search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reverted r49019, unnecessary use of the ellipsis character, per CR
[mediawiki.git] / includes / User.php
blobc227d29b55a7595ee5c3efe9552e1d5e1852bc12
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44
45 /**
46 * \type{\arrayof{\string}} A list of default user toggles, i.e., boolean user
47 * preferences that are displayed by Special:Preferences as checkboxes.
48 * This list can be extended via the UserToggles hook or by
49 * $wgContLang::getExtraUserToggles().
50 * @showinitializer
51 */
52 public static $mToggles = array(
53 'highlightbroken',
54 'justify',
55 'hideminor',
56 'extendwatchlist',
57 'usenewrc',
58 'numberheadings',
59 'showtoolbar',
60 'editondblclick',
61 'editsection',
62 'editsectiononrightclick',
63 'showtoc',
64 'rememberpassword',
65 'editwidth',
66 'watchcreations',
67 'watchdefault',
68 'watchmoves',
69 'watchdeletion',
70 'minordefault',
71 'previewontop',
72 'previewonfirst',
73 'nocache',
74 'enotifwatchlistpages',
75 'enotifusertalkpages',
76 'enotifminoredits',
77 'enotifrevealaddr',
78 'shownumberswatching',
79 'fancysig',
80 'externaleditor',
81 'externaldiff',
82 'showjumplinks',
83 'uselivepreview',
84 'forceeditsummary',
85 'watchlisthideminor',
86 'watchlisthidebots',
87 'watchlisthideown',
88 'watchlisthideanons',
89 'watchlisthideliu',
90 'ccmeonemails',
91 'diffonly',
92 'showhiddencats',
93 'noconvertlink',
94 'norollbackdiff',
95 );
96
97 /**
98 * \type{\arrayof{\string}} List of member variables which are saved to the
99 * shared cache (memcached). Any operation which changes the
100 * corresponding database fields must call a cache-clearing function.
101 * @showinitializer
102 */
103 static $mCacheVars = array(
104 // user table
105 'mId',
106 'mName',
107 'mRealName',
108 'mPassword',
109 'mNewpassword',
110 'mNewpassTime',
111 'mEmail',
112 'mTouched',
113 'mToken',
114 'mEmailAuthenticated',
115 'mEmailToken',
116 'mEmailTokenExpires',
117 'mRegistration',
118 'mEditCount',
119 // user_group table
120 'mGroups',
121 // user_properties table
122 'mOptionOverrides',
123 );
124
125 /**
126 * \type{\arrayof{\string}} Core rights.
127 * Each of these should have a corresponding message of the form
128 * "right-$right".
129 * @showinitializer
130 */
131 static $mCoreRights = array(
132 'apihighlimits',
133 'autoconfirmed',
134 'autopatrol',
135 'bigdelete',
136 'block',
137 'blockemail',
138 'bot',
139 'browsearchive',
140 'createaccount',
141 'createpage',
142 'createtalk',
143 'delete',
144 'deletedhistory',
145 'deleterevision',
146 'edit',
147 'editinterface',
148 'editusercssjs',
149 'hideuser',
150 'import',
151 'importupload',
152 'ipblock-exempt',
153 'markbotedits',
154 'minoredit',
155 'move',
156 'movefile',
157 'move-rootuserpages',
158 'move-subpages',
159 'nominornewtalk',
160 'noratelimit',
161 'override-export-depth',
162 'patrol',
163 'protect',
164 'proxyunbannable',
165 'purge',
166 'read',
167 'reupload',
168 'reupload-shared',
169 'rollback',
170 'siteadmin',
171 'suppressionlog',
172 'suppressredirect',
173 'suppressrevision',
174 'trackback',
175 'undelete',
176 'unwatchedpages',
177 'upload',
178 'upload_by_url',
179 'userrights',
180 'userrights-interwiki',
181 'writeapi',
182 );
183 /**
184 * \string Cached results of getAllRights()
185 */
186 static $mAllRights = false;
187
188 /** @name Cache variables */
189 //@{
190 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
191 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
192 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
193 //@}
194
195 /**
196 * \bool Whether the cache variables have been loaded.
197 */
198 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
199
200 /**
201 * \string Initialization data source if mDataLoaded==false. May be one of:
202 * - 'defaults' anonymous user initialised from class defaults
203 * - 'name' initialise from mName
204 * - 'id' initialise from mId
205 * - 'session' log in from cookies or session if possible
206 *
207 * Use the User::newFrom*() family of functions to set this.
208 */
209 var $mFrom;
210
211 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
212 //@{
213 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
214 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
215 $mLocked, $mHideName, $mOptions;
216 //@}
217
218 /**
219 * Lightweight constructor for an anonymous user.
220 * Use the User::newFrom* factory functions for other kinds of users.
221 *
222 * @see newFromName()
223 * @see newFromId()
224 * @see newFromConfirmationCode()
225 * @see newFromSession()
226 * @see newFromRow()
227 */
228 function User() {
229 $this->clearInstanceCache( 'defaults' );
230 }
231
232 /**
233 * Load the user table data for this object from the source given by mFrom.
234 */
235 function load() {
236 if ( $this->mDataLoaded ) {
237 return;
238 }
239 wfProfileIn( __METHOD__ );
240
241 # Set it now to avoid infinite recursion in accessors
242 $this->mDataLoaded = true;
243
244 switch ( $this->mFrom ) {
245 case 'defaults':
246 $this->loadDefaults();
247 break;
248 case 'name':
249 $this->mId = self::idFromName( $this->mName );
250 if ( !$this->mId ) {
251 # Nonexistent user placeholder object
252 $this->loadDefaults( $this->mName );
253 } else {
254 $this->loadFromId();
255 }
256 break;
257 case 'id':
258 $this->loadFromId();
259 break;
260 case 'session':
261 $this->loadFromSession();
262 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
263 break;
264 default:
265 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
266 }
267 wfProfileOut( __METHOD__ );
268 }
269
270 /**
271 * Load user table data, given mId has already been set.
272 * @return \bool false if the ID does not exist, true otherwise
273 * @private
274 */
275 function loadFromId() {
276 global $wgMemc;
277 if ( $this->mId == 0 ) {
278 $this->loadDefaults();
279 return false;
280 }
281
282 # Try cache
283 $key = wfMemcKey( 'user', 'id', $this->mId );
284 $data = $wgMemc->get( $key );
285 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
286 # Object is expired, load from DB
287 $data = false;
288 }
289
290 if ( !$data ) {
291 wfDebug( "Cache miss for user {$this->mId}\n" );
292 # Load from DB
293 if ( !$this->loadFromDatabase() ) {
294 # Can't load from ID, user is anonymous
295 return false;
296 }
297 $this->saveToCache();
298 } else {
299 wfDebug( "Got user {$this->mId} from cache\n" );
300 # Restore from cache
301 foreach ( self::$mCacheVars as $name ) {
302 $this->$name = $data[$name];
303 }
304 }
305 return true;
306 }
307
308 /**
309 * Save user data to the shared cache
310 */
311 function saveToCache() {
312 $this->load();
313 $this->loadGroups();
314 $this->loadOptions();
315 if ( $this->isAnon() ) {
316 // Anonymous users are uncached
317 return;
318 }
319 $data = array();
320 foreach ( self::$mCacheVars as $name ) {
321 $data[$name] = $this->$name;
322 }
323 $data['mVersion'] = MW_USER_VERSION;
324 $key = wfMemcKey( 'user', 'id', $this->mId );
325 global $wgMemc;
326 $wgMemc->set( $key, $data );
327 }
328
329
330 /** @name newFrom*() static factory methods */
331 //@{
332
333 /**
334 * Static factory method for creation from username.
335 *
336 * This is slightly less efficient than newFromId(), so use newFromId() if
337 * you have both an ID and a name handy.
338 *
339 * @param $name \string Username, validated by Title::newFromText()
340 * @param $validate \mixed Validate username. Takes the same parameters as
341 * User::getCanonicalName(), except that true is accepted as an alias
342 * for 'valid', for BC.
343 *
344 * @return \type{User} The User object, or null if the username is invalid. If the
345 * username is not present in the database, the result will be a user object
346 * with a name, zero user ID and default settings.
347 */
348 static function newFromName( $name, $validate = 'valid' ) {
349 if ( $validate === true ) {
350 $validate = 'valid';
351 }
352 $name = self::getCanonicalName( $name, $validate );
353 if ( $name === false ) {
354 return null;
355 } else {
356 # Create unloaded user object
357 $u = new User;
358 $u->mName = $name;
359 $u->mFrom = 'name';
360 return $u;
361 }
362 }
363
364 /**
365 * Static factory method for creation from a given user ID.
366 *
367 * @param $id \int Valid user ID
368 * @return \type{User} The corresponding User object
369 */
370 static function newFromId( $id ) {
371 $u = new User;
372 $u->mId = $id;
373 $u->mFrom = 'id';
374 return $u;
375 }
376
377 /**
378 * Factory method to fetch whichever user has a given email confirmation code.
379 * This code is generated when an account is created or its e-mail address
380 * has changed.
381 *
382 * If the code is invalid or has expired, returns NULL.
383 *
384 * @param $code \string Confirmation code
385 * @return \type{User}
386 */
387 static function newFromConfirmationCode( $code ) {
388 $dbr = wfGetDB( DB_SLAVE );
389 $id = $dbr->selectField( 'user', 'user_id', array(
390 'user_email_token' => md5( $code ),
391 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
392 ) );
393 if( $id !== false ) {
394 return User::newFromId( $id );
395 } else {
396 return null;
397 }
398 }
399
400 /**
401 * Create a new user object using data from session or cookies. If the
402 * login credentials are invalid, the result is an anonymous user.
403 *
404 * @return \type{User}
405 */
406 static function newFromSession() {
407 $user = new User;
408 $user->mFrom = 'session';
409 return $user;
410 }
411
412 /**
413 * Create a new user object from a user row.
414 * The row should have all fields from the user table in it.
415 * @param $row array A row from the user table
416 * @return \type{User}
417 */
418 static function newFromRow( $row ) {
419 $user = new User;
420 $user->loadFromRow( $row );
421 return $user;
422 }
423
424 //@}
425
426
427 /**
428 * Get the username corresponding to a given user ID
429 * @param $id \int User ID
430 * @return \string The corresponding username
431 */
432 static function whoIs( $id ) {
433 $dbr = wfGetDB( DB_SLAVE );
434 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), 'User::whoIs' );
435 }
436
437 /**
438 * Get the real name of a user given their user ID
439 *
440 * @param $id \int User ID
441 * @return \string The corresponding user's real name
442 */
443 static function whoIsReal( $id ) {
444 $dbr = wfGetDB( DB_SLAVE );
445 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
446 }
447
448 /**
449 * Get database id given a user name
450 * @param $name \string Username
451 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
452 */
453 static function idFromName( $name ) {
454 $nt = Title::makeTitleSafe( NS_USER, $name );
455 if( is_null( $nt ) ) {
456 # Illegal name
457 return null;
458 }
459 $dbr = wfGetDB( DB_SLAVE );
460 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
461
462 if ( $s === false ) {
463 return 0;
464 } else {
465 return $s->user_id;
466 }
467 }
468
469 /**
470 * Does the string match an anonymous IPv4 address?
471 *
472 * This function exists for username validation, in order to reject
473 * usernames which are similar in form to IP addresses. Strings such
474 * as 300.300.300.300 will return true because it looks like an IP
475 * address, despite not being strictly valid.
476 *
477 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
478 * address because the usemod software would "cloak" anonymous IP
479 * addresses like this, if we allowed accounts like this to be created
480 * new users could get the old edits of these anonymous users.
481 *
482 * @param $name \string String to match
483 * @return \bool True or false
484 */
485 static function isIP( $name ) {
486 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
487 }
488
489 /**
490 * Is the input a valid username?
491 *
492 * Checks if the input is a valid username, we don't want an empty string,
493 * an IP address, anything that containins slashes (would mess up subpages),
494 * is longer than the maximum allowed username size or doesn't begin with
495 * a capital letter.
496 *
497 * @param $name \string String to match
498 * @return \bool True or false
499 */
500 static function isValidUserName( $name ) {
501 global $wgContLang, $wgMaxNameChars;
502
503 if ( $name == ''
504 || User::isIP( $name )
505 || strpos( $name, '/' ) !== false
506 || strlen( $name ) > $wgMaxNameChars
507 || $name != $wgContLang->ucfirst( $name ) ) {
508 wfDebugLog( 'username', __METHOD__ .
509 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
510 return false;
511 }
512
513 // Ensure that the name can't be misresolved as a different title,
514 // such as with extra namespace keys at the start.
515 $parsed = Title::newFromText( $name );
516 if( is_null( $parsed )
517 || $parsed->getNamespace()
518 || strcmp( $name, $parsed->getPrefixedText() ) ) {
519 wfDebugLog( 'username', __METHOD__ .
520 ": '$name' invalid due to ambiguous prefixes" );
521 return false;
522 }
523
524 // Check an additional blacklist of troublemaker characters.
525 // Should these be merged into the title char list?
526 $unicodeBlacklist = '/[' .
