search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
correct typo in r102393
[mediawiki.git] / includes / User.php
blobb0d291d8d4080012b0836cc06740751650ff13b5
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
26 */
27 define( 'USER_TOKEN_LENGTH', 32 );
28
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
32 */
33 define( 'MW_USER_VERSION', 8 );
34
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
38 */
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
40
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
44 */
45 class PasswordError extends MWException {
46 // NOP
47 }
48
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
58 */
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
63 */
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
67
68 /**
69 * Array of Strings List of member variables which are saved to the
70 * shared cache (memcached). Any operation which changes the
71 * corresponding database fields must call a cache-clearing function.
72 * @showinitializer
73 */
74 static $mCacheVars = array(
75 // user table
76 'mId',
77 'mName',
78 'mRealName',
79 'mPassword',
80 'mNewpassword',
81 'mNewpassTime',
82 'mEmail',
83 'mTouched',
84 'mToken',
85 'mEmailAuthenticated',
86 'mEmailToken',
87 'mEmailTokenExpires',
88 'mRegistration',
89 'mEditCount',
90 // user_groups table
91 'mGroups',
92 // user_properties table
93 'mOptionOverrides',
94 );
95
96 /**
97 * Array of Strings Core rights.
98 * Each of these should have a corresponding message of the form
99 * "right-$right".
100 * @showinitializer
101 */
102 static $mCoreRights = array(
103 'apihighlimits',
104 'autoconfirmed',
105 'autopatrol',
106 'bigdelete',
107 'block',
108 'blockemail',
109 'bot',
110 'browsearchive',
111 'createaccount',
112 'createpage',
113 'createtalk',
114 'delete',
115 'deletedhistory',
116 'deletedtext',
117 'deleterevision',
118 'disableaccount',
119 'edit',
120 'editinterface',
121 'editusercssjs', #deprecated
122 'editusercss',
123 'edituserjs',
124 'hideuser',
125 'import',
126 'importupload',
127 'ipblock-exempt',
128 'markbotedits',
129 'mergehistory',
130 'minoredit',
131 'move',
132 'movefile',
133 'move-rootuserpages',
134 'move-subpages',
135 'nominornewtalk',
136 'noratelimit',
137 'override-export-depth',
138 'patrol',
139 'protect',
140 'proxyunbannable',
141 'purge',
142 'read',
143 'reupload',
144 'reupload-shared',
145 'rollback',
146 'selenium',
147 'sendemail',
148 'siteadmin',
149 'suppressionlog',
150 'suppressredirect',
151 'suppressrevision',
152 'trackback',
153 'unblockself',
154 'undelete',
155 'unwatchedpages',
156 'upload',
157 'upload_by_url',
158 'userrights',
159 'userrights-interwiki',
160 'writeapi',
161 );
162 /**
163 * String Cached results of getAllRights()
164 */
165 static $mAllRights = false;
166
167 /** @name Cache variables */
168 //@{
169 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
170 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
171 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides,
172 $mCookiePassword, $mEditCount, $mAllowUsertalk;
173 //@}
174
175 /**
176 * Bool Whether the cache variables have been loaded.
177 */
178 //@{
179 var $mOptionsLoaded;
180
181 /**
182 * Array with already loaded items or true if all items have been loaded.
183 */
184 private $mLoadedItems = array();
185 //@}
186
187 /**
188 * String Initialization data source if mLoadedItems!==true. May be one of:
189 * - 'defaults' anonymous user initialised from class defaults
190 * - 'name' initialise from mName
191 * - 'id' initialise from mId
192 * - 'session' log in from cookies or session if possible
193 *
194 * Use the User::newFrom*() family of functions to set this.
195 */
196 var $mFrom;
197
198 /**
199 * Lazy-initialized variables, invalidated with clearInstanceCache
200 */
201 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
202 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
203 $mLocked, $mHideName, $mOptions;
204
205 /**
206 * @var WebRequest
207 */
208 private $mRequest;
209
210 /**
211 * @var Block
212 */
213 var $mBlock;
214
215 /**
216 * @var Block
217 */
218 private $mBlockedFromCreateAccount = false;
219
220 static $idCacheByName = array();
221
222 /**
223 * Lightweight constructor for an anonymous user.
224 * Use the User::newFrom* factory functions for other kinds of users.
225 *
226 * @see newFromName()
227 * @see newFromId()
228 * @see newFromConfirmationCode()
229 * @see newFromSession()
230 * @see newFromRow()
231 */
232 function __construct() {
233 $this->clearInstanceCache( 'defaults' );
234 }
235
236 /**
237 * @return String
238 */
239 function __toString(){
240 return $this->getName();
241 }
242
243 /**
244 * Load the user table data for this object from the source given by mFrom.
245 */
246 public function load() {
247 if ( $this->mLoadedItems === true ) {
248 return;
249 }
250 wfProfileIn( __METHOD__ );
251
252 # Set it now to avoid infinite recursion in accessors
253 $this->mLoadedItems = true;
254
255 switch ( $this->mFrom ) {
256 case 'defaults':
257 $this->loadDefaults();
258 break;
259 case 'name':
260 $this->mId = self::idFromName( $this->mName );
261 if ( !$this->mId ) {
262 # Nonexistent user placeholder object
263 $this->loadDefaults( $this->mName );
264 } else {
265 $this->loadFromId();
266 }
267 break;
268 case 'id':
269 $this->loadFromId();
270 break;
271 case 'session':
272 $this->loadFromSession();
273 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
274 break;
275 default:
276 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
277 }
278 wfProfileOut( __METHOD__ );
279 }
280
281 /**
282 * Load user table data, given mId has already been set.
283 * @return Bool false if the ID does not exist, true otherwise
284 */
285 public function loadFromId() {
286 global $wgMemc;
287 if ( $this->mId == 0 ) {
288 $this->loadDefaults();
289 return false;
290 }
291
292 # Try cache
293 $key = wfMemcKey( 'user', 'id', $this->mId );
294 $data = $wgMemc->get( $key );
295 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
296 # Object is expired, load from DB
297 $data = false;
298 }
299
300 if ( !$data ) {
301 wfDebug( "User: cache miss for user {$this->mId}\n" );
302 # Load from DB
303 if ( !$this->loadFromDatabase() ) {
304 # Can't load from ID, user is anonymous
305 return false;
306 }
307 $this->saveToCache();
308 } else {
309 wfDebug( "User: got user {$this->mId} from cache\n" );
310 # Restore from cache
311 foreach ( self::$mCacheVars as $name ) {
312 $this->$name = $data[$name];
313 }
314 }
315 return true;
316 }
317
318 /**
319 * Save user data to the shared cache
320 */
321 public function saveToCache() {
322 $this->load();
323 $this->loadGroups();
324 $this->loadOptions();
325 if ( $this->isAnon() ) {
326 // Anonymous users are uncached
327 return;
328 }
329 $data = array();
330 foreach ( self::$mCacheVars as $name ) {
331 $data[$name] = $this->$name;
332 }
333 $data['mVersion'] = MW_USER_VERSION;
334 $key = wfMemcKey( 'user', 'id', $this->mId );
335 global $wgMemc;
336 $wgMemc->set( $key, $data );
337 }
338
339 /** @name newFrom*() static factory methods */
340 //@{
341
342 /**
343 * Static factory method for creation from username.
344 *
345 * This is slightly less efficient than newFromId(), so use newFromId() if
346 * you have both an ID and a name handy.
347 *
348 * @param $name String Username, validated by Title::newFromText()
349 * @param $validate String|Bool Validate username. Takes the same parameters as
350 * User::getCanonicalName(), except that true is accepted as an alias
351 * for 'valid', for BC.
352 *
353 * @return User object, or false if the username is invalid
354 * (e.g. if it contains illegal characters or is an IP address). If the
355 * username is not present in the database, the result will be a user object
356 * with a name, zero user ID and default settings.
357 */
358 public static function newFromName( $name, $validate = 'valid' ) {
359 if ( $validate === true ) {
360 $validate = 'valid';
361 }
362 $name = self::getCanonicalName( $name, $validate );
363 if ( $name === false ) {
364 return false;
365 } else {
366 # Create unloaded user object
367 $u = new User;
368 $u->mName = $name;
369 $u->mFrom = 'name';
370 $u->setItemLoaded( 'name' );
371 return $u;
372 }
373 }
374
375 /**
376 * Static factory method for creation from a given user ID.
377 *
378 * @param $id Int Valid user ID
379 * @return User The corresponding User object
380 */
381 public static function newFromId( $id ) {
382 $u = new User;
383 $u->mId = $id;
384 $u->mFrom = 'id';
385 $u->setItemLoaded( 'id' );
386 return $u;
387 }
388
389 /**
390 * Factory method to fetch whichever user has a given email confirmation code.
391 * This code is generated when an account is created or its e-mail address
392 * has changed.
393 *
394 * If the code is invalid or has expired, returns NULL.
395 *
396 * @param $code String Confirmation code
397 * @return User
398 */
399 public static function newFromConfirmationCode( $code ) {
400 $dbr = wfGetDB( DB_SLAVE );
401 $id = $dbr->selectField( 'user', 'user_id', array(
402 'user_email_token' => md5( $code ),
403 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
404 ) );
405 if( $id !== false ) {
406 return User::newFromId( $id );
407 } else {
408 return null;
409 }
410 }
411
412 /**
413 * Create a new user object using data from session or cookies. If the
414 * login credentials are invalid, the result is an anonymous user.
415 *
416 * @param $request WebRequest object to use; $wgRequest will be used if
417 * ommited.
418 * @return User
419 */
420 public static function newFromSession( WebRequest $request = null ) {
421 $user = new User;
422 $user->mFrom = 'session';
423 $user->mRequest = $request;
424 return $user;
425 }
426
427 /**
428 * Create a new user object from a user row.
429 * The row should have the following fields from the user table in it:
430 * - either user_name or user_id to load further data if needed (or both)
431 * - user_real_name
432 * - all other fields (email, password, etc.)
433 * It is useless to provide the remaining fields if either user_id,
434 * user_name and user_real_name are not provided because the whole row
435 * will be loaded once more from the database when accessing them.
436 *
437 * @param $row Array A row from the user table
438 * @return User
439 */
440 public static function newFromRow( $row ) {
441 $user = new User;
442 $user->loadFromRow( $row );
443 return $user;
444 }
445
446 //@}
447
448 /**
449 * Get the username corresponding to a given user ID
450 * @param $id Int User ID
451 * @return String|false The corresponding username
452 */
453 public static function whoIs( $id ) {
454 $dbr = wfGetDB( DB_SLAVE );
455 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
456 }
457
458 /**
459 * Get the real name of a user given their user ID
460 *
461 * @param $id Int User ID
462 * @return String|false The corresponding user's real name
463 */
464 public static function whoIsReal( $id ) {
465 $dbr = wfGetDB( DB_SLAVE );
466 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
467 }
468
469 /**
470 * Get database id given a user name
471 * @param $name String Username
472 * @return Int|Null The corresponding user's ID, or null if user is nonexistent
473 */
474 public static function idFromName( $name ) {
475 $nt = Title::makeTitleSafe( NS_USER, $name );
476 if( is_null( $nt ) ) {
477 # Illegal name
478 return null;
479 }
480
481 if ( isset( self::$idCacheByName[$name] ) ) {
482 return self::$idCacheByName[$name];
483 }
484
485 $dbr = wfGetDB( DB_SLAVE );
486 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
487
488 if ( $s === false ) {
489 $result = null;
490 } else {
491 $result = $s->user_id;
492 }
493
494 self::$idCacheByName[$name] = $result;
495
496 if ( count( self::$idCacheByName ) > 1000 ) {
497 self::$idCacheByName = array();
498 }
499
500 return $result;
501 }
502
503 /**
504 * Reset the cache used in idFromName(). For use in tests.
505 */
506 public static function resetIdByNameCache() {
507 self::$idCacheByName = array();
508 }
509
510 /**
511 * Does the string match an anonymous IPv4 address?
512 *
513 * This function exists for username validation, in order to reject
514 * usernames which are similar in form to IP addresses. Strings such
515 * as 300.300.300.300 will return true because it looks like an IP
516 * address, despite not being strictly valid.
517 *
518 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
519 * address because the usemod software would "cloak" anonymous IP
520 * addresses like this, if we allowed accounts like this to be created
521 * new users could get the old edits of these anonymous users.
522 *
523 * @param $name String to match
524 * @return Bool
525 */
526 public static function isIP( $name ) {
527 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
528 }
529
530 /**
531 * Is the input a valid username?
532 *
533 * Checks if the input is a valid username, we don't want an empty string,
534 * an IP address, anything that containins slashes (would mess up subpages),
535 * is longer than the maximum allowed username size or doesn't begin with
536 * a capital letter.
537 *
538 * @param $name String to match
539 * @return Bool
540 */
541 public static function isValidUserName( $name ) {
542 global $wgContLang, $wgMaxNameChars;
543
544 if ( $name == ''
545 || User::isIP( $name )
546 || strpos( $name, '/' ) !== false
547 || strlen( $name ) > $wgMaxNameChars
548 || $name != $wgContLang->ucfirst( $name ) ) {
549 wfDebugLog( 'username', __METHOD__ .
550 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
551 return false;
552 }
553
554 // Ensure that the name can't be misresolved as a different title,
555 // such as with extra namespace keys at the start.
556 $parsed = Title::newFromText( $name );
557 if( is_null( $parsed )
558 || $parsed->getNamespace()
559 || strcmp( $name, $parsed->getPrefixedText() ) ) {
560 wfDebugLog( 'username', __METHOD__ .
561 ": '$name' invalid due to ambiguous prefixes" );
562 return false;
563 }
564
565 // Check an additional blacklist of troublemaker characters.
566 // Should these be merged into the title char list?
567 $unicodeBlacklist = '/[' .
568 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
569 '\x{00a0}' . # non-breaking space
570 '\x{2000}-\x{200f}' . # various whitespace
571 '\x{2028}-\x{202f}' . # breaks and control chars
572 '\x{3000}' . # ideographic space
573 '\x{e000}-\x{f8ff}' . # private use
574 ']/u';
575 if( preg_match( $unicodeBlacklist, $name ) ) {
576 wfDebugLog( 'username', __METHOD__ .
577 ": '$name' invalid due to blacklisted characters" );
578 return false;
579 }
580
581 return true;
582 }
583
584 /**
585 * Usernames which fail to pass this function will be blocked
586 * from user login and new account registrations, but may be used
587 * internally by batch processes.
588 *
589 * If an account already exists in this form, login will be blocked
590 * by a failure to pass this function.
591 *
592 * @param $name String to match
593 * @return Bool
594 */
595 public static function isUsableName( $name ) {
596 global $wgReservedUsernames;
597 // Must be a valid username, obviously ;)
598 if ( !self::isValidUserName( $name ) ) {
599 return false;
600 }
601
602 static $reservedUsernames = false;
603 if ( !$reservedUsernames ) {
604 $reservedUsernames = $wgReservedUsernames;
605 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
606 }
607
608 // Certain names may be reserved for batch processes.
