search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
URL-escape the main page link on the logo
[mediawiki.git] / includes / User.php
blob0b527370b80b34fba6a2a9a4a68b038d0522cce8
1 <?
2 # See user.doc
3
4 class User {
5 /* private */ var $mId, $mName, $mPassword, $mEmail, $mNewtalk;
6 /* private */ var $mRights, $mOptions;
7 /* private */ var $mDataLoaded, $mNewpassword;
8 /* private */ var $mSkin;
9 /* private */ var $mBlockedby, $mBlockreason;
10 /* private */ var $mTouched;
11 /* private */ var $mCookiePassword;
12
13 function User()
14 {
15 $this->loadDefaults();
16 }
17
18 # Static factory method
19 #
20 function newFromName( $name )
21 {
22 $u = new User();
23
24 # Clean up name according to title rules
25
26 $t = Title::newFromText( $name );
27 $u->setName( $t->getText() );
28 return $u;
29 }
30
31 /* static */ function whoIs( $id )
32 {
33 return wfGetSQL( "user", "user_name", "user_id=$id" );
34 }
35
36 /* static */ function idFromName( $name )
37 {
38 $nt = Title::newFromText( $name );
39 $sql = "SELECT user_id FROM user WHERE user_name='" .
40 wfStrencode( $nt->getText() ) . "'";
41 $res = wfQuery( $sql, "User::idFromName" );
42
43 if ( 0 == wfNumRows( $res ) ) { return 0; }
44 else {
45 $s = wfFetchObject( $res );
46 return $s->user_id;
47 }
48 }
49
50 # does the string match an anonymous user IP address?
51 /* static */ function isIP( $name ) {
52 return preg_match("/^\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3}$/",$name);
53
54 }
55
56 /* static */ function randomPassword()
57 {
58 $pwchars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz";
59 $l = strlen( $pwchars ) - 1;
60
61 wfSeedRandom();
62 $np = $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
63 $pwchars{mt_rand( 0, $l )} . chr( mt_rand(48, 57) ) .
64 $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
65 $pwchars{mt_rand( 0, $l )};
66 return $np;
67 }
68
69 function loadDefaults()
70 {
71 global $wgLang ;
72 global $wgNamespacesToBeSearchedDefault;
73
74 $this->mId = $this->mNewtalk = 0;
75 $this->mName = getenv( "REMOTE_ADDR" );
76 $this->mEmail = "";
77 $this->mPassword = $this->mNewpassword = "";
78 $this->mRights = array();
79 $defOpt = $wgLang->getDefaultUserOptions() ;
80 foreach ( $defOpt as $oname => $val ) {
81 $this->mOptions[$oname] = $val;
82 }
83 foreach ($wgNamespacesToBeSearchedDefault as $nsnum => $val) {
84 $this->mOptions["searchNs".$nsnum] = $val;
85 }
86 unset( $this->mSkin );
87 $this->mDataLoaded = false;
88 $this->mBlockedby = -1; # Unset
89 $this->mTouched = '0'; # Allow any pages to be cached
90 $this->cookiePassword = "";
91 }
92
93 /* private */ function getBlockedStatus()
94 {
95 if ( -1 != $this->mBlockedby ) { return; }
96
97 $ban = new Ban();
98 if ( $ban->load( getenv( "REMOTE_ADDR" ), $this->mId ) ) {
99 $this->mBlockedby = 0;
100 return;
101 }
102
103 $this->mBlockedby = $ban->by;
104 $this->mBlockreason = $ban->reason;
105 }
106
107 function isBlocked()
108 {
109 $this->getBlockedStatus();
110 if ( 0 == $this->mBlockedby ) { return false; }
111 return true;
112 }
113
114 function blockedBy() {
115 $this->getBlockedStatus();
116 return $this->mBlockedby;
