| blob | 06515cf72db9e127fcd22327c91ec5de0814f1f3 |
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
7 /**
8 * Int Number of characters in user_token field.
9 * @ingroup Constants
10 */
13 /**
14 * Int Serialized record version.
15 * @ingroup Constants
16 */
19 /**
20 * String Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
30 // NOP
31 }
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
44 /**
45 * Global constants made accessible as class constants so that autoloader
46 * magic can be used.
47 */
52 /**
53 * Array of Strings List of member variables which are saved to the
54 * shared cache (memcached). Any operation which changes the
55 * corresponding database fields must call a cache-clearing function.
56 * @showinitializer
57 */
59 // user table
74 // user_group table
76 // user_properties table
78 );
80 /**
81 * Array of Strings Core rights.
82 * Each of these should have a corresponding message of the form
83 * "right-$right".
84 * @showinitializer
85 */
144 );
145 /**
146 * String Cached results of getAllRights()
147 */
150 /** @name Cache variables */
151 //@{
155 //@}
157 /**
158 * Bool Whether the cache variables have been loaded.
159 */
162 /**
163 * String Initialization data source if mDataLoaded==false. May be one of:
164 * - 'defaults' anonymous user initialised from class defaults
165 * - 'name' initialise from mName
166 * - 'id' initialise from mId
167 * - 'session' log in from cookies or session if possible
168 *
169 * Use the User::newFrom*() family of functions to set this.
170 */
173 /**
174 * Lazy-initialized variables, invalidated with clearInstanceCache
175 */
180 /**
181 * @var Skin
182 */
185 /**
186 * @var Block
187 */
192 /**
193 * Lightweight constructor for an anonymous user.
194 * Use the User::newFrom* factory functions for other kinds of users.
195 *
196 * @see newFromName()
197 * @see newFromId()
198 * @see newFromConfirmationCode()
199 * @see newFromSession()
200 * @see newFromRow()
201 */
204 }
208 }
210 /**
211 * Load the user table data for this object from the source given by mFrom.
212 */
216 }
219 # Set it now to avoid infinite recursion in accessors
229 # Nonexistent user placeholder object
233 }
244 }
246 }
248 /**
249 * Load user table data, given mId has already been set.
250 * @return Bool false if the ID does not exist, true otherwise
251 * @private
252 */
258 }
260 # Try cache
264 # Object is expired, load from DB
266 }
270 # Load from DB
272 # Can't load from ID, user is anonymous
274 }
278 # Restore from cache
281 }
282 }
284 }
286 /**
287 * Save user data to the shared cache
288 */
294 // Anonymous users are uncached
296 }
300 }
305 }
308 /** @name newFrom*() static factory methods */
309 //@{
311 /**
312 * Static factory method for creation from username.
313 *
314 * This is slightly less efficient than newFromId(), so use newFromId() if
315 * you have both an ID and a name handy.
316 *
317 * @param $name String Username, validated by Title::newFromText()
318 * @param $validate String|Bool Validate username. Takes the same parameters as
319 * User::getCanonicalName(), except that true is accepted as an alias
320 * for 'valid', for BC.
321 *
322 * @return User object, or false if the username is invalid
323 * (e.g. if it contains illegal characters or is an IP address). If the
324 * username is not present in the database, the result will be a user object
325 * with a name, zero user ID and default settings.
326 */
330 }
335 # Create unloaded user object
340 }
341 }
343 /**
344 * Static factory method for creation from a given user ID.
345 *
346 * @param $id Int Valid user ID
347 * @return User The corresponding User object
348 */
354 }
356 /**
357 * Factory method to fetch whichever user has a given email confirmation code.
358 * This code is generated when an account is created or its e-mail address
359 * has changed.
360 *
361 * If the code is invalid or has expired, returns NULL.
362 *
363 * @param $code String Confirmation code
364 * @return User
365 */
371 ) );
376 }
377 }
379 /**
380 * Create a new user object using data from session or cookies. If the
381 * login credentials are invalid, the result is an anonymous user.
382 *
383 * @return User
384 */
389 }
391 /**
392 * Create a new user object from a user row.
393 * The row should have all fields from the user table in it.
394 * @param $row Array A row from the user table
395 * @return User
396 */
401 }
403 //@}
406 /**
407 * Get the username corresponding to a given user ID
408 * @param $id Int User ID
409 * @return String The corresponding username
410 */
414 }
416 /**
417 * Get the real name of a user given their user ID
418 *
419 * @param $id Int User ID
420 * @return String The corresponding user's real name
421 */
425 }
427 /**
428 * Get database id given a user name
429 * @param $name String Username
430 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
431 */
435 # Illegal name
437 }
441 }
444 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
450 }
456 }
459 }
461 /**
462 * Reset the cache used in idFromName(). For use in tests.
463 */
466 }
468 /**
469 * Does the string match an anonymous IPv4 address?
470 *
471 * This function exists for username validation, in order to reject
472 * usernames which are similar in form to IP addresses. Strings such
473 * as 300.300.300.300 will return true because it looks like an IP
474 * address, despite not being strictly valid.
475 *
476 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
477 * address because the usemod software would "cloak" anonymous IP
478 * addresses like this, if we allowed accounts like this to be created
479 * new users could get the old edits of these anonymous users.
480 *
481 * @param $name String to match
482 * @return Bool
483 */
486 }
488 /**
489 * Is the input a valid username?
490 *
491 * Checks if the input is a valid username, we don't want an empty string,
492 * an IP address, anything that containins slashes (would mess up subpages),
493 * is longer than the maximum allowed username size or doesn't begin with
494 * a capital letter.
495 *
496 * @param $name String to match
497 * @return Bool
498 */
510 }
512 // Ensure that the name can't be misresolved as a different title,
513 // such as with extra namespace keys at the start.
521 }
523 // Check an additional blacklist of troublemaker characters.
524 // Should these be merged into the title char list?
537 }
540 }
542 /**
543 * Usernames which fail to pass this function will be blocked
544 * from user login and new account registrations, but may be used
545 * internally by batch processes.
