search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
(bug 35565) Special:Log/patrol doesn't indicate whether patrolling was automatic
[mediawiki.git] / includes / User.php
blob42c58ab6c5f11d535f011580a3f63a4f07eb7f8f
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
27 define( 'USER_TOKEN_LENGTH', 32 );
28
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
33 define( 'MW_USER_VERSION', 8 );
34
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
40
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
45 class PasswordError extends MWException {
46 // NOP
47 }
48
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
67
68 /**
69 * Array of Strings List of member variables which are saved to the
70 * shared cache (memcached). Any operation which changes the
71 * corresponding database fields must call a cache-clearing function.
72 * @showinitializer
73 */
74 static $mCacheVars = array(
75 // user table
76 'mId',
77 'mName',
78 'mRealName',
79 'mPassword',
80 'mNewpassword',
81 'mNewpassTime',
82 'mEmail',
83 'mTouched',
84 'mToken',
85 'mEmailAuthenticated',
86 'mEmailToken',
87 'mEmailTokenExpires',
88 'mRegistration',
89 'mEditCount',
90 // user_groups table
91 'mGroups',
92 // user_properties table
93 'mOptionOverrides',
94 );
95
96 /**
97 * Array of Strings Core rights.
98 * Each of these should have a corresponding message of the form
99 * "right-$right".
100 * @showinitializer
101 */
102 static $mCoreRights = array(
103 'apihighlimits',
104 'autoconfirmed',
105 'autopatrol',
106 'bigdelete',
107 'block',
108 'blockemail',
109 'bot',
110 'browsearchive',
111 'createaccount',
112 'createpage',
113 'createtalk',
114 'delete',
115 'deletedhistory',
116 'deletedtext',
117 'deleterevision',
118 'edit',
119 'editinterface',
120 'editusercssjs', #deprecated
121 'editusercss',
122 'edituserjs',
123 'hideuser',
124 'import',
125 'importupload',
126 'ipblock-exempt',
127 'markbotedits',
128 'mergehistory',
129 'minoredit',
130 'move',
131 'movefile',
132 'move-rootuserpages',
133 'move-subpages',
134 'nominornewtalk',
135 'noratelimit',
136 'override-export-depth',
137 'patrol',
138 'protect',
139 'proxyunbannable',
140 'purge',
141 'read',
142 'reupload',
143 'reupload-shared',
144 'rollback',
145 'sendemail',
146 'siteadmin',
147 'suppressionlog',
148 'suppressredirect',
149 'suppressrevision',
150 'unblockself',
151 'undelete',
152 'unwatchedpages',
153 'upload',
154 'upload_by_url',
155 'userrights',
156 'userrights-interwiki',
157 'writeapi',
158 );
159 /**
160 * String Cached results of getAllRights()
161 */
162 static $mAllRights = false;
163
164 /** @name Cache variables */
165 //@{
166 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
167 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
168 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mEditCount,
169 $mGroups, $mOptionOverrides;
170 //@}
171
172 /**
173 * Bool Whether the cache variables have been loaded.
174 */
175 //@{
176 var $mOptionsLoaded;
177
178 /**
179 * Array with already loaded items or true if all items have been loaded.
180 */
181 private $mLoadedItems = array();
182 //@}
183
184 /**
185 * String Initialization data source if mLoadedItems!==true. May be one of:
186 * - 'defaults' anonymous user initialised from class defaults
187 * - 'name' initialise from mName
188 * - 'id' initialise from mId
189 * - 'session' log in from cookies or session if possible
190 *
191 * Use the User::newFrom*() family of functions to set this.
192 */
193 var $mFrom;
194
195 /**
196 * Lazy-initialized variables, invalidated with clearInstanceCache
197 */
198 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
199 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
200 $mLocked, $mHideName, $mOptions;
201
202 /**
203 * @var WebRequest
204 */
205 private $mRequest;
206
207 /**
208 * @var Block
209 */
210 var $mBlock;
211
212 /**
213 * @var bool
214 */
215 var $mAllowUsertalk;
216
217 /**
218 * @var Block
219 */
220 private $mBlockedFromCreateAccount = false;
221
222 static $idCacheByName = array();
223
224 /**
225 * Lightweight constructor for an anonymous user.
226 * Use the User::newFrom* factory functions for other kinds of users.
227 *
228 * @see newFromName()
229 * @see newFromId()
230 * @see newFromConfirmationCode()
231 * @see newFromSession()
232 * @see newFromRow()
233 */
234 function __construct() {
235 $this->clearInstanceCache( 'defaults' );
236 }
237
238 /**
239 * @return String
240 */
241 function __toString(){
242 return $this->getName();
243 }
244
245 /**
246 * Load the user table data for this object from the source given by mFrom.
247 */
248 public function load() {
249 if ( $this->mLoadedItems === true ) {
250 return;
251 }
252 wfProfileIn( __METHOD__ );
253
254 # Set it now to avoid infinite recursion in accessors
255 $this->mLoadedItems = true;
256
257 switch ( $this->mFrom ) {
258 case 'defaults':
259 $this->loadDefaults();
260 break;
261 case 'name':
262 $this->mId = self::idFromName( $this->mName );
263 if ( !$this->mId ) {
264 # Nonexistent user placeholder object
265 $this->loadDefaults( $this->mName );
266 } else {
267 $this->loadFromId();
268 }
269 break;
270 case 'id':
271 $this->loadFromId();
272 break;
273 case 'session':
274 $this->loadFromSession();
275 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
276 break;
277 default:
278 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
279 }
280 wfProfileOut( __METHOD__ );
281 }
282
283 /**
284 * Load user table data, given mId has already been set.
285 * @return Bool false if the ID does not exist, true otherwise
286 */
287 public function loadFromId() {
288 global $wgMemc;
289 if ( $this->mId == 0 ) {
290 $this->loadDefaults();
291 return false;
292 }
293
294 # Try cache
295 $key = wfMemcKey( 'user', 'id', $this->mId );
296 $data = $wgMemc->get( $key );
297 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
298 # Object is expired, load from DB
299 $data = false;
300 }
301
302 if ( !$data ) {
303 wfDebug( "User: cache miss for user {$this->mId}\n" );
304 # Load from DB
305 if ( !$this->loadFromDatabase() ) {
306 # Can't load from ID, user is anonymous
307 return false;
308 }
309 $this->saveToCache();
310 } else {
311 wfDebug( "User: got user {$this->mId} from cache\n" );
312 # Restore from cache
313 foreach ( self::$mCacheVars as $name ) {
314 $this->$name = $data[$name];
315 }
316 }
317 return true;
318 }
319
320 /**
321 * Save user data to the shared cache
322 */
323 public function saveToCache() {
324 $this->load();
325 $this->loadGroups();
326 $this->loadOptions();
327 if ( $this->isAnon() ) {
328 // Anonymous users are uncached
329 return;
330 }
331 $data = array();
332 foreach ( self::$mCacheVars as $name ) {
333 $data[$name] = $this->$name;
334 }
335 $data['mVersion'] = MW_USER_VERSION;
336 $key = wfMemcKey( 'user', 'id', $this->mId );
337 global $wgMemc;
338 $wgMemc->set( $key, $data );
339 }
340
341 /** @name newFrom*() static factory methods */
342 //@{
343
344 /**
345 * Static factory method for creation from username.
346 *
347 * This is slightly less efficient than newFromId(), so use newFromId() if
348 * you have both an ID and a name handy.
349 *
350 * @param $name String Username, validated by Title::newFromText()
351 * @param $validate String|Bool Validate username. Takes the same parameters as
352 * User::getCanonicalName(), except that true is accepted as an alias
353 * for 'valid', for BC.
354 *
355 * @return User object, or false if the username is invalid
356 * (e.g. if it contains illegal characters or is an IP address). If the
357 * username is not present in the database, the result will be a user object
358 * with a name, zero user ID and default settings.
359 */
360 public static function newFromName( $name, $validate = 'valid' ) {
361 if ( $validate === true ) {
362 $validate = 'valid';
363 }
364 $name = self::getCanonicalName( $name, $validate );
365 if ( $name === false ) {
366 return false;
367 } else {
368 # Create unloaded user object
369 $u = new User;
370 $u->mName = $name;
371 $u->mFrom = 'name';
372 $u->setItemLoaded( 'name' );
373 return $u;
374 }
375 }
376
377 /**
378 * Static factory method for creation from a given user ID.
379 *
380 * @param $id Int Valid user ID
381 * @return User The corresponding User object
382 */
383 public static function newFromId( $id ) {
384 $u = new User;
385 $u->mId = $id;
386 $u->mFrom = 'id';
387 $u->setItemLoaded( 'id' );
388 return $u;
389 }
390
391 /**
392 * Factory method to fetch whichever user has a given email confirmation code.
393 * This code is generated when an account is created or its e-mail address
394 * has changed.
395 *
396 * If the code is invalid or has expired, returns NULL.
397 *
398 * @param $code String Confirmation code
399 * @return User object, or null
400 */
401 public static function newFromConfirmationCode( $code ) {
402 $dbr = wfGetDB( DB_SLAVE );
403 $id = $dbr->selectField( 'user', 'user_id', array(
404 'user_email_token' => md5( $code ),
405 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
406 ) );
407 if( $id !== false ) {
408 return User::newFromId( $id );
409 } else {
410 return null;
411 }
412 }
413
414 /**
415 * Create a new user object using data from session or cookies. If the
416 * login credentials are invalid, the result is an anonymous user.
417 *
418 * @param $request WebRequest object to use; $wgRequest will be used if
419 * ommited.
420 * @return User object
421 */
422 public static function newFromSession( WebRequest $request = null ) {
423 $user = new User;
424 $user->mFrom = 'session';
425 $user->mRequest = $request;
426 return $user;
427 }
428
429 /**
430 * Create a new user object from a user row.
431 * The row should have the following fields from the user table in it:
432 * - either user_name or user_id to load further data if needed (or both)
433 * - user_real_name
434 * - all other fields (email, password, etc.)
435 * It is useless to provide the remaining fields if either user_id,
436 * user_name and user_real_name are not provided because the whole row
437 * will be loaded once more from the database when accessing them.
438 *
439 * @param $row Array A row from the user table
440 * @return User
441 */
442 public static function newFromRow( $row ) {
443 $user = new User;
444 $user->loadFromRow( $row );
445 return $user;
446 }
447
448 //@}
449
450 /**
451 * Get the username corresponding to a given user ID
452 * @param $id Int User ID
453 * @return String|bool The corresponding username
454 */
455 public static function whoIs( $id ) {
456 $dbr = wfGetDB( DB_SLAVE );
457 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
458 }
459
460 /**
461 * Get the real name of a user given their user ID
462 *
463 * @param $id Int User ID
464 * @return String|bool The corresponding user's real name
465 */
466 public static function whoIsReal( $id ) {
467 $dbr = wfGetDB( DB_SLAVE );
468 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
469 }
470
471 /**
472 * Get database id given a user name
473 * @param $name String Username
474 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
475 */
476 public static function idFromName( $name ) {
477 $nt = Title::makeTitleSafe( NS_USER, $name );
478 if( is_null( $nt ) ) {
479 # Illegal name
480 return null;
481 }
482
483 if ( isset( self::$idCacheByName[$name] ) ) {
484 return self::$idCacheByName[$name];
485 }
486
487 $dbr = wfGetDB( DB_SLAVE );
488 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
489
490 if ( $s === false ) {
491 $result = null;
492 } else {
493 $result = $s->user_id;
494 }
495
496 self::$idCacheByName[$name] = $result;
497
498 if ( count( self::$idCacheByName ) > 1000 ) {
499 self::$idCacheByName = array();
500 }
501
502 return $result;
503 }
504
505 /**
506 * Reset the cache used in idFromName(). For use in tests.
507 */
508 public static function resetIdByNameCache() {
509 self::$idCacheByName = array();
510 }
511
512 /**
513 * Does the string match an anonymous IPv4 address?
514 *
515 * This function exists for username validation, in order to reject
516 * usernames which are similar in form to IP addresses. Strings such
517 * as 300.300.300.300 will return true because it looks like an IP
518 * address, despite not being strictly valid.
519 *
520 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
521 * address because the usemod software would "cloak" anonymous IP
522 * addresses like this, if we allowed accounts like this to be created
523 * new users could get the old edits of these anonymous users.
524 *
525 * @param $name String to match
526 * @return Bool
527 */
528 public static function isIP( $name ) {
529 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
530 }
531
532 /**
533 * Is the input a valid username?
534 *
535 * Checks if the input is a valid username, we don't want an empty string,
536 * an IP address, anything that containins slashes (would mess up subpages),
537 * is longer than the maximum allowed username size or doesn't begin with
538 * a capital letter.
539 *
540 * @param $name String to match
541 * @return Bool
542 */
543 public static function isValidUserName( $name ) {
544 global $wgContLang, $wgMaxNameChars;
545
546 if ( $name == ''
547 || User::isIP( $name )
548 || strpos( $name, '/' ) !== false
549 || strlen( $name ) > $wgMaxNameChars
550 || $name != $wgContLang->ucfirst( $name ) ) {
551 wfDebugLog( 'username', __METHOD__ .
552 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
553 return false;
554 }
555
556
557 // Ensure that the name can't be misresolved as a different title,
558 // such as with extra namespace keys at the start.
559 $parsed = Title::newFromText( $name );
560 if( is_null( $parsed )
561 || $parsed->getNamespace()
562 || strcmp( $name, $parsed->getPrefixedText() ) ) {
563 wfDebugLog( 'username', __METHOD__ .
564 ": '$name' invalid due to ambiguous prefixes" );
565 return false;
566 }
567
568 // Check an additional blacklist of troublemaker characters.
569 // Should these be merged into the title char list?
570 $unicodeBlacklist = '/[' .
571 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
572 '\x{00a0}' . # non-breaking space
573 '\x{2000}-\x{200f}' . # various whitespace
574 '\x{2028}-\x{202f}' . # breaks and control chars
575 '\x{3000}' . # ideographic space
576 '\x{e000}-\x{f8ff}' . # private use
577 ']/u';
578 if( preg_match( $unicodeBlacklist, $name ) ) {
579 wfDebugLog( 'username', __METHOD__ .
580 ": '$name' invalid due to blacklisted characters" );
581 return false;
582 }
583
584 return true;
585 }
586
587 /**
588 * Usernames which fail to pass this function will be blocked
589 * from user login and new account registrations, but may be used
590 * internally by batch processes.
591 *
592 * If an account already exists in this form, login will be blocked
593 * by a failure to pass this function.