609 foreach ( $reservedUsernames as $reserved ) {
610 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
611 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
612 }
613 if ( $reserved == $name ) {
614 return false;
615 }
616 }
617 return true;
618 }
619
620 /**
621 * Usernames which fail to pass this function will be blocked
622 * from new account registrations, but may be used internally
623 * either by batch processes or by user accounts which have
624 * already been created.
625 *
626 * Additional blacklisting may be added here rather than in
627 * isValidUserName() to avoid disrupting existing accounts.
628 *
629 * @param $name String to match
630 * @return Bool
631 */
632 public static function isCreatableName( $name ) {
633 global $wgInvalidUsernameCharacters;
634
635 // Ensure that the username isn't longer than 235 bytes, so that
636 // (at least for the builtin skins) user javascript and css files
637 // will work. (bug 23080)
638 if( strlen( $name ) > 235 ) {
639 wfDebugLog( 'username', __METHOD__ .
640 ": '$name' invalid due to length" );
641 return false;
642 }
643
644 // Preg yells if you try to give it an empty string
645 if( $wgInvalidUsernameCharacters !== '' ) {
646 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
647 wfDebugLog( 'username', __METHOD__ .
648 ": '$name' invalid due to wgInvalidUsernameCharacters" );
649 return false;
650 }
651 }
652
653 return self::isUsableName( $name );
654 }
655
656 /**
657 * Is the input a valid password for this user?
658 *
659 * @param $password String Desired password
660 * @return Bool
661 */
662 public function isValidPassword( $password ) {
663 //simple boolean wrapper for getPasswordValidity
664 return $this->getPasswordValidity( $password ) === true;
665 }
666
667 /**
668 * Given unvalidated password input, return error message on failure.
669 *
670 * @param $password String Desired password
671 * @return mixed: true on success, string or array of error message on failure
672 */
673 public function getPasswordValidity( $password ) {
674 global $wgMinimalPasswordLength, $wgContLang;
675
676 static $blockedLogins = array(
677 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
678 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
679 );
680
681 $result = false; //init $result to false for the internal checks
682
683 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
684 return $result;
685
686 if ( $result === false ) {
687 if( strlen( $password ) < $wgMinimalPasswordLength ) {
688 return 'passwordtooshort';
689 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
690 return 'password-name-match';
691 } elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
692 return 'password-login-forbidden';
693 } else {
694 //it seems weird returning true here, but this is because of the
695 //initialization of $result to false above. If the hook is never run or it
696 //doesn't modify $result, then we will likely get down into this if with
697 //a valid password.
698 return true;
699 }
700 } elseif( $result === true ) {
701 return true;
702 } else {
703 return $result; //the isValidPassword hook set a string $result and returned true
704 }
705 }
706
707 /**
708 * Does a string look like an e-mail address?
709 *
710 * This validates an email address using an HTML5 specification found at:
711 * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address
712 * Which as of 2011-01-24 says:
713 *
714 * A valid e-mail address is a string that matches the ABNF production
715 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
716 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
717 * 3.5.
718 *
719 * This function is an implementation of the specification as requested in
720 * bug 22449.
721 *
722 * Client-side forms will use the same standard validation rules via JS or
723 * HTML 5 validation; additional restrictions can be enforced server-side
724 * by extensions via the 'isValidEmailAddr' hook.
725 *
726 * Note that this validation doesn't 100% match RFC 2822, but is believed
727 * to be liberal enough for wide use. Some invalid addresses will still
728 * pass validation here.
729 *
730 * @param $addr String E-mail address
731 * @return Bool
732 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
733 */
734 public static function isValidEmailAddr( $addr ) {
735 return Sanitizer::validateEmail( $addr );
736 }
737
738 /**
739 * Given unvalidated user input, return a canonical username, or false if
740 * the username is invalid.
741 * @param $name String User input
742 * @param $validate String|Bool type of validation to use:
743 * - false No validation
744 * - 'valid' Valid for batch processes
745 * - 'usable' Valid for batch processes and login
746 * - 'creatable' Valid for batch processes, login and account creation
747 *
748 * @return bool|string
749 */
750 public static function getCanonicalName( $name, $validate = 'valid' ) {
751 # Force usernames to capital
752 global $wgContLang;
753 $name = $wgContLang->ucfirst( $name );
754
755 # Reject names containing '#'; these will be cleaned up
756 # with title normalisation, but then it's too late to
757 # check elsewhere
758 if( strpos( $name, '#' ) !== false )
759 return false;
760
761 # Clean up name according to title rules
762 $t = ( $validate === 'valid' ) ?
763 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
764 # Check for invalid titles
765 if( is_null( $t ) ) {
766 return false;
767 }
768
769 # Reject various classes of invalid names
770 global $wgAuth;
771 $name = $wgAuth->getCanonicalName( $t->getText() );
772
773 switch ( $validate ) {
774 case false:
775 break;
776 case 'valid':
777 if ( !User::isValidUserName( $name ) ) {
778 $name = false;
779 }
780 break;
781 case 'usable':
782 if ( !User::isUsableName( $name ) ) {
783 $name = false;
784 }
785 break;
786 case 'creatable':
787 if ( !User::isCreatableName( $name ) ) {
788 $name = false;
789 }
790 break;
791 default:
792 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
793 }
794 return $name;
795 }
796
797 /**
798 * Count the number of edits of a user
799 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
800 *
801 * @param $uid Int User ID to check
802 * @return Int the user's edit count
803 */
804 public static function edits( $uid ) {
805 wfProfileIn( __METHOD__ );
806 $dbr = wfGetDB( DB_SLAVE );
807 // check if the user_editcount field has been initialized
808 $field = $dbr->selectField(
809 'user', 'user_editcount',
810 array( 'user_id' => $uid ),
811 __METHOD__
812 );
813
814 if( $field === null ) { // it has not been initialized. do so.
815 $dbw = wfGetDB( DB_MASTER );
816 $count = $dbr->selectField(
817 'revision', 'count(*)',
818 array( 'rev_user' => $uid ),
819 __METHOD__
820 );
821 $dbw->update(
822 'user',
823 array( 'user_editcount' => $count ),
824 array( 'user_id' => $uid ),
825 __METHOD__
826 );
827 } else {
828 $count = $field;
829 }
830 wfProfileOut( __METHOD__ );
831 return $count;
832 }
833
834 /**
835 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
836 * @todo hash random numbers to improve security, like generateToken()
837 *
838 * @return String new random password
839 */
840 public static function randomPassword() {
841 global $wgMinimalPasswordLength;
842 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
843 $l = strlen( $pwchars ) - 1;
844
845 $pwlength = max( 7, $wgMinimalPasswordLength );
846 $digit = mt_rand( 0, $pwlength - 1 );
847 $np = '';
848 for ( $i = 0; $i < $pwlength; $i++ ) {
849 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars[ mt_rand( 0, $l ) ];
850 }
851 return $np;
852 }
853
854 /**
855 * Set cached properties to default.
856 *
857 * @note This no longer clears uncached lazy-initialised properties;
858 * the constructor does that instead.
859 *
860 * @param $name string
861 */
862 public function loadDefaults( $name = false ) {
863 wfProfileIn( __METHOD__ );
864
865 $this->mId = 0;
866 $this->mName = $name;
867 $this->mRealName = '';
868 $this->mPassword = $this->mNewpassword = '';
869 $this->mNewpassTime = null;
870 $this->mEmail = '';
871 $this->mOptionOverrides = null;
872 $this->mOptionsLoaded = false;
873
874 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
875 if( $loggedOut !== null ) {
876 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
877 } else {
878 $this->mTouched = '0'; # Allow any pages to be cached
879 }
880
881 $this->setToken(); # Random
882 $this->mEmailAuthenticated = null;
883 $this->mEmailToken = '';
884 $this->mEmailTokenExpires = null;
885 $this->mRegistration = wfTimestamp( TS_MW );
886 $this->mGroups = array();
887
888 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
889
890 wfProfileOut( __METHOD__ );
891 }
892
893 /**
894 * Return whether an item has been loaded.
895 *
896 * @param $item String: item to check. Current possibilities:
897 * - id
898 * - name
899 * - realname
900 * @param $all String: 'all' to check if the whole object has been loaded
901 * or any other string to check if only the item is available (e.g.
902 * for optimisation)
903 * @return Boolean
904 */
905 public function isItemLoaded( $item, $all = 'all' ) {
906 return ( $this->mLoadedItems === true && $all === 'all' ) ||
907 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
908 }
909
910 /**
911 * Set that an item has been loaded
912 *
913 * @param $item String
914 */
915 private function setItemLoaded( $item ) {
916 if ( is_array( $this->mLoadedItems ) ) {
917 $this->mLoadedItems[$item] = true;
918 }
919 }
920
921 /**
922 * Load user data from the session or login cookie. If there are no valid
923 * credentials, initialises the user as an anonymous user.
924 * @return Bool True if the user is logged in, false otherwise.
925 */
926 private function loadFromSession() {
927 global $wgExternalAuthType, $wgAutocreatePolicy;
928
929 $result = null;
930 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
931 if ( $result !== null ) {
932 return $result;
933 }
934
935 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
936 $extUser = ExternalUser::newFromCookie();
937 if ( $extUser ) {
938 # TODO: Automatically create the user here (or probably a bit
939 # lower down, in fact)
940 }
941 }
942
943 $request = $this->getRequest();
944
945 $cookieId = $request->getCookie( 'UserID' );
946 $sessId = $request->getSessionData( 'wsUserID' );
947
948 if ( $cookieId !== null ) {
949 $sId = intval( $cookieId );
950 if( $sessId !== null && $cookieId != $sessId ) {
951 $this->loadDefaults(); // Possible collision!
952 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
953 cookie user ID ($sId) don't match!" );
954 return false;
955 }
956 $request->setSessionData( 'wsUserID', $sId );
957 } elseif ( $sessId !== null && $sessId != 0 ) {
958 $sId = $sessId;
959 } else {
960 $this->loadDefaults();
961 return false;
962 }
963
964 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
965 $sName = $request->getSessionData( 'wsUserName' );
966 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
967 $sName = $request->getCookie( 'UserName' );
968 $request->setSessionData( 'wsUserName', $sName );
969 } else {
970 $this->loadDefaults();
971 return false;
972 }
973
974 $proposedUser = User::newFromId( $sId );
975 if ( !$proposedUser->isLoggedIn() ) {
976 # Not a valid ID
977 $this->loadDefaults();
978 return false;
979 }
980
981 global $wgBlockDisablesLogin;
982 if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
983 # User blocked and we've disabled blocked user logins
984 $this->loadDefaults();
985 return false;
986 }
987
988 if ( $request->getSessionData( 'wsToken' ) !== null ) {
989 $passwordCorrect = $proposedUser->getToken() === $request->getSessionData( 'wsToken' );
990 $from = 'session';
991 } elseif ( $request->getCookie( 'Token' ) !== null ) {
992 $passwordCorrect = $proposedUser->getToken() === $request->getCookie( 'Token' );
993 $from = 'cookie';
994 } else {
995 # No session or persistent login cookie
996 $this->loadDefaults();
997 return false;
998 }
999
1000 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
1001 $this->loadFromUserObject( $proposedUser );
1002 $request->setSessionData( 'wsToken', $this->mToken );
1003 wfDebug( "User: logged in from $from\n" );
1004 return true;
1005 } else {
1006 # Invalid credentials
1007 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1008 $this->loadDefaults();
1009 return false;
1010 }
1011 }
1012
1013 /**
1014 * Load user and user_group data from the database.
1015 * $this->mId must be set, this is how the user is identified.
1016 *
1017 * @return Bool True if the user exists, false if the user is anonymous
1018 */
1019 public function loadFromDatabase() {
1020 # Paranoia
1021 $this->mId = intval( $this->mId );
1022
1023 /** Anonymous user */
1024 if( !$this->mId ) {
1025 $this->loadDefaults();
1026 return false;
1027 }
1028
1029 $dbr = wfGetDB( DB_MASTER );
1030 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
1031
1032 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1033
1034 if ( $s !== false ) {
1035 # Initialise user table data
1036 $this->loadFromRow( $s );
1037 $this->mGroups = null; // deferred
1038 $this->getEditCount(); // revalidation for nulls
1039 return true;
1040 } else {
1041 # Invalid user_id
1042 $this->mId = 0;
1043 $this->loadDefaults();
1044 return false;
1045 }
1046 }
1047
1048 /**
1049 * Initialize this object from a row from the user table.
1050 *
1051 * @param $row Array Row from the user table to load.
1052 */
1053 public function loadFromRow( $row ) {
1054 $all = true;
1055
1056 $this->mGroups = null; // deferred
1057
1058 if ( isset( $row->user_name ) ) {
1059 $this->mName = $row->user_name;
1060 $this->mFrom = 'name';
1061 $this->setItemLoaded( 'name' );
1062 } else {
1063 $all = false;
1064 }
1065
1066 if ( isset( $row->user_real_name ) ) {
1067 $this->mRealName = $row->user_real_name;
1068 $this->setItemLoaded( 'realname' );
1069 } else {
1070 $all = false;
1071 }
1072
1073 if ( isset( $row->user_id ) ) {
1074 $this->mId = intval( $row->user_id );
1075 $this->mFrom = 'id';
1076 $this->setItemLoaded( 'id' );
1077 } else {
1078 $all = false;
1079 }
1080
1081 if ( isset( $row->user_editcount ) ) {
1082 $this->mEditCount = $row->user_editcount;
1083 } else {
1084 $all = false;
1085 }
1086
1087 if ( isset( $row->user_password ) ) {
1088 $this->mPassword = $row->user_password;
1089 $this->mNewpassword = $row->user_newpassword;
1090 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1091 $this->mEmail = $row->user_email;
1092 if ( isset( $row->user_options ) ) {
1093 $this->decodeOptions( $row->user_options );
1094 }
1095 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1096 $this->mToken = $row->user_token;
1097 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1098 $this->mEmailToken = $row->user_email_token;
1099 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1100 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1101 } else {
1102 $all = false;
1103 }
1104
1105 if ( $all ) {
1106 $this->mLoadedItems = true;
1107 }
1108 }
1109
1110 /**
1111 * Load the data for this user object from another user object.
1112 *
1113 * @param $user User
1114 */
1115 protected function loadFromUserObject( $user ) {
1116 $user->load();
1117 $user->loadGroups();
1118 $user->loadOptions();
1119 foreach ( self::$mCacheVars as $var ) {
1120 $this->$var = $user->$var;
1121 }
1122 }
1123
1124 /**
1125 * Load the groups from the database if they aren't already loaded.
1126 */
1127 private function loadGroups() {
1128 if ( is_null( $this->mGroups ) ) {
1129 $dbr = wfGetDB( DB_MASTER );
1130 $res = $dbr->select( 'user_groups',
1131 array( 'ug_group' ),
1132 array( 'ug_user' => $this->mId ),
1133 __METHOD__ );
1134 $this->mGroups = array();
1135 foreach ( $res as $row ) {
1136 $this->mGroups[] = $row->ug_group;
1137 }
1138 }
1139 }
1140
1141 /**
1142 * Add the user to the group if he/she meets given criteria.
1143 *
1144 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1145 * possible to remove manually via Special:UserRights. In such case it
1146 * will not be re-added automatically. The user will also not lose the
1147 * group if they no longer meet the criteria.