546 *
547 * If an account already exists in this form, login will be blocked
548 * by a failure to pass this function.
549 *
550 * @param $name String to match
551 * @return Bool
552 */
555 // Must be a valid username, obviously ;)
558 }
564 }
566 // Certain names may be reserved for batch processes.
570 }
573 }
574 }
576 }
578 /**
579 * Usernames which fail to pass this function will be blocked
580 * from new account registrations, but may be used internally
581 * either by batch processes or by user accounts which have
582 * already been created.
583 *
584 * Additional blacklisting may be added here rather than in
585 * isValidUserName() to avoid disrupting existing accounts.
586 *
587 * @param $name String to match
588 * @return Bool
589 */
593 // Ensure that the username isn't longer than 235 bytes, so that
594 // (at least for the builtin skins) user javascript and css files
595 // will work. (bug 23080)
600 }
602 // Preg yells if you try to give it an empty string
608 }
609 }
612 }
614 /**
615 * Is the input a valid password for this user?
616 *
617 * @param $password String Desired password
618 * @return Bool
619 */
621 //simple boolean wrapper for getPasswordValidity
623 }
625 /**
626 * Given unvalidated password input, return error message on failure.
627 *
628 * @param $password String Desired password
629 * @return mixed: true on success, string or array of error message on failure
630 */
637 );
649 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
652 //it seems weird returning true here, but this is because of the
653 //initialization of $result to false above. If the hook is never run or it
654 //doesn't modify $result, then we will likely get down into this if with
655 //a valid password.
657 }
662 }
663 }
665 /**
666 * Does a string look like an e-mail address?
667 *
668 * This validates an email address using an HTML5 specification found at:
669 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
670 * Which as of 2011-01-24 says:
671 *
672 * A valid e-mail address is a string that matches the ABNF production
673 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
674 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
675 * 3.5.
676 *
677 * This function is an implementation of the specification as requested in
678 * bug 22449.
679 *
680 * Client-side forms will use the same standard validation rules via JS or
681 * HTML 5 validation; additional restrictions can be enforced server-side
682 * by extensions via the 'isValidEmailAddr' hook.
683 *
684 * Note that this validation doesn't 100% match RFC 2822, but is believed
685 * to be liberal enough for wide use. Some invalid addresses will still
686 * pass validation here.
687 *
688 * @param $addr String E-mail address
689 * @return Bool
690 */
695 }
697 // Please note strings below are enclosed in brackets [], this make the
698 // hyphen "-" a range indicator. Hence it is double backslashed below.
699 // See bug 26948
704 ^ # start of string
706 @ # 'apostrophe'
709 $ # End of string
713 }
715 /**
716 * Given unvalidated user input, return a canonical username, or false if
717 * the username is invalid.
718 * @param $name String User input
719 * @param $validate String|Bool type of validation to use:
720 * - false No validation
721 * - 'valid' Valid for batch processes
722 * - 'usable' Valid for batch processes and login
723 * - 'creatable' Valid for batch processes, login and account creation
724 */
726 # Force usernames to capital
730 # Reject names containing '#'; these will be cleaned up
731 # with title normalisation, but then it's too late to
732 # check elsewhere
736 # Clean up name according to title rules
739 # Check for invalid titles
742 }
744 # Reject various classes of invalid names
754 }
759 }
764 }
768 }
770 }
772 /**
773 * Count the number of edits of a user
774 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
775 *
776 * @param $uid Int User ID to check
777 * @return Int the user's edit count
778 */
782 // check if the user_editcount field has been initialized
786 __METHOD__
787 );
794 __METHOD__
795 );
800 __METHOD__
801 );
804 }
807 }
809 /**
810 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
811 * @todo hash random numbers to improve security, like generateToken()
812 *
813 * @return String new random password
814 */
825 }
827 }
829 /**
830 * Set cached properties to default.
831 *
832 * @note This no longer clears uncached lazy-initialised properties;
833 * the constructor does that instead.
834 * @private
835 */
854 }
866 }
868 /**
869 * Load user data from the session or login cookie. If there are no valid
870 * credentials, initialises the user as an anonymous user.
871 * @return Bool True if the user is logged in, false otherwise.
872 */
880 }
885 # TODO: Automatically create the user here (or probably a bit
886 # lower down, in fact)
887 }
888 }
900 }
907 }
917 }
921 # Not a valid ID, loadFromId has switched the object to anon for us
923 }
927 # User blocked and we've disabled blocked user logins
930 }
939 # No session or persistent login cookie
942 }
949 # Invalid credentials
953 }
954 }
956 /**
957 * Load user and user_group data from the database.
958 * $this::mId must be set, this is how the user is identified.
959 *
960 * @return Bool True if the user exists, false if the user is anonymous
961 * @private
962 */
964 # Paranoia
967 /** Anonymous user */
971 }
979 # Initialise user table data
985 # Invalid user_id
989 }
990 }
992 /**
993 * Initialize this object from a row from the user table.
994 *
995 * @param $row Array Row from the user table to load.
996 */
1002 }
1017 }
1019 /**
1020 * Load the groups from the database if they aren't already loaded.
1021 * @private
1022 */
1029 __METHOD__ );
1033 }
1034 }
1035 }
1037 /**
1038 * Clear various cached data stored in this object.
1039 * @param $reloadFrom String Reload user and user_groups table data from a
1040 * given source. May be "name", "id", "defaults", "session", or false for
1041 * no reload.
1042 */
1056 }
1057 }
1059 /**
1060 * Combine the language default options with any site-specific options
1061 * and add the default language variants.
1062 *
1063 * @return Array of String options
1064 */
1067 /**
1068 * Site defaults will override the global/language defaults
1069 */
1073 /**
1074 * default language setting
1075 */
1081 }
1085 }
1087 /**
1088 * Get a given default option value.