117 }
118
119 function blockedFor() {
120 $this->getBlockedStatus();
121 return $this->mBlockreason;
122 }
123
124 /* static */ function loadFromSession()
125 {
126 global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
127 global $wgMemc, $wgDBname;
128
129 if ( isset( $wsUserID ) ) {
130 if ( 0 != $wsUserID ) {
131 $sId = $wsUserID;
132 } else {
133 return new User();
134 }
135 } else if ( isset( $HTTP_COOKIE_VARS["wcUserID"] ) ) {
136 $sId = $HTTP_COOKIE_VARS["wcUserID"];
137 $wsUserID = $sId;
138 } else {
139 return new User();
140 }
141 if ( isset( $wsUserName ) ) {
142 $sName = $wsUserName;
143 } else if ( isset( $HTTP_COOKIE_VARS["wcUserName"] ) ) {
144 $sName = $HTTP_COOKIE_VARS["wcUserName"];
145 $wsUserName = $sName;
146 } else {
147 return new User();
148 }
149
150 $passwordCorrect = FALSE;
151 $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
152 if($makenew = !$user) {
153 wfDebug( "User::loadFromSession() unable to load from memcached\n" );
154 $user = new User();
155 $user->mId = $sId;
156 $user->loadFromDatabase();
157 } else {
158 wfDebug( "User::loadFromSession() got from cache!\n" );
159 }
160
161 if ( isset( $wsUserPassword ) ) {
162 $passwordCorrect = $wsUserPassword == $user->mPassword;
163 } else if ( isset( $HTTP_COOKIE_VARS["wcUserPassword"] ) ) {
164 $user->mCookiePassword = $HTTP_COOKIE_VARS["wcUserPassword"];
165 $wsUserPassword = $user->addSalt( $user->mCookiePassword );
166 $passwordCorrect = $wsUserPassword == $user->mPassword;
167 } else {
168 return new User(); # Can't log in from session
169 }
170
171 if ( ( $sName == $user->mName ) && $passwordCorrect ) {
172 if($makenew) {
173 if($wgMemc->set( $key, $user ))
174 wfDebug( "User::loadFromSession() successfully saved user\n" );
175 else
176 wfDebug( "User::loadFromSession() unable to save to memcached\n" );
177 }
178 $user->spreadBlock();
179 return $user;
180 }
181 return new User(); # Can't log in from session
182 }
183
184 function loadFromDatabase()
185 {
186 if ( $this->mDataLoaded ) { return; }
187 # check in separate table if there are changes to the talk page
188 $this->mNewtalk=0; # reset talk page status
189 if($this->mId) {
190 $sql = "SELECT 1 FROM user_newtalk WHERE user_id={$this->mId}";
191 $res = wfQuery ($sql, "User::loadFromDatabase" );
192
193 if (wfNumRows($res)>0) {
194 $this->mNewtalk= 1;
195 }
196 wfFreeResult( $res );
197 } else {
198 global $wgDBname, $wgMemc;
199 $key = "$wgDBname:newtalk:ip:{$this->mName}";
200 $newtalk = $wgMemc->get( $key );
201 if($newtalk === false) {
202 $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'";
203 $res = wfQuery ($sql, "User::loadFromDatabase" );
204
205 $this->mNewtalk = (wfNumRows($res)>0) ? 1 : 0;
206 wfFreeResult( $res );
207
208 $wgMemc->set( $key, $this->mNewtalk, time() ); // + 1800 );
209 } else {
210 $this->mNewtalk = $newtalk ? 1 : 0;
211 }
212 }
213 if(!$this->mId) {
214 $this->mDataLoaded = true;
215 return;
216 } # the following stuff is for non-anonymous users only
217
218 $sql = "SELECT user_name,user_password,user_newpassword,user_email," .
219 "user_options,user_rights,user_touched FROM user WHERE user_id=" .