594 *
595 * @param $name String to match
596 * @return Bool
597 */
598 public static function isUsableName( $name ) {
599 global $wgReservedUsernames;
600 // Must be a valid username, obviously ;)
601 if ( !self::isValidUserName( $name ) ) {
602 return false;
603 }
604
605 static $reservedUsernames = false;
606 if ( !$reservedUsernames ) {
607 $reservedUsernames = $wgReservedUsernames;
608 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
609 }
610
611 // Certain names may be reserved for batch processes.
612 foreach ( $reservedUsernames as $reserved ) {
613 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
614 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
615 }
616 if ( $reserved == $name ) {
617 return false;
618 }
619 }
620 return true;
621 }
622
623 /**
624 * Usernames which fail to pass this function will be blocked
625 * from new account registrations, but may be used internally
626 * either by batch processes or by user accounts which have
627 * already been created.
628 *
629 * Additional blacklisting may be added here rather than in
630 * isValidUserName() to avoid disrupting existing accounts.
631 *
632 * @param $name String to match
633 * @return Bool
634 */
635 public static function isCreatableName( $name ) {
636 global $wgInvalidUsernameCharacters;
637
638 // Ensure that the username isn't longer than 235 bytes, so that
639 // (at least for the builtin skins) user javascript and css files
640 // will work. (bug 23080)
641 if( strlen( $name ) > 235 ) {
642 wfDebugLog( 'username', __METHOD__ .
643 ": '$name' invalid due to length" );
644 return false;
645 }
646
647 // Preg yells if you try to give it an empty string
648 if( $wgInvalidUsernameCharacters !== '' ) {
649 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
650 wfDebugLog( 'username', __METHOD__ .
651 ": '$name' invalid due to wgInvalidUsernameCharacters" );
652 return false;
653 }
654 }
655
656 return self::isUsableName( $name );
657 }
658
659 /**
660 * Is the input a valid password for this user?
661 *
662 * @param $password String Desired password
663 * @return Bool
664 */
665 public function isValidPassword( $password ) {
666 //simple boolean wrapper for getPasswordValidity
667 return $this->getPasswordValidity( $password ) === true;
668 }
669
670 /**
671 * Given unvalidated password input, return error message on failure.
672 *
673 * @param $password String Desired password
674 * @return mixed: true on success, string or array of error message on failure
675 */
676 public function getPasswordValidity( $password ) {
677 global $wgMinimalPasswordLength, $wgContLang;
678
679 static $blockedLogins = array(
680 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
681 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
682 );
683
684 $result = false; //init $result to false for the internal checks
685
686 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
687 return $result;
688
689 if ( $result === false ) {
690 if( strlen( $password ) < $wgMinimalPasswordLength ) {
691 return 'passwordtooshort';
692 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
693 return 'password-name-match';
694 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
695 return 'password-login-forbidden';
696 } else {
697 //it seems weird returning true here, but this is because of the
698 //initialization of $result to false above. If the hook is never run or it
699 //doesn't modify $result, then we will likely get down into this if with
700 //a valid password.
701 return true;
702 }
703 } elseif( $result === true ) {
704 return true;
705 } else {
706 return $result; //the isValidPassword hook set a string $result and returned true
707 }
708 }
709
710 /**
711 * Does a string look like an e-mail address?
712 *
713 * This validates an email address using an HTML5 specification found at:
714 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
715 * Which as of 2011-01-24 says:
716 *
717 * A valid e-mail address is a string that matches the ABNF production
718 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
719 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
720 * 3.5.
721 *
722 * This function is an implementation of the specification as requested in
723 * bug 22449.
724 *
725 * Client-side forms will use the same standard validation rules via JS or
726 * HTML 5 validation; additional restrictions can be enforced server-side
727 * by extensions via the 'isValidEmailAddr' hook.
728 *
729 * Note that this validation doesn't 100% match RFC 2822, but is believed
730 * to be liberal enough for wide use. Some invalid addresses will still
731 * pass validation here.
732 *
733 * @param $addr String E-mail address
734 * @return Bool
735 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
736 */
737 public static function isValidEmailAddr( $addr ) {
738 wfDeprecated( __METHOD__, '1.18' );
739 return Sanitizer::validateEmail( $addr );
740 }
741
742 /**
743 * Given unvalidated user input, return a canonical username, or false if
744 * the username is invalid.
745 * @param $name String User input
746 * @param $validate String|Bool type of validation to use:
747 * - false No validation
748 * - 'valid' Valid for batch processes
749 * - 'usable' Valid for batch processes and login
750 * - 'creatable' Valid for batch processes, login and account creation
751 *
752 * @return bool|string
753 */
754 public static function getCanonicalName( $name, $validate = 'valid' ) {
755 # Force usernames to capital
756 global $wgContLang;
757 $name = $wgContLang->ucfirst( $name );
758
759 # Reject names containing '#'; these will be cleaned up
760 # with title normalisation, but then it's too late to
761 # check elsewhere
762 if( strpos( $name, '#' ) !== false )
763 return false;
764
765 # Clean up name according to title rules
766 $t = ( $validate === 'valid' ) ?
767 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
768 # Check for invalid titles
769 if( is_null( $t ) ) {
770 return false;
771 }
772
773 # Reject various classes of invalid names
774 global $wgAuth;
775 $name = $wgAuth->getCanonicalName( $t->getText() );
776
777 switch ( $validate ) {
778 case false:
779 break;
780 case 'valid':
781 if ( !User::isValidUserName( $name ) ) {
782 $name = false;
783 }
784 break;
785 case 'usable':
786 if ( !User::isUsableName( $name ) ) {
787 $name = false;
788 }
789 break;
790 case 'creatable':
791 if ( !User::isCreatableName( $name ) ) {
792 $name = false;
793 }
794 break;
795 default:
796 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
797 }
798 return $name;
799 }
800
801 /**
802 * Count the number of edits of a user
803 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
804 *
805 * @param $uid Int User ID to check
806 * @return Int the user's edit count
807 */
808 public static function edits( $uid ) {
809 wfProfileIn( __METHOD__ );
810 $dbr = wfGetDB( DB_SLAVE );
811 // check if the user_editcount field has been initialized
812 $field = $dbr->selectField(
813 'user', 'user_editcount',
814 array( 'user_id' => $uid ),
815 __METHOD__
816 );
817
818 if( $field === null ) { // it has not been initialized. do so.
819 $dbw = wfGetDB( DB_MASTER );
820 $count = $dbr->selectField(
821 'revision', 'count(*)',
822 array( 'rev_user' => $uid ),
823 __METHOD__
824 );
825 $dbw->update(
826 'user',
827 array( 'user_editcount' => $count ),
828 array( 'user_id' => $uid ),
829 __METHOD__
830 );
831 } else {
832 $count = $field;
833 }
834 wfProfileOut( __METHOD__ );
835 return $count;
836 }
837
838 /**
839 * Return a random password.
840 *
841 * @return String new random password
842 */
843 public static function randomPassword() {
844 global $wgMinimalPasswordLength;
845 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
846 $length = max( 10, $wgMinimalPasswordLength );
847 // Multiply by 1.25 to get the number of hex characters we need
848 $length = $length * 1.25;
849 // Generate random hex chars
850 $hex = MWCryptRand::generateHex( $length );
851 // Convert from base 16 to base 32 to get a proper password like string
852 return wfBaseConvert( $hex, 16, 32 );
853 }
854
855 /**
856 * Set cached properties to default.
857 *
858 * @note This no longer clears uncached lazy-initialised properties;
859 * the constructor does that instead.
860 *
861 * @param $name string
862 */
863 public function loadDefaults( $name = false ) {
864 wfProfileIn( __METHOD__ );
865
866 $this->mId = 0;
867 $this->mName = $name;
868 $this->mRealName = '';
869 $this->mPassword = $this->mNewpassword = '';
870 $this->mNewpassTime = null;
871 $this->mEmail = '';
872 $this->mOptionOverrides = null;
873 $this->mOptionsLoaded = false;
874
875 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
876 if( $loggedOut !== null ) {
877 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
878 } else {
879 $this->mTouched = '0'; # Allow any pages to be cached
880 }
881
882 $this->mToken = null; // Don't run cryptographic functions till we need a token
883 $this->mEmailAuthenticated = null;
884 $this->mEmailToken = '';
885 $this->mEmailTokenExpires = null;
886 $this->mRegistration = wfTimestamp( TS_MW );
887 $this->mGroups = array();
888
889 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
890
891 wfProfileOut( __METHOD__ );
892 }
893
894 /**
895 * Return whether an item has been loaded.
896 *
897 * @param $item String: item to check. Current possibilities:
898 * - id
899 * - name
900 * - realname
901 * @param $all String: 'all' to check if the whole object has been loaded
902 * or any other string to check if only the item is available (e.g.
903 * for optimisation)
904 * @return Boolean
905 */
906 public function isItemLoaded( $item, $all = 'all' ) {
907 return ( $this->mLoadedItems === true && $all === 'all' ) ||
908 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
909 }
910
911 /**
912 * Set that an item has been loaded
913 *
914 * @param $item String
915 */
916 private function setItemLoaded( $item ) {
917 if ( is_array( $this->mLoadedItems ) ) {
918 $this->mLoadedItems[$item] = true;
919 }
920 }
921
922 /**
923 * Load user data from the session or login cookie. If there are no valid
924 * credentials, initialises the user as an anonymous user.
925 * @return Bool True if the user is logged in, false otherwise.
926 */
927 private function loadFromSession() {
928 global $wgExternalAuthType, $wgAutocreatePolicy;
929
930 $result = null;
931 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
932 if ( $result !== null ) {
933 return $result;
934 }
935
936 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
937 $extUser = ExternalUser::newFromCookie();
938 if ( $extUser ) {
939 # TODO: Automatically create the user here (or probably a bit
940 # lower down, in fact)
941 }
942 }
943
944 $request = $this->getRequest();
945
946 $cookieId = $request->getCookie( 'UserID' );
947 $sessId = $request->getSessionData( 'wsUserID' );
948
949 if ( $cookieId !== null ) {
950 $sId = intval( $cookieId );
951 if( $sessId !== null && $cookieId != $sessId ) {
952 $this->loadDefaults(); // Possible collision!
953 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
954 cookie user ID ($sId) don't match!" );
955 return false;
956 }
957 $request->setSessionData( 'wsUserID', $sId );
958 } elseif ( $sessId !== null && $sessId != 0 ) {
959 $sId = $sessId;
960 } else {
961 $this->loadDefaults();
962 return false;
963 }
964
965 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
966 $sName = $request->getSessionData( 'wsUserName' );
967 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
968 $sName = $request->getCookie( 'UserName' );
969 $request->setSessionData( 'wsUserName', $sName );
970 } else {
971 $this->loadDefaults();
972 return false;
973 }
974
975 $proposedUser = User::newFromId( $sId );
976 if ( !$proposedUser->isLoggedIn() ) {
977 # Not a valid ID
978 $this->loadDefaults();
979 return false;
980 }
981
982 global $wgBlockDisablesLogin;
983 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
984 # User blocked and we've disabled blocked user logins
985 $this->loadDefaults();
986 return false;
987 }
988
989 if ( $request->getSessionData( 'wsToken' ) ) {
990 $passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
991 $from = 'session';
992 } elseif ( $request->getCookie( 'Token' ) ) {
993 $passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
994 $from = 'cookie';
995 } else {
996 # No session or persistent login cookie
997 $this->loadDefaults();
998 return false;
999 }
1000
1001 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
1002 $this->loadFromUserObject( $proposedUser );
1003 $request->setSessionData( 'wsToken', $this->mToken );
1004 wfDebug( "User: logged in from $from\n" );
1005 return true;
1006 } else {
1007 # Invalid credentials
1008 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1009 $this->loadDefaults();
1010 return false;
1011 }
1012 }
1013
1014 /**
1015 * Load user and user_group data from the database.
1016 * $this->mId must be set, this is how the user is identified.
1017 *
1018 * @return Bool True if the user exists, false if the user is anonymous
1019 */
1020 public function loadFromDatabase() {
1021 # Paranoia
1022 $this->mId = intval( $this->mId );
1023
1024 /** Anonymous user */
1025 if( !$this->mId ) {
1026 $this->loadDefaults();
1027 return false;
1028 }
1029
1030 $dbr = wfGetDB( DB_MASTER );
1031 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
1032
1033 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1034
1035 if ( $s !== false ) {
1036 # Initialise user table data
1037 $this->loadFromRow( $s );
1038 $this->mGroups = null; // deferred
1039 $this->getEditCount(); // revalidation for nulls
1040 return true;
1041 } else {
1042 # Invalid user_id
1043 $this->mId = 0;
1044 $this->loadDefaults();
1045 return false;
1046 }
1047 }
1048
1049 /**
1050 * Initialize this object from a row from the user table.
1051 *
1052 * @param $row Array Row from the user table to load.
1053 */
1054 public function loadFromRow( $row ) {
1055 $all = true;
1056
1057 $this->mGroups = null; // deferred
1058
1059 if ( isset( $row->user_name ) ) {
1060 $this->mName = $row->user_name;
1061 $this->mFrom = 'name';
1062 $this->setItemLoaded( 'name' );
1063 } else {
1064 $all = false;
1065 }
1066
1067 if ( isset( $row->user_real_name ) ) {
1068 $this->mRealName = $row->user_real_name;
1069 $this->setItemLoaded( 'realname' );
1070 } else {
1071 $all = false;
1072 }
1073
1074 if ( isset( $row->user_id ) ) {
1075 $this->mId = intval( $row->user_id );
1076 $this->mFrom = 'id';
1077 $this->setItemLoaded( 'id' );
1078 } else {
1079 $all = false;
1080 }
1081
1082 if ( isset( $row->user_editcount ) ) {
1083 $this->mEditCount = $row->user_editcount;
1084 } else {
1085 $all = false;
1086 }
1087
1088 if ( isset( $row->user_password ) ) {
1089 $this->mPassword = $row->user_password;
1090 $this->mNewpassword = $row->user_newpassword;
1091 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1092 $this->mEmail = $row->user_email;
1093 if ( isset( $row->user_options ) ) {
1094 $this->decodeOptions( $row->user_options );
1095 }
1096 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1097 $this->mToken = $row->user_token;
1098 if ( $this->mToken == '' ) {
1099 $this->mToken = null;
1100 }
1101 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1102 $this->mEmailToken = $row->user_email_token;
1103 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1104 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1105 } else {
1106 $all = false;
1107 }
1108
1109 if ( $all ) {
1110 $this->mLoadedItems = true;
1111 }
1112 }
1113
1114 /**
1115 * Load the data for this user object from another user object.
1116 *
1117 * @param $user User
1118 */
1119 protected function loadFromUserObject( $user ) {
1120 $user->load();
1121 $user->loadGroups();
1122 $user->loadOptions();
1123 foreach ( self::$mCacheVars as $var ) {
1124 $this->$var = $user->$var;
1125 }
1126 }
1127
1128 /**
1129 * Load the groups from the database if they aren't already loaded.
