Certain names may be reserved for batch processes.
543 foreach ( $reservedUsernames as $reserved ) {
544 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
545 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
546 }
547 if ( $reserved == $name ) {
548 return false;
549 }
550 }
551 return true;
552 }
553
554 /**
555 * Usernames which fail to pass this function will be blocked
556 * from new account registrations, but may be used internally
557 * either by batch processes or by user accounts which have
558 * already been created.
559 *
560 * Additional blacklisting may be added here rather than in
561 * isValidUserName() to avoid disrupting existing accounts.
562 *
563 * @param $name \string String to match
564 * @return \bool True or false
565 */
566 static function isCreatableName( $name ) {
567 global $wgInvalidUsernameCharacters;
568
569 // Ensure that the username isn't longer than 235 bytes, so that
570 // (at least for the builtin skins) user javascript and css files
571 // will work. (bug 23080)
572 if( strlen( $name ) > 235 ) {
573 wfDebugLog( 'username', __METHOD__ .
574 ": '$name' invalid due to length" );
575 return false;
576 }
577
578 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
579 wfDebugLog( 'username', __METHOD__ .
580 ": '$name' invalid due to wgInvalidUsernameCharacters" );
581 return false;
582 }
583
584 return self::isUsableName( $name );
585 }
586
587 /**
588 * Is the input a valid password for this user?
589 *
590 * @param $password String Desired password
591 * @return bool True or false
592 */
593 function isValidPassword( $password ) {
594 //simple boolean wrapper for getPasswordValidity
595 return $this->getPasswordValidity( $password ) === true;
596 }
597
598 /**
599 * Given unvalidated password input, return error message on failure.
600 *
601 * @param $password String Desired password
602 * @return mixed: true on success, string of error message on failure
603 */
604 function getPasswordValidity( $password ) {
605 global $wgMinimalPasswordLength, $wgWeakPasswords, $wgContLang;
606
607 $result = false; //init $result to false for the internal checks
608
609 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
610 return $result;
611
612 $lcPassword = $wgContLang->lc( $password );
613
614 if ( $result === false ) {
615 if( strlen( $password ) < $wgMinimalPasswordLength ) {
616 return 'passwordtooshort';
617 } elseif ( $lcPassword == $wgContLang->lc( $this->mName ) ) {
618 return 'password-name-match';
619 } elseif ( in_array( $lcPassword, $wgWeakPasswords ) ) {
620 return 'password-too-weak';
621 } else {
622 //it seems weird returning true here, but this is because of the
623 //initialization of $result to false above. If the hook is never run or it
624 //doesn't modify $result, then we will likely get down into this if with
625 //a valid password.
626 return true;
627 }
628 } elseif( $result === true ) {
629 return true;
630 } else {
631 return $result; //the isValidPassword hook set a string $result and returned true
632 }
633 }
634
635 /**
636 * Does a string look like an e-mail address?
637 *
638 * There used to be a regular expression here, it got removed because it
639 * rejected valid addresses. Actually just check if there is '@' somewhere
640 * in the given address.
641 *
642 * @todo Check for RFC 2822 compilance (bug 959)
643 *
644 * @param $addr \string E-mail address
645 * @return \bool True or false
646 */
647 public static function isValidEmailAddr( $addr ) {
648 $result = null;
649 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
650 return $result;
651 }
652 $rfc5322_atext = "a-z0-9!#$%&'*+-\/=?^_`{|}—~" ;
653 $rfc1034_ldh_str = "a-z0-9-" ;
654
655 $HTML5_email_regexp = "/
656 ^ # start of string
657 [$rfc5322_atext\\.]+ # user part which is liberal :p
658 @ # 'apostrophe'
659 [$rfc1034_ldh_str]+ # First domain part
660 (\\.[$rfc1034_ldh_str]+)+ # Following part prefixed with a dot
661 $ # End of string
662 /ix" ; // case Insensitive, eXtended
663
664 return (bool) preg_match( $HTML5_email_regexp, $addr );
665 }
666
667 /**
668 * Given unvalidated user input, return a canonical username, or false if
669 * the username is invalid.
670 * @param $name \string User input
671 * @param $validate \types{\string,\bool} Type of validation to use:
672 * - false No validation
673 * - 'valid' Valid for batch processes
674 * - 'usable' Valid for batch processes and login
675 * - 'creatable' Valid for batch processes, login and account creation
676 */
677 static function getCanonicalName( $name, $validate = 'valid' ) {
678 # Force usernames to capital
679 global $wgContLang;
680 $name = $wgContLang->ucfirst( $name );
681
682 # Reject names containing '#'; these will be cleaned up
683 # with title normalisation, but then it's too late to
684 # check elsewhere
685 if( strpos( $name, '#' ) !== false )
686 return false;
687
688 # Clean up name according to title rules
689 $t = ( $validate === 'valid' ) ?
690 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
691 # Check for invalid titles
692 if( is_null( $t ) ) {
693 return false;
694 }
695
696 # Reject various classes of invalid names
697 global $wgAuth;
698 $name = $wgAuth->getCanonicalName( $t->getText() );
699
700 switch ( $validate ) {
701 case false:
702 break;
703 case 'valid':
704 if ( !User::isValidUserName( $name ) ) {
705 $name = false;
706 }
707 break;
708 case 'usable':
709 if ( !User::isUsableName( $name ) ) {
710 $name = false;
711 }
712 break;
713 case 'creatable':
714 if ( !User::isCreatableName( $name ) ) {
715 $name = false;
716 }
717 break;
718 default:
719 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
720 }
721 return $name;
722 }
723
724 /**
725 * Count the number of edits of a user
726 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
727 *
728 * @param $uid \int User ID to check
729 * @return \int The user's edit count
730 */
731 static function edits( $uid ) {
732 wfProfileIn( __METHOD__ );
733 $dbr = wfGetDB( DB_SLAVE );
734 // check if the user_editcount field has been initialized
735 $field = $dbr->selectField(
736 'user', 'user_editcount',
737 array( 'user_id' => $uid ),
738 __METHOD__
739 );
740
741 if( $field === null ) { // it has not been initialized. do so.
742 $dbw = wfGetDB( DB_MASTER );
743 $count = $dbr->selectField(
744 'revision', 'count(*)',
745 array( 'rev_user' => $uid ),
746 __METHOD__
747 );
748 $dbw->update(
749 'user',
750 array( 'user_editcount' => $count ),
751 array( 'user_id' => $uid ),
752 __METHOD__
753 );
754 } else {
755 $count = $field;
756 }
757 wfProfileOut( __METHOD__ );
758 return $count;
759 }
760
761 /**
762 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
763 * @todo hash random numbers to improve security, like generateToken()
764 *
765 * @return \string New random password
766 */
767 static function randomPassword() {
768 global $wgMinimalPasswordLength;
769 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
770 $l = strlen( $pwchars ) - 1;
771
772 $pwlength = max( 7, $wgMinimalPasswordLength );
773 $digit = mt_rand( 0, $pwlength - 1 );
774 $np = '';
775 for ( $i = 0; $i < $pwlength; $i++ ) {
776 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
777 }
778 return $np;
779 }
780
781 /**
782 * Set cached properties to default.
783 *
784 * @note This no longer clears uncached lazy-initialised properties;
785 * the constructor does that instead.
786 * @private
787 */
788 function loadDefaults( $name = false ) {
789 wfProfileIn( __METHOD__ );
790
791 global $wgRequest;
792
793 $this->mId = 0;
794 $this->mName = $name;
795 $this->mRealName = '';
796 $this->mPassword = $this->mNewpassword = '';
797 $this->mNewpassTime = null;
798 $this->mEmail = '';
799 $this->mOptionOverrides = null;
800 $this->mOptionsLoaded = false;
801
802 if( $wgRequest->getCookie( 'LoggedOut' ) !== null ) {
803 $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie( 'LoggedOut' ) );
804 } else {
805 $this->mTouched = '0'; # Allow any pages to be cached
806 }
807
808 $this->setToken(); # Random
809 $this->mEmailAuthenticated = null;
810 $this->mEmailToken = '';
811 $this->mEmailTokenExpires = null;
812 $this->mRegistration = wfTimestamp( TS_MW );
813 $this->mGroups = array();
814
815 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
816
817 wfProfileOut( __METHOD__ );
818 }
819
820 /**
821 * @deprecated Use wfSetupSession().
822 */
823 function SetupSession() {
824 wfDeprecated( __METHOD__ );
825 wfSetupSession();
826 }
827
828 /**
829 * Load user data from the session or login cookie. If there are no valid
830 * credentials, initialises the user as an anonymous user.
831 * @return \bool True if the user is logged in, false otherwise.
832 */
833 private function loadFromSession() {
834 global $wgRequest, $wgExternalAuthType, $wgAutocreatePolicy;
835
836 $result = null;
837 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
838 if ( $result !== null ) {
839 return $result;
840 }
841
842 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
843 $extUser = ExternalUser::newFromCookie();
844 if ( $extUser ) {
845 # TODO: Automatically create the user here (or probably a bit
846 # lower down, in fact)
847 }
848 }
849
850 if ( $wgRequest->getCookie( 'UserID' ) !== null ) {
851 $sId = intval( $wgRequest->getCookie( 'UserID' ) );
852 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
853 $this->loadDefaults(); // Possible collision!
854 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
855 cookie user ID ($sId) don't match!" );
856 return false;
857 }
858 $_SESSION['wsUserID'] = $sId;
859 } else if ( isset( $_SESSION['wsUserID'] ) ) {
860 if ( $_SESSION['wsUserID'] != 0 ) {
861 $sId = $_SESSION['wsUserID'];
862 } else {
863 $this->loadDefaults();
864 return false;
865 }
866 } else {
867 $this->loadDefaults();
868 return false;
869 }
870
871 if ( isset( $_SESSION['wsUserName'] ) ) {
872 $sName = $_SESSION['wsUserName'];
873 } else if ( $wgRequest->getCookie('UserName') !== null ) {
874 $sName = $wgRequest->getCookie('UserName');
875 $_SESSION['wsUserName'] = $sName;
876 } else {
877 $this->loadDefaults();
878 return false;
879 }
880
881 $this->mId = $sId;
882 if ( !$this->loadFromId() ) {
883 # Not a valid ID, loadFromId has switched the object to anon for us
884 return false;
885 }
886
887 global $wgBlockDisablesLogin;
888 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
889 # User blocked and we've disabled blocked user logins
890 $this->loadDefaults();
891 return false;
892 }
893
894 if ( isset( $_SESSION['wsToken'] ) ) {
895 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
896 $from = 'session';
897 } else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
898 $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
899 $from = 'cookie';
900 } else {
901 # No session or persistent login cookie
902 $this->loadDefaults();
903 return false;
904 }
905
906 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
907 $_SESSION['wsToken'] = $this->mToken;
908 wfDebug( "User: logged in from $from\n" );
909 return true;
910 } else {
911 # Invalid credentials
912 wfDebug( "User: can't log in from $from, invalid credentials\n" );
913 $this->loadDefaults();
914 return false;
915 }
916 }
917
918 /**
919 * Load user and user_group data from the database.
920 * $this::mId must be set, this is how the user is identified.
921 *
922 * @return \bool True if the user exists, false if the user is anonymous
923 * @private
924 */
925 function loadFromDatabase() {
926 # Paranoia
927 $this->mId = intval( $this->mId );
928
929 /** Anonymous user */
930 if( !$this->mId ) {
931 $this->loadDefaults();
932 return false;
933 }
934
935 $dbr = wfGetDB( DB_MASTER );
936 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
937
938 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
939
940 if ( $s !== false ) {
941 # Initialise user table data
942 $this->loadFromRow( $s );
943 $this->mGroups = null; // deferred
944 $this->getEditCount(); // revalidation for nulls
945 return true;
946 } else {
947 # Invalid user_id
948 $this->mId = 0;
949 $this->loadDefaults();
950 return false;
951 }
952 }
953
954 /**
955 * Initialize this object from a row from the user table.