1148 *
1149 * @param $event String key in $wgAutopromoteOnce (each one has groups/criteria)
1150 *
1151 * @return array Array of groups the user has been promoted to.
1152 *
1153 * @see $wgAutopromoteOnce
1154 */
1155 public function addAutopromoteOnceGroups( $event ) {
1156 global $wgAutopromoteOnceLogInRC;
1157
1158 $toPromote = array();
1159 if ( $this->getId() ) {
1160 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1161 if ( count( $toPromote ) ) {
1162 $oldGroups = $this->getGroups(); // previous groups
1163 foreach ( $toPromote as $group ) {
1164 $this->addGroup( $group );
1165 }
1166 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1167
1168 $log = new LogPage( 'rights', $wgAutopromoteOnceLogInRC /* in RC? */ );
1169 $log->addEntry( 'autopromote',
1170 $this->getUserPage(),
1171 '', // no comment
1172 // These group names are "list to texted"-ed in class LogPage.
1173 array( implode( ', ', $oldGroups ), implode( ', ', $newGroups ) )
1174 );
1175 }
1176 }
1177 return $toPromote;
1178 }
1179
1180 /**
1181 * Clear various cached data stored in this object.
1182 * @param $reloadFrom bool|String Reload user and user_groups table data from a
1183 * given source. May be "name", "id", "defaults", "session", or false for
1184 * no reload.
1185 */
1186 public function clearInstanceCache( $reloadFrom = false ) {
1187 $this->mNewtalk = -1;
1188 $this->mDatePreference = null;
1189 $this->mBlockedby = -1; # Unset
1190 $this->mHash = false;
1191 $this->mRights = null;
1192 $this->mEffectiveGroups = null;
1193 $this->mImplicitGroups = null;
1194 $this->mOptions = null;
1195
1196 if ( $reloadFrom ) {
1197 $this->mLoadedItems = array();
1198 $this->mFrom = $reloadFrom;
1199 }
1200 }
1201
1202 /**
1203 * Combine the language default options with any site-specific options
1204 * and add the default language variants.
1205 *
1206 * @return Array of String options
1207 */
1208 public static function getDefaultOptions() {
1209 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1210
1211 $defOpt = $wgDefaultUserOptions;
1212 # default language setting
1213 $variant = $wgContLang->getDefaultVariant();
1214 $defOpt['variant'] = $variant;
1215 $defOpt['language'] = $variant;
1216 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1217 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1218 }
1219 $defOpt['skin'] = $wgDefaultSkin;
1220
1221 // FIXME: Ideally we'd cache the results of this function so the hook is only run once,
1222 // but that breaks the parser tests because they rely on being able to change $wgContLang
1223 // mid-request and see that change reflected in the return value of this function.
1224 // Which is insane and would never happen during normal MW operation, but is also not
1225 // likely to get fixed unless and until we context-ify everything.
1226 // See also https://www.mediawiki.org/wiki/Special:Code/MediaWiki/101488#c25275
1227 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1228
1229 return $defOpt;
1230 }
1231
1232 /**
1233 * Get a given default option value.
1234 *
1235 * @param $opt String Name of option to retrieve
1236 * @return String Default option value
1237 */
1238 public static function getDefaultOption( $opt ) {
1239 $defOpts = self::getDefaultOptions();
1240 if( isset( $defOpts[$opt] ) ) {
1241 return $defOpts[$opt];
1242 } else {
1243 return null;
1244 }
1245 }
1246
1247
1248 /**
1249 * Get blocking information
1250 * @param $bFromSlave Bool Whether to check the slave database first. To
1251 * improve performance, non-critical checks are done
1252 * against slaves. Check when actually saving should be
1253 * done against master.
1254 */
1255 private function getBlockedStatus( $bFromSlave = true ) {
1256 global $wgProxyWhitelist, $wgUser;
1257
1258 if ( -1 != $this->mBlockedby ) {
1259 return;
1260 }
1261
1262 wfProfileIn( __METHOD__ );
1263 wfDebug( __METHOD__.": checking...\n" );
1264
1265 // Initialize data...
1266 // Otherwise something ends up stomping on $this->mBlockedby when
1267 // things get lazy-loaded later, causing false positive block hits
1268 // due to -1 !== 0. Probably session-related... Nothing should be
1269 // overwriting mBlockedby, surely?
1270 $this->load();
1271
1272 $this->mBlockedby = 0;
1273 $this->mHideName = 0;
1274 $this->mAllowUsertalk = 0;
1275
1276 # We only need to worry about passing the IP address to the Block generator if the
1277 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1278 # know which IP address they're actually coming from
1279 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1280 $ip = $this->getRequest()->getIP();
1281 } else {
1282 $ip = null;
1283 }
1284
1285 # User/IP blocking
1286 $this->mBlock = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
1287 if ( $this->mBlock instanceof Block ) {
1288 wfDebug( __METHOD__ . ": Found block.\n" );
1289 $this->mBlockedby = $this->mBlock->getByName();
1290 $this->mBlockreason = $this->mBlock->mReason;
1291 $this->mHideName = $this->mBlock->mHideName;
1292 $this->mAllowUsertalk = !$this->mBlock->prevents( 'editownusertalk' );
1293 }
1294
1295 # Proxy blocking
1296 if ( $ip !== null && !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1297 # Local list
1298 if ( self::isLocallyBlockedProxy( $ip ) ) {
1299 $this->mBlockedby = wfMsg( 'proxyblocker' );
1300 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1301 }
1302
1303 # DNSBL
1304 if ( !$this->mBlockedby && !$this->getID() ) {
1305 if ( $this->isDnsBlacklisted( $ip ) ) {
1306 $this->mBlockedby = wfMsg( 'sorbs' );
1307 $this->mBlockreason = wfMsg( 'sorbsreason' );
1308 }
1309 }
1310 }
1311
1312 # Extensions
1313 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1314
1315 wfProfileOut( __METHOD__ );
1316 }
1317
1318 /**
1319 * Whether the given IP is in a DNS blacklist.
1320 *
1321 * @param $ip String IP to check
1322 * @param $checkWhitelist Bool: whether to check the whitelist first
1323 * @return Bool True if blacklisted.
1324 */
1325 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1326 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1327 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1328
1329 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1330 return false;
1331
1332 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1333 return false;
1334
1335 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1336 return $this->inDnsBlacklist( $ip, $urls );
1337 }
1338
1339 /**
1340 * Whether the given IP is in a given DNS blacklist.
1341 *
1342 * @param $ip String IP to check
1343 * @param $bases String|Array of Strings: URL of the DNS blacklist
1344 * @return Bool True if blacklisted.
1345 */
1346 public function inDnsBlacklist( $ip, $bases ) {
1347 wfProfileIn( __METHOD__ );
1348
1349 $found = false;
1350 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1351 if( IP::isIPv4( $ip ) ) {
1352 # Reverse IP, bug 21255
1353 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1354
1355 foreach( (array)$bases as $base ) {
1356 # Make hostname
1357 # If we have an access key, use that too (ProjectHoneypot, etc.)
1358 if( is_array( $base ) ) {
1359 if( count( $base ) >= 2 ) {
1360 # Access key is 1, base URL is 0
1361 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1362 } else {
1363 $host = "$ipReversed.{$base[0]}";
1364 }
1365 } else {
1366 $host = "$ipReversed.$base";
1367 }
1368
1369 # Send query
1370 $ipList = gethostbynamel( $host );
1371
1372 if( $ipList ) {
1373 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1374 $found = true;
1375 break;
1376 } else {
1377 wfDebug( "Requested $host, not found in $base.\n" );
1378 }
1379 }
1380 }
1381
1382 wfProfileOut( __METHOD__ );
1383 return $found;
1384 }
1385
1386 /**
1387 * Check if an IP address is in the local proxy list
1388 *
1389 * @param $ip string
1390 *
1391 * @return bool
1392 */
1393 public static function isLocallyBlockedProxy( $ip ) {
1394 global $wgProxyList;
1395
1396 if ( !$wgProxyList ) {
1397 return false;
1398 }
1399 wfProfileIn( __METHOD__ );
1400
1401 if ( !is_array( $wgProxyList ) ) {
1402 # Load from the specified file
1403 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1404 }
1405
1406 if ( !is_array( $wgProxyList ) ) {
1407 $ret = false;
1408 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1409 $ret = true;
1410 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1411 # Old-style flipped proxy list
1412 $ret = true;
1413 } else {
1414 $ret = false;
1415 }
1416 wfProfileOut( __METHOD__ );
1417 return $ret;
1418 }
1419
1420 /**
1421 * Is this user subject to rate limiting?
1422 *
1423 * @return Bool True if rate limited
1424 */
1425 public function isPingLimitable() {
1426 global $wgRateLimitsExcludedIPs;
1427 if( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1428 // No other good way currently to disable rate limits
1429 // for specific IPs. :P
1430 // But this is a crappy hack and should die.
1431 return false;
1432 }
1433 return !$this->isAllowed('noratelimit');
1434 }
1435
1436 /**
1437 * Primitive rate limits: enforce maximum actions per time period
1438 * to put a brake on flooding.
1439 *
1440 * @note When using a shared cache like memcached, IP-address
1441 * last-hit counters will be shared across wikis.
1442 *
1443 * @param $action String Action to enforce; 'edit' if unspecified
1444 * @return Bool True if a rate limiter was tripped
1445 */
1446 public function pingLimiter( $action = 'edit' ) {
1447 # Call the 'PingLimiter' hook
1448 $result = false;
1449 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1450 return $result;
1451 }
1452
1453 global $wgRateLimits;
1454 if( !isset( $wgRateLimits[$action] ) ) {
1455 return false;
1456 }
1457
1458 # Some groups shouldn't trigger the ping limiter, ever
1459 if( !$this->isPingLimitable() )
1460 return false;
1461
1462 global $wgMemc, $wgRateLimitLog;
1463 wfProfileIn( __METHOD__ );
1464
1465 $limits = $wgRateLimits[$action];
1466 $keys = array();
1467 $id = $this->getId();
1468 $ip = $this->getRequest()->getIP();
1469 $userLimit = false;
1470
1471 if( isset( $limits['anon'] ) && $id == 0 ) {
1472 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1473 }
1474
1475 if( isset( $limits['user'] ) && $id != 0 ) {
1476 $userLimit = $limits['user'];
1477 }
1478 if( $this->isNewbie() ) {
1479 if( isset( $limits['newbie'] ) && $id != 0 ) {
1480 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1481 }
1482 if( isset( $limits['ip'] ) ) {
1483 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1484 }
1485 $matches = array();
1486 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1487 $subnet = $matches[1];
1488 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1489 }
1490 }
1491 // Check for group-specific permissions
1492 // If more than one group applies, use the group with the highest limit
1493 foreach ( $this->getGroups() as $group ) {
1494 if ( isset( $limits[$group] ) ) {
1495 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1496 $userLimit = $limits[$group];
1497 }
1498 }
1499 }
1500 // Set the user limit key
1501 if ( $userLimit !== false ) {
1502 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1503 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1504 }
1505
1506 $triggered = false;
1507 foreach( $keys as $key => $limit ) {
1508 list( $max, $period ) = $limit;
1509 $summary = "(limit $max in {$period}s)";
1510 $count = $wgMemc->get( $key );
1511 // Already pinged?
1512 if( $count ) {
1513 if( $count > $max ) {
1514 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1515 if( $wgRateLimitLog ) {
1516 wfSuppressWarnings();
1517 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1518 wfRestoreWarnings();
1519 }
1520 $triggered = true;
1521 } else {
1522 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1523 }
1524 } else {
1525 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1526 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1527 }
1528 $wgMemc->incr( $key );
1529 }
1530
1531 wfProfileOut( __METHOD__ );
1532 return $triggered;
1533 }
1534
1535 /**
1536 * Check if user is blocked
1537 *
1538 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1539 * @return Bool True if blocked, false otherwise
1540 */
1541 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1542 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1543 }
1544
1545 /**
1546 * Get the block affecting the user, or null if the user is not blocked
1547 *
1548 * @param $bFromSlave Bool Whether to check the slave database instead of the master
1549 * @return Block|null
1550 */
1551 public function getBlock( $bFromSlave = true ){
1552 $this->getBlockedStatus( $bFromSlave );
1553 return $this->mBlock instanceof Block ? $this->mBlock : null;
1554 }
1555
1556 /**
1557 * Check if user is blocked from editing a particular article
1558 *
1559 * @param $title Title to check
1560 * @param $bFromSlave Bool whether to check the slave database instead of the master
1561 * @return Bool
1562 */
1563 function isBlockedFrom( $title, $bFromSlave = false ) {
1564 global $wgBlockAllowsUTEdit;
1565 wfProfileIn( __METHOD__ );
1566
1567 $blocked = $this->isBlocked( $bFromSlave );
1568 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1569 # If a user's name is suppressed, they cannot make edits anywhere
1570 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1571 $title->getNamespace() == NS_USER_TALK ) {
1572 $blocked = false;
1573 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1574 }
1575
1576 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1577
1578 wfProfileOut( __METHOD__ );
1579 return $blocked;
1580 }
1581
1582 /**
1583 * If user is blocked, return the name of the user who placed the block
1584 * @return String name of blocker
1585 */
1586 public function blockedBy() {
1587 $this->getBlockedStatus();
1588 return $this->mBlockedby;
1589 }
1590
1591 /**
1592 * If user is blocked, return the specified reason for the block
1593 * @return String Blocking reason
1594 */
1595 public function blockedFor() {
1596 $this->getBlockedStatus();
1597 return $this->mBlockreason;
1598 }
1599
1600 /**
1601 * If user is blocked, return the ID for the block
1602 * @return Int Block ID
1603 */
1604 public function getBlockId() {
1605 $this->getBlockedStatus();
1606 return ( $this->mBlock ? $this->mBlock->getId() : false );
1607 }
1608
1609 /**
1610 * Check if user is blocked on all wikis.
1611 * Do not use for actual edit permission checks!
1612 * This is intented for quick UI checks.
1613 *
1614 * @param $ip String IP address, uses current client if none given
1615 * @return Bool True if blocked, false otherwise
1616 */
1617 public function isBlockedGlobally( $ip = '' ) {
1618 if( $this->mBlockedGlobally !== null ) {
1619 return $this->mBlockedGlobally;
1620 }
1621 // User is already an IP?
1622 if( IP::isIPAddress( $this->getName() ) ) {
1623 $ip = $this->getName();
1624 } elseif( !$ip ) {
1625 $ip = $this->getRequest()->getIP();
1626 }
1627 $blocked = false;
1628 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1629 $this->mBlockedGlobally = (bool)$blocked;
1630 return $this->mBlockedGlobally;
1631 }
1632
1633 /**
1634 * Check if user account is locked
1635 *
1636 * @return Bool True if locked, false otherwise
1637 */
1638 public function isLocked() {
1639 if( $this->mLocked !== null ) {
1640 return $this->mLocked;
1641 }
1642 global $wgAuth;
1643 $authUser = $wgAuth->getUserInstance( $this );
1644 $this->mLocked = (bool)$authUser->isLocked();
1645 return $this->mLocked;
1646 }
1647
1648 /**
1649 * Check if user account is hidden
1650 *
1651 * @return Bool True if hidden, false otherwise
1652 */
1653 public function isHidden() {
1654 if( $this->mHideName !== null ) {
1655 return $this->mHideName;
1656 }
1657 $this->getBlockedStatus();
1658 if( !$this->mHideName ) {
1659 global $wgAuth;
1660 $authUser = $wgAuth->getUserInstance( $this );
1661 $this->mHideName = (bool)$authUser->isHidden();
1662 }
1663 return $this->mHideName;
1664 }
1665
1666 /**
1667 * Get the user's ID.