1130 */
1131 private function loadGroups() {
1132 if ( is_null( $this->mGroups ) ) {
1133 $dbr = wfGetDB( DB_MASTER );
1134 $res = $dbr->select( 'user_groups',
1135 array( 'ug_group' ),
1136 array( 'ug_user' => $this->mId ),
1137 __METHOD__ );
1138 $this->mGroups = array();
1139 foreach ( $res as $row ) {
1140 $this->mGroups[] = $row->ug_group;
1141 }
1142 }
1143 }
1144
1145 /**
1146 * Add the user to the group if he/she meets given criteria.
1147 *
1148 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1149 * possible to remove manually via Special:UserRights. In such case it
1150 * will not be re-added automatically. The user will also not lose the
1151 * group if they no longer meet the criteria.
1152 *
1153 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1154 *
1155 * @return array Array of groups the user has been promoted to.
1156 *
1157 * @see $wgAutopromoteOnce
1158 */
1159 public function addAutopromoteOnceGroups( $event ) {
1160 global $wgAutopromoteOnceLogInRC;
1161
1162 $toPromote = array();
1163 if ( $this->getId() ) {
1164 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1165 if ( count( $toPromote ) ) {
1166 $oldGroups = $this->getGroups(); // previous groups
1167 foreach ( $toPromote as $group ) {
1168 $this->addGroup( $group );
1169 }
1170 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1171
1172 $log = new LogPage( 'rights', $wgAutopromoteOnceLogInRC /* in RC? */ );
1173 $log->addEntry( 'autopromote',
1174 $this->getUserPage(),
1175 '', // no comment
1176 // These group names are "list to texted"-ed in class LogPage.
1177 array( implode( ', ', $oldGroups ), implode( ', ', $newGroups ) )
1178 );
1179 }
1180 }
1181 return $toPromote;
1182 }
1183
1184 /**
1185 * Clear various cached data stored in this object.
1186 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1187 * given source. May be "name", "id", "defaults", "session", or false for
1188 * no reload.
1189 */
1190 public function clearInstanceCache( $reloadFrom = false ) {
1191 $this->mNewtalk = -1;
1192 $this->mDatePreference = null;
1193 $this->mBlockedby = -1; # Unset
1194 $this->mHash = false;
1195 $this->mRights = null;
1196 $this->mEffectiveGroups = null;
1197 $this->mImplicitGroups = null;
1198 $this->mOptions = null;
1199
1200 if ( $reloadFrom ) {
1201 $this->mLoadedItems = array();
1202 $this->mFrom = $reloadFrom;
1203 }
1204 }
1205
1206 /**
1207 * Combine the language default options with any site-specific options
1208 * and add the default language variants.
1209 *
1210 * @return Array of String options
1211 */
1212 public static function getDefaultOptions() {
1213 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1214
1215 $defOpt = $wgDefaultUserOptions;
1216 # default language setting
1217 $variant = $wgContLang->getDefaultVariant();
1218 $defOpt['variant'] = $variant;
1219 $defOpt['language'] = $variant;
1220 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1221 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1222 }
1223 $defOpt['skin'] = $wgDefaultSkin;
1224
1225 // FIXME: Ideally we'd cache the results of this function so the hook is only run once,
1226 // but that breaks the parser tests because they rely on being able to change $wgContLang
1227 // mid-request and see that change reflected in the return value of this function.
1228 // Which is insane and would never happen during normal MW operation, but is also not
1229 // likely to get fixed unless and until we context-ify everything.
1230 // See also https://www.mediawiki.org/wiki/Special:Code/MediaWiki/101488#c25275
1231 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1232
1233 return $defOpt;
1234 }
1235
1236 /**
1237 * Get a given default option value.
1238 *
1239 * @param $opt String Name of option to retrieve
1240 * @return String Default option value
1241 */
1242 public static function getDefaultOption( $opt ) {
1243 $defOpts = self::getDefaultOptions();
1244 if( isset( $defOpts[$opt] ) ) {
1245 return $defOpts[$opt];
1246 } else {
1247 return null;
1248 }
1249 }
1250
1251
1252 /**
1253 * Get blocking information
1254 * @param $bFromSlave Bool Whether to check the slave database first. To
1255 * improve performance, non-critical checks are done
1256 * against slaves. Check when actually saving should be
1257 * done against master.
1258 */
1259 private function getBlockedStatus( $bFromSlave = true ) {
1260 global $wgProxyWhitelist, $wgUser;
1261
1262 if ( -1 != $this->mBlockedby ) {
1263 return;
1264 }
1265
1266 wfProfileIn( __METHOD__ );
1267 wfDebug( __METHOD__.": checking...\n" );
1268
1269 // Initialize data...
1270 // Otherwise something ends up stomping on $this->mBlockedby when
1271 // things get lazy-loaded later, causing false positive block hits
1272 // due to -1 !== 0. Probably session-related... Nothing should be
1273 // overwriting mBlockedby, surely?
1274 $this->load();
1275
1276 # We only need to worry about passing the IP address to the Block generator if the
1277 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1278 # know which IP address they're actually coming from
1279 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1280 $ip = $this->getRequest()->getIP();
1281 } else {
1282 $ip = null;
1283 }
1284
1285 # User/IP blocking
1286 $block = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
1287
1288 # Proxy blocking
1289 if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
1290 && !in_array( $ip, $wgProxyWhitelist ) )
1291 {
1292 # Local list
1293 if ( self::isLocallyBlockedProxy( $ip ) ) {
1294 $block = new Block;
1295 $block->setBlocker( wfMsg( 'proxyblocker' ) );
1296 $block->mReason = wfMsg( 'proxyblockreason' );
1297 $block->setTarget( $ip );
1298 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1299 $block = new Block;
1300 $block->setBlocker( wfMsg( 'sorbs' ) );
1301 $block->mReason = wfMsg( 'sorbsreason' );
1302 $block->setTarget( $ip );
1303 }
1304 }
1305
1306 if ( $block instanceof Block ) {
1307 wfDebug( __METHOD__ . ": Found block.\n" );
1308 $this->mBlock = $block;
1309 $this->mBlockedby = $block->getByName();
1310 $this->mBlockreason = $block->mReason;
1311 $this->mHideName = $block->mHideName;
1312 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1313 } else {
1314 $this->mBlockedby = '';
1315 $this->mHideName = 0;
1316 $this->mAllowUsertalk = false;
1317 }
1318
1319 # Extensions
1320 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1321
1322 wfProfileOut( __METHOD__ );
1323 }
1324
1325 /**
1326 * Whether the given IP is in a DNS blacklist.
1327 *
1328 * @param $ip String IP to check
1329 * @param $checkWhitelist Bool: whether to check the whitelist first
1330 * @return Bool True if blacklisted.
1331 */
1332 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1333 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1334 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1335
1336 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1337 return false;
1338
1339 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1340 return false;
1341
1342 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1343 return $this->inDnsBlacklist( $ip, $urls );
1344 }
1345
1346 /**
1347 * Whether the given IP is in a given DNS blacklist.
1348 *
1349 * @param $ip String IP to check
1350 * @param $bases String|Array of Strings: URL of the DNS blacklist
1351 * @return Bool True if blacklisted.
1352 */
1353 public function inDnsBlacklist( $ip, $bases ) {
1354 wfProfileIn( __METHOD__ );
1355
1356 $found = false;
1357 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1358 if( IP::isIPv4( $ip ) ) {
1359 # Reverse IP, bug 21255
1360 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1361
1362 foreach( (array)$bases as $base ) {
1363 # Make hostname
1364 # If we have an access key, use that too (ProjectHoneypot, etc.)
1365 if( is_array( $base ) ) {
1366 if( count( $base ) >= 2 ) {
1367 # Access key is 1, base URL is 0
1368 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1369 } else {
1370 $host = "$ipReversed.{$base[0]}";
1371 }
1372 } else {
1373 $host = "$ipReversed.$base";
1374 }
1375
1376 # Send query
1377 $ipList = gethostbynamel( $host );
1378
1379 if( $ipList ) {
1380 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1381 $found = true;
1382 break;
1383 } else {
1384 wfDebug( "Requested $host, not found in $base.\n" );
1385 }
1386 }
1387 }
1388
1389 wfProfileOut( __METHOD__ );
1390 return $found;
1391 }
1392
1393 /**
1394 * Check if an IP address is in the local proxy list
1395 *
1396 * @param $ip string
1397 *
1398 * @return bool
1399 */
1400 public static function isLocallyBlockedProxy( $ip ) {
1401 global $wgProxyList;
1402
1403 if ( !$wgProxyList ) {
1404 return false;
1405 }
1406 wfProfileIn( __METHOD__ );
1407
1408 if ( !is_array( $wgProxyList ) ) {
1409 # Load from the specified file
1410 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1411 }
1412
1413 if ( !is_array( $wgProxyList ) ) {
1414 $ret = false;
1415 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1416 $ret = true;
1417 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1418 # Old-style flipped proxy list
1419 $ret = true;
1420 } else {
1421 $ret = false;
1422 }
1423 wfProfileOut( __METHOD__ );
1424 return $ret;
1425 }
1426
1427 /**
1428 * Is this user subject to rate limiting?
1429 *
1430 * @return Bool True if rate limited
1431 */
1432 public function isPingLimitable() {
1433 global $wgRateLimitsExcludedIPs;
1434 if( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1435 // No other good way currently to disable rate limits
1436 // for specific IPs. :P
1437 // But this is a crappy hack and should die.
1438 return false;
1439 }
1440 return !$this->isAllowed('noratelimit');
1441 }
1442
1443 /**
1444 * Primitive rate limits: enforce maximum actions per time period
1445 * to put a brake on flooding.
1446 *
1447 * @note When using a shared cache like memcached, IP-address
1448 * last-hit counters will be shared across wikis.
1449 *
1450 * @param $action String Action to enforce; 'edit' if unspecified
1451 * @return Bool True if a rate limiter was tripped
1452 */
1453 public function pingLimiter( $action = 'edit' ) {
1454 # Call the 'PingLimiter' hook
1455 $result = false;
1456 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1457 return $result;
1458 }
1459
1460 global $wgRateLimits;
1461 if( !isset( $wgRateLimits[$action] ) ) {
1462 return false;
1463 }
1464
1465 # Some groups shouldn't trigger the ping limiter, ever
1466 if( !$this->isPingLimitable() )
1467 return false;
1468
1469 global $wgMemc, $wgRateLimitLog;
1470 wfProfileIn( __METHOD__ );
1471
1472 $limits = $wgRateLimits[$action];
1473 $keys = array();
1474 $id = $this->getId();
1475 $ip = $this->getRequest()->getIP();
1476 $userLimit = false;
1477
1478 if( isset( $limits['anon'] ) && $id == 0 ) {
1479 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1480 }
1481
1482 if( isset( $limits['user'] ) && $id != 0 ) {
1483 $userLimit = $limits['user'];
1484 }
1485 if( $this->isNewbie() ) {
1486 if( isset( $limits['newbie'] ) && $id != 0 ) {
1487 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1488 }
1489 if( isset( $limits['ip'] ) ) {
1490 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1491 }
1492 $matches = array();
1493 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1494 $subnet = $matches[1];
1495 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1496 }
1497 }
1498 // Check for group-specific permissions
1499 // If more than one group applies, use the group with the highest limit
1500 foreach ( $this->getGroups() as $group ) {
1501 if ( isset( $limits[$group] ) ) {
1502 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1503 $userLimit = $limits[$group];
1504 }
1505 }
1506 }
1507 // Set the user limit key
1508 if ( $userLimit !== false ) {
1509 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1510 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1511 }
1512
1513 $triggered = false;
1514 foreach( $keys as $key => $limit ) {
1515 list( $max, $period ) = $limit;
1516 $summary = "(limit $max in {$period}s)";
1517 $count = $wgMemc->get( $key );
1518 // Already pinged?
1519 if( $count ) {
1520 if( $count >= $max ) {
1521 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1522 if( $wgRateLimitLog ) {
1523 wfSuppressWarnings();
1524 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1525 wfRestoreWarnings();
1526 }
1527 $triggered = true;
1528 } else {
1529 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1530 }
1531 } else {
1532 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1533 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1534 }
1535 $wgMemc->incr( $key );
1536 }
1537
1538 wfProfileOut( __METHOD__ );
1539 return $triggered;
1540 }
1541
1542 /**
1543 * Check if user is blocked
1544 *
1545 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1546 * @return Bool True if blocked, false otherwise
1547 */
1548 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1549 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1550 }
1551
1552 /**
1553 * Get the block affecting the user, or null if the user is not blocked
1554 *
1555 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1556 * @return Block|null
1557 */
1558 public function getBlock( $bFromSlave = true ){
1559 $this->getBlockedStatus( $bFromSlave );
1560 return $this->mBlock instanceof Block ? $this->mBlock : null;
1561 }
1562
1563 /**
1564 * Check if user is blocked from editing a particular article
1565 *
1566 * @param $title Title to check
1567 * @param $bFromSlave Bool whether to check the slave database instead of the master
1568 * @return Bool
1569 */
1570 function isBlockedFrom( $title, $bFromSlave = false ) {
1571 global $wgBlockAllowsUTEdit;
1572 wfProfileIn( __METHOD__ );
1573
1574 $blocked = $this->isBlocked( $bFromSlave );
1575 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1576 # If a user's name is suppressed, they cannot make edits anywhere
1577 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1578 $title->getNamespace() == NS_USER_TALK ) {
1579 $blocked = false;
1580 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1581 }
1582
1583 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1584
1585 wfProfileOut( __METHOD__ );
1586 return $blocked;
1587 }
1588
1589 /**
1590 * If user is blocked, return the name of the user who placed the block
1591 * @return String name of blocker
1592 */
1593 public function blockedBy() {
1594 $this->getBlockedStatus();
1595 return $this->mBlockedby;
1596 }
1597
1598 /**
1599 * If user is blocked, return the specified reason for the block
1600 * @return String Blocking reason
1601 */
1602 public function blockedFor() {
1603 $this->getBlockedStatus();
1604 return $this->mBlockreason;
1605 }
1606
1607 /**
1608 * If user is blocked, return the ID for the block
1609 * @return Int Block ID
1610 */
1611 public function getBlockId() {
1612 $this->getBlockedStatus();
1613 return ( $this->mBlock ? $this->mBlock->getId() : false );
1614 }
1615
1616 /**
1617 * Check if user is blocked on all wikis.
1618 * Do not use for actual edit permission checks!
1619 * This is intented for quick UI checks.
1620 *
1621 * @param $ip String IP address, uses current client if none given
1622 * @return Bool True if blocked, false otherwise
1623 */
1624 public function isBlockedGlobally( $ip = '' ) {
1625 if( $this->mBlockedGlobally !== null ) {
1626 return $this->mBlockedGlobally;
1627 }
1628 // User is already an IP?