956 *
957 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
958 */
959 function loadFromRow( $row ) {
960 $this->mDataLoaded = true;
961
962 if ( isset( $row->user_id ) ) {
963 $this->mId = intval( $row->user_id );
964 }
965 $this->mName = $row->user_name;
966 $this->mRealName = $row->user_real_name;
967 $this->mPassword = $row->user_password;
968 $this->mNewpassword = $row->user_newpassword;
969 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
970 $this->mEmail = $row->user_email;
971 $this->decodeOptions( $row->user_options );
972 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
973 $this->mToken = $row->user_token;
974 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
975 $this->mEmailToken = $row->user_email_token;
976 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
977 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
978 $this->mEditCount = $row->user_editcount;
979 }
980
981 /**
982 * Load the groups from the database if they aren't already loaded.
983 * @private
984 */
985 function loadGroups() {
986 if ( is_null( $this->mGroups ) ) {
987 $dbr = wfGetDB( DB_MASTER );
988 $res = $dbr->select( 'user_groups',
989 array( 'ug_group' ),
990 array( 'ug_user' => $this->mId ),
991 __METHOD__ );
992 $this->mGroups = array();
993 foreach ( $res as $row ) {
994 $this->mGroups[] = $row->ug_group;
995 }
996 }
997 }
998
999 /**
1000 * Clear various cached data stored in this object.
1001 * @param $reloadFrom \string Reload user and user_groups table data from a
1002 * given source. May be "name", "id", "defaults", "session", or false for
1003 * no reload.
1004 */
1005 function clearInstanceCache( $reloadFrom = false ) {
1006 $this->mNewtalk = -1;
1007 $this->mDatePreference = null;
1008 $this->mBlockedby = -1; # Unset
1009 $this->mHash = false;
1010 $this->mSkin = null;
1011 $this->mRights = null;
1012 $this->mEffectiveGroups = null;
1013 $this->mOptions = null;
1014
1015 if ( $reloadFrom ) {
1016 $this->mDataLoaded = false;
1017 $this->mFrom = $reloadFrom;
1018 }
1019 }
1020
1021 /**
1022 * Combine the language default options with any site-specific options
1023 * and add the default language variants.
1024 *
1025 * @return \type{\arrayof{\string}} Array of options
1026 */
1027 static function getDefaultOptions() {
1028 global $wgNamespacesToBeSearchedDefault;
1029 /**
1030 * Site defaults will override the global/language defaults
1031 */
1032 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1033 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1034
1035 /**
1036 * default language setting
1037 */
1038 $variant = $wgContLang->getDefaultVariant();
1039 $defOpt['variant'] = $variant;
1040 $defOpt['language'] = $variant;
1041 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1042 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1043 }
1044 $defOpt['skin'] = $wgDefaultSkin;
1045
1046 return $defOpt;
1047 }
1048
1049 /**
1050 * Get a given default option value.
1051 *
1052 * @param $opt \string Name of option to retrieve
1053 * @return \string Default option value
1054 */
1055 public static function getDefaultOption( $opt ) {
1056 $defOpts = self::getDefaultOptions();
1057 if( isset( $defOpts[$opt] ) ) {
1058 return $defOpts[$opt];
1059 } else {
1060 return null;
1061 }
1062 }
1063
1064
1065 /**
1066 * Get blocking information
1067 * @private
1068 * @param $bFromSlave \bool Whether to check the slave database first. To
1069 * improve performance, non-critical checks are done
1070 * against slaves. Check when actually saving should be
1071 * done against master.
1072 */
1073 function getBlockedStatus( $bFromSlave = true ) {
1074 global $wgProxyWhitelist, $wgUser;
1075
1076 if ( -1 != $this->mBlockedby ) {
1077 return;
1078 }
1079
1080 wfProfileIn( __METHOD__ );
1081 wfDebug( __METHOD__.": checking...\n" );
1082
1083 // Initialize data...
1084 // Otherwise something ends up stomping on $this->mBlockedby when
1085 // things get lazy-loaded later, causing false positive block hits
1086 // due to -1 !== 0. Probably session-related... Nothing should be
1087 // overwriting mBlockedby, surely?
1088 $this->load();
1089
1090 $this->mBlockedby = 0;
1091 $this->mHideName = 0;
1092 $this->mAllowUsertalk = 0;
1093
1094 # Check if we are looking at an IP or a logged-in user
1095 if ( $this->isIP( $this->getName() ) ) {
1096 $ip = $this->getName();
1097 } else {
1098 # Check if we are looking at the current user
1099 # If we don't, and the user is logged in, we don't know about
1100 # his IP / autoblock status, so ignore autoblock of current user's IP
1101 if ( $this->getID() != $wgUser->getID() ) {
1102 $ip = '';
1103 } else {
1104 # Get IP of current user
1105 $ip = wfGetIP();
1106 }
1107 }
1108
1109 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1110 # Exempt from all types of IP-block
1111 $ip = '';
1112 }
1113
1114 # User/IP blocking
1115 $this->mBlock = new Block();
1116 $this->mBlock->fromMaster( !$bFromSlave );
1117 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1118 wfDebug( __METHOD__ . ": Found block.\n" );
1119 $this->mBlockedby = $this->mBlock->mBy;
1120 if( $this->mBlockedby == 0 )
1121 $this->mBlockedby = $this->mBlock->mByName;
1122 $this->mBlockreason = $this->mBlock->mReason;
1123 $this->mHideName = $this->mBlock->mHideName;
1124 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1125 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1126 $this->spreadBlock();
1127 }
1128 } else {
1129 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1130 // apply to users. Note that the existence of $this->mBlock is not used to
1131 // check for edit blocks, $this->mBlockedby is instead.
1132 }
1133
1134 # Proxy blocking
1135 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1136 # Local list
1137 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1138 $this->mBlockedby = wfMsg( 'proxyblocker' );
1139 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1140 }
1141
1142 # DNSBL
1143 if ( !$this->mBlockedby && !$this->getID() ) {
1144 if ( $this->isDnsBlacklisted( $ip ) ) {
1145 $this->mBlockedby = wfMsg( 'sorbs' );
1146 $this->mBlockreason = wfMsg( 'sorbsreason' );
1147 }
1148 }
1149 }
1150
1151 # Extensions
1152 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1153
1154 wfProfileOut( __METHOD__ );
1155 }
1156
1157 /**
1158 * Whether the given IP is in a DNS blacklist.
1159 *
1160 * @param $ip \string IP to check
1161 * @param $checkWhitelist Boolean: whether to check the whitelist first
1162 * @return \bool True if blacklisted.
1163 */
1164 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1165 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1166 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1167
1168 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1169 return false;
1170
1171 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1172 return false;
1173
1174 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1175 return $this->inDnsBlacklist( $ip, $urls );
1176 }
1177
1178 /**
1179 * Whether the given IP is in a given DNS blacklist.
1180 *
1181 * @param $ip \string IP to check
1182 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1183 * @return \bool True if blacklisted.
1184 */
1185 function inDnsBlacklist( $ip, $bases ) {
1186 wfProfileIn( __METHOD__ );
1187
1188 $found = false;
1189 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1190 if( IP::isIPv4( $ip ) ) {
1191 # Reverse IP, bug 21255
1192 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1193
1194 foreach( (array)$bases as $base ) {
1195 # Make hostname
1196 $host = "$ipReversed.$base";
1197
1198 # Send query
1199 $ipList = gethostbynamel( $host );
1200
1201 if( $ipList ) {
1202 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1203 $found = true;
1204 break;
1205 } else {
1206 wfDebug( "Requested $host, not found in $base.\n" );
1207 }
1208 }
1209 }
1210
1211 wfProfileOut( __METHOD__ );
1212 return $found;
1213 }
1214
1215 /**
1216 * Is this user subject to rate limiting?
1217 *
1218 * @return \bool True if rate limited
1219 */
1220 public function isPingLimitable() {
1221 global $wgRateLimitsExcludedGroups;
1222 global $wgRateLimitsExcludedIPs;
1223 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1224 // Deprecated, but kept for backwards-compatibility config
1225 return false;
1226 }
1227 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1228 // No other good way currently to disable rate limits
1229 // for specific IPs. :P
1230 // But this is a crappy hack and should die.
1231 return false;
1232 }
1233 return !$this->isAllowed('noratelimit');
1234 }
1235
1236 /**
1237 * Primitive rate limits: enforce maximum actions per time period
1238 * to put a brake on flooding.
1239 *
1240 * @note When using a shared cache like memcached, IP-address
1241 * last-hit counters will be shared across wikis.
1242 *
1243 * @param $action \string Action to enforce; 'edit' if unspecified
1244 * @return \bool True if a rate limiter was tripped
1245 */
1246 function pingLimiter( $action = 'edit' ) {
1247 # Call the 'PingLimiter' hook
1248 $result = false;
1249 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1250 return $result;
1251 }
1252
1253 global $wgRateLimits;
1254 if( !isset( $wgRateLimits[$action] ) ) {
1255 return false;
1256 }
1257
1258 # Some groups shouldn't trigger the ping limiter, ever
1259 if( !$this->isPingLimitable() )
1260 return false;
1261
1262 global $wgMemc, $wgRateLimitLog;
1263 wfProfileIn( __METHOD__ );
1264
1265 $limits = $wgRateLimits[$action];
1266 $keys = array();
1267 $id = $this->getId();
1268 $ip = wfGetIP();
1269 $userLimit = false;
1270
1271 if( isset( $limits['anon'] ) && $id == 0 ) {
1272 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1273 }
1274
1275 if( isset( $limits['user'] ) && $id != 0 ) {
1276 $userLimit = $limits['user'];
1277 }
1278 if( $this->isNewbie() ) {
1279 if( isset( $limits['newbie'] ) && $id != 0 ) {
1280 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1281 }
1282 if( isset( $limits['ip'] ) ) {
1283 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1284 }
1285 $matches = array();
1286 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1287 $subnet = $matches[1];
1288 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1289 }
1290 }
1291 // Check for group-specific permissions
1292 // If more than one group applies, use the group with the highest limit
1293 foreach ( $this->getGroups() as $group ) {
1294 if ( isset( $limits[$group] ) ) {
1295 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1296 $userLimit = $limits[$group];
1297 }
1298 }
1299 }
1300 // Set the user limit key
1301 if ( $userLimit !== false ) {
1302 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1303 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1304 }
1305
1306 $triggered = false;
1307 foreach( $keys as $key => $limit ) {
1308 list( $max, $period ) = $limit;
1309 $summary = "(limit $max in {$period}s)";
1310 $count = $wgMemc->get( $key );
1311 // Already pinged?
1312 if( $count ) {
1313 if( $count > $max ) {
1314 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1315 if( $wgRateLimitLog ) {
1316 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1317 }
1318 $triggered = true;
1319 } else {
1320 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1321 }
1322 } else {
1323 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1324 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1325 }
1326 $wgMemc->incr( $key );
1327 }
1328
1329 wfProfileOut( __METHOD__ );
1330 return $triggered;
1331 }
1332
1333 /**
1334 * Check if user is blocked
1335 *
1336 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1337 * @return \bool True if blocked, false otherwise
1338 */
1339 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1340 $this->getBlockedStatus( $bFromSlave );
1341 return $this->mBlockedby !== 0;
1342 }
1343
1344 /**
1345 * Check if user is blocked from editing a particular article
1346 *
1347 * @param $title \string Title to check
1348 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1349 * @return \bool True if blocked, false otherwise
1350 */
1351 function isBlockedFrom( $title, $bFromSlave = false ) {
1352 global $wgBlockAllowsUTEdit;
1353 wfProfileIn( __METHOD__ );
1354
1355 $blocked = $this->isBlocked( $bFromSlave );
1356 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1357 # If a user's name is suppressed, they cannot make edits anywhere
1358 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1359 $title->getNamespace() == NS_USER_TALK ) {
1360 $blocked = false;
1361 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1362 }
1363
1364 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1365
1366 wfProfileOut( __METHOD__ );
1367 return $blocked;
1368 }
1369
1370 /**
1371 * If user is blocked, return the name of the user who placed the block
1372 * @return \string name of blocker
1373 */
1374 function blockedBy() {
1375 $this->getBlockedStatus();
1376 return $this->mBlockedby;
1377 }
1378
1379 /**
1380 * If user is blocked, return the specified reason for the block
1381 * @return \string Blocking reason
1382 */
1383 function blockedFor() {
1384 $this->getBlockedStatus();
1385 return $this->mBlockreason;
1386 }
1387
1388 /**
1389 * If user is blocked, return the ID for the block
1390 * @return \int Block ID
1391 */
1392 function getBlockId() {
1393 $this->getBlockedStatus();
1394 return ( $this->mBlock ? $this->mBlock->mId : false );
1395 }
1396
1397 /**
1398 * Check if user is blocked on all wikis.