1668 * @return Int The user's ID; 0 if the user is anonymous or nonexistent
1669 */
1670 public function getId() {
1671 if( $this->mId === null && $this->mName !== null
1672 && User::isIP( $this->mName ) ) {
1673 // Special case, we know the user is anonymous
1674 return 0;
1675 } elseif( !$this->isItemLoaded( 'id' ) ) {
1676 // Don't load if this was initialized from an ID
1677 $this->load();
1678 }
1679 return $this->mId;
1680 }
1681
1682 /**
1683 * Set the user and reload all fields according to a given ID
1684 * @param $v Int User ID to reload
1685 */
1686 public function setId( $v ) {
1687 $this->mId = $v;
1688 $this->clearInstanceCache( 'id' );
1689 }
1690
1691 /**
1692 * Get the user name, or the IP of an anonymous user
1693 * @return String User's name or IP address
1694 */
1695 public function getName() {
1696 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1697 # Special case optimisation
1698 return $this->mName;
1699 } else {
1700 $this->load();
1701 if ( $this->mName === false ) {
1702 # Clean up IPs
1703 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1704 }
1705 return $this->mName;
1706 }
1707 }
1708
1709 /**
1710 * Set the user name.
1711 *
1712 * This does not reload fields from the database according to the given
1713 * name. Rather, it is used to create a temporary "nonexistent user" for
1714 * later addition to the database. It can also be used to set the IP
1715 * address for an anonymous user to something other than the current
1716 * remote IP.
1717 *
1718 * @note User::newFromName() has rougly the same function, when the named user
1719 * does not exist.
1720 * @param $str String New user name to set
1721 */
1722 public function setName( $str ) {
1723 $this->load();
1724 $this->mName = $str;
1725 }
1726
1727 /**
1728 * Get the user's name escaped by underscores.
1729 * @return String Username escaped by underscores.
1730 */
1731 public function getTitleKey() {
1732 return str_replace( ' ', '_', $this->getName() );
1733 }
1734
1735 /**
1736 * Check if the user has new messages.
1737 * @return Bool True if the user has new messages
1738 */
1739 public function getNewtalk() {
1740 $this->load();
1741
1742 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1743 if( $this->mNewtalk === -1 ) {
1744 $this->mNewtalk = false; # reset talk page status
1745
1746 # Check memcached separately for anons, who have no
1747 # entire User object stored in there.
1748 if( !$this->mId ) {
1749 global $wgMemc;
1750 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1751 $newtalk = $wgMemc->get( $key );
1752 if( strval( $newtalk ) !== '' ) {
1753 $this->mNewtalk = (bool)$newtalk;
1754 } else {
1755 // Since we are caching this, make sure it is up to date by getting it
1756 // from the master
1757 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1758 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1759 }
1760 } else {
1761 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1762 }
1763 }
1764
1765 return (bool)$this->mNewtalk;
1766 }
1767
1768 /**
1769 * Return the talk page(s) this user has new messages on.
1770 * @return Array of String page URLs
1771 */
1772 public function getNewMessageLinks() {
1773 $talks = array();
1774 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1775 return $talks;
1776
1777 if( !$this->getNewtalk() )
1778 return array();
1779 $up = $this->getUserPage();
1780 $utp = $up->getTalkPage();
1781 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1782 }
1783
1784 /**
1785 * Internal uncached check for new messages
1786 *
1787 * @see getNewtalk()
1788 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1789 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1790 * @param $fromMaster Bool true to fetch from the master, false for a slave
1791 * @return Bool True if the user has new messages
1792 */
1793 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1794 if ( $fromMaster ) {
1795 $db = wfGetDB( DB_MASTER );
1796 } else {
1797 $db = wfGetDB( DB_SLAVE );
1798 }
1799 $ok = $db->selectField( 'user_newtalk', $field,
1800 array( $field => $id ), __METHOD__ );
1801 return $ok !== false;
1802 }
1803
1804 /**
1805 * Add or update the new messages flag
1806 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1807 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1808 * @return Bool True if successful, false otherwise
1809 */
1810 protected function updateNewtalk( $field, $id ) {
1811 $dbw = wfGetDB( DB_MASTER );
1812 $dbw->insert( 'user_newtalk',
1813 array( $field => $id ),
1814 __METHOD__,
1815 'IGNORE' );
1816 if ( $dbw->affectedRows() ) {
1817 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1818 return true;
1819 } else {
1820 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1821 return false;
1822 }
1823 }
1824
1825 /**
1826 * Clear the new messages flag for the given user
1827 * @param $field String 'user_ip' for anonymous users, 'user_id' otherwise
1828 * @param $id String|Int User's IP address for anonymous users, User ID otherwise
1829 * @return Bool True if successful, false otherwise
1830 */
1831 protected function deleteNewtalk( $field, $id ) {
1832 $dbw = wfGetDB( DB_MASTER );
1833 $dbw->delete( 'user_newtalk',
1834 array( $field => $id ),
1835 __METHOD__ );
1836 if ( $dbw->affectedRows() ) {
1837 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1838 return true;
1839 } else {
1840 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1841 return false;
1842 }
1843 }
1844
1845 /**
1846 * Update the 'You have new messages!' status.
1847 * @param $val Bool Whether the user has new messages
1848 */
1849 public function setNewtalk( $val ) {
1850 if( wfReadOnly() ) {
1851 return;
1852 }
1853
1854 $this->load();
1855 $this->mNewtalk = $val;
1856
1857 if( $this->isAnon() ) {
1858 $field = 'user_ip';
1859 $id = $this->getName();
1860 } else {
1861 $field = 'user_id';
1862 $id = $this->getId();
1863 }
1864 global $wgMemc;
1865
1866 if( $val ) {
1867 $changed = $this->updateNewtalk( $field, $id );
1868 } else {
1869 $changed = $this->deleteNewtalk( $field, $id );
1870 }
1871
1872 if( $this->isAnon() ) {
1873 // Anons have a separate memcached space, since
1874 // user records aren't kept for them.
1875 $key = wfMemcKey( 'newtalk', 'ip', $id );
1876 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1877 }
1878 if ( $changed ) {
1879 $this->invalidateCache();
1880 }
1881 }
1882
1883 /**
1884 * Generate a current or new-future timestamp to be stored in the
1885 * user_touched field when we update things.
1886 * @return String Timestamp in TS_MW format
1887 */
1888 private static function newTouchedTimestamp() {
1889 global $wgClockSkewFudge;
1890 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1891 }
1892
1893 /**
1894 * Clear user data from memcached.
1895 * Use after applying fun updates to the database; caller's
1896 * responsibility to update user_touched if appropriate.
1897 *
1898 * Called implicitly from invalidateCache() and saveSettings().
1899 */
1900 private function clearSharedCache() {
1901 $this->load();
1902 if( $this->mId ) {
1903 global $wgMemc;
1904 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1905 }
1906 }
1907
1908 /**
1909 * Immediately touch the user data cache for this account.
1910 * Updates user_touched field, and removes account data from memcached
1911 * for reload on the next hit.
1912 */
1913 public function invalidateCache() {
1914 if( wfReadOnly() ) {
1915 return;
1916 }
1917 $this->load();
1918 if( $this->mId ) {
1919 $this->mTouched = self::newTouchedTimestamp();
1920
1921 $dbw = wfGetDB( DB_MASTER );
1922 $dbw->update( 'user',
1923 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1924 array( 'user_id' => $this->mId ),
1925 __METHOD__ );
1926
1927 $this->clearSharedCache();
1928 }
1929 }
1930
1931 /**
1932 * Validate the cache for this account.
1933 * @param $timestamp String A timestamp in TS_MW format
1934 *
1935 * @return bool
1936 */
1937 public function validateCache( $timestamp ) {
1938 $this->load();
1939 return ( $timestamp >= $this->mTouched );
1940 }
1941
1942 /**
1943 * Get the user touched timestamp
1944 * @return String timestamp
1945 */
1946 public function getTouched() {
1947 $this->load();
1948 return $this->mTouched;
1949 }
1950
1951 /**
1952 * Set the password and reset the random token.
1953 * Calls through to authentication plugin if necessary;
1954 * will have no effect if the auth plugin refuses to
1955 * pass the change through or if the legal password
1956 * checks fail.
1957 *
1958 * As a special case, setting the password to null
1959 * wipes it, so the account cannot be logged in until
1960 * a new password is set, for instance via e-mail.
1961 *
1962 * @param $str String New password to set
1963 * @throws PasswordError on failure
1964 *
1965 * @return bool
1966 */
1967 public function setPassword( $str ) {
1968 global $wgAuth;
1969
1970 if( $str !== null ) {
1971 if( !$wgAuth->allowPasswordChange() ) {
1972 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1973 }
1974
1975 if( !$this->isValidPassword( $str ) ) {
1976 global $wgMinimalPasswordLength;
1977 $valid = $this->getPasswordValidity( $str );
1978 if ( is_array( $valid ) ) {
1979 $message = array_shift( $valid );
1980 $params = $valid;
1981 } else {
1982 $message = $valid;
1983 $params = array( $wgMinimalPasswordLength );
1984 }
1985 throw new PasswordError( wfMsgExt( $message, array( 'parsemag' ), $params ) );
1986 }
1987 }
1988
1989 if( !$wgAuth->setPassword( $this, $str ) ) {
1990 throw new PasswordError( wfMsg( 'externaldberror' ) );
1991 }
1992
1993 $this->setInternalPassword( $str );
1994
1995 return true;
1996 }
1997
1998 /**
1999 * Set the password and reset the random token unconditionally.
2000 *
2001 * @param $str String New password to set
2002 */
2003 public function setInternalPassword( $str ) {
2004 $this->load();
2005 $this->setToken();
2006
2007 if( $str === null ) {
2008 // Save an invalid hash...
2009 $this->mPassword = '';
2010 } else {
2011 $this->mPassword = self::crypt( $str );
2012 }
2013 $this->mNewpassword = '';
2014 $this->mNewpassTime = null;
2015 }
2016
2017 /**
2018 * Get the user's current token.
2019 * @return String Token
2020 */
2021 public function getToken() {
2022 $this->load();
2023 return $this->mToken;
2024 }
2025
2026 /**
2027 * Set the random token (used for persistent authentication)
2028 * Called from loadDefaults() among other places.
2029 *
2030 * @param $token String|bool If specified, set the token to this value
2031 */
2032 public function setToken( $token = false ) {
2033 global $wgSecretKey, $wgProxyKey;
2034 $this->load();
2035 if ( !$token ) {
2036 if ( $wgSecretKey ) {
2037 $key = $wgSecretKey;
2038 } elseif ( $wgProxyKey ) {
2039 $key = $wgProxyKey;
2040 } else {
2041 $key = microtime();
2042 }
2043 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
2044 } else {
2045 $this->mToken = $token;
2046 }
2047 }
2048
2049 /**
2050 * Set the cookie password
2051 *
2052 * @param $str String New cookie password
2053 */
2054 private function setCookiePassword( $str ) {
2055 $this->load();
2056 $this->mCookiePassword = md5( $str );
2057 }
2058
2059 /**
2060 * Set the password for a password reminder or new account email
2061 *
2062 * @param $str String New password to set
2063 * @param $throttle Bool If true, reset the throttle timestamp to the present
2064 */
2065 public function setNewpassword( $str, $throttle = true ) {
2066 $this->load();
2067 $this->mNewpassword = self::crypt( $str );
2068 if ( $throttle ) {
2069 $this->mNewpassTime = wfTimestampNow();
2070 }
2071 }
2072
2073 /**
2074 * Has password reminder email been sent within the last
2075 * $wgPasswordReminderResendTime hours?
2076 * @return Bool
2077 */
2078 public function isPasswordReminderThrottled() {
2079 global $wgPasswordReminderResendTime;
2080 $this->load();
2081 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2082 return false;
2083 }
2084 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2085 return time() < $expiry;
2086 }
2087
2088 /**
2089 * Get the user's e-mail address
2090 * @return String User's email address
2091 */
2092 public function getEmail() {
2093 $this->load();
2094 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2095 return $this->mEmail;
2096 }
2097
2098 /**
2099 * Get the timestamp of the user's e-mail authentication
2100 * @return String TS_MW timestamp
2101 */
2102 public function getEmailAuthenticationTimestamp() {
2103 $this->load();
2104 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2105 return $this->mEmailAuthenticated;
2106 }
2107
2108 /**
2109 * Set the user's e-mail address
2110 * @param $str String New e-mail address
2111 */
2112 public function setEmail( $str ) {
2113 $this->load();
2114 $this->mEmail = $str;
2115 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2116 }
2117
2118 /**
2119 * Get the user's real name
2120 * @return String User's real name
2121 */
2122 public function getRealName() {
2123 if ( !$this->isItemLoaded( 'realname' ) ) {
2124 $this->load();
2125 }
2126
2127 return $this->mRealName;
2128 }
2129
2130 /**
2131 * Set the user's real name
2132 * @param $str String New real name
2133 */
2134 public function setRealName( $str ) {
2135 $this->load();
2136 $this->mRealName = $str;
2137 }
2138
2139 /**
2140 * Get the user's current setting for a given option.
2141 *
2142 * @param $oname String The option to check
2143 * @param $defaultOverride String A default value returned if the option does not exist
2144 * @param $ignoreHidden Bool = whether to ignore the effects of $wgHiddenPrefs
2145 * @return String User's current value for the option
2146 * @see getBoolOption()
2147 * @see getIntOption()
2148 */
2149 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2150 global $wgHiddenPrefs;
2151 $this->loadOptions();
2152
2153 if ( is_null( $this->mOptions ) ) {
2154 if($defaultOverride != '') {
2155 return $defaultOverride;
2156 }
2157 $this->mOptions = User::getDefaultOptions();
2158 }
2159
2160 # We want 'disabled' preferences to always behave as the default value for
2161 # users, even if they have set the option explicitly in their settings (ie they
2162 # set it, and then it was disabled removing their ability to change it). But
2163 # we don't want to erase the preferences in the database in case the preference
2164 # is re-enabled again. So don't touch $mOptions, just override the returned value
2165 if( in_array( $oname, $wgHiddenPrefs ) && !$ignoreHidden ){
2166 return self::getDefaultOption( $oname );
2167 }
2168
2169 if ( array_key_exists( $oname, $this->mOptions ) ) {
2170 return $this->mOptions[$oname];
2171 } else {
2172 return $defaultOverride;
2173 }
2174 }
2175
2176 /**
2177 * Get all user's options
2178 *
2179 * @return array
2180 */
2181 public function getOptions() {
2182 global $wgHiddenPrefs;
2183 $this->loadOptions();
2184 $options = $this->mOptions;
2185
2186 # We want 'disabled' preferences to always behave as the default value for
2187 # users, even if they have set the option explicitly in their settings (ie they
2188 # set it, and then it was disabled removing their ability to change it). But
2189 # we don't want to erase the preferences in the database in case the preference
2190 # is re-enabled again. So don't touch $mOptions, just override the returned value
2191 foreach( $wgHiddenPrefs as $pref ){
2192 $default = self::getDefaultOption( $pref );
2193 if( $default !== null ){
2194 $options[$pref] = $default;
2195 }
2196 }
2197
2198 return $options;
2199 }
2200
2201 /**
2202 * Get the user's current setting for a given option, as a boolean value.