1629 if( IP::isIPAddress( $this->getName() ) ) {
1630 $ip = $this->getName();
1631 } elseif( !$ip ) {
1632 $ip = $this->getRequest()->getIP();
1633 }
1634 $blocked = false;
1635 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1636 $this->mBlockedGlobally = (bool)$blocked;
1637 return $this->mBlockedGlobally;
1638 }
1639
1640 /**
1641 * Check if user account is locked
1642 *
1643 * @return Bool True if locked, false otherwise
1644 */
1645 public function isLocked() {
1646 if( $this->mLocked !== null ) {
1647 return $this->mLocked;
1648 }
1649 global $wgAuth;
1650 $authUser = $wgAuth->getUserInstance( $this );
1651 $this->mLocked = (bool)$authUser->isLocked();
1652 return $this->mLocked;
1653 }
1654
1655 /**
1656 * Check if user account is hidden
1657 *
1658 * @return Bool True if hidden, false otherwise
1659 */
1660 public function isHidden() {
1661 if( $this->mHideName !== null ) {
1662 return $this->mHideName;
1663 }
1664 $this->getBlockedStatus();
1665 if( !$this->mHideName ) {
1666 global $wgAuth;
1667 $authUser = $wgAuth->getUserInstance( $this );
1668 $this->mHideName = (bool)$authUser->isHidden();
1669 }
1670 return $this->mHideName;
1671 }
1672
1673 /**
1674 * Get the user's ID.
1675 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1676 */
1677 public function getId() {
1678 if( $this->mId === null && $this->mName !== null
1679 && User::isIP( $this->mName ) ) {
1680 // Special case, we know the user is anonymous
1681 return 0;
1682 } elseif( !$this->isItemLoaded( 'id' ) ) {
1683 // Don't load if this was initialized from an ID
1684 $this->load();
1685 }
1686 return $this->mId;
1687 }
1688
1689 /**
1690 * Set the user and reload all fields according to a given ID
1691 * @param $v Int User ID to reload
1692 */
1693 public function setId( $v ) {
1694 $this->mId = $v;
1695 $this->clearInstanceCache( 'id' );
1696 }
1697
1698 /**
1699 * Get the user name, or the IP of an anonymous user
1700 * @return String User's name or IP address
1701 */
1702 public function getName() {
1703 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1704 # Special case optimisation
1705 return $this->mName;
1706 } else {
1707 $this->load();
1708 if ( $this->mName === false ) {
1709 # Clean up IPs
1710 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1711 }
1712 return $this->mName;
1713 }
1714 }
1715
1716 /**
1717 * Set the user name.
1718 *
1719 * This does not reload fields from the database according to the given
1720 * name. Rather, it is used to create a temporary "nonexistent user" for
1721 * later addition to the database. It can also be used to set the IP
1722 * address for an anonymous user to something other than the current
1723 * remote IP.
1724 *
1725 * @note User::newFromName() has rougly the same function, when the named user
1726 * does not exist.
1727 * @param $str String New user name to set
1728 */
1729 public function setName( $str ) {
1730 $this->load();
1731 $this->mName = $str;
1732 }
1733
1734 /**
1735 * Get the user's name escaped by underscores.
1736 * @return String Username escaped by underscores.
1737 */
1738 public function getTitleKey() {
1739 return str_replace( ' ', '_', $this->getName() );
1740 }
1741
1742 /**
1743 * Check if the user has new messages.
1744 * @return Bool True if the user has new messages
1745 */
1746 public function getNewtalk() {
1747 $this->load();
1748
1749 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1750 if( $this->mNewtalk === -1 ) {
1751 $this->mNewtalk = false; # reset talk page status
1752
1753 # Check memcached separately for anons, who have no
1754 # entire User object stored in there.
1755 if( !$this->mId ) {
1756 global $wgMemc;
1757 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1758 $newtalk = $wgMemc->get( $key );
1759 if( strval( $newtalk ) !== '' ) {
1760 $this->mNewtalk = (bool)$newtalk;
1761 } else {
1762 // Since we are caching this, make sure it is up to date by getting it
1763 // from the master
1764 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1765 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1766 }
1767 } else {
1768 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1769 }
1770 }
1771
1772 return (bool)$this->mNewtalk;
1773 }
1774
1775 /**
1776 * Return the talk page(s) this user has new messages on.
1777 * @return Array of String page URLs
1778 */
1779 public function getNewMessageLinks() {
1780 $talks = array();
1781 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1782 return $talks;
1783
1784 if( !$this->getNewtalk() )
1785 return array();
1786 $up = $this->getUserPage();
1787 $utp = $up->getTalkPage();
1788 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1789 }
1790
1791 /**
1792 * Internal uncached check for new messages
1793 *
1794 * @see getNewtalk()
1795 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1796 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1797 * @param $fromMaster Bool true to fetch from the master, false for a slave
1798 * @return Bool True if the user has new messages
1799 */
1800 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1801 if ( $fromMaster ) {
1802 $db = wfGetDB( DB_MASTER );
1803 } else {
1804 $db = wfGetDB( DB_SLAVE );
1805 }
1806 $ok = $db->selectField( 'user_newtalk', $field,
1807 array( $field => $id ), __METHOD__ );
1808 return $ok !== false;
1809 }
1810
1811 /**
1812 * Add or update the new messages flag
1813 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1814 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1815 * @return Bool True if successful, false otherwise
1816 */
1817 protected function updateNewtalk( $field, $id ) {
1818 $dbw = wfGetDB( DB_MASTER );
1819 $dbw->insert( 'user_newtalk',
1820 array( $field => $id ),
1821 __METHOD__,
1822 'IGNORE' );
1823 if ( $dbw->affectedRows() ) {
1824 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1825 return true;
1826 } else {
1827 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1828 return false;
1829 }
1830 }
1831
1832 /**
1833 * Clear the new messages flag for the given user
1834 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1835 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1836 * @return Bool True if successful, false otherwise
1837 */
1838 protected function deleteNewtalk( $field, $id ) {
1839 $dbw = wfGetDB( DB_MASTER );
1840 $dbw->delete( 'user_newtalk',
1841 array( $field => $id ),
1842 __METHOD__ );
1843 if ( $dbw->affectedRows() ) {
1844 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1845 return true;
1846 } else {
1847 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1848 return false;
1849 }
1850 }
1851
1852 /**
1853 * Update the 'You have new messages!' status.
1854 * @param $val Bool Whether the user has new messages
1855 */
1856 public function setNewtalk( $val ) {
1857 if( wfReadOnly() ) {
1858 return;
1859 }
1860
1861 $this->load();
1862 $this->mNewtalk = $val;
1863
1864 if( $this->isAnon() ) {
1865 $field = 'user_ip';
1866 $id = $this->getName();
1867 } else {
1868 $field = 'user_id';
1869 $id = $this->getId();
1870 }
1871 global $wgMemc;
1872
1873 if( $val ) {
1874 $changed = $this->updateNewtalk( $field, $id );
1875 } else {
1876 $changed = $this->deleteNewtalk( $field, $id );
1877 }
1878
1879 if( $this->isAnon() ) {
1880 // Anons have a separate memcached space, since
1881 // user records aren't kept for them.
1882 $key = wfMemcKey( 'newtalk', 'ip', $id );
1883 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1884 }
1885 if ( $changed ) {
1886 $this->invalidateCache();
1887 }
1888 }
1889
1890 /**
1891 * Generate a current or new-future timestamp to be stored in the
1892 * user_touched field when we update things.
1893 * @return String Timestamp in TS_MW format
1894 */
1895 private static function newTouchedTimestamp() {
1896 global $wgClockSkewFudge;
1897 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1898 }
1899
1900 /**
1901 * Clear user data from memcached.
1902 * Use after applying fun updates to the database; caller's
1903 * responsibility to update user_touched if appropriate.
1904 *
1905 * Called implicitly from invalidateCache() and saveSettings().
1906 */
1907 private function clearSharedCache() {
1908 $this->load();
1909 if( $this->mId ) {
1910 global $wgMemc;
1911 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1912 }
1913 }
1914
1915 /**
1916 * Immediately touch the user data cache for this account.
1917 * Updates user_touched field, and removes account data from memcached
1918 * for reload on the next hit.
1919 */
1920 public function invalidateCache() {
1921 if( wfReadOnly() ) {
1922 return;
1923 }
1924 $this->load();
1925 if( $this->mId ) {
1926 $this->mTouched = self::newTouchedTimestamp();
1927
1928 $dbw = wfGetDB( DB_MASTER );
1929 $dbw->update( 'user',
1930 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1931 array( 'user_id' => $this->mId ),
1932 __METHOD__ );
1933
1934 $this->clearSharedCache();
1935 }
1936 }
1937
1938 /**
1939 * Validate the cache for this account.
1940 * @param $timestamp String A timestamp in TS_MW format
1941 *
1942 * @return bool
1943 */
1944 public function validateCache( $timestamp ) {
1945 $this->load();
1946 return ( $timestamp >= $this->mTouched );
1947 }
1948
1949 /**
1950 * Get the user touched timestamp
1951 * @return String timestamp
1952 */
1953 public function getTouched() {
1954 $this->load();
1955 return $this->mTouched;
1956 }
1957
1958 /**
1959 * Set the password and reset the random token.
1960 * Calls through to authentication plugin if necessary;
1961 * will have no effect if the auth plugin refuses to
1962 * pass the change through or if the legal password
1963 * checks fail.
1964 *
1965 * As a special case, setting the password to null
1966 * wipes it, so the account cannot be logged in until
1967 * a new password is set, for instance via e-mail.
1968 *
1969 * @param $str String New password to set
1970 * @throws PasswordError on failure
1971 *
1972 * @return bool
1973 */
1974 public function setPassword( $str ) {
1975 global $wgAuth;
1976
1977 if( $str !== null ) {
1978 if( !$wgAuth->allowPasswordChange() ) {
1979 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1980 }
1981
1982 if( !$this->isValidPassword( $str ) ) {
1983 global $wgMinimalPasswordLength;
1984 $valid = $this->getPasswordValidity( $str );
1985 if ( is_array( $valid ) ) {
1986 $message = array_shift( $valid );
1987 $params = $valid;
1988 } else {
1989 $message = $valid;
1990 $params = array( $wgMinimalPasswordLength );
1991 }
1992 throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
1993 }
1994 }
1995
1996 if( !$wgAuth->setPassword( $this, $str ) ) {
1997 throw new PasswordError( wfMsg( 'externaldberror' ) );
1998 }
1999
2000 $this->setInternalPassword( $str );
2001
2002 return true;
2003 }
2004
2005 /**
2006 * Set the password and reset the random token unconditionally.
2007 *
2008 * @param $str String New password to set
2009 */
2010 public function setInternalPassword( $str ) {
2011 $this->load();
2012 $this->setToken();
2013
2014 if( $str === null ) {
2015 // Save an invalid hash...
2016 $this->mPassword = '';
2017 } else {
2018 $this->mPassword = self::crypt( $str );
2019 }
2020 $this->mNewpassword = '';
2021 $this->mNewpassTime = null;
2022 }
2023
2024 /**
2025 * Get the user's current token.
2026 * @param $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2027 * @return String Token
2028 */
2029 public function getToken( $forceCreation = true ) {
2030 $this->load();
2031 if ( !$this->mToken && $forceCreation ) {
2032 $this->setToken();
2033 }
2034 return $this->mToken;
2035 }
2036
2037 /**
2038 * Set the random token (used for persistent authentication)
2039 * Called from loadDefaults() among other places.
2040 *
2041 * @param $token String|bool If specified, set the token to this value
2042 */
2043 public function setToken( $token = false ) {
2044 global $wgSecretKey, $wgProxyKey;
2045 $this->load();
2046 if ( !$token ) {
2047 $this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
2048 } else {
2049 $this->mToken = $token;
2050 }
2051 }
2052
2053 /**
2054 * Set the password for a password reminder or new account email
2055 *
2056 * @param $str String New password to set
2057 * @param $throttle Bool If true, reset the throttle timestamp to the present
2058 */
2059 public function setNewpassword( $str, $throttle = true ) {
2060 $this->load();
2061 $this->mNewpassword = self::crypt( $str );
2062 if ( $throttle ) {
2063 $this->mNewpassTime = wfTimestampNow();
2064 }
2065 }
2066
2067 /**
2068 * Has password reminder email been sent within the last
2069 * $wgPasswordReminderResendTime hours?
2070 * @return Bool
2071 */
2072 public function isPasswordReminderThrottled() {
2073 global $wgPasswordReminderResendTime;
2074 $this->load();
2075 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2076 return false;
2077 }
2078 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2079 return time() < $expiry;
2080 }
2081
2082 /**
2083 * Get the user's e-mail address
2084 * @return String User's email address
2085 */
2086 public function getEmail() {
2087 $this->load();
2088 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2089 return $this->mEmail;
2090 }
2091
2092 /**
2093 * Get the timestamp of the user's e-mail authentication
2094 * @return String TS_MW timestamp
2095 */
2096 public function getEmailAuthenticationTimestamp() {
2097 $this->load();
2098 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2099 return $this->mEmailAuthenticated;
2100 }
2101
2102 /**
2103 * Set the user's e-mail address
2104 * @param $str String New e-mail address
2105 */
2106 public function setEmail( $str ) {
2107 $this->load();
2108 if( $str == $this->mEmail ) {
2109 return;
2110 }
2111 $this->mEmail = $str;
2112 $this->invalidateEmail();
2113 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2114 }
2115
2116 /**
2117 * Get the user's real name
2118 * @return String User's real name
2119 */
2120 public function getRealName() {
2121 if ( !$this->isItemLoaded( 'realname' ) ) {
2122 $this->load();
2123 }
2124
2125 return $this->mRealName;
2126 }
2127
2128 /**
2129 * Set the user's real name
2130 * @param $str String New real name
2131 */
2132 public function setRealName( $str ) {
2133 $this->load();
2134 $this->mRealName = $str;
2135 }
2136
2137 /**
2138 * Get the user's current setting for a given option.