1399 * Do not use for actual edit permission checks!
1400 * This is intented for quick UI checks.
1401 *
1402 * @param $ip \type{\string} IP address, uses current client if none given
1403 * @return \type{\bool} True if blocked, false otherwise
1404 */
1405 function isBlockedGlobally( $ip = '' ) {
1406 if( $this->mBlockedGlobally !== null ) {
1407 return $this->mBlockedGlobally;
1408 }
1409 // User is already an IP?
1410 if( IP::isIPAddress( $this->getName() ) ) {
1411 $ip = $this->getName();
1412 } else if( !$ip ) {
1413 $ip = wfGetIP();
1414 }
1415 $blocked = false;
1416 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1417 $this->mBlockedGlobally = (bool)$blocked;
1418 return $this->mBlockedGlobally;
1419 }
1420
1421 /**
1422 * Check if user account is locked
1423 *
1424 * @return \type{\bool} True if locked, false otherwise
1425 */
1426 function isLocked() {
1427 if( $this->mLocked !== null ) {
1428 return $this->mLocked;
1429 }
1430 global $wgAuth;
1431 $authUser = $wgAuth->getUserInstance( $this );
1432 $this->mLocked = (bool)$authUser->isLocked();
1433 return $this->mLocked;
1434 }
1435
1436 /**
1437 * Check if user account is hidden
1438 *
1439 * @return \type{\bool} True if hidden, false otherwise
1440 */
1441 function isHidden() {
1442 if( $this->mHideName !== null ) {
1443 return $this->mHideName;
1444 }
1445 $this->getBlockedStatus();
1446 if( !$this->mHideName ) {
1447 global $wgAuth;
1448 $authUser = $wgAuth->getUserInstance( $this );
1449 $this->mHideName = (bool)$authUser->isHidden();
1450 }
1451 return $this->mHideName;
1452 }
1453
1454 /**
1455 * Get the user's ID.
1456 * @return Integer The user's ID; 0 if the user is anonymous or nonexistent
1457 */
1458 function getId() {
1459 if( $this->mId === null and $this->mName !== null
1460 and User::isIP( $this->mName ) ) {
1461 // Special case, we know the user is anonymous
1462 return 0;
1463 } elseif( $this->mId === null ) {
1464 // Don't load if this was initialized from an ID
1465 $this->load();
1466 }
1467 return $this->mId;
1468 }
1469
1470 /**
1471 * Set the user and reload all fields according to a given ID
1472 * @param $v \int User ID to reload
1473 */
1474 function setId( $v ) {
1475 $this->mId = $v;
1476 $this->clearInstanceCache( 'id' );
1477 }
1478
1479 /**
1480 * Get the user name, or the IP of an anonymous user
1481 * @return \string User's name or IP address
1482 */
1483 function getName() {
1484 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1485 # Special case optimisation
1486 return $this->mName;
1487 } else {
1488 $this->load();
1489 if ( $this->mName === false ) {
1490 # Clean up IPs
1491 $this->mName = IP::sanitizeIP( wfGetIP() );
1492 }
1493 return $this->mName;
1494 }
1495 }
1496
1497 /**
1498 * Set the user name.
1499 *
1500 * This does not reload fields from the database according to the given
1501 * name. Rather, it is used to create a temporary "nonexistent user" for
1502 * later addition to the database. It can also be used to set the IP
1503 * address for an anonymous user to something other than the current
1504 * remote IP.
1505 *
1506 * @note User::newFromName() has rougly the same function, when the named user
1507 * does not exist.
1508 * @param $str \string New user name to set
1509 */
1510 function setName( $str ) {
1511 $this->load();
1512 $this->mName = $str;
1513 }
1514
1515 /**
1516 * Get the user's name escaped by underscores.
1517 * @return \string Username escaped by underscores.
1518 */
1519 function getTitleKey() {
1520 return str_replace( ' ', '_', $this->getName() );
1521 }
1522
1523 /**
1524 * Check if the user has new messages.
1525 * @return \bool True if the user has new messages
1526 */
1527 function getNewtalk() {
1528 $this->load();
1529
1530 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1531 if( $this->mNewtalk === -1 ) {
1532 $this->mNewtalk = false; # reset talk page status
1533
1534 # Check memcached separately for anons, who have no
1535 # entire User object stored in there.
1536 if( !$this->mId ) {
1537 global $wgMemc;
1538 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1539 $newtalk = $wgMemc->get( $key );
1540 if( strval( $newtalk ) !== '' ) {
1541 $this->mNewtalk = (bool)$newtalk;
1542 } else {
1543 // Since we are caching this, make sure it is up to date by getting it
1544 // from the master
1545 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1546 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1547 }
1548 } else {
1549 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1550 }
1551 }
1552
1553 return (bool)$this->mNewtalk;
1554 }
1555
1556 /**
1557 * Return the talk page(s) this user has new messages on.
1558 * @return \type{\arrayof{\string}} Array of page URLs
1559 */
1560 function getNewMessageLinks() {
1561 $talks = array();
1562 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1563 return $talks;
1564
1565 if( !$this->getNewtalk() )
1566 return array();
1567 $up = $this->getUserPage();
1568 $utp = $up->getTalkPage();
1569 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1570 }
1571
1572 /**
1573 * Internal uncached check for new messages
1574 *
1575 * @see getNewtalk()
1576 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1577 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1578 * @param $fromMaster \bool true to fetch from the master, false for a slave
1579 * @return \bool True if the user has new messages
1580 * @private
1581 */
1582 function checkNewtalk( $field, $id, $fromMaster = false ) {
1583 if ( $fromMaster ) {
1584 $db = wfGetDB( DB_MASTER );
1585 } else {
1586 $db = wfGetDB( DB_SLAVE );
1587 }
1588 $ok = $db->selectField( 'user_newtalk', $field,
1589 array( $field => $id ), __METHOD__ );
1590 return $ok !== false;
1591 }
1592
1593 /**
1594 * Add or update the new messages flag
1595 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1596 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1597 * @return \bool True if successful, false otherwise
1598 * @private
1599 */
1600 function updateNewtalk( $field, $id ) {
1601 $dbw = wfGetDB( DB_MASTER );
1602 $dbw->insert( 'user_newtalk',
1603 array( $field => $id ),
1604 __METHOD__,
1605 'IGNORE' );
1606 if ( $dbw->affectedRows() ) {
1607 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1608 return true;
1609 } else {
1610 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1611 return false;
1612 }
1613 }
1614
1615 /**
1616 * Clear the new messages flag for the given user
1617 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1618 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1619 * @return \bool True if successful, false otherwise
1620 * @private
1621 */
1622 function deleteNewtalk( $field, $id ) {
1623 $dbw = wfGetDB( DB_MASTER );
1624 $dbw->delete( 'user_newtalk',
1625 array( $field => $id ),
1626 __METHOD__ );
1627 if ( $dbw->affectedRows() ) {
1628 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1629 return true;
1630 } else {
1631 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1632 return false;
1633 }
1634 }
1635
1636 /**
1637 * Update the 'You have new messages!' status.
1638 * @param $val \bool Whether the user has new messages
1639 */
1640 function setNewtalk( $val ) {
1641 if( wfReadOnly() ) {
1642 return;
1643 }
1644
1645 $this->load();
1646 $this->mNewtalk = $val;
1647
1648 if( $this->isAnon() ) {
1649 $field = 'user_ip';
1650 $id = $this->getName();
1651 } else {
1652 $field = 'user_id';
1653 $id = $this->getId();
1654 }
1655 global $wgMemc;
1656
1657 if( $val ) {
1658 $changed = $this->updateNewtalk( $field, $id );
1659 } else {
1660 $changed = $this->deleteNewtalk( $field, $id );
1661 }
1662
1663 if( $this->isAnon() ) {
1664 // Anons have a separate memcached space, since
1665 // user records aren't kept for them.
1666 $key = wfMemcKey( 'newtalk', 'ip', $id );
1667 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1668 }
1669 if ( $changed ) {
1670 $this->invalidateCache();
1671 }
1672 }
1673
1674 /**
1675 * Generate a current or new-future timestamp to be stored in the
1676 * user_touched field when we update things.
1677 * @return \string Timestamp in TS_MW format
1678 */
1679 private static function newTouchedTimestamp() {
1680 global $wgClockSkewFudge;
1681 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1682 }
1683
1684 /**
1685 * Clear user data from memcached.
1686 * Use after applying fun updates to the database; caller's
1687 * responsibility to update user_touched if appropriate.
1688 *
1689 * Called implicitly from invalidateCache() and saveSettings().
1690 */
1691 private function clearSharedCache() {
1692 $this->load();
1693 if( $this->mId ) {
1694 global $wgMemc;
1695 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1696 }
1697 }
1698
1699 /**
1700 * Immediately touch the user data cache for this account.
1701 * Updates user_touched field, and removes account data from memcached
1702 * for reload on the next hit.
1703 */
1704 function invalidateCache() {
1705 if( wfReadOnly() ) {
1706 return;
1707 }
1708 $this->load();
1709 if( $this->mId ) {
1710 $this->mTouched = self::newTouchedTimestamp();
1711
1712 $dbw = wfGetDB( DB_MASTER );
1713 $dbw->update( 'user',
1714 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1715 array( 'user_id' => $this->mId ),
1716 __METHOD__ );
1717
1718 $this->clearSharedCache();
1719 }
1720 }
1721
1722 /**
1723 * Validate the cache for this account.
1724 * @param $timestamp \string A timestamp in TS_MW format
1725 */
1726 function validateCache( $timestamp ) {
1727 $this->load();
1728 return ( $timestamp >= $this->mTouched );
1729 }
1730
1731 /**
1732 * Get the user touched timestamp
1733 */
1734 function getTouched() {
1735 $this->load();
1736 return $this->mTouched;
1737 }
1738
1739 /**
1740 * Set the password and reset the random token.
1741 * Calls through to authentication plugin if necessary;
1742 * will have no effect if the auth plugin refuses to
1743 * pass the change through or if the legal password
1744 * checks fail.
1745 *
1746 * As a special case, setting the password to null
1747 * wipes it, so the account cannot be logged in until
1748 * a new password is set, for instance via e-mail.
1749 *
1750 * @param $str \string New password to set
1751 * @throws PasswordError on failure
1752 */
1753 function setPassword( $str ) {
1754 global $wgAuth;
1755
1756 if( $str !== null ) {
1757 if( !$wgAuth->allowPasswordChange() ) {
1758 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1759 }
1760
1761 if( !$this->isValidPassword( $str ) ) {
1762 global $wgMinimalPasswordLength;
1763 $valid = $this->getPasswordValidity( $str );
1764 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1765 $wgMinimalPasswordLength ) );
1766 }
1767 }
1768
1769 if( !$wgAuth->setPassword( $this, $str ) ) {
1770 throw new PasswordError( wfMsg( 'externaldberror' ) );
1771 }
1772
1773 $this->setInternalPassword( $str );
1774
1775 return true;
1776 }
1777
1778 /**
1779 * Set the password and reset the random token unconditionally.
1780 *
1781 * @param $str \string New password to set
1782 */
1783 function setInternalPassword( $str ) {
1784 $this->load();
1785 $this->setToken();
1786
1787 if( $str === null ) {
1788 // Save an invalid hash...
1789 $this->mPassword = '';
1790 } else {
1791 $this->mPassword = self::crypt( $str );
1792 }
1793 $this->mNewpassword = '';
1794 $this->mNewpassTime = null;
1795 }
1796
1797 /**
1798 * Get the user's current token.
1799 * @return \string Token
1800 */
1801 function getToken() {
1802 $this->load();
1803 return $this->mToken;
1804 }
1805
1806 /**
1807 * Set the random token (used for persistent authentication)
1808 * Called from loadDefaults() among other places.