2203 *
2204 * @param $oname String The option to check
2205 * @return Bool User's current value for the option
2206 * @see getOption()
2207 */
2208 public function getBoolOption( $oname ) {
2209 return (bool)$this->getOption( $oname );
2210 }
2211
2212 /**
2213 * Get the user's current setting for a given option, as a boolean value.
2214 *
2215 * @param $oname String The option to check
2216 * @param $defaultOverride Int A default value returned if the option does not exist
2217 * @return Int User's current value for the option
2218 * @see getOption()
2219 */
2220 public function getIntOption( $oname, $defaultOverride=0 ) {
2221 $val = $this->getOption( $oname );
2222 if( $val == '' ) {
2223 $val = $defaultOverride;
2224 }
2225 return intval( $val );
2226 }
2227
2228 /**
2229 * Set the given option for a user.
2230 *
2231 * @param $oname String The option to set
2232 * @param $val mixed New value to set
2233 */
2234 public function setOption( $oname, $val ) {
2235 $this->load();
2236 $this->loadOptions();
2237
2238 // Explicitly NULL values should refer to defaults
2239 global $wgDefaultUserOptions;
2240 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2241 $val = $wgDefaultUserOptions[$oname];
2242 }
2243
2244 $this->mOptions[$oname] = $val;
2245 }
2246
2247 /**
2248 * Reset all options to the site defaults
2249 */
2250 public function resetOptions() {
2251 $this->mOptions = self::getDefaultOptions();
2252 }
2253
2254 /**
2255 * Get the user's preferred date format.
2256 * @return String User's preferred date format
2257 */
2258 public function getDatePreference() {
2259 // Important migration for old data rows
2260 if ( is_null( $this->mDatePreference ) ) {
2261 global $wgLang;
2262 $value = $this->getOption( 'date' );
2263 $map = $wgLang->getDatePreferenceMigrationMap();
2264 if ( isset( $map[$value] ) ) {
2265 $value = $map[$value];
2266 }
2267 $this->mDatePreference = $value;
2268 }
2269 return $this->mDatePreference;
2270 }
2271
2272 /**
2273 * Get the user preferred stub threshold
2274 *
2275 * @return int
2276 */
2277 public function getStubThreshold() {
2278 global $wgMaxArticleSize; # Maximum article size, in Kb
2279 $threshold = intval( $this->getOption( 'stubthreshold' ) );
2280 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2281 # If they have set an impossible value, disable the preference
2282 # so we can use the parser cache again.
2283 $threshold = 0;
2284 }
2285 return $threshold;
2286 }
2287
2288 /**
2289 * Get the permissions this user has.
2290 * @param $ns int If numeric, get permissions for this namespace
2291 * @return Array of String permission names
2292 */
2293 public function getRights( $ns = null ) {
2294 $key = is_null( $ns ) ? '*' : intval( $ns );
2295
2296 if ( is_null( $this->mRights ) ) {
2297 $this->mRights = array();
2298 }
2299
2300 if ( !isset( $this->mRights[$key] ) ) {
2301 $this->mRights[$key] = self::getGroupPermissions( $this->getEffectiveGroups(), $ns );
2302 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights[$key], $ns ) );
2303 // Force reindexation of rights when a hook has unset one of them
2304 $this->mRights[$key] = array_values( $this->mRights[$key] );
2305 }
2306 if ( is_null( $ns ) ) {
2307 return $this->mRights[$key];
2308 } else {
2309 // Merge non namespace specific rights
2310 return array_merge( $this->mRights[$key], $this->getRights() );
2311 }
2312
2313 }
2314
2315 /**
2316 * Get the list of explicit group memberships this user has.
2317 * The implicit * and user groups are not included.
2318 * @return Array of String internal group names
2319 */
2320 public function getGroups() {
2321 $this->load();
2322 $this->loadGroups();
2323 return $this->mGroups;
2324 }
2325
2326 /**
2327 * Get the list of implicit group memberships this user has.
2328 * This includes all explicit groups, plus 'user' if logged in,
2329 * '*' for all accounts, and autopromoted groups
2330 * @param $recache Bool Whether to avoid the cache
2331 * @return Array of String internal group names
2332 */
2333 public function getEffectiveGroups( $recache = false ) {
2334 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2335 wfProfileIn( __METHOD__ );
2336 $this->mEffectiveGroups = array_unique( array_merge(
2337 $this->getGroups(), // explicit groups
2338 $this->getAutomaticGroups( $recache ) // implicit groups
2339 ) );
2340 # Hook for additional groups
2341 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2342 wfProfileOut( __METHOD__ );
2343 }
2344 return $this->mEffectiveGroups;
2345 }
2346
2347 /**
2348 * Get the list of implicit group memberships this user has.
2349 * This includes 'user' if logged in, '*' for all accounts,
2350 * and autopromoted groups
2351 * @param $recache Bool Whether to avoid the cache
2352 * @return Array of String internal group names
2353 */
2354 public function getAutomaticGroups( $recache = false ) {
2355 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2356 wfProfileIn( __METHOD__ );
2357 $this->mImplicitGroups = array( '*' );
2358 if ( $this->getId() ) {
2359 $this->mImplicitGroups[] = 'user';
2360
2361 $this->mImplicitGroups = array_unique( array_merge(
2362 $this->mImplicitGroups,
2363 Autopromote::getAutopromoteGroups( $this )
2364 ) );
2365 }
2366 if ( $recache ) {
2367 # Assure data consistency with rights/groups,
2368 # as getEffectiveGroups() depends on this function
2369 $this->mEffectiveGroups = null;
2370 }
2371 wfProfileOut( __METHOD__ );
2372 }
2373 return $this->mImplicitGroups;
2374 }
2375
2376 /**
2377 * Returns the groups the user has belonged to.
2378 *
2379 * The user may still belong to the returned groups. Compare with getGroups().
2380 *
2381 * The function will not return groups the user had belonged to before MW 1.17
2382 *
2383 * @return array Names of the groups the user has belonged to.
2384 */
2385 public function getFormerGroups() {
2386 if( is_null( $this->mFormerGroups ) ) {
2387 $dbr = wfGetDB( DB_MASTER );
2388 $res = $dbr->select( 'user_former_groups',
2389 array( 'ufg_group' ),
2390 array( 'ufg_user' => $this->mId ),
2391 __METHOD__ );
2392 $this->mFormerGroups = array();
2393 foreach( $res as $row ) {
2394 $this->mFormerGroups[] = $row->ufg_group;
2395 }
2396 }
2397 return $this->mFormerGroups;
2398 }
2399
2400 /**
2401 * Get the user's edit count.
2402 * @return Int
2403 */
2404 public function getEditCount() {
2405 if( $this->getId() ) {
2406 if ( !isset( $this->mEditCount ) ) {
2407 /* Populate the count, if it has not been populated yet */
2408 $this->mEditCount = User::edits( $this->mId );
2409 }
2410 return $this->mEditCount;
2411 } else {
2412 /* nil */
2413 return null;
2414 }
2415 }
2416
2417 /**
2418 * Add the user to the given group.
2419 * This takes immediate effect.
2420 * @param $group String Name of the group to add
2421 */
2422 public function addGroup( $group ) {
2423 if( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2424 $dbw = wfGetDB( DB_MASTER );
2425 if( $this->getId() ) {
2426 $dbw->insert( 'user_groups',
2427 array(
2428 'ug_user' => $this->getID(),
2429 'ug_group' => $group,
2430 ),
2431 __METHOD__,
2432 array( 'IGNORE' ) );
2433 }
2434 }
2435 $this->loadGroups();
2436 $this->mGroups[] = $group;
2437 $this->mRights = null;
2438
2439 $this->invalidateCache();
2440 }
2441
2442 /**
2443 * Remove the user from the given group.
2444 * This takes immediate effect.
2445 * @param $group String Name of the group to remove
2446 */
2447 public function removeGroup( $group ) {
2448 $this->load();
2449 if( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2450 $dbw = wfGetDB( DB_MASTER );
2451 $dbw->delete( 'user_groups',
2452 array(
2453 'ug_user' => $this->getID(),
2454 'ug_group' => $group,
2455 ), __METHOD__ );
2456 // Remember that the user was in this group
2457 $dbw->insert( 'user_former_groups',
2458 array(
2459 'ufg_user' => $this->getID(),
2460 'ufg_group' => $group,
2461 ),
2462 __METHOD__,
2463 array( 'IGNORE' ) );
2464 }
2465 $this->loadGroups();
2466 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2467 $this->mRights = null;
2468
2469 $this->invalidateCache();
2470 }
2471
2472 /**
2473 * Get whether the user is logged in
2474 * @return Bool
2475 */
2476 public function isLoggedIn() {
2477 return $this->getID() != 0;
2478 }
2479
2480 /**
2481 * Get whether the user is anonymous
2482 * @return Bool
2483 */
2484 public function isAnon() {
2485 return !$this->isLoggedIn();
2486 }
2487
2488 /**
2489 * Check if user is allowed to access a feature / make an action
2490 *
2491 * @internal param \String $varargs permissions to test
2492 * @return Boolean: True if user is allowed to perform *any* of the given actions
2493 *
2494 * @return bool
2495 */
2496 public function isAllowedAny( /*...*/ ){
2497 $permissions = func_get_args();
2498 foreach( $permissions as $permission ){
2499 if( $this->isAllowed( $permission ) ){
2500 return true;
2501 }
2502 }
2503 return false;
2504 }
2505
2506 /**
2507 *
2508 * @internal param $varargs string
2509 * @return bool True if the user is allowed to perform *all* of the given actions
2510 */
2511 public function isAllowedAll( /*...*/ ){
2512 $permissions = func_get_args();
2513 foreach( $permissions as $permission ){
2514 if( !$this->isAllowed( $permission ) ){
2515 return false;
2516 }
2517 }
2518 return true;
2519 }
2520
2521 /**
2522 * Internal mechanics of testing a permission
2523 * @param $action String
2524 * @param $ns int|null Namespace optional
2525 * @return bool
2526 */
2527 public function isAllowed( $action = '', $ns = null ) {
2528 if ( $action === '' ) {
2529 return true; // In the spirit of DWIM
2530 }
2531 # Patrolling may not be enabled
2532 if( $action === 'patrol' || $action === 'autopatrol' ) {
2533 global $wgUseRCPatrol, $wgUseNPPatrol;
2534 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2535 return false;
2536 }
2537 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2538 # by misconfiguration: 0 == 'foo'
2539 return in_array( $action, $this->getRights( $ns ), true );
2540 }
2541
2542 /**
2543 * Check whether to enable recent changes patrol features for this user
2544 * @return Boolean: True or false
2545 */
2546 public function useRCPatrol() {
2547 global $wgUseRCPatrol;
2548 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2549 }
2550
2551 /**
2552 * Check whether to enable new pages patrol features for this user
2553 * @return Bool True or false
2554 */
2555 public function useNPPatrol() {
2556 global $wgUseRCPatrol, $wgUseNPPatrol;
2557 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) );
2558 }
2559
2560 /**
2561 * Get the WebRequest object to use with this object
2562 *
2563 * @return WebRequest
2564 */
2565 public function getRequest() {
2566 if ( $this->mRequest ) {
2567 return $this->mRequest;
2568 } else {
2569 global $wgRequest;
2570 return $wgRequest;
2571 }
2572 }
2573
2574 /**
2575 * Get the current skin, loading it if required
2576 * @return Skin The current skin
2577 * @todo FIXME: Need to check the old failback system [AV]
2578 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2579 */
2580 public function getSkin() {
2581 return RequestContext::getMain()->getSkin();
2582 }
2583
2584 /**
2585 * Check the watched status of an article.
2586 * @param $title Title of the article to look at
2587 * @return Bool
2588 */
2589 public function isWatched( $title ) {
2590 $wl = WatchedItem::fromUserTitle( $this, $title );
2591 return $wl->isWatched();
2592 }
2593
2594 /**
2595 * Watch an article.
2596 * @param $title Title of the article to look at
2597 */
2598 public function addWatch( $title ) {
2599 $wl = WatchedItem::fromUserTitle( $this, $title );
2600 $wl->addWatch();
2601 $this->invalidateCache();
2602 }
2603
2604 /**
2605 * Stop watching an article.
2606 * @param $title Title of the article to look at
2607 */
2608 public function removeWatch( $title ) {
2609 $wl = WatchedItem::fromUserTitle( $this, $title );
2610 $wl->removeWatch();
2611 $this->invalidateCache();
2612 }
2613
2614 /**
2615 * Cleans up watchlist by removing invalid entries from it
2616 */
2617 public function cleanupWatchlist() {
2618 $dbw = wfGetDB( DB_MASTER );
2619 $dbw->delete( 'watchlist', array( 'wl_namespace < 0', 'wl_user' => $this->getId() ), __METHOD__ );
2620 }
2621
2622 /**
2623 * Clear the user's notification timestamp for the given title.
2624 * If e-notif e-mails are on, they will receive notification mails on
2625 * the next change of the page if it's watched etc.
2626 * @param $title Title of the article to look at
2627 */
2628 public function clearNotification( &$title ) {
2629 global $wgUseEnotif, $wgShowUpdatedMarker;
2630
2631 # Do nothing if the database is locked to writes
2632 if( wfReadOnly() ) {
2633 return;
2634 }
2635
2636 if( $title->getNamespace() == NS_USER_TALK &&
2637 $title->getText() == $this->getName() ) {
2638 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2639 return;
2640 $this->setNewtalk( false );
2641 }
2642
2643 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2644 return;
2645 }
2646
2647 if( $this->isAnon() ) {
2648 // Nothing else to do...
2649 return;
2650 }
2651
2652 // Only update the timestamp if the page is being watched.
2653 // The query to find out if it is watched is cached both in memcached and per-invocation,
2654 // and when it does have to be executed, it can be on a slave
2655 // If this is the user's newtalk page, we always update the timestamp
2656 if( $title->getNamespace() == NS_USER_TALK &&
2657 $title->getText() == $this->getName() )
2658 {
2659 $watched = true;
2660 } else {
2661 $watched = $this->isWatched( $title );
2662 }
2663
2664 // If the page is watched by the user (or may be watched), update the timestamp on any
2665 // any matching rows
2666 if ( $watched ) {
2667 $dbw = wfGetDB( DB_MASTER );
2668 $dbw->update( 'watchlist',
2669 array( /* SET */
2670 'wl_notificationtimestamp' => null
2671 ), array( /* WHERE */
2672 'wl_title' => $title->getDBkey(),
2673 'wl_namespace' => $title->getNamespace(),
2674 'wl_user' => $this->getID()
2675 ), __METHOD__
2676 );
2677 }
2678 }
2679
2680 /**
2681 * Resets all of the given user's page-change notification timestamps.