2139 *
2140 * @param $oname String The option to check
2141 * @param $defaultOverride String A default value returned if the option does not exist
2142 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2143 * @return String User's current value for the option
2144 * @see getBoolOption()
2145 * @see getIntOption()
2146 */
2147 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2148 global $wgHiddenPrefs;
2149 $this->loadOptions();
2150
2151 if ( is_null( $this->mOptions ) ) {
2152 if($defaultOverride != '') {
2153 return $defaultOverride;
2154 }
2155 $this->mOptions = User::getDefaultOptions();
2156 }
2157
2158 # We want 'disabled' preferences to always behave as the default value for
2159 # users, even if they have set the option explicitly in their settings (ie they
2160 # set it, and then it was disabled removing their ability to change it). But
2161 # we don't want to erase the preferences in the database in case the preference
2162 # is re-enabled again. So don't touch $mOptions, just override the returned value
2163 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2164 return self::getDefaultOption( $oname );
2165 }
2166
2167 if ( array_key_exists( $oname, $this->mOptions ) ) {
2168 return $this->mOptions[$oname];
2169 } else {
2170 return $defaultOverride;
2171 }
2172 }
2173
2174 /**
2175 * Get all user's options
2176 *
2177 * @return array
2178 */
2179 public function getOptions() {
2180 global $wgHiddenPrefs;
2181 $this->loadOptions();
2182 $options = $this->mOptions;
2183
2184 # We want 'disabled' preferences to always behave as the default value for
2185 # users, even if they have set the option explicitly in their settings (ie they
2186 # set it, and then it was disabled removing their ability to change it). But
2187 # we don't want to erase the preferences in the database in case the preference
2188 # is re-enabled again. So don't touch $mOptions, just override the returned value
2189 foreach( $wgHiddenPrefs as $pref ){
2190 $default = self::getDefaultOption( $pref );
2191 if( $default !== null ){
2192 $options[$pref] = $default;
2193 }
2194 }
2195
2196 return $options;
2197 }
2198
2199 /**
2200 * Get the user's current setting for a given option, as a boolean value.
2201 *
2202 * @param $oname String The option to check
2203 * @return Bool User's current value for the option
2204 * @see getOption()
2205 */
2206 public function getBoolOption( $oname ) {
2207 return (bool)$this->getOption( $oname );
2208 }
2209
2210 /**
2211 * Get the user's current setting for a given option, as a boolean value.
2212 *
2213 * @param $oname String The option to check
2214 * @param $defaultOverride Int A default value returned if the option does not exist
2215 * @return Int User's current value for the option
2216 * @see getOption()
2217 */
2218 public function getIntOption( $oname, $defaultOverride=0 ) {
2219 $val = $this->getOption( $oname );
2220 if( $val == '' ) {
2221 $val = $defaultOverride;
2222 }
2223 return intval( $val );
2224 }
2225
2226 /**
2227 * Set the given option for a user.
2228 *
2229 * @param $oname String The option to set
2230 * @param $val mixed New value to set
2231 */
2232 public function setOption( $oname, $val ) {
2233 $this->load();
2234 $this->loadOptions();
2235
2236 // Explicitly NULL values should refer to defaults
2237 global $wgDefaultUserOptions;
2238 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2239 $val = $wgDefaultUserOptions[$oname];
2240 }
2241
2242 $this->mOptions[$oname] = $val;
2243 }
2244
2245 /**
2246 * Reset all options to the site defaults
2247 */
2248 public function resetOptions() {
2249 $this->mOptions = self::getDefaultOptions();
2250 }
2251
2252 /**
2253 * Get the user's preferred date format.
2254 * @return String User's preferred date format
2255 */
2256 public function getDatePreference() {
2257 // Important migration for old data rows
2258 if ( is_null( $this->mDatePreference ) ) {
2259 global $wgLang;
2260 $value = $this->getOption( 'date' );
2261 $map = $wgLang->getDatePreferenceMigrationMap();
2262 if ( isset( $map[$value] ) ) {
2263 $value = $map[$value];
2264 }
2265 $this->mDatePreference = $value;
2266 }
2267 return $this->mDatePreference;
2268 }
2269
2270 /**
2271 * Get the user preferred stub threshold
2272 *
2273 * @return int
2274 */
2275 public function getStubThreshold() {
2276 global $wgMaxArticleSize; # Maximum article size, in Kb
2277 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2278 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2279 # If they have set an impossible value, disable the preference
2280 # so we can use the parser cache again.
2281 $threshold = 0;
2282 }
2283 return $threshold;
2284 }
2285
2286 /**
2287 * Get the permissions this user has.
2288 * @return Array of String permission names
2289 */
2290 public function getRights() {
2291 if ( is_null( $this->mRights ) ) {
2292 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2293 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2294 // Force reindexation of rights when a hook has unset one of them
2295 $this->mRights = array_values( $this->mRights );
2296 }
2297 return $this->mRights;
2298 }
2299
2300 /**
2301 * Get the list of explicit group memberships this user has.
2302 * The implicit * and user groups are not included.
2303 * @return Array of String internal group names
2304 */
2305 public function getGroups() {
2306 $this->load();
2307 $this->loadGroups();
2308 return $this->mGroups;
2309 }
2310
2311 /**
2312 * Get the list of implicit group memberships this user has.
2313 * This includes all explicit groups, plus 'user' if logged in,
2314 * '*' for all accounts, and autopromoted groups
2315 * @param $recache Bool Whether to avoid the cache
2316 * @return Array of String internal group names
2317 */
2318 public function getEffectiveGroups( $recache = false ) {
2319 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2320 wfProfileIn( __METHOD__ );
2321 $this->mEffectiveGroups = array_unique( array_merge(
2322 $this->getGroups(), // explicit groups
2323 $this->getAutomaticGroups( $recache ) // implicit groups
2324 ) );
2325 # Hook for additional groups
2326 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2327 wfProfileOut( __METHOD__ );
2328 }
2329 return $this->mEffectiveGroups;
2330 }
2331
2332 /**
2333 * Get the list of implicit group memberships this user has.
2334 * This includes 'user' if logged in, '*' for all accounts,
2335 * and autopromoted groups
2336 * @param $recache Bool Whether to avoid the cache
2337 * @return Array of String internal group names
2338 */
2339 public function getAutomaticGroups( $recache = false ) {
2340 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2341 wfProfileIn( __METHOD__ );
2342 $this->mImplicitGroups = array( '*' );
2343 if ( $this->getId() ) {
2344 $this->mImplicitGroups[] = 'user';
2345
2346 $this->mImplicitGroups = array_unique( array_merge(
2347 $this->mImplicitGroups,
2348 Autopromote::getAutopromoteGroups( $this )
2349 ) );
2350 }
2351 if ( $recache ) {
2352 # Assure data consistency with rights/groups,
2353 # as getEffectiveGroups() depends on this function
2354 $this->mEffectiveGroups = null;
2355 }
2356 wfProfileOut( __METHOD__ );
2357 }
2358 return $this->mImplicitGroups;
2359 }
2360
2361 /**
2362 * Returns the groups the user has belonged to.
2363 *
2364 * The user may still belong to the returned groups. Compare with getGroups().
2365 *
2366 * The function will not return groups the user had belonged to before MW 1.17
2367 *
2368 * @return array Names of the groups the user has belonged to.
2369 */
2370 public function getFormerGroups() {
2371 if( is_null( $this->mFormerGroups ) ) {
2372 $dbr = wfGetDB( DB_MASTER );
2373 $res = $dbr->select( 'user_former_groups',
2374 array( 'ufg_group' ),
2375 array( 'ufg_user' => $this->mId ),
2376 __METHOD__ );
2377 $this->mFormerGroups = array();
2378 foreach( $res as $row ) {
2379 $this->mFormerGroups[] = $row->ufg_group;
2380 }
2381 }
2382 return $this->mFormerGroups;
2383 }
2384
2385 /**
2386 * Get the user's edit count.
2387 * @return Int
2388 */
2389 public function getEditCount() {
2390 if( $this->getId() ) {
2391 if ( !isset( $this->mEditCount ) ) {
2392 /* Populate the count, if it has not been populated yet */
2393 $this->mEditCount = User::edits( $this->mId );
2394 }
2395 return $this->mEditCount;
2396 } else {
2397 /* nil */
2398 return null;
2399 }
2400 }
2401
2402 /**
2403 * Add the user to the given group.
2404 * This takes immediate effect.
2405 * @param $group String Name of the group to add
2406 */
2407 public function addGroup( $group ) {
2408 if( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2409 $dbw = wfGetDB( DB_MASTER );
2410 if( $this->getId() ) {
2411 $dbw->insert( 'user_groups',
2412 array(
2413 'ug_user' => $this->getID(),
2414 'ug_group' => $group,
2415 ),
2416 __METHOD__,
2417 array( 'IGNORE' ) );
2418 }
2419 }
2420 $this->loadGroups();
2421 $this->mGroups[] = $group;
2422 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2423
2424 $this->invalidateCache();
2425 }
2426
2427 /**
2428 * Remove the user from the given group.
2429 * This takes immediate effect.
2430 * @param $group String Name of the group to remove
2431 */
2432 public function removeGroup( $group ) {
2433 $this->load();
2434 if( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2435 $dbw = wfGetDB( DB_MASTER );
2436 $dbw->delete( 'user_groups',
2437 array(
2438 'ug_user' => $this->getID(),
2439 'ug_group' => $group,
2440 ), __METHOD__ );
2441 // Remember that the user was in this group
2442 $dbw->insert( 'user_former_groups',
2443 array(
2444 'ufg_user' => $this->getID(),
2445 'ufg_group' => $group,
2446 ),
2447 __METHOD__,
2448 array( 'IGNORE' ) );
2449 }
2450 $this->loadGroups();
2451 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2452 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2453
2454 $this->invalidateCache();
2455 }
2456
2457 /**
2458 * Get whether the user is logged in
2459 * @return Bool
2460 */
2461 public function isLoggedIn() {
2462 return $this->getID() != 0;
2463 }
2464
2465 /**
2466 * Get whether the user is anonymous
2467 * @return Bool
2468 */
2469 public function isAnon() {
2470 return !$this->isLoggedIn();
2471 }
2472
2473 /**
2474 * Check if user is allowed to access a feature / make an action
2475 *
2476 * @internal param \String $varargs permissions to test
2477 * @return Boolean: True if user is allowed to perform *any* of the given actions
2478 *
2479 * @return bool
2480 */
2481 public function isAllowedAny( /*...*/ ){
2482 $permissions = func_get_args();
2483 foreach( $permissions as $permission ){
2484 if( $this->isAllowed( $permission ) ){
2485 return true;
2486 }
2487 }
2488 return false;
2489 }
2490
2491 /**
2492 *
2493 * @internal param $varargs string
2494 * @return bool True if the user is allowed to perform *all* of the given actions
2495 */
2496 public function isAllowedAll( /*...*/ ){
2497 $permissions = func_get_args();
2498 foreach( $permissions as $permission ){
2499 if( !$this->isAllowed( $permission ) ){
2500 return false;
2501 }
2502 }
2503 return true;
2504 }
2505
2506 /**
2507 * Internal mechanics of testing a permission
2508 * @param $action String
2509 * @return bool
2510 */
2511 public function isAllowed( $action = '' ) {
2512 if ( $action === '' ) {
2513 return true; // In the spirit of DWIM
2514 }
2515 # Patrolling may not be enabled
2516 if( $action === 'patrol' || $action === 'autopatrol' ) {
2517 global $wgUseRCPatrol, $wgUseNPPatrol;
2518 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2519 return false;
2520 }
2521 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2522 # by misconfiguration: 0 == 'foo'
2523 return in_array( $action, $this->getRights(), true );
2524 }
2525
2526 /**
2527 * Check whether to enable recent changes patrol features for this user
2528 * @return Boolean: True or false
2529 */
2530 public function useRCPatrol() {
2531 global $wgUseRCPatrol;
2532 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2533 }
2534
2535 /**
2536 * Check whether to enable new pages patrol features for this user
2537 * @return Bool True or false
2538 */
2539 public function useNPPatrol() {
2540 global $wgUseRCPatrol, $wgUseNPPatrol;
2541 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2542 }
2543
2544 /**
2545 * Get the WebRequest object to use with this object
2546 *
2547 * @return WebRequest
2548 */
2549 public function getRequest() {
2550 if ( $this->mRequest ) {
2551 return $this->mRequest;
2552 } else {
2553 global $wgRequest;
2554 return $wgRequest;
2555 }
2556 }
2557
2558 /**
2559 * Get the current skin, loading it if required
2560 * @return Skin The current skin
2561 * @todo FIXME: Need to check the old failback system [AV]
2562 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2563 */
2564 public function getSkin() {
2565 wfDeprecated( __METHOD__, '1.18' );
2566 return RequestContext::getMain()->getSkin();
2567 }
2568
2569 /**
2570 * Check the watched status of an article.
2571 * @param $title Title of the article to look at
2572 * @return Bool
2573 */
2574 public function isWatched( $title ) {
2575 $wl = WatchedItem::fromUserTitle( $this, $title );
2576 return $wl->isWatched();
2577 }
2578
2579 /**
2580 * Watch an article.
2581 * @param $title Title of the article to look at
2582 */
2583 public function addWatch( $title ) {
2584 $wl = WatchedItem::fromUserTitle( $this, $title );
2585 $wl->addWatch();
2586 $this->invalidateCache();
2587 }
2588
2589 /**
2590 * Stop watching an article.
2591 * @param $title Title of the article to look at
2592 */
2593 public function removeWatch( $title ) {
2594 $wl = WatchedItem::fromUserTitle( $this, $title );
2595 $wl->removeWatch();
2596 $this->invalidateCache();
2597 }
2598
2599 /**
2600 * Clear the user's notification timestamp for the given title.
2601 * If e-notif e-mails are on, they will receive notification mails on
2602 * the next change of the page if it's watched etc.
2603 * @param $title Title of the article to look at
2604 */
2605 public function clearNotification( &$title ) {
2606 global $wgUseEnotif, $wgShowUpdatedMarker;
2607
2608 # Do nothing if the database is locked to writes
2609 if( wfReadOnly() ) {
2610 return;
2611 }
2612
2613 if( $title->getNamespace() == NS_USER_TALK &&
2614 $title->getText() == $this->getName() ) {
2615 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2616 return;
2617 $this->setNewtalk( false );
2618 }
2619
2620 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2621 return;
2622 }
2623
2624 if( $this->isAnon() ) {
2625 // Nothing else to do...
2626 return;
2627 }
2628
2629 // Only update the timestamp if the page is being watched.
2630 // The query to find out if it is watched is cached both in memcached and per-invocation,
2631 // and when it does have to be executed, it can be on a slave
2632 // If this is the user's newtalk page, we always update the timestamp
2633 $force = '';
2634 if ( $title->getNamespace() == NS_USER_TALK &&
2635 $title->getText() == $this->getName() )
2636 {
2637 $force = 'force';
2638 }
2639
2640 $wi = WatchedItem::fromUserTitle( $this, $title );
2641 $wi->resetNotificationTimestamp( $force );
2642 }
2643
2644 /**
2645 * Resets all of the given user's page-change notification timestamps.
2646 * If e-notif e-mails are on, they will receive notification mails on
2647 * the next change of any watched page.