1809 *
1810 * @param $token \string If specified, set the token to this value
1811 * @private
1812 */
1813 function setToken( $token = false ) {
1814 global $wgSecretKey, $wgProxyKey;
1815 $this->load();
1816 if ( !$token ) {
1817 if ( $wgSecretKey ) {
1818 $key = $wgSecretKey;
1819 } elseif ( $wgProxyKey ) {
1820 $key = $wgProxyKey;
1821 } else {
1822 $key = microtime();
1823 }
1824 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1825 } else {
1826 $this->mToken = $token;
1827 }
1828 }
1829
1830 /**
1831 * Set the cookie password
1832 *
1833 * @param $str \string New cookie password
1834 * @private
1835 */
1836 function setCookiePassword( $str ) {
1837 $this->load();
1838 $this->mCookiePassword = md5( $str );
1839 }
1840
1841 /**
1842 * Set the password for a password reminder or new account email
1843 *
1844 * @param $str \string New password to set
1845 * @param $throttle \bool If true, reset the throttle timestamp to the present
1846 */
1847 function setNewpassword( $str, $throttle = true ) {
1848 $this->load();
1849 $this->mNewpassword = self::crypt( $str );
1850 if ( $throttle ) {
1851 $this->mNewpassTime = wfTimestampNow();
1852 }
1853 }
1854
1855 /**
1856 * Has password reminder email been sent within the last
1857 * $wgPasswordReminderResendTime hours?
1858 * @return \bool True or false
1859 */
1860 function isPasswordReminderThrottled() {
1861 global $wgPasswordReminderResendTime;
1862 $this->load();
1863 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1864 return false;
1865 }
1866 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1867 return time() < $expiry;
1868 }
1869
1870 /**
1871 * Get the user's e-mail address
1872 * @return \string User's email address
1873 */
1874 function getEmail() {
1875 $this->load();
1876 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1877 return $this->mEmail;
1878 }
1879
1880 /**
1881 * Get the timestamp of the user's e-mail authentication
1882 * @return \string TS_MW timestamp
1883 */
1884 function getEmailAuthenticationTimestamp() {
1885 $this->load();
1886 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1887 return $this->mEmailAuthenticated;
1888 }
1889
1890 /**
1891 * Set the user's e-mail address
1892 * @param $str \string New e-mail address
1893 */
1894 function setEmail( $str ) {
1895 $this->load();
1896 $this->mEmail = $str;
1897 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1898 }
1899
1900 /**
1901 * Get the user's real name
1902 * @return \string User's real name
1903 */
1904 function getRealName() {
1905 $this->load();
1906 return $this->mRealName;
1907 }
1908
1909 /**
1910 * Set the user's real name
1911 * @param $str \string New real name
1912 */
1913 function setRealName( $str ) {
1914 $this->load();
1915 $this->mRealName = $str;
1916 }
1917
1918 /**
1919 * Get the user's current setting for a given option.
1920 *
1921 * @param $oname \string The option to check
1922 * @param $defaultOverride \string A default value returned if the option does not exist
1923 * @return \string User's current value for the option
1924 * @see getBoolOption()
1925 * @see getIntOption()
1926 */
1927 function getOption( $oname, $defaultOverride = null ) {
1928 $this->loadOptions();
1929
1930 if ( is_null( $this->mOptions ) ) {
1931 if($defaultOverride != '') {
1932 return $defaultOverride;
1933 }
1934 $this->mOptions = User::getDefaultOptions();
1935 }
1936
1937 if ( array_key_exists( $oname, $this->mOptions ) ) {
1938 return $this->mOptions[$oname];
1939 } else {
1940 return $defaultOverride;
1941 }
1942 }
1943
1944 /**
1945 * Get all user's options
1946 *
1947 * @return array
1948 */
1949 public function getOptions() {
1950 $this->loadOptions();
1951 return $this->mOptions;
1952 }
1953
1954 /**
1955 * Get the user's current setting for a given option, as a boolean value.
1956 *
1957 * @param $oname \string The option to check
1958 * @return \bool User's current value for the option
1959 * @see getOption()
1960 */
1961 function getBoolOption( $oname ) {
1962 return (bool)$this->getOption( $oname );
1963 }
1964
1965
1966 /**
1967 * Get the user's current setting for a given option, as a boolean value.
1968 *
1969 * @param $oname \string The option to check
1970 * @param $defaultOverride \int A default value returned if the option does not exist
1971 * @return \int User's current value for the option
1972 * @see getOption()
1973 */
1974 function getIntOption( $oname, $defaultOverride=0 ) {
1975 $val = $this->getOption( $oname );
1976 if( $val == '' ) {
1977 $val = $defaultOverride;
1978 }
1979 return intval( $val );
1980 }
1981
1982 /**
1983 * Set the given option for a user.
1984 *
1985 * @param $oname \string The option to set
1986 * @param $val \mixed New value to set
1987 */
1988 function setOption( $oname, $val ) {
1989 $this->load();
1990 $this->loadOptions();
1991
1992 if ( $oname == 'skin' ) {
1993 # Clear cached skin, so the new one displays immediately in Special:Preferences
1994 $this->mSkin = null;
1995 }
1996
1997 // Explicitly NULL values should refer to defaults
1998 global $wgDefaultUserOptions;
1999 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2000 $val = $wgDefaultUserOptions[$oname];
2001 }
2002
2003 $this->mOptions[$oname] = $val;
2004 }
2005
2006 /**
2007 * Reset all options to the site defaults
2008 */
2009 function resetOptions() {
2010 $this->mOptions = User::getDefaultOptions();
2011 }
2012
2013 /**
2014 * Get the user's preferred date format.
2015 * @return \string User's preferred date format
2016 */
2017 function getDatePreference() {
2018 // Important migration for old data rows
2019 if ( is_null( $this->mDatePreference ) ) {
2020 global $wgLang;
2021 $value = $this->getOption( 'date' );
2022 $map = $wgLang->getDatePreferenceMigrationMap();
2023 if ( isset( $map[$value] ) ) {
2024 $value = $map[$value];
2025 }
2026 $this->mDatePreference = $value;
2027 }
2028 return $this->mDatePreference;
2029 }
2030
2031 /**
2032 * Get the user preferred stub threshold
2033 */
2034 function getStubThreshold() {
2035 global $wgMaxArticleSize; # Maximum article size, in Kb
2036 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2037 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2038 # If they have set an impossible value, disable the preference
2039 # so we can use the parser cache again.
2040 $threshold = 0;
2041 }
2042 return $threshold;
2043 }
2044
2045 /**
2046 * Get the permissions this user has.
2047 * @return \type{\arrayof{\string}} Array of permission names
2048 */
2049 function getRights() {
2050 if ( is_null( $this->mRights ) ) {
2051 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2052 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2053 // Force reindexation of rights when a hook has unset one of them
2054 $this->mRights = array_values( $this->mRights );
2055 }
2056 return $this->mRights;
2057 }
2058
2059 /**
2060 * Get the list of explicit group memberships this user has.
2061 * The implicit * and user groups are not included.
2062 * @return \type{\arrayof{\string}} Array of internal group names
2063 */
2064 function getGroups() {
2065 $this->load();
2066 return $this->mGroups;
2067 }
2068
2069 /**
2070 * Get the list of implicit group memberships this user has.
2071 * This includes all explicit groups, plus 'user' if logged in,
2072 * '*' for all accounts and autopromoted groups
2073 * @param $recache \bool Whether to avoid the cache
2074 * @return \type{\arrayof{\string}} Array of internal group names
2075 */
2076 function getEffectiveGroups( $recache = false ) {
2077 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2078 wfProfileIn( __METHOD__ );
2079 $this->mEffectiveGroups = $this->getGroups();
2080 $this->mEffectiveGroups[] = '*';
2081 if( $this->getId() ) {
2082 $this->mEffectiveGroups[] = 'user';
2083
2084 $this->mEffectiveGroups = array_unique( array_merge(
2085 $this->mEffectiveGroups,
2086 Autopromote::getAutopromoteGroups( $this )
2087 ) );
2088
2089 # Hook for additional groups
2090 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2091 }
2092 wfProfileOut( __METHOD__ );
2093 }
2094 return $this->mEffectiveGroups;
2095 }
2096
2097 /**
2098 * Get the user's edit count.
2099 * @return \int User'e edit count
2100 */
2101 function getEditCount() {
2102 if( $this->getId() ) {
2103 if ( !isset( $this->mEditCount ) ) {
2104 /* Populate the count, if it has not been populated yet */
2105 $this->mEditCount = User::edits( $this->mId );
2106 }
2107 return $this->mEditCount;
2108 } else {
2109 /* nil */
2110 return null;
2111 }
2112 }
2113
2114 /**
2115 * Add the user to the given group.
2116 * This takes immediate effect.
2117 * @param $group \string Name of the group to add
2118 */
2119 function addGroup( $group ) {
2120 $dbw = wfGetDB( DB_MASTER );
2121 if( $this->getId() ) {
2122 $dbw->insert( 'user_groups',
2123 array(
2124 'ug_user' => $this->getID(),
2125 'ug_group' => $group,
2126 ),
2127 __METHOD__,
2128 array( 'IGNORE' ) );
2129 }
2130
2131 $this->loadGroups();
2132 $this->mGroups[] = $group;
2133 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2134
2135 $this->invalidateCache();
2136 }
2137
2138 /**
2139 * Remove the user from the given group.
2140 * This takes immediate effect.
2141 * @param $group \string Name of the group to remove
2142 */
2143 function removeGroup( $group ) {
2144 $this->load();
2145 $dbw = wfGetDB( DB_MASTER );
2146 $dbw->delete( 'user_groups',
2147 array(
2148 'ug_user' => $this->getID(),
2149 'ug_group' => $group,
2150 ), __METHOD__ );
2151
2152 $this->loadGroups();
2153 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2154 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2155
2156 $this->invalidateCache();
2157 }
2158
2159 /**
2160 * Get whether the user is logged in
2161 * @return \bool True or false
2162 */
2163 function isLoggedIn() {
2164 return $this->getID() != 0;
2165 }
2166
2167 /**
2168 * Get whether the user is anonymous
2169 * @return \bool True or false
2170 */
2171 function isAnon() {
2172 return !$this->isLoggedIn();
2173 }
2174
2175 /**
2176 * Get whether the user is a bot
2177 * @return \bool True or false
2178 * @deprecated
2179 */
2180 function isBot() {
2181 wfDeprecated( __METHOD__ );
2182 return $this->isAllowed( 'bot' );
2183 }
2184
2185 /**
2186 * Check if user is allowed to access a feature / make an action
2187 * @param $action \string action to be checked
2188 * @return Boolean: True if action is allowed, else false
2189 */
2190 function isAllowed( $action = '' ) {
2191 if ( $action === '' ) {
2192 return true; // In the spirit of DWIM
2193 }
2194 # Patrolling may not be enabled
2195 if( $action === 'patrol' || $action === 'autopatrol' ) {
2196 global $wgUseRCPatrol, $wgUseNPPatrol;
2197 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2198 return false;
2199 }
2200 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2201 # by misconfiguration: 0 == 'foo'
2202 return in_array( $action, $this->getRights(), true );
2203 }
2204
2205 /**
2206 * Check whether to enable recent changes patrol features for this user
2207 * @return Boolean: True or false
2208 */
2209 public function useRCPatrol() {
2210 global $wgUseRCPatrol;
2211 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2212 }
2213
2214 /**
2215 * Check whether to enable new pages patrol features for this user
2216 * @return \bool True or false
2217 */
2218 public function useNPPatrol() {
2219 global $wgUseRCPatrol, $wgUseNPPatrol;
2220 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2221 }
2222
2223 /**
2224 * Get the current skin, loading it if required, and setting a title
2225 * @param $t Title: the title to use in the skin
2226 * @return Skin The current skin
2227 * @todo FIXME : need to check the old failback system [AV]
2228 */
2229 function getSkin( $t = null ) {
2230 if ( $t ) {
2231 $skin = $this->createSkinObject();
2232 $skin->setTitle( $t );
2233 return $skin;
2234 } else {
2235 if ( !$this->mSkin ) {
2236 $this->mSkin = $this->createSkinObject();
2237 }
2238
2239 if ( !$this->mSkin->getTitle() ) {
2240 global $wgOut;
2241 $t = $wgOut->getTitle();
2242 $this->mSkin->setTitle($t);
2243 }
2244
2245 return $this->mSkin;
2246 }
2247 }
2248
2249 // Creates a Skin object, for getSkin()
2250 private function createSkinObject() {
2251 wfProfileIn( __METHOD__ );
2252
2253 global $wgHiddenPrefs;
2254 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2255 global $wgRequest;
2256 # get the user skin
2257 $userSkin = $this->getOption( 'skin' );
2258 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2259 } else {
2260 # if we're not allowing users to override, then use the default
2261 global $wgDefaultSkin;
2262 $userSkin = $wgDefaultSkin;
2263 }
2264
2265 $skin = Skin::newFromKey( $userSkin );
2266 wfProfileOut( __METHOD__ );
2267
2268 return $skin;
2269 }
2270
2271 /**
2272 * Check the watched status of an article.