2682 * If e-notif e-mails are on, they will receive notification mails on
2683 * the next change of any watched page.
2684 */
2685 public function clearAllNotifications() {
2686 global $wgUseEnotif, $wgShowUpdatedMarker;
2687 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2688 $this->setNewtalk( false );
2689 return;
2690 }
2691 $id = $this->getId();
2692 if( $id != 0 ) {
2693 $dbw = wfGetDB( DB_MASTER );
2694 $dbw->update( 'watchlist',
2695 array( /* SET */
2696 'wl_notificationtimestamp' => null
2697 ), array( /* WHERE */
2698 'wl_user' => $id
2699 ), __METHOD__
2700 );
2701 # We also need to clear here the "you have new message" notification for the own user_talk page
2702 # This is cleared one page view later in Article::viewUpdates();
2703 }
2704 }
2705
2706 /**
2707 * Set this user's options from an encoded string
2708 * @param $str String Encoded options to import
2709 *
2710 * @deprecated in 1.19 due to removal of user_options from the user table
2711 */
2712 private function decodeOptions( $str ) {
2713 if( !$str )
2714 return;
2715
2716 $this->mOptionsLoaded = true;
2717 $this->mOptionOverrides = array();
2718
2719 // If an option is not set in $str, use the default value
2720 $this->mOptions = self::getDefaultOptions();
2721
2722 $a = explode( "\n", $str );
2723 foreach ( $a as $s ) {
2724 $m = array();
2725 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2726 $this->mOptions[$m[1]] = $m[2];
2727 $this->mOptionOverrides[$m[1]] = $m[2];
2728 }
2729 }
2730 }
2731
2732 /**
2733 * Set a cookie on the user's client. Wrapper for
2734 * WebResponse::setCookie
2735 * @param $name String Name of the cookie to set
2736 * @param $value String Value to set
2737 * @param $exp Int Expiration time, as a UNIX time value;
2738 * if 0 or not specified, use the default $wgCookieExpiration
2739 */
2740 protected function setCookie( $name, $value, $exp = 0 ) {
2741 $this->getRequest()->response()->setcookie( $name, $value, $exp );
2742 }
2743
2744 /**
2745 * Clear a cookie on the user's client
2746 * @param $name String Name of the cookie to clear
2747 */
2748 protected function clearCookie( $name ) {
2749 $this->setCookie( $name, '', time() - 86400 );
2750 }
2751
2752 /**
2753 * Set the default cookies for this session on the user's client.
2754 *
2755 * @param $request WebRequest object to use; $wgRequest will be used if null
2756 * is passed.
2757 */
2758 public function setCookies( $request = null ) {
2759 if ( $request === null ) {
2760 $request = $this->getRequest();
2761 }
2762
2763 $this->load();
2764 if ( 0 == $this->mId ) return;
2765 $session = array(
2766 'wsUserID' => $this->mId,
2767 'wsToken' => $this->mToken,
2768 'wsUserName' => $this->getName()
2769 );
2770 $cookies = array(
2771 'UserID' => $this->mId,
2772 'UserName' => $this->getName(),
2773 );
2774 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2775 $cookies['Token'] = $this->mToken;
2776 } else {
2777 $cookies['Token'] = false;
2778 }
2779
2780 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2781
2782 foreach ( $session as $name => $value ) {
2783 $request->setSessionData( $name, $value );
2784 }
2785 foreach ( $cookies as $name => $value ) {
2786 if ( $value === false ) {
2787 $this->clearCookie( $name );
2788 } else {
2789 $this->setCookie( $name, $value );
2790 }
2791 }
2792 }
2793
2794 /**
2795 * Log this user out.
2796 */
2797 public function logout() {
2798 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2799 $this->doLogout();
2800 }
2801 }
2802
2803 /**
2804 * Clear the user's cookies and session, and reset the instance cache.
2805 * @see logout()
2806 */
2807 public function doLogout() {
2808 $this->clearInstanceCache( 'defaults' );
2809
2810 $this->getRequest()->setSessionData( 'wsUserID', 0 );
2811
2812 $this->clearCookie( 'UserID' );
2813 $this->clearCookie( 'Token' );
2814
2815 # Remember when user logged out, to prevent seeing cached pages
2816 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2817 }
2818
2819 /**
2820 * Save this user's settings into the database.
2821 * @todo Only rarely do all these fields need to be set!
2822 */
2823 public function saveSettings() {
2824 $this->load();
2825 if ( wfReadOnly() ) { return; }
2826 if ( 0 == $this->mId ) { return; }
2827
2828 $this->mTouched = self::newTouchedTimestamp();
2829
2830 $dbw = wfGetDB( DB_MASTER );
2831 $dbw->update( 'user',
2832 array( /* SET */
2833 'user_name' => $this->mName,
2834 'user_password' => $this->mPassword,
2835 'user_newpassword' => $this->mNewpassword,
2836 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2837 'user_real_name' => $this->mRealName,
2838 'user_email' => $this->mEmail,
2839 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2840 'user_touched' => $dbw->timestamp( $this->mTouched ),
2841 'user_token' => $this->mToken,
2842 'user_email_token' => $this->mEmailToken,
2843 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2844 ), array( /* WHERE */
2845 'user_id' => $this->mId
2846 ), __METHOD__
2847 );
2848
2849 $this->saveOptions();
2850
2851 wfRunHooks( 'UserSaveSettings', array( $this ) );
2852 $this->clearSharedCache();
2853 $this->getUserPage()->invalidateCache();
2854 }
2855
2856 /**
2857 * If only this user's username is known, and it exists, return the user ID.
2858 * @return Int
2859 */
2860 public function idForName() {
2861 $s = trim( $this->getName() );
2862 if ( $s === '' ) return 0;
2863
2864 $dbr = wfGetDB( DB_SLAVE );
2865 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2866 if ( $id === false ) {
2867 $id = 0;
2868 }
2869 return $id;
2870 }
2871
2872 /**
2873 * Add a user to the database, return the user object
2874 *
2875 * @param $name String Username to add
2876 * @param $params Array of Strings Non-default parameters to save to the database as user_* fields:
2877 * - password The user's password hash. Password logins will be disabled if this is omitted.
2878 * - newpassword Hash for a temporary password that has been mailed to the user
2879 * - email The user's email address
2880 * - email_authenticated The email authentication timestamp
2881 * - real_name The user's real name
2882 * - options An associative array of non-default options
2883 * - token Random authentication token. Do not set.
2884 * - registration Registration timestamp. Do not set.
2885 *
2886 * @return User object, or null if the username already exists
2887 */
2888 public static function createNew( $name, $params = array() ) {
2889 $user = new User;
2890 $user->load();
2891 if ( isset( $params['options'] ) ) {
2892 $user->mOptions = $params['options'] + (array)$user->mOptions;
2893 unset( $params['options'] );
2894 }
2895 $dbw = wfGetDB( DB_MASTER );
2896 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2897
2898 $fields = array(
2899 'user_id' => $seqVal,
2900 'user_name' => $name,
2901 'user_password' => $user->mPassword,
2902 'user_newpassword' => $user->mNewpassword,
2903 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
2904 'user_email' => $user->mEmail,
2905 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2906 'user_real_name' => $user->mRealName,
2907 'user_token' => $user->mToken,
2908 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2909 'user_editcount' => 0,
2910 );
2911 foreach ( $params as $name => $value ) {
2912 $fields["user_$name"] = $value;
2913 }
2914 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2915 if ( $dbw->affectedRows() ) {
2916 $newUser = User::newFromId( $dbw->insertId() );
2917 } else {
2918 $newUser = null;
2919 }
2920 return $newUser;
2921 }
2922
2923 /**
2924 * Add this existing user object to the database
2925 */
2926 public function addToDatabase() {
2927 $this->load();
2928 $dbw = wfGetDB( DB_MASTER );
2929 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2930 $dbw->insert( 'user',
2931 array(
2932 'user_id' => $seqVal,
2933 'user_name' => $this->mName,
2934 'user_password' => $this->mPassword,
2935 'user_newpassword' => $this->mNewpassword,
2936 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2937 'user_email' => $this->mEmail,
2938 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2939 'user_real_name' => $this->mRealName,
2940 'user_token' => $this->mToken,
2941 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2942 'user_editcount' => 0,
2943 ), __METHOD__
2944 );
2945 $this->mId = $dbw->insertId();
2946
2947 // Clear instance cache other than user table data, which is already accurate
2948 $this->clearInstanceCache();
2949
2950 $this->saveOptions();
2951 }
2952
2953 /**
2954 * If this user is logged-in and blocked,
2955 * block any IP address they've successfully logged in from.
2956 * @return bool A block was spread
2957 */
2958 public function spreadAnyEditBlock() {
2959 if ( $this->isLoggedIn() && $this->isBlocked() ) {
2960 return $this->spreadBlock();
2961 }
2962 return false;
2963 }
2964
2965 /**
2966 * If this (non-anonymous) user is blocked,
2967 * block the IP address they've successfully logged in from.
2968 * @return bool A block was spread
2969 */
2970 protected function spreadBlock() {
2971 wfDebug( __METHOD__ . "()\n" );
2972 $this->load();
2973 if ( $this->mId == 0 ) {
2974 return false;
2975 }
2976
2977 $userblock = Block::newFromTarget( $this->getName() );
2978 if ( !$userblock ) {
2979 return false;
2980 }
2981
2982 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
2983 }
2984
2985 /**
2986 * Generate a string which will be different for any combination of
2987 * user options which would produce different parser output.
2988 * This will be used as part of the hash key for the parser cache,
2989 * so users with the same options can share the same cached data
2990 * safely.
2991 *
2992 * Extensions which require it should install 'PageRenderingHash' hook,
2993 * which will give them a chance to modify this key based on their own
2994 * settings.
2995 *
2996 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
2997 * @return String Page rendering hash
2998 */
2999 public function getPageRenderingHash() {
3000 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
3001 if( $this->mHash ){
3002 return $this->mHash;
3003 }
3004 wfDeprecated( __METHOD__ );
3005
3006 // stubthreshold is only included below for completeness,
3007 // since it disables the parser cache, its value will always
3008 // be 0 when this function is called by parsercache.
3009
3010 $confstr = $this->getOption( 'math' );
3011 $confstr .= '!' . $this->getStubThreshold();
3012 if ( $wgUseDynamicDates ) { # This is wrong (bug 24714)
3013 $confstr .= '!' . $this->getDatePreference();
3014 }
3015 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
3016 $confstr .= '!' . $wgLang->getCode();
3017 $confstr .= '!' . $this->getOption( 'thumbsize' );
3018 // add in language specific options, if any
3019 $extra = $wgContLang->getExtraHashOptions();
3020 $confstr .= $extra;
3021
3022 // Since the skin could be overloading link(), it should be
3023 // included here but in practice, none of our skins do that.
3024
3025 $confstr .= $wgRenderHashAppend;
3026
3027 // Give a chance for extensions to modify the hash, if they have
3028 // extra options or other effects on the parser cache.
3029 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3030
3031 // Make it a valid memcached key fragment
3032 $confstr = str_replace( ' ', '_', $confstr );
3033 $this->mHash = $confstr;
3034 return $confstr;
3035 }
3036
3037 /**
3038 * Get whether the user is explicitly blocked from account creation.
3039 * @return Bool|Block
3040 */
3041 public function isBlockedFromCreateAccount() {
3042 $this->getBlockedStatus();
3043 if( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ){
3044 return $this->mBlock;
3045 }
3046
3047 # bug 13611: if the IP address the user is trying to create an account from is
3048 # blocked with createaccount disabled, prevent new account creation there even
3049 # when the user is logged in
3050 if( $this->mBlockedFromCreateAccount === false ){
3051 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3052 }
3053 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3054 ? $this->mBlockedFromCreateAccount
3055 : false;
3056 }
3057
3058 /**
3059 * Get whether the user is blocked from using Special:Emailuser.
3060 * @return Bool
3061 */
3062 public function isBlockedFromEmailuser() {
3063 $this->getBlockedStatus();
3064 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3065 }
3066
3067 /**
3068 * Get whether the user is allowed to create an account.
3069 * @return Bool
3070 */
3071 function isAllowedToCreateAccount() {
3072 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3073 }
3074
3075 /**
3076 * Get this user's personal page title.
3077 *
3078 * @return Title: User's personal page title
3079 */
3080 public function getUserPage() {
3081 return Title::makeTitle( NS_USER, $this->getName() );
3082 }
3083
3084 /**
3085 * Get this user's talk page title.
3086 *
3087 * @return Title: User's talk page title
3088 */
3089 public function getTalkPage() {
3090 $title = $this->getUserPage();
3091 return $title->getTalkPage();
3092 }
3093
3094 /**
3095 * Determine whether the user is a newbie. Newbies are either
3096 * anonymous IPs, or the most recently created accounts.
3097 * @return Bool
3098 */
3099 public function isNewbie() {
3100 return !$this->isAllowed( 'autoconfirmed' );
3101 }
3102
3103 /**
3104 * Check to see if the given clear-text password is one of the accepted passwords
3105 * @param $password String: user password.
3106 * @return Boolean: True if the given password is correct, otherwise False.
3107 */
3108 public function checkPassword( $password ) {
3109 global $wgAuth, $wgLegacyEncoding;
3110 $this->load();
3111
3112 // Even though we stop people from creating passwords that
3113 // are shorter than this, doesn't mean people wont be able
3114 // to. Certain authentication plugins do NOT want to save
3115 // domain passwords in a mysql database, so we should
3116 // check this (in case $wgAuth->strict() is false).
3117 if( !$this->isValidPassword( $password ) ) {
3118 return false;
3119 }
3120
3121 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
3122 return true;
3123 } elseif( $wgAuth->strict() ) {
3124 /* Auth plugin doesn't allow local authentication */
3125 return false;
3126 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
3127 /* Auth plugin doesn't allow local authentication for this user name */
3128 return false;
3129 }
3130 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3131 return true;
3132 } elseif ( $wgLegacyEncoding ) {
3133 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3134 # Check for this with iconv
3135 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3136 if ( $cp1252Password != $password &&
3137 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3138 {
3139 return true;
3140 }
3141 }
3142 return false;
3143 }
3144
3145 /**
3146 * Check if the given clear-text password matches the temporary password
3147 * sent by e-mail for password reset operations.
3148 *
3149 * @param $plaintext string
3150 *
3151 * @return Boolean: True if matches, false otherwise
3152 */
3153 public function checkTemporaryPassword( $plaintext ) {
3154 global $wgNewPasswordExpiry;
3155
3156 $this->load();
3157 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3158 if ( is_null( $this->mNewpassTime ) ) {
3159 return true;
3160 }
3161 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3162 return ( time() < $expiry );
3163 } else {
3164 return false;
3165 }
3166 }
3167
3168 /**
3169 * Alias for getEditToken.
3170 * @deprecated since 1.19, use getEditToken instead.