2648 */
2649 public function clearAllNotifications() {
2650 global $wgUseEnotif, $wgShowUpdatedMarker;
2651 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2652 $this->setNewtalk( false );
2653 return;
2654 }
2655 $id = $this->getId();
2656 if( $id != 0 ) {
2657 $dbw = wfGetDB( DB_MASTER );
2658 $dbw->update( 'watchlist',
2659 array( /* SET */
2660 'wl_notificationtimestamp' => null
2661 ), array( /* WHERE */
2662 'wl_user' => $id
2663 ), __METHOD__
2664 );
2665 # We also need to clear here the "you have new message" notification for the own user_talk page
2666 # This is cleared one page view later in Article::viewUpdates();
2667 }
2668 }
2669
2670 /**
2671 * Set this user's options from an encoded string
2672 * @param $str String Encoded options to import
2673 *
2674 * @deprecated in 1.19 due to removal of user_options from the user table
2675 */
2676 private function decodeOptions( $str ) {
2677 wfDeprecated( __METHOD__, '1.19' );
2678 if( !$str )
2679 return;
2680
2681 $this->mOptionsLoaded = true;
2682 $this->mOptionOverrides = array();
2683
2684 // If an option is not set in $str, use the default value
2685 $this->mOptions = self::getDefaultOptions();
2686
2687 $a = explode( "\n", $str );
2688 foreach ( $a as $s ) {
2689 $m = array();
2690 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2691 $this->mOptions[$m[1]] = $m[2];
2692 $this->mOptionOverrides[$m[1]] = $m[2];
2693 }
2694 }
2695 }
2696
2697 /**
2698 * Set a cookie on the user's client. Wrapper for
2699 * WebResponse::setCookie
2700 * @param $name String Name of the cookie to set
2701 * @param $value String Value to set
2702 * @param $exp Int Expiration time, as a UNIX time value;
2703 * if 0 or not specified, use the default $wgCookieExpiration
2704 */
2705 protected function setCookie( $name, $value, $exp = 0 ) {
2706 $this->getRequest()->response()->setcookie( $name, $value, $exp );
2707 }
2708
2709 /**
2710 * Clear a cookie on the user's client
2711 * @param $name String Name of the cookie to clear
2712 */
2713 protected function clearCookie( $name ) {
2714 $this->setCookie( $name, '', time() - 86400 );
2715 }
2716
2717 /**
2718 * Set the default cookies for this session on the user's client.
2719 *
2720 * @param $request WebRequest object to use; $wgRequest will be used if null
2721 * is passed.
2722 */
2723 public function setCookies( $request = null ) {
2724 if ( $request === null ) {
2725 $request = $this->getRequest();
2726 }
2727
2728 $this->load();
2729 if ( 0 == $this->mId ) return;
2730 if ( !$this->mToken ) {
2731 // When token is empty or NULL generate a new one and then save it to the database
2732 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
2733 // Simply by setting every cell in the user_token column to NULL and letting them be
2734 // regenerated as users log back into the wiki.
2735 $this->setToken();
2736 $this->saveSettings();
2737 }
2738 $session = array(
2739 'wsUserID' => $this->mId,
2740 'wsToken' => $this->mToken,
2741 'wsUserName' => $this->getName()
2742 );
2743 $cookies = array(
2744 'UserID' => $this->mId,
2745 'UserName' => $this->getName(),
2746 );
2747 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2748 $cookies['Token'] = $this->mToken;
2749 } else {
2750 $cookies['Token'] = false;
2751 }
2752
2753 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2754
2755 foreach ( $session as $name => $value ) {
2756 $request->setSessionData( $name, $value );
2757 }
2758 foreach ( $cookies as $name => $value ) {
2759 if ( $value === false ) {
2760 $this->clearCookie( $name );
2761 } else {
2762 $this->setCookie( $name, $value );
2763 }
2764 }
2765 }
2766
2767 /**
2768 * Log this user out.
2769 */
2770 public function logout() {
2771 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2772 $this->doLogout();
2773 }
2774 }
2775
2776 /**
2777 * Clear the user's cookies and session, and reset the instance cache.
2778 * @see logout()
2779 */
2780 public function doLogout() {
2781 $this->clearInstanceCache( 'defaults' );
2782
2783 $this->getRequest()->setSessionData( 'wsUserID', 0 );
2784
2785 $this->clearCookie( 'UserID' );
2786 $this->clearCookie( 'Token' );
2787
2788 # Remember when user logged out, to prevent seeing cached pages
2789 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2790 }
2791
2792 /**
2793 * Save this user's settings into the database.
2794 * @todo Only rarely do all these fields need to be set!
2795 */
2796 public function saveSettings() {
2797 $this->load();
2798 if ( wfReadOnly() ) { return; }
2799 if ( 0 == $this->mId ) { return; }
2800
2801 $this->mTouched = self::newTouchedTimestamp();
2802
2803 $dbw = wfGetDB( DB_MASTER );
2804 $dbw->update( 'user',
2805 array( /* SET */
2806 'user_name' => $this->mName,
2807 'user_password' => $this->mPassword,
2808 'user_newpassword' => $this->mNewpassword,
2809 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2810 'user_real_name' => $this->mRealName,
2811 'user_email' => $this->mEmail,
2812 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2813 'user_touched' => $dbw->timestamp( $this->mTouched ),
2814 'user_token' => strval( $this->mToken ),
2815 'user_email_token' => $this->mEmailToken,
2816 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2817 ), array( /* WHERE */
2818 'user_id' => $this->mId
2819 ), __METHOD__
2820 );
2821
2822 $this->saveOptions();
2823
2824 wfRunHooks( 'UserSaveSettings', array( $this ) );
2825 $this->clearSharedCache();
2826 $this->getUserPage()->invalidateCache();
2827 }
2828
2829 /**
2830 * If only this user's username is known, and it exists, return the user ID.
2831 * @return Int
2832 */
2833 public function idForName() {
2834 $s = trim( $this->getName() );
2835 if ( $s === '' ) return 0;
2836
2837 $dbr = wfGetDB( DB_SLAVE );
2838 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2839 if ( $id === false ) {
2840 $id = 0;
2841 }
2842 return $id;
2843 }
2844
2845 /**
2846 * Add a user to the database, return the user object
2847 *
2848 * @param $name String Username to add
2849 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2850 * - password The user's password hash. Password logins will be disabled if this is omitted.
2851 * - newpassword Hash for a temporary password that has been mailed to the user
2852 * - email The user's email address
2853 * - email_authenticated The email authentication timestamp
2854 * - real_name The user's real name
2855 * - options An associative array of non-default options
2856 * - token Random authentication token. Do not set.
2857 * - registration Registration timestamp. Do not set.
2858 *
2859 * @return User object, or null if the username already exists
2860 */
2861 public static function createNew( $name, $params = array() ) {
2862 $user = new User;
2863 $user->load();
2864 if ( isset( $params['options'] ) ) {
2865 $user->mOptions = $params['options'] + (array)$user->mOptions;
2866 unset( $params['options'] );
2867 }
2868 $dbw = wfGetDB( DB_MASTER );
2869 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2870
2871 $fields = array(
2872 'user_id' => $seqVal,
2873 'user_name' => $name,
2874 'user_password' => $user->mPassword,
2875 'user_newpassword' => $user->mNewpassword,
2876 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2877 'user_email' => $user->mEmail,
2878 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2879 'user_real_name' => $user->mRealName,
2880 'user_token' => strval( $user->mToken ),
2881 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2882 'user_editcount' => 0,
2883 'user_touched' => $dbw->timestamp( self::newTouchedTimestamp() ),
2884 );
2885 foreach ( $params as $name => $value ) {
2886 $fields["user_$name"] = $value;
2887 }
2888 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2889 if ( $dbw->affectedRows() ) {
2890 $newUser = User::newFromId( $dbw->insertId() );
2891 } else {
2892 $newUser = null;
2893 }
2894 return $newUser;
2895 }
2896
2897 /**
2898 * Add this existing user object to the database
2899 */
2900 public function addToDatabase() {
2901 $this->load();
2902
2903 $this->mTouched = self::newTouchedTimestamp();
2904
2905 $dbw = wfGetDB( DB_MASTER );
2906 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2907 $dbw->insert( 'user',
2908 array(
2909 'user_id' => $seqVal,
2910 'user_name' => $this->mName,
2911 'user_password' => $this->mPassword,
2912 'user_newpassword' => $this->mNewpassword,
2913 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2914 'user_email' => $this->mEmail,
2915 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2916 'user_real_name' => $this->mRealName,
2917 'user_token' => strval( $this->mToken ),
2918 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2919 'user_editcount' => 0,
2920 'user_touched' => $dbw->timestamp( $this->mTouched ),
2921 ), __METHOD__
2922 );
2923 $this->mId = $dbw->insertId();
2924
2925 // Clear instance cache other than user table data, which is already accurate
2926 $this->clearInstanceCache();
2927
2928 $this->saveOptions();
2929 }
2930
2931 /**
2932 * If this user is logged-in and blocked,
2933 * block any IP address they've successfully logged in from.
2934 * @return bool A block was spread
2935 */
2936 public function spreadAnyEditBlock() {
2937 if ( $this->isLoggedIn() && $this->isBlocked() ) {
2938 return $this->spreadBlock();
2939 }
2940 return false;
2941 }
2942
2943 /**
2944 * If this (non-anonymous) user is blocked,
2945 * block the IP address they've successfully logged in from.
2946 * @return bool A block was spread
2947 */
2948 protected function spreadBlock() {
2949 wfDebug( __METHOD__ . "()\n" );
2950 $this->load();
2951 if ( $this->mId == 0 ) {
2952 return false;
2953 }
2954
2955 $userblock = Block::newFromTarget( $this->getName() );
2956 if ( !$userblock ) {
2957 return false;
2958 }
2959
2960 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
2961 }
2962
2963 /**
2964 * Generate a string which will be different for any combination of
2965 * user options which would produce different parser output.
2966 * This will be used as part of the hash key for the parser cache,
2967 * so users with the same options can share the same cached data
2968 * safely.
2969 *
2970 * Extensions which require it should install 'PageRenderingHash' hook,
2971 * which will give them a chance to modify this key based on their own
2972 * settings.
2973 *
2974 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2975 * @return String Page rendering hash
2976 */
2977 public function getPageRenderingHash() {
2978 wfDeprecated( __METHOD__, '1.17' );
2979
2980 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2981 if( $this->mHash ){
2982 return $this->mHash;
2983 }
2984
2985 // stubthreshold is only included below for completeness,
2986 // since it disables the parser cache, its value will always
2987 // be 0 when this function is called by parsercache.
2988
2989 $confstr = $this->getOption( 'math' );
2990 $confstr .= '!' . $this->getStubThreshold();
2991 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
2992 $confstr .= '!' . $this->getDatePreference();
2993 }
2994 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2995 $confstr .= '!' . $wgLang->getCode();
2996 $confstr .= '!' . $this->getOption( 'thumbsize' );
2997 // add in language specific options, if any
2998 $extra = $wgContLang->getExtraHashOptions();
2999 $confstr .= $extra;
3000
3001 // Since the skin could be overloading link(), it should be
3002 // included here but in practice, none of our skins do that.
3003
3004 $confstr .= $wgRenderHashAppend;
3005
3006 // Give a chance for extensions to modify the hash, if they have
3007 // extra options or other effects on the parser cache.
3008 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3009
3010 // Make it a valid memcached key fragment
3011 $confstr = str_replace( ' ', '_', $confstr );
3012 $this->mHash = $confstr;
3013 return $confstr;
3014 }
3015
3016 /**
3017 * Get whether the user is explicitly blocked from account creation.
3018 * @return Bool|Block
3019 */
3020 public function isBlockedFromCreateAccount() {
3021 $this->getBlockedStatus();
3022 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
3023 return $this->mBlock;
3024 }
3025
3026 # bug 13611: if the IP address the user is trying to create an account from is
3027 # blocked with createaccount disabled, prevent new account creation there even
3028 # when the user is logged in
3029 if( $this->mBlockedFromCreateAccount === false ){
3030 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3031 }
3032 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3033 ? $this->mBlockedFromCreateAccount
3034 : false;
3035 }
3036
3037 /**
3038 * Get whether the user is blocked from using Special:Emailuser.
3039 * @return Bool
3040 */
3041 public function isBlockedFromEmailuser() {
3042 $this->getBlockedStatus();
3043 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3044 }
3045
3046 /**
3047 * Get whether the user is allowed to create an account.
3048 * @return Bool
3049 */
3050 function isAllowedToCreateAccount() {
3051 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3052 }
3053
3054 /**
3055 * Get this user's personal page title.
3056 *
3057 * @return Title: User's personal page title
3058 */
3059 public function getUserPage() {
3060 return Title::makeTitle( NS_USER, $this->getName() );
3061 }
3062
3063 /**
3064 * Get this user's talk page title.
3065 *
3066 * @return Title: User's talk page title
3067 */
3068 public function getTalkPage() {
3069 $title = $this->getUserPage();
3070 return $title->getTalkPage();
3071 }
3072
3073 /**
3074 * Determine whether the user is a newbie. Newbies are either
3075 * anonymous IPs, or the most recently created accounts.
3076 * @return Bool
3077 */
3078 public function isNewbie() {
3079 return !$this->isAllowed( 'autoconfirmed' );
3080 }
3081
3082 /**
3083 * Check to see if the given clear-text password is one of the accepted passwords
3084 * @param $password String: user password.
3085 * @return Boolean: True if the given password is correct, otherwise False.
3086 */
3087 public function checkPassword( $password ) {
3088 global $wgAuth, $wgLegacyEncoding;
3089 $this->load();
3090
3091 // Even though we stop people from creating passwords that
3092 // are shorter than this, doesn't mean people wont be able
3093 // to. Certain authentication plugins do NOT want to save
3094 // domain passwords in a mysql database, so we should
3095 // check this (in case $wgAuth->strict() is false).
3096 if( !$this->isValidPassword( $password ) ) {
3097 return false;
3098 }
3099
3100 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
3101 return true;
3102 } elseif( $wgAuth->strict() ) {
3103 /* Auth plugin doesn't allow local authentication */
3104 return false;
3105 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
3106 /* Auth plugin doesn't allow local authentication for this user name */
3107 return false;
3108 }
3109 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3110 return true;
3111 } elseif ( $wgLegacyEncoding ) {
3112 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3113 # Check for this with iconv
3114 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3115 if ( $cp1252Password != $password &&
3116 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3117 {
3118 return true;
3119 }
3120 }
3121 return false;
3122 }
3123
3124 /**
3125 * Check if the given clear-text password matches the temporary password
3126 * sent by e-mail for password reset operations.