220 "{$this->mId}";
221 $res = wfQuery( $sql, "User::loadFromDatabase" );
222
223 if ( wfNumRows( $res ) > 0 ) {
224 $s = wfFetchObject( $res );
225 $this->mName = $s->user_name;
226 $this->mEmail = $s->user_email;
227 $this->mPassword = $s->user_password;
228 $this->mNewpassword = $s->user_newpassword;
229 $this->decodeOptions( $s->user_options );
230 $this->mRights = explode( ",", strtolower( $s->user_rights ) );
231 $this->mTouched = $s->user_touched;
232 }
233
234 wfFreeResult( $res );
235 $this->mDataLoaded = true;
236 }
237
238 function getID() { return $this->mId; }
239 function setID( $v ) {
240 $this->mId = $v;
241 $this->mDataLoaded = false;
242 }
243
244 function getName() {
245 $this->loadFromDatabase();
246 return $this->mName;
247 }
248
249 function setName( $str )
250 {
251 $this->loadFromDatabase();
252 $this->mName = $str;
253 }
254
255 function getNewtalk()
256 {
257 $this->loadFromDatabase();
258 return ( 0 != $this->mNewtalk );
259 }
260
261 function setNewtalk( $val )
262 {
263 $this->loadFromDatabase();
264 $this->mNewtalk = $val;
265 $this->invalidateCache();
266 }
267
268 function invalidateCache() {
269 $this->loadFromDatabase();
270 $this->mTouched = wfTimestampNow();
271 # Don't forget to save the options after this or
272 # it won't take effect!
273 }
274
275 function validateCache( $timestamp ) {
276 $this->loadFromDatabase();
277 return ($timestamp >= $this->mTouched);
278 }
279
280 function getPassword()
281 {
282 $this->loadFromDatabase();
283 return $this->mPassword;
284 }
285
286 function getNewpassword()
287 {
288 $this->loadFromDatabase();
289 return $this->mNewpassword;
290 }
291
292 function addSalt( $p )
293 {
294 global $wgPasswordSalt;
295 if($wgPasswordSalt)
296 return md5( "{$this->mId}-{$p}" );
297 else
298 return $p;
299 }
300
301 function encryptPassword( $p )
302 {
303 return $this->addSalt( md5( $p ) );
304 }
305
306 function setPassword( $str )
307 {
308 $this->loadFromDatabase();
309 $this->setCookiePassword( $str );
310 $this->mPassword = $this->encryptPassword( $str );
311 $this->mNewpassword = "";
312 }
313
314 function setCookiePassword( $str )
315 {
316 $this->loadFromDatabase();
317 $this->mCookiePassword = md5( $str );
318 }
319
320 function setNewpassword( $str )
321 {
322 $this->loadFromDatabase();
323 $this->mNewpassword = $this->encryptPassword( $str );
324 }
325
326 function getEmail()
327 {
328 $this->loadFromDatabase();
329 return $this->mEmail;
330 }
331
332 function setEmail( $str )
333 {
334 $this->loadFromDatabase();
335 $this->mEmail = $str;
336 }
337
338 function getOption( $oname )
339 {
340 $this->loadFromDatabase();
341 if ( array_key_exists( $oname, $this->mOptions ) ) {
342 return $this->mOptions[$oname];
343 } else {
344 return "";
345 }
346 }
347
348 function setOption( $oname, $val )
349 {
350 $this->loadFromDatabase();
351 $this->mOptions[$oname] = $val;
352 $this->invalidateCache();
353 }
354
355 function getRights()
356 {
357 $this->loadFromDatabase();
358 return $this->mRights;
359 }
360
361 function addRight( $rname )
362 {
363 $this->loadFromDatabase();
364 array_push( $this->mRights, $rname );
365 $this->invalidateCache();
366 }
367
368 function isSysop()
369 {
370 $this->loadFromDatabase();
371 if ( 0 == $this->mId ) { return false; }
372
373 return in_array( "sysop", $this->mRights );
374 }
375
376 function isDeveloper()
377 {
378 $this->loadFromDatabase();
379 if ( 0 == $this->mId ) { return false; }
380
381 return in_array( "developer", $this->mRights );
382 }
383
384 function isBot()
385 {
386 $this->loadFromDatabase();
387 if ( 0 == $this->mId ) { return false; }
388
389 return in_array( "bot", $this->mRights );
390 }
391
392 function &getSkin()
393 {
394 if ( ! isset( $this->mSkin ) ) {
395 $skinNames = Skin::getSkinNames();
396 $s = $this->getOption( "skin" );
397 if ( "" == $s ) { $s = 0; }
398
399 if ( $s >= count( $skinNames ) ) { $sn = "SkinStandard"; }
400 else $sn = "Skin" . $skinNames[$s];
401 $this->mSkin = new $sn;
402 }
403 return $this->mSkin;
404 }
405
406 function isWatched( $title )
407 {
408 # Note - $title should be a Title _object_
409 # Pages and their talk pages are considered equivalent for watching;
410 # remember that talk namespaces are numbered as page namespace+1.