1089 *
1090 * @param $opt String Name of option to retrieve
1091 * @return String Default option value
1092 */
1099 }
1100 }
1103 /**
1104 * Get blocking information
1105 * @private
1106 * @param $bFromSlave Bool Whether to check the slave database first. To
1107 * improve performance, non-critical checks are done
1108 * against slaves. Check when actually saving should be
1109 * done against master.
1110 */
1116 }
1121 // Initialize data...
1122 // Otherwise something ends up stomping on $this->mBlockedby when
1123 // things get lazy-loaded later, causing false positive block hits
1124 // due to -1 !== 0. Probably session-related... Nothing should be
1125 // overwriting mBlockedby, surely?
1132 # We only need to worry about passing the IP address to the Block generator if the
1133 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1134 # know which IP address they're actually coming from
1139 }
1141 # User/IP blocking
1151 }
1152 }
1154 # Proxy blocking
1156 # Local list
1160 }
1162 # DNSBL
1167 }
1168 }
1169 }
1171 # Extensions
1175 }
1177 /**
1178 * Whether the given IP is in a DNS blacklist.
1179 *
1180 * @param $ip String IP to check
1181 * @param $checkWhitelist Bool: whether to check the whitelist first
1182 * @return Bool True if blacklisted.
1183 */
1196 }
1198 /**
1199 * Whether the given IP is in a given DNS blacklist.
1200 *
1201 * @param $ip String IP to check
1202 * @param $bases String|Array of Strings: URL of the DNS blacklist
1203 * @return Bool True if blacklisted.
1204 */
1209 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1211 # Reverse IP, bug 21255
1215 # Make hostname
1218 # Send query
1227 }
1228 }
1229 }
1233 }
1235 /**
1236 * Is this user subject to rate limiting?
1237 *
1238 * @return Bool True if rate limited
1239 */
1244 // Deprecated, but kept for backwards-compatibility config
1246 }
1248 // No other good way currently to disable rate limits
1249 // for specific IPs. :P
1250 // But this is a crappy hack and should die.
1252 }
1254 }
1256 /**
1257 * Primitive rate limits: enforce maximum actions per time period
1258 * to put a brake on flooding.
1259 *
1260 * @note When using a shared cache like memcached, IP-address
1261 * last-hit counters will be shared across wikis.
1262 *
1263 * @param $action String Action to enforce; 'edit' if unspecified
1264 * @return Bool True if a rate limiter was tripped
1265 */
1267 # Call the 'PingLimiter' hook
1271 }
1276 }
1278 # Some groups shouldn't trigger the ping limiter, ever
1293 }
1297 }
1301 }
1304 }
1309 }
1310 }
1311 // Check for group-specific permissions
1312 // If more than one group applies, use the group with the highest limit
1317 }
1318 }
1319 }
1320 // Set the user limit key
1324 }
1331 // Already pinged?
1336 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1337 }
1341 }
1345 }
1347 }
1351 }
1353 /**
1354 * Check if user is blocked
1355 *
1356 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1357 * @return Bool True if blocked, false otherwise
1358 */
1362 }
1364 /**
1365 * Check if user is blocked from editing a particular article
1366 *
1367 * @param $title Title to check
1368 * @param $bFromSlave Bool whether to check the slave database instead of the master
1369 * @return Bool
1370 */
1377 # If a user's name is suppressed, they cannot make edits anywhere
1382 }
1388 }
1390 /**
1391 * If user is blocked, return the name of the user who placed the block
1392 * @return String name of blocker
1393 */
1397 }
1399 /**
1400 * If user is blocked, return the specified reason for the block
1401 * @return String Blocking reason
1402 */
1406 }
1408 /**
1409 * If user is blocked, return the ID for the block
1410 * @return Int Block ID
1411 */
1415 }
1417 /**
1418 * Check if user is blocked on all wikis.
1419 * Do not use for actual edit permission checks!
1420 * This is intented for quick UI checks.
1421 *
1422 * @param $ip String IP address, uses current client if none given
1423 * @return Bool True if blocked, false otherwise
1424 */
1428 }
1429 // User is already an IP?
1434 }
1439 }
1441 /**
1442 * Check if user account is locked
1443 *
1444 * @return Bool True if locked, false otherwise
1445 */
1449 }
1454 }
1456 /**
1457 * Check if user account is hidden
1458 *
1459 * @return Bool True if hidden, false otherwise
1460 */
1464 }
1470 }
1472 }
1474 /**
1475 * Get the user's ID.
1476 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1477 */
1481 // Special case, we know the user is anonymous
1484 // Don't load if this was initialized from an ID
1486 }
1488 }
1490 /**
1491 * Set the user and reload all fields according to a given ID
1492 * @param $v Int User ID to reload
1493 */
1497 }
1499 /**
1500 * Get the user name, or the IP of an anonymous user
1501 * @return String User's name or IP address
1502 */
1505 # Special case optimisation
1510 # Clean up IPs
1512 }
1514 }
1515 }
1517 /**
1518 * Set the user name.
1519 *
1520 * This does not reload fields from the database according to the given
1521 * name. Rather, it is used to create a temporary "nonexistent user" for
1522 * later addition to the database. It can also be used to set the IP
1523 * address for an anonymous user to something other than the current
1524 * remote IP.
1525 *
1526 * @note User::newFromName() has rougly the same function, when the named user
1527 * does not exist.
1528 * @param $str String New user name to set
1529 */
1533 }
1535 /**
1536 * Get the user's name escaped by underscores.
1537 * @return String Username escaped by underscores.
1538 */
1541 }
1543 /**
1544 * Check if the user has new messages.
1545 * @return Bool True if the user has new messages
1546 */
1550 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1554 # Check memcached separately for anons, who have no
1555 # entire User object stored in there.
1563 // Since we are caching this, make sure it is up to date by getting it
1564 // from the master
1567 }
1570 }
1571 }
1574 }
1576 /**
1577 * Return the talk page(s) this user has new messages on.