2273 * @param $title \type{Title} Title of the article to look at
2274 * @return \bool True if article is watched
2275 */
2276 function isWatched( $title ) {
2277 $wl = WatchedItem::fromUserTitle( $this, $title );
2278 return $wl->isWatched();
2279 }
2280
2281 /**
2282 * Watch an article.
2283 * @param $title \type{Title} Title of the article to look at
2284 */
2285 function addWatch( $title ) {
2286 $wl = WatchedItem::fromUserTitle( $this, $title );
2287 $wl->addWatch();
2288 $this->invalidateCache();
2289 }
2290
2291 /**
2292 * Stop watching an article.
2293 * @param $title \type{Title} Title of the article to look at
2294 */
2295 function removeWatch( $title ) {
2296 $wl = WatchedItem::fromUserTitle( $this, $title );
2297 $wl->removeWatch();
2298 $this->invalidateCache();
2299 }
2300
2301 /**
2302 * Clear the user's notification timestamp for the given title.
2303 * If e-notif e-mails are on, they will receive notification mails on
2304 * the next change of the page if it's watched etc.
2305 * @param $title \type{Title} Title of the article to look at
2306 */
2307 function clearNotification( &$title ) {
2308 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2309
2310 # Do nothing if the database is locked to writes
2311 if( wfReadOnly() ) {
2312 return;
2313 }
2314
2315 if( $title->getNamespace() == NS_USER_TALK &&
2316 $title->getText() == $this->getName() ) {
2317 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2318 return;
2319 $this->setNewtalk( false );
2320 }
2321
2322 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2323 return;
2324 }
2325
2326 if( $this->isAnon() ) {
2327 // Nothing else to do...
2328 return;
2329 }
2330
2331 // Only update the timestamp if the page is being watched.
2332 // The query to find out if it is watched is cached both in memcached and per-invocation,
2333 // and when it does have to be executed, it can be on a slave
2334 // If this is the user's newtalk page, we always update the timestamp
2335 if( $title->getNamespace() == NS_USER_TALK &&
2336 $title->getText() == $wgUser->getName() )
2337 {
2338 $watched = true;
2339 } elseif ( $this->getId() == $wgUser->getId() ) {
2340 $watched = $title->userIsWatching();
2341 } else {
2342 $watched = true;
2343 }
2344
2345 // If the page is watched by the user (or may be watched), update the timestamp on any
2346 // any matching rows
2347 if ( $watched ) {
2348 $dbw = wfGetDB( DB_MASTER );
2349 $dbw->update( 'watchlist',
2350 array( /* SET */
2351 'wl_notificationtimestamp' => null
2352 ), array( /* WHERE */
2353 'wl_title' => $title->getDBkey(),
2354 'wl_namespace' => $title->getNamespace(),
2355 'wl_user' => $this->getID()
2356 ), __METHOD__
2357 );
2358 }
2359 }
2360
2361 /**
2362 * Resets all of the given user's page-change notification timestamps.
2363 * If e-notif e-mails are on, they will receive notification mails on
2364 * the next change of any watched page.
2365 *
2366 * @param $currentUser \int User ID
2367 */
2368 function clearAllNotifications( $currentUser ) {
2369 global $wgUseEnotif, $wgShowUpdatedMarker;
2370 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2371 $this->setNewtalk( false );
2372 return;
2373 }
2374 if( $currentUser != 0 ) {
2375 $dbw = wfGetDB( DB_MASTER );
2376 $dbw->update( 'watchlist',
2377 array( /* SET */
2378 'wl_notificationtimestamp' => null
2379 ), array( /* WHERE */
2380 'wl_user' => $currentUser
2381 ), __METHOD__
2382 );
2383 # We also need to clear here the "you have new message" notification for the own user_talk page
2384 # This is cleared one page view later in Article::viewUpdates();
2385 }
2386 }
2387
2388 /**
2389 * Set this user's options from an encoded string
2390 * @param $str \string Encoded options to import
2391 * @private
2392 */
2393 function decodeOptions( $str ) {
2394 if( !$str )
2395 return;
2396
2397 $this->mOptionsLoaded = true;
2398 $this->mOptionOverrides = array();
2399
2400 // If an option is not set in $str, use the default value
2401 $this->mOptions = self::getDefaultOptions();
2402
2403 $a = explode( "\n", $str );
2404 foreach ( $a as $s ) {
2405 $m = array();
2406 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2407 $this->mOptions[$m[1]] = $m[2];
2408 $this->mOptionOverrides[$m[1]] = $m[2];
2409 }
2410 }
2411 }
2412
2413 /**
2414 * Set a cookie on the user's client. Wrapper for
2415 * WebResponse::setCookie
2416 * @param $name \string Name of the cookie to set
2417 * @param $value \string Value to set
2418 * @param $exp \int Expiration time, as a UNIX time value;
2419 * if 0 or not specified, use the default $wgCookieExpiration
2420 */
2421 protected function setCookie( $name, $value, $exp = 0 ) {
2422 global $wgRequest;
2423 $wgRequest->response()->setcookie( $name, $value, $exp );
2424 }
2425
2426 /**
2427 * Clear a cookie on the user's client
2428 * @param $name \string Name of the cookie to clear
2429 */
2430 protected function clearCookie( $name ) {
2431 $this->setCookie( $name, '', time() - 86400 );
2432 }
2433
2434 /**
2435 * Set the default cookies for this session on the user's client.
2436 */
2437 function setCookies() {
2438 $this->load();
2439 if ( 0 == $this->mId ) return;
2440 $session = array(
2441 'wsUserID' => $this->mId,
2442 'wsToken' => $this->mToken,
2443 'wsUserName' => $this->getName()
2444 );
2445 $cookies = array(
2446 'UserID' => $this->mId,
2447 'UserName' => $this->getName(),
2448 );
2449 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2450 $cookies['Token'] = $this->mToken;
2451 } else {
2452 $cookies['Token'] = false;
2453 }
2454
2455 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2456 #check for null, since the hook could cause a null value
2457 if ( !is_null( $session ) && isset( $_SESSION ) ){
2458 $_SESSION = $session + $_SESSION;
2459 }
2460 foreach ( $cookies as $name => $value ) {
2461 if ( $value === false ) {
2462 $this->clearCookie( $name );
2463 } else {
2464 $this->setCookie( $name, $value );
2465 }
2466 }
2467 }
2468
2469 /**
2470 * Log this user out.
2471 */
2472 function logout() {
2473 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2474 $this->doLogout();
2475 }
2476 }
2477
2478 /**
2479 * Clear the user's cookies and session, and reset the instance cache.
2480 * @private
2481 * @see logout()
2482 */
2483 function doLogout() {
2484 $this->clearInstanceCache( 'defaults' );
2485
2486 $_SESSION['wsUserID'] = 0;
2487
2488 $this->clearCookie( 'UserID' );
2489 $this->clearCookie( 'Token' );
2490
2491 # Remember when user logged out, to prevent seeing cached pages
2492 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2493 }
2494
2495 /**
2496 * Save this user's settings into the database.
2497 * @todo Only rarely do all these fields need to be set!
2498 */
2499 function saveSettings() {
2500 $this->load();
2501 if ( wfReadOnly() ) { return; }
2502 if ( 0 == $this->mId ) { return; }
2503
2504 $this->mTouched = self::newTouchedTimestamp();
2505
2506 $dbw = wfGetDB( DB_MASTER );
2507 $dbw->update( 'user',
2508 array( /* SET */
2509 'user_name' => $this->mName,
2510 'user_password' => $this->mPassword,
2511 'user_newpassword' => $this->mNewpassword,
2512 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2513 'user_real_name' => $this->mRealName,
2514 'user_email' => $this->mEmail,
2515 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2516 'user_options' => '',
2517 'user_touched' => $dbw->timestamp( $this->mTouched ),
2518 'user_token' => $this->mToken,
2519 'user_email_token' => $this->mEmailToken,
2520 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2521 ), array( /* WHERE */
2522 'user_id' => $this->mId
2523 ), __METHOD__
2524 );
2525
2526 $this->saveOptions();
2527
2528 wfRunHooks( 'UserSaveSettings', array( $this ) );
2529 $this->clearSharedCache();
2530 $this->getUserPage()->invalidateCache();
2531 }
2532
2533 /**
2534 * If only this user's username is known, and it exists, return the user ID.
2535 */
2536 function idForName() {
2537 $s = trim( $this->getName() );
2538 if ( $s === '' ) return 0;
2539
2540 $dbr = wfGetDB( DB_SLAVE );
2541 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2542 if ( $id === false ) {
2543 $id = 0;
2544 }
2545 return $id;
2546 }
2547
2548 /**
2549 * Add a user to the database, return the user object
2550 *
2551 * @param $name \string Username to add
2552 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2553 * - password The user's password. Password logins will be disabled if this is omitted.
2554 * - newpassword A temporary password mailed to the user
2555 * - email The user's email address
2556 * - email_authenticated The email authentication timestamp
2557 * - real_name The user's real name
2558 * - options An associative array of non-default options
2559 * - token Random authentication token. Do not set.
2560 * - registration Registration timestamp. Do not set.
2561 *
2562 * @return \type{User} A new User object, or null if the username already exists
2563 */
2564 static function createNew( $name, $params = array() ) {
2565 $user = new User;
2566 $user->load();
2567 if ( isset( $params['options'] ) ) {
2568 $user->mOptions = $params['options'] + (array)$user->mOptions;
2569 unset( $params['options'] );
2570 }
2571 $dbw = wfGetDB( DB_MASTER );
2572 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2573
2574 $fields = array(
2575 'user_id' => $seqVal,
2576 'user_name' => $name,
2577 'user_password' => $user->mPassword,
2578 'user_newpassword' => $user->mNewpassword,
2579 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2580 'user_email' => $user->mEmail,
2581 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2582 'user_real_name' => $user->mRealName,
2583 'user_options' => '',
2584 'user_token' => $user->mToken,
2585 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2586 'user_editcount' => 0,
2587 );
2588 foreach ( $params as $name => $value ) {
2589 $fields["user_$name"] = $value;
2590 }
2591 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2592 if ( $dbw->affectedRows() ) {
2593 $newUser = User::newFromId( $dbw->insertId() );
2594 } else {
2595 $newUser = null;
2596 }
2597 return $newUser;
2598 }
2599
2600 /**
2601 * Add this existing user object to the database
2602 */
2603 function addToDatabase() {
2604 $this->load();
2605 $dbw = wfGetDB( DB_MASTER );
2606 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2607 $dbw->insert( 'user',
2608 array(
2609 'user_id' => $seqVal,
2610 'user_name' => $this->mName,
2611 'user_password' => $this->mPassword,
2612 'user_newpassword' => $this->mNewpassword,
2613 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2614 'user_email' => $this->mEmail,
2615 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2616 'user_real_name' => $this->mRealName,
2617 'user_options' => '',
2618 'user_token' => $this->mToken,
2619 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2620 'user_editcount' => 0,
2621 ), __METHOD__
2622 );
2623 $this->mId = $dbw->insertId();
2624
2625 // Clear instance cache other than user table data, which is already accurate
2626 $this->clearInstanceCache();
2627
2628 $this->saveOptions();
2629 }
2630
2631 /**
2632 * If this (non-anonymous) user is blocked, block any IP address
2633 * they've successfully logged in from.