3127 *
3128 * @param $plaintext string
3129 *
3130 * @return Boolean: True if matches, false otherwise
3131 */
3132 public function checkTemporaryPassword( $plaintext ) {
3133 global $wgNewPasswordExpiry;
3134
3135 $this->load();
3136 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3137 if ( is_null( $this->mNewpassTime ) ) {
3138 return true;
3139 }
3140 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3141 return ( time() < $expiry );
3142 } else {
3143 return false;
3144 }
3145 }
3146
3147 /**
3148 * Alias for getEditToken.
3149 * @deprecated since 1.19, use getEditToken instead.
3150 *
3151 * @param $salt String|Array of Strings Optional function-specific data for hashing
3152 * @param $request WebRequest object to use or null to use $wgRequest
3153 * @return String The new edit token
3154 */
3155 public function editToken( $salt = '', $request = null ) {
3156 wfDeprecated( __METHOD__, '1.19' );
3157 return $this->getEditToken( $salt, $request );
3158 }
3159
3160 /**
3161 * Initialize (if necessary) and return a session token value
3162 * which can be used in edit forms to show that the user's
3163 * login credentials aren't being hijacked with a foreign form
3164 * submission.
3165 *
3166 * @since 1.19
3167 *
3168 * @param $salt String|Array of Strings Optional function-specific data for hashing
3169 * @param $request WebRequest object to use or null to use $wgRequest
3170 * @return String The new edit token
3171 */
3172 public function getEditToken( $salt = '', $request = null ) {
3173 if ( $request == null ) {
3174 $request = $this->getRequest();
3175 }
3176
3177 if ( $this->isAnon() ) {
3178 return EDIT_TOKEN_SUFFIX;
3179 } else {
3180 $token = $request->getSessionData( 'wsEditToken' );
3181 if ( $token === null ) {
3182 $token = MWCryptRand::generateHex( 32 );
3183 $request->setSessionData( 'wsEditToken', $token );
3184 }
3185 if( is_array( $salt ) ) {
3186 $salt = implode( '|', $salt );
3187 }
3188 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3189 }
3190 }
3191
3192 /**
3193 * Generate a looking random token for various uses.
3194 *
3195 * @param $salt String Optional salt value
3196 * @return String The new random token
3197 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
3198 */
3199 public static function generateToken( $salt = '' ) {
3200 return MWCryptRand::generateHex( 32 );
3201 }
3202
3203 /**
3204 * Check given value against the token value stored in the session.
3205 * A match should confirm that the form was submitted from the
3206 * user's own login session, not a form submission from a third-party
3207 * site.
3208 *
3209 * @param $val String Input value to compare
3210 * @param $salt String Optional function-specific data for hashing
3211 * @param $request WebRequest object to use or null to use $wgRequest
3212 * @return Boolean: Whether the token matches
3213 */
3214 public function matchEditToken( $val, $salt = '', $request = null ) {
3215 $sessionToken = $this->getEditToken( $salt, $request );
3216 if ( $val != $sessionToken ) {
3217 wfDebug( "User::matchEditToken: broken session data\n" );
3218 }
3219 return $val == $sessionToken;
3220 }
3221
3222 /**
3223 * Check given value against the token value stored in the session,
3224 * ignoring the suffix.
3225 *
3226 * @param $val String Input value to compare
3227 * @param $salt String Optional function-specific data for hashing
3228 * @param $request WebRequest object to use or null to use $wgRequest
3229 * @return Boolean: Whether the token matches
3230 */
3231 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3232 $sessionToken = $this->getEditToken( $salt, $request );
3233 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3234 }
3235
3236 /**
3237 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3238 * mail to the user's given address.
3239 *
3240 * @param $type String: message to send, either "created", "changed" or "set"
3241 * @return Status object
3242 */
3243 public function sendConfirmationMail( $type = 'created' ) {
3244 global $wgLang;
3245 $expiration = null; // gets passed-by-ref and defined in next line.
3246 $token = $this->confirmationToken( $expiration );
3247 $url = $this->confirmationTokenUrl( $token );
3248 $invalidateURL = $this->invalidationTokenUrl( $token );
3249 $this->saveSettings();
3250
3251 if ( $type == 'created' || $type === false ) {
3252 $message = 'confirmemail_body';
3253 } elseif ( $type === true ) {
3254 $message = 'confirmemail_body_changed';
3255 } else {
3256 $message = 'confirmemail_body_' . $type;
3257 }
3258
3259 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
3260 wfMsg( $message,
3261 $this->getRequest()->getIP(),
3262 $this->getName(),
3263 $url,
3264 $wgLang->timeanddate( $expiration, false ),
3265 $invalidateURL,
3266 $wgLang->date( $expiration, false ),
3267 $wgLang->time( $expiration, false ) ) );
3268 }
3269
3270 /**
3271 * Send an e-mail to this user's account. Does not check for
3272 * confirmed status or validity.
3273 *
3274 * @param $subject String Message subject
3275 * @param $body String Message body
3276 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3277 * @param $replyto String Reply-To address
3278 * @return Status
3279 */
3280 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3281 if( is_null( $from ) ) {
3282 global $wgPasswordSender, $wgPasswordSenderName;
3283 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3284 } else {
3285 $sender = new MailAddress( $from );
3286 }
3287
3288 $to = new MailAddress( $this );
3289 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3290 }
3291
3292 /**
3293 * Generate, store, and return a new e-mail confirmation code.
3294 * A hash (unsalted, since it's used as a key) is stored.
3295 *
3296 * @note Call saveSettings() after calling this function to commit
3297 * this change to the database.
3298 *
3299 * @param &$expiration \mixed Accepts the expiration time
3300 * @return String New token
3301 */
3302 private function confirmationToken( &$expiration ) {
3303 global $wgUserEmailConfirmationTokenExpiry;
3304 $now = time();
3305 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3306 $expiration = wfTimestamp( TS_MW, $expires );
3307 $this->load();
3308 $token = MWCryptRand::generateHex( 32 );
3309 $hash = md5( $token );
3310 $this->mEmailToken = $hash;
3311 $this->mEmailTokenExpires = $expiration;
3312 return $token;
3313 }
3314
3315 /**
3316 * Return a URL the user can use to confirm their email address.
3317 * @param $token String Accepts the email confirmation token
3318 * @return String New token URL
3319 */
3320 private function confirmationTokenUrl( $token ) {
3321 return $this->getTokenUrl( 'ConfirmEmail', $token );
3322 }
3323
3324 /**
3325 * Return a URL the user can use to invalidate their email address.
3326 * @param $token String Accepts the email confirmation token
3327 * @return String New token URL
3328 */
3329 private function invalidationTokenUrl( $token ) {
3330 return $this->getTokenUrl( 'Invalidateemail', $token );
3331 }
3332
3333 /**
3334 * Internal function to format the e-mail validation/invalidation URLs.
3335 * This uses a quickie hack to use the
3336 * hardcoded English names of the Special: pages, for ASCII safety.
3337 *
3338 * @note Since these URLs get dropped directly into emails, using the
3339 * short English names avoids insanely long URL-encoded links, which
3340 * also sometimes can get corrupted in some browsers/mailers
3341 * (bug 6957 with Gmail and Internet Explorer).
3342 *
3343 * @param $page String Special page
3344 * @param $token String Token
3345 * @return String Formatted URL
3346 */
3347 protected function getTokenUrl( $page, $token ) {
3348 // Hack to bypass localization of 'Special:'
3349 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3350 return $title->getCanonicalUrl();
3351 }
3352
3353 /**
3354 * Mark the e-mail address confirmed.
3355 *
3356 * @note Call saveSettings() after calling this function to commit the change.
3357 *
3358 * @return bool
3359 */
3360 public function confirmEmail() {
3361 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3362 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3363 return true;
3364 }
3365
3366 /**
3367 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3368 * address if it was already confirmed.
3369 *
3370 * @note Call saveSettings() after calling this function to commit the change.
3371 * @return bool Returns true
3372 */
3373 function invalidateEmail() {
3374 $this->load();
3375 $this->mEmailToken = null;
3376 $this->mEmailTokenExpires = null;
3377 $this->setEmailAuthenticationTimestamp( null );
3378 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3379 return true;
3380 }
3381
3382 /**
3383 * Set the e-mail authentication timestamp.
3384 * @param $timestamp String TS_MW timestamp
3385 */
3386 function setEmailAuthenticationTimestamp( $timestamp ) {
3387 $this->load();
3388 $this->mEmailAuthenticated = $timestamp;
3389 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3390 }
3391
3392 /**
3393 * Is this user allowed to send e-mails within limits of current
3394 * site configuration?
3395 * @return Bool
3396 */
3397 public function canSendEmail() {
3398 global $wgEnableEmail, $wgEnableUserEmail;
3399 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3400 return false;
3401 }
3402 $canSend = $this->isEmailConfirmed();
3403 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3404 return $canSend;
3405 }
3406
3407 /**
3408 * Is this user allowed to receive e-mails within limits of current
3409 * site configuration?
3410 * @return Bool
3411 */
3412 public function canReceiveEmail() {
3413 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3414 }
3415
3416 /**
3417 * Is this user's e-mail address valid-looking and confirmed within
3418 * limits of the current site configuration?
3419 *
3420 * @note If $wgEmailAuthentication is on, this may require the user to have
3421 * confirmed their address by returning a code or using a password
3422 * sent to the address from the wiki.
3423 *
3424 * @return Bool
3425 */
3426 public function isEmailConfirmed() {
3427 global $wgEmailAuthentication;
3428 $this->load();
3429 $confirmed = true;
3430 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3431 if( $this->isAnon() ) {
3432 return false;
3433 }
3434 if( !Sanitizer::validateEmail( $this->mEmail ) ) {
3435 return false;
3436 }
3437 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3438 return false;
3439 }
3440 return true;
3441 } else {
3442 return $confirmed;
3443 }
3444 }
3445
3446 /**
3447 * Check whether there is an outstanding request for e-mail confirmation.
3448 * @return Bool
3449 */
3450 public function isEmailConfirmationPending() {
3451 global $wgEmailAuthentication;
3452 return $wgEmailAuthentication &&
3453 !$this->isEmailConfirmed() &&
3454 $this->mEmailToken &&
3455 $this->mEmailTokenExpires > wfTimestamp();
3456 }
3457
3458 /**
3459 * Get the timestamp of account creation.
3460 *
3461 * @return String|Bool Timestamp of account creation, or false for
3462 * non-existent/anonymous user accounts.
3463 */
3464 public function getRegistration() {
3465 if ( $this->isAnon() ) {
3466 return false;
3467 }
3468 $this->load();
3469 return $this->mRegistration;
3470 }
3471
3472 /**
3473 * Get the timestamp of the first edit
3474 *
3475 * @return String|Bool Timestamp of first edit, or false for
3476 * non-existent/anonymous user accounts.
3477 */
3478 public function getFirstEditTimestamp() {
3479 if( $this->getId() == 0 ) {
3480 return false; // anons
3481 }
3482 $dbr = wfGetDB( DB_SLAVE );
3483 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3484 array( 'rev_user' => $this->getId() ),
3485 __METHOD__,
3486 array( 'ORDER BY' => 'rev_timestamp ASC' )
3487 );
3488 if( !$time ) {
3489 return false; // no edits
3490 }
3491 return wfTimestamp( TS_MW, $time );
3492 }
3493
3494 /**
3495 * Get the permissions associated with a given list of groups
3496 *
3497 * @param $groups Array of Strings List of internal group names
3498 * @return Array of Strings List of permission key names for given groups combined
3499 */
3500 public static function getGroupPermissions( $groups ) {
3501 global $wgGroupPermissions, $wgRevokePermissions;
3502 $rights = array();
3503 // grant every granted permission first
3504 foreach( $groups as $group ) {
3505 if( isset( $wgGroupPermissions[$group] ) ) {
3506 $rights = array_merge( $rights,
3507 // array_filter removes empty items
3508 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3509 }
3510 }
3511 // now revoke the revoked permissions
3512 foreach( $groups as $group ) {
3513 if( isset( $wgRevokePermissions[$group] ) ) {
3514 $rights = array_diff( $rights,
3515 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3516 }
3517 }
3518 return array_unique( $rights );
3519 }
3520
3521 /**
3522 * Get all the groups who have a given permission
3523 *
3524 * @param $role String Role to check
3525 * @return Array of Strings List of internal group names with the given permission
3526 */
3527 public static function getGroupsWithPermission( $role ) {
3528 global $wgGroupPermissions;
3529 $allowedGroups = array();
3530 foreach ( $wgGroupPermissions as $group => $rights ) {
3531 if ( isset( $rights[$role] ) && $rights[$role] ) {
3532 $allowedGroups[] = $group;
3533 }
3534 }
3535 return $allowedGroups;
3536 }
3537
3538 /**
3539 * Get the localized descriptive name for a group, if it exists
3540 *
3541 * @param $group String Internal group name
3542 * @return String Localized descriptive group name
3543 */
3544 public static function getGroupName( $group ) {
3545 $msg = wfMessage( "group-$group" );
3546 return $msg->isBlank() ? $group : $msg->text();
3547 }
3548
3549 /**
3550 * Get the localized descriptive name for a member of a group, if it exists
3551 *
3552 * @param $group String Internal group name
3553 * @param $username String Username for gender (since 1.19)
3554 * @return String Localized name for group member
3555 */
3556 public static function getGroupMember( $group, $username = '#' ) {
3557 $msg = wfMessage( "group-$group-member", $username );
3558 return $msg->isBlank() ? $group : $msg->text();
3559 }
3560
3561 /**
3562 * Return the set of defined explicit groups.
3563 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3564 * are not included, as they are defined automatically, not in the database.
3565 * @return Array of internal group names
3566 */
3567 public static function getAllGroups() {
3568 global $wgGroupPermissions, $wgRevokePermissions;
3569 return array_diff(
3570 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3571 self::getImplicitGroups()
3572 );
3573 }
3574
3575 /**
3576 * Get a list of all available permissions.
3577 * @return Array of permission names
3578 */
3579 public static function getAllRights() {
3580 if ( self::$mAllRights === false ) {
3581 global $wgAvailableRights;
3582 if ( count( $wgAvailableRights ) ) {
3583 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3584 } else {
3585 self::$mAllRights = self::$mCoreRights;
3586 }
3587 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3588 }
3589 return self::$mAllRights;
3590 }
3591
3592 /**
3593 * Get a list of implicit groups
3594 * @return Array of Strings Array of internal group names
3595 */
3596 public static function getImplicitGroups() {
3597 global $wgImplicitGroups;
3598 $groups = $wgImplicitGroups;
3599 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3600 return $groups;
3601 }
3602
3603 /**
3604 * Get the title of a page describing a particular group
3605 *
3606 * @param $group String Internal group name
3607 * @return Title|Bool Title of the page if it exists, false otherwise
3608 */
3609 public static function getGroupPage( $group ) {
3610 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3611 if( $msg->exists() ) {
3612 $title = Title::newFromText( $msg->text() );
3613 if( is_object( $title ) )
3614 return $title;
3615 }
3616 return false;
3617 }
3618
3619 /**
3620 * Create a link to the group in HTML, if available;
3621 * else return the group name.