1578 * @return Array of String page URLs
1579 */
1590 }
1592 /**
1593 * Internal uncached check for new messages
1594 *
1595 * @see getNewtalk()
1596 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1597 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1598 * @param $fromMaster Bool true to fetch from the master, false for a slave
1599 * @return Bool True if the user has new messages
1600 * @private
1601 */
1607 }
1611 }
1613 /**
1614 * Add or update the new messages flag
1615 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1616 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1617 * @return Bool True if successful, false otherwise
1618 * @private
1619 */
1624 __METHOD__,
1632 }
1633 }
1635 /**
1636 * Clear the new messages flag for the given user
1637 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1638 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1639 * @return Bool True if successful, false otherwise
1640 * @private
1641 */
1646 __METHOD__ );
1653 }
1654 }
1656 /**
1657 * Update the 'You have new messages!' status.
1658 * @param $val Bool Whether the user has new messages
1659 */
1663 }
1674 }
1681 }
1684 // Anons have a separate memcached space, since
1685 // user records aren't kept for them.
1688 }
1691 }
1692 }
1694 /**
1695 * Generate a current or new-future timestamp to be stored in the
1696 * user_touched field when we update things.
1697 * @return String Timestamp in TS_MW format
1698 */
1702 }
1704 /**
1705 * Clear user data from memcached.
1706 * Use after applying fun updates to the database; caller's
1707 * responsibility to update user_touched if appropriate.
1708 *
1709 * Called implicitly from invalidateCache() and saveSettings().
1710 */
1716 }
1717 }
1719 /**
1720 * Immediately touch the user data cache for this account.
1721 * Updates user_touched field, and removes account data from memcached
1722 * for reload on the next hit.
1723 */
1727 }
1736 __METHOD__ );
1739 }
1740 }
1742 /**
1743 * Validate the cache for this account.
1744 * @param $timestamp String A timestamp in TS_MW format
1745 */
1749 }
1751 /**
1752 * Get the user touched timestamp
1753 * @return String timestamp
1754 */
1758 }
1760 /**
1761 * Set the password and reset the random token.
1762 * Calls through to authentication plugin if necessary;
1763 * will have no effect if the auth plugin refuses to
1764 * pass the change through or if the legal password
1765 * checks fail.
1766 *
1767 * As a special case, setting the password to null
1768 * wipes it, so the account cannot be logged in until
1769 * a new password is set, for instance via e-mail.
1770 *
1771 * @param $str String New password to set
1772 * @throws PasswordError on failure
1773 */
1780 }
1791 }
1793 }
1794 }
1798 }
1803 }
1805 /**
1806 * Set the password and reset the random token unconditionally.
1807 *
1808 * @param $str String New password to set
1809 */
1815 // Save an invalid hash...
1819 }
1822 }
1824 /**
1825 * Get the user's current token.
1826 * @return String Token
1827 */
1831 }
1833 /**
1834 * Set the random token (used for persistent authentication)
1835 * Called from loadDefaults() among other places.
1836 *
1837 * @param $token String If specified, set the token to this value
1838 * @private
1839 */
1850 }
1854 }
1855 }
1857 /**
1858 * Set the cookie password
1859 *
1860 * @param $str String New cookie password
1861 * @private
1862 */
1866 }
1868 /**
1869 * Set the password for a password reminder or new account email
1870 *
1871 * @param $str String New password to set
1872 * @param $throttle Bool If true, reset the throttle timestamp to the present
1873 */
1879 }
1880 }
1882 /**
1883 * Has password reminder email been sent within the last
1884 * $wgPasswordReminderResendTime hours?
1885 * @return Bool
1886 */
1892 }
1895 }
1897 /**
1898 * Get the user's e-mail address
1899 * @return String User's email address
1900 */
1905 }
1907 /**
1908 * Get the timestamp of the user's e-mail authentication
1909 * @return String TS_MW timestamp
1910 */
1913 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1915 }
1917 /**
1918 * Set the user's e-mail address
1919 * @param $str String New e-mail address
1920 */
1925 }
1927 /**
1928 * Get the user's real name
1929 * @return String User's real name
1930 */
1934 }
1936 /**
1937 * Set the user's real name
1938 * @param $str String New real name
1939 */
1943 }
1945 /**
1946 * Get the user's current setting for a given option.
1947 *
1948 * @param $oname String The option to check
1949 * @param $defaultOverride String A default value returned if the option does not exist
1950 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
1951 * @return String User's current value for the option
1952 * @see getBoolOption()
1953 * @see getIntOption()
1954 */
1962 }
1964 }
1966 # We want 'disabled' preferences to always behave as the default value for
1967 # users, even if they have set the option explicitly in their settings (ie they
1968 # set it, and then it was disabled removing their ability to change it). But
1969 # we don't want to erase the preferences in the database in case the preference
1970 # is re-enabled again. So don't touch $mOptions, just override the returned value
1973 }
1979 }
1980 }
1982 /**
1983 * Get all user's options
1984 *
1985 * @return array
1986 */
1992 # We want 'disabled' preferences to always behave as the default value for
1993 # users, even if they have set the option explicitly in their settings (ie they
1994 # set it, and then it was disabled removing their ability to change it). But
1995 # we don't want to erase the preferences in the database in case the preference
1996 # is re-enabled again. So don't touch $mOptions, just override the returned value
2001 }
2002 }
2005 }
2007 /**
2008 * Get the user's current setting for a given option, as a boolean value.
2009 *
2010 * @param $oname String The option to check
2011 * @return Bool User's current value for the option
2012 * @see getOption()
2013 */
2016 }
2019 /**
2020 * Get the user's current setting for a given option, as a boolean value.
2021 *
2022 * @param $oname String The option to check
2023 * @param $defaultOverride Int A default value returned if the option does not exist
2024 * @return Int User's current value for the option
2025 * @see getOption()
2026 */
2031 }
2033 }
2035 /**
2036 * Set the given option for a user.
2037 *
2038 * @param $oname String The option to set
2039 * @param $val mixed New value to set
2040 */
2046 # Clear cached skin, so the new one displays immediately in Special:Preferences
2048 }
2050 // Explicitly NULL values should refer to defaults
2054 }
2057 }
2059 /**
2060 * Reset all options to the site defaults
2061 */
2064 }
2066 /**
2067 * Get the user's preferred date format.