527 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
528 '\x{00a0}' . # non-breaking space
529 '\x{2000}-\x{200f}' . # various whitespace
530 '\x{2028}-\x{202f}' . # breaks and control chars
531 '\x{3000}' . # ideographic space
532 '\x{e000}-\x{f8ff}' . # private use
533 ']/u';
534 if( preg_match( $unicodeBlacklist, $name ) ) {
535 wfDebugLog( 'username', __METHOD__ .
536 ": '$name' invalid due to blacklisted characters" );
537 return false;
538 }
539
540 return true;
541 }
542
543 /**
544 * Usernames which fail to pass this function will be blocked
545 * from user login and new account registrations, but may be used
546 * internally by batch processes.
547 *
548 * If an account already exists in this form, login will be blocked
549 * by a failure to pass this function.
550 *
551 * @param $name \string String to match
552 * @return \bool True or false
553 */
554 static function isUsableName( $name ) {
555 global $wgReservedUsernames;
556 // Must be a valid username, obviously ;)
557 if ( !self::isValidUserName( $name ) ) {
558 return false;
559 }
560
561 static $reservedUsernames = false;
562 if ( !$reservedUsernames ) {
563 $reservedUsernames = $wgReservedUsernames;
564 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
565 }
566
567 // Certain names may be reserved for batch processes.
568 foreach ( $reservedUsernames as $reserved ) {
569 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
570 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
571 }
572 if ( $reserved == $name ) {
573 return false;
574 }
575 }
576 return true;
577 }
578
579 /**
580 * Usernames which fail to pass this function will be blocked
581 * from new account registrations, but may be used internally
582 * either by batch processes or by user accounts which have
583 * already been created.
584 *
585 * Additional character blacklisting may be added here
586 * rather than in isValidUserName() to avoid disrupting
587 * existing accounts.
588 *
589 * @param $name \string String to match
590 * @return \bool True or false
591 */
592 static function isCreatableName( $name ) {
593 global $wgInvalidUsernameCharacters;
594 return
595 self::isUsableName( $name ) &&
596
597 // Registration-time character blacklisting...
598 !preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name );
599 }
600
601 /**
602 * Is the input a valid password for this user?
603 *
604 * @param $password \string Desired password
605 * @return \bool True or false
606 */
607 function isValidPassword( $password ) {
608 global $wgMinimalPasswordLength, $wgContLang;
609
610 $result = null;
611 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
612 return $result;
613 if( $result === false )
614 return false;
615
616 // Password needs to be long enough, and can't be the same as the username
617 return strlen( $password ) >= $wgMinimalPasswordLength
618 && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName );
619 }
620
621 /**
622 * Does a string look like an e-mail address?
623 *
624 * There used to be a regular expression here, it got removed because it
625 * rejected valid addresses. Actually just check if there is '@' somewhere
626 * in the given address.
627 *
628 * @todo Check for RFC 2822 compilance (bug 959)
629 *
630 * @param $addr \string E-mail address
631 * @return \bool True or false
632 */
633 public static function isValidEmailAddr( $addr ) {
634 $result = null;
635 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
636 return $result;
637 }
638
639 return strpos( $addr, '@' ) !== false;
640 }
641
642 /**
643 * Given unvalidated user input, return a canonical username, or false if
644 * the username is invalid.
645 * @param $name \string User input
646 * @param $validate \types{\string,\bool} Type of validation to use:
647 * - false No validation
648 * - 'valid' Valid for batch processes
649 * - 'usable' Valid for batch processes and login
650 * - 'creatable' Valid for batch processes, login and account creation
651 */
652 static function getCanonicalName( $name, $validate = 'valid' ) {
653 # Force usernames to capital
654 global $wgContLang;
655 $name = $wgContLang->ucfirst( $name );
656
657 # Reject names containing '#'; these will be cleaned up
658 # with title normalisation, but then it's too late to
659 # check elsewhere
660 if( strpos( $name, '#' ) !== false )
661 return false;
662
663 # Clean up name according to title rules
664 $t = ($validate === 'valid') ?
665 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
666 # Check for invalid titles
667 if( is_null( $t ) ) {
668 return false;
669 }
670
671 # Reject various classes of invalid names
672 $name = $t->getText();
673 global $wgAuth;
674 $name = $wgAuth->getCanonicalName( $t->getText() );
675
676 switch ( $validate ) {
677 case false:
678 break;
679 case 'valid':
680 if ( !User::isValidUserName( $name ) ) {
681 $name = false;
682 }
683 break;
684 case 'usable':
685 if ( !User::isUsableName( $name ) ) {
686 $name = false;
687 }
688 break;
689 case 'creatable':
690 if ( !User::isCreatableName( $name ) ) {
691 $name = false;
692 }
693 break;
694 default:
695 throw new MWException( 'Invalid parameter value for $validate in '.__METHOD__ );
696 }
697 return $name;
698 }
699
700 /**
701 * Count the number of edits of a user
702 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
703 *
704 * @param $uid \int User ID to check
705 * @return \int The user's edit count
706 */
707 static function edits( $uid ) {
708 wfProfileIn( __METHOD__ );
709 $dbr = wfGetDB( DB_SLAVE );
710 // check if the user_editcount field has been initialized
711 $field = $dbr->selectField(
712 'user', 'user_editcount',
713 array( 'user_id' => $uid ),
714 __METHOD__
715 );
716
717 if( $field === null ) { // it has not been initialized. do so.
718 $dbw = wfGetDB( DB_MASTER );
719 $count = $dbr->selectField(
720 'revision', 'count(*)',
721 array( 'rev_user' => $uid ),
722 __METHOD__
723 );
724 $dbw->update(
725 'user',
726 array( 'user_editcount' => $count ),
727 array( 'user_id' => $uid ),
728 __METHOD__
729 );
730 } else {
731 $count = $field;
732 }
733 wfProfileOut( __METHOD__ );
734 return $count;
735 }
736
737 /**
738 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
739 * @todo hash random numbers to improve security, like generateToken()
740 *
741 * @return \string New random password
742 */
743 static function randomPassword() {
744 global $wgMinimalPasswordLength;
745 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
746 $l = strlen( $pwchars ) - 1;
747
748 $pwlength = max( 7, $wgMinimalPasswordLength );
749 $digit = mt_rand(0, $pwlength - 1);
750 $np = '';
751 for ( $i = 0; $i < $pwlength; $i++ ) {
752 $np .= $i == $digit ? chr( mt_rand(48, 57) ) : $pwchars{ mt_rand(0, $l)};
753 }
754 return $np;
755 }
756
757 /**
758 * Set cached properties to default.
759 *
760 * @note This no longer clears uncached lazy-initialised properties;
761 * the constructor does that instead.
762 * @private
763 */
764 function loadDefaults( $name = false ) {
765 wfProfileIn( __METHOD__ );
766
767 global $wgCookiePrefix;
768
769 $this->mId = 0;
770 $this->mName = $name;
771 $this->mRealName = '';
772 $this->mPassword = $this->mNewpassword = '';
773 $this->mNewpassTime = null;
774 $this->mEmail = '';
775 $this->mOptionOverrides = null;
776 $this->mOptionsLoaded = false;
777
778 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
779 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
780 } else {
781 $this->mTouched = '0'; # Allow any pages to be cached
782 }
783
784 $this->setToken(); # Random
785 $this->mEmailAuthenticated = null;
786 $this->mEmailToken = '';
787 $this->mEmailTokenExpires = null;
788 $this->mRegistration = wfTimestamp( TS_MW );
789 $this->mGroups = array();
790
791 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
792
793 wfProfileOut( __METHOD__ );
794 }
795
796 /**
797 * @deprecated Use wfSetupSession().
798 */
799 function SetupSession() {
800 wfDeprecated( __METHOD__ );
801 wfSetupSession();
802 }
803
804 /**
805 * Load user data from the session or login cookie. If there are no valid
806 * credentials, initialises the user as an anonymous user.
807 * @return \bool True if the user is logged in, false otherwise.
808 */
809 private function loadFromSession() {
810 global $wgMemc, $wgCookiePrefix;
811
812 $result = null;
813 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
814 if ( $result !== null ) {
815 return $result;
816 }
817
818 if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
819 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
820 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
821 $this->loadDefaults(); // Possible collision!
822 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
823 cookie user ID ($sId) don't match!" );
824 return false;
825 }
826 $_SESSION['wsUserID'] = $sId;
827 } else if ( isset( $_SESSION['wsUserID'] ) ) {
828 if ( $_SESSION['wsUserID'] != 0 ) {
829 $sId = $_SESSION['wsUserID'];
830 } else {
831 $this->loadDefaults();
832 return false;
833 }
834 } else {
835 $this->loadDefaults();
836 return false;
837 }
838
839 if ( isset( $_SESSION['wsUserName'] ) ) {
840 $sName = $_SESSION['wsUserName'];
841 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
842 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
843 $_SESSION['wsUserName'] = $sName;
844 } else {
845 $this->loadDefaults();
846 return false;
847 }
848
849 $passwordCorrect = FALSE;
850 $this->mId = $sId;
851 if ( !$this->loadFromId() ) {
852 # Not a valid ID, loadFromId has switched the object to anon for us
853 return false;
854 }
855
856 if ( isset( $_SESSION['wsToken'] ) ) {
857 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
858 $from = 'session';
859 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
860 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
861 $from = 'cookie';
862 } else {
863 # No session or persistent login cookie
864 $this->loadDefaults();
865 return false;
866 }
867
868 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
869 $_SESSION['wsToken'] = $this->mToken;
870 wfDebug( "Logged in from $from\n" );
871 return true;
872 } else {
873 # Invalid credentials
874 wfDebug( "Can't log in from $from, invalid credentials\n" );
875 $this->loadDefaults();
876 return false;
877 }
878 }
879
880 /**
881 * Load user and user_group data from the database.
882 * $this::mId must be set, this is how the user is identified.
883 *
884 * @return \bool True if the user exists, false if the user is anonymous
885 * @private
886 */
887 function loadFromDatabase() {
888 # Paranoia
889 $this->mId = intval( $this->mId );
890
891 /** Anonymous user */
892 if( !$this->mId ) {
893 $this->loadDefaults();
894 return false;
895 }
896
897 $dbr = wfGetDB( DB_MASTER );
898 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
899
900 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
901
902 if ( $s !== false ) {
903 # Initialise user table data
904 $this->loadFromRow( $s );
905 $this->mGroups = null; // deferred
906 $this->getEditCount(); // revalidation for nulls
907 return true;
908 } else {
909 # Invalid user_id
910 $this->mId = 0;
911 $this->loadDefaults();
912 return false;
913 }
914 }
915
916 /**
917 * Initialize this object from a row from the user table.
918 *
919 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
920 */
921 function loadFromRow( $row ) {
922 $this->mDataLoaded = true;
923
924 if ( isset( $row->user_id ) ) {
925 $this->mId = intval( $row->user_id );
926 }
927 $this->mName = $row->user_name;
928 $this->mRealName = $row->user_real_name;
929 $this->mPassword = $row->user_password;
930 $this->mNewpassword = $row->user_newpassword;
931 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
932 $this->mEmail = $row->user_email;
933 $this->decodeOptions( $row->user_options );
934 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
935 $this->mToken = $row->user_token;
936 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
937 $this->mEmailToken = $row->user_email_token;
938 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
939 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
940 $this->mEditCount = $row->user_editcount;
941 }
942
943 /**
944 * Load the groups from the database if they aren't already loaded.
945 * @private
946 */
947 function loadGroups() {
948 if ( is_null( $this->mGroups ) ) {
949 $dbr = wfGetDB( DB_MASTER );
950 $res = $dbr->select( 'user_groups',
951 array( 'ug_group' ),
952 array( 'ug_user' => $this->mId ),
953 __METHOD__ );
954 $this->mGroups = array();
955 while( $row = $dbr->fetchObject( $res ) ) {
956 $this->mGroups[] = $row->ug_group;
957 }
958 }
959 }
960
961 /**
962 * Clear various cached data stored in this object.
963 * @param $reloadFrom \string Reload user and user_groups table data from a
964 * given source. May be "name", "id", "defaults", "session", or false for
965 * no reload.
966 */
967 function clearInstanceCache( $reloadFrom = false ) {
968 $this->mNewtalk = -1;
969 $this->mDatePreference = null;
970 $this->mBlockedby = -1; # Unset
971 $this->mHash = false;
972 $this->mSkin = null;
973 $this->mRights = null;
974 $this->mEffectiveGroups = null;
975 $this->mOptions = null;
976
977 if ( $reloadFrom ) {
978 $this->mDataLoaded = false;
979 $this->mFrom = $reloadFrom;
980 }
981 }
982
983 /**
984 * Combine the language default options with any site-specific options
985 * and add the default language variants.
986 *
987 * @return \type{\arrayof{\string}} Array of options
988 */
989 static function getDefaultOptions() {
990 global $wgNamespacesToBeSearchedDefault;
991 /**
992 * Site defaults will override the global/language defaults
993 */
994 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
995 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
996
997 /**
998 * default language setting
999 */
1000 $variant = $wgContLang->getPreferredVariant( false );
1001 $defOpt['variant'] = $variant;
1002 $defOpt['language'] = $variant;
1003 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1004 $defOpt['searchNs'.$nsnum] = !empty($wgNamespacesToBeSearchedDefault[$nsnum]);
1005 }
1006 $defOpt['skin'] = $wgDefaultSkin;
1007
1008 return $defOpt;
1009 }
1010
1011 /**
1012 * Get a given default option value.