411 if( $this->mId ) {
412 $sql = "SELECT 1 FROM watchlist
413 WHERE wl_user={$this->mId} AND
414 wl_namespace = " . ($title->getNamespace() & ~1) . " AND
415 wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
416 $res = wfQuery( $sql );
417 return (wfNumRows( $res ) > 0);
418 } else {
419 return false;
420 }
421 }
422
423 function addWatch( $title )
424 {
425 if( $this->mId ) {
426 # REPLACE instead of INSERT because occasionally someone
427 # accidentally reloads a watch-add operation.
428 $sql = "REPLACE INTO watchlist (wl_user, wl_namespace,wl_title)
429 VALUES ({$this->mId}," . (($title->getNamespace() | 1) - 1) .
430 ",'" . wfStrencode( $title->getDBkey() ) . "')";
431 wfQuery( $sql );
432 $this->invalidateCache();
433 }
434 }
435
436 function removeWatch( $title )
437 {
438 if( $this->mId ) {
439 $sql = "DELETE FROM watchlist WHERE wl_user={$this->mId} AND
440 wl_namespace=" . (($title->getNamespace() | 1) - 1) .
441 " AND wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
442 wfQuery( $sql );
443 $this->invalidateCache();
444 }
445 }
446
447
448 /* private */ function encodeOptions()
449 {
450 $a = array();
451 foreach ( $this->mOptions as $oname => $oval ) {
452 array_push( $a, "{$oname}={$oval}" );
453 }
454 $s = implode( "\n", $a );
455 return wfStrencode( $s );
456 }
457
458 /* private */ function decodeOptions( $str )
459 {
460 $a = explode( "\n", $str );
461 foreach ( $a as $s ) {
462 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
463 $this->mOptions[$m[1]] = $m[2];
464 }
465 }
466 }
467
468 function setCookies()
469 {
470 global $wsUserID, $wsUserName, $wsUserPassword;
471 global $wgCookieExpiration;
472 if ( 0 == $this->mId ) return;
473 $this->loadFromDatabase();
474 $exp = time() + $wgCookieExpiration;
475
476 $wsUserID = $this->mId;
477 setcookie( "wcUserID", $this->mId, $exp, "/" );
478
479 $wsUserName = $this->mName;
480 setcookie( "wcUserName", $this->mName, $exp, "/" );
481
482 $wsUserPassword = $this->mPassword;
483 if ( 1 == $this->getOption( "rememberpassword" ) ) {
484 setcookie( "wcUserPassword", $this->mCookiePassword, $exp, "/" );
485 } else {
486 setcookie( "wcUserPassword", "", time() - 3600 );
487 }
488 }
489
490 function logout()
491 {
492 global $wsUserID;
493 $this->mId = 0;
494
495 $wsUserID = 0;
496
497 setcookie( "wcUserID", "", time() - 3600 );
498 setcookie( "wcUserPassword", "", time() - 3600 );
499 }
500
501 function saveSettings()
502 {
503 global $wgMemc, $wgDBname;
504
505 if ( ! $this->mNewtalk ) {
506 if( $this->mId ) {
507 $sql="DELETE FROM user_newtalk WHERE user_id={$this->mId}";
508 wfQuery ($sql,"User::saveSettings");
509 } else {
510 $sql="DELETE FROM user_newtalk WHERE user_ip='{$this->mName}'";
511 wfQuery ($sql,"User::saveSettings");
512 $wgMemc->delete( "$wgDBname:newtalk:ip:{$this->mName}" );
513 }
514 }
515 if ( 0 == $this->mId ) { return; }
516
517 $sql = "UPDATE user SET " .
518 "user_name= '" . wfStrencode( $this->mName ) . "', " .
519 "user_password= '" . wfStrencode( $this->mPassword ) . "', " .
520 "user_newpassword= '" . wfStrencode( $this->mNewpassword ) . "', " .
521 "user_email= '" . wfStrencode( $this->mEmail ) . "', " .
522 "user_options= '" . $this->encodeOptions() . "', " .
523 "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', " .
524 "user_touched= '" . wfStrencode( $this->mTouched ) .
525 "' WHERE user_id={$this->mId}";
526 wfQuery( $sql, "User::saveSettings" );
527 #$wgMemc->replace( "$wgDBname:user:id:$this->mId", $this );
528 $wgMemc->delete( "$wgDBname:user:id:$this->mId" );
529 }
530
531 # Checks if a user with the given name exists
532 #
533 function idForName()
534 {
535 $gotid = 0;
536 $s = trim( $this->mName );
537 if ( 0 == strcmp( "", $s ) ) return 0;
538
539 $sql = "SELECT user_id FROM user WHERE user_name='" .
540 wfStrencode( $s ) . "'";
541 $res = wfQuery( $sql, "User::idForName" );
542 if ( 0 == wfNumRows( $res ) ) { return 0; }
543
544 $s = wfFetchObject( $res );
545 if ( "" == $s ) return 0;
546
547 $gotid = $s->user_id;
548 wfFreeResult( $res );
549 return $gotid;
550 }
551
552 function addToDatabase()
553 {
554 $sql = "INSERT INTO user (user_name,user_password,user_newpassword," .
555 "user_email, user_rights, user_options) " .
556 " VALUES ('" . wfStrencode( $this->mName ) . "', '" .
557 wfStrencode( $this->mPassword ) . "', '" .
558 wfStrencode( $this->mNewpassword ) . "', '" .
559 wfStrencode( $this->mEmail ) . "', '" .
560 wfStrencode( implode( ",", $this->mRights ) ) . "', '" .
561 $this->encodeOptions() . "')";
562 wfQuery( $sql, "User::addToDatabase" );
563 $this->mId = $this->idForName();
564 }
565
566 function spreadBlock()
567 {
568 # If the (non-anonymous) user is blocked, this function will block any IP address
569 # that they successfully log on from.
570 $fname = "User::spreadBlock";
571
572 wfDebug( "User:spreadBlock()\n" );
573 if ( $this->mId == 0 ) {
574 return;
575 }
576
577 $userblock = Block::newFromDB( "", $this->mId );
578 if ( !$userblock->isValid() ) {
579 return;
580 }
581
582 # Check if this IP address is already blocked
583 $addr = getenv( "REMOTE_ADDR" );
584 $ipblock = Block::newFromDB( $addr );
585 if ( $ipblock->isValid() ) {
586 # Just update the timestamp
587 $ipblock->updateTimestamp();
588 return;
589 }
590
591 # Make a new ban object with the desired properties
592 wfDebug( "Autoblocking {$this->mUserName}@{$addr}\n" );
593 $ipblock->mAddress = $addr;
594 $ipblock->mUser = 0;
595 $ipblock->mBy = $userblock->mBy;
596 $ipblock->mReason = str_replace( "$1", $this->getName(), wfMsg( "autoblocker" ) );
597 $ipblock->mReason = str_replace( "$2", $userblock->mReason, $ipblock->mReason );
598 $ipblock->mTimestamp = wfTimestampNow();
599
600 # Insert it
601 $ipblock->insert();
602
603 }
604 }
605
606 ?>
MediaWiki Core