2068 * @return String User's preferred date format
2069 */
2071 // Important migration for old data rows
2078 }
2080 }
2082 }
2084 /**
2085 * Get the user preferred stub threshold
2086 */
2091 # If they have set an impossible value, disable the preference
2092 # so we can use the parser cache again.
2094 }
2096 }
2098 /**
2099 * Get the permissions this user has.
2100 * @return Array of String permission names
2101 */
2106 // Force reindexation of rights when a hook has unset one of them
2108 }
2110 }
2112 /**
2113 * Get the list of explicit group memberships this user has.
2114 * The implicit * and user groups are not included.
2115 * @return Array of String internal group names
2116 */
2120 }
2122 /**
2123 * Get the list of implicit group memberships this user has.
2124 * This includes all explicit groups, plus 'user' if logged in,
2125 * '*' for all accounts, and autopromoted groups
2126 * @param $recache Bool Whether to avoid the cache
2127 * @return Array of String internal group names
2128 */
2140 ) );
2142 # Hook for additional groups
2144 }
2146 }
2148 }
2150 /**
2151 * Get the user's edit count.
2152 * @return Int
2153 */
2157 /* Populate the count, if it has not been populated yet */
2159 }
2162 /* nil */
2164 }
2165 }
2167 /**
2168 * Add the user to the given group.
2169 * This takes immediate effect.
2170 * @param $group String Name of the group to add
2171 */
2180 ),
2181 __METHOD__,
2183 }
2184 }
2190 }
2192 /**
2193 * Remove the user from the given group.
2194 * This takes immediate effect.
2195 * @param $group String Name of the group to remove
2196 */
2206 }
2212 }
2214 /**
2215 * Get whether the user is logged in
2216 * @return Bool
2217 */
2220 }
2222 /**
2223 * Get whether the user is anonymous
2224 * @return Bool
2225 */
2228 }
2230 /**
2231 * Check if user is allowed to access a feature / make an action
2232 * @param varargs String permissions to test
2233 * @return Boolean: True if user is allowed to perform *any* of the given actions
2234 */
2240 }
2241 }
2243 }
2245 /**
2246 * @param varargs String
2247 * @return bool True if the user is allowed to perform *all* of the given actions
2248 */
2254 }
2255 }
2257 }
2259 /**
2260 * Internal mechanics of testing a permission
2261 * @param $action String
2262 * @return bool
2263 */
2267 }
2268 # Patrolling may not be enabled
2273 }
2274 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2275 # by misconfiguration: 0 == 'foo'
2277 }
2279 /**
2280 * Check whether to enable recent changes patrol features for this user
2281 * @return Boolean: True or false
2282 */
2286 }
2288 /**
2289 * Check whether to enable new pages patrol features for this user
2290 * @return Bool True or false
2291 */
2294 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2295 }
2297 /**
2298 * Get the current skin, loading it if required, and setting a title
2299 * @param $t Title: the title to use in the skin
2300 * @return Skin The current skin
2301 * @todo: FIXME : need to check the old failback system [AV]
2302 */
2308 }
2315 }
2316 }
2318 // Creates a Skin object, for getSkin()
2325 # get the user skin
2329 # if we're not allowing users to override, then use the default
2332 }
2338 }
2340 /**
2341 * Check the watched status of an article.
2342 * @param $title Title of the article to look at
2343 * @return Bool
2344 */
2348 }
2350 /**
2351 * Watch an article.
2352 * @param $title Title of the article to look at
2353 */
2358 }
2360 /**
2361 * Stop watching an article.
2362 * @param $title Title of the article to look at
2363 */
2368 }
2370 /**
2371 * Clear the user's notification timestamp for the given title.
2372 * If e-notif e-mails are on, they will receive notification mails on
2373 * the next change of the page if it's watched etc.
2374 * @param $title Title of the article to look at
2375 */
2379 # Do nothing if the database is locked to writes
2382 }
2389 }
2393 }
2396 // Nothing else to do...
2398 }
2400 // Only update the timestamp if the page is being watched.
2401 // The query to find out if it is watched is cached both in memcached and per-invocation,
2402 // and when it does have to be executed, it can be on a slave
2403 // If this is the user's newtalk page, we always update the timestamp
2406 {
2412 }
2414 // If the page is watched by the user (or may be watched), update the timestamp on any
2415 // any matching rows
2425 ), __METHOD__
2426 );
2427 }
2428 }
2430 /**
2431 * Resets all of the given user's page-change notification timestamps.
2432 * If e-notif e-mails are on, they will receive notification mails on
2433 * the next change of any watched page.
2434 *
2435 * @param $currentUser Int User ID
2436 */
2442 }
2450 ), __METHOD__
2451 );
2452 # We also need to clear here the "you have new message" notification for the own user_talk page
2453 # This is cleared one page view later in Article::viewUpdates();
2454 }
2455 }
2457 /**
2458 * Set this user's options from an encoded string
2459 * @param $str String Encoded options to import
2460 * @private
2461 */
2469 // If an option is not set in $str, use the default value
2478 }
2479 }
2480 }
2482 /**
2483 * Set a cookie on the user's client. Wrapper for
2484 * WebResponse::setCookie
2485 * @param $name String Name of the cookie to set
2486 * @param $value String Value to set
2487 * @param $exp Int Expiration time, as a UNIX time value;
2488 * if 0 or not specified, use the default $wgCookieExpiration
2489 */
2493 }
2495 /**
2496 * Clear a cookie on the user's client
2497 * @param $name String Name of the cookie to clear
2498 */
2501 }
2503 /**
2504 * Set the default cookies for this session on the user's client.
2505 *
2506 * @param $request WebRequest object to use; $wgRequest will be used if null
2507 * is passed.
2508 */
2513 }
2521 );
2525 );
2530 }
2536 }
2542 }
2543 }
2544 }
2546 /**
2547 * Log this user out.