1013 *
1014 * @param $opt \string Name of option to retrieve
1015 * @return \string Default option value
1016 */
1017 public static function getDefaultOption( $opt ) {
1018 $defOpts = self::getDefaultOptions();
1019 if( isset( $defOpts[$opt] ) ) {
1020 return $defOpts[$opt];
1021 } else {
1022 return null;
1023 }
1024 }
1025
1026 /**
1027 * Get a list of user toggle names
1028 * @return \type{\arrayof{\string}} Array of user toggle names
1029 */
1030 static function getToggles() {
1031 global $wgContLang, $wgUseRCPatrol;
1032 $extraToggles = array();
1033 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
1034 if( $wgUseRCPatrol ) {
1035 $extraToggles[] = 'hidepatrolled';
1036 $extraToggles[] = 'newpageshidepatrolled';
1037 $extraToggles[] = 'watchlisthidepatrolled';
1038 }
1039 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
1040 }
1041
1042
1043 /**
1044 * Get blocking information
1045 * @private
1046 * @param $bFromSlave \bool Whether to check the slave database first. To
1047 * improve performance, non-critical checks are done
1048 * against slaves. Check when actually saving should be
1049 * done against master.
1050 */
1051 function getBlockedStatus( $bFromSlave = true ) {
1052 global $wgEnableSorbs, $wgProxyWhitelist;
1053
1054 if ( -1 != $this->mBlockedby ) {
1055 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1056 return;
1057 }
1058
1059 wfProfileIn( __METHOD__ );
1060 wfDebug( __METHOD__.": checking...\n" );
1061
1062 // Initialize data...
1063 // Otherwise something ends up stomping on $this->mBlockedby when
1064 // things get lazy-loaded later, causing false positive block hits
1065 // due to -1 !== 0. Probably session-related... Nothing should be
1066 // overwriting mBlockedby, surely?
1067 $this->load();
1068
1069 $this->mBlockedby = 0;
1070 $this->mHideName = 0;
1071 $this->mAllowUsertalk = 0;
1072 $ip = wfGetIP();
1073
1074 if ($this->isAllowed( 'ipblock-exempt' ) ) {
1075 # Exempt from all types of IP-block
1076 $ip = '';
1077 }
1078
1079 # User/IP blocking
1080 $this->mBlock = new Block();
1081 $this->mBlock->fromMaster( !$bFromSlave );
1082 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1083 wfDebug( __METHOD__.": Found block.\n" );
1084 $this->mBlockedby = $this->mBlock->mBy;
1085 $this->mBlockreason = $this->mBlock->mReason;
1086 $this->mHideName = $this->mBlock->mHideName;
1087 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1088 if ( $this->isLoggedIn() ) {
1089 $this->spreadBlock();
1090 }
1091 } else {
1092 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1093 // apply to users. Note that the existence of $this->mBlock is not used to
1094 // check for edit blocks, $this->mBlockedby is instead.
1095 }
1096
1097 # Proxy blocking
1098 if ( !$this->isAllowed('proxyunbannable') && !in_array( $ip, $wgProxyWhitelist ) ) {
1099 # Local list
1100 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1101 $this->mBlockedby = wfMsg( 'proxyblocker' );
1102 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1103 }
1104
1105 # DNSBL
1106 if ( !$this->mBlockedby && $wgEnableSorbs && !$this->getID() ) {
1107 if ( $this->inSorbsBlacklist( $ip ) ) {
1108 $this->mBlockedby = wfMsg( 'sorbs' );
1109 $this->mBlockreason = wfMsg( 'sorbsreason' );
1110 }
1111 }
1112 }
1113
1114 # Extensions
1115 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1116
1117 wfProfileOut( __METHOD__ );
1118 }
1119
1120 /**
1121 * Whether the given IP is in the SORBS blacklist.
1122 *
1123 * @param $ip \string IP to check
1124 * @return \bool True if blacklisted.
1125 */
1126 function inSorbsBlacklist( $ip ) {
1127 global $wgEnableSorbs, $wgSorbsUrl;
1128
1129 return $wgEnableSorbs &&
1130 $this->inDnsBlacklist( $ip, $wgSorbsUrl );
1131 }
1132
1133 /**
1134 * Whether the given IP is in a given DNS blacklist.
1135 *
1136 * @param $ip \string IP to check
1137 * @param $base \string URL of the DNS blacklist
1138 * @return \bool True if blacklisted.
1139 */
1140 function inDnsBlacklist( $ip, $base ) {
1141 wfProfileIn( __METHOD__ );
1142
1143 $found = false;
1144 $host = '';
1145 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1146 if( IP::isIPv4($ip) ) {
1147 # Make hostname
1148 $host = "$ip.$base";
1149
1150 # Send query
1151 $ipList = gethostbynamel( $host );
1152
1153 if( $ipList ) {
1154 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1155 $found = true;
1156 } else {
1157 wfDebug( "Requested $host, not found in $base.\n" );
1158 }
1159 }
1160
1161 wfProfileOut( __METHOD__ );
1162 return $found;
1163 }
1164
1165 /**
1166 * Is this user subject to rate limiting?
1167 *
1168 * @return \bool True if rate limited
1169 */
1170 public function isPingLimitable() {
1171 global $wgRateLimitsExcludedGroups;
1172 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1173 // Deprecated, but kept for backwards-compatibility config
1174 return false;
1175 }
1176 return !$this->isAllowed('noratelimit');
1177 }
1178
1179 /**
1180 * Primitive rate limits: enforce maximum actions per time period
1181 * to put a brake on flooding.
1182 *
1183 * @note When using a shared cache like memcached, IP-address
1184 * last-hit counters will be shared across wikis.
1185 *
1186 * @param $action \string Action to enforce; 'edit' if unspecified
1187 * @return \bool True if a rate limiter was tripped
1188 */
1189 function pingLimiter( $action='edit' ) {
1190
1191 # Call the 'PingLimiter' hook
1192 $result = false;
1193 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1194 return $result;
1195 }
1196
1197 global $wgRateLimits;
1198 if( !isset( $wgRateLimits[$action] ) ) {
1199 return false;
1200 }
1201
1202 # Some groups shouldn't trigger the ping limiter, ever
1203 if( !$this->isPingLimitable() )
1204 return false;
1205
1206 global $wgMemc, $wgRateLimitLog;
1207 wfProfileIn( __METHOD__ );
1208
1209 $limits = $wgRateLimits[$action];
1210 $keys = array();
1211 $id = $this->getId();
1212 $ip = wfGetIP();
1213 $userLimit = false;
1214
1215 if( isset( $limits['anon'] ) && $id == 0 ) {
1216 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1217 }
1218
1219 if( isset( $limits['user'] ) && $id != 0 ) {
1220 $userLimit = $limits['user'];
1221 }
1222 if( $this->isNewbie() ) {
1223 if( isset( $limits['newbie'] ) && $id != 0 ) {
1224 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1225 }
1226 if( isset( $limits['ip'] ) ) {
1227 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1228 }
1229 $matches = array();
1230 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1231 $subnet = $matches[1];
1232 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1233 }
1234 }
1235 // Check for group-specific permissions
1236 // If more than one group applies, use the group with the highest limit
1237 foreach ( $this->getGroups() as $group ) {
1238 if ( isset( $limits[$group] ) ) {
1239 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1240 $userLimit = $limits[$group];
1241 }
1242 }
1243 }
1244 // Set the user limit key
1245 if ( $userLimit !== false ) {
1246 wfDebug( __METHOD__.": effective user limit: $userLimit\n" );
1247 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1248 }
1249
1250 $triggered = false;
1251 foreach( $keys as $key => $limit ) {
1252 list( $max, $period ) = $limit;
1253 $summary = "(limit $max in {$period}s)";
1254 $count = $wgMemc->get( $key );
1255 if( $count ) {
1256 if( $count > $max ) {
1257 wfDebug( __METHOD__.": tripped! $key at $count $summary\n" );
1258 if( $wgRateLimitLog ) {
1259 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1260 }
1261 $triggered = true;
1262 } else {
1263 wfDebug( __METHOD__.": ok. $key at $count $summary\n" );
1264 }
1265 } else {
1266 wfDebug( __METHOD__.": adding record for $key $summary\n" );
1267 $wgMemc->add( $key, 1, intval( $period ) );
1268 }
1269 $wgMemc->incr( $key );
1270 }
1271
1272 wfProfileOut( __METHOD__ );
1273 return $triggered;
1274 }
1275
1276 /**
1277 * Check if user is blocked
1278 *
1279 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1280 * @return \bool True if blocked, false otherwise
1281 */
1282 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1283 wfDebug( "User::isBlocked: enter\n" );
1284 $this->getBlockedStatus( $bFromSlave );
1285 return $this->mBlockedby !== 0;
1286 }
1287
1288 /**
1289 * Check if user is blocked from editing a particular article
1290 *
1291 * @param $title \string Title to check
1292 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1293 * @return \bool True if blocked, false otherwise
1294 */
1295 function isBlockedFrom( $title, $bFromSlave = false ) {
1296 global $wgBlockAllowsUTEdit;
1297 wfProfileIn( __METHOD__ );
1298 wfDebug( __METHOD__.": enter\n" );
1299
1300 wfDebug( __METHOD__.": asking isBlocked()\n" );
1301 $blocked = $this->isBlocked( $bFromSlave );
1302 $allowUsertalk = ($wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false);
1303 # If a user's name is suppressed, they cannot make edits anywhere
1304 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1305 $title->getNamespace() == NS_USER_TALK ) {
1306 $blocked = false;
1307 wfDebug( __METHOD__.": self-talk page, ignoring any blocks\n" );
1308 }
1309 wfProfileOut( __METHOD__ );
1310 return $blocked;
1311 }
1312
1313 /**
1314 * If user is blocked, return the name of the user who placed the block
1315 * @return \string name of blocker
1316 */
1317 function blockedBy() {
1318 $this->getBlockedStatus();
1319 return $this->mBlockedby;
1320 }
1321
1322 /**
1323 * If user is blocked, return the specified reason for the block
1324 * @return \string Blocking reason
1325 */
1326 function blockedFor() {
1327 $this->getBlockedStatus();
1328 return $this->mBlockreason;
1329 }
1330
1331 /**
1332 * If user is blocked, return the ID for the block
1333 * @return \int Block ID
1334 */
1335 function getBlockId() {
1336 $this->getBlockedStatus();
1337 return ($this->mBlock ? $this->mBlock->mId : false);
1338 }
1339
1340 /**
1341 * Check if user is blocked on all wikis.
1342 * Do not use for actual edit permission checks!
1343 * This is intented for quick UI checks.
1344 *
1345 * @param $ip \type{\string} IP address, uses current client if none given
1346 * @return \type{\bool} True if blocked, false otherwise
1347 */
1348 function isBlockedGlobally( $ip = '' ) {
1349 if( $this->mBlockedGlobally !== null ) {
1350 return $this->mBlockedGlobally;
1351 }
1352 // User is already an IP?
1353 if( IP::isIPAddress( $this->getName() ) ) {
1354 $ip = $this->getName();
1355 } else if( !$ip ) {
1356 $ip = wfGetIP();
1357 }
1358 $blocked = false;
1359 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1360 $this->mBlockedGlobally = (bool)$blocked;
1361 return $this->mBlockedGlobally;
1362 }
1363
1364 /**
1365 * Check if user account is locked
1366 *
1367 * @return \type{\bool} True if locked, false otherwise
1368 */
1369 function isLocked() {
1370 if( $this->mLocked !== null ) {
1371 return $this->mLocked;
1372 }
1373 global $wgAuth;
1374 $authUser = $wgAuth->getUserInstance( $this );
1375 $this->mLocked = (bool)$authUser->isLocked();
1376 return $this->mLocked;
1377 }
1378
1379 /**
1380 * Check if user account is hidden
1381 *
1382 * @return \type{\bool} True if hidden, false otherwise
1383 */
1384 function isHidden() {
1385 if( $this->mHideName !== null ) {
1386 return $this->mHideName;
1387 }
1388 $this->getBlockedStatus();
1389 if( !$this->mHideName ) {
1390 global $wgAuth;
1391 $authUser = $wgAuth->getUserInstance( $this );
1392 $this->mHideName = (bool)$authUser->isHidden();
1393 }
1394 return $this->mHideName;
1395 }
1396
1397 /**
1398 * Get the user's ID.
1399 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1400 */
1401 function getId() {
1402 if( $this->mId === null and $this->mName !== null
1403 and User::isIP( $this->mName ) ) {
1404 // Special case, we know the user is anonymous
1405 return 0;
1406 } elseif( $this->mId === null ) {
1407 // Don't load if this was initialized from an ID
1408 $this->load();
1409 }
1410 return $this->mId;
1411 }
1412
1413 /**
1414 * Set the user and reload all fields according to a given ID
1415 * @param $v \int User ID to reload
1416 */
1417 function setId( $v ) {
1418 $this->mId = $v;
1419 $this->clearInstanceCache( 'id' );
1420 }
1421
1422 /**
1423 * Get the user name, or the IP of an anonymous user
1424 * @return \string User's name or IP address
1425 */
1426 function getName() {
1427 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1428 # Special case optimisation
1429 return $this->mName;
1430 } else {
1431 $this->load();
1432 if ( $this->mName === false ) {
1433 # Clean up IPs
1434 $this->mName = IP::sanitizeIP( wfGetIP() );
1435 }
1436 return $this->mName;
1437 }
1438 }
1439
1440 /**
1441 * Set the user name.
1442 *
1443 * This does not reload fields from the database according to the given
1444 * name. Rather, it is used to create a temporary "nonexistent user" for
1445 * later addition to the database. It can also be used to set the IP
1446 * address for an anonymous user to something other than the current
1447 * remote IP.
1448 *
1449 * @note User::newFromName() has rougly the same function, when the named user
1450 * does not exist.
1451 * @param $str \string New user name to set
1452 */
1453 function setName( $str ) {
1454 $this->load();
1455 $this->mName = $str;
1456 }
1457
1458 /**
1459 * Get the user's name escaped by underscores.
1460 * @return \string Username escaped by underscores.
1461 */
1462 function getTitleKey() {
1463 return str_replace( ' ', '_', $this->getName() );
1464 }
1465
1466 /**
1467 * Check if the user has new messages.
1468 * @return \bool True if the user has new messages
1469 */
1470 function getNewtalk() {
1471 $this->load();
1472
1473 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1474 if( $this->mNewtalk === -1 ) {
1475 $this->mNewtalk = false; # reset talk page status
1476
1477 # Check memcached separately for anons, who have no
1478 # entire User object stored in there.
1479 if( !$this->mId ) {
1480 global $wgMemc;
1481 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1482 $newtalk = $wgMemc->get( $key );
1483 if( strval( $newtalk ) !== '' ) {
1484 $this->mNewtalk = (bool)$newtalk;
1485 } else {
1486 // Since we are caching this, make sure it is up to date by getting it
1487 // from the master
1488 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1489 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1490 }
1491 } else {
1492 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1493 }
1494 }
1495
1496 return (bool)$this->mNewtalk;
1497 }
1498
1499 /**
1500 * Return the talk page(s) this user has new messages on.
1501 * @return \type{\arrayof{\string}} Array of page URLs
1502 */
1503 function getNewMessageLinks() {
1504 $talks = array();
1505 if (!wfRunHooks('UserRetrieveNewTalks', array(&$this, &$talks)))
1506 return $talks;
1507
1508 if (!$this->getNewtalk())
1509 return array();
1510 $up = $this->getUserPage();
1511 $utp = $up->getTalkPage();
1512 return array(array("wiki" => wfWikiID(), "link" => $utp->getLocalURL()));
1513 }
1514
1515
1516 /**
1517 * Internal uncached check for new messages
1518 *
1519 * @see getNewtalk()
1520 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1521 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1522 * @param $fromMaster \bool true to fetch from the master, false for a slave
1523 * @return \bool True if the user has new messages
1524 * @private
1525 */
1526 function checkNewtalk( $field, $id, $fromMaster = false ) {
1527 if ( $fromMaster ) {
1528 $db = wfGetDB( DB_MASTER );
1529 } else {
1530 $db = wfGetDB( DB_SLAVE );
1531 }
1532 $ok = $db->selectField( 'user_newtalk', $field,
1533 array( $field => $id ), __METHOD__ );
1534 return $ok !== false;
1535 }
1536
1537 /**
1538 * Add or update the new messages flag
1539 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1540 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1541 * @return \bool True if successful, false otherwise
1542 * @private
1543 */
1544 function updateNewtalk( $field, $id ) {
1545 $dbw = wfGetDB( DB_MASTER );
1546 $dbw->insert( 'user_newtalk',
1547 array( $field => $id ),
1548 __METHOD__,
1549 'IGNORE' );
1550 if ( $dbw->affectedRows() ) {
1551 wfDebug( __METHOD__.": set on ($field, $id)\n" );
1552 return true;
1553 } else {
1554 wfDebug( __METHOD__." already set ($field, $id)\n" );
1555 return false;
1556 }
1557 }
1558
1559 /**
1560 * Clear the new messages flag for the given user
1561 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1562 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1563 * @return \bool True if successful, false otherwise
1564 * @private
1565 */
1566 function deleteNewtalk( $field, $id ) {
1567 $dbw = wfGetDB( DB_MASTER );
1568 $dbw->delete( 'user_newtalk',
1569 array( $field => $id ),
1570 __METHOD__ );
1571 if ( $dbw->affectedRows() ) {
1572 wfDebug( __METHOD__.": killed on ($field, $id)\n" );
1573 return true;
1574 } else {
1575 wfDebug( __METHOD__.": already gone ($field, $id)\n" );
1576 return false;
1577 }
1578 }
1579
1580 /**
1581 * Update the 'You have new messages!' status.
1582 * @param $val \bool Whether the user has new messages
1583 */
1584 function setNewtalk( $val ) {
1585 if( wfReadOnly() ) {
1586 return;
1587 }
1588
1589 $this->load();
1590 $this->mNewtalk = $val;
1591
1592 if( $this->isAnon() ) {
1593 $field = 'user_ip';
1594 $id = $this->getName();
1595 } else {
1596 $field = 'user_id';
1597 $id = $this->getId();
1598 }
1599 global $wgMemc;
1600
1601 if( $val ) {
1602 $changed = $this->updateNewtalk( $field, $id );
1603 } else {
1604 $changed = $this->deleteNewtalk( $field, $id );
1605 }
1606
1607 if( $this->isAnon() ) {
1608 // Anons have a separate memcached space, since
1609 // user records aren't kept for them.
1610 $key = wfMemcKey( 'newtalk', 'ip', $id );
1611 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1612 }
1613 if ( $changed ) {
1614 $this->invalidateCache();
1615 }
1616 }
1617
1618 /**
1619 * Generate a current or new-future timestamp to be stored in the
1620 * user_touched field when we update things.
1621 * @return \string Timestamp in TS_MW format
1622 */
1623 private static function newTouchedTimestamp() {
1624 global $wgClockSkewFudge;
1625 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1626 }
1627
1628 /**
1629 * Clear user data from memcached.
1630 * Use after applying fun updates to the database; caller's
1631 * responsibility to update user_touched if appropriate.
1632 *
1633 * Called implicitly from invalidateCache() and saveSettings().
1634 */
1635 private function clearSharedCache() {
1636 $this->load();
1637 if( $this->mId ) {
1638 global $wgMemc;
1639 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1640 }
1641 }
1642
1643 /**
1644 * Immediately touch the user data cache for this account.
1645 * Updates user_touched field, and removes account data from memcached
1646 * for reload on the next hit.
1647 */
1648 function invalidateCache() {
1649 $this->load();
1650 if( $this->mId ) {
1651 $this->mTouched = self::newTouchedTimestamp();
1652
1653 $dbw = wfGetDB( DB_MASTER );
1654 $dbw->update( 'user',
1655 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1656 array( 'user_id' => $this->mId ),
1657 __METHOD__ );
1658
1659 $this->clearSharedCache();
1660 }
1661 }
1662
1663 /**
1664 * Validate the cache for this account.
1665 * @param $timestamp \string A timestamp in TS_MW format
1666 */
1667 function validateCache( $timestamp ) {
1668 $this->load();
1669 return ($timestamp >= $this->mTouched);
1670 }
1671
1672 /**
1673 * Get the user touched timestamp
1674 */
1675 function getTouched() {
1676 $this->load();
1677 return $this->mTouched;
1678 }
1679
1680 /**
1681 * Set the password and reset the random token.
1682 * Calls through to authentication plugin if necessary;
1683 * will have no effect if the auth plugin refuses to
1684 * pass the change through or if the legal password
1685 * checks fail.
1686 *
1687 * As a special case, setting the password to null
1688 * wipes it, so the account cannot be logged in until
1689 * a new password is set, for instance via e-mail.
1690 *
1691 * @param $str \string New password to set
1692 * @throws PasswordError on failure
1693 */
1694 function setPassword( $str ) {
1695 global $wgAuth;
1696
1697 if( $str !== null ) {
1698 if( !$wgAuth->allowPasswordChange() ) {
1699 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1700 }
1701
1702 if( !$this->isValidPassword( $str ) ) {
1703 global $wgMinimalPasswordLength;
1704 throw new PasswordError( wfMsgExt( 'passwordtooshort', array( 'parsemag' ),
1705 $wgMinimalPasswordLength ) );
1706 }
1707 }
1708
1709 if( !$wgAuth->setPassword( $this, $str ) ) {
1710 throw new PasswordError( wfMsg( 'externaldberror' ) );
1711 }
1712
1713 $this->setInternalPassword( $str );
1714
1715 return true;
1716 }
1717
1718 /**
1719 * Set the password and reset the random token unconditionally.
1720 *
1721 * @param $str \string New password to set
1722 */
1723 function setInternalPassword( $str ) {
1724 $this->load();
1725 $this->setToken();
1726
1727 if( $str === null ) {
1728 // Save an invalid hash...
1729 $this->mPassword = '';
1730 } else {
1731 $this->mPassword = self::crypt( $str );
1732 }
1733 $this->mNewpassword = '';
1734 $this->mNewpassTime = null;
1735 }
1736
1737 /**
1738 * Get the user's current token.
1739 * @return \string Token
1740 */
1741 function getToken() {
1742 $this->load();
1743 return $this->mToken;
1744 }
1745
1746 /**
1747 * Set the random token (used for persistent authentication)
1748 * Called from loadDefaults() among other places.
1749 *
1750 * @param $token \string If specified, set the token to this value
1751 * @private
1752 */
1753 function setToken( $token = false ) {
1754 global $wgSecretKey, $wgProxyKey;
1755 $this->load();
1756 if ( !$token ) {
1757 if ( $wgSecretKey ) {
1758 $key = $wgSecretKey;
1759 } elseif ( $wgProxyKey ) {
1760 $key = $wgProxyKey;
1761 } else {
1762 $key = microtime();
1763 }
1764 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1765 } else {
1766 $this->mToken = $token;
1767 }
1768 }
1769
1770 /**
1771 * Set the cookie password
1772 *
1773 * @param $str \string New cookie password
1774 * @private
1775 */
1776 function setCookiePassword( $str ) {
1777 $this->load();
1778 $this->mCookiePassword = md5( $str );
1779 }
1780
1781 /**
1782 * Set the password for a password reminder or new account email
1783 *
1784 * @param $str \string New password to set
1785 * @param $throttle \bool If true, reset the throttle timestamp to the present
1786 */
1787 function setNewpassword( $str, $throttle = true ) {
1788 $this->load();
1789 $this->mNewpassword = self::crypt( $str );
1790 if ( $throttle ) {
1791 $this->mNewpassTime = wfTimestampNow();
1792 }
1793 }
1794
1795 /**
1796 * Has password reminder email been sent within the last
1797 * $wgPasswordReminderResendTime hours?
1798 * @return \bool True or false
1799 */
1800 function isPasswordReminderThrottled() {
1801 global $wgPasswordReminderResendTime;
1802 $this->load();
1803 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1804 return false;
1805 }
1806 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1807 return time() < $expiry;
1808 }
1809
1810 /**
1811 * Get the user's e-mail address
1812 * @return \string User's email address
1813 */
1814 function getEmail() {
1815 $this->load();
1816 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1817 return $this->mEmail;
1818 }
1819
1820 /**
1821 * Get the timestamp of the user's e-mail authentication
1822 * @return \string TS_MW timestamp
1823 */
1824 function getEmailAuthenticationTimestamp() {
1825 $this->load();
1826 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1827 return $this->mEmailAuthenticated;
1828 }
1829
1830 /**
1831 * Set the user's e-mail address
1832 * @param $str \string New e-mail address
1833 */
1834 function setEmail( $str ) {
1835 $this->load();
1836 $this->mEmail = $str;
1837 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1838 }
1839
1840 /**
1841 * Get the user's real name
1842 * @return \string User's real name
1843 */
1844 function getRealName() {
1845 $this->load();
1846 return $this->mRealName;
1847 }
1848
1849 /**
1850 * Set the user's real name
1851 * @param $str \string New real name
1852 */
1853 function setRealName( $str ) {
1854 $this->load();
1855 $this->mRealName = $str;
1856 }
1857
1858 /**
1859 * Get the user's current setting for a given option.
1860 *
1861 * @param $oname \string The option to check
1862 * @param $defaultOverride \string A default value returned if the option does not exist
1863 * @return \string User's current value for the option
1864 * @see getBoolOption()
1865 * @see getIntOption()
1866 */
1867 function getOption( $oname, $defaultOverride = null ) {
1868 $this->loadOptions();
1869
1870 if ( is_null( $this->mOptions ) ) {
1871 if($defaultOverride != '') {
1872 return $defaultOverride;
1873 }
1874 $this->mOptions = User::getDefaultOptions();
1875 }
1876
1877 if ( array_key_exists( $oname, $this->mOptions ) ) {
1878 return $this->mOptions[$oname];
1879 } else {
1880 return $defaultOverride;
1881 }
1882 }
1883
1884 /**
1885 * Get the user's current setting for a given option, as a boolean value.
1886 *
1887 * @param $oname \string The option to check
1888 * @return \bool User's current value for the option
1889 * @see getOption()
1890 */
1891 function getBoolOption( $oname ) {
1892 return (bool)$this->getOption( $oname );
1893 }
1894
1895
1896 /**
1897 * Get the user's current setting for a given option, as a boolean value.
1898 *
1899 * @param $oname \string The option to check
1900 * @param $defaultOverride \int A default value returned if the option does not exist
1901 * @return \int User's current value for the option
1902 * @see getOption()
1903 */
1904 function getIntOption( $oname, $defaultOverride=0 ) {
1905 $val = $this->getOption( $oname );
1906 if( $val == '' ) {
1907 $val = $defaultOverride;
1908 }
1909 return intval( $val );
1910 }
1911
1912 /**
1913 * Set the given option for a user.
1914 *
1915 * @param $oname \string The option to set
1916 * @param $val \mixed New value to set
1917 */
1918 function setOption( $oname, $val ) {
1919 $this->load();
1920 $this->loadOptions();
1921
1922 if ( $oname == 'skin' ) {
1923 # Clear cached skin, so the new one displays immediately in Special:Preferences
1924 unset( $this->mSkin );
1925 }
1926
1927 // Explicitly NULL values should refer to defaults
1928 global $wgDefaultUserOptions;
1929 if( is_null($val) && isset($wgDefaultUserOptions[$oname]) ) {
1930 $val = $wgDefaultUserOptions[$oname];
1931 }
1932
1933 $this->mOptions[$oname] = $val;
1934 }
1935
1936 /**
1937 * Reset all options to the site defaults
1938 */
1939 function resetOptions() {
1940 $this->mOptions = User::getDefaultOptions();
1941 }
1942
1943 /**
1944 * Get the user's preferred date format.
1945 * @return \string User's preferred date format
1946 */
1947 function getDatePreference() {
1948 // Important migration for old data rows
1949 if ( is_null( $this->mDatePreference ) ) {
1950 global $wgLang;
1951 $value = $this->getOption( 'date' );
1952 $map = $wgLang->getDatePreferenceMigrationMap();
1953 if ( isset( $map[$value] ) ) {
1954 $value = $map[$value];
1955 }
1956 $this->mDatePreference = $value;
1957 }
1958 return $this->mDatePreference;
1959 }
1960
1961 /**
1962 * Get the permissions this user has.
1963 * @return \type{\arrayof{\string}} Array of permission names
1964 */
1965 function getRights() {
1966 if ( is_null( $this->mRights ) ) {
1967 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
1968 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
1969 // Force reindexation of rights when a hook has unset one of them
1970 $this->mRights = array_values( $this->mRights );
1971 }
1972 return $this->mRights;
1973 }
1974
1975 /**
1976 * Get the list of explicit group memberships this user has.
1977 * The implicit * and user groups are not included.
1978 * @return \type{\arrayof{\string}} Array of internal group names
1979 */
1980 function getGroups() {
1981 $this->load();
1982 return $this->mGroups;
1983 }
1984
1985 /**
1986 * Get the list of implicit group memberships this user has.
1987 * This includes all explicit groups, plus 'user' if logged in,
1988 * '*' for all accounts and autopromoted groups
1989 * @param $recache \bool Whether to avoid the cache
1990 * @return \type{\arrayof{\string}} Array of internal group names
1991 */
1992 function getEffectiveGroups( $recache = false ) {
1993 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
1994 $this->mEffectiveGroups = $this->getGroups();
1995 $this->mEffectiveGroups[] = '*';
1996 if( $this->getId() ) {
1997 $this->mEffectiveGroups[] = 'user';
1998
1999 $this->mEffectiveGroups = array_unique( array_merge(
2000 $this->mEffectiveGroups,
2001 Autopromote::getAutopromoteGroups( $this )
2002 ) );
2003
2004 # Hook for additional groups
2005 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2006 }
2007 }
2008 return $this->mEffectiveGroups;
2009 }
2010
2011 /**
2012 * Get the user's edit count.
2013 * @return \int User'e edit count
2014 */
2015 function getEditCount() {
2016 if ($this->getId()) {
2017 if ( !isset( $this->mEditCount ) ) {
2018 /* Populate the count, if it has not been populated yet */
2019 $this->mEditCount = User::edits($this->mId);
2020 }
2021 return $this->mEditCount;
2022 } else {
2023 /* nil */
2024 return null;
2025 }
2026 }
2027
2028 /**
2029 * Add the user to the given group.
2030 * This takes immediate effect.
2031 * @param $group \string Name of the group to add
2032 */
2033 function addGroup( $group ) {
2034 $dbw = wfGetDB( DB_MASTER );
2035 if( $this->getId() ) {
2036 $dbw->insert( 'user_groups',
2037 array(
2038 'ug_user' => $this->getID(),
2039 'ug_group' => $group,
2040 ),
2041 'User::addGroup',
2042 array( 'IGNORE' ) );
2043 }
2044
2045 $this->loadGroups();
2046 $this->mGroups[] = $group;
2047 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2048
2049 $this->invalidateCache();
2050 }
2051
2052 /**
2053 * Remove the user from the given group.
2054 * This takes immediate effect.
2055 * @param $group \string Name of the group to remove
2056 */
2057 function removeGroup( $group ) {
2058 $this->load();
2059 $dbw = wfGetDB( DB_MASTER );
2060 $dbw->delete( 'user_groups',
2061 array(
2062 'ug_user' => $this->getID(),
2063 'ug_group' => $group,
2064 ),
2065 'User::removeGroup' );
2066
2067 $this->loadGroups();
2068 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2069 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2070
2071 $this->invalidateCache();
2072 }
2073
2074
2075 /**
2076 * Get whether the user is logged in
2077 * @return \bool True or false
2078 */
2079 function isLoggedIn() {
2080 return $this->getID() != 0;
2081 }
2082
2083 /**
2084 * Get whether the user is anonymous
2085 * @return \bool True or false
2086 */
2087 function isAnon() {
2088 return !$this->isLoggedIn();
2089 }
2090
2091 /**
2092 * Get whether the user is a bot
2093 * @return \bool True or false
2094 * @deprecated
2095 */
2096 function isBot() {
2097 wfDeprecated( __METHOD__ );
2098 return $this->isAllowed( 'bot' );
2099 }
2100
2101 /**
2102 * Check if user is allowed to access a feature / make an action
2103 * @param $action \string action to be checked
2104 * @return \bool True if action is allowed, else false
2105 */
2106 function isAllowed( $action = '' ) {
2107 if ( $action === '' )
2108 return true; // In the spirit of DWIM
2109 # Patrolling may not be enabled
2110 if( $action === 'patrol' || $action === 'autopatrol' ) {
2111 global $wgUseRCPatrol, $wgUseNPPatrol;
2112 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2113 return false;
2114 }
2115 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2116 # by misconfiguration: 0 == 'foo'
2117 return in_array( $action, $this->getRights(), true );
2118 }
2119
2120 /**
2121 * Check whether to enable recent changes patrol features for this user
2122 * @return \bool True or false
2123 */
2124 public function useRCPatrol() {
2125 global $wgUseRCPatrol;
2126 return( $wgUseRCPatrol && ($this->isAllowed('patrol') || $this->isAllowed('patrolmarks')) );
2127 }
2128
2129 /**
2130 * Check whether to enable new pages patrol features for this user
2131 * @return \bool True or false
2132 */
2133 public function useNPPatrol() {
2134 global $wgUseRCPatrol, $wgUseNPPatrol;
2135 return( ($wgUseRCPatrol || $wgUseNPPatrol) && ($this->isAllowed('patrol') || $this->isAllowed('patrolmarks')) );
2136 }
2137
2138 /**
2139 * Get the current skin, loading it if required, and setting a title
2140 * @param $t Title: the title to use in the skin
2141 * @return Skin The current skin
2142 * @todo FIXME : need to check the old failback system [AV]
2143 */
2144 function &getSkin( $t = null ) {
2145 if ( ! isset( $this->mSkin ) ) {
2146 wfProfileIn( __METHOD__ );
2147
2148 global $wgHiddenPrefs;
2149 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2150 # get the user skin
2151 global $wgRequest;
2152 $userSkin = $this->getOption( 'skin' );
2153 $userSkin = $wgRequest->getVal('useskin', $userSkin);
2154 } else {
2155 # if we're not allowing users to override, then use the default
2156 global $wgDefaultSkin;
2157 $userSkin = $wgDefaultSkin;
2158 }
2159
2160 $this->mSkin =& Skin::newFromKey( $userSkin );
2161 wfProfileOut( __METHOD__ );
2162 }
2163 if( $t || !$this->mSkin->getTitle() ) {
2164 if ( !$t ) {
2165 global $wgOut;
2166 $t = $wgOut->getTitle();
2167 }
2168 $this->mSkin->setTitle( $t );
2169 }
2170 return $this->mSkin;
2171 }
2172
2173 /**
2174 * Check the watched status of an article.
2175 * @param $title \type{Title} Title of the article to look at
2176 * @return \bool True if article is watched
2177 */
2178 function isWatched( $title ) {
2179 $wl = WatchedItem::fromUserTitle( $this, $title );
2180 return $wl->isWatched();
2181 }
2182
2183 /**
2184 * Watch an article.
2185 * @param $title \type{Title} Title of the article to look at
2186 */
2187 function addWatch( $title ) {
2188 $wl = WatchedItem::fromUserTitle( $this, $title );
2189 $wl->addWatch();
2190 $this->invalidateCache();
2191 }
2192
2193 /**
2194 * Stop watching an article.
2195 * @param $title \type{Title} Title of the article to look at
2196 */
2197 function removeWatch( $title ) {
2198 $wl = WatchedItem::fromUserTitle( $this, $title );
2199 $wl->removeWatch();
2200 $this->invalidateCache();
2201 }
2202
2203 /**
2204 * Clear the user's notification timestamp for the given title.
2205 * If e-notif e-mails are on, they will receive notification mails on
2206 * the next change of the page if it's watched etc.
2207 * @param $title \type{Title} Title of the article to look at
2208 */
2209 function clearNotification( &$title ) {
2210 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2211
2212 # Do nothing if the database is locked to writes
2213 if( wfReadOnly() ) {
2214 return;
2215 }
2216
2217 if ($title->getNamespace() == NS_USER_TALK &&
2218 $title->getText() == $this->getName() ) {
2219 if (!wfRunHooks('UserClearNewTalkNotification', array(&$this)))
2220 return;
2221 $this->setNewtalk( false );
2222 }
2223
2224 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2225 return;
2226 }
2227
2228 if( $this->isAnon() ) {
2229 // Nothing else to do...
2230 return;
2231 }
2232
2233 // Only update the timestamp if the page is being watched.
2234 // The query to find out if it is watched is cached both in memcached and per-invocation,
2235 // and when it does have to be executed, it can be on a slave
2236 // If this is the user's newtalk page, we always update the timestamp
2237 if ($title->getNamespace() == NS_USER_TALK &&
2238 $title->getText() == $wgUser->getName())
2239 {
2240 $watched = true;
2241 } elseif ( $this->getId() == $wgUser->getId() ) {
2242 $watched = $title->userIsWatching();
2243 } else {
2244 $watched = true;
2245 }
2246
2247 // If the page is watched by the user (or may be watched), update the timestamp on any
2248 // any matching rows
2249 if ( $watched ) {
2250 $dbw = wfGetDB( DB_MASTER );
2251 $dbw->update( 'watchlist',
2252 array( /* SET */
2253 'wl_notificationtimestamp' => NULL
2254 ), array( /* WHERE */
2255 'wl_title' => $title->getDBkey(),
2256 'wl_namespace' => $title->getNamespace(),
2257 'wl_user' => $this->getID()
2258 ), __METHOD__
2259 );
2260 }
2261 }
2262
2263 /**
2264 * Resets all of the given user's page-change notification timestamps.
2265 * If e-notif e-mails are on, they will receive notification mails on
2266 * the next change of any watched page.
2267 *
2268 * @param $currentUser \int User ID
2269 */
2270 function clearAllNotifications( $currentUser ) {
2271 global $wgUseEnotif, $wgShowUpdatedMarker;
2272 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2273 $this->setNewtalk( false );
2274 return;
2275 }
2276 if( $currentUser != 0 ) {
2277 $dbw = wfGetDB( DB_MASTER );
2278 $dbw->update( 'watchlist',
2279 array( /* SET */
2280 'wl_notificationtimestamp' => NULL
2281 ), array( /* WHERE */
2282 'wl_user' => $currentUser
2283 ), __METHOD__
2284 );
2285 # We also need to clear here the "you have new message" notification for the own user_talk page
2286 # This is cleared one page view later in Article::viewUpdates();
2287 }
2288 }
2289
2290 /**
2291 * Set this user's options from an encoded string
2292 * @param $str \string Encoded options to import
2293 * @private
2294 */
2295 function decodeOptions( $str ) {
2296 if (!$str)
2297 return;
2298
2299 $this->mOptionsLoaded = true;
2300 $this->mOptionOverrides = array();
2301
2302 $this->mOptions = array();
2303 $a = explode( "\n", $str );
2304 foreach ( $a as $s ) {
2305 $m = array();
2306 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2307 $this->mOptions[$m[1]] = $m[2];
2308 $this->mOptionOverrides[$m[1]] = $m[2];
2309 }
2310 }
2311 }
2312
2313 /**
2314 * Set a cookie on the user's client. Wrapper for
2315 * WebResponse::setCookie
2316 * @param $name \string Name of the cookie to set
2317 * @param $value \string Value to set
2318 * @param $exp \int Expiration time, as a UNIX time value;
2319 * if 0 or not specified, use the default $wgCookieExpiration
2320 */
2321 protected function setCookie( $name, $value, $exp=0 ) {
2322 global $wgRequest;
2323 $wgRequest->response()->setcookie( $name, $value, $exp );
2324 }
2325
2326 /**
2327 * Clear a cookie on the user's client
2328 * @param $name \string Name of the cookie to clear
2329 */
2330 protected function clearCookie( $name ) {
2331 $this->setCookie( $name, '', time() - 86400 );
2332 }
2333
2334 /**
2335 * Set the default cookies for this session on the user's client.
2336 */
2337 function setCookies() {
2338 $this->load();
2339 if ( 0 == $this->mId ) return;
2340 $session = array(
2341 'wsUserID' => $this->mId,
2342 'wsToken' => $this->mToken,
2343 'wsUserName' => $this->getName()
2344 );
2345 $cookies = array(
2346 'UserID' => $this->mId,
2347 'UserName' => $this->getName(),
2348 );
2349 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2350 $cookies['Token'] = $this->mToken;
2351 } else {
2352 $cookies['Token'] = false;
2353 }
2354
2355 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2356 #check for null, since the hook could cause a null value
2357 if ( !is_null( $session ) && isset( $_SESSION ) ){
2358 $_SESSION = $session + $_SESSION;
2359 }
2360 foreach ( $cookies as $name => $value ) {
2361 if ( $value === false ) {
2362 $this->clearCookie( $name );
2363 } else {
2364 $this->setCookie( $name, $value );
2365 }
2366 }
2367 }
2368
2369 /**
2370 * Log this user out.
2371 */
2372 function logout() {
2373 if( wfRunHooks( 'UserLogout', array(&$this) ) ) {
2374 $this->doLogout();
2375 }
2376 }
2377
2378 /**
2379 * Clear the user's cookies and session, and reset the instance cache.
2380 * @private
2381 * @see logout()
2382 */
2383 function doLogout() {
2384 $this->clearInstanceCache( 'defaults' );
2385
2386 $_SESSION['wsUserID'] = 0;
2387
2388 $this->clearCookie( 'UserID' );
2389 $this->clearCookie( 'Token' );
2390
2391 # Remember when user logged out, to prevent seeing cached pages
2392 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2393 }
2394
2395 /**
2396 * Save this user's settings into the database.
2397 * @todo Only rarely do all these fields need to be set!
2398 */
2399 function saveSettings() {
2400 $this->load();
2401 if ( wfReadOnly() ) { return; }
2402 if ( 0 == $this->mId ) { return; }
2403
2404 $this->mTouched = self::newTouchedTimestamp();
2405
2406 $dbw = wfGetDB( DB_MASTER );
2407 $dbw->update( 'user',
2408 array( /* SET */
2409 'user_name' => $this->mName,
2410 'user_password' => $this->mPassword,
2411 'user_newpassword' => $this->mNewpassword,
2412 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2413 'user_real_name' => $this->mRealName,
2414 'user_email' => $this->mEmail,
2415 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2416 'user_options' => '',
2417 'user_touched' => $dbw->timestamp($this->mTouched),
2418 'user_token' => $this->mToken,
2419 'user_email_token' => $this->mEmailToken,
2420 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2421 ), array( /* WHERE */
2422 'user_id' => $this->mId
2423 ), __METHOD__
2424 );
2425
2426 $this->saveOptions();
2427
2428 wfRunHooks( 'UserSaveSettings', array( $this ) );
2429 $this->clearSharedCache();
2430 $this->getUserPage()->invalidateCache();
2431 }
2432
2433 /**
2434 * If only this user's username is known, and it exists, return the user ID.
2435 */
2436 function idForName() {
2437 $s = trim( $this->getName() );
2438 if ( $s === '' ) return 0;
2439
2440 $dbr = wfGetDB( DB_SLAVE );
2441 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2442 if ( $id === false ) {
2443 $id = 0;
2444 }
2445 return $id;
2446 }
2447
2448 /**
2449 * Add a user to the database, return the user object
2450 *
2451 * @param $name \string Username to add
2452 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2453 * - password The user's password. Password logins will be disabled if this is omitted.
2454 * - newpassword A temporary password mailed to the user
2455 * - email The user's email address
2456 * - email_authenticated The email authentication timestamp
2457 * - real_name The user's real name
2458 * - options An associative array of non-default options
2459 * - token Random authentication token. Do not set.
2460 * - registration Registration timestamp. Do not set.
2461 *
2462 * @return \type{User} A new User object, or null if the username already exists
2463 */
2464 static function createNew( $name, $params = array() ) {
2465 $user = new User;
2466 $user->load();
2467 if ( isset( $params['options'] ) ) {
2468 $user->mOptions = $params['options'] + $user->mOptions;
2469 unset( $params['options'] );
2470 }
2471 $dbw = wfGetDB( DB_MASTER );
2472 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2473 $fields = array(
2474 'user_id' => $seqVal,
2475 'user_name' => $name,
2476 'user_password' => $user->mPassword,
2477 'user_newpassword' => $user->mNewpassword,
2478 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2479 'user_email' => $user->mEmail,
2480 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2481 'user_real_name' => $user->mRealName,
2482 'user_options' => '',
2483 'user_token' => $user->mToken,
2484 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2485 'user_editcount' => 0,
2486 );
2487 foreach ( $params as $name => $value ) {
2488 $fields["user_$name"] = $value;
2489 }
2490 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2491 if ( $dbw->affectedRows() ) {
2492 $newUser = User::newFromId( $dbw->insertId() );
2493 } else {
2494 $newUser = null;
2495 }
2496 return $newUser;
2497 }
2498
2499 /**
2500 * Add this existing user object to the database
2501 */
2502 function addToDatabase() {
2503 $this->load();
2504 $dbw = wfGetDB( DB_MASTER );
2505 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2506 $dbw->insert( 'user',
2507 array(
2508 'user_id' => $seqVal,
2509 'user_name' => $this->mName,
2510 'user_password' => $this->mPassword,
2511 'user_newpassword' => $this->mNewpassword,
2512 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2513 'user_email' => $this->mEmail,
2514 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2515 'user_real_name' => $this->mRealName,
2516 'user_options' => '',
2517 'user_token' => $this->mToken,
2518 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2519 'user_editcount' => 0,
2520 ), __METHOD__
2521 );
2522 $this->mId = $dbw->insertId();
2523
2524 // Clear instance cache other than user table data, which is already accurate
2525 $this->clearInstanceCache();
2526
2527 $this->saveOptions();
2528 }
2529
2530 /**
2531 * If this (non-anonymous) user is blocked, block any IP address
2532 * they've successfully logged in from.
2533 */
2534 function spreadBlock() {
2535 wfDebug( __METHOD__."()\n" );
2536 $this->load();
2537 if ( $this->mId == 0 ) {
2538 return;
2539 }
2540
2541 $userblock = Block::newFromDB( '', $this->mId );
2542 if ( !$userblock ) {
2543 return;
2544 }
2545
2546 $userblock->doAutoblock( wfGetIp() );
2547
2548 }
2549
2550 /**
2551 * Generate a string which will be different for any combination of
2552 * user options which would produce different parser output.
2553 * This will be used as part of the hash key for the parser cache,
2554 * so users will the same options can share the same cached data
2555 * safely.
2556 *
2557 * Extensions which require it should install 'PageRenderingHash' hook,
2558 * which will give them a chance to modify this key based on their own
2559 * settings.
2560 *
2561 * @return \string Page rendering hash
2562 */
2563 function getPageRenderingHash() {
2564 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2565 if( $this->mHash ){
2566 return $this->mHash;
2567 }
2568
2569 // stubthreshold is only included below for completeness,
2570 // it will always be 0 when this function is called by parsercache.
2571
2572 $confstr = $this->getOption( 'math' );
2573 $confstr .= '!' . $this->getOption( 'stubthreshold' );
2574 if ( $wgUseDynamicDates ) {
2575 $confstr .= '!' . $this->getDatePreference();
2576 }
2577 $confstr .= '!' . ($this->getOption( 'numberheadings' ) ? '1' : '');
2578 $confstr .= '!' . $wgLang->getCode();
2579 $confstr .= '!' . $this->getOption( 'thumbsize' );
2580 // add in language specific options, if any
2581 $extra = $wgContLang->getExtraHashOptions();
2582 $confstr .= $extra;
2583
2584 $confstr .= $wgRenderHashAppend;
2585
2586 // Give a chance for extensions to modify the hash, if they have
2587 // extra options or other effects on the parser cache.
2588 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2589
2590 // Make it a valid memcached key fragment
2591 $confstr = str_replace( ' ', '_', $confstr );
2592 $this->mHash = $confstr;
2593 return $confstr;
2594 }
2595
2596 /**
2597 * Get whether the user is explicitly blocked from account creation.
2598 * @return \bool True if blocked
2599 */
2600 function isBlockedFromCreateAccount() {
2601 $this->getBlockedStatus();
2602 return $this->mBlock && $this->mBlock->mCreateAccount;
2603 }
2604
2605 /**
2606 * Get whether the user is blocked from using Special:Emailuser.
2607 * @return \bool True if blocked
2608 */
2609 function isBlockedFromEmailuser() {
2610 $this->getBlockedStatus();
2611 return $this->mBlock && $this->mBlock->mBlockEmail;
2612 }
2613
2614 /**
2615 * Get whether the user is allowed to create an account.
2616 * @return \bool True if allowed
2617 */
2618 function isAllowedToCreateAccount() {
2619 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2620 }
2621
2622 /**
2623 * @deprecated
2624 */
2625 function setLoaded( $loaded ) {
2626 wfDeprecated( __METHOD__ );
2627 }
2628
2629 /**
2630 * Get this user's personal page title.
2631 *
2632 * @return \type{Title} User's personal page title
2633 */
2634 function getUserPage() {
2635 return Title::makeTitle( NS_USER, $this->getName() );
2636 }
2637
2638 /**
2639 * Get this user's talk page title.
2640 *
2641 * @return \type{Title} User's talk page title
2642 */
2643 function getTalkPage() {
2644 $title = $this->getUserPage();
2645 return $title->getTalkPage();
2646 }
2647
2648 /**
2649 * Get the maximum valid user ID.
2650 * @return \int User ID
2651 * @static
2652 */
2653 function getMaxID() {
2654 static $res; // cache
2655
2656 if ( isset( $res ) )
2657 return $res;
2658 else {
2659 $dbr = wfGetDB( DB_SLAVE );
2660 return $res = $dbr->selectField( 'user', 'max(user_id)', false, 'User::getMaxID' );
2661 }
2662 }
2663
2664 /**
2665 * Determine whether the user is a newbie. Newbies are either
2666 * anonymous IPs, or the most recently created accounts.
2667 * @return \bool True if the user is a newbie
2668 */
2669 function isNewbie() {
2670 return !$this->isAllowed( 'autoconfirmed' );
2671 }
2672
2673 /**
2674 * Is the user active? We check to see if they've made at least
2675 * X number of edits in the last Y days.
2676 *
2677 * @return \bool True if the user is active, false if not.
2678 */
2679 public function isActiveEditor() {
2680 global $wgActiveUserEditCount, $wgActiveUserDays;
2681 $dbr = wfGetDB( DB_SLAVE );
2682
2683 // Stolen without shame from RC
2684 $cutoff_unixtime = time() - ( $wgActiveUserDays * 86400 );
2685 $cutoff_unixtime = $cutoff_unixtime - ( $cutoff_unixtime % 86400 );
2686 $oldTime = $dbr->addQuotes( $dbr->timestamp( $cutoff_unixtime ) );
2687
2688 $res = $dbr->select( 'revision', '1',
2689 array( 'rev_user_text' => $this->getName(), "rev_timestamp > $oldTime"),
2690 __METHOD__,
2691 array('LIMIT' => $wgActiveUserEditCount ) );
2692
2693 $count = $dbr->numRows($res);
2694 $dbr->freeResult($res);
2695
2696 return $count == $wgActiveUserEditCount;
2697 }
2698
2699 /**
2700 * Check to see if the given clear-text password is one of the accepted passwords
2701 * @param $password \string user password.
2702 * @return \bool True if the given password is correct, otherwise False.
2703 */
2704 function checkPassword( $password ) {
2705 global $wgAuth;
2706 $this->load();
2707
2708 // Even though we stop people from creating passwords that
2709 // are shorter than this, doesn't mean people wont be able
2710 // to. Certain authentication plugins do NOT want to save
2711 // domain passwords in a mysql database, so we should
2712 // check this (incase $wgAuth->strict() is false).
2713 if( !$this->isValidPassword( $password ) ) {
2714 return false;
2715 }
2716
2717 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2718 return true;
2719 } elseif( $wgAuth->strict() ) {
2720 /* Auth plugin doesn't allow local authentication */
2721 return false;
2722 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2723 /* Auth plugin doesn't allow local authentication for this user name */
2724 return false;
2725 }
2726 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2727 return true;
2728 } elseif ( function_exists( 'iconv' ) ) {
2729 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2730 # Check for this with iconv
2731 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2732 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2733 return true;
2734 }
2735 }
2736 return false;
2737 }
2738
2739 /**
2740 * Check if the given clear-text password matches the temporary password
2741 * sent by e-mail for password reset operations.
2742 * @return \bool True if matches, false otherwise
2743 */
2744 function checkTemporaryPassword( $plaintext ) {
2745 global $wgNewPasswordExpiry;
2746 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2747 $this->load();
2748 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2749 return ( time() < $expiry );
2750 } else {
2751 return false;
2752 }
2753 }
2754
2755 /**
2756 * Initialize (if necessary) and return a session token value
2757 * which can be used in edit forms to show that the user's
2758 * login credentials aren't being hijacked with a foreign form
2759 * submission.
2760 *
2761 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2762 * @return \string The new edit token
2763 */
2764 function editToken( $salt = '' ) {
2765 if ( $this->isAnon() ) {
2766 return EDIT_TOKEN_SUFFIX;
2767 } else {
2768 if( !isset( $_SESSION['wsEditToken'] ) ) {
2769 $token = $this->generateToken();
2770 $_SESSION['wsEditToken'] = $token;
2771 } else {
2772 $token = $_SESSION['wsEditToken'];
2773 }
2774 if( is_array( $salt ) ) {
2775 $salt = implode( '|', $salt );
2776 }
2777 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2778 }
2779 }
2780
2781 /**
2782 * Generate a looking random token for various uses.
2783 *
2784 * @param $salt \string Optional salt value
2785 * @return \string The new random token
2786 */
2787 function generateToken( $salt = '' ) {
2788 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2789 return md5( $token . $salt );
2790 }
2791
2792 /**
2793 * Check given value against the token value stored in the session.
2794 * A match should confirm that the form was submitted from the
2795 * user's own login session, not a form submission from a third-party
2796 * site.
2797 *
2798 * @param $val \string Input value to compare
2799 * @param $salt \string Optional function-specific data for hashing
2800 * @return \bool Whether the token matches
2801 */
2802 function matchEditToken( $val, $salt = '' ) {
2803 $sessionToken = $this->editToken( $salt );
2804 if ( $val != $sessionToken ) {
2805 wfDebug( "User::matchEditToken: broken session data\n" );
2806 }
2807 return $val == $sessionToken;
2808 }
2809
2810 /**
2811 * Check given value against the token value stored in the session,
2812 * ignoring the suffix.
2813 *
2814 * @param $val \string Input value to compare
2815 * @param $salt \string Optional function-specific data for hashing
2816 * @return \bool Whether the token matches
2817 */
2818 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2819 $sessionToken = $this->editToken( $salt );
2820 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2821 }
2822
2823 /**
2824 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2825 * mail to the user's given address.
2826 *
2827 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2828 */
2829 function sendConfirmationMail() {
2830 global $wgLang;
2831 $expiration = null; // gets passed-by-ref and defined in next line.
2832 $token = $this->confirmationToken( $expiration );
2833 $url = $this->confirmationTokenUrl( $token );
2834 $invalidateURL = $this->invalidationTokenUrl( $token );
2835 $this->saveSettings();
2836
2837 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2838 wfMsg( 'confirmemail_body',
2839 wfGetIP(),
2840 $this->getName(),
2841 $url,
2842 $wgLang->timeanddate( $expiration, false ),
2843 $invalidateURL,
2844 $wgLang->date( $expiration, false ),
2845 $wgLang->time( $expiration, false ) ) );
2846 }
2847
2848 /**
2849 * Send an e-mail to this user's account. Does not check for
2850 * confirmed status or validity.
2851 *
2852 * @param $subject \string Message subject
2853 * @param $body \string Message body
2854 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2855 * @param $replyto \string Reply-To address
2856 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2857 */
2858 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2859 if( is_null( $from ) ) {
2860 global $wgPasswordSender;
2861 $from = $wgPasswordSender;
2862 }
2863
2864 $to = new MailAddress( $this );
2865 $sender = new MailAddress( $from );
2866 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2867 }
2868
2869 /**
2870 * Generate, store, and return a new e-mail confirmation code.
2871 * A hash (unsalted, since it's used as a key) is stored.
2872 *
2873 * @note Call saveSettings() after calling this function to commit
2874 * this change to the database.
2875 *
2876 * @param[out] &$expiration \mixed Accepts the expiration time
2877 * @return \string New token
2878 * @private
2879 */
2880 function confirmationToken( &$expiration ) {
2881 $now = time();
2882 $expires = $now + 7 * 24 * 60 * 60;
2883 $expiration = wfTimestamp( TS_MW, $expires );
2884 $token = $this->generateToken( $this->mId . $this->mEmail . $expires );
2885 $hash = md5( $token );
2886 $this->load();
2887 $this->mEmailToken = $hash;
2888 $this->mEmailTokenExpires = $expiration;
2889 return $token;
2890 }
2891
2892 /**
2893 * Return a URL the user can use to confirm their email address.
2894 * @param $token \string Accepts the email confirmation token
2895 * @return \string New token URL
2896 * @private
2897 */
2898 function confirmationTokenUrl( $token ) {
2899 return $this->getTokenUrl( 'ConfirmEmail', $token );
2900 }
2901 /**
2902 * Return a URL the user can use to invalidate their email address.
2903 * @param $token \string Accepts the email confirmation token
2904 * @return \string New token URL
2905 * @private
2906 */
2907 function invalidationTokenUrl( $token ) {
2908 return $this->getTokenUrl( 'Invalidateemail', $token );
2909 }
2910
2911 /**
2912 * Internal function to format the e-mail validation/invalidation URLs.
2913 * This uses $wgArticlePath directly as a quickie hack to use the
2914 * hardcoded English names of the Special: pages, for ASCII safety.
2915 *
2916 * @note Since these URLs get dropped directly into emails, using the
2917 * short English names avoids insanely long URL-encoded links, which
2918 * also sometimes can get corrupted in some browsers/mailers
2919 * (bug 6957 with Gmail and Internet Explorer).
2920 *
2921 * @param $page \string Special page
2922 * @param $token \string Token
2923 * @return \string Formatted URL
2924 */
2925 protected function getTokenUrl( $page, $token ) {
2926 global $wgArticlePath;
2927 return wfExpandUrl(
2928 str_replace(
2929 '$1',
2930 "Special:$page/$token",
2931 $wgArticlePath ) );
2932 }
2933
2934 /**
2935 * Mark the e-mail address confirmed.
2936 *
2937 * @note Call saveSettings() after calling this function to commit the change.
2938 */
2939 function confirmEmail() {
2940 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
2941 return true;
2942 }
2943
2944 /**
2945 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
2946 * address if it was already confirmed.
2947 *
2948 * @note Call saveSettings() after calling this function to commit the change.
2949 */
2950 function invalidateEmail() {
2951 $this->load();
2952 $this->mEmailToken = null;
2953 $this->mEmailTokenExpires = null;
2954 $this->setEmailAuthenticationTimestamp( null );
2955 return true;
2956 }
2957
2958 /**
2959 * Set the e-mail authentication timestamp.
2960 * @param $timestamp \string TS_MW timestamp
2961 */
2962 function setEmailAuthenticationTimestamp( $timestamp ) {
2963 $this->load();
2964 $this->mEmailAuthenticated = $timestamp;
2965 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2966 }
2967
2968 /**
2969 * Is this user allowed to send e-mails within limits of current
2970 * site configuration?
2971 * @return \bool True if allowed
2972 */
2973 function canSendEmail() {
2974 global $wgEnableEmail, $wgEnableUserEmail;
2975 if( !$wgEnableEmail || !$wgEnableUserEmail ) {
2976 return false;
2977 }
2978 $canSend = $this->isEmailConfirmed();
2979 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
2980 return $canSend;
2981 }
2982
2983 /**
2984 * Is this user allowed to receive e-mails within limits of current
2985 * site configuration?
2986 * @return \bool True if allowed
2987 */
2988 function canReceiveEmail() {
2989 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
2990 }
2991
2992 /**
2993 * Is this user's e-mail address valid-looking and confirmed within
2994 * limits of the current site configuration?
2995 *
2996 * @note If $wgEmailAuthentication is on, this may require the user to have
2997 * confirmed their address by returning a code or using a password
2998 * sent to the address from the wiki.
2999 *
3000 * @return \bool True if confirmed
3001 */
3002 function isEmailConfirmed() {
3003 global $wgEmailAuthentication;
3004 $this->load();
3005 $confirmed = true;
3006 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3007 if( $this->isAnon() )
3008 return false;
3009 if( !self::isValidEmailAddr( $this->mEmail ) )
3010 return false;
3011 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3012 return false;
3013 return true;
3014 } else {
3015 return $confirmed;
3016 }
3017 }
3018
3019 /**
3020 * Check whether there is an outstanding request for e-mail confirmation.
3021 * @return \bool True if pending
3022 */
3023 function isEmailConfirmationPending() {
3024 global $wgEmailAuthentication;
3025 return $wgEmailAuthentication &&
3026 !$this->isEmailConfirmed() &&
3027 $this->mEmailToken &&
3028 $this->mEmailTokenExpires > wfTimestamp();
3029 }
3030
3031 /**
3032 * Get the timestamp of account creation.
3033 *
3034 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3035 * non-existent/anonymous user accounts.
3036 */
3037 public function getRegistration() {
3038 return $this->getId() > 0
3039 ? $this->mRegistration
3040 : false;
3041 }
3042
3043 /**
3044 * Get the timestamp of the first edit
3045 *
3046 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3047 * non-existent/anonymous user accounts.
3048 */
3049 public function getFirstEditTimestamp() {
3050 if( $this->getId() == 0 ) return false; // anons
3051 $dbr = wfGetDB( DB_SLAVE );
3052 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3053 array( 'rev_user' => $this->getId() ),
3054 __METHOD__,
3055 array( 'ORDER BY' => 'rev_timestamp ASC' )
3056 );
3057 if( !$time ) return false; // no edits
3058 return wfTimestamp( TS_MW, $time );
3059 }
3060
3061 /**
3062 * Get the permissions associated with a given list of groups
3063 *
3064 * @param $groups \type{\arrayof{\string}} List of internal group names
3065 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3066 */
3067 static function getGroupPermissions( $groups ) {
3068 global $wgGroupPermissions;
3069 $rights = array();
3070 foreach( $groups as $group ) {
3071 if( isset( $wgGroupPermissions[$group] ) ) {
3072 $rights = array_merge( $rights,
3073 // array_filter removes empty items
3074 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3075 }
3076 }
3077 return array_unique($rights);
3078 }
3079
3080 /**
3081 * Get all the groups who have a given permission
3082 *
3083 * @param $role \string Role to check
3084 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3085 */
3086 static function getGroupsWithPermission( $role ) {
3087 global $wgGroupPermissions;
3088 $allowedGroups = array();
3089 foreach ( $wgGroupPermissions as $group => $rights ) {
3090 if ( isset( $rights[$role] ) && $rights[$role] ) {
3091 $allowedGroups[] = $group;
3092 }
3093 }
3094 return $allowedGroups;
3095 }
3096
3097 /**
3098 * Get the localized descriptive name for a group, if it exists
3099 *
3100 * @param $group \string Internal group name
3101 * @return \string Localized descriptive group name
3102 */
3103 static function getGroupName( $group ) {
3104 global $wgMessageCache;
3105 $wgMessageCache->loadAllMessages();
3106 $key = "group-$group";
3107 $name = wfMsg( $key );
3108 return $name == '' || wfEmptyMsg( $key, $name )
3109 ? $group
3110 : $name;
3111 }
3112
3113 /**
3114 * Get the localized descriptive name for a member of a group, if it exists
3115 *
3116 * @param $group \string Internal group name
3117 * @return \string Localized name for group member
3118 */
3119 static function getGroupMember( $group ) {
3120 global $wgMessageCache;
3121 $wgMessageCache->loadAllMessages();
3122 $key = "group-$group-member";
3123 $name = wfMsg( $key );
3124 return $name == '' || wfEmptyMsg( $key, $name )
3125 ? $group
3126 : $name;
3127 }
3128
3129 /**
3130 * Return the set of defined explicit groups.
3131 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3132 * are not included, as they are defined automatically, not in the database.
3133 * @return \type{\arrayof{\string}} Array of internal group names
3134 */
3135 static function getAllGroups() {
3136 global $wgGroupPermissions;
3137 return array_diff(
3138 array_keys( $wgGroupPermissions ),
3139 self::getImplicitGroups()
3140 );
3141 }
3142
3143 /**
3144 * Get a list of all available permissions.
3145 * @return \type{\arrayof{\string}} Array of permission names
3146 */
3147 static function getAllRights() {
3148 if ( self::$mAllRights === false ) {
3149 global $wgAvailableRights;
3150 if ( count( $wgAvailableRights ) ) {
3151 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3152 } else {
3153 self::$mAllRights = self::$mCoreRights;
3154 }
3155 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3156 }
3157 return self::$mAllRights;
3158 }
3159
3160 /**
3161 * Get a list of implicit groups
3162 * @return \type{\arrayof{\string}} Array of internal group names
3163 */
3164 public static function getImplicitGroups() {
3165 global $wgImplicitGroups;
3166 $groups = $wgImplicitGroups;
3167 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3168 return $groups;
3169 }
3170
3171 /**
3172 * Get the title of a page describing a particular group
3173 *
3174 * @param $group \string Internal group name
3175 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3176 */
3177 static function getGroupPage( $group ) {
3178 global $wgMessageCache;
3179 $wgMessageCache->loadAllMessages();
3180 $page = wfMsgForContent( 'grouppage-' . $group );
3181 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3182 $title = Title::newFromText( $page );
3183 if( is_object( $title ) )
3184 return $title;
3185 }
3186 return false;
3187 }
3188
3189 /**
3190 * Create a link to the group in HTML, if available;
3191 * else return the group name.
3192 *
3193 * @param $group \string Internal name of the group
3194 * @param $text \string The text of the link
3195 * @return \string HTML link to the group
3196 */
3197 static function makeGroupLinkHTML( $group, $text = '' ) {
3198 if( $text == '' ) {
3199 $text = self::getGroupName( $group );
3200 }
3201 $title = self::getGroupPage( $group );
3202 if( $title ) {
3203 global $wgUser;
3204 $sk = $wgUser->getSkin();
3205 return $sk->link( $title, htmlspecialchars( $text ) );
3206 } else {
3207 return $text;
3208 }
3209 }
3210
3211 /**
3212 * Create a link to the group in Wikitext, if available;
3213 * else return the group name.
3214 *
3215 * @param $group \string Internal name of the group
3216 * @param $text \string The text of the link
3217 * @return \string Wikilink to the group
3218 */
3219 static function makeGroupLinkWiki( $group, $text = '' ) {
3220 if( $text == '' ) {
3221 $text = self::getGroupName( $group );
3222 }
3223 $title = self::getGroupPage( $group );
3224 if( $title ) {
3225 $page = $title->getPrefixedText();
3226 return "[[$page|$text]]";
3227 } else {
3228 return $text;
3229 }
3230 }
3231
3232 /**
3233 * Returns an array of the groups that a particular group can add/remove.
3234 *
3235 * @param $group String: the group to check for whether it can add/remove
3236 * @return Array array( 'add' => array( addablegroups ),
3237 * 'remove' => array( removablegroups ),
3238 * 'add-self' => array( addablegroups to self),
3239 * 'remove-self' => array( removable groups from self) )
3240 */
3241 static function changeableByGroup( $group ) {
3242 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3243
3244 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3245 if( empty($wgAddGroups[$group]) ) {
3246 // Don't add anything to $groups
3247 } elseif( $wgAddGroups[$group] === true ) {
3248 // You get everything
3249 $groups['add'] = self::getAllGroups();
3250 } elseif( is_array($wgAddGroups[$group]) ) {
3251 $groups['add'] = $wgAddGroups[$group];
3252 }
3253
3254 // Same thing for remove
3255 if( empty($wgRemoveGroups[$group]) ) {
3256 } elseif($wgRemoveGroups[$group] === true ) {
3257 $groups['remove'] = self::getAllGroups();
3258 } elseif( is_array($wgRemoveGroups[$group]) ) {
3259 $groups['remove'] = $wgRemoveGroups[$group];
3260 }
3261
3262 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3263 if( empty($wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3264 foreach($wgGroupsAddToSelf as $key => $value) {
3265 if( is_int($key) ) {
3266 $wgGroupsAddToSelf['user'][] = $value;
3267 }
3268 }
3269 }
3270
3271 if( empty($wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3272 foreach($wgGroupsRemoveFromSelf as $key => $value) {
3273 if( is_int($key) ) {
3274 $wgGroupsRemoveFromSelf['user'][] = $value;
3275 }
3276 }
3277 }
3278
3279 // Now figure out what groups the user can add to him/herself
3280 if( empty($wgGroupsAddToSelf[$group]) ) {
3281 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3282 // No idea WHY this would be used, but it's there
3283 $groups['add-self'] = User::getAllGroups();
3284 } elseif( is_array($wgGroupsAddToSelf[$group]) ) {
3285 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3286 }
3287
3288 if( empty($wgGroupsRemoveFromSelf[$group]) ) {
3289 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3290 $groups['remove-self'] = User::getAllGroups();
3291 } elseif( is_array($wgGroupsRemoveFromSelf[$group]) ) {
3292 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3293 }
3294
3295 return $groups;
3296 }
3297
3298 /**
3299 * Returns an array of groups that this user can add and remove
3300 * @return Array array( 'add' => array( addablegroups ),
3301 * 'remove' => array( removablegroups ),
3302 * 'add-self' => array( addablegroups to self),
3303 * 'remove-self' => array( removable groups from self) )
3304 */
3305 function changeableGroups() {
3306 if( $this->isAllowed( 'userrights' ) ) {
3307 // This group gives the right to modify everything (reverse-
3308 // compatibility with old "userrights lets you change
3309 // everything")
3310 // Using array_merge to make the groups reindexed
3311 $all = array_merge( User::getAllGroups() );
3312 return array(
3313 'add' => $all,
3314 'remove' => $all,
3315 'add-self' => array(),
3316 'remove-self' => array()
3317 );
3318 }
3319
3320 // Okay, it's not so simple, we will have to go through the arrays
3321 $groups = array(
3322 'add' => array(),
3323 'remove' => array(),
3324 'add-self' => array(),
3325 'remove-self' => array() );
3326 $addergroups = $this->getEffectiveGroups();
3327
3328 foreach ($addergroups as $addergroup) {
3329 $groups = array_merge_recursive(
3330 $groups, $this->changeableByGroup($addergroup)
3331 );
3332 $groups['add'] = array_unique( $groups['add'] );
3333 $groups['remove'] = array_unique( $groups['remove'] );
3334 $groups['add-self'] = array_unique( $groups['add-self'] );
3335 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3336 }
3337 return $groups;
3338 }
3339
3340 /**
3341 * Increment the user's edit-count field.
3342 * Will have no effect for anonymous users.
3343 */
3344 function incEditCount() {
3345 if( !$this->isAnon() ) {
3346 $dbw = wfGetDB( DB_MASTER );
3347 $dbw->update( 'user',
3348 array( 'user_editcount=user_editcount+1' ),
3349 array( 'user_id' => $this->getId() ),
3350 __METHOD__ );
3351
3352 // Lazy initialization check...
3353 if( $dbw->affectedRows() == 0 ) {
3354 // Pull from a slave to be less cruel to servers
3355 // Accuracy isn't the point anyway here
3356 $dbr = wfGetDB( DB_SLAVE );
3357 $count = $dbr->selectField( 'revision',
3358 'COUNT(rev_user)',
3359 array( 'rev_user' => $this->getId() ),
3360 __METHOD__ );
3361
3362 // Now here's a goddamn hack...
3363 if( $dbr !== $dbw ) {
3364 // If we actually have a slave server, the count is
3365 // at least one behind because the current transaction
3366 // has not been committed and replicated.
3367 $count++;
3368 } else {
3369 // But if DB_SLAVE is selecting the master, then the
3370 // count we just read includes the revision that was
3371 // just added in the working transaction.
3372 }
3373
3374 $dbw->update( 'user',
3375 array( 'user_editcount' => $count ),
3376 array( 'user_id' => $this->getId() ),
3377 __METHOD__ );
3378 }
3379 }
3380 // edit count in user cache too
3381 $this->invalidateCache();
3382 }
3383
3384 /**
3385 * Get the description of a given right
3386 *
3387 * @param $right \string Right to query
3388 * @return \string Localized description of the right
3389 */
3390 static function getRightDescription( $right ) {
3391 global $wgMessageCache;
3392 $wgMessageCache->loadAllMessages();
3393 $key = "right-$right";
3394 $name = wfMsg( $key );
3395 return $name == '' || wfEmptyMsg( $key, $name )
3396 ? $right
3397 : $name;
3398 }
3399
3400 /**
3401 * Make an old-style password hash
3402 *
3403 * @param $password \string Plain-text password
3404 * @param $userId \string User ID
3405 * @return \string Password hash
3406 */
3407 static function oldCrypt( $password, $userId ) {
3408 global $wgPasswordSalt;
3409 if ( $wgPasswordSalt ) {
3410 return md5( $userId . '-' . md5( $password ) );
3411 } else {
3412 return md5( $password );
3413 }
3414 }
3415
3416 /**
3417 * Make a new-style password hash
3418 *
3419 * @param $password \string Plain-text password
3420 * @param $salt \string Optional salt, may be random or the user ID.
3421 * If unspecified or false, will generate one automatically
3422 * @return \string Password hash
3423 */
3424 static function crypt( $password, $salt = false ) {
3425 global $wgPasswordSalt;
3426
3427 $hash = '';
3428 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3429 return $hash;
3430 }
3431
3432 if( $wgPasswordSalt ) {
3433 if ( $salt === false ) {
3434 $salt = substr( wfGenerateToken(), 0, 8 );
3435 }
3436 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3437 } else {
3438 return ':A:' . md5( $password );
3439 }
3440 }
3441
3442 /**
3443 * Compare a password hash with a plain-text password. Requires the user
3444 * ID if there's a chance that the hash is an old-style hash.
3445 *
3446 * @param $hash \string Password hash
3447 * @param $password \string Plain-text password to compare
3448 * @param $userId \string User ID for old-style password salt
3449 * @return \bool
3450 */
3451 static function comparePasswords( $hash, $password, $userId = false ) {
3452 $m = false;
3453 $type = substr( $hash, 0, 3 );
3454
3455 $result = false;
3456 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3457 return $result;
3458 }
3459
3460 if ( $type == ':A:' ) {
3461 # Unsalted
3462 return md5( $password ) === substr( $hash, 3 );
3463 } elseif ( $type == ':B:' ) {
3464 # Salted
3465 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3466 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3467 } else {
3468 # Old-style
3469 return self::oldCrypt( $password, $userId ) === $hash;
3470 }
3471 }
3472
3473 /**
3474 * Add a newuser log entry for this user
3475 * @param $byEmail Boolean: account made by email?
3476 */
3477 public function addNewUserLogEntry( $byEmail = false ) {
3478 global $wgUser, $wgContLang, $wgNewUserLog;
3479 if( empty($wgNewUserLog) ) {
3480 return true; // disabled
3481 }
3482 $talk = $wgContLang->getFormattedNsText( NS_TALK );
3483 if( $this->getName() == $wgUser->getName() ) {
3484 $action = 'create';
3485 $message = '';
3486 } else {
3487 $action = 'create2';
3488 $message = $byEmail ? wfMsgForContent( 'newuserlog-byemail' ) : '';
3489 }
3490 $log = new LogPage( 'newusers' );
3491 $log->addEntry( $action, $this->getUserPage(), $message, array( $this->getId() ) );
3492 return true;
3493 }
3494
3495 /**
3496 * Add an autocreate newuser log entry for this user
3497 * Used by things like CentralAuth and perhaps other authplugins.
3498 */
3499 public function addNewUserLogEntryAutoCreate() {
3500 global $wgNewUserLog;
3501 if( empty($wgNewUserLog) ) {
3502 return true; // disabled
3503 }
3504 $log = new LogPage( 'newusers', false );
3505 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3506 return true;
3507 }
3508
3509 protected function loadOptions() {
3510 $this->load();
3511 if ($this->mOptionsLoaded || !$this->getId() )
3512 return;
3513
3514 $this->mOptions = self::getDefaultOptions();
3515
3516 // Maybe load from the object
3517
3518 if ( !is_null($this->mOptionOverrides) ) {
3519 wfDebug( "Loading options for user ".$this->getId()." from override cache.\n" );
3520 foreach( $this->mOptionOverrides as $key => $value ) {
3521 $this->mOptions[$key] = $value;
3522 }
3523 } else {
3524 wfDebug( "Loading options for user ".$this->getId()." from database.\n" );
3525 // Load from database
3526 $dbr = wfGetDB( DB_SLAVE );
3527
3528 $res = $dbr->select( 'user_properties',
3529 '*',
3530 array('up_user' => $this->getId()),
3531 __METHOD__
3532 );
3533
3534 while( $row = $dbr->fetchObject( $res ) ) {
3535 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3536 $this->mOptions[$row->up_property] = $row->up_value;
3537 }
3538 }
3539
3540 $this->mOptionsLoaded = true;
3541
3542 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3543 }
3544
3545 protected function saveOptions() {
3546 $this->loadOptions();
3547 $dbw = wfGetDB( DB_MASTER );
3548
3549 $insert_rows = array();
3550
3551 $saveOptions = $this->mOptions;
3552
3553 // Allow hooks to abort, for instance to save to a global profile.
3554 // Reset options to default state before saving.
3555 if (!wfRunHooks( 'UserSaveOptions', array($this, &$saveOptions) ) )
3556 return;
3557
3558 foreach( $saveOptions as $key => $value ) {
3559 if ( ( is_null(self::getDefaultOption($key)) &&
3560 !( $value === false || is_null($value) ) ) ||
3561 $value != self::getDefaultOption( $key ) ) {
3562 $insert_rows[] = array(
3563 'up_user' => $this->getId(),
3564 'up_property' => $key,
3565 'up_value' => $value,
3566 );
3567 }
3568 }
3569
3570 $dbw->begin();
3571 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3572 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3573 $dbw->commit();
3574 }
3575
3576 }
MediaWiki Core