2634 */
2635 function spreadBlock() {
2636 wfDebug( __METHOD__ . "()\n" );
2637 $this->load();
2638 if ( $this->mId == 0 ) {
2639 return;
2640 }
2641
2642 $userblock = Block::newFromDB( '', $this->mId );
2643 if ( !$userblock ) {
2644 return;
2645 }
2646
2647 $userblock->doAutoblock( wfGetIP() );
2648 }
2649
2650 /**
2651 * Generate a string which will be different for any combination of
2652 * user options which would produce different parser output.
2653 * This will be used as part of the hash key for the parser cache,
2654 * so users with the same options can share the same cached data
2655 * safely.
2656 *
2657 * Extensions which require it should install 'PageRenderingHash' hook,
2658 * which will give them a chance to modify this key based on their own
2659 * settings.
2660 *
2661 * @deprecated use the ParserOptions object to get the relevant options
2662 * @return \string Page rendering hash
2663 */
2664 function getPageRenderingHash() {
2665 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2666 if( $this->mHash ){
2667 return $this->mHash;
2668 }
2669 wfDeprecated( __METHOD__ );
2670
2671 // stubthreshold is only included below for completeness,
2672 // since it disables the parser cache, its value will always
2673 // be 0 when this function is called by parsercache.
2674
2675 $confstr = $this->getOption( 'math' );
2676 $confstr .= '!' . $this->getStubThreshold();
2677 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2678 $confstr .= '!' . $this->getDatePreference();
2679 }
2680 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2681 $confstr .= '!' . $wgLang->getCode();
2682 $confstr .= '!' . $this->getOption( 'thumbsize' );
2683 // add in language specific options, if any
2684 $extra = $wgContLang->getExtraHashOptions();
2685 $confstr .= $extra;
2686
2687 // Since the skin could be overloading link(), it should be
2688 // included here but in practice, none of our skins do that.
2689
2690 $confstr .= $wgRenderHashAppend;
2691
2692 // Give a chance for extensions to modify the hash, if they have
2693 // extra options or other effects on the parser cache.
2694 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2695
2696 // Make it a valid memcached key fragment
2697 $confstr = str_replace( ' ', '_', $confstr );
2698 $this->mHash = $confstr;
2699 return $confstr;
2700 }
2701
2702 /**
2703 * Get whether the user is explicitly blocked from account creation.
2704 * @return \bool True if blocked
2705 */
2706 function isBlockedFromCreateAccount() {
2707 $this->getBlockedStatus();
2708 return $this->mBlock && $this->mBlock->mCreateAccount;
2709 }
2710
2711 /**
2712 * Get whether the user is blocked from using Special:Emailuser.
2713 * @return Boolean: True if blocked
2714 */
2715 function isBlockedFromEmailuser() {
2716 $this->getBlockedStatus();
2717 return $this->mBlock && $this->mBlock->mBlockEmail;
2718 }
2719
2720 /**
2721 * Get whether the user is allowed to create an account.
2722 * @return Boolean: True if allowed
2723 */
2724 function isAllowedToCreateAccount() {
2725 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2726 }
2727
2728 /**
2729 * Get this user's personal page title.
2730 *
2731 * @return Title: User's personal page title
2732 */
2733 function getUserPage() {
2734 return Title::makeTitle( NS_USER, $this->getName() );
2735 }
2736
2737 /**
2738 * Get this user's talk page title.
2739 *
2740 * @return Title: User's talk page title
2741 */
2742 function getTalkPage() {
2743 $title = $this->getUserPage();
2744 return $title->getTalkPage();
2745 }
2746
2747 /**
2748 * Get the maximum valid user ID.
2749 * @return Integer: User ID
2750 * @static
2751 */
2752 function getMaxID() {
2753 static $res; // cache
2754
2755 if ( isset( $res ) ) {
2756 return $res;
2757 } else {
2758 $dbr = wfGetDB( DB_SLAVE );
2759 return $res = $dbr->selectField( 'user', 'max(user_id)', false, __METHOD__ );
2760 }
2761 }
2762
2763 /**
2764 * Determine whether the user is a newbie. Newbies are either
2765 * anonymous IPs, or the most recently created accounts.
2766 * @return Boolean: True if the user is a newbie
2767 */
2768 function isNewbie() {
2769 return !$this->isAllowed( 'autoconfirmed' );
2770 }
2771
2772 /**
2773 * Check to see if the given clear-text password is one of the accepted passwords
2774 * @param $password String: user password.
2775 * @return Boolean: True if the given password is correct, otherwise False.
2776 */
2777 function checkPassword( $password ) {
2778 global $wgAuth;
2779 $this->load();
2780
2781 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2782 return true;
2783 } elseif( $wgAuth->strict() ) {
2784 /* Auth plugin doesn't allow local authentication */
2785 return false;
2786 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2787 /* Auth plugin doesn't allow local authentication for this user name */
2788 return false;
2789 }
2790 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2791 return true;
2792 } elseif ( function_exists( 'iconv' ) ) {
2793 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2794 # Check for this with iconv
2795 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2796 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2797 return true;
2798 }
2799 }
2800 return false;
2801 }
2802
2803 /**
2804 * Check if the given clear-text password matches the temporary password
2805 * sent by e-mail for password reset operations.
2806 * @return Boolean: True if matches, false otherwise
2807 */
2808 function checkTemporaryPassword( $plaintext ) {
2809 global $wgNewPasswordExpiry;
2810 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2811 $this->load();
2812 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2813 return ( time() < $expiry );
2814 } else {
2815 return false;
2816 }
2817 }
2818
2819 /**
2820 * Initialize (if necessary) and return a session token value
2821 * which can be used in edit forms to show that the user's
2822 * login credentials aren't being hijacked with a foreign form
2823 * submission.
2824 *
2825 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2826 * @return \string The new edit token
2827 */
2828 function editToken( $salt = '' ) {
2829 if ( $this->isAnon() ) {
2830 return EDIT_TOKEN_SUFFIX;
2831 } else {
2832 if( !isset( $_SESSION['wsEditToken'] ) ) {
2833 $token = self::generateToken();
2834 $_SESSION['wsEditToken'] = $token;
2835 } else {
2836 $token = $_SESSION['wsEditToken'];
2837 }
2838 if( is_array( $salt ) ) {
2839 $salt = implode( '|', $salt );
2840 }
2841 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2842 }
2843 }
2844
2845 /**
2846 * Generate a looking random token for various uses.
2847 *
2848 * @param $salt \string Optional salt value
2849 * @return \string The new random token
2850 */
2851 public static function generateToken( $salt = '' ) {
2852 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2853 return md5( $token . $salt );
2854 }
2855
2856 /**
2857 * Check given value against the token value stored in the session.
2858 * A match should confirm that the form was submitted from the
2859 * user's own login session, not a form submission from a third-party
2860 * site.
2861 *
2862 * @param $val \string Input value to compare
2863 * @param $salt \string Optional function-specific data for hashing
2864 * @return Boolean: Whether the token matches
2865 */
2866 function matchEditToken( $val, $salt = '' ) {
2867 $sessionToken = $this->editToken( $salt );
2868 if ( $val != $sessionToken ) {
2869 wfDebug( "User::matchEditToken: broken session data\n" );
2870 }
2871 return $val == $sessionToken;
2872 }
2873
2874 /**
2875 * Check given value against the token value stored in the session,
2876 * ignoring the suffix.
2877 *
2878 * @param $val \string Input value to compare
2879 * @param $salt \string Optional function-specific data for hashing
2880 * @return Boolean: Whether the token matches
2881 */
2882 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2883 $sessionToken = $this->editToken( $salt );
2884 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2885 }
2886
2887 /**
2888 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2889 * mail to the user's given address.
2890 *
2891 * @param $changed Boolean: whether the adress changed
2892 * @return Status object
2893 */
2894 function sendConfirmationMail( $changed = false ) {
2895 global $wgLang;
2896 $expiration = null; // gets passed-by-ref and defined in next line.
2897 $token = $this->confirmationToken( $expiration );
2898 $url = $this->confirmationTokenUrl( $token );
2899 $invalidateURL = $this->invalidationTokenUrl( $token );
2900 $this->saveSettings();
2901
2902 $message = $changed ? 'confirmemail_body_changed' : 'confirmemail_body';
2903 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2904 wfMsg( $message,
2905 wfGetIP(),
2906 $this->getName(),
2907 $url,
2908 $wgLang->timeanddate( $expiration, false ),
2909 $invalidateURL,
2910 $wgLang->date( $expiration, false ),
2911 $wgLang->time( $expiration, false ) ) );
2912 }
2913
2914 /**
2915 * Send an e-mail to this user's account. Does not check for
2916 * confirmed status or validity.
2917 *
2918 * @param $subject \string Message subject
2919 * @param $body \string Message body
2920 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2921 * @param $replyto \string Reply-To address
2922 * @return Status object
2923 */
2924 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2925 if( is_null( $from ) ) {
2926 global $wgPasswordSender, $wgPasswordSenderName;
2927 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
2928 } else {
2929 $sender = new MailAddress( $from );
2930 }
2931
2932 $to = new MailAddress( $this );
2933 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2934 }
2935
2936 /**
2937 * Generate, store, and return a new e-mail confirmation code.
2938 * A hash (unsalted, since it's used as a key) is stored.
2939 *
2940 * @note Call saveSettings() after calling this function to commit
2941 * this change to the database.
2942 *
2943 * @param[out] &$expiration \mixed Accepts the expiration time
2944 * @return \string New token
2945 * @private
2946 */
2947 function confirmationToken( &$expiration ) {
2948 $now = time();
2949 $expires = $now + 7 * 24 * 60 * 60;
2950 $expiration = wfTimestamp( TS_MW, $expires );
2951 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
2952 $hash = md5( $token );
2953 $this->load();
2954 $this->mEmailToken = $hash;
2955 $this->mEmailTokenExpires = $expiration;
2956 return $token;
2957 }
2958
2959 /**
2960 * Return a URL the user can use to confirm their email address.
2961 * @param $token \string Accepts the email confirmation token
2962 * @return \string New token URL
2963 * @private
2964 */
2965 function confirmationTokenUrl( $token ) {
2966 return $this->getTokenUrl( 'ConfirmEmail', $token );
2967 }
2968
2969 /**
2970 * Return a URL the user can use to invalidate their email address.
2971 * @param $token \string Accepts the email confirmation token
2972 * @return \string New token URL
2973 * @private
2974 */
2975 function invalidationTokenUrl( $token ) {
2976 return $this->getTokenUrl( 'Invalidateemail', $token );
2977 }
2978
2979 /**
2980 * Internal function to format the e-mail validation/invalidation URLs.
2981 * This uses $wgArticlePath directly as a quickie hack to use the
2982 * hardcoded English names of the Special: pages, for ASCII safety.
2983 *
2984 * @note Since these URLs get dropped directly into emails, using the
2985 * short English names avoids insanely long URL-encoded links, which
2986 * also sometimes can get corrupted in some browsers/mailers
2987 * (bug 6957 with Gmail and Internet Explorer).
2988 *
2989 * @param $page \string Special page
2990 * @param $token \string Token
2991 * @return \string Formatted URL
2992 */
2993 protected function getTokenUrl( $page, $token ) {
2994 global $wgArticlePath;
2995 return wfExpandUrl(
2996 str_replace(
2997 '$1',
2998 "Special:$page/$token",
2999 $wgArticlePath ) );
3000 }
3001
3002 /**
3003 * Mark the e-mail address confirmed.
3004 *
3005 * @note Call saveSettings() after calling this function to commit the change.
3006 */
3007 function confirmEmail() {
3008 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3009 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3010 return true;
3011 }
3012
3013 /**
3014 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3015 * address if it was already confirmed.
3016 *
3017 * @note Call saveSettings() after calling this function to commit the change.
3018 */
3019 function invalidateEmail() {
3020 $this->load();
3021 $this->mEmailToken = null;
3022 $this->mEmailTokenExpires = null;
3023 $this->setEmailAuthenticationTimestamp( null );
3024 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3025 return true;
3026 }
3027
3028 /**
3029 * Set the e-mail authentication timestamp.
3030 * @param $timestamp \string TS_MW timestamp
3031 */
3032 function setEmailAuthenticationTimestamp( $timestamp ) {
3033 $this->load();
3034 $this->mEmailAuthenticated = $timestamp;
3035 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3036 }
3037
3038 /**
3039 * Is this user allowed to send e-mails within limits of current
3040 * site configuration?