3171 *
3172 * @param $salt String|Array of Strings Optional function-specific data for hashing
3173 * @param $request WebRequest object to use or null to use $wgRequest
3174 * @return String The new edit token
3175 */
3176 public function editToken( $salt = '', $request = null ) {
3177 return $this->getEditToken( $salt, $request );
3178 }
3179
3180 /**
3181 * Initialize (if necessary) and return a session token value
3182 * which can be used in edit forms to show that the user's
3183 * login credentials aren't being hijacked with a foreign form
3184 * submission.
3185 *
3186 * @since 1.19
3187 *
3188 * @param $salt String|Array of Strings Optional function-specific data for hashing
3189 * @param $request WebRequest object to use or null to use $wgRequest
3190 * @return String The new edit token
3191 */
3192 public function getEditToken( $salt = '', $request = null ) {
3193 if ( $request == null ) {
3194 $request = $this->getRequest();
3195 }
3196
3197 if ( $this->isAnon() ) {
3198 return EDIT_TOKEN_SUFFIX;
3199 } else {
3200 $token = $request->getSessionData( 'wsEditToken' );
3201 if ( $token === null ) {
3202 $token = self::generateToken();
3203 $request->setSessionData( 'wsEditToken', $token );
3204 }
3205 if( is_array( $salt ) ) {
3206 $salt = implode( '|', $salt );
3207 }
3208 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3209 }
3210 }
3211
3212 /**
3213 * Generate a looking random token for various uses.
3214 *
3215 * @param $salt String Optional salt value
3216 * @return String The new random token
3217 */
3218 public static function generateToken( $salt = '' ) {
3219 $token = dechex( mt_rand() ) . dechex( mt_rand() );
3220 return md5( $token . $salt );
3221 }
3222
3223 /**
3224 * Check given value against the token value stored in the session.
3225 * A match should confirm that the form was submitted from the
3226 * user's own login session, not a form submission from a third-party
3227 * site.
3228 *
3229 * @param $val String Input value to compare
3230 * @param $salt String Optional function-specific data for hashing
3231 * @param $request WebRequest object to use or null to use $wgRequest
3232 * @return Boolean: Whether the token matches
3233 */
3234 public function matchEditToken( $val, $salt = '', $request = null ) {
3235 $sessionToken = $this->editToken( $salt, $request );
3236 if ( $val != $sessionToken ) {
3237 wfDebug( "User::matchEditToken: broken session data\n" );
3238 }
3239 return $val == $sessionToken;
3240 }
3241
3242 /**
3243 * Check given value against the token value stored in the session,
3244 * ignoring the suffix.
3245 *
3246 * @param $val String Input value to compare
3247 * @param $salt String Optional function-specific data for hashing
3248 * @param $request WebRequest object to use or null to use $wgRequest
3249 * @return Boolean: Whether the token matches
3250 */
3251 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3252 $sessionToken = $this->editToken( $salt, $request );
3253 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3254 }
3255
3256 /**
3257 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3258 * mail to the user's given address.
3259 *
3260 * @param $type String: message to send, either "created", "changed" or "set"
3261 * @return Status object
3262 */
3263 public function sendConfirmationMail( $type = 'created' ) {
3264 global $wgLang;
3265 $expiration = null; // gets passed-by-ref and defined in next line.
3266 $token = $this->confirmationToken( $expiration );
3267 $url = $this->confirmationTokenUrl( $token );
3268 $invalidateURL = $this->invalidationTokenUrl( $token );
3269 $this->saveSettings();
3270
3271 if ( $type == 'created' || $type === false ) {
3272 $message = 'confirmemail_body';
3273 } elseif ( $type === true ) {
3274 $message = 'confirmemail_body_changed';
3275 } else {
3276 $message = 'confirmemail_body_' . $type;
3277 }
3278
3279 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
3280 wfMsg( $message,
3281 $this->getRequest()->getIP(),
3282 $this->getName(),
3283 $url,
3284 $wgLang->timeanddate( $expiration, false ),
3285 $invalidateURL,
3286 $wgLang->date( $expiration, false ),
3287 $wgLang->time( $expiration, false ) ) );
3288 }
3289
3290 /**
3291 * Send an e-mail to this user's account. Does not check for
3292 * confirmed status or validity.
3293 *
3294 * @param $subject String Message subject
3295 * @param $body String Message body
3296 * @param $from String Optional From address; if unspecified, default $wgPasswordSender will be used
3297 * @param $replyto String Reply-To address
3298 * @return Status
3299 */
3300 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3301 if( is_null( $from ) ) {
3302 global $wgPasswordSender, $wgPasswordSenderName;
3303 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3304 } else {
3305 $sender = new MailAddress( $from );
3306 }
3307
3308 $to = new MailAddress( $this );
3309 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3310 }
3311
3312 /**
3313 * Generate, store, and return a new e-mail confirmation code.
3314 * A hash (unsalted, since it's used as a key) is stored.
3315 *
3316 * @note Call saveSettings() after calling this function to commit
3317 * this change to the database.
3318 *
3319 * @param &$expiration \mixed Accepts the expiration time
3320 * @return String New token
3321 */
3322 private function confirmationToken( &$expiration ) {
3323 global $wgUserEmailConfirmationTokenExpiry;
3324 $now = time();
3325 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3326 $expiration = wfTimestamp( TS_MW, $expires );
3327 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
3328 $hash = md5( $token );
3329 $this->load();
3330 $this->mEmailToken = $hash;
3331 $this->mEmailTokenExpires = $expiration;
3332 return $token;
3333 }
3334
3335 /**
3336 * Return a URL the user can use to confirm their email address.
3337 * @param $token String Accepts the email confirmation token
3338 * @return String New token URL
3339 */
3340 private function confirmationTokenUrl( $token ) {
3341 return $this->getTokenUrl( 'ConfirmEmail', $token );
3342 }
3343
3344 /**
3345 * Return a URL the user can use to invalidate their email address.
3346 * @param $token String Accepts the email confirmation token
3347 * @return String New token URL
3348 */
3349 private function invalidationTokenUrl( $token ) {
3350 return $this->getTokenUrl( 'Invalidateemail', $token );
3351 }
3352
3353 /**
3354 * Internal function to format the e-mail validation/invalidation URLs.
3355 * This uses a quickie hack to use the
3356 * hardcoded English names of the Special: pages, for ASCII safety.
3357 *
3358 * @note Since these URLs get dropped directly into emails, using the
3359 * short English names avoids insanely long URL-encoded links, which
3360 * also sometimes can get corrupted in some browsers/mailers
3361 * (bug 6957 with Gmail and Internet Explorer).
3362 *
3363 * @param $page String Special page
3364 * @param $token String Token
3365 * @return String Formatted URL
3366 */
3367 protected function getTokenUrl( $page, $token ) {
3368 // Hack to bypass localization of 'Special:'
3369 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3370 return $title->getCanonicalUrl();
3371 }
3372
3373 /**
3374 * Mark the e-mail address confirmed.
3375 *
3376 * @note Call saveSettings() after calling this function to commit the change.
3377 *
3378 * @return true
3379 */
3380 public function confirmEmail() {
3381 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3382 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3383 return true;
3384 }
3385
3386 /**
3387 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3388 * address if it was already confirmed.
3389 *
3390 * @note Call saveSettings() after calling this function to commit the change.
3391 * @return true
3392 */
3393 function invalidateEmail() {
3394 $this->load();
3395 $this->mEmailToken = null;
3396 $this->mEmailTokenExpires = null;
3397 $this->setEmailAuthenticationTimestamp( null );
3398 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3399 return true;
3400 }
3401
3402 /**
3403 * Set the e-mail authentication timestamp.
3404 * @param $timestamp String TS_MW timestamp
3405 */
3406 function setEmailAuthenticationTimestamp( $timestamp ) {
3407 $this->load();
3408 $this->mEmailAuthenticated = $timestamp;
3409 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3410 }
3411
3412 /**
3413 * Is this user allowed to send e-mails within limits of current
3414 * site configuration?
3415 * @return Bool
3416 */
3417 public function canSendEmail() {
3418 global $wgEnableEmail, $wgEnableUserEmail;
3419 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3420 return false;
3421 }
3422 $canSend = $this->isEmailConfirmed();
3423 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3424 return $canSend;
3425 }
3426
3427 /**
3428 * Is this user allowed to receive e-mails within limits of current
3429 * site configuration?
3430 * @return Bool
3431 */
3432 public function canReceiveEmail() {
3433 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3434 }
3435
3436 /**
3437 * Is this user's e-mail address valid-looking and confirmed within
3438 * limits of the current site configuration?
3439 *
3440 * @note If $wgEmailAuthentication is on, this may require the user to have
3441 * confirmed their address by returning a code or using a password
3442 * sent to the address from the wiki.
3443 *
3444 * @return Bool
3445 */
3446 public function isEmailConfirmed() {
3447 global $wgEmailAuthentication;
3448 $this->load();
3449 $confirmed = true;
3450 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3451 if( $this->isAnon() ) {
3452 return false;
3453 }
3454 if( !Sanitizer::validateEmail( $this->mEmail ) ) {
3455 return false;
3456 }
3457 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3458 return false;
3459 }
3460 return true;
3461 } else {
3462 return $confirmed;
3463 }
3464 }
3465
3466 /**
3467 * Check whether there is an outstanding request for e-mail confirmation.
3468 * @return Bool
3469 */
3470 public function isEmailConfirmationPending() {
3471 global $wgEmailAuthentication;
3472 return $wgEmailAuthentication &&
3473 !$this->isEmailConfirmed() &&
3474 $this->mEmailToken &&
3475 $this->mEmailTokenExpires > wfTimestamp();
3476 }
3477
3478 /**
3479 * Get the timestamp of account creation.
3480 *
3481 * @return String|Bool Timestamp of account creation, or false for
3482 * non-existent/anonymous user accounts.
3483 */
3484 public function getRegistration() {
3485 if ( $this->isAnon() ) {
3486 return false;
3487 }
3488 $this->load();
3489 return $this->mRegistration;
3490 }
3491
3492 /**
3493 * Get the timestamp of the first edit
3494 *
3495 * @return String|Bool Timestamp of first edit, or false for
3496 * non-existent/anonymous user accounts.
3497 */
3498 public function getFirstEditTimestamp() {
3499 if( $this->getId() == 0 ) {
3500 return false; // anons
3501 }
3502 $dbr = wfGetDB( DB_SLAVE );
3503 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3504 array( 'rev_user' => $this->getId() ),
3505 __METHOD__,
3506 array( 'ORDER BY' => 'rev_timestamp ASC' )
3507 );
3508 if( !$time ) {
3509 return false; // no edits
3510 }
3511 return wfTimestamp( TS_MW, $time );
3512 }
3513
3514 /**
3515 * Get the permissions associated with a given list of groups
3516 *
3517 * @param $groups Array of Strings List of internal group names
3518 * @param $ns int
3519 *
3520 * @return Array of Strings List of permission key names for given groups combined
3521 */
3522 public static function getGroupPermissions( array $groups, $ns = null ) {
3523 global $wgGroupPermissions, $wgRevokePermissions;
3524 $rights = array();
3525
3526 // Grant every granted permission first
3527 foreach( $groups as $group ) {
3528 if( isset( $wgGroupPermissions[$group] ) ) {
3529 $rights = array_merge( $rights, self::extractRights(
3530 $wgGroupPermissions[$group], $ns ) );
3531 }
3532 }
3533
3534 // Revoke the revoked permissions
3535 foreach( $groups as $group ) {
3536 if( isset( $wgRevokePermissions[$group] ) ) {
3537 $rights = array_diff( $rights, self::extractRights(
3538 $wgRevokePermissions[$group], $ns ) );
3539 }
3540 }
3541 return array_unique( $rights );
3542 }
3543
3544 /**
3545 * Helper for User::getGroupPermissions
3546 * @param $list array
3547 * @param $ns int
3548 * @return array
3549 */
3550 private static function extractRights( $list, $ns ) {
3551 $rights = array();
3552 foreach( $list as $right => $value ) {
3553 if ( is_array( $value ) ) {
3554 # This is a list of namespaces where the permission applies
3555 if ( !is_null( $ns ) && !empty( $value[$ns] ) ) {
3556 $rights[] = $right;
3557 }
3558 } else {
3559 # This is a boolean indicating that the permission applies
3560 if ( $value ) {
3561 $rights[] = $right;
3562 }
3563 }
3564 }
3565 return $rights;
3566 }
3567
3568 /**
3569 * Get all the groups who have a given permission
3570 *
3571 * @param $role String Role to check
3572 * @param $ns int
3573 *
3574 *
3575 * @return Array of Strings List of internal group names with the given permission
3576 */
3577 public static function getGroupsWithPermission( $role, $ns = null ) {
3578 global $wgGroupPermissions;
3579 $allowedGroups = array();
3580 foreach ( $wgGroupPermissions as $group => $rights ) {
3581 if ( in_array( $role, self::getGroupPermissions( array( $group ), $ns ), true ) ) {
3582 $allowedGroups[] = $group;
3583 }
3584 }
3585 return $allowedGroups;
3586 }
3587
3588 /**
3589 * Get the localized descriptive name for a group, if it exists
3590 *
3591 * @param $group String Internal group name
3592 * @return String Localized descriptive group name
3593 */
3594 public static function getGroupName( $group ) {
3595 $msg = wfMessage( "group-$group" );
3596 return $msg->isBlank() ? $group : $msg->text();
3597 }
3598
3599 /**
3600 * Get the localized descriptive name for a member of a group, if it exists
3601 *
3602 * @param $group String Internal group name
3603 * @param $username String Username for gender (since 1.19)
3604 * @return String Localized name for group member
3605 */
3606 public static function getGroupMember( $group, $username = '#' ) {
3607 $msg = wfMessage( "group-$group-member", $username );
3608 return $msg->isBlank() ? $group : $msg->text();
3609 }
3610
3611 /**
3612 * Return the set of defined explicit groups.
3613 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3614 * are not included, as they are defined automatically, not in the database.
3615 * @return Array of internal group names
3616 */
3617 public static function getAllGroups() {
3618 global $wgGroupPermissions, $wgRevokePermissions;
3619 return array_diff(
3620 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3621 self::getImplicitGroups()
3622 );
3623 }
3624
3625 /**
3626 * Get a list of all available permissions.
3627 * @return Array of permission names
3628 */
3629 public static function getAllRights() {
3630 if ( self::$mAllRights === false ) {
3631 global $wgAvailableRights;
3632 if ( count( $wgAvailableRights ) ) {
3633 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3634 } else {
3635 self::$mAllRights = self::$mCoreRights;
3636 }
3637 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3638 }
3639 return self::$mAllRights;
3640 }
3641
3642 /**
3643 * Get a list of implicit groups
3644 * @return Array of Strings Array of internal group names
3645 */
3646 public static function getImplicitGroups() {
3647 global $wgImplicitGroups;
3648 $groups = $wgImplicitGroups;
3649 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3650 return $groups;
3651 }
3652
3653 /**
3654 * Get the title of a page describing a particular group
3655 *
3656 * @param $group String Internal group name
3657 * @return Title|Bool Title of the page if it exists, false otherwise
3658 */
3659 public static function getGroupPage( $group ) {
3660 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
3661 if( $msg->exists() ) {
3662 $title = Title::newFromText( $msg->text() );
3663 if( is_object( $title ) )
3664 return $title;
3665 }
3666 return false;
3667 }
3668
3669 /**
3670 * Create a link to the group in HTML, if available;
3671 * else return the group name.