2548 */
2552 }
2553 }
2555 /**
2556 * Clear the user's cookies and session, and reset the instance cache.
2557 * @private
2558 * @see logout()
2559 */
2570 # Remember when user logged out, to prevent seeing cached pages
2572 }
2574 /**
2575 * Save this user's settings into the database.
2576 * @todo Only rarely do all these fields need to be set!
2577 */
2602 ), __METHOD__
2603 );
2610 }
2612 /**
2613 * If only this user's username is known, and it exists, return the user ID.
2614 * @return Int
2615 */
2624 }
2626 }
2628 /**
2629 * Add a user to the database, return the user object
2630 *
2631 * @param $name String Username to add
2632 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2633 * - password The user's password hash. Password logins will be disabled if this is omitted.
2634 * - newpassword Hash for a temporary password that has been mailed to the user
2635 * - email The user's email address
2636 * - email_authenticated The email authentication timestamp
2637 * - real_name The user's real name
2638 * - options An associative array of non-default options
2639 * - token Random authentication token. Do not set.
2640 * - registration Registration timestamp. Do not set.
2641 *
2642 * @return User object, or null if the username already exists
2643 */
2650 }
2667 );
2670 }
2676 }
2678 }
2680 /**
2681 * Add this existing user object to the database
2682 */
2701 ), __METHOD__
2702 );
2705 // Clear instance cache other than user table data, which is already accurate
2709 }
2711 /**
2712 * If this (non-anonymous) user is blocked, block any IP address
2713 * they've successfully logged in from.
2714 */
2720 }
2725 }
2728 }
2730 /**
2731 * Generate a string which will be different for any combination of
2732 * user options which would produce different parser output.
2733 * This will be used as part of the hash key for the parser cache,
2734 * so users with the same options can share the same cached data
2735 * safely.
2736 *
2737 * Extensions which require it should install 'PageRenderingHash' hook,
2738 * which will give them a chance to modify this key based on their own
2739 * settings.
2740 *
2741 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2742 * @return String Page rendering hash
2743 */
2748 }
2751 // stubthreshold is only included below for completeness,
2752 // since it disables the parser cache, its value will always
2753 // be 0 when this function is called by parsercache.
2759 }
2763 // add in language specific options, if any
2767 // Since the skin could be overloading link(), it should be
2768 // included here but in practice, none of our skins do that.
2772 // Give a chance for extensions to modify the hash, if they have
2773 // extra options or other effects on the parser cache.
2776 // Make it a valid memcached key fragment
2780 }
2782 /**
2783 * Get whether the user is explicitly blocked from account creation.
2784 * @return Bool|Block
2785 */
2790 }
2792 # bug 13611: if the IP address the user is trying to create an account from is
2793 # blocked with createaccount disabled, prevent new account creation there even
2794 # when the user is logged in
2798 }
2800 ? $accBlock
2802 }
2804 /**
2805 * Get whether the user is blocked from using Special:Emailuser.
2806 * @return Bool
2807 */
2811 }
2813 /**
2814 * Get whether the user is allowed to create an account.
2815 * @return Bool
2816 */
2819 }
2821 /**
2822 * Get this user's personal page title.
2823 *
2824 * @return Title: User's personal page title
2825 */
2828 }
2830 /**
2831 * Get this user's talk page title.
2832 *
2833 * @return Title: User's talk page title
2834 */
2838 }
2840 /**
2841 * Get the maximum valid user ID.
2842 * @return Integer: User ID
2843 * @static
2844 */
2853 }
2854 }
2856 /**
2857 * Determine whether the user is a newbie. Newbies are either
2858 * anonymous IPs, or the most recently created accounts.
2859 * @return Bool
2860 */
2863 }
2865 /**
2866 * Check to see if the given clear-text password is one of the accepted passwords
2867 * @param $password String: user password.
2868 * @return Boolean: True if the given password is correct, otherwise False.
2869 */
2874 // Even though we stop people from creating passwords that
2875 // are shorter than this, doesn't mean people wont be able
2876 // to. Certain authentication plugins do NOT want to save
2877 // domain passwords in a mysql database, so we should
2878 // check this (in case $wgAuth->strict() is false).
2881 }
2886 /* Auth plugin doesn't allow local authentication */
2889 /* Auth plugin doesn't allow local authentication for this user name */
2891 }
2895 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2896 # Check for this with iconv
2900 {
2902 }
2903 }
2905 }
2907 /**
2908 * Check if the given clear-text password matches the temporary password
2909 * sent by e-mail for password reset operations.
2910 * @return Boolean: True if matches, false otherwise
2911 */
2917 }
2922 }
2923 }
2925 /**
2926 * Initialize (if necessary) and return a session token value
2927 * which can be used in edit forms to show that the user's
2928 * login credentials aren't being hijacked with a foreign form
2929 * submission.
2930 *
2931 * @param $salt String|Array of Strings Optional function-specific data for hashing
2932 * @param $request WebRequest object to use or null to use $wgRequest
2933 * @return String The new edit token
2934 */
2939 }
2948 }
2951 }
2953 }
2954 }
2956 /**
2957 * Generate a looking random token for various uses.
2958 *
2959 * @param $salt String Optional salt value
2960 * @return String The new random token
2961 */
2965 }
2967 /**
2968 * Check given value against the token value stored in the session.
2969 * A match should confirm that the form was submitted from the
2970 * user's own login session, not a form submission from a third-party
2971 * site.
2972 *
2973 * @param $val String Input value to compare
2974 * @param $salt String Optional function-specific data for hashing
2975 * @param $request WebRequest object to use or null to use $wgRequest
2976 * @return Boolean: Whether the token matches
2977 */
2982 }
2984 }
2986 /**
2987 * Check given value against the token value stored in the session,
2988 * ignoring the suffix.
2989 *
2990 * @param $val String Input value to compare
2991 * @param $salt String Optional function-specific data for hashing
2992 * @param $request WebRequest object to use or null to use $wgRequest
2993 * @return Boolean: Whether the token matches
2994 */
2998 }
3000 /**
3001 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3002 * mail to the user's given address.