3041 * @return Boolean: True if allowed
3042 */
3043 function canSendEmail() {
3044 global $wgEnableEmail, $wgEnableUserEmail;
3045 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3046 return false;
3047 }
3048 $canSend = $this->isEmailConfirmed();
3049 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3050 return $canSend;
3051 }
3052
3053 /**
3054 * Is this user allowed to receive e-mails within limits of current
3055 * site configuration?
3056 * @return Boolean: True if allowed
3057 */
3058 function canReceiveEmail() {
3059 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3060 }
3061
3062 /**
3063 * Is this user's e-mail address valid-looking and confirmed within
3064 * limits of the current site configuration?
3065 *
3066 * @note If $wgEmailAuthentication is on, this may require the user to have
3067 * confirmed their address by returning a code or using a password
3068 * sent to the address from the wiki.
3069 *
3070 * @return Boolean: True if confirmed
3071 */
3072 function isEmailConfirmed() {
3073 global $wgEmailAuthentication;
3074 $this->load();
3075 $confirmed = true;
3076 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3077 if( $this->isAnon() )
3078 return false;
3079 if( !self::isValidEmailAddr( $this->mEmail ) )
3080 return false;
3081 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3082 return false;
3083 return true;
3084 } else {
3085 return $confirmed;
3086 }
3087 }
3088
3089 /**
3090 * Check whether there is an outstanding request for e-mail confirmation.
3091 * @return Boolean: True if pending
3092 */
3093 function isEmailConfirmationPending() {
3094 global $wgEmailAuthentication;
3095 return $wgEmailAuthentication &&
3096 !$this->isEmailConfirmed() &&
3097 $this->mEmailToken &&
3098 $this->mEmailTokenExpires > wfTimestamp();
3099 }
3100
3101 /**
3102 * Get the timestamp of account creation.
3103 *
3104 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3105 * non-existent/anonymous user accounts.
3106 */
3107 public function getRegistration() {
3108 return $this->getId() > 0
3109 ? $this->mRegistration
3110 : false;
3111 }
3112
3113 /**
3114 * Get the timestamp of the first edit
3115 *
3116 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3117 * non-existent/anonymous user accounts.
3118 */
3119 public function getFirstEditTimestamp() {
3120 if( $this->getId() == 0 ) return false; // anons
3121 $dbr = wfGetDB( DB_SLAVE );
3122 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3123 array( 'rev_user' => $this->getId() ),
3124 __METHOD__,
3125 array( 'ORDER BY' => 'rev_timestamp ASC' )
3126 );
3127 if( !$time ) return false; // no edits
3128 return wfTimestamp( TS_MW, $time );
3129 }
3130
3131 /**
3132 * Get the permissions associated with a given list of groups
3133 *
3134 * @param $groups \type{\arrayof{\string}} List of internal group names
3135 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3136 */
3137 static function getGroupPermissions( $groups ) {
3138 global $wgGroupPermissions, $wgRevokePermissions;
3139 $rights = array();
3140 // grant every granted permission first
3141 foreach( $groups as $group ) {
3142 if( isset( $wgGroupPermissions[$group] ) ) {
3143 $rights = array_merge( $rights,
3144 // array_filter removes empty items
3145 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3146 }
3147 }
3148 // now revoke the revoked permissions
3149 foreach( $groups as $group ) {
3150 if( isset( $wgRevokePermissions[$group] ) ) {
3151 $rights = array_diff( $rights,
3152 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3153 }
3154 }
3155 return array_unique( $rights );
3156 }
3157
3158 /**
3159 * Get all the groups who have a given permission
3160 *
3161 * @param $role \string Role to check
3162 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3163 */
3164 static function getGroupsWithPermission( $role ) {
3165 global $wgGroupPermissions;
3166 $allowedGroups = array();
3167 foreach ( $wgGroupPermissions as $group => $rights ) {
3168 if ( isset( $rights[$role] ) && $rights[$role] ) {
3169 $allowedGroups[] = $group;
3170 }
3171 }
3172 return $allowedGroups;
3173 }
3174
3175 /**
3176 * Get the localized descriptive name for a group, if it exists
3177 *
3178 * @param $group \string Internal group name
3179 * @return \string Localized descriptive group name
3180 */
3181 static function getGroupName( $group ) {
3182 $key = "group-$group";
3183 $name = wfMsg( $key );
3184 return $name == '' || wfEmptyMsg( $key, $name )
3185 ? $group
3186 : $name;
3187 }
3188
3189 /**
3190 * Get the localized descriptive name for a member of a group, if it exists
3191 *
3192 * @param $group \string Internal group name
3193 * @return \string Localized name for group member
3194 */
3195 static function getGroupMember( $group ) {
3196 $key = "group-$group-member";
3197 $name = wfMsg( $key );
3198 return $name == '' || wfEmptyMsg( $key, $name )
3199 ? $group
3200 : $name;
3201 }
3202
3203 /**
3204 * Return the set of defined explicit groups.
3205 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3206 * are not included, as they are defined automatically, not in the database.
3207 * @return Array of internal group names
3208 */
3209 static function getAllGroups() {
3210 global $wgGroupPermissions, $wgRevokePermissions;
3211 return array_diff(
3212 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3213 self::getImplicitGroups()
3214 );
3215 }
3216
3217 /**
3218 * Get a list of all available permissions.
3219 * @return Array of permission names
3220 */
3221 static function getAllRights() {
3222 if ( self::$mAllRights === false ) {
3223 global $wgAvailableRights;
3224 if ( count( $wgAvailableRights ) ) {
3225 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3226 } else {
3227 self::$mAllRights = self::$mCoreRights;
3228 }
3229 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3230 }
3231 return self::$mAllRights;
3232 }
3233
3234 /**
3235 * Get a list of implicit groups
3236 * @return \type{\arrayof{\string}} Array of internal group names
3237 */
3238 public static function getImplicitGroups() {
3239 global $wgImplicitGroups;
3240 $groups = $wgImplicitGroups;
3241 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3242 return $groups;
3243 }
3244
3245 /**
3246 * Get the title of a page describing a particular group
3247 *
3248 * @param $group \string Internal group name
3249 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3250 */
3251 static function getGroupPage( $group ) {
3252 $page = wfMsgForContent( 'grouppage-' . $group );
3253 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3254 $title = Title::newFromText( $page );
3255 if( is_object( $title ) )
3256 return $title;
3257 }
3258 return false;
3259 }
3260
3261 /**
3262 * Create a link to the group in HTML, if available;
3263 * else return the group name.
3264 *
3265 * @param $group \string Internal name of the group
3266 * @param $text \string The text of the link
3267 * @return \string HTML link to the group
3268 */
3269 static function makeGroupLinkHTML( $group, $text = '' ) {
3270 if( $text == '' ) {
3271 $text = self::getGroupName( $group );
3272 }
3273 $title = self::getGroupPage( $group );
3274 if( $title ) {
3275 global $wgUser;
3276 $sk = $wgUser->getSkin();
3277 return $sk->link( $title, htmlspecialchars( $text ) );
3278 } else {
3279 return $text;
3280 }
3281 }
3282
3283 /**
3284 * Create a link to the group in Wikitext, if available;
3285 * else return the group name.
3286 *
3287 * @param $group \string Internal name of the group
3288 * @param $text \string The text of the link
3289 * @return \string Wikilink to the group
3290 */
3291 static function makeGroupLinkWiki( $group, $text = '' ) {
3292 if( $text == '' ) {
3293 $text = self::getGroupName( $group );
3294 }
3295 $title = self::getGroupPage( $group );
3296 if( $title ) {
3297 $page = $title->getPrefixedText();
3298 return "[[$page|$text]]";
3299 } else {
3300 return $text;
3301 }
3302 }
3303
3304 /**
3305 * Returns an array of the groups that a particular group can add/remove.
3306 *
3307 * @param $group String: the group to check for whether it can add/remove
3308 * @return Array array( 'add' => array( addablegroups ),
3309 * 'remove' => array( removablegroups ),
3310 * 'add-self' => array( addablegroups to self),
3311 * 'remove-self' => array( removable groups from self) )
3312 */
3313 static function changeableByGroup( $group ) {
3314 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3315
3316 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3317 if( empty( $wgAddGroups[$group] ) ) {
3318 // Don't add anything to $groups
3319 } elseif( $wgAddGroups[$group] === true ) {
3320 // You get everything
3321 $groups['add'] = self::getAllGroups();
3322 } elseif( is_array( $wgAddGroups[$group] ) ) {
3323 $groups['add'] = $wgAddGroups[$group];
3324 }
3325
3326 // Same thing for remove
3327 if( empty( $wgRemoveGroups[$group] ) ) {
3328 } elseif( $wgRemoveGroups[$group] === true ) {
3329 $groups['remove'] = self::getAllGroups();
3330 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3331 $groups['remove'] = $wgRemoveGroups[$group];
3332 }
3333
3334 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3335 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3336 foreach( $wgGroupsAddToSelf as $key => $value ) {
3337 if( is_int( $key ) ) {
3338 $wgGroupsAddToSelf['user'][] = $value;
3339 }
3340 }
3341 }
3342
3343 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3344 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3345 if( is_int( $key ) ) {
3346 $wgGroupsRemoveFromSelf['user'][] = $value;
3347 }
3348 }
3349 }
3350
3351 // Now figure out what groups the user can add to him/herself
3352 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3353 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3354 // No idea WHY this would be used, but it's there
3355 $groups['add-self'] = User::getAllGroups();
3356 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3357 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3358 }
3359
3360 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3361 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3362 $groups['remove-self'] = User::getAllGroups();
3363 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3364 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3365 }
3366
3367 return $groups;
3368 }
3369
3370 /**
3371 * Returns an array of groups that this user can add and remove
3372 * @return Array array( 'add' => array( addablegroups ),
3373 * 'remove' => array( removablegroups ),
3374 * 'add-self' => array( addablegroups to self),
3375 * 'remove-self' => array( removable groups from self) )
3376 */
3377 function changeableGroups() {
3378 if( $this->isAllowed( 'userrights' ) ) {
3379 // This group gives the right to modify everything (reverse-
3380 // compatibility with old "userrights lets you change
3381 // everything")
3382 // Using array_merge to make the groups reindexed
3383 $all = array_merge( User::getAllGroups() );
3384 return array(
3385 'add' => $all,
3386 'remove' => $all,
3387 'add-self' => array(),
3388 'remove-self' => array()
3389 );
3390 }
3391
3392 // Okay, it's not so simple, we will have to go through the arrays
3393 $groups = array(
3394 'add' => array(),
3395 'remove' => array(),
3396 'add-self' => array(),
3397 'remove-self' => array()
3398 );
3399 $addergroups = $this->getEffectiveGroups();
3400
3401 foreach( $addergroups as $addergroup ) {
3402 $groups = array_merge_recursive(
3403 $groups, $this->changeableByGroup( $addergroup )
3404 );
3405 $groups['add'] = array_unique( $groups['add'] );
3406 $groups['remove'] = array_unique( $groups['remove'] );
3407 $groups['add-self'] = array_unique( $groups['add-self'] );
3408 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3409 }
3410 return $groups;
3411 }
3412
3413 /**
3414 * Increment the user's edit-count field.
3415 * Will have no effect for anonymous users.
3416 */
3417 function incEditCount() {
3418 if( !$this->isAnon() ) {
3419 $dbw = wfGetDB( DB_MASTER );
3420 $dbw->update( 'user',
3421 array( 'user_editcount=user_editcount+1' ),
3422 array( 'user_id' => $this->getId() ),
3423 __METHOD__ );
3424
3425 // Lazy initialization check...
3426 if( $dbw->affectedRows() == 0 ) {
3427 // Pull from a slave to be less cruel to servers
3428 // Accuracy isn't the point anyway here
3429 $dbr = wfGetDB( DB_SLAVE );
3430 $count = $dbr->selectField( 'revision',
3431 'COUNT(rev_user)',
3432 array( 'rev_user' => $this->getId() ),
3433 __METHOD__ );
3434
3435 // Now here's a goddamn hack...