3672 *
3673 * @param $group String Internal name of the group
3674 * @param $text String The text of the link
3675 * @return String HTML link to the group
3676 */
3677 public static function makeGroupLinkHTML( $group, $text = '' ) {
3678 if( $text == '' ) {
3679 $text = self::getGroupName( $group );
3680 }
3681 $title = self::getGroupPage( $group );
3682 if( $title ) {
3683 return Linker::link( $title, htmlspecialchars( $text ) );
3684 } else {
3685 return $text;
3686 }
3687 }
3688
3689 /**
3690 * Create a link to the group in Wikitext, if available;
3691 * else return the group name.
3692 *
3693 * @param $group String Internal name of the group
3694 * @param $text String The text of the link
3695 * @return String Wikilink to the group
3696 */
3697 public static function makeGroupLinkWiki( $group, $text = '' ) {
3698 if( $text == '' ) {
3699 $text = self::getGroupName( $group );
3700 }
3701 $title = self::getGroupPage( $group );
3702 if( $title ) {
3703 $page = $title->getPrefixedText();
3704 return "[[$page|$text]]";
3705 } else {
3706 return $text;
3707 }
3708 }
3709
3710 /**
3711 * Returns an array of the groups that a particular group can add/remove.
3712 *
3713 * @param $group String: the group to check for whether it can add/remove
3714 * @return Array array( 'add' => array( addablegroups ),
3715 * 'remove' => array( removablegroups ),
3716 * 'add-self' => array( addablegroups to self),
3717 * 'remove-self' => array( removable groups from self) )
3718 */
3719 public static function changeableByGroup( $group ) {
3720 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3721
3722 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3723 if( empty( $wgAddGroups[$group] ) ) {
3724 // Don't add anything to $groups
3725 } elseif( $wgAddGroups[$group] === true ) {
3726 // You get everything
3727 $groups['add'] = self::getAllGroups();
3728 } elseif( is_array( $wgAddGroups[$group] ) ) {
3729 $groups['add'] = $wgAddGroups[$group];
3730 }
3731
3732 // Same thing for remove
3733 if( empty( $wgRemoveGroups[$group] ) ) {
3734 } elseif( $wgRemoveGroups[$group] === true ) {
3735 $groups['remove'] = self::getAllGroups();
3736 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3737 $groups['remove'] = $wgRemoveGroups[$group];
3738 }
3739
3740 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3741 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3742 foreach( $wgGroupsAddToSelf as $key => $value ) {
3743 if( is_int( $key ) ) {
3744 $wgGroupsAddToSelf['user'][] = $value;
3745 }
3746 }
3747 }
3748
3749 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3750 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3751 if( is_int( $key ) ) {
3752 $wgGroupsRemoveFromSelf['user'][] = $value;
3753 }
3754 }
3755 }
3756
3757 // Now figure out what groups the user can add to him/herself
3758 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3759 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3760 // No idea WHY this would be used, but it's there
3761 $groups['add-self'] = User::getAllGroups();
3762 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3763 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3764 }
3765
3766 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3767 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3768 $groups['remove-self'] = User::getAllGroups();
3769 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3770 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3771 }
3772
3773 return $groups;
3774 }
3775
3776 /**
3777 * Returns an array of groups that this user can add and remove
3778 * @return Array array( 'add' => array( addablegroups ),
3779 * 'remove' => array( removablegroups ),
3780 * 'add-self' => array( addablegroups to self),
3781 * 'remove-self' => array( removable groups from self) )
3782 */
3783 public function changeableGroups() {
3784 if( $this->isAllowed( 'userrights' ) ) {
3785 // This group gives the right to modify everything (reverse-
3786 // compatibility with old "userrights lets you change
3787 // everything")
3788 // Using array_merge to make the groups reindexed
3789 $all = array_merge( User::getAllGroups() );
3790 return array(
3791 'add' => $all,
3792 'remove' => $all,
3793 'add-self' => array(),
3794 'remove-self' => array()
3795 );
3796 }
3797
3798 // Okay, it's not so simple, we will have to go through the arrays
3799 $groups = array(
3800 'add' => array(),
3801 'remove' => array(),
3802 'add-self' => array(),
3803 'remove-self' => array()
3804 );
3805 $addergroups = $this->getEffectiveGroups();
3806
3807 foreach( $addergroups as $addergroup ) {
3808 $groups = array_merge_recursive(
3809 $groups, $this->changeableByGroup( $addergroup )
3810 );
3811 $groups['add'] = array_unique( $groups['add'] );
3812 $groups['remove'] = array_unique( $groups['remove'] );
3813 $groups['add-self'] = array_unique( $groups['add-self'] );
3814 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3815 }
3816 return $groups;
3817 }
3818
3819 /**
3820 * Increment the user's edit-count field.
3821 * Will have no effect for anonymous users.
3822 */
3823 public function incEditCount() {
3824 if( !$this->isAnon() ) {
3825 $dbw = wfGetDB( DB_MASTER );
3826 $dbw->update( 'user',
3827 array( 'user_editcount=user_editcount+1' ),
3828 array( 'user_id' => $this->getId() ),
3829 __METHOD__ );
3830
3831 // Lazy initialization check...
3832 if( $dbw->affectedRows() == 0 ) {
3833 // Pull from a slave to be less cruel to servers
3834 // Accuracy isn't the point anyway here
3835 $dbr = wfGetDB( DB_SLAVE );
3836 $count = $dbr->selectField( 'revision',
3837 'COUNT(rev_user)',
3838 array( 'rev_user' => $this->getId() ),
3839 __METHOD__ );
3840
3841 // Now here's a goddamn hack...
3842 if( $dbr !== $dbw ) {
3843 // If we actually have a slave server, the count is
3844 // at least one behind because the current transaction
3845 // has not been committed and replicated.
3846 $count++;
3847 } else {
3848 // But if DB_SLAVE is selecting the master, then the
3849 // count we just read includes the revision that was
3850 // just added in the working transaction.
3851 }
3852
3853 $dbw->update( 'user',
3854 array( 'user_editcount' => $count ),
3855 array( 'user_id' => $this->getId() ),
3856 __METHOD__ );
3857 }
3858 }
3859 // edit count in user cache too
3860 $this->invalidateCache();
3861 }
3862
3863 /**
3864 * Get the description of a given right
3865 *
3866 * @param $right String Right to query
3867 * @return String Localized description of the right
3868 */
3869 public static function getRightDescription( $right ) {
3870 $key = "right-$right";
3871 $msg = wfMessage( $key );
3872 return $msg->isBlank() ? $right : $msg->text();
3873 }
3874
3875 /**
3876 * Make an old-style password hash
3877 *
3878 * @param $password String Plain-text password
3879 * @param $userId String User ID
3880 * @return String Password hash
3881 */
3882 public static function oldCrypt( $password, $userId ) {
3883 global $wgPasswordSalt;
3884 if ( $wgPasswordSalt ) {
3885 return md5( $userId . '-' . md5( $password ) );
3886 } else {
3887 return md5( $password );
3888 }
3889 }
3890
3891 /**
3892 * Make a new-style password hash
3893 *
3894 * @param $password String Plain-text password
3895 * @param bool|string $salt Optional salt, may be random or the user ID.
3896
3897 * If unspecified or false, will generate one automatically
3898 * @return String Password hash
3899 */
3900 public static function crypt( $password, $salt = false ) {
3901 global $wgPasswordSalt;
3902
3903 $hash = '';
3904 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3905 return $hash;
3906 }
3907
3908 if( $wgPasswordSalt ) {
3909 if ( $salt === false ) {
3910 $salt = substr( wfGenerateToken(), 0, 8 );
3911 }
3912 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3913 } else {
3914 return ':A:' . md5( $password );
3915 }
3916 }
3917
3918 /**
3919 * Compare a password hash with a plain-text password. Requires the user
3920 * ID if there's a chance that the hash is an old-style hash.
3921 *
3922 * @param $hash String Password hash
3923 * @param $password String Plain-text password to compare
3924 * @param $userId String|bool User ID for old-style password salt
3925 *
3926 * @return Boolean
3927 */
3928 public static function comparePasswords( $hash, $password, $userId = false ) {
3929 $type = substr( $hash, 0, 3 );
3930
3931 $result = false;
3932 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3933 return $result;
3934 }
3935
3936 if ( $type == ':A:' ) {
3937 # Unsalted
3938 return md5( $password ) === substr( $hash, 3 );
3939 } elseif ( $type == ':B:' ) {
3940 # Salted
3941 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3942 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3943 } else {
3944 # Old-style
3945 return self::oldCrypt( $password, $userId ) === $hash;
3946 }
3947 }
3948
3949 /**
3950 * Add a newuser log entry for this user
3951 *
3952 * @param $byEmail Boolean: account made by email?
3953 * @param $reason String: user supplied reason
3954 *
3955 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
3956 */
3957 public function addNewUserLogEntry( $byEmail = false, $reason = '' ) {
3958 global $wgUser, $wgContLang, $wgNewUserLog;
3959 if( empty( $wgNewUserLog ) ) {
3960 return true; // disabled
3961 }
3962
3963 if( $this->getName() == $wgUser->getName() ) {
3964 $action = 'create';
3965 } else {
3966 $action = 'create2';
3967 if ( $byEmail ) {
3968 if ( $reason === '' ) {
3969 $reason = wfMsgForContent( 'newuserlog-byemail' );
3970 } else {
3971 $reason = $wgContLang->commaList( array(
3972 $reason, wfMsgForContent( 'newuserlog-byemail' ) ) );
3973 }
3974 }
3975 }
3976 $log = new LogPage( 'newusers' );
3977 return (int)$log->addEntry(
3978 $action,
3979 $this->getUserPage(),
3980 $reason,
3981 array( $this->getId() )
3982 );
3983 }
3984
3985 /**
3986 * Add an autocreate newuser log entry for this user
3987 * Used by things like CentralAuth and perhaps other authplugins.
3988 *
3989 * @return true
3990 */
3991 public function addNewUserLogEntryAutoCreate() {
3992 global $wgNewUserLog;
3993 if( !$wgNewUserLog ) {
3994 return true; // disabled
3995 }
3996 $log = new LogPage( 'newusers', false );
3997 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3998 return true;
3999 }
4000
4001 /**
4002 * @todo document
4003 */
4004 protected function loadOptions() {
4005 $this->load();
4006 if ( $this->mOptionsLoaded || !$this->getId() )
4007 return;
4008
4009 $this->mOptions = self::getDefaultOptions();
4010
4011 // Maybe load from the object
4012 if ( !is_null( $this->mOptionOverrides ) ) {
4013 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
4014 foreach( $this->mOptionOverrides as $key => $value ) {
4015 $this->mOptions[$key] = $value;
4016 }
4017 } else {
4018 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
4019 // Load from database
4020 $dbr = wfGetDB( DB_SLAVE );
4021
4022 $res = $dbr->select(
4023 'user_properties',
4024 '*',
4025 array( 'up_user' => $this->getId() ),
4026 __METHOD__
4027 );
4028
4029 foreach ( $res as $row ) {
4030 $this->mOptionOverrides[$row->up_property] = $row->up_value;
4031 $this->mOptions[$row->up_property] = $row->up_value;
4032 }
4033 }
4034
4035 $this->mOptionsLoaded = true;
4036
4037 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
4038 }
4039
4040 /**
4041 * @todo document
4042 */
4043 protected function saveOptions() {
4044 global $wgAllowPrefChange;
4045
4046 $extuser = ExternalUser::newFromUser( $this );
4047
4048 $this->loadOptions();
4049 $dbw = wfGetDB( DB_MASTER );
4050
4051 $insert_rows = array();
4052
4053 $saveOptions = $this->mOptions;
4054
4055 // Allow hooks to abort, for instance to save to a global profile.
4056 // Reset options to default state before saving.
4057 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4058 return;
4059 }
4060
4061 foreach( $saveOptions as $key => $value ) {
4062 # Don't bother storing default values
4063 if ( ( is_null( self::getDefaultOption( $key ) ) &&
4064 !( $value === false || is_null($value) ) ) ||
4065 $value != self::getDefaultOption( $key ) ) {
4066 $insert_rows[] = array(
4067 'up_user' => $this->getId(),
4068 'up_property' => $key,
4069 'up_value' => $value,
4070 );
4071 }
4072 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
4073 switch ( $wgAllowPrefChange[$key] ) {
4074 case 'local':
4075 case 'message':
4076 break;
4077 case 'semiglobal':
4078 case 'global':
4079 $extuser->setPref( $key, $value );
4080 }
4081 }
4082 }
4083
4084 $dbw->begin();
4085 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
4086 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
4087 $dbw->commit();
4088 }
4089
4090 /**
4091 * Provide an array of HTML5 attributes to put on an input element
4092 * intended for the user to enter a new password. This may include
4093 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4094 *
4095 * Do *not* use this when asking the user to enter his current password!
4096 * Regardless of configuration, users may have invalid passwords for whatever
4097 * reason (e.g., they were set before requirements were tightened up).
4098 * Only use it when asking for a new password, like on account creation or
4099 * ResetPass.
4100 *
4101 * Obviously, you still need to do server-side checking.
4102 *
4103 * NOTE: A combination of bugs in various browsers means that this function
4104 * actually just returns array() unconditionally at the moment. May as
4105 * well keep it around for when the browser bugs get fixed, though.
4106 *
4107 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4108 *
4109 * @return array Array of HTML attributes suitable for feeding to
4110 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4111 * That will potentially output invalid XHTML 1.0 Transitional, and will
4112 * get confused by the boolean attribute syntax used.)
4113 */
4114 public static function passwordChangeInputAttribs() {
4115 global $wgMinimalPasswordLength;
4116
4117 if ( $wgMinimalPasswordLength == 0 ) {
4118 return array();
4119 }
4120
4121 # Note that the pattern requirement will always be satisfied if the
4122 # input is empty, so we need required in all cases.
4123 #
4124 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4125 # if e-mail confirmation is being used. Since HTML5 input validation
4126 # is b0rked anyway in some browsers, just return nothing. When it's
4127 # re-enabled, fix this code to not output required for e-mail
4128 # registration.
4129 #$ret = array( 'required' );
4130 $ret = array();
4131
4132 # We can't actually do this right now, because Opera 9.6 will print out
4133 # the entered password visibly in its error message! When other
4134 # browsers add support for this attribute, or Opera fixes its support,
4135 # we can add support with a version check to avoid doing this on Opera
4136 # versions where it will be a problem. Reported to Opera as
4137 # DSK-262266, but they don't have a public bug tracker for us to follow.
4138 /*
4139 if ( $wgMinimalPasswordLength > 1 ) {
4140 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4141 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
4142 $wgMinimalPasswordLength );
4143 }
4144 */
4145
4146 return $ret;
4147 }
4148 }
MediaWiki Core