3003 *
3004 * @param $type String: message to send, either "created", "changed" or "set"
3005 * @return Status object
3006 */
3021 }
3032 }
3034 /**
3035 * Send an e-mail to this user's account. Does not check for
3036 * confirmed status or validity.
3037 *
3038 * @param $subject String Message subject
3039 * @param $body String Message body
3040 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3041 * @param $replyto String Reply-To address
3042 * @return Status
3043 */
3050 }
3054 }
3056 /**
3057 * Generate, store, and return a new e-mail confirmation code.
3058 * A hash (unsalted, since it's used as a key) is stored.
3059 *
3060 * @note Call saveSettings() after calling this function to commit
3061 * this change to the database.
3062 *
3063 * @param[out] &$expiration \mixed Accepts the expiration time
3064 * @return String New token
3065 * @private
3066 */
3078 }
3080 /**
3081 * Return a URL the user can use to confirm their email address.
3082 * @param $token String Accepts the email confirmation token
3083 * @return String New token URL
3084 * @private
3085 */
3088 }
3090 /**
3091 * Return a URL the user can use to invalidate their email address.
3092 * @param $token String Accepts the email confirmation token
3093 * @return String New token URL
3094 * @private
3095 */
3098 }
3100 /**
3101 * Internal function to format the e-mail validation/invalidation URLs.
3102 * This uses $wgArticlePath directly as a quickie hack to use the
3103 * hardcoded English names of the Special: pages, for ASCII safety.
3104 *
3105 * @note Since these URLs get dropped directly into emails, using the
3106 * short English names avoids insanely long URL-encoded links, which
3107 * also sometimes can get corrupted in some browsers/mailers
3108 * (bug 6957 with Gmail and Internet Explorer).
3109 *
3110 * @param $page String Special page
3111 * @param $token String Token
3112 * @return String Formatted URL
3113 */
3121 }
3123 /**
3124 * Mark the e-mail address confirmed.
3125 *
3126 * @note Call saveSettings() after calling this function to commit the change.
3127 */
3132 }
3134 /**
3135 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3136 * address if it was already confirmed.
3137 *
3138 * @note Call saveSettings() after calling this function to commit the change.
3139 */
3147 }
3149 /**
3150 * Set the e-mail authentication timestamp.
3151 * @param $timestamp String TS_MW timestamp
3152 */
3156 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3157 }
3159 /**
3160 * Is this user allowed to send e-mails within limits of current
3161 * site configuration?
3162 * @return Bool
3163 */
3168 }
3172 }
3174 /**
3175 * Is this user allowed to receive e-mails within limits of current
3176 * site configuration?
3177 * @return Bool
3178 */
3181 }
3183 /**
3184 * Is this user's e-mail address valid-looking and confirmed within
3185 * limits of the current site configuration?
3186 *
3187 * @note If $wgEmailAuthentication is on, this may require the user to have
3188 * confirmed their address by returning a code or using a password
3189 * sent to the address from the wiki.
3190 *
3191 * @return Bool
3192 */
3207 }
3208 }
3210 /**
3211 * Check whether there is an outstanding request for e-mail confirmation.
3212 * @return Bool
3213 */
3220 }
3222 /**
3223 * Get the timestamp of account creation.
3224 *
3225 * @return String|Bool Timestamp of account creation, or false for
3226 * non-existent/anonymous user accounts.
3227 */
3232 }
3234 /**
3235 * Get the timestamp of the first edit
3236 *
3237 * @return String|Bool Timestamp of first edit, or false for
3238 * non-existent/anonymous user accounts.
3239 */
3243 }
3247 __METHOD__,
3249 );
3252 }
3254 }
3256 /**
3257 * Get the permissions associated with a given list of groups
3258 *
3259 * @param $groups Array of Strings List of internal group names
3260 * @return Array of Strings List of permission key names for given groups combined
3261 */
3265 // grant every granted permission first
3269 // array_filter removes empty items
3271 }
3272 }
3273 // now revoke the revoked permissions
3278 }
3279 }
3281 }
3283 /**
3284 * Get all the groups who have a given permission
3285 *
3286 * @param $role String Role to check
3287 * @return Array of Strings List of internal group names with the given permission
3288 */
3295 }
3296 }
3298 }
3300 /**
3301 * Get the localized descriptive name for a group, if it exists
3302 *
3303 * @param $group String Internal group name
3304 * @return String Localized descriptive group name
3305 */
3309 }
3311 /**
3312 * Get the localized descriptive name for a member of a group, if it exists
3313 *
3314 * @param $group String Internal group name
3315 * @return String Localized name for group member
3316 */
3320 }
3322 /**
3323 * Return the set of defined explicit groups.
3324 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3325 * are not included, as they are defined automatically, not in the database.
3326 * @return Array of internal group names
3327 */
3333 );
3334 }
3336 /**
3337 * Get a list of all available permissions.
3338 * @return Array of permission names
3339 */
3347 }
3349 }
3351 }
3353 /**
3354 * Get a list of implicit groups
3355 * @return Array of Strings Array of internal group names
3356 */
3360 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3362 }
3364 /**
3365 * Get the title of a page describing a particular group
3366 *
3367 * @param $group String Internal group name
3368 * @return Title|Bool Title of the page if it exists, false otherwise
3369 */
3376 }
3378 }
3380 /**
3381 * Create a link to the group in HTML, if available;
3382 * else return the group name.
3383 *
3384 * @param $group String Internal name of the group
3385 * @param $text String The text of the link
3386 * @return String HTML link to the group
3387 */
3391 }
3399 }
3400 }
3402 /**
3403 * Create a link to the group in Wikitext, if available;
3404 * else return the group name.
3405 *
3406 * @param $group String Internal name of the group
3407 * @param $text String The text of the link
3408 * @return String Wikilink to the group
3409 */
3413 }
3420 }
3421 }
3423 /**
3424 * Returns an array of the groups that a particular group can add/remove.