3436 if( $dbr !== $dbw ) {
3437 // If we actually have a slave server, the count is
3438 // at least one behind because the current transaction
3439 // has not been committed and replicated.
3440 $count++;
3441 } else {
3442 // But if DB_SLAVE is selecting the master, then the
3443 // count we just read includes the revision that was
3444 // just added in the working transaction.
3445 }
3446
3447 $dbw->update( 'user',
3448 array( 'user_editcount' => $count ),
3449 array( 'user_id' => $this->getId() ),
3450 __METHOD__ );
3451 }
3452 }
3453 // edit count in user cache too
3454 $this->invalidateCache();
3455 }
3456
3457 /**
3458 * Get the description of a given right
3459 *
3460 * @param $right \string Right to query
3461 * @return \string Localized description of the right
3462 */
3463 static function getRightDescription( $right ) {
3464 $key = "right-$right";
3465 $name = wfMsg( $key );
3466 return $name == '' || wfEmptyMsg( $key, $name )
3467 ? $right
3468 : $name;
3469 }
3470
3471 /**
3472 * Make an old-style password hash
3473 *
3474 * @param $password \string Plain-text password
3475 * @param $userId \string User ID
3476 * @return \string Password hash
3477 */
3478 static function oldCrypt( $password, $userId ) {
3479 global $wgPasswordSalt;
3480 if ( $wgPasswordSalt ) {
3481 return md5( $userId . '-' . md5( $password ) );
3482 } else {
3483 return md5( $password );
3484 }
3485 }
3486
3487 /**
3488 * Make a new-style password hash
3489 *
3490 * @param $password \string Plain-text password
3491 * @param $salt \string Optional salt, may be random or the user ID.
3492 * If unspecified or false, will generate one automatically
3493 * @return \string Password hash
3494 */
3495 static function crypt( $password, $salt = false ) {
3496 global $wgPasswordSalt;
3497
3498 $hash = '';
3499 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3500 return $hash;
3501 }
3502
3503 if( $wgPasswordSalt ) {
3504 if ( $salt === false ) {
3505 $salt = substr( wfGenerateToken(), 0, 8 );
3506 }
3507 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3508 } else {
3509 return ':A:' . md5( $password );
3510 }
3511 }
3512
3513 /**
3514 * Compare a password hash with a plain-text password. Requires the user
3515 * ID if there's a chance that the hash is an old-style hash.
3516 *
3517 * @param $hash \string Password hash
3518 * @param $password \string Plain-text password to compare
3519 * @param $userId \string User ID for old-style password salt
3520 * @return Boolean:
3521 */
3522 static function comparePasswords( $hash, $password, $userId = false ) {
3523 $type = substr( $hash, 0, 3 );
3524
3525 $result = false;
3526 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3527 return $result;
3528 }
3529
3530 if ( $type == ':A:' ) {
3531 # Unsalted
3532 return md5( $password ) === substr( $hash, 3 );
3533 } elseif ( $type == ':B:' ) {
3534 # Salted
3535 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3536 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3537 } else {
3538 # Old-style
3539 return self::oldCrypt( $password, $userId ) === $hash;
3540 }
3541 }
3542
3543 /**
3544 * Add a newuser log entry for this user
3545 *
3546 * @param $byEmail Boolean: account made by email?
3547 * @param $reason String: user supplied reason
3548 */
3549 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3550 global $wgUser, $wgContLang, $wgNewUserLog;
3551 if( empty( $wgNewUserLog ) ) {
3552 return true; // disabled
3553 }
3554
3555 if( $this->getName() == $wgUser->getName() ) {
3556 $action = 'create';
3557 } else {
3558 $action = 'create2';
3559 if ( $byEmail ) {
3560 if ( $reason === '' ) {
3561 $reason = wfMsgForContent( 'newuserlog-byemail' );
3562 } else {
3563 $reason = $wgContLang->commaList( array(
3564 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3565 }
3566 }
3567 }
3568 $log = new LogPage( 'newusers' );
3569 $log->addEntry(
3570 $action,
3571 $this->getUserPage(),
3572 $reason,
3573 array( $this->getId() )
3574 );
3575 return true;
3576 }
3577
3578 /**
3579 * Add an autocreate newuser log entry for this user
3580 * Used by things like CentralAuth and perhaps other authplugins.
3581 */
3582 public function addNewUserLogEntryAutoCreate() {
3583 global $wgNewUserLog, $wgLogAutocreatedAccounts;
3584 if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
3585 return true; // disabled
3586 }
3587 $log = new LogPage( 'newusers', false );
3588 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3589 return true;
3590 }
3591
3592 protected function loadOptions() {
3593 $this->load();
3594 if ( $this->mOptionsLoaded || !$this->getId() )
3595 return;
3596
3597 $this->mOptions = self::getDefaultOptions();
3598
3599 // Maybe load from the object
3600 if ( !is_null( $this->mOptionOverrides ) ) {
3601 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3602 foreach( $this->mOptionOverrides as $key => $value ) {
3603 $this->mOptions[$key] = $value;
3604 }
3605 } else {
3606 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3607 // Load from database
3608 $dbr = wfGetDB( DB_SLAVE );
3609
3610 $res = $dbr->select(
3611 'user_properties',
3612 '*',
3613 array( 'up_user' => $this->getId() ),
3614 __METHOD__
3615 );
3616
3617 foreach ( $res as $row ) {
3618 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3619 $this->mOptions[$row->up_property] = $row->up_value;
3620 }
3621 }
3622
3623 $this->mOptionsLoaded = true;
3624
3625 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3626 }
3627
3628 protected function saveOptions() {
3629 global $wgAllowPrefChange;
3630
3631 $extuser = ExternalUser::newFromUser( $this );
3632
3633 $this->loadOptions();
3634 $dbw = wfGetDB( DB_MASTER );
3635
3636 $insert_rows = array();
3637
3638 $saveOptions = $this->mOptions;
3639
3640 // Allow hooks to abort, for instance to save to a global profile.
3641 // Reset options to default state before saving.
3642 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3643 return;
3644
3645 foreach( $saveOptions as $key => $value ) {
3646 # Don't bother storing default values
3647 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3648 !( $value === false || is_null($value) ) ) ||
3649 $value != self::getDefaultOption( $key ) ) {
3650 $insert_rows[] = array(
3651 'up_user' => $this->getId(),
3652 'up_property' => $key,
3653 'up_value' => $value,
3654 );
3655 }
3656 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3657 switch ( $wgAllowPrefChange[$key] ) {
3658 case 'local':
3659 case 'message':
3660 break;
3661 case 'semiglobal':
3662 case 'global':
3663 $extuser->setPref( $key, $value );
3664 }
3665 }
3666 }
3667
3668 $dbw->begin();
3669 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3670 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3671 $dbw->commit();
3672 }
3673
3674 /**
3675 * Provide an array of HTML5 attributes to put on an input element
3676 * intended for the user to enter a new password. This may include
3677 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3678 *
3679 * Do *not* use this when asking the user to enter his current password!
3680 * Regardless of configuration, users may have invalid passwords for whatever
3681 * reason (e.g., they were set before requirements were tightened up).
3682 * Only use it when asking for a new password, like on account creation or
3683 * ResetPass.
3684 *
3685 * Obviously, you still need to do server-side checking.
3686 *
3687 * NOTE: A combination of bugs in various browsers means that this function
3688 * actually just returns array() unconditionally at the moment. May as
3689 * well keep it around for when the browser bugs get fixed, though.
3690 *
3691 * @return array Array of HTML attributes suitable for feeding to
3692 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3693 * That will potentially output invalid XHTML 1.0 Transitional, and will
3694 * get confused by the boolean attribute syntax used.)
3695 */
3696 public static function passwordChangeInputAttribs() {
3697 global $wgMinimalPasswordLength;
3698
3699 if ( $wgMinimalPasswordLength == 0 ) {
3700 return array();
3701 }
3702
3703 # Note that the pattern requirement will always be satisfied if the
3704 # input is empty, so we need required in all cases.
3705 #
3706 # FIXME (bug 23769): This needs to not claim the password is required
3707 # if e-mail confirmation is being used. Since HTML5 input validation
3708 # is b0rked anyway in some browsers, just return nothing. When it's
3709 # re-enabled, fix this code to not output required for e-mail
3710 # registration.
3711 #$ret = array( 'required' );
3712 $ret = array();
3713
3714 # We can't actually do this right now, because Opera 9.6 will print out
3715 # the entered password visibly in its error message! When other
3716 # browsers add support for this attribute, or Opera fixes its support,
3717 # we can add support with a version check to avoid doing this on Opera
3718 # versions where it will be a problem. Reported to Opera as
3719 # DSK-262266, but they don't have a public bug tracker for us to follow.
3720 /*
3721 if ( $wgMinimalPasswordLength > 1 ) {
3722 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3723 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3724 $wgMinimalPasswordLength );
3725 }
3726 */
3727
3728 return $ret;
3729 }
3730
3731 /**
3732 * Format the user message using a hook, a template, or, failing these, a static format.
3733 * @param $subject String the subject of the message
3734 * @param $text String the content of the message
3735 * @param $signature String the signature, if provided.
3736 */
3737 static protected function formatUserMessage( $subject, $text, $signature ) {
3738 if ( wfRunHooks( 'FormatUserMessage',
3739 array( $subject, &$text, $signature ) ) ) {
3740
3741 $signature = empty($signature) ? "~~~~~" : "{$signature} ~~~~~";
3742
3743 $template = Title::newFromText( wfMsgForContent( 'usermessage-template' ) );
3744 if ( !$template
3745 || $template->getNamespace() !== NS_TEMPLATE
3746 || !$template->exists() ) {
3747 $text = "\n== $subject ==\n\n$text\n\n-- $signature";
3748 } else {
3749 $text = '{{'. $template->getText()
3750 . " | subject=$subject | body=$text | signature=$signature }}";
3751 }
3752 }
3753
3754 return $text;
3755 }
3756
3757 /**
3758 * Leave a user a message
3759 * @param $subject String the subject of the message
3760 * @param $text String the message to leave
3761 * @param $signature String Text to leave in the signature
3762 * @param $summary String the summary for this change, defaults to
3763 * "Leave system message."
3764 * @param $editor User The user leaving the message, defaults to
3765 * "{{MediaWiki:usermessage-editor}}"
3766 * @param $flags Int default edit flags
3767 *
3768 * @return boolean true if it was successful
3769 */
3770 public function leaveUserMessage( $subject, $text, $signature = "",
3771 $summary = null, $editor = null, $flags = 0 ) {
3772 if ( !isset( $summary ) ) {
3773 $summary = wfMsgForContent( 'usermessage-summary' );
3774 }
3775
3776 if ( !isset( $editor ) ) {
3777 $editor = User::newFromName( wfMsgForContent( 'usermessage-editor' ) );
3778 if ( !$editor->isLoggedIn() ) {
3779 $editor->addToDatabase();
3780 }
3781 }
3782
3783 $article = new Article( $this->getTalkPage() );
3784 wfRunHooks( 'SetupUserMessageArticle',
3785 array( $this, &$article, $subject, $text, $signature, $summary, $editor ) );
3786
3787
3788 $text = self::formatUserMessage( $subject, $text, $signature );
3789 $flags = $article->checkFlags( $flags );
3790
3791 if ( $flags & EDIT_UPDATE ) {
3792 $text = $article->getContent() . $text;
3793 }
3794
3795 $dbw = wfGetDB( DB_MASTER );
3796 $dbw->begin();
3797
3798 try {
3799 $status = $article->doEdit( $text, $summary, $flags, false, $editor );
3800 } catch ( DBQueryError $e ) {
3801 $status = Status::newFatal("DB Error");
3802 }
3803
3804 if ( $status->isGood() ) {
3805 // Set newtalk with the right user ID
3806 $this->setNewtalk( true );
3807 wfRunHooks( 'AfterUserMessage',
3808 array( $this, $article, $summary, $text, $signature, $summary, $editor ) );
3809 $dbw->commit();
3810 } else {
3811 // The article was concurrently created
3812 wfDebug( __METHOD__ . ": Error ".$status->getWikiText() );
3813 $dbw->rollback();
3814 }
3815
3816 return $status->isGood();
3817 }
3818 }
MediaWiki Core