3622 *
3623 * @param $group String Internal name of the group
3624 * @param $text String The text of the link
3625 * @return String HTML link to the group
3626 */
3627 public static function makeGroupLinkHTML( $group, $text = '' ) {
3628 if( $text == '' ) {
3629 $text = self::getGroupName( $group );
3630 }
3631 $title = self::getGroupPage( $group );
3632 if( $title ) {
3633 return Linker::link( $title, htmlspecialchars( $text ) );
3634 } else {
3635 return $text;
3636 }
3637 }
3638
3639 /**
3640 * Create a link to the group in Wikitext, if available;
3641 * else return the group name.
3642 *
3643 * @param $group String Internal name of the group
3644 * @param $text String The text of the link
3645 * @return String Wikilink to the group
3646 */
3647 public static function makeGroupLinkWiki( $group, $text = '' ) {
3648 if( $text == '' ) {
3649 $text = self::getGroupName( $group );
3650 }
3651 $title = self::getGroupPage( $group );
3652 if( $title ) {
3653 $page = $title->getPrefixedText();
3654 return "[[$page|$text]]";
3655 } else {
3656 return $text;
3657 }
3658 }
3659
3660 /**
3661 * Returns an array of the groups that a particular group can add/remove.
3662 *
3663 * @param $group String: the group to check for whether it can add/remove
3664 * @return Array array( 'add' => array( addablegroups ),
3665 * 'remove' => array( removablegroups ),
3666 * 'add-self' => array( addablegroups to self),
3667 * 'remove-self' => array( removable groups from self) )
3668 */
3669 public static function changeableByGroup( $group ) {
3670 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3671
3672 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3673 if( empty( $wgAddGroups[$group] ) ) {
3674 // Don't add anything to $groups
3675 } elseif( $wgAddGroups[$group] === true ) {
3676 // You get everything
3677 $groups['add'] = self::getAllGroups();
3678 } elseif( is_array( $wgAddGroups[$group] ) ) {
3679 $groups['add'] = $wgAddGroups[$group];
3680 }
3681
3682 // Same thing for remove
3683 if( empty( $wgRemoveGroups[$group] ) ) {
3684 } elseif( $wgRemoveGroups[$group] === true ) {
3685 $groups['remove'] = self::getAllGroups();
3686 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3687 $groups['remove'] = $wgRemoveGroups[$group];
3688 }
3689
3690 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3691 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3692 foreach( $wgGroupsAddToSelf as $key => $value ) {
3693 if( is_int( $key ) ) {
3694 $wgGroupsAddToSelf['user'][] = $value;
3695 }
3696 }
3697 }
3698
3699 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3700 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3701 if( is_int( $key ) ) {
3702 $wgGroupsRemoveFromSelf['user'][] = $value;
3703 }
3704 }
3705 }
3706
3707 // Now figure out what groups the user can add to him/herself
3708 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3709 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3710 // No idea WHY this would be used, but it's there
3711 $groups['add-self'] = User::getAllGroups();
3712 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3713 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3714 }
3715
3716 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3717 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3718 $groups['remove-self'] = User::getAllGroups();
3719 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3720 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3721 }
3722
3723 return $groups;
3724 }
3725
3726 /**
3727 * Returns an array of groups that this user can add and remove
3728 * @return Array array( 'add' => array( addablegroups ),
3729 * 'remove' => array( removablegroups ),
3730 * 'add-self' => array( addablegroups to self),
3731 * 'remove-self' => array( removable groups from self) )
3732 */
3733 public function changeableGroups() {
3734 if( $this->isAllowed( 'userrights' ) ) {
3735 // This group gives the right to modify everything (reverse-
3736 // compatibility with old "userrights lets you change
3737 // everything")
3738 // Using array_merge to make the groups reindexed
3739 $all = array_merge( User::getAllGroups() );
3740 return array(
3741 'add' => $all,
3742 'remove' => $all,
3743 'add-self' => array(),
3744 'remove-self' => array()
3745 );
3746 }
3747
3748 // Okay, it's not so simple, we will have to go through the arrays
3749 $groups = array(
3750 'add' => array(),
3751 'remove' => array(),
3752 'add-self' => array(),
3753 'remove-self' => array()
3754 );
3755 $addergroups = $this->getEffectiveGroups();
3756
3757 foreach( $addergroups as $addergroup ) {
3758 $groups = array_merge_recursive(
3759 $groups, $this->changeableByGroup( $addergroup )
3760 );
3761 $groups['add'] = array_unique( $groups['add'] );
3762 $groups['remove'] = array_unique( $groups['remove'] );
3763 $groups['add-self'] = array_unique( $groups['add-self'] );
3764 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3765 }
3766 return $groups;
3767 }
3768
3769 /**
3770 * Increment the user's edit-count field.
3771 * Will have no effect for anonymous users.
3772 */
3773 public function incEditCount() {
3774 if( !$this->isAnon() ) {
3775 $dbw = wfGetDB( DB_MASTER );
3776 $dbw->update( 'user',
3777 array( 'user_editcount=user_editcount+1' ),
3778 array( 'user_id' => $this->getId() ),
3779 __METHOD__ );
3780
3781 // Lazy initialization check...
3782 if( $dbw->affectedRows() == 0 ) {
3783 // Pull from a slave to be less cruel to servers
3784 // Accuracy isn't the point anyway here
3785 $dbr = wfGetDB( DB_SLAVE );
3786 $count = $dbr->selectField( 'revision',
3787 'COUNT(rev_user)',
3788 array( 'rev_user' => $this->getId() ),
3789 __METHOD__ );
3790
3791 // Now here's a goddamn hack...
3792 if( $dbr !== $dbw ) {
3793 // If we actually have a slave server, the count is
3794 // at least one behind because the current transaction
3795 // has not been committed and replicated.
3796 $count++;
3797 } else {
3798 // But if DB_SLAVE is selecting the master, then the
3799 // count we just read includes the revision that was
3800 // just added in the working transaction.
3801 }
3802
3803 $dbw->update( 'user',
3804 array( 'user_editcount' => $count ),
3805 array( 'user_id' => $this->getId() ),
3806 __METHOD__ );
3807 }
3808 }
3809 // edit count in user cache too
3810 $this->invalidateCache();
3811 }
3812
3813 /**
3814 * Get the description of a given right
3815 *
3816 * @param $right String Right to query
3817 * @return String Localized description of the right
3818 */
3819 public static function getRightDescription( $right ) {
3820 $key = "right-$right";
3821 $msg = wfMessage( $key );
3822 return $msg->isBlank() ? $right : $msg->text();
3823 }
3824
3825 /**
3826 * Make an old-style password hash
3827 *
3828 * @param $password String Plain-text password
3829 * @param $userId String User ID
3830 * @return String Password hash
3831 */
3832 public static function oldCrypt( $password, $userId ) {
3833 global $wgPasswordSalt;
3834 if ( $wgPasswordSalt ) {
3835 return md5( $userId . '-' . md5( $password ) );
3836 } else {
3837 return md5( $password );
3838 }
3839 }
3840
3841 /**
3842 * Make a new-style password hash
3843 *
3844 * @param $password String Plain-text password
3845 * @param bool|string $salt Optional salt, may be random or the user ID.
3846
3847 * If unspecified or false, will generate one automatically
3848 * @return String Password hash
3849 */
3850 public static function crypt( $password, $salt = false ) {
3851 global $wgPasswordSalt;
3852
3853 $hash = '';
3854 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3855 return $hash;
3856 }
3857
3858 if( $wgPasswordSalt ) {
3859 if ( $salt === false ) {
3860 $salt = MWCryptRand::generateHex( 8 );
3861 }
3862 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3863 } else {
3864 return ':A:' . md5( $password );
3865 }
3866 }
3867
3868 /**
3869 * Compare a password hash with a plain-text password. Requires the user
3870 * ID if there's a chance that the hash is an old-style hash.
3871 *
3872 * @param $hash String Password hash
3873 * @param $password String Plain-text password to compare
3874 * @param $userId String|bool User ID for old-style password salt
3875 *
3876 * @return Boolean
3877 */
3878 public static function comparePasswords( $hash, $password, $userId = false ) {
3879 $type = substr( $hash, 0, 3 );
3880
3881 $result = false;
3882 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3883 return $result;
3884 }
3885
3886 if ( $type == ':A:' ) {
3887 # Unsalted
3888 return md5( $password ) === substr( $hash, 3 );
3889 } elseif ( $type == ':B:' ) {
3890 # Salted
3891 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3892 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3893 } else {
3894 # Old-style
3895 return self::oldCrypt( $password, $userId ) === $hash;
3896 }
3897 }
3898
3899 /**
3900 * Add a newuser log entry for this user. Before 1.19 the return value was always true.
3901 *
3902 * @param $byEmail Boolean: account made by email?
3903 * @param $reason String: user supplied reason
3904 *
3905 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
3906 */
3907 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3908 global $wgUser, $wgContLang, $wgNewUserLog;
3909 if( empty( $wgNewUserLog ) ) {
3910 return true; // disabled
3911 }
3912
3913 if( $this->getName() == $wgUser->getName() ) {
3914 $action = 'create';
3915 } else {
3916 $action = 'create2';
3917 if ( $byEmail ) {
3918 if ( $reason === '' ) {
3919 $reason = wfMsgForContent( 'newuserlog-byemail' );
3920 } else {
3921 $reason = $wgContLang->commaList( array(
3922 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3923 }
3924 }
3925 }
3926 $log = new LogPage( 'newusers' );
3927 return (int)$log->addEntry(
3928 $action,
3929 $this->getUserPage(),
3930 $reason,
3931 array( $this->getId() )
3932 );
3933 }
3934
3935 /**
3936 * Add an autocreate newuser log entry for this user
3937 * Used by things like CentralAuth and perhaps other authplugins.
3938 *
3939 * @return bool
3940 */
3941 public function addNewUserLogEntryAutoCreate() {
3942 global $wgNewUserLog;
3943 if( !$wgNewUserLog ) {
3944 return true; // disabled
3945 }
3946 $log = new LogPage( 'newusers', false );
3947 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ), $this );
3948 return true;
3949 }
3950
3951 /**
3952 * @todo document
3953 */
3954 protected function loadOptions() {
3955 $this->load();
3956 if ( $this->mOptionsLoaded || !$this->getId() )
3957 return;
3958
3959 $this->mOptions = self::getDefaultOptions();
3960
3961 // Maybe load from the object
3962 if ( !is_null( $this->mOptionOverrides ) ) {
3963 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
3964 foreach( $this->mOptionOverrides as $key => $value ) {
3965 $this->mOptions[$key] = $value;
3966 }
3967 } else {
3968 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
3969 // Load from database
3970 $dbr = wfGetDB( DB_SLAVE );
3971
3972 $res = $dbr->select(
3973 'user_properties',
3974 '*',
3975 array( 'up_user' => $this->getId() ),
3976 __METHOD__
3977 );
3978
3979 $this->mOptionOverrides = array();
3980 foreach ( $res as $row ) {
3981 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3982 $this->mOptions[$row->up_property] = $row->up_value;
3983 }
3984 }
3985
3986 $this->mOptionsLoaded = true;
3987
3988 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3989 }
3990
3991 /**
3992 * @todo document
3993 */
3994 protected function saveOptions() {
3995 global $wgAllowPrefChange;
3996
3997 $extuser = ExternalUser::newFromUser( $this );
3998
3999 $this->loadOptions();
4000 $dbw = wfGetDB( DB_MASTER );
4001
4002 $insert_rows = array();
4003
4004 $saveOptions = $this->mOptions;
4005
4006 // Allow hooks to abort, for instance to save to a global profile.
4007 // Reset options to default state before saving.
4008 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4009 return;
4010 }
4011
4012 foreach( $saveOptions as $key => $value ) {
4013 # Don't bother storing default values
4014 if ( ( is_null( self::getDefaultOption( $key ) ) &&
4015 !( $value === false || is_null($value) ) ) ||
4016 $value != self::getDefaultOption( $key ) ) {
4017 $insert_rows[] = array(
4018 'up_user' => $this->getId(),
4019 'up_property' => $key,
4020 'up_value' => $value,
4021 );
4022 }
4023 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
4024 switch ( $wgAllowPrefChange[$key] ) {
4025 case 'local':
4026 case 'message':
4027 break;
4028 case 'semiglobal':
4029 case 'global':
4030 $extuser->setPref( $key, $value );
4031 }
4032 }
4033 }
4034
4035 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
4036 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
4037 }
4038
4039 /**
4040 * Provide an array of HTML5 attributes to put on an input element
4041 * intended for the user to enter a new password. This may include
4042 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4043 *
4044 * Do *not* use this when asking the user to enter his current password!
4045 * Regardless of configuration, users may have invalid passwords for whatever
4046 * reason (e.g., they were set before requirements were tightened up).
4047 * Only use it when asking for a new password, like on account creation or
4048 * ResetPass.
4049 *
4050 * Obviously, you still need to do server-side checking.
4051 *
4052 * NOTE: A combination of bugs in various browsers means that this function
4053 * actually just returns array() unconditionally at the moment. May as
4054 * well keep it around for when the browser bugs get fixed, though.
4055 *
4056 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4057 *
4058 * @return array Array of HTML attributes suitable for feeding to
4059 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4060 * That will potentially output invalid XHTML 1.0 Transitional, and will
4061 * get confused by the boolean attribute syntax used.)
4062 */
4063 public static function passwordChangeInputAttribs() {
4064 global $wgMinimalPasswordLength;
4065
4066 if ( $wgMinimalPasswordLength == 0 ) {
4067 return array();
4068 }
4069
4070 # Note that the pattern requirement will always be satisfied if the
4071 # input is empty, so we need required in all cases.
4072 #
4073 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4074 # if e-mail confirmation is being used. Since HTML5 input validation
4075 # is b0rked anyway in some browsers, just return nothing. When it's
4076 # re-enabled, fix this code to not output required for e-mail
4077 # registration.
4078 #$ret = array( 'required' );
4079 $ret = array();
4080
4081 # We can't actually do this right now, because Opera 9.6 will print out
4082 # the entered password visibly in its error message! When other
4083 # browsers add support for this attribute, or Opera fixes its support,
4084 # we can add support with a version check to avoid doing this on Opera
4085 # versions where it will be a problem. Reported to Opera as
4086 # DSK-262266, but they don't have a public bug tracker for us to follow.
4087 /*
4088 if ( $wgMinimalPasswordLength > 1 ) {
4089 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4090 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
4091 $wgMinimalPasswordLength );
4092 }
4093 */
4094
4095 return $ret;
4096 }
4097 }
MediaWiki Core