3425 *
3426 * @param $group String: the group to check for whether it can add/remove
3427 * @return Array array( 'add' => array( addablegroups ),
3428 * 'remove' => array( removablegroups ),
3429 * 'add-self' => array( addablegroups to self),
3430 * 'remove-self' => array( removable groups from self) )
3431 */
3435 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3437 // Don't add anything to $groups
3439 // You get everything
3443 }
3445 // Same thing for remove
3451 }
3453 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3458 }
3459 }
3460 }
3466 }
3467 }
3468 }
3470 // Now figure out what groups the user can add to him/herself
3473 // No idea WHY this would be used, but it's there
3477 }
3484 }
3487 }
3489 /**
3490 * Returns an array of groups that this user can add and remove
3491 * @return Array array( 'add' => array( addablegroups ),
3492 * 'remove' => array( removablegroups ),
3493 * 'add-self' => array( addablegroups to self),
3494 * 'remove-self' => array( removable groups from self) )
3495 */
3498 // This group gives the right to modify everything (reverse-
3499 // compatibility with old "userrights lets you change
3500 // everything")
3501 // Using array_merge to make the groups reindexed
3508 );
3509 }
3511 // Okay, it's not so simple, we will have to go through the arrays
3517 );
3523 );
3528 }
3530 }
3532 /**
3533 * Increment the user's edit-count field.
3534 * Will have no effect for anonymous users.
3535 */
3542 __METHOD__ );
3544 // Lazy initialization check...
3546 // Pull from a slave to be less cruel to servers
3547 // Accuracy isn't the point anyway here
3552 __METHOD__ );
3554 // Now here's a goddamn hack...
3556 // If we actually have a slave server, the count is
3557 // at least one behind because the current transaction
3558 // has not been committed and replicated.
3561 // But if DB_SLAVE is selecting the master, then the
3562 // count we just read includes the revision that was
3563 // just added in the working transaction.
3564 }
3569 __METHOD__ );
3570 }
3571 }
3572 // edit count in user cache too
3574 }
3576 /**
3577 * Get the description of a given right
3578 *
3579 * @param $right String Right to query
3580 * @return String Localized description of the right
3581 */
3586 ? $right
3588 }
3590 /**
3591 * Make an old-style password hash
3592 *
3593 * @param $password String Plain-text password
3594 * @param $userId String User ID
3595 * @return String Password hash
3596 */
3603 }
3604 }
3606 /**
3607 * Make a new-style password hash
3608 *
3609 * @param $password String Plain-text password
3610 * @param $salt String Optional salt, may be random or the user ID.
3611 * If unspecified or false, will generate one automatically
3612 * @return String Password hash
3613 */
3618 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3620 }
3625 }
3629 }
3630 }
3632 /**
3633 * Compare a password hash with a plain-text password. Requires the user
3634 * ID if there's a chance that the hash is an old-style hash.
3635 *
3636 * @param $hash String Password hash
3637 * @param $password String Plain-text password to compare
3638 * @param $userId String User ID for old-style password salt
3639 * @return Boolean:
3640 */
3647 }
3650 # Unsalted
3653 # Salted
3657 # Old-style
3659 }
3660 }
3662 /**
3663 * Add a newuser log entry for this user
3664 *
3665 * @param $byEmail Boolean: account made by email?
3666 * @param $reason String: user supplied reason
3667 */
3672 }
3684 }
3685 }
3686 }
3693 );
3695 }
3697 /**
3698 * Add an autocreate newuser log entry for this user
3699 * Used by things like CentralAuth and perhaps other authplugins.
3700 */
3705 }
3709 }
3718 // Maybe load from the object
3723 }
3726 // Load from database
3733 __METHOD__
3734 );
3739 }
3740 }
3745 }
3759 // Allow hooks to abort, for instance to save to a global profile.
3760 // Reset options to default state before saving.
3765 # Don't bother storing default values
3773 );
3774 }
3783 }
3784 }
3785 }
3791 }
3793 /**
3794 * Provide an array of HTML5 attributes to put on an input element
3795 * intended for the user to enter a new password. This may include
3796 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3797 *
3798 * Do *not* use this when asking the user to enter his current password!
3799 * Regardless of configuration, users may have invalid passwords for whatever
3800 * reason (e.g., they were set before requirements were tightened up).
3801 * Only use it when asking for a new password, like on account creation or
3802 * ResetPass.
3803 *
3804 * Obviously, you still need to do server-side checking.
3805 *
3806 * NOTE: A combination of bugs in various browsers means that this function
3807 * actually just returns array() unconditionally at the moment. May as
3808 * well keep it around for when the browser bugs get fixed, though.
3809 *
3810 * FIXME : This does not belong here; put it in Html or Linker or somewhere
3811 *
3812 * @return array Array of HTML attributes suitable for feeding to
3813 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3814 * That will potentially output invalid XHTML 1.0 Transitional, and will
3815 * get confused by the boolean attribute syntax used.)
3816 */
3822 }
3824 # Note that the pattern requirement will always be satisfied if the
3825 # input is empty, so we need required in all cases.
3826 #
3827 # FIXME (bug 23769): This needs to not claim the password is required
3828 # if e-mail confirmation is being used. Since HTML5 input validation
3829 # is b0rked anyway in some browsers, just return nothing. When it's
3830 # re-enabled, fix this code to not output required for e-mail
3831 # registration.
3832 #$ret = array( 'required' );
3835 # We can't actually do this right now, because Opera 9.6 will print out
3836 # the entered password visibly in its error message! When other
3837 # browsers add support for this attribute, or Opera fixes its support,
3838 # we can add support with a version check to avoid doing this on Opera
3839 # versions where it will be a problem. Reported to Opera as
3840 # DSK-262266, but they don't have a public bug tracker for us to follow.
3841 /*
3842 if ( $wgMinimalPasswordLength > 1 ) {
3843 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3844 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3845 $wgMinimalPasswordLength );
3846 }
3847 */
3850 }